2026-07-05 01:14:48 +08:00
|
|
|
import { ApplicationContext, Inject } from "@midwayjs/core";
|
|
|
|
|
import type { IMidwayContainer } from "@midwayjs/core";
|
|
|
|
|
import * as koa from "@midwayjs/koa";
|
|
|
|
|
import { Constants } from "./constants.js";
|
|
|
|
|
import { isEnterprise } from "./mode.js";
|
2023-01-29 13:44:19 +08:00
|
|
|
|
|
|
|
|
export abstract class BaseController {
|
|
|
|
|
@Inject()
|
2024-10-03 22:03:49 +08:00
|
|
|
ctx: koa.Context;
|
2023-01-29 13:44:19 +08:00
|
|
|
|
2026-02-11 00:07:29 +08:00
|
|
|
@ApplicationContext()
|
|
|
|
|
applicationContext: IMidwayContainer;
|
|
|
|
|
|
2023-01-29 13:44:19 +08:00
|
|
|
/**
|
|
|
|
|
* 成功返回
|
|
|
|
|
* @param data 返回数据
|
|
|
|
|
*/
|
2024-08-05 12:49:44 +08:00
|
|
|
ok(data?: any) {
|
2023-01-29 13:44:19 +08:00
|
|
|
const res = {
|
|
|
|
|
...Constants.res.success,
|
|
|
|
|
data: undefined,
|
|
|
|
|
};
|
|
|
|
|
if (data) {
|
|
|
|
|
res.data = data;
|
|
|
|
|
}
|
|
|
|
|
return res;
|
|
|
|
|
}
|
|
|
|
|
/**
|
|
|
|
|
* 失败返回
|
2023-06-25 15:30:18 +08:00
|
|
|
* @param msg
|
|
|
|
|
* @param code
|
2023-01-29 13:44:19 +08:00
|
|
|
*/
|
2024-12-20 18:04:32 +08:00
|
|
|
fail(msg: string, code?: any) {
|
2023-01-29 13:44:19 +08:00
|
|
|
return {
|
|
|
|
|
code: code ? code : Constants.res.error.code,
|
2026-02-26 23:50:01 +08:00
|
|
|
message: msg ? msg : Constants.res.error.code,
|
2023-01-29 13:44:19 +08:00
|
|
|
};
|
|
|
|
|
}
|
2023-06-25 15:30:18 +08:00
|
|
|
|
|
|
|
|
getUserId() {
|
|
|
|
|
const userId = this.ctx.user?.id;
|
|
|
|
|
if (userId == null) {
|
2026-07-05 01:14:48 +08:00
|
|
|
throw new Error("Token已过期");
|
2023-06-25 15:30:18 +08:00
|
|
|
}
|
|
|
|
|
return userId;
|
|
|
|
|
}
|
2024-12-23 00:24:31 +08:00
|
|
|
|
|
|
|
|
getLoginUser() {
|
|
|
|
|
const user = this.ctx.user;
|
|
|
|
|
if (user == null) {
|
2026-07-05 01:14:48 +08:00
|
|
|
throw new Error("Token已过期");
|
2024-12-23 00:24:31 +08:00
|
|
|
}
|
|
|
|
|
return user;
|
|
|
|
|
}
|
2025-10-24 23:48:32 +08:00
|
|
|
|
|
|
|
|
isAdmin() {
|
|
|
|
|
const roleIds: number[] = this.ctx?.user?.roles;
|
|
|
|
|
if (roleIds?.includes(1)) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2026-07-05 01:14:48 +08:00
|
|
|
async getProjectId(permission: string) {
|
2026-02-11 00:07:29 +08:00
|
|
|
if (!isEnterprise()) {
|
2026-07-05 01:14:48 +08:00
|
|
|
return undefined;
|
2026-02-11 00:07:29 +08:00
|
|
|
}
|
2026-02-13 21:28:17 +08:00
|
|
|
let projectIdStr = this.ctx.headers["project-id"] as string;
|
2026-07-05 01:14:48 +08:00
|
|
|
if (!projectIdStr) {
|
2026-02-13 21:28:17 +08:00
|
|
|
projectIdStr = this.ctx.request.query["projectId"] as string;
|
|
|
|
|
}
|
2026-02-11 00:07:29 +08:00
|
|
|
if (!projectIdStr) {
|
2026-03-03 23:31:42 +08:00
|
|
|
//这里必须抛异常,否则可能会有权限问题
|
2026-07-05 01:14:48 +08:00
|
|
|
throw new Error("projectId 不能为空");
|
2026-02-11 00:07:29 +08:00
|
|
|
}
|
2026-07-05 01:14:48 +08:00
|
|
|
const userId = this.getUserId();
|
|
|
|
|
const projectId = parseInt(projectIdStr);
|
|
|
|
|
await this.checkProjectPermission(userId, projectId, permission);
|
2026-02-11 00:07:29 +08:00
|
|
|
return projectId;
|
|
|
|
|
}
|
|
|
|
|
|
2026-07-05 01:14:48 +08:00
|
|
|
async getProjectUserId(permission: string) {
|
|
|
|
|
let userId = this.getUserId();
|
|
|
|
|
const projectId = await this.getProjectId(permission);
|
|
|
|
|
if (projectId) {
|
|
|
|
|
userId = -1; // 企业管理模式下,用户id固定-1
|
2026-02-11 00:07:29 +08:00
|
|
|
}
|
|
|
|
|
return {
|
2026-07-05 01:14:48 +08:00
|
|
|
projectId,
|
|
|
|
|
userId,
|
|
|
|
|
};
|
2026-02-11 00:07:29 +08:00
|
|
|
}
|
2026-07-05 01:14:48 +08:00
|
|
|
async getProjectUserIdRead() {
|
|
|
|
|
return await this.getProjectUserId("read");
|
2026-02-11 00:54:56 +08:00
|
|
|
}
|
2026-07-05 01:14:48 +08:00
|
|
|
async getProjectUserIdWrite() {
|
|
|
|
|
return await this.getProjectUserId("write");
|
2026-02-11 00:54:56 +08:00
|
|
|
}
|
2026-07-05 01:14:48 +08:00
|
|
|
async getProjectUserIdAdmin() {
|
|
|
|
|
return await this.getProjectUserId("admin");
|
2026-02-11 00:54:56 +08:00
|
|
|
}
|
2026-02-11 00:07:29 +08:00
|
|
|
|
2026-07-05 01:14:48 +08:00
|
|
|
async checkProjectPermission(userId: number, projectId: number, permission: string) {
|
|
|
|
|
const projectService: any = await this.applicationContext.getAsync("projectService");
|
|
|
|
|
await projectService.checkPermission({ userId, projectId, permission });
|
2026-02-11 00:07:29 +08:00
|
|
|
}
|
|
|
|
|
|
2026-02-11 18:11:33 +08:00
|
|
|
/**
|
2026-07-05 01:14:48 +08:00
|
|
|
*
|
2026-02-11 18:11:33 +08:00
|
|
|
* @param service 检查记录是否属于某用户或某项目
|
2026-07-05 01:14:48 +08:00
|
|
|
* @param id
|
2026-02-11 18:11:33 +08:00
|
|
|
*/
|
2026-07-05 01:14:48 +08:00
|
|
|
async checkOwner(service: any, id: number, permission: string, allowAdmin: boolean = false) {
|
|
|
|
|
const { projectId, userId } = await this.getProjectUserId(permission);
|
|
|
|
|
const authService: any = await this.applicationContext.getAsync("authService");
|
2026-02-11 18:11:33 +08:00
|
|
|
if (projectId) {
|
2026-02-13 00:41:40 +08:00
|
|
|
await authService.checkProjectId(service, id, projectId);
|
2026-07-05 01:14:48 +08:00
|
|
|
} else {
|
|
|
|
|
if (userId === Constants.systemUserId) {
|
2026-03-13 19:39:27 +08:00
|
|
|
//系统级别,不检查权限
|
2026-07-05 01:14:48 +08:00
|
|
|
} else {
|
|
|
|
|
if (allowAdmin) {
|
2026-03-13 19:39:27 +08:00
|
|
|
await authService.checkUserIdButAllowAdmin(this.ctx, service, id);
|
2026-07-05 01:14:48 +08:00
|
|
|
} else {
|
|
|
|
|
await authService.checkUserId(service, id, userId);
|
2026-03-13 19:39:27 +08:00
|
|
|
}
|
2026-02-13 00:41:40 +08:00
|
|
|
}
|
2026-02-11 18:11:33 +08:00
|
|
|
}
|
2026-07-05 01:14:48 +08:00
|
|
|
return { projectId, userId };
|
2026-02-11 18:11:33 +08:00
|
|
|
}
|
2023-01-29 13:44:19 +08:00
|
|
|
}
|