Files
certd/packages/libs/lib-server/src/basic/base-controller.ts
T

131 lines
3.4 KiB
TypeScript

import { ApplicationContext, Inject } from "@midwayjs/core";
import type { IMidwayContainer } from "@midwayjs/core";
import * as koa from "@midwayjs/koa";
import { Constants } from "./constants.js";
import { isEnterprise } from "./mode.js";
export abstract class BaseController {
@Inject()
ctx: koa.Context;
@ApplicationContext()
applicationContext: IMidwayContainer;
/**
* 成功返回
* @param data 返回数据
*/
ok(data?: any) {
const res = {
...Constants.res.success,
data: undefined,
};
if (data) {
res.data = data;
}
return res;
}
/**
* 失败返回
* @param msg
* @param code
*/
fail(msg: string, code?: any) {
return {
code: code ? code : Constants.res.error.code,
message: msg ? msg : Constants.res.error.code,
};
}
getUserId() {
const userId = this.ctx.user?.id;
if (userId == null) {
throw new Error("Token已过期");
}
return userId;
}
getLoginUser() {
const user = this.ctx.user;
if (user == null) {
throw new Error("Token已过期");
}
return user;
}
isAdmin() {
const roleIds: number[] = this.ctx?.user?.roles;
if (roleIds?.includes(1)) {
return true;
}
}
async getProjectId(permission: string) {
if (!isEnterprise()) {
return undefined;
}
let projectIdStr = this.ctx.headers["project-id"] as string;
if (!projectIdStr) {
projectIdStr = this.ctx.request.query["projectId"] as string;
}
if (!projectIdStr) {
//这里必须抛异常,否则可能会有权限问题
throw new Error("projectId 不能为空");
}
const userId = this.getUserId();
const projectId = parseInt(projectIdStr);
await this.checkProjectPermission(userId, projectId, permission);
return projectId;
}
async getProjectUserId(permission: string) {
let userId = this.getUserId();
const projectId = await this.getProjectId(permission);
if (projectId) {
userId = -1; // 企业管理模式下,用户id固定-1
}
return {
projectId,
userId,
};
}
async getProjectUserIdRead() {
return await this.getProjectUserId("read");
}
async getProjectUserIdWrite() {
return await this.getProjectUserId("write");
}
async getProjectUserIdAdmin() {
return await this.getProjectUserId("admin");
}
async checkProjectPermission(userId: number, projectId: number, permission: string) {
const projectService: any = await this.applicationContext.getAsync("projectService");
await projectService.checkPermission({ userId, projectId, permission });
}
/**
*
* @param service 检查记录是否属于某用户或某项目
* @param id
*/
async checkOwner(service: any, id: number, permission: string, allowAdmin: boolean = false) {
const { projectId, userId } = await this.getProjectUserId(permission);
const authService: any = await this.applicationContext.getAsync("authService");
if (projectId) {
await authService.checkProjectId(service, id, projectId);
} else {
if (userId === Constants.systemUserId) {
//系统级别,不检查权限
} else {
if (allowAdmin) {
await authService.checkUserIdButAllowAdmin(this.ctx, service, id);
} else {
await authService.checkUserId(service, id, userId);
}
}
}
return { projectId, userId };
}
}