package logic import ( "fmt" "strings" "github.com/eryajf/go-ldap-admin/config" "github.com/eryajf/go-ldap-admin/model" "github.com/eryajf/go-ldap-admin/model/request" "github.com/eryajf/go-ldap-admin/model/response" "github.com/eryajf/go-ldap-admin/public/tools" "github.com/eryajf/go-ldap-admin/service/ildap" "github.com/eryajf/go-ldap-admin/service/isql" "github.com/gin-gonic/gin" ) type GroupLogic struct{} // Add 添加数据 func (l GroupLogic) Add(c *gin.Context, req interface{}) (data interface{}, rspError interface{}) { r, ok := req.(*request.GroupAddReq) if !ok { return nil, ReqAssertErr } _ = c if isql.Group.Exist(tools.H{"group_name": r.GroupName}) { return nil, tools.NewValidatorError(fmt.Errorf("组名已存在")) } // 获取当前用户 ctxUser, err := isql.User.GetCurrentLoginUser(c) if err != nil { return nil, tools.NewMySqlError(fmt.Errorf("获取当前登陆用户信息失败")) } group := model.Group{ GroupType: r.GroupType, ParentId: r.ParentId, GroupName: r.GroupName, Remark: r.Remark, Creator: ctxUser.Username, Source: "platform", //默认是平台添加 } if r.ParentId == 0 { group.SourceDeptId = "platform_0" group.SourceDeptParentId = "platform_0" group.GroupDN = fmt.Sprintf("%s=%s,%s", r.GroupType, r.GroupName, config.Conf.Ldap.BaseDN) } else { parentGroup := new(model.Group) err := isql.Group.Find(tools.H{"id": r.ParentId}, parentGroup) if err != nil { return nil, tools.NewMySqlError(fmt.Errorf("获取父级组信息失败")) } group.SourceDeptId = "platform_0" group.SourceDeptParentId = fmt.Sprintf("%s_%d", parentGroup.Source, r.ParentId) group.GroupDN = fmt.Sprintf("%s=%s,%s", r.GroupType, r.GroupName, parentGroup.GroupDN) } // 先在ldap中创建组 err = ildap.Group.Add(&group) if err != nil { return nil, tools.NewLdapError(fmt.Errorf("向LDAP创建分组失败" + err.Error())) } // 然后在数据库中创建组 err = isql.Group.Add(&group) if err != nil { return nil, tools.NewLdapError(fmt.Errorf("向MySQL创建分组失败")) } // 默认创建分组之后,需要将admin添加到分组中 adminInfo := new(model.User) err = isql.User.Find(tools.H{"id": 1}, adminInfo) if err != nil { return nil, tools.NewMySqlError(err) } err = isql.Group.AddUserToGroup(&group, []model.User{*adminInfo}) if err != nil { return nil, tools.NewMySqlError(fmt.Errorf("添加用户到分组失败: %s", err.Error())) } return nil, nil } // List 数据列表 func (l GroupLogic) List(c *gin.Context, req interface{}) (data interface{}, rspError interface{}) { r, ok := req.(*request.GroupListReq) if !ok { return nil, ReqAssertErr } _ = c // 获取数据列表 groups, err := isql.Group.List(r) if err != nil { return nil, tools.NewMySqlError(fmt.Errorf("获取分组列表失败: %s", err.Error())) } rets := make([]model.Group, 0) for _, group := range groups { rets = append(rets, *group) } count, err := isql.Group.Count() if err != nil { return nil, tools.NewMySqlError(fmt.Errorf("获取分组总数失败")) } return response.GroupListRsp{ Total: count, Groups: rets, }, nil } // GetTree 数据树 func (l GroupLogic) GetTree(c *gin.Context, req interface{}) (data interface{}, rspError interface{}) { r, ok := req.(*request.GroupListReq) if !ok { return nil, ReqAssertErr } _ = c var groups []*model.Group groups, err := isql.Group.ListTree(r) if err != nil { return nil, tools.NewMySqlError(fmt.Errorf("获取资源列表失败: " + err.Error())) } tree := isql.GenGroupTree(0, groups) return tree, nil } // Update 更新数据 func (l GroupLogic) Update(c *gin.Context, req interface{}) (data interface{}, rspError interface{}) { r, ok := req.(*request.GroupUpdateReq) if !ok { return nil, ReqAssertErr } _ = c filter := tools.H{"id": int(r.ID)} if !isql.Group.Exist(filter) { return nil, tools.NewMySqlError(fmt.Errorf("分组不存在")) } // 获取当前登陆用户 ctxUser, err := isql.User.GetCurrentLoginUser(c) if err != nil { return nil, tools.NewMySqlError(fmt.Errorf("获取当前登陆用户失败")) } oldGroup := new(model.Group) err = isql.Group.Find(filter, oldGroup) if err != nil { return nil, tools.NewMySqlError(err) } newGroup := model.Group{ Model: oldGroup.Model, GroupName: r.GroupName, Remark: r.Remark, Creator: ctxUser.Username, GroupType: oldGroup.GroupType, } //若配置了不允许修改分组名称,则不更新分组名称 if !config.Conf.Ldap.GroupNameModify { newGroup.GroupName = oldGroup.GroupName } err = ildap.Group.Update(oldGroup, &newGroup) if err != nil { return nil, tools.NewLdapError(fmt.Errorf("向LDAP更新分组失败:" + err.Error())) } err = isql.Group.Update(&newGroup) if err != nil { return nil, tools.NewLdapError(fmt.Errorf("向MySQL更新分组失败")) } return nil, nil } // Delete 删除数据 func (l GroupLogic) Delete(c *gin.Context, req interface{}) (data interface{}, rspError interface{}) { r, ok := req.(*request.GroupDeleteReq) if !ok { return nil, ReqAssertErr } _ = c for _, id := range r.GroupIds { filter := tools.H{"id": int(id)} if !isql.Group.Exist(filter) { return nil, tools.NewMySqlError(fmt.Errorf("有分组不存在")) } } groups, err := isql.Group.GetGroupByIds(r.GroupIds) if err != nil { return nil, tools.NewMySqlError(fmt.Errorf("获取分组列表失败: %s", err.Error())) } for _, group := range groups { // 判断存在子分组,不允许删除 filter := tools.H{"parent_id": int(group.ID)} if isql.Group.Exist(filter) { return nil, tools.NewMySqlError(fmt.Errorf("存在子分组,请先删除子分组,再执行该分组的删除操作!")) } // 删除的时候先从ldap进行删除 err = ildap.Group.Delete(group.GroupDN) if err != nil { return nil, tools.NewLdapError(fmt.Errorf("向LDAP删除分组失败:" + err.Error())) } } // 从MySQL中删除 err = isql.Group.Delete(groups) if err != nil { return nil, tools.NewMySqlError(fmt.Errorf("删除接口失败: %s", err.Error())) } return nil, nil } // AddUser 添加用户到分组 func (l GroupLogic) AddUser(c *gin.Context, req interface{}) (data interface{}, rspError interface{}) { r, ok := req.(*request.GroupAddUserReq) if !ok { return nil, ReqAssertErr } _ = c filter := tools.H{"id": r.GroupID} if !isql.Group.Exist(filter) { return nil, tools.NewMySqlError(fmt.Errorf("分组不存在")) } users, err := isql.User.GetUserByIds(r.UserIds) if err != nil { return nil, tools.NewMySqlError(fmt.Errorf("获取用户列表失败: %s", err.Error())) } group := new(model.Group) err = isql.Group.Find(filter, group) if err != nil { return nil, tools.NewMySqlError(fmt.Errorf("获取分组失败: %s", err.Error())) } if group.GroupDN[:3] == "ou=" { return nil, tools.NewMySqlError(fmt.Errorf("ou类型的分组不能添加用户")) } // 先添加到MySQL err = isql.Group.AddUserToGroup(group, users) if err != nil { return nil, tools.NewMySqlError(fmt.Errorf("添加用户到分组失败: %s", err.Error())) } // 再往ldap添加 for _, user := range users { err = ildap.Group.AddUserToGroup(group.GroupDN, user.UserDN) if err != nil { return nil, tools.NewLdapError(fmt.Errorf("向LDAP添加用户到分组失败" + err.Error())) } } return nil, nil } // RemoveUser 移除用户 func (l GroupLogic) RemoveUser(c *gin.Context, req interface{}) (data interface{}, rspError interface{}) { r, ok := req.(*request.GroupRemoveUserReq) if !ok { return nil, ReqAssertErr } _ = c filter := tools.H{"id": r.GroupID} if !isql.Group.Exist(filter) { return nil, tools.NewMySqlError(fmt.Errorf("分组不存在")) } users, err := isql.User.GetUserByIds(r.UserIds) if err != nil { return nil, tools.NewMySqlError(fmt.Errorf("获取用户列表失败: %s", err.Error())) } group := new(model.Group) err = isql.Group.Find(filter, group) if err != nil { return nil, tools.NewMySqlError(fmt.Errorf("获取分组失败: %s", err.Error())) } if group.GroupDN[:3] == "ou=" { return nil, tools.NewMySqlError(fmt.Errorf("ou类型的分组内没有用户")) } // 先操作ldap for _, user := range users { err := ildap.Group.RemoveUserFromGroup(group.GroupDN, user.UserDN) if err != nil { return nil, tools.NewLdapError(fmt.Errorf("将用户从ldap移除失败" + err.Error())) } } // 再操作MySQL err = isql.Group.RemoveUserFromGroup(group, users) if err != nil { return nil, tools.NewMySqlError(fmt.Errorf("将用户从MySQL移除失败: %s", err.Error())) } return nil, nil } // UserInGroup 在分组内的用户 func (l GroupLogic) UserInGroup(c *gin.Context, req interface{}) (data interface{}, rspError interface{}) { r, ok := req.(*request.UserInGroupReq) if !ok { return nil, ReqAssertErr } _ = c filter := tools.H{"id": r.GroupID} if !isql.Group.Exist(filter) { return nil, tools.NewMySqlError(fmt.Errorf("分组不存在")) } group := new(model.Group) err := isql.Group.Find(filter, group) if err != nil { return nil, tools.NewMySqlError(fmt.Errorf("获取分组失败: %s", err.Error())) } rets := make([]response.Guser, 0) for _, user := range group.Users { if r.Nickname != "" && !strings.Contains(user.Nickname, r.Nickname) { continue } rets = append(rets, response.Guser{ UserId: int64(user.ID), UserName: user.Username, NickName: user.Nickname, Mail: user.Mail, JobNumber: user.JobNumber, Mobile: user.Mobile, Introduction: user.Introduction, }) } return response.GroupUsers{ GroupId: int64(group.ID), GroupName: group.GroupName, GroupRemark: group.Remark, UserList: rets, }, nil } // UserNoInGroup 不在分组内的用户 func (l GroupLogic) UserNoInGroup(c *gin.Context, req interface{}) (data interface{}, rspError interface{}) { r, ok := req.(*request.UserNoInGroupReq) if !ok { return nil, ReqAssertErr } _ = c filter := tools.H{"id": r.GroupID} if !isql.Group.Exist(filter) { return nil, tools.NewMySqlError(fmt.Errorf("分组不存在")) } group := new(model.Group) err := isql.Group.Find(filter, group) if err != nil { return nil, tools.NewMySqlError(fmt.Errorf("获取分组失败: %s", err.Error())) } var userList []*model.User userList, err = isql.User.ListAll() if err != nil { return nil, tools.NewMySqlError(fmt.Errorf("获取资源列表失败: " + err.Error())) } rets := make([]response.Guser, 0) for _, user := range userList { in := true for _, groupUser := range group.Users { if user.Username == groupUser.Username { in = false break } } if in { if r.Nickname != "" && !strings.Contains(user.Nickname, r.Nickname) { continue } rets = append(rets, response.Guser{ UserId: int64(user.ID), UserName: user.Username, NickName: user.Nickname, Mail: user.Mail, JobNumber: user.JobNumber, Mobile: user.Mobile, Introduction: user.Introduction, }) } } return response.GroupUsers{ GroupId: int64(group.ID), GroupName: group.GroupName, GroupRemark: group.Remark, UserList: rets, }, nil }