修改权限验证模块

3 years ago · fcbcf745a6
11 changed files with 529 additions and 9 deletions
--- a/api/version1/jurisdiction/jurisdictionpc/systemrole.go
+++ b/api/version1/jurisdiction/jurisdictionpc/systemrole.go
@ -1,9 +1,13 @@
 package jurisdictionpc

 import (
+	"fmt"
+	"key_performance_indicators/models/modelshr"
 	"key_performance_indicators/models/modelssystempermission"
 	"key_performance_indicators/overall"
 	"key_performance_indicators/overall/publicmethod"
+	"strconv"
+	"strings"
 	"time"

 	"github.com/gin-gonic/gin"
@ -217,3 +221,224 @@ func (a *ApiMethod) EditSystemRoleState(c *gin.Context) {
 	}
 	publicmethod.Result(0, err, c)
 }
+
+/*
+*
+@ 作者: 秦东
+@ 时间: 2022-11-16 08:02:47
+@ 功能: 角色相关人员
+@ 参数
+
+	#id               角色ID
+	#name             姓名或工号
+
+@ 返回值
+
+	#
+*/
+func (a *ApiMethod) RoleAboutPeopleList(c *gin.Context) {
+	var receivedValue SystemRoleAboutPeopleList
+	c.ShouldBindJSON(&receivedValue)
+	if receivedValue.Page == 0 {
+		receivedValue.Page = 1
+	}
+	if receivedValue.PageSize == 0 {
+		receivedValue.PageSize = 20
+	}
+	if receivedValue.Id == "" {
+		publicmethod.Result(1, nil, c, "未知角色")
+		return
+	}
+
+	gormDb := overall.CONSTANT_DB_HR.Model(&modelshr.PersonArchives{}).Select("`id`,`number`,`name`,`icon`,`company`,`maindeparment`,`admin_org`,`position`,`job_id`,`key`,`wechat`,`work_wechat`").Where("`state` = 1 AND FIND_IN_SET(?,`role`)", receivedValue.Id)
+	if receivedValue.Name != "" {
+		gormDb = gormDb.Where("`name` LIKE ? OR `number` LIKE ?", "%"+receivedValue.Name+"%", "%"+receivedValue.Name+"%")
+	}
+	var total int64
+	totalErr := gormDb.Count(&total).Error
+	if totalErr != nil {
+		total = 0
+	}
+	gormDb = publicmethod.PageTurningSettings(gormDb, receivedValue.Page, receivedValue.PageSize)
+	var RoleManList []modelshr.PersonArchives
+	err := gormDb.Find(&RoleManList).Error
+
+	if err != nil {
+		publicmethod.Result(105, err, c)
+		return
+	}
+	if len(RoleManList) < 1 {
+		publicmethod.Result(105, RoleManList, c)
+		return
+	}
+	var sendData []SendSystemRoleAboutPeopleList
+	for _, v := range RoleManList {
+		var sendDataInfo SendSystemRoleAboutPeopleList
+		sendDataInfo.Id = strconv.FormatInt(v.Id, 10)
+		sendDataInfo.Number = v.Number
+		sendDataInfo.Name = v.Name
+		sendDataInfo.Company = strconv.FormatInt(v.Company, 10)
+		var comInfo modelshr.AdministrativeOrganization
+		comInfo.GetCont(map[string]interface{}{"`id`": v.Company}, "`name`")
+		sendDataInfo.CompanyName = comInfo.Name
+		sendDataInfo.Department = strconv.FormatInt(v.MainDeparment, 10)
+		var deparInfo modelshr.AdministrativeOrganization
+		deparInfo.GetCont(map[string]interface{}{"`id`": v.MainDeparment}, "`name`")
+		sendDataInfo.DepartmentName = deparInfo.Name
+		sendDataInfo.OrgId = strconv.FormatInt(v.AdminOrg, 10)
+		var orderInfo modelshr.AdministrativeOrganization
+		orderInfo.GetCont(map[string]interface{}{"`id`": v.AdminOrg}, "`name`")
+		sendDataInfo.OrgName = orderInfo.Name
+		sendDataInfo.DutiesId = strconv.FormatInt(v.Position, 10)
+		var postCont modelshr.Position
+		postCont.GetCont(map[string]interface{}{"`id`": v.Position}, "`name`")
+		sendDataInfo.DutiesName = postCont.Name
+		sendDataInfo.Wechat = v.Wechat
+		if v.WorkWechat != "" {
+			sendDataInfo.Wechat = v.WorkWechat
+		}
+		sendDataInfo.Key = strconv.FormatInt(v.Key, 10)
+		if v.MainDeparment != v.AdminOrg {
+			sendDataInfo.DepartMentTitle = fmt.Sprintf("%v/%v/%v", comInfo.Name, deparInfo.Name, orderInfo.Name)
+		} else {
+			sendDataInfo.DepartMentTitle = fmt.Sprintf("%v/%v", comInfo.Name, deparInfo.Name)
+		}
+
+		sendData = append(sendData, sendDataInfo)
+	}
+	publicmethod.ResultList(0, receivedValue.Page, receivedValue.PageSize, total, int64(len(sendData)), sendData, c)
+}
+
+/*
+*
+@ 作者: 秦东
+@ 时间: 2022-11-16 11:53:58
+@ 功能: 批量删除角色关联人员
+@ 参数
+
+	#
+
+@ 返回值
+
+	#
+*/
+func (a *ApiMethod) BatchDeletToRoleAboutMan(c *gin.Context) {
+	var receivedValue BatchDeletAllRoleMan
+	err := c.ShouldBindJSON(&receivedValue)
+	if err != nil {
+		publicmethod.Result(100, err, c)
+		return
+	}
+	if receivedValue.Id == "" {
+		publicmethod.Result(101, receivedValue, c)
+		return
+	}
+	if len(receivedValue.ManKey) < 1 {
+		publicmethod.Result(101, receivedValue, c)
+		return
+	}
+	var manList []modelshr.PersonArchives
+	err = overall.CONSTANT_DB_HR.Model(&modelshr.PersonArchives{}).Select("`id`,`role`").Where("`key` IN ?", receivedValue.ManKey).Find(&manList).Error
+	if err != nil {
+		publicmethod.Result(107, err, c)
+		return
+	}
+	if len(manList) < 1 {
+		publicmethod.Result(107, manList, c)
+		return
+	}
+	for _, v := range manList {
+		syncSeting.Add(1)
+		go EditManRoleCont(receivedValue.Id, v)
+	}
+	syncSeting.Wait()
+	publicmethod.Result(0, nil, c)
+}
+
+// 编辑批量删除角色人员信息处理
+func EditManRoleCont(roleId string, manCont modelshr.PersonArchives) {
+	defer syncSeting.Done()
+	roleList := strings.Split(manCont.Role, ",")
+	if publicmethod.IsInTrue[string](roleId, roleList) == true {
+		var editRoleList []string
+		for i := 0; i < len(roleList); i++ {
+			if roleList[i] != roleId {
+				editRoleList = append(editRoleList, roleList[i])
+			}
+		}
+		saveData := publicmethod.MapOut[string]()
+		if len(editRoleList) > 0 {
+			saveData["`role`"] = strings.Join(editRoleList, ",")
+		} else {
+			saveData["`role`"] = ""
+		}
+		saveData["`eite_time`"] = time.Now().Unix()
+		manCont.EiteCont(map[string]interface{}{"`id`": manCont.Id}, saveData)
+	}
+}
+
+/*
+*
+@ 作者: 秦东
+@ 时间: 2022-11-19 08:30:26
+@ 功能: 添加角色使用人员
+@ 参数
+
+	#
+
+@ 返回值
+
+	#
+*/
+func (a *ApiMethod) AddRoleUser(c *gin.Context) {
+	var receivedValue ReceiveRoleAndPeople
+	c.ShouldBindJSON(&receivedValue)
+	if receivedValue.RoleId == "" {
+		publicmethod.Result(1, nil, c, "未知角色1")
+		return
+	}
+	if len(receivedValue.PeopleList) < 1 {
+		publicmethod.Result(1, nil, c, "请选择关联人员2")
+		return
+	}
+	var roleCont modelssystempermission.SystemRole
+	err := roleCont.GetCont(map[string]interface{}{"`id`": receivedValue.RoleId}, "`id`")
+	if err != nil {
+		publicmethod.Result(1, nil, c, "角色不存在")
+		return
+	}
+	var peopleId []string
+	for _, v := range receivedValue.PeopleList {
+		if v.IsMan == 2 && publicmethod.IsInTrue[string](v.Id, peopleId) == false {
+			peopleId = append(peopleId, v.Id)
+		}
+	}
+	if len(peopleId) < 1 {
+		publicmethod.Result(0, receivedValue.PeopleList, c, "数据处理完成！3")
+		return
+	}
+	var manList []modelshr.PersonArchives
+	err = overall.CONSTANT_DB_HR.Model(&modelshr.PersonArchives{}).Select("`key`,`role`").Where("`key` IN ?", peopleId).Find(&manList).Error
+	if err != nil || len(manList) < 1 {
+		publicmethod.Result(107, nil, c, "数据处理失败！4")
+		return
+	}
+	for _, m := range manList {
+		saveData := publicmethod.MapOut[string]()
+		if m.Role == "" {
+			saveData["`role`"] = receivedValue.RoleId
+		} else {
+			oldRoleList := strings.Split(m.Role, ",")
+			if publicmethod.IsInTrue[string](receivedValue.RoleId, oldRoleList) == false {
+				oldRoleList = append(oldRoleList, receivedValue.RoleId)
+				saveData["`role`"] = strings.Join(oldRoleList, ",")
+			}
+		}
+		if len(saveData) > 0 {
+			saveData["`eite_time`"] = time.Now().Unix()
+			var saveCont modelshr.PersonArchives
+			saveCont.EiteCont(map[string]interface{}{"`key`": m.Key}, saveData)
+		}
+	}
+	publicmethod.Result(0, nil, c)
+}
--- a/api/version1/jurisdiction/jurisdictionpc/type.go
+++ b/api/version1/jurisdiction/jurisdictionpc/type.go
@ -137,3 +137,49 @@ type editRolePowerStructNew struct {
 	Level      int                       `json:"level"`      //授权范围等级（1：本岗位；2：本部门；3：本分部；4：指定行政组织；5：所有）
 	PowerList  []publicmethod.PowerThree `json:"power"`      //权限列表
 }
+
+// 角色相关使用人列表
+type SystemRoleAboutPeopleList struct {
+	publicmethod.PagesTurn
+	publicmethod.PublicId
+	publicmethod.PublicName
+}
+
+// 角色相关使用人列表输出
+type SendSystemRoleAboutPeopleList struct {
+	publicmethod.PostPeople
+	Key             string `json:"key"`             //员工Key
+	DepartMentTitle string `json:"departmenttitle"` //部门
+}
+
+// 批量删除角色相关人员
+type BatchDeletAllRoleMan struct {
+	publicmethod.PublicId          //角色ID
+	ManKey                []string `json:"mankey"` //要处理的人
+}
+
+// 接收要角色要添加的人员信息
+type ReceiveRoleAndPeople struct {
+	RoleId     string              `json:"roleid"`     //角色ID
+	PeopleList []OrgAndPeopleSmail `json:"peoplelist"` //人员列表
+}
+
+type OrgAndPeopleSmail struct {
+	Id    string `json:"id"`    //行政组织Id或人员Key
+	IsMan int    `json:"isman"` //是部门还是个人（1：行政组织；2：人员）
+}
+
+// 接收行政组织加人员主体
+type OrgAndPeople struct {
+	Id       string `json:"id"`       //行政组织Id或人员Key
+	Name     string `json:"name"`     //行政组织名称或人员名称
+	Number   string `json:"number"`   //行政组织编号或人员编号
+	Icon     string `json:"icon"`     //行政组织头像或人员头像
+	ParentId string `json:"parentId"` //上级
+	OrgId    string `json:"orgId"`    //所属行政组织
+	IsMan    int    `json:"isman"`    //是部门还是个人（1：行政组织；2：人员）
+	Sort     int    `json:"sort"`     //排序
+	Identify int    `json:"identify"` //身份识别
+	AllName  string `json:"all_name"` //全部名
+	// Child    []OrgAndPeople `json:"child"`    //子栏目
+}
--- a/apirouter/apishiyan/maptostruct.go
+++ b/apirouter/apishiyan/maptostruct.go
@ -21,6 +21,6 @@ func (a *ApiRouter) RouterGroup(router *gin.RouterGroup) {
 		apiRouter.POST("setuphrsystem", methodBinding.SetUpHrSystem) //设置HR系统对接账号和密码

 		apiRouter.POST("cang_chu_three", methodBinding.CangChuThree) //实验仓储数据读取
-
+		apiRouter.GET("cang_chu_three", methodBinding.CangChuThree)  //实验仓储数据读取
 	}
 }
--- a/apirouter/v1/systempower/pc.go
+++ b/apirouter/v1/systempower/pc.go
@ -32,5 +32,9 @@ func (a *ApiRouter) RouterGroupPc(router *gin.RouterGroup) {
 		apiRouter.POST("edit_system_role", methodBinding.EditSystemRole)            //系统角色编辑
 		apiRouter.POST("system_role_list", methodBinding.SystemRoleList)            //系统角色列表
 		apiRouter.POST("edit_system_role_state", methodBinding.EditSystemRoleState) //系统角色状态
+		apiRouter.POST("role_about_people_list", methodBinding.RoleAboutPeopleList) //角色相关人员
+		apiRouter.POST("batch_del_roleman", methodBinding.BatchDeletToRoleAboutMan) //批量删除角色关联人员
+		apiRouter.POST("add_role_user", methodBinding.AddRoleUser)                  //添加角色关联人员
+
 	}
 }
--- a/config/configDatabase/database.go
+++ b/config/configDatabase/database.go
@ -2,6 +2,7 @@ package configDatabase

 import (
 	"fmt"
+	"time"

 	"gorm.io/driver/mysql"
 	"gorm.io/gorm"
@ -68,6 +69,7 @@ func (m *MasterMysqlSetUp) OpenSql() *gorm.DB {
 			sqlDb, _ := opDb.DB()
 			sqlDb.SetMaxIdleConns(m.MaxIdleConns)
 			sqlDb.SetMaxOpenConns(m.MaxOpenConns)
+			sqlDb.SetConnMaxLifetime(5 * time.Minute)
 			return opDb
 		}
 	} else {
@ -77,6 +79,7 @@ func (m *MasterMysqlSetUp) OpenSql() *gorm.DB {
 			sqlDb, _ := opDb.DB()
 			sqlDb.SetMaxIdleConns(m.MaxIdleConns)
 			sqlDb.SetMaxOpenConns(m.MaxOpenConns)
+			sqlDb.SetConnMaxLifetime(5 * time.Minute)
 			return opDb
 		}
 	}
--- a/identification/interceptor/identity.go
+++ b/identification/interceptor/identity.go
@ -114,10 +114,13 @@ func AuthenticateUser() gin.HandlerFunc {
 		redisClient.HashMsetAdd(redisMyContKey, myContRedis)

 		//获取授权信息
-		powerCont, powerErr := publicmethod.GetPostOfUsEmpowerCont(myCont.AdminOrg, myCont.Position, "kpi")
+		// powerCont, powerErr := publicmethod.GetPostOfUsEmpowerCont(myCont.AdminOrg, myCont.Position, "kpi")
+		// c.Set(overall.MyContJwtPower, powerCont)
+		// fmt.Printf("redisMyContKey------Login----->%v----->%v\n", powerErr, powerCont)
+		//获取权限
+		var powerCont EmpowerCont
+		powerCont.RoleName, powerCont.PointId, powerCont.Operation, powerCont.Level = publicmethod.GetNewAccredit("kpi", myCont.Role, myCont.Key, myCont.AdminOrg, myCont.Position)
 		c.Set(overall.MyContJwtPower, powerCont)
-		fmt.Printf("redisMyContKey------Login----->%v----->%v\n", powerErr, powerCont)
-
 		c.Next()
 	}
 }
--- a/identification/interceptor/type.go
+++ b/identification/interceptor/type.go
@ -6,3 +6,11 @@ type ValidatorToken struct {
 	UserKey  string `json:"userkey"`  //用户名
 	PassWord string `json:"password"` //密码
 }
+
+//权限相关
+type EmpowerCont struct {
+	RoleName  string `json:"roleName"`
+	PointId   string `json:"pointid"`
+	Operation string `json:"operation"`
+	Level     int    `json:"level"`
+}
--- a/models/modelssystempermission/systemrole_empower.go
+++ b/models/modelssystempermission/systemrole_empower.go
@ -0,0 +1,65 @@
+package modelssystempermission
+
+import (
+	"key_performance_indicators/overall"
+	"strings"
+)
+
+// 角色权限视图
+type SystemroleEmpower struct {
+	Id        int64  `json:"id" gorm:"primaryKey;column:id;type:bigint(20) unsigned;not null;comment:Id;index"`
+	RoleId    int64  `json:"roleid" gorm:"column:role_id;type:bigint(20) unsigned;default:0;not null;comment:行政组织"`
+	System    string `json:"system" gorm:"column:system;type:varchar(255) ;comment:系统"`
+	PointId   string `json:"pointid" gorm:"column:point_id;type:longtext;comment:权限点位"`
+	Operation string `json:"operation" gorm:"column:operation;type:longtext;comment:操作点位"`
+	State     int    `json:"state" gorm:"column:state;type:tinyint(1) unsigned;default:1;not null;comment:状态（1：启用；2：禁用；3：删除）"`
+	Level     int    `json:"level" gorm:"column:level;type:int(1) unsigned;default:1;not null;comment:授权范围等级（1：本部门；2：本分部；3：所有）"`
+	Time      int64  `json:"time" gorm:"column:time;type:bigint(20) unsigned;default:0;not null;comment:创建时间"`
+	Name      string `json:"name" gorm:"column:name;type:varchar(255) ;comment:系统名称"`
+	Sort      int    `json:"sort" gorm:"column:sort;type:int(5) unsigned;default:50;not null;comment:排序"`
+}
+
+func (SystemroleEmpower *SystemroleEmpower) TableName() string {
+	return "systemrole_empower"
+}
+
+// 编辑内容
+func (cont *SystemroleEmpower) EiteCont(whereMap interface{}, saveData interface{}) (err error) {
+	err = overall.CONSTANT_DB_System_Permission.Model(&cont).Where(whereMap).Updates(saveData).Error
+	return
+}
+
+// 获取内容
+func (cont *SystemroleEmpower) GetCont(whereMap interface{}, field ...string) (err error) {
+	gormDb := overall.CONSTANT_DB_System_Permission.Model(&cont)
+	if len(field) > 0 {
+		fieldStr := strings.Join(field, ",")
+		gormDb = gormDb.Select(fieldStr)
+	}
+	gormDb = gormDb.Where(whereMap)
+	err = gormDb.First(&cont).Error
+	return
+}
+
+// 根据条件获取总数
+func (cont *SystemroleEmpower) CountCont(whereMap interface{}) (countId int64) {
+	overall.CONSTANT_DB_System_Permission.Model(&cont).Where(whereMap).Count(&countId)
+	return
+}
+
+// 读取全部信息
+func (cont *SystemroleEmpower) ContMap(whereMap interface{}, field ...string) (countAry []SystemroleEmpower, err error) {
+	gormDb := overall.CONSTANT_DB_System_Permission.Model(&cont)
+	if len(field) > 0 {
+		fieldStr := strings.Join(field, ",")
+		gormDb = gormDb.Select(fieldStr)
+	}
+	err = gormDb.Where(whereMap).Find(&countAry).Error
+	return
+}
+
+// 删除内容
+func (cont *SystemroleEmpower) DelCont(whereMap interface{}) (err error) {
+	err = overall.CONSTANT_DB_System_Permission.Where(whereMap).Delete(&cont).Error
+	return
+}
--- a/overall/publicmethod/formatOutput.go
+++ b/overall/publicmethod/formatOutput.go
@ -9,6 +9,7 @@ import (
 	"key_performance_indicators/models/modelshr"
 	"key_performance_indicators/overall"
 	"net/http"
+	"strings"

 	"github.com/gin-gonic/gin"
 )
@ -72,13 +73,15 @@ func LoginMyCont(c *gin.Context) (myCont AuthenticationPower, err error) {
 		err = jsonUnErr
 		return
 	}
-	var powerInfo SystemPowerInfo
+	// var powerInfo SystemPowerInfo
+	var powerInfo EmpowerCont
 	if exiPower == true {
 		jsonPowerCont, _ := json.Marshal(contextPower)
 		json.Unmarshal(jsonPowerCont, &powerInfo)
 		fmt.Printf("LoginMyCont--------->%v--------->%v\n", powerInfo, string(jsonPowerCont))
 	}
-
+	PointIdList := strings.Split(powerInfo.PointId, ",")
+	OrganizationList := strings.Split(powerInfo.Operation, ",")
 	myCont.Id = myContInfo.Id
 	myCont.Number = myContInfo.Number                       //员工工号"`
 	myCont.Name = myContInfo.Name                           //姓名"`
@ -131,8 +134,8 @@ func LoginMyCont(c *gin.Context) (myCont AuthenticationPower, err error) {
 	myCont.Planformaldate = myContInfo.Planformaldate       //预计转正日期"`
 	myCont.PoliticalOutlook = myContInfo.PoliticalOutlook   //政治面貌(1：群众；2：无党派；3：台盟会员；4：九三社员；5：致公党员；6：农工党员；7：民进会员；8：民建会员；9：民盟盟员；10：民革会员，11：共青团员；12：预备党员；13：中共党员)"`
 	myCont.Level = powerInfo.Level
-	myCont.PointIdList = powerInfo.PointIdList
-	myCont.OrganizationList = powerInfo.OrganizationList
+	myCont.PointIdList = PointIdList
+	myCont.OrganizationList = OrganizationList
 	return
 }

--- a/overall/publicmethod/technique.go
+++ b/overall/publicmethod/technique.go
@ -1126,7 +1126,25 @@ func GetPeopleInPostList(userKey, ordId, postId int64) (peopleList []PostPeople)
 	return
 }

-// 获取岗位权限信息
+/*
+*
+@ 作者: 秦东
+@ 时间: 2022-11-19 15:01:33
+@ 功能: 获取岗位权限信息
+@ 参数
+
+	#orgId         行政组织
+	#postId			岗位
+	#systemName     系统
+
+@ 返回值
+
+	#
+
+@ 方法原型
+
+	#
+*/
 func GetPostOfUsEmpowerCont(orgId, postId int64, systemName string) (sysPowerCont SystemPowerInfo, err error) {

 	redisFileKey := fmt.Sprintf("Licence:LoginApi_%v_%v_%v", systemName, orgId, postId)
@ -1191,6 +1209,143 @@ func GetPostOfUsEmpowerCont(orgId, postId int64, systemName string) (sysPowerCon
 	return
 }

+/*
+*
+@ 作者: 秦东
+@ 时间: 2022-11-19 15:03:42
+@ 功能: 获取系统授权
+@ 参数
+
+	#roleId				角色ID
+	#systemName          系统名称
+	#userKey			人员识别码
+	#orgId               行政组织
+	#postId              岗位
+
+@ 返回值
+
+	#roleName            角色名称
+	#pointId             菜单权限
+	#operation           操作权限
+	#level               操作等级
+
+@ 方法原型
+
+	#GetNewAccredit(systemName, roleId string, orgId, postId int64) (roleName, pointId, operation string, level int)
+*/
+func GetNewAccredit(systemName, roleId string, userKey, orgId, postId int64) (roleName, pointId, operation string, level int) {
+
+	redisFileKey := fmt.Sprintf("Licence:PowerLoginApi_%v_%v_%v_%v", systemName, userKey, orgId, postId)
+	redisClient := grocerystore.RunRedis(overall.CONSTANT_REDIS3)
+	userRedisToken, isTrue := redisClient.HashGetAll(redisFileKey)
+	if isTrue == false {
+
+		var pointIdAry []string
+		var operationAry []string
+		if roleId != "" {
+			roleIdAry := strings.Split(roleId, ",")
+			var roleCont []modelssystempermission.SystemRole
+			if len(roleIdAry) > 0 {
+				//获取角色名称
+				err := overall.CONSTANT_DB_System_Permission.Model(&modelssystempermission.SystemRole{}).Select("`name`").Where("`id` IN ?", roleCont).Find(&roleCont).Error
+				if err == nil && len(roleCont) > 0 {
+					var roleNameAry []string
+					for _, rnv := range roleCont {
+						if IsInTrue[string](rnv.Name, roleNameAry) == false {
+							roleNameAry = append(roleNameAry, rnv.Name)
+						}
+					}
+					roleName = strings.Join(roleNameAry, "|")
+				}
+				//获取配置的所有角色权限
+				var roleEmpowerCont []modelssystempermission.RoleEmpower
+				err = overall.CONSTANT_DB_System_Permission.Model(&modelssystempermission.RoleEmpower{}).Select("`point_id`,`operation`,`level`").Where("`system` = ? AND `role_id` IN ?", systemName, roleCont).Find(&roleEmpowerCont).Error
+				if err == nil && len(roleEmpowerCont) > 0 {
+					for _, rev := range roleEmpowerCont {
+						menuList := strings.Split(rev.PointId, ",")
+						for _, mv := range menuList { //菜单权限
+							if IsInTrue[string](mv, pointIdAry) == false {
+								pointIdAry = append(pointIdAry, mv)
+							}
+						}
+						operList := strings.Split(rev.Operation, ",")
+						for _, ov := range operList { //操作权限
+							if IsInTrue[string](ov, operationAry) == false {
+								operationAry = append(operationAry, ov)
+							}
+						}
+						if level < rev.Level {
+							level = rev.Level //等级
+						}
+					}
+				}
+			}
+
+		}
+
+		//获取行政组织授权
+		if orgId > 0 && postId > 0 {
+			var orgEmpowerCont modelssystempermission.Empower
+			orgEmpowerCont.GetCont(map[string]interface{}{"`ordid`": orgId, "`post_id`": postId, "`system`": systemName}, "`point_id`", "`operation`", "`level`")
+			if len(pointIdAry) < 1 { //判断是否已经配过权限
+				pointIdAry = strings.Split(orgEmpowerCont.PointId, ",")
+			} else {
+				guoduPoin := strings.Split(orgEmpowerCont.PointId, ",")
+				for _, pv := range guoduPoin { //合并权限
+					if IsInTrue[string](pv, pointIdAry) == false {
+						pointIdAry = append(pointIdAry, pv)
+					}
+				}
+
+			}
+			if len(operationAry) < 1 { //判断是否已经配过权限
+				operationAry = strings.Split(orgEmpowerCont.Operation, ",")
+			} else {
+				guoduOper := strings.Split(orgEmpowerCont.Operation, ",")
+				for _, pv := range guoduOper { //合并权限
+					if IsInTrue[string](pv, operationAry) == false {
+						operationAry = append(operationAry, pv)
+					}
+				}
+
+			}
+			if level < orgEmpowerCont.Level {
+				level = orgEmpowerCont.Level
+			}
+		}
+		pointId = strings.Join(pointIdAry, ",")
+		operation = strings.Join(operationAry, ",")
+
+		var powerCont EmpowerCont
+		powerCont.RoleName = roleName
+		powerCont.PointId = pointId
+		powerCont.Operation = operation
+		powerCont.Level = level
+		//组转写入redis
+		myContRedis := MapOut[string]()
+		myContRedis["roleName"] = roleName
+		myContRedis["pointid"] = pointId
+		myContRedis["operation"] = operation
+		myContRedis["level"] = level
+		redisClient.SetRedisTime(10800)
+		redisClient.HashMsetAdd(redisFileKey, myContRedis)
+
+	} else {
+		roleName = userRedisToken["roleName"]
+		pointId = userRedisToken["pointid"]
+		operation = userRedisToken["operation"]
+		level, _ = strconv.Atoi(userRedisToken["level"])
+		//组转写入redis
+		writeRedisData := MapOut[string]()
+		for i, v := range userRedisToken {
+			writeRedisData[i] = v
+		}
+		redisClient.SetRedisTime(10800)
+		redisClient.HashMsetAdd(redisFileKey, writeRedisData)
+	}
+	return
+}
+
 // 步骤名称
 func GetSetpName(setId int) (setpName string) {
 	switch setId {
--- a/overall/publicmethod/type.go
+++ b/overall/publicmethod/type.go
@ -222,3 +222,11 @@ type CorrectiveMeasuresType struct {
 	// Enclosure []EnclosureFormat `json:"enclosure"` //附件
 	Enclosure []EnclosureFormat `json:"enclosure"` //附件
 }
+
+// 权限相关
+type EmpowerCont struct {
+	RoleName  string `json:"roleName"`
+	PointId   string `json:"pointid"`
+	Operation string `json:"operation"`
+	Level     int    `json:"level"`
+}