diff --git a/README.md b/README.md index 0097629..75d77de 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,8 @@ ## TODO -增删改数据权限排查 +用户请求需要检查数据权限 + +管理页面查询统一加排序 后端默认用户名不能是完整手机号 diff --git a/scripts/sql/init.sql b/scripts/sql/init.sql index 97cb6bd..96b3240 100644 --- a/scripts/sql/init.sql +++ b/scripts/sql/init.sql @@ -433,6 +433,7 @@ create table permission ( parent_id int, name text not null, description text, + sort int, created_at timestamptz default current_timestamp, updated_at timestamptz default current_timestamp, deleted_at timestamptz @@ -447,6 +448,7 @@ comment on column permission.id is '权限ID'; comment on column permission.parent_id is '父权限ID'; comment on column permission.name is '权限名称'; comment on column permission.description is '权限描述'; +comment on column permission.sort is '排序'; comment on column permission.created_at is '创建时间'; comment on column permission.updated_at is '更新时间'; comment on column permission.deleted_at is '删除时间'; diff --git a/web/auth/check.go b/web/auth/check.go index 946af86..e1968a8 100644 --- a/web/auth/check.go +++ b/web/auth/check.go @@ -2,6 +2,7 @@ package auth import ( m "platform/web/models" + "strings" "github.com/gofiber/fiber/v2" ) @@ -12,7 +13,6 @@ type AuthCtx struct { Client *m.Client `json:"client,omitempty"` Scopes []string `json:"scopes,omitempty"` Session *m.Session `json:"session,omitempty"` - smap map[string]struct{} } func (a *AuthCtx) PermitUser(scopes ...string) (*AuthCtx, error) { @@ -68,15 +68,11 @@ func (a *AuthCtx) checkScopes(scopes ...string) bool { if len(scopes) == 0 || len(a.Scopes) == 0 { return true } - if len(a.smap) == 0 && len(a.Scopes) > 0 { - a.smap = make(map[string]struct{}, len(a.Scopes)) - for _, scope := range a.Scopes { - a.smap[scope] = struct{}{} - } - } for _, scope := range scopes { - if _, ok := a.smap[scope]; ok { - return true + for _, prefix := range a.Scopes { + if strings.HasPrefix(scope, prefix) { + return true + } } } return false diff --git a/web/core/model.go b/web/core/model.go index 7e68b5e..3f1fbfb 100644 --- a/web/core/model.go +++ b/web/core/model.go @@ -15,7 +15,7 @@ type Model struct { ID int32 `json:"id" gorm:"column:id;primaryKey"` CreatedAt time.Time `json:"created_at" gorm:"column:created_at"` UpdatedAt time.Time `json:"updated_at" gorm:"column:updated_at"` - DeletedAt gorm.DeletedAt `gorm:"column:deleted_at"` + DeletedAt gorm.DeletedAt `json:"-" gorm:"column:deleted_at"` } func (m *Model) GetID() int32 { diff --git a/web/core/scopes.go b/web/core/scopes.go index 36e807c..aabfeb7 100644 --- a/web/core/scopes.go +++ b/web/core/scopes.go @@ -1,30 +1,55 @@ package core const ( - ScopePermissionRead = string("permission:read") - ScopePermissionWrite = string("permission:write") + ScopePermission = string("permission") // 权限 + ScopePermissionRead = string("permission:read") // 读取权限列表 + ScopePermissionWrite = string("permission:write") // 写入权限 - ScopeAdminRoleRead = string("admin_role:read") - ScopeAdminRoleWrite = string("admin_role:write") + ScopeAdminRole = string("admin_role") // 管理员角色 + ScopeAdminRoleRead = string("admin_role:read") // 读取管理员角色列表 + ScopeAdminRoleWrite = string("admin_role:write") // 写入管理员角色 - ScopeAdminRead = string("admin:read") - ScopeAdminWrite = string("admin:write") + ScopeAdmin = string("admin") // 管理员 + ScopeAdminRead = string("admin:read") // 读取管理员列表 + ScopeAdminWrite = string("admin:write") // 写入管理员 - ScopeProductRead = string("product:read") - ScopeProductWrite = string("product:write") + ScopeProduct = string("product") // 产品 + ScopeProductRead = string("product:read") // 读取产品列表 + ScopeProductWrite = string("product:write") // 写入产品 - ScopeProductSkuRead = string("product_sku:read") - ScopeProductSkuWrite = string("product_sku:write") + ScopeProductSku = string("product_sku") // 产品套餐 + ScopeProductSkuRead = string("product_sku:read") // 读取产品套餐列表 + ScopeProductSkuWrite = string("product_sku:write") // 写入产品套餐 - ScopeProductDiscountRead = string("product_discount:read") - ScopeProductDiscountWrite = string("product_discount:write") + ScopeDiscount = string("discount") // 折扣 + ScopeDiscountRead = string("discount:read") // 读取折扣列表 + ScopeDiscountWrite = string("discount:write") // 写入折扣 - ScopeResourceRead = string("resource:read") - ScopeResourceWrite = string("resource:write") + ScopeResource = string("resource") // 用户套餐 + ScopeResourceRead = string("resource:read") // 读取用户套餐列表 + ScopeResourceWrite = string("resource:write") // 写入用户套餐 - ScopeUserRead = string("user:read") - ScopeUserWrite = string("user:write") + ScopeUser = string("user") // 用户 + ScopeUserRead = string("user:read") // 读取用户列表 + ScopeUserWrite = string("user:write") // 写入用户 - ScopeCouponRead = string("coupon:read") - ScopeCouponWrite = string("coupon:write") + ScopeCoupon = string("coupon") // 优惠券 + ScopeCouponRead = string("coupon:read") // 读取优惠券列表 + ScopeCouponWrite = string("coupon:write") // 写入优惠券 + + ScopeBatch = string("batch") // 批次 + ScopeBatchRead = string("batch:read") // 读取批次列表 + ScopeBatchWrite = string("batch:write") // 写入批次 + + ScopeChannel = string("channel") // IP + ScopeChannelRead = string("channel:read") // 读取 IP 列表 + ScopeChannelWrite = string("channel:write") // 写入 IP + + ScopeTrade = string("trade") // 交易 + ScopeTradeRead = string("trade:read") // 读取交易列表 + ScopeTradeWrite = string("trade:write") // 写入交易 + + ScopeBill = string("bill") // 账单 + ScopeBillRead = string("bill:read") // 读取账单列表 + ScopeBillWrite = string("bill:write") // 写入账单 ) diff --git a/web/handlers/admin.go b/web/handlers/admin.go index d99486a..3e11bba 100644 --- a/web/handlers/admin.go +++ b/web/handlers/admin.go @@ -9,7 +9,7 @@ import ( "github.com/gofiber/fiber/v2" ) -func PageAdminsByAdmin(c *fiber.Ctx) error { +func PageAdminByAdmin(c *fiber.Ctx) error { _, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeAdminRead) if err != nil { return err @@ -37,7 +37,7 @@ type PageAdminsReq struct { core.PageReq } -func ListAdminsByAdmin(c *fiber.Ctx) error { +func AllAdminByAdmin(c *fiber.Ctx) error { _, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeAdminRead) if err != nil { return err diff --git a/web/handlers/admin_role.go b/web/handlers/admin_role.go index b631ce2..daffddd 100644 --- a/web/handlers/admin_role.go +++ b/web/handlers/admin_role.go @@ -9,7 +9,7 @@ import ( "github.com/gofiber/fiber/v2" ) -func ListAdminRolesByAdmin(c *fiber.Ctx) error { +func AllAdminRoleByAdmin(c *fiber.Ctx) error { _, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeAdminRoleRead) if err != nil { return err @@ -23,7 +23,7 @@ func ListAdminRolesByAdmin(c *fiber.Ctx) error { return c.JSON(list) } -func PageAdminRolesByAdmin(c *fiber.Ctx) error { +func PageAdminRoleByAdmin(c *fiber.Ctx) error { _, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeAdminRoleRead) if err != nil { return err diff --git a/web/handlers/batch.go b/web/handlers/batch.go index 7841bfa..25a2783 100644 --- a/web/handlers/batch.go +++ b/web/handlers/batch.go @@ -12,8 +12,8 @@ import ( "github.com/gofiber/fiber/v2" ) -// PageResourceBatch 分页查询套餐提取记录 -func PageResourceBatch(ctx *fiber.Ctx) error { +// PageBatch 分页查询套餐提取记录 +func PageBatch(ctx *fiber.Ctx) error { // 检查权限 authCtx, err := auth.GetAuthCtx(ctx).PermitUser() if err != nil { @@ -59,7 +59,7 @@ type PageResourceBatchReq struct { // PageBatchByAdmin 分页查询所有提取记录 func PageBatchByAdmin(c *fiber.Ctx) error { - _, err := auth.GetAuthCtx(c).PermitAdmin() + _, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeBatchRead) if err != nil { return err } diff --git a/web/handlers/bill.go b/web/handlers/bill.go index 6ea0b0d..81bacd8 100644 --- a/web/handlers/bill.go +++ b/web/handlers/bill.go @@ -14,7 +14,7 @@ import ( // PageBillByAdmin 分页查询全部账单 func PageBillByAdmin(c *fiber.Ctx) error { // 检查权限 - _, err := auth.GetAuthCtx(c).PermitAdmin() + _, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeBillRead) if err != nil { return err } diff --git a/web/handlers/channel.go b/web/handlers/channel.go index a5d0305..1e971fb 100644 --- a/web/handlers/channel.go +++ b/web/handlers/channel.go @@ -15,10 +15,10 @@ import ( "github.com/gofiber/fiber/v2" ) -// PageChannelsByAdmin 分页查询所有通道 -func PageChannelsByAdmin(c *fiber.Ctx) error { +// PageChannelByAdmin 分页查询所有通道 +func PageChannelByAdmin(c *fiber.Ctx) error { // 检查权限 - _, err := auth.GetAuthCtx(c).PermitAdmin() + _, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeChannelRead) if err != nil { return err } @@ -98,8 +98,8 @@ type PageChannelsByAdminReq struct { ExpiredAtEnd *time.Time `json:"expired_at_end"` } -// 分页查询当前用户通道 -func ListChannels(c *fiber.Ctx) error { +// ListChannel 分页查询当前用户通道 +func ListChannel(c *fiber.Ctx) error { // 检查权限 authContext, err := auth.GetAuthCtx(c).PermitUser() if err != nil { @@ -169,9 +169,15 @@ type ListChannelsReq struct { ExpireBefore *time.Time `json:"expire_before"` } -// 创建新通道 +// CreateChannel 创建新通道 func CreateChannel(c *fiber.Ctx) error { + // 检查权限 + _, err := auth.GetAuthCtx(c).PermitUser() + if err != nil { + return err + } + // 解析参数 req := new(CreateChannelReq) if err := g.Validator.ParseBody(c, req); err != nil { diff --git a/web/handlers/coupon.go b/web/handlers/coupon.go index acaa8ab..fbfb007 100644 --- a/web/handlers/coupon.go +++ b/web/handlers/coupon.go @@ -33,7 +33,7 @@ func PageCouponByAdmin(c *fiber.Ctx) error { }) } -func AllCouponsByAdmin(c *fiber.Ctx) error { +func AllCouponByAdmin(c *fiber.Ctx) error { _, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeCouponRead) if err != nil { return err diff --git a/web/handlers/permission.go b/web/handlers/permission.go index 346a752..be20056 100644 --- a/web/handlers/permission.go +++ b/web/handlers/permission.go @@ -9,7 +9,7 @@ import ( "github.com/gofiber/fiber/v2" ) -func ListPermissionsByAdmin(c *fiber.Ctx) error { +func AllPermissionByAdmin(c *fiber.Ctx) error { _, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopePermissionRead) if err != nil { return err diff --git a/web/handlers/product.go b/web/handlers/product.go index 89dc197..855ece0 100644 --- a/web/handlers/product.go +++ b/web/handlers/product.go @@ -9,7 +9,7 @@ import ( "github.com/gofiber/fiber/v2" ) -func AllProductsByAdmin(c *fiber.Ctx) error { +func AllProductByAdmin(c *fiber.Ctx) error { // 检查权限 _, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeProductRead) if err != nil { diff --git a/web/handlers/product_discount.go b/web/handlers/product_discount.go index 779f3c6..b2c79db 100644 --- a/web/handlers/product_discount.go +++ b/web/handlers/product_discount.go @@ -9,8 +9,8 @@ import ( "github.com/gofiber/fiber/v2" ) -func PageProductDiscountByAdmin(c *fiber.Ctx) error { - _, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeProductDiscountRead) +func PageDiscountByAdmin(c *fiber.Ctx) error { + _, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeDiscountRead) if err != nil { return err } @@ -33,8 +33,8 @@ func PageProductDiscountByAdmin(c *fiber.Ctx) error { }) } -func AllProductDiscountsByAdmin(c *fiber.Ctx) error { - _, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeProductDiscountRead) +func AllDiscountByAdmin(c *fiber.Ctx) error { + _, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeDiscountRead) if err != nil { return err } @@ -47,8 +47,8 @@ func AllProductDiscountsByAdmin(c *fiber.Ctx) error { return c.JSON(list) } -func CreateProductDiscount(c *fiber.Ctx) error { - _, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeProductDiscountWrite) +func CreateDiscount(c *fiber.Ctx) error { + _, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeDiscountWrite) if err != nil { return err } @@ -66,8 +66,8 @@ func CreateProductDiscount(c *fiber.Ctx) error { return nil } -func UpdateProductDiscount(c *fiber.Ctx) error { - _, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeProductDiscountWrite) +func UpdateDiscount(c *fiber.Ctx) error { + _, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeDiscountWrite) if err != nil { return err } @@ -85,8 +85,8 @@ func UpdateProductDiscount(c *fiber.Ctx) error { return nil } -func DeleteProductDiscount(c *fiber.Ctx) error { - _, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeProductDiscountWrite) +func DeleteDiscount(c *fiber.Ctx) error { + _, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeDiscountWrite) if err != nil { return err } diff --git a/web/handlers/resource.go b/web/handlers/resource.go index e5cd6c6..0082feb 100644 --- a/web/handlers/resource.go +++ b/web/handlers/resource.go @@ -209,7 +209,7 @@ type PageResourceLongReq struct { // PageResourceShortByAdmin 分页查询全部短效套餐 func PageResourceShortByAdmin(c *fiber.Ctx) error { - _, err := auth.GetAuthCtx(c).PermitAdmin() + _, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeResourceRead) if err != nil { return err } @@ -303,7 +303,7 @@ type PageResourceShortByAdminReq struct { // PageResourceLongByAdmin 分页查询全部长效套餐 func PageResourceLongByAdmin(c *fiber.Ctx) error { - _, err := auth.GetAuthCtx(c).PermitAdmin() + _, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeResourceRead) if err != nil { return err } diff --git a/web/handlers/trade.go b/web/handlers/trade.go index bff309f..ad2d33b 100644 --- a/web/handlers/trade.go +++ b/web/handlers/trade.go @@ -21,7 +21,7 @@ import ( // PageTradeByAdmin 分页查询所有订单 func PageTradeByAdmin(c *fiber.Ctx) error { // 检查权限 - _, err := auth.GetAuthCtx(c).PermitAdmin() + _, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeTradeRead) if err != nil { return err } @@ -193,6 +193,12 @@ type TradeCancelReq struct { // 检查订单 func TradeCheck(c *fiber.Ctx) error { + // 检查权限 + _, err := auth.GetAuthCtx(c).PermitUser() + if err != nil { + return err + } + // 解析请求参数 req := new(TradeCheckReq) if err := g.Validator.ParseQuery(c, req); err != nil { diff --git a/web/handlers/user.go b/web/handlers/user.go index 71a5e27..92669fa 100644 --- a/web/handlers/user.go +++ b/web/handlers/user.go @@ -121,7 +121,7 @@ func PageUserByAdmin(c *fiber.Ctx) error { // 查询用户列表 users, total, err := q.User.Debug(). - Preload(q.User.Admin). + Preload(q.User.Admin, q.User.Discount). Omit(q.User.Password). Where(do). Order(q.User.CreatedAt). @@ -159,7 +159,7 @@ type PageUserByAdminReq struct { // 绑定管理员 func BindAdmin(c *fiber.Ctx) error { // 检查权限 - authCtx, err := auth.GetAuthCtx(c).PermitAdmin() + authCtx, err := auth.GetAuthCtx(c).PermitAdmin(core.ScopeUserWrite) if err != nil { return err } diff --git a/web/models/permission.go b/web/models/permission.go index defc4ac..d0d0898 100644 --- a/web/models/permission.go +++ b/web/models/permission.go @@ -8,6 +8,7 @@ type Permission struct { ParentID *int32 `json:"parent_id,omitempty" gorm:"column:parent_id"` // 父权限ID Name string `json:"name" gorm:"column:name"` // 权限名称 Description *string `json:"description,omitempty" gorm:"column:description"` // 权限描述 + Sort int `json:"sort" gorm:"column:sort"` // 排序 Parent *Permission `json:"parent,omitempty" gorm:"foreignKey:ParentID"` Children []*Permission `json:"children,omitempty" gorm:"foreignKey:ParentID"` diff --git a/web/queries/permission.gen.go b/web/queries/permission.gen.go index 5ef9102..d0f4813 100644 --- a/web/queries/permission.gen.go +++ b/web/queries/permission.gen.go @@ -34,6 +34,7 @@ func newPermission(db *gorm.DB, opts ...gen.DOOption) permission { _permission.ParentID = field.NewInt32(tableName, "parent_id") _permission.Name = field.NewString(tableName, "name") _permission.Description = field.NewString(tableName, "description") + _permission.Sort = field.NewInt(tableName, "sort") _permission.Children = permissionHasManyChildren{ db: db.Session(&gorm.Session{}), @@ -72,6 +73,7 @@ type permission struct { ParentID field.Int32 Name field.String Description field.String + Sort field.Int Children permissionHasManyChildren Parent permissionBelongsToParent @@ -98,6 +100,7 @@ func (p *permission) updateTableName(table string) *permission { p.ParentID = field.NewInt32(table, "parent_id") p.Name = field.NewString(table, "name") p.Description = field.NewString(table, "description") + p.Sort = field.NewInt(table, "sort") p.fillFieldMap() @@ -114,7 +117,7 @@ func (p *permission) GetFieldByName(fieldName string) (field.OrderExpr, bool) { } func (p *permission) fillFieldMap() { - p.fieldMap = make(map[string]field.Expr, 9) + p.fieldMap = make(map[string]field.Expr, 10) p.fieldMap["id"] = p.ID p.fieldMap["created_at"] = p.CreatedAt p.fieldMap["updated_at"] = p.UpdatedAt @@ -122,6 +125,7 @@ func (p *permission) fillFieldMap() { p.fieldMap["parent_id"] = p.ParentID p.fieldMap["name"] = p.Name p.fieldMap["description"] = p.Description + p.fieldMap["sort"] = p.Sort } diff --git a/web/routes.go b/web/routes.go index ca2e339..160763a 100644 --- a/web/routes.go +++ b/web/routes.go @@ -15,6 +15,7 @@ func ApplyRouters(app *fiber.App) { api := app.Group("/api") userRouter(api) adminRouter(api) + clientRouter(api) // 回调 callbacks := app.Group("/callback") @@ -45,7 +46,6 @@ func userRouter(api fiber.Router) { auth.Post("/token", auth2.Token) auth.Post("/revoke", auth2.Revoke) auth.Post("/introspect", auth2.Introspect) - auth.Post("/verify/sms", handlers.SmsCode) // 用户 user := api.Group("/user") @@ -67,19 +67,18 @@ func userRouter(api fiber.Router) { resource.Post("/list/short", handlers.PageResourceShort) resource.Post("/list/long", handlers.PageResourceLong) resource.Post("/create", handlers.CreateResource) - resource.Post("/price", handlers.ResourcePrice) + resource.Post("/statistics/free", handlers.StatisticResourceFree) resource.Post("/statistics/usage", handlers.StatisticResourceUsage) // 批次 batch := api.Group("/batch") - batch.Post("/page", handlers.PageResourceBatch) + batch.Post("/page", handlers.PageBatch) // 通道 channel := api.Group("/channel") - channel.Post("/list", handlers.ListChannels) + channel.Post("/list", handlers.ListChannel) channel.Post("/create", handlers.CreateChannel) - channel.Post("/remove", handlers.RemoveChannels) // 交易 trade := api.Group("/trade") @@ -101,7 +100,6 @@ func userRouter(api fiber.Router) { proxy.Post("/online", handlers.ProxyReportOnline) proxy.Post("/offline", handlers.ProxyReportOffline) proxy.Post("/update", handlers.ProxyReportUpdate) - proxy.Post("/register/baidyin", handlers.ProxyRegisterBaiYin) // 节点 edge := api.Group("/edge") @@ -113,39 +111,60 @@ func userRouter(api fiber.Router) { inquiry.Post("/create", handlers.CreateInquiry) } +// 客户端接口路由 +func clientRouter(api fiber.Router) { + client := api + + // 验证短信令牌 + client.Post("/sms/verify", handlers.SmsCode) + + // 套餐定价查询 + resource := client.Group("/resource") + resource.Post("/price", handlers.ResourcePrice) + + // 通道管理 + channel := client.Group("/channel") + channel.Post("/remove", handlers.RemoveChannels) + + // 代理网关注册 + proxy := client.Group("/proxy") + proxy.Post("/register/baidyin", handlers.ProxyRegisterBaiYin) +} + // 管理员接口路由 func adminRouter(api fiber.Router) { api = api.Group("/admin") - // permission 权限 - var permission = api.Group("/permission") - permission.Post("/list", handlers.ListPermissionsByAdmin) - permission.Post("/page", handlers.PagePermissionByAdmin) - - // admin-role 管理员角色 - var adminRole = api.Group("/admin-role") - adminRole.Post("/list", handlers.ListAdminRolesByAdmin) - adminRole.Post("/page", handlers.PageAdminRolesByAdmin) - adminRole.Post("/create", handlers.CreateAdminRole) - adminRole.Post("/update", handlers.UpdateAdminRole) - adminRole.Post("/remove", handlers.RemoveAdminRole) - - // admin 管理员账户 + // admin 管理员 var admin = api.Group("/admin") - admin.Post("/page", handlers.PageAdminsByAdmin) - admin.Post("/all", handlers.ListAdminsByAdmin) + admin.Post("/all", handlers.AllAdminByAdmin) + admin.Post("/page", handlers.PageAdminByAdmin) admin.Post("/create", handlers.CreateAdmin) admin.Post("/update", handlers.UpdateAdmin) admin.Post("/remove", handlers.RemoveAdmin) + // admin-role 管理员角色 + var adminRole = api.Group("/admin-role") + adminRole.Post("/list", handlers.AllAdminRoleByAdmin) + adminRole.Post("/page", handlers.PageAdminRoleByAdmin) + adminRole.Post("/create", handlers.CreateAdminRole) + adminRole.Post("/update", handlers.UpdateAdminRole) + adminRole.Post("/remove", handlers.RemoveAdminRole) + + // permission 权限 + var permission = api.Group("/permission") + permission.Post("/list", handlers.AllPermissionByAdmin) + permission.Post("/page", handlers.PagePermissionByAdmin) + // user 用户 var user = api.Group("/user") user.Post("/page", handlers.PageUserByAdmin) - user.Post("/bind", handlers.BindAdmin) user.Post("/create", handlers.CreateUserByAdmin) user.Post("/update", handlers.UpdateUserByAdmin) user.Post("/remove", handlers.RemoveUserByAdmin) + user.Post("/bind", handlers.BindAdmin) + // resource 套餐 var resource = api.Group("/resource") resource.Post("/short/page", handlers.PageResourceShortByAdmin) @@ -153,15 +172,15 @@ func adminRouter(api fiber.Router) { resource.Post("/update", handlers.UpdateResourceByAdmin) // batch 批次 - var usage = api.Group("batch") - usage.Post("/page", handlers.PageBatchByAdmin) + var batch = api.Group("/batch") + batch.Post("/page", handlers.PageBatchByAdmin) // channel 通道 var channel = api.Group("/channel") - channel.Post("/page", handlers.PageChannelsByAdmin) + channel.Post("/page", handlers.PageChannelByAdmin) // trade 交易 - var trade = api.Group("trade") + var trade = api.Group("/trade") trade.Post("/page", handlers.PageTradeByAdmin) // bill 账单 @@ -170,29 +189,31 @@ func adminRouter(api fiber.Router) { // product 产品 var product = api.Group("/product") - product.Post("/all", handlers.AllProductsByAdmin) + product.Post("/all", handlers.AllProductByAdmin) product.Post("/create", handlers.CreateProduct) product.Post("/update", handlers.UpdateProduct) product.Post("/remove", handlers.DeleteProduct) + product.Post("/sku/all", handlers.AllProductSkuByAdmin) product.Post("/sku/page", handlers.PageProductSkuByAdmin) product.Post("/sku/create", handlers.CreateProductSku) product.Post("/sku/update", handlers.UpdateProductSku) - product.Post("/sku/update/discount/batch", handlers.BatchUpdateProductSkuDiscount) product.Post("/sku/remove", handlers.DeleteProductSku) + product.Post("/sku/update/discount/batch", handlers.BatchUpdateProductSkuDiscount) + // discount 折扣 var discount = api.Group("/discount") - discount.Post("/page", handlers.PageProductDiscountByAdmin) - discount.Post("/all", handlers.AllProductDiscountsByAdmin) - discount.Post("/create", handlers.CreateProductDiscount) - discount.Post("/update", handlers.UpdateProductDiscount) - discount.Post("/remove", handlers.DeleteProductDiscount) + discount.Post("/all", handlers.AllDiscountByAdmin) + discount.Post("/page", handlers.PageDiscountByAdmin) + discount.Post("/create", handlers.CreateDiscount) + discount.Post("/update", handlers.UpdateDiscount) + discount.Post("/remove", handlers.DeleteDiscount) // coupon 优惠券 var coupon = api.Group("/coupon") + coupon.Post("/all", handlers.AllCouponByAdmin) coupon.Post("/page", handlers.PageCouponByAdmin) - coupon.Post("/all", handlers.AllCouponsByAdmin) coupon.Post("/create", handlers.CreateCoupon) coupon.Post("/update", handlers.UpdateCoupon) coupon.Post("/remove", handlers.DeleteCoupon) diff --git a/web/services/permission.go b/web/services/permission.go index 83c6ec0..eeb4df1 100644 --- a/web/services/permission.go +++ b/web/services/permission.go @@ -11,7 +11,7 @@ var Permission = &permissionService{} type permissionService struct{} func (r *permissionService) ListPermissions() (result []*m.Permission, err error) { - return q.Permission.Find() + return q.Permission.Order(q.Permission.Sort).Find() } func (p *permissionService) PagePermissions(req core.PageReq) (result []*m.Permission, count int64, err error) {