wip:搜索接口增加权限判断

src/config.json

@@ -325,5 +325,9 @@
     "searchTypeSwitch": true,
     "fileSignBool":true,
     "baseUserFilterFlag":false,
-    "userCenterApi":"https://web-zxl.jydev.jianyu360.com"
+    "userCenterApi":"https://web-zxl.jydev.jianyu360.com",
+    "resourceCenter": "https://web-zxl.jydev.jianyu360.com",
+    "resourceCenterUrl": {
+    "haspowers": "/resourceCenter/haspowers"
+  }
 }

src/jfw/config/config.go

@@ -13,6 +13,11 @@ var Seoconfig map[string]interface{}
 var WeixinConfig map[string]interface{}
 var PhoneFilterConfig map[string]interface{}
 var Wxoauth, Wxoauthinfo string
+var ResourceApi ResourceApiConfig
+
+type ResourceApiConfig struct {
+	HasPowers string // 获取我的所有权限api
+}
 
 var GmailAuth []*mail.GmailAuth
 
@@ -45,4 +50,14 @@ func init() {
 
 	//PC端商机管理配置
 	util.ReadConfig("./entnichePc.json", &EntnichePcConf)
+	// 资源中心
+	resourceCenterUrl, ok := Sysconfig["resourceCenterUrl"].(map[string]interface{})
+	if !ok {
+		panic("未获取到资源中心url配置")
+	}
+	resourceCenter, ok := Sysconfig["resourceCenter"].(string)
+	if !ok {
+		panic("未获取到资源中心配置")
+	}
+	ResourceApi.HasPowers = resourceCenter + util.ObjToString(resourceCenterUrl["haspowers"])
 }

src/jfw/front/supsearch.go

@@ -50,7 +50,8 @@ var (
 	}
 )
 
-//
+// MedicalFunctionCode 医疗行业权益代码
+var MedicalFunctionCode = "lyh_yl_ylbxss"
 
 func init() {
 	xweb.AddAction(&Pcsearch{})
@@ -233,6 +234,18 @@ func (p *Pcsearch) GetNewBids() error {
 		if domainPageType, ok := DomainPageType[bidField]; ok {
 			pageType = domainPageType
 		}
+		userId, _ := p.GetSession("userId").(string)
+
+		// 如果没有权限
+		if !jy.HasBidFieldPower(config.ResourceApi.HasPowers, userId, MedicalFunctionCode) {
+			p.T["list"] = []map[string]interface{}{}
+			p.ServeJson(map[string]interface{}{
+				"list":      []map[string]interface{}{},
+				"count":     0,
+				"totalPage": 0,
+			})
+			return nil
+		}
 	}
 	p.T["list"] = PCS_list(pageType) //Newbids("")[0]
 	rs := Newbids(pageType)
@@ -296,7 +309,20 @@ func (p *Pcsearch) PcSearchIndex(module string) error {
 	fileExists := p.GetString("fileExists")                //是否有附件--所有用户都可用此功能 0：全部；1：有附件；-1：无附件
 
 	userId, _ := p.GetSession("userId").(string)
+	if bidField != "" { // 如果是领域化数据 判断是否是付费用户 是否有权限
+		vipStatus := jy.GetVipState(public.Mysql, public.MQFW, userId)
+		isPayedUser := vipStatus.IsPayedUser()
+		if !isPayedUser {
+			p.T["list"] = []map[string]interface{}{}
+			return p.Render("/pc/supsearch.html", &p.T)
+		}
+		// 是否开通过领域化权益
+		if !jy.HasBidFieldPower(config.ResourceApi.HasPowers, userId, MedicalFunctionCode) {
+			p.T["list"] = []map[string]interface{}{}
+			return p.Render("/pc/supsearch.html", &p.T)
 
+		}
+	}
 	//高级筛选 仅vip用户可查询
 	var hasBuyerTel, hasWinnerTel string = "", "" //是否有采购单位电话、是否有中标单位电话 y:有 n:没有
 	var buyerclass string = ""                    //采购单位类别
@@ -431,6 +457,7 @@ func (p *Pcsearch) PcSearchIndex(module string) error {
 		//企业画像 权限
 		p.T["portraitpower"] = jylabutil.IsAuthorized(userId, "i_portraitpower")
 	}
+
 	return p.Render("/pc/supsearch.html", &p.T)
 }
 

src/jfw/front/swordfish.go

@@ -84,6 +84,23 @@ func (m *Front) PcAjaxReq() {
 		tabularflag = ""
 	}
 	reqType := m.GetString("reqType")
+	if bidField != "" { // 如果是领域化数据 判断是否是付费用户 是否有权限
+		vipStatus := jy.GetVipState(public.Mysql, public.MQFW, userId)
+		isPayedUser := vipStatus.IsPayedUser()
+		if !isPayedUser {
+			m.ServeJson(map[string]interface{}{
+				"list": []map[string]interface{}{},
+			})
+			return
+		}
+		// 是否开通过领域化权益
+		if !jy.HasBidFieldPower(config.ResourceApi.HasPowers, userId, MedicalFunctionCode) {
+			m.ServeJson(map[string]interface{}{
+				"list": []map[string]interface{}{},
+			})
+			return
+		}
+	}
 	//获取最新招标信息
 	if reqType == "lastBids" {
 		//ls := elastic.GetPage(INDEX, TYPE, "{}", bidSearch_sort, bidSearch_field_1, 0, 18)

src/jfw/modules/common/src/qfw/util/jy/payUser.go

@@ -1,7 +1,14 @@
 package jy
 
 import (
+	"bytes"
+	"encoding/json"
+	"errors"
+	"io"
+	"io/ioutil"
+	"log"
 	"mongodb"
+	"net/http"
 	qu "qfw/util"
 	"qfw/util/mysql"
 	"strings"
@@ -94,3 +101,73 @@ func (vs *VipState) GetQueryItems(selectType string, limitOldTime int64) (items
 	}
 	return
 }
+
+// HasBidFieldPower 获取用户是否有领域化数据权限
+func HasBidFieldPower(url string, userId string, functionCode string) bool {
+	// 是否开通过权益
+	header := map[string]string{
+		"newUserId": userId,
+	}
+	byJson, err := PostByJson(url, []byte(""), header)
+	if err != nil || byJson == nil {
+		log.Println("查询用户权益", url, userId, functionCode, err)
+		return false
+	}
+	if byJson != nil {
+		powerList := byJson["data"].([]interface{})
+		for i := 0; i < len(powerList); i++ {
+			if powerList[i] == functionCode {
+				return true
+			}
+		}
+	}
+	return false
+}
+
+func PostByJson(reqUrl string, data []byte, header map[string]string) (rs map[string]interface{}, err error) {
+	reqData := bytes.NewBuffer(data)
+	log.Println("请求参数", reqData)
+	method := "POST"
+	client := &http.Client{}
+	req, err2 := http.NewRequest(method, reqUrl, reqData)
+	if err2 != nil {
+		log.Println(err2)
+	}
+	req.Header.Add("Content-Type", "application/json")
+	if header != nil && len(header) > 0 {
+		for k, v := range header {
+			req.Header.Add(k, v)
+
+		}
+	}
+	log.Printf("请求url:%v", reqUrl)
+	log.Printf("请求header:%v", header)
+	res, err3 := client.Do(req)
+	if err3 != nil {
+		log.Println(err3)
+	}
+	log.Printf("err:%v,结果:%v", err3, res)
+	defer func(Body io.ReadCloser) {
+		err6 := Body.Close()
+		if err6 != nil {
+			log.Println("ReadCloser Err", err6)
+		}
+	}(res.Body)
+
+	if err3 != nil {
+		log.Println("请求失败：", err3)
+		return map[string]interface{}{}, errors.New("请求失败")
+	}
+	body, err4 := ioutil.ReadAll(res.Body)
+	if err4 != nil {
+		log.Println("读取响应数据信息失败", err4)
+		return map[string]interface{}{}, errors.New("读取响应信息失败")
+	}
+	err5 := json.Unmarshal(body, &rs)
+	if err5 != nil {
+		log.Println("反序列化数据失败", err5)
+		return map[string]interface{}{}, errors.New("反序列化数据失败")
+	}
+	log.Println("结果：", rs)
+	return rs, nil
+}

src/jfw/modules/common/src/qfw/util/jy/payUser_test.go

@@ -0,0 +1,27 @@
+package jy
+
+import "testing"
+
+func TestHasBidFieldPower(t *testing.T) {
+	type args struct {
+		url          string
+		userId       string
+		functionCode string
+	}
+	tests := []struct {
+		name string
+		args args
+		want bool
+	}{
+		{
+			"获取用户是否有领域化权益", args{"http://192.168.3.206:1006/resourceCenter/haspowers", "69946", "lyh_yl_ylbxss"}, true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := HasBidFieldPower(tt.args.url, tt.args.userId, tt.args.functionCode); got != tt.want {
+				t.Errorf("HasBidFieldPower() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}