From 8067331a1f4c788c6ecc41e2face3a0180422e96 Mon Sep 17 00:00:00 2001
From: HuangZhi <huangzhi@wodcloud.com>
Date: Wed, 5 Jul 2023 17:00:14 +0800
Subject: [PATCH] =?UTF-8?q?=E6=9A=82=E5=AD=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/bean/entity/system_access_rule.go      |  33 +++
 src/bean/entity/system_user_behavior.go    |  23 ++
 src/bean/vo/request/system_access_rule.go  |  45 +++
 src/bean/vo/response/system_access_rule.go |  28 ++
 src/controller/system_access_rule.go       | 138 ++++++++++
 src/pkg/beagle/license/license_test.go     |  24 ++
 src/router/system_access_rule.go           |  36 +++
 src/service/loginlog.go                    |  28 ++
 src/service/system_access_rule.go          | 305 +++++++++++++++++++++
 9 files changed, 660 insertions(+)
 create mode 100644 src/bean/entity/system_access_rule.go
 create mode 100644 src/bean/entity/system_user_behavior.go
 create mode 100644 src/bean/vo/request/system_access_rule.go
 create mode 100644 src/bean/vo/response/system_access_rule.go
 create mode 100644 src/controller/system_access_rule.go
 create mode 100644 src/pkg/beagle/license/license_test.go
 create mode 100644 src/router/system_access_rule.go
 create mode 100644 src/service/loginlog.go
 create mode 100644 src/service/system_access_rule.go

diff --git a/src/bean/entity/system_access_rule.go b/src/bean/entity/system_access_rule.go
new file mode 100644
index 0000000..9bfaa64
--- /dev/null
+++ b/src/bean/entity/system_access_rule.go
@@ -0,0 +1,33 @@
+package entity
+
+import (
+	"gitlab.wodcloud.com/smart-operation/so-operation-api/src/pkg/beagle/jsontime"
+	"time"
+)
+
+type SystemAccessRule struct {
+	Id          int32         `json:"id" xorm:"pk autoincr" `            // id
+	RuleName    string        `json:"rule_name" xorm:"rule_name"`        // 规则名称
+	RuleType    int           `json:"rule_type" xorm:"rule_type"`        // 规则类型
+	RuleDetail  string        `json:"rule_detail" xorm:"rule_detail"`    // 规则
+	State       int           `json:"state" xorm:"state"`                // 状态0禁用1启用
+	CreatedBy   int           `json:"created_by"  `                      // 创建者
+	CreatedTime jsontime.Time `json:"created_time" xorm:"created_time" ` // 创建时间
+	UpdatedBy   int           `json:"updated_by"  `                      // 更新者
+	UpdatedTime jsontime.Time `json:"updated_time" xorm:"updated_time" ` // 更新时间
+	RuleId      string        `json:"rule_id"  xorm:"rule_id"`           //规则id
+}
+
+func (*SystemAccessRule) TableName() string {
+	return "system_access_rule"
+}
+
+type SystemRuleUser struct {
+	UserId      int       `json:"user_id" xorm:"user_id" `           // 系统账号id
+	RuleId      string    `json:"rule_id" xorm:"rule_id"`            // 规则id
+	CreatedTime time.Time `json:"created_time" xorm:"created_time" ` // 创建时间
+}
+
+func (*SystemRuleUser) TableName() string {
+	return "system_rule_user"
+}
diff --git a/src/bean/entity/system_user_behavior.go b/src/bean/entity/system_user_behavior.go
new file mode 100644
index 0000000..f124d91
--- /dev/null
+++ b/src/bean/entity/system_user_behavior.go
@@ -0,0 +1,23 @@
+package entity
+
+import "time"
+
+type SystemUserBehavior struct {
+	Id             int       `json:"id" xorm:"pk autoincr"`       //主键id
+	UserId         int       `json:"user_id"`                     //用户id
+	OrganizationId string    `json:"organization_id"`             //组织uuid
+	SystemModule   string    `json:"system_module"`               //系统模块
+	OperateType    string    `json:"operate_type"`                //操作类型
+	ReqMethod      int       `json:"req_method"`                  //请求方式
+	OperateStatus  int       `json:"operate_status"`              //操作状态
+	OperateIp      string    `json:"operate_ip"`                  //操作ip信息
+	OperateAddr    string    `json:"operate_addr"`                //操作地点
+	CreatedTime    time.Time `json:"created_time" xorm:"created"` //操作时间
+	IsDeleted      int       `json:"is_deleted"`                  //是否删除
+	OperateMethod  string    `json:"operate_method"`              //操作方法函数名
+	ResFields      string    `json:"res_fields"`                  //返回参数
+	ReqParam       string    `json:"req_param"`                   //请求参数
+	ReqUrl         string    `json:"req_url"`                     //请求地址
+	AppId          string    `json:"app_id"`
+	Phone          string    `json:"phone" xorm:"-"`
+}
diff --git a/src/bean/vo/request/system_access_rule.go b/src/bean/vo/request/system_access_rule.go
new file mode 100644
index 0000000..71053c7
--- /dev/null
+++ b/src/bean/vo/request/system_access_rule.go
@@ -0,0 +1,45 @@
+package request
+
+type AddSystemAccessRuleReq struct {
+	RuleName   string      `json:"ruleName" vd:"len($)>0;msg:'请输入规则名称'"`       // 规则名称
+	State      int         `json:"state" vd:"$ == 0 || $ == 1;msg:'请选择正确的状态'"` // 状态0禁用1启用
+	RuleType   int         `json:"ruleType" vd:"$ == 1;msg:'请选择正确的规则类型'"`      // 规则类型
+	RuleDetail string      `json:"ruleDetail" vd:"len($)>0;msg:'请输入规则'"`       // 规则
+	UserScope  []UserScope `json:"userScope"  vd:"len($)>0;msg:'请选择用户范围'"`     //用户范围
+	CreatedBy  int         `json:"createdBy" `                                 //创建人
+}
+
+type UserScope struct {
+	UserId int `json:"user_id"` // 系统账号id
+}
+
+type UpdateAccessRuleReq struct {
+	RuleId     string      `json:"ruleId" vd:"len($)>0;msg:'请输入规则id'"`         // 规则ID
+	RuleName   string      `json:"ruleName" vd:"len($)>0;msg:'请输入规则名称'"`       // 规则名称
+	State      int         `json:"state" vd:"$ == 0 || $ == 1;msg:'请选择正确的状态'"` // 状态0禁用1启用
+	RuleType   int         `json:"ruleType" vd:"$ == 1;msg:'请选择正确的规则类型'"`      // 规则类型
+	RuleDetail string      `json:"ruleDetail" vd:"len($)>0;msg:'请输入规则'"`       // 规则
+	UserScope  []UserScope `json:"userScope"  vd:"len($)>0;msg:'请选择用户范围'"`     //用户范围
+	UpdatedBy  int         `json:"updatedBy" `                                 //修改人
+}
+
+type DelAccessRuleReq struct {
+	RuleId []string `json:"ruleId" vd:"len($)>0;msg:'请输入规则id'"` // 规则ID
+}
+
+type ListAccessRuleReq struct {
+	Search string `json:"search" form:"search"` // 关键词搜索
+	Pagination
+	UpdatedTimeFrom string `json:"updatedTimeFrom" form:"updatedTimeFrom"` // 修改时间从
+	UpdatedTimeTo   string `json:"updatedTimeTo" form:"updatedTimeTo"`     // 修改时间至
+}
+
+type ListRuleUserReq struct {
+	Search string `json:"search" form:"search"` // 关键词搜索
+	Pagination
+	Id      int `json:"id" form:"id"`           // 账号
+	IsAdmin int `json:"isAdmin" form:"isAdmin"` // 用户类型(1.业务系统账号 2.组织管理员账号 3.平台用户账号 4.超级管理员)
+	//Name           string `json:"name" form:"name"`                     // 所属组织
+	OrganizationId string `json:"organizationId" form:"organizationId"` // 组织ID
+	Disp           int    `json:"disp" form:"disp"`                     // 展示维度（0：展示访问规则已选用户，1：展示所有用户）
+}
diff --git a/src/bean/vo/response/system_access_rule.go b/src/bean/vo/response/system_access_rule.go
new file mode 100644
index 0000000..d3c2c1e
--- /dev/null
+++ b/src/bean/vo/response/system_access_rule.go
@@ -0,0 +1,28 @@
+package response
+
+import (
+	"gitlab.wodcloud.com/smart-operation/so-operation-api/src/pkg/beagle/jsontime"
+)
+
+type SystemAccessRule struct {
+	Id          int32         `json:"id" xorm:"pk autoincr" `            // id
+	RuleId      string        `json:"rule_id"  xorm:"rule_id"`           //规则id
+	RuleName    string        `json:"rule_name" xorm:"rule_name"`        // 规则名称
+	RuleType    int           `json:"rule_type" xorm:"rule_type"`        // 规则类型
+	NumUser     int           `json:"num_user" xorm:"num_user"`          // 用户数量
+	RuleDetail  string        `json:"rule_detail" xorm:"rule_detail"`    // 规则描述
+	State       int           `json:"state" xorm:"state"`                // 状态0禁用1启用
+	CreatedBy   int           `json:"created_by"`                        // 创建者
+	CreatedTime jsontime.Time `json:"created_time" xorm:"created_time" ` // 创建时间
+	UpdatedBy   int           `json:"updated_by"  `                      // 更新者
+	UpdatedTime jsontime.Time `json:"updated_time" xorm:"updated_time" ` // 更新时间
+}
+
+type SystemUserAccessRule struct {
+	UserId        int    `json:"user_id" xorm:"user_id" `             // 用户id
+	SystemAccount string `json:"systemAccount" xorm:"system_account"` // 账号
+	//IsAdmin       int    `json:"isAdmin"  xorm:"is_admin"`            //用户类型(1.业务系统账号 2.组织管理员账号 3.平台用户账号 4.超级管理员)
+	Phone    string `json:"phone" xorm:"phone"`       // 用户手机号
+	Name     string `json:"name" xorm:"name"`         // 所属组织
+	Selected string `json:"selected" xorm:"selected"` // 是否已选
+}
diff --git a/src/controller/system_access_rule.go b/src/controller/system_access_rule.go
new file mode 100644
index 0000000..e07936c
--- /dev/null
+++ b/src/controller/system_access_rule.go
@@ -0,0 +1,138 @@
+package controller
+
+import (
+	vd "github.com/bytedance/go-tagexpr/validator"
+	"github.com/gin-gonic/gin"
+	"github.com/spf13/cast"
+	"gitlab.wodcloud.com/smart-operation/so-operation-api/src/bean/vo/request"
+	"gitlab.wodcloud.com/smart-operation/so-operation-api/src/pkg/beagle/resp"
+	"gitlab.wodcloud.com/smart-operation/so-operation-api/src/router/middleware/header"
+	"gitlab.wodcloud.com/smart-operation/so-operation-api/src/service"
+)
+
+// AddAccessRule 新增访问规则
+func AddAccessRule(c *gin.Context) {
+	params := request.AddSystemAccessRuleReq{}
+	if err := c.ShouldBindJSON(&params); err != nil {
+		SendJsonResponse(c, resp.InvalidParam.WithError(err), nil)
+		return
+	}
+	if err := vd.Validate(params); err != nil {
+		SendJsonResponse(c, err, "")
+		return
+	}
+	user := header.GetUser(c)
+	if user.Id == 0 {
+		SendJsonResponse(c, resp.LoginFail, "")
+		return
+	}
+	params.CreatedBy = user.Id
+
+	err := service.AddAccessRule(params)
+	if err != nil {
+		SendJsonResponse(c, err, nil)
+		return
+	}
+	SendJsonResponse(c, resp.OK, nil)
+}
+
+// UpdateAccessRule 编辑访问规则
+func UpdateAccessRule(c *gin.Context) {
+	params := request.UpdateAccessRuleReq{}
+	if err := c.ShouldBindJSON(&params); err != nil {
+		SendJsonResponse(c, resp.InvalidParam.WithError(err), nil)
+		return
+	}
+	if err := vd.Validate(params); err != nil {
+		SendJsonResponse(c, resp.InvalidParam.WithError(err), "")
+		return
+	}
+	user := header.GetUser(c)
+	if user.Id == 0 {
+		SendJsonResponse(c, resp.LoginFail, "")
+		return
+	}
+	params.UpdatedBy = user.Id
+	err := service.UpdateAccessRule(params)
+	if err != nil {
+		SendJsonResponse(c, err, nil)
+		return
+	}
+	SendJsonResponse(c, resp.OK, nil)
+}
+
+// DelAccessRule 删除访问规则
+func DelAccessRule(c *gin.Context) {
+	params := request.DelAccessRuleReq{}
+	if err := c.ShouldBindJSON(&params); err != nil {
+		SendJsonResponse(c, resp.InvalidParam.ErrorDetail(err), nil)
+		return
+	}
+	err := service.DelAccessRule(params.RuleId)
+	if err != nil {
+		SendJsonResponse(c, err, nil)
+		return
+	}
+	SendJsonResponse(c, resp.OK, nil)
+}
+
+// ListAccessRule 访问规则列表
+func ListAccessRule(c *gin.Context) {
+	params := request.ListAccessRuleReq{}
+	// 绑定分页数据
+	if err := c.ShouldBindQuery(&params); err != nil {
+		SendJsonResponse(c, resp.InvalidParam.ErrorDetail(err), nil)
+		return
+	}
+	// 分页数据初始化 limit page  Offset
+	list, count, err := service.ListAccessRule(&params)
+	if err != nil {
+		SendJsonResponse(c, err, nil)
+		return
+	}
+	SendJsonPageResponse(c, err, list, count)
+}
+
+// ListRuleUser 查询用户详情列表
+func ListRuleUser(c *gin.Context) {
+	params := request.ListRuleUserReq{}
+	// 绑定分页数据
+	if err := c.ShouldBindQuery(&params); err != nil {
+		SendJsonResponse(c, resp.InvalidParam.ErrorDetail(err), nil)
+		return
+	}
+	list, count, err := service.ListRuleUser(&params)
+	if err != nil {
+		SendJsonResponse(c, err, nil)
+		return
+	}
+	SendJsonPageResponse(c, err, list, count)
+}
+
+// UpdateState 修改规则状态
+func UpdateState(c *gin.Context) {
+	var (
+		err   error
+		id    string
+		state string
+	)
+	id = c.Query("id")
+	state = c.Query("state")
+	if id == "" || state == "" {
+		SendJsonResponse(c, resp.InvalidParam, nil)
+		return
+	}
+
+	user := header.GetUser(c)
+	if user.Id == 0 {
+		SendJsonResponse(c, resp.LoginFail, "")
+		return
+	}
+	updatedBy := user.Id
+	err = service.UpdateState(cast.ToInt(id), cast.ToInt(state), updatedBy)
+	if err != nil {
+		SendJsonResponse(c, err, nil)
+		return
+	}
+	SendJsonResponse(c, resp.OK, nil)
+}
diff --git a/src/pkg/beagle/license/license_test.go b/src/pkg/beagle/license/license_test.go
new file mode 100644
index 0000000..bbed814
--- /dev/null
+++ b/src/pkg/beagle/license/license_test.go
@@ -0,0 +1,24 @@
+package license
+
+import "testing"
+
+func TestGetAesString(t *testing.T) {
+	key := License{
+		ClusterID:    "00793A94-B73F-4316-83B6-A37C23861111",
+		ClusterNode:  1,
+		TaskName:     "测试",
+		CustomerName: "智能运维平台",
+		Version:      "v1.0",
+		DeadDate:     "2024-07-06",
+		StartDate:    "2025-07-06",
+		ValidDate:    -1,
+	}
+	ecs, err := GetAesString(key)
+	if err != nil {
+		t.Error(err)
+		return
+	}
+	t.Logf("加密结果为: %v", ecs)
+}
+
+// Dc6DzohgtVOlKz29fKDGoUvnaiuk+Ei04mBaWnwa7hpvuc0/j8v0rsk0B4cI27DHLaFSklv9VPdk4mmqyYfYQgv6WE3B5XTsdxm9CGCXxq7bAXrRbuTdGhYvAKWKSwkY84DZk4gM3nCY8JYYxOT7feHHg+Qa4Lkiuxz5l4IF+3SkkXsDmWBWMbKTK2sM4RsvXRWctUIGWPfzXoxWD+cNV6xBd53f3AsYycTFOXpIzL4RodnhcbFXJJn2ZYU2XIaHylVyfDyKPVuWujDiqA8WvA==
diff --git a/src/router/system_access_rule.go b/src/router/system_access_rule.go
new file mode 100644
index 0000000..29e16ce
--- /dev/null
+++ b/src/router/system_access_rule.go
@@ -0,0 +1,36 @@
+package router
+
+import (
+	"fmt"
+	"github.com/gin-gonic/gin"
+	"gitlab.wodcloud.com/smart-operation/so-operation-api/src/common/conf"
+	"gitlab.wodcloud.com/smart-operation/so-operation-api/src/controller"
+	"gitlab.wodcloud.com/smart-operation/so-operation-api/src/pkg/beagle/constant"
+	"gitlab.wodcloud.com/smart-operation/so-operation-api/src/router/middleware/header"
+)
+
+// 初始化配置管理路由
+func InitAccessRuleRouter(e *gin.Engine) {
+	sys := e.Group(fmt.Sprintf("%s/sysOptions", conf.Options.Prefix), header.SetContext)
+	{
+		sys.GET("", controller.GetSystemOptions)                  // 获取系统首选项信息
+		sys.POST("licenseOpts", controller.SetLicenseOptions)     // 设置授权信息
+		sys.POST("loginPageOpts", controller.SetLoginPageOptions) // 设置授权信息
+		sys.POST("safeOpts", controller.SetSafeOptions)           // 设置安全选项
+		sys.POST("loginOpts", controller.SetLoginOptions)         // 设置登录选项
+		sys.GET("checkLicense", controller.CheckLicense)          // 校验license是否有效
+		sys.POST("reStartConfig", controller.ReStartConfig)       // 一键还原受限
+		sys.POST("getLicenseInfo", controller.GetLicenseInfo)     // 获取license信息
+	}
+
+	rule := e.Group(fmt.Sprintf("%s/accessRole", conf.Options.Prefix), header.SetContext)
+	{
+		rule.POST("addAccessRule", controller.AddAccessRule, header.AddLogMiddleware("访问规则管理", "/addAccessRule", constant.OpTypeIntMap[constant.Add]))          // 新增访问规则
+		rule.PUT("updateAccessRule", controller.UpdateAccessRule, header.AddLogMiddleware("访问规则管理", "/updateAccessRule", constant.OpTypeIntMap[constant.Edit])) // 编辑访问规则
+		rule.DELETE("delAccessRule", controller.DelAccessRule, header.AddLogMiddleware("访问规则管理", "/delAccessRule", constant.OpTypeIntMap[constant.AllDelete]))  // 删除访问规则
+		rule.GET("listAccessRule", controller.ListAccessRule, header.AddLogMiddleware("访问规则管理", "/listAccessRule", constant.OpTypeIntMap[constant.Find]))       // 查询访问规则列表
+		rule.GET("listRuleUser", controller.ListRuleUser)                                                                                                       // 查询用户详情列表
+		rule.PUT("updateState", controller.UpdateState)                                                                                                         // 修改规则状态
+	}
+
+}
diff --git a/src/service/loginlog.go b/src/service/loginlog.go
new file mode 100644
index 0000000..f5aa464
--- /dev/null
+++ b/src/service/loginlog.go
@@ -0,0 +1,28 @@
+package service
+
+import (
+	"gitlab.wodcloud.com/smart-operation/so-operation-api/src/bean/entity"
+	"gitlab.wodcloud.com/smart-operation/so-operation-api/src/common/client"
+	"gitlab.wodcloud.com/smart-operation/so-operation-api/src/common/conf"
+	"gitlab.wodcloud.com/smart-operation/so-operation-api/src/pkg/beagle/resp"
+
+	"go.uber.org/zap"
+)
+
+type LogSvc struct {
+}
+
+// 添加用户行为日志
+func (l *LogSvc) AddBehaviorLog(log entity.SystemUserBehavior) error {
+	db, err := client.GetDbClient()
+	if err != nil {
+		conf.Logger.Error("数据库连接失败", zap.Error(err))
+		return resp.DbConnectError.ErrorDetail(err)
+	}
+	_, err = db.Table("system_user_behavior").InsertOne(&log)
+	if err != nil {
+		conf.Logger.Error("insert error", zap.Error(err))
+		return resp.DbInsertError.ErrorDetail(err)
+	}
+	return nil
+}
diff --git a/src/service/system_access_rule.go b/src/service/system_access_rule.go
new file mode 100644
index 0000000..af557c4
--- /dev/null
+++ b/src/service/system_access_rule.go
@@ -0,0 +1,305 @@
+package service
+
+import (
+	"errors"
+	"fmt"
+	"gitlab.wodcloud.com/smart-operation/so-operation-api/src/bean/entity"
+	"gitlab.wodcloud.com/smart-operation/so-operation-api/src/bean/vo/request"
+	"gitlab.wodcloud.com/smart-operation/so-operation-api/src/bean/vo/response"
+	"gitlab.wodcloud.com/smart-operation/so-operation-api/src/common/client"
+	"gitlab.wodcloud.com/smart-operation/so-operation-api/src/common/conf"
+	"gitlab.wodcloud.com/smart-operation/so-operation-api/src/pkg/beagle/jsontime"
+	"gitlab.wodcloud.com/smart-operation/so-operation-api/src/pkg/beagle/resp"
+	"gitlab.wodcloud.com/smart-operation/so-operation-api/src/util"
+	"time"
+	"xorm.io/xorm"
+
+	"go.uber.org/zap"
+)
+
+type SystemAccessRule struct {
+	User entity.SystemUserInfo
+}
+
+// AddAccessRule 新增访问规则
+func AddAccessRule(params request.AddSystemAccessRuleReq) (err error) {
+	// 拼装 访问规则 字段信息
+	systemAccessRule := entity.SystemAccessRule{
+		RuleId:      util.GetUUID(),
+		RuleName:    params.RuleName,
+		State:       params.State,
+		RuleType:    params.RuleType,
+		RuleDetail:  params.RuleDetail,
+		CreatedBy:   params.CreatedBy,
+		UpdatedBy:   params.CreatedBy,
+		CreatedTime: jsontime.Time(time.Now()),
+		UpdatedTime: jsontime.Time(time.Now()),
+	}
+
+	// 拼装 规则适用 用户范围 字段信息
+	systemRuleUsers := make([]entity.SystemRuleUser, 0)
+	for _, v := range params.UserScope {
+		systemRuleUser := entity.SystemRuleUser{
+			UserId:      v.UserId,
+			RuleId:      systemAccessRule.RuleId,
+			CreatedTime: time.Now(),
+		}
+		systemRuleUsers = append(systemRuleUsers, systemRuleUser)
+	}
+
+	db, err := client.GetDbClient()
+	if err != nil {
+		err = resp.DbConnectError.ErrorDetail(err)
+		return
+	}
+
+	// 校验 访问规则名称 是否重复
+	has, err := db.Table("system_access_rule").Where("rule_name =?", params.RuleName).Exist()
+	if has {
+		conf.Logger.Error("规则名称重复", zap.Error(err))
+		err = resp.DbSelectError.ErrorDetail(errors.New("规则名称重复"))
+		return
+	}
+	_, err = db.Transaction(func(session *xorm.Session) (data interface{}, err error) {
+		// 添加规则记录
+		_, err = session.Insert(&systemAccessRule)
+		if err != nil {
+			conf.Logger.Error("创建访问规则失败", zap.Error(err))
+			err = resp.DbInsertError.ErrorDetail(errors.New("创建访问规则失败"))
+			return
+		}
+
+		_, err = session.Insert(&systemRuleUsers)
+		if err != nil {
+			conf.Logger.Error("创建访问规则用户范围失败", zap.Error(err))
+			err = resp.DbInsertError.ErrorDetail(errors.New("创建访问规则用户范围失败"))
+			return
+		}
+		return
+	})
+	if err != nil {
+		return
+	}
+	return
+}
+
+// UpdateAccessRule 修改访问规则
+func UpdateAccessRule(params request.UpdateAccessRuleReq) (err error) {
+	// 拼装 访问规则 字段信息
+	systemAccessRule := entity.SystemAccessRule{
+		RuleName:    params.RuleName,
+		State:       params.State,
+		RuleType:    params.RuleType,
+		RuleDetail:  params.RuleDetail,
+		UpdatedBy:   params.UpdatedBy,
+		UpdatedTime: jsontime.Time(time.Now()),
+	}
+
+	// 拼装 规则适用 用户范围 字段信息
+	systemRuleUsers := make([]entity.SystemRuleUser, 0)
+	for _, v := range params.UserScope {
+		systemRuleUser := entity.SystemRuleUser{
+			UserId:      v.UserId,
+			RuleId:      params.RuleId,
+			CreatedTime: time.Now(),
+		}
+		systemRuleUsers = append(systemRuleUsers, systemRuleUser)
+	}
+
+	db, err := client.GetDbClient()
+	if err != nil {
+		err = resp.DbConnectError.ErrorDetail(err)
+		return
+	}
+
+	// 校验 访问规则名称 是否重复
+	cnt, err := db.Table("system_access_rule").Where("rule_name =?", params.RuleName).Count()
+	if cnt > 1 || err != nil {
+		conf.Logger.Error("规则名称重复", zap.Error(err))
+		err = resp.DbSelectError.ErrorDetail(errors.New("规则名称重复"))
+		return
+	}
+
+	_, err = db.Transaction(func(session *xorm.Session) (data interface{}, err error) {
+		//修改规则记录
+		_, err = session.Where("rule_id = ?", params.RuleId).Cols("rule_name,state,rule_type,rule_detail,updated_by,updated_time").Update(&systemAccessRule)
+		if err != nil {
+			conf.Logger.Error("修改访问规则失败", zap.Error(err))
+			err = resp.DbInsertError.ErrorDetail(errors.New("修改访问规则失败"))
+			return
+		}
+
+		//删除原规则用户范围
+		_, err = session.Where("rule_id = ?", params.RuleId).Delete(new(entity.SystemRuleUser))
+		if err != nil {
+			conf.Logger.Error("修改访问规则用户范围失败", zap.Error(err))
+			err = resp.DbInsertError.ErrorDetail(errors.New("修改访问规则用户范围失败"))
+			return
+		}
+
+		//新增规则用户范围
+		_, err = session.Insert(&systemRuleUsers)
+		if err != nil {
+			conf.Logger.Error("修改访问规则用户范围失败", zap.Error(err))
+			err = resp.DbInsertError.ErrorDetail(errors.New("修改访问规则用户范围失败"))
+			return
+		}
+		return
+	})
+	if err != nil {
+		return
+	}
+	return
+}
+
+// DelAccessRule 删除访问规则
+func DelAccessRule(params []string) (err error) {
+	db, err := client.GetDbClient()
+	if err != nil {
+		err = resp.DbConnectError.ErrorDetail(err)
+		return
+	}
+	_, err = db.Transaction(func(session *xorm.Session) (data interface{}, err error) {
+		for _, v := range params {
+			//删除 规则记录
+			_, err = session.Where("rule_id = ?", v).Delete(new(entity.SystemAccessRule))
+			if err != nil {
+				conf.Logger.Error("删除访问规则失败", zap.Error(err))
+				err = resp.DbInsertError.ErrorDetail(errors.New("删除访问规则失败"))
+				return
+			}
+
+			//删除 规则用户范围
+			_, err = session.Where("rule_id = ?", v).Delete(new(entity.SystemRuleUser))
+			if err != nil {
+				conf.Logger.Error("删除访问规则用户范围失败", zap.Error(err))
+				err = resp.DbInsertError.ErrorDetail(errors.New("删除访问规则用户范围失败"))
+				return
+			}
+		}
+		return
+	})
+	if err != nil {
+		return
+	}
+	return
+}
+
+// ListAccessRule 访问规则列表
+func ListAccessRule(params *request.ListAccessRuleReq) ([]response.SystemAccessRule, int64, error) {
+	var systemAccessRule []response.SystemAccessRule
+	db, err := client.GetDbClient()
+	if err != nil {
+		err = resp.DbConnectError.ErrorDetail(err)
+		return nil, 0, err
+	}
+
+	modelObj := db.Table("system_access_rule as sar")
+	modelObj.Join("left", "system_rule_user as sru", "sar.rule_id = sru.rule_id").
+		Select("sar.ID,sar.rule_id,sar.rule_name,sar.rule_type,COUNT ( 1 ) AS num_user,sar.rule_detail,sar.STATE,sar.created_by,sar.created_time,sar.updated_by,sar.updated_time ")
+
+	//条件查询
+	if params.Search != "" {
+		keyword := util.SpecialEscape(params.Search)
+		modelObj.Where("sar.rule_name ilike ? or su.rule_detail ilike ?", "%"+keyword+"%", "%"+keyword+"%")
+	}
+	if params.UpdatedTimeFrom != "" {
+		updatedTimeFrom, _ := time.Parse("2006-01-02 15:04:05", params.UpdatedTimeFrom)
+		modelObj.Where("sar.updated_time > ?", updatedTimeFrom)
+	}
+	if params.UpdatedTimeTo != "" {
+		updatedTimeTo, _ := time.Parse("2006-01-02 15:04:05", params.UpdatedTimeTo)
+		modelObj.Where("sar.updated_time < ?", updatedTimeTo)
+	}
+
+	count, err := modelObj.GroupBy("sar.ID,sar.rule_id,sar.rule_name,sar.rule_type,sar.rule_detail,sar.STATE").
+		OrderBy("sar.updated_time desc").Limit(params.PageSize, (params.Page-1)*params.PageSize).FindAndCount(&systemAccessRule)
+	if err != nil {
+		conf.Logger.Error("查询访问规则列表失败", zap.Error(err))
+		err = resp.DbSelectError.ErrorDetail(errors.New("查询访问规则列表失败"))
+		return nil, 0, err
+	}
+
+	return systemAccessRule, count, nil
+}
+
+// ListRuleUser 查询用户详情列表
+func ListRuleUser(params *request.ListRuleUserReq) ([]response.SystemUserAccessRule, int64, error) {
+	var systemUserAccessRule []response.SystemUserAccessRule
+	db, err := client.GetDbClient()
+	if err != nil {
+		err = resp.DbConnectError.ErrorDetail(err)
+		return nil, 0, err
+	}
+
+	modelObj := db.Table("system_access_rule as sar")
+	modelObj.Join("INNER", "system_rule_user as sru", "sar.rule_id = sru.rule_id")
+
+	if params.Disp == 0 {
+		//展示已选用户
+		modelObj.Join("INNER", "\"system_user\" as su", "sru.system_id = su.system_id").
+			Join("INNER", "system_organization as so", "su.organization_id = so.organization_id").
+			Select("su.system_account,su.is_admin,su.phone,so.name,sru.system_id,0 as selected")
+
+		modelObj.Where("sar.id = ?", params.Id)
+	} else if params.Disp == 1 {
+		//展示所有用户
+		modelObj.Join("RIGHT", "\"system_user\" as su", "sru.system_id = su.system_id").
+			Join("RIGHT", "system_organization as so", "su.organization_id = so.organization_id").
+			Select("su.system_id,su.system_account,su.is_admin,su.phone,so.name," + fmt.Sprintf("( CASE WHEN sar.ID = %v THEN 1 ELSE 0 END ) AS selected", params.Id))
+	}
+
+	modelObj.Where("so.is_deleted = 0 and su.is_deleted = 0")
+
+	if params.Search != "" {
+		keyword := util.SpecialEscape(params.Search)
+		modelObj.Where("su.system_account ilike ? or su.phone ilike ?", "%"+keyword+"%", "%"+keyword+"%")
+	}
+	if params.IsAdmin != 0 {
+		modelObj.Where("su.is_admin = ?", params.IsAdmin)
+	}
+	if params.OrganizationId != "" {
+		modelObj.Where("so.organization_id = ?", params.OrganizationId)
+	}
+
+	count, err := modelObj.OrderBy("selected DESC,sar.updated_time").
+		Limit(params.GetPageSize(), (params.GetPage()-1)*params.GetPageSize()).
+		FindAndCount(&systemUserAccessRule)
+	if err != nil {
+		conf.Logger.Error("查询用户列表失败", zap.Error(err))
+		err = resp.DbSelectError.ErrorDetail(errors.New("查询用户列表失败"))
+		return nil, 0, err
+	}
+
+	return systemUserAccessRule, count, nil
+}
+
+func UpdateState(id, state int, updatedBy int) (err error) {
+
+	db, err := client.GetDbClient()
+	if err != nil {
+		err = resp.DbConnectError.ErrorDetail(err)
+		return
+	}
+
+	systemAccessRule := entity.SystemAccessRule{
+		State:       state,
+		UpdatedBy:   updatedBy,
+		UpdatedTime: jsontime.Time(time.Now()),
+	}
+
+	_, err = db.Transaction(func(session *xorm.Session) (data interface{}, err error) {
+
+		_, err = session.Where("id = ?", id).Cols("state,updated_by,updated_time").Update(&systemAccessRule)
+		if err != nil {
+			conf.Logger.Error("修改访问规则失败", zap.Error(err))
+			err = resp.DbInsertError.ErrorDetail(errors.New("修改访问规则失败"))
+			return
+		}
+		return
+	})
+	if err != nil {
+		return
+	}
+	return
+}
-- 
2.26.0