by Robin at 20240422

app/mix/service/business_validator/auth.go

@@ -27,6 +27,7 @@ type AuthBusinessValidator struct {
 	accountrelation   *dbstruct.AccountRelation
 	momentCreateTimes *dbstruct.MomentCreateTimes
 	accountpunishment *dbstruct.AccountPunishment
+	zoneThirdPartner  *dbstruct.ZoneThirdPartner
 }
 
 func NewAuthBusinessValidator(ctx *gin.Context, req any) *AuthBusinessValidator {
@@ -51,6 +52,18 @@ func (a *AuthBusinessValidator) EnsureIsOperatingHisOwn(reqMid int64) *AuthBusin
 	return a
 }
 
+// 确认不对本人操作
+func (a *AuthBusinessValidator) EnsureIsNotOperatingHisOwn(Uid int64) *AuthBusinessValidator {
+	a.oplist = append(a.oplist, func() {
+		if a.OperMid != Uid {
+			logger.Error("Insufficient privileges: this operation is self-execute-only")
+			a.ec = errcode.ErrCodeOperationToSelfIsNotPermitted
+			return
+		}
+	})
+	return a
+}
+
 // 查询账户
 func (a *AuthBusinessValidator) QueryAccount(QueryFunc func(ctx *gin.Context, req *accountproto.OpListByMidReq) (*dbstruct.Account, error)) *AuthBusinessValidator {
 	a.oplist = append(a.oplist, func() {
@@ -69,6 +82,24 @@ func (a *AuthBusinessValidator) QueryAccount(QueryFunc func(ctx *gin.Context, re
 	return a
 }
 
+// 查询指定账户
+func (a *AuthBusinessValidator) QueryAccountForUid(QueryFunc func(ctx *gin.Context, req *accountproto.OpListByMidReq) (*dbstruct.Account, error), Uid int64) *AuthBusinessValidator {
+	a.oplist = append(a.oplist, func() {
+		listByMidReq := &accountproto.OpListByMidReq{
+			Mid: goproto.Int64(Uid),
+		}
+		account, err := QueryFunc(a.ctx, listByMidReq)
+
+		if err != nil {
+			logger.Error("Query account failed, err: %v", err)
+			a.ec = errcode.ErrCodeAccountSrvFail
+			return
+		}
+		a.account = account
+	})
+	return a
+}
+
 func (a *AuthBusinessValidator) EnsureAccountExist() *AuthBusinessValidator {
 	a.oplist = append(a.oplist, func() {
 		if a.account == nil {
@@ -127,6 +158,21 @@ func (a *AuthBusinessValidator) EnsureIsInTheseRoles(roles []int64) *AuthBusines
 	return a
 }
 
+// 角色鉴权
+func (a *AuthBusinessValidator) EnsureIsNotThisRole(role int64) *AuthBusinessValidator {
+	a.oplist = append(a.oplist, func() {
+
+		accountRole := util.DerefInt64(a.account.Role)
+
+		if accountRole == role {
+			logger.Error("Insufficient privileges of role: %v, this operation to %v is not permitted", consts.RoleNameMap[role])
+			a.ec = errcode.ErrCodeRolePrivilegesNotEnough
+			return
+		}
+	})
+	return a
+}
+
 // 角色鉴权-后台系统
 func (a *AuthBusinessValidator) EnsureIsOpRole() *AuthBusinessValidator {
 	a.oplist = append(a.oplist, func() {
@@ -454,6 +500,43 @@ func (l *AuthBusinessValidator) EnsureZoneMomentImagesEnoughForEncryption(mType
 
 }
 
+func (l *AuthBusinessValidator) QueryZoneThirdPartnerByZid(fun func(*gin.Context, int64) (*dbstruct.ZoneThirdPartner, error), zid int64) *AuthBusinessValidator {
+	l.oplist = append(l.oplist, func() {
+
+		zoneThirdPartner, err := fun(l.ctx, zid)
+		if err != nil {
+			l.ec = errcode.ErrCodeZoneThirdPartnerSrvFail
+			return
+		}
+		l.zoneThirdPartner = zoneThirdPartner
+
+	})
+	return l
+}
+
+func (l *AuthBusinessValidator) EnsureZoneThirdPartnerExist() *AuthBusinessValidator {
+	l.oplist = append(l.oplist, func() {
+
+		if l.zoneThirdPartner == nil {
+			l.ec = errcode.ErrCodeZoneThirdPartnerNotExist
+			return
+		}
+	})
+	return l
+}
+
+func (l *AuthBusinessValidator) EnsureZoneCollaboratorCreaterIsZoneThirdPartner(createrMid int64) *AuthBusinessValidator {
+	l.oplist = append(l.oplist, func() {
+
+		if l.zoneThirdPartner.GetThirdPartnerMid() != createrMid {
+			l.ec = errcode.ErrCodeZoneCollaboratorCreateIsZTPOnlyOperation
+			return
+		}
+
+	})
+	return l
+}
+
 // 执行校验
 func (a *AuthBusinessValidator) Validate() *AuthBusinessValidator {
 	a.BusinessValidateStream.Validate()