From 8826cec03a489bdfc59e7c80d30e6492d04c76ac Mon Sep 17 00:00:00 2001
From: what <what-00@qq.com>
Date: Thu, 4 May 2023 14:02:19 +0800
Subject: [PATCH] =?UTF-8?q?[fix]=20=E4=BF=AE=E5=A4=8D=E6=95=B0=E6=8D=AE?=
 =?UTF-8?q?=E6=9D=83=E9=99=90=E4=BD=BF=E7=94=A8=E4=BA=91=E5=87=BD=E6=95=B0?=
 =?UTF-8?q?=E9=94=99=E8=AF=AFbug?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 base/resource.go | 13 +++++++++----
 resource.go      |  2 +-
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/base/resource.go b/base/resource.go
index 116f93a..d8fe790 100644
--- a/base/resource.go
+++ b/base/resource.go
@@ -13,6 +13,7 @@ import (
 	"git.fsdpf.net/go/contracts"
 	"git.fsdpf.net/go/contracts/helper"
 	"git.fsdpf.net/go/contracts/res_type"
+	"git.fsdpf.net/go/contracts/support"
 	"git.fsdpf.net/go/db"
 )
 
@@ -149,7 +150,7 @@ func (this Resource) GetAuthDBTable(u contracts.User, params ...any) *db.Builder
 	// 数据权限过滤
 	builder.Before(func(b *db.Builder, t string, data ...map[string]any) {
 		if t == db.TYPE_SELECT || t == db.TYPE_UPDATE || t == db.TYPE_DELETE {
-			this.WithRolesCondition(b, t, u.Roles()...)
+			this.WithRolesCondition(b, t, u)
 		}
 	})
 
@@ -209,10 +210,11 @@ func (this Resource) GetDBTable(params ...any) *db.Builder {
 	return builder.Table(string(this.GetTable()), alias)
 }
 
-func (this Resource) WithRolesCondition(b *db.Builder, t string, roles ...string) error {
+func (this Resource) WithRolesCondition(b *db.Builder, t string, u contracts.User) error {
 	isFullRight := false
 	isFullNot := false
 
+	NewOrm := do.MustInvoke[helper.NewOrm](this.container)
 	NewOrmModel := do.MustInvoke[helper.NewOrmModel](this.container)
 	NewOrmJoin := do.MustInvoke[helper.NewOrmJoin](this.container)
 
@@ -221,7 +223,7 @@ func (this Resource) WithRolesCondition(b *db.Builder, t string, roles ...string
 	GetResource := do.MustInvoke[contracts.GetResource](this.container)
 	GetOrmConditionByRes := do.MustInvoke[GetOrmConditionByRes](this.container)
 
-	items := do.MustInvoke[GetResRoles](this.container)(this.GetUuid(), roles...)
+	items := do.MustInvoke[GetResRoles](this.container)(this.GetUuid(), u.Roles()...)
 
 	subTables := lo.Reduce(items, func(carry string, item ResRole, _ int) string {
 		db := this.GetDB().Table(string(this.GetTable()), this.GetCode()).Select(db.Raw("`" + this.GetCode() + "`.*"))
@@ -262,7 +264,10 @@ func (this Resource) WithRolesCondition(b *db.Builder, t string, roles ...string
 			isFullRight = true
 			return db.ToSql()
 		} else if conditions.IsNotEmpty() {
-			db.Where(conditions.ToSql(nil))
+			oOrm := NewOrm(this, nil)
+			oOrm.SetGlobalParams(support.NewGlobalParam("{}", u))
+
+			db.Where(conditions.ToSql(oOrm.GetModel()))
 
 			// 如果前面是无权限的sql查看, 这直接返回本次查询
 			if isFullNot {
diff --git a/resource.go b/resource.go
index ec4c431..4ead747 100644
--- a/resource.go
+++ b/resource.go
@@ -54,7 +54,7 @@ type Resource interface {
 	GetStruct(extends ...reflect.StructField) any
 	GetSliceStruct(extends ...reflect.StructField) any
 
-	WithRolesCondition(b *db.Builder, t string, roles ...string) error
+	WithRolesCondition(b *db.Builder, t string, u User) error
 
 	// 是否虚拟资源
 	IsVirtual() bool