- 角色管理初版

2019-08-07 18:16:44 +08:00
parent 059be1befd
commit 3639a1c7cb
14 changed files with 500 additions and 72 deletions
--- a/business/authz/authz.go
+++ b/business/authz/authz.go
@@ -1,10 +1,9 @@
 package authz

 type IAuthz interface {
-	AddStoreRole4User(userID string, storeID int) (err error)
-	DelStoreRole4User(userID string, storeID int) (err error)
-	AddRole4User(userID, roleName string) (err error)
-	DelRole4User(userID, roleName string) (err error)
-	GetUserRoleList(userID string) (roleList []string, err error)
-	GetRoleUserList(roleName string) (userIDList []string, err error)
+	AddRole4User(userID string, r *RoleInfo) (err error)
+	DeleteRole4User(userID string, r *RoleInfo) (err error)
+	GetUserRoleList(userID string) (roleList []*RoleInfo, err error)
+	GetRoleUserList(r *RoleInfo) (userIDList []string, err error)
+	// GetAllRoleList() (roleList []*RoleInfo)
 }
--- a/business/authz/authz_utils.go
+++ b/business/authz/authz_utils.go
@@ -1,23 +1,101 @@
 package authz

 import (
+	"fmt"
 	"strings"

 	"git.rosy.net.cn/baseapi/utils"
+	"git.rosy.net.cn/jx-callback/business/model"
+	"git.rosy.net.cn/jx-callback/business/model/dao"
 )

 const (
+	StoreRoleBoss = "StoreBoss"
+
 	RoleNameSep     = "/"
-	RolePrefix      = "role"
-	StoreRolePrefix = "store"
+	RolePrefix      = "Role"
+	StoreRolePrefix = "Store"
 )

-func GenStoreRoleName(storeID int) (roleName string) {
-	return strings.Join([]string{
+type RoleInfo struct {
+	Name        string `json:"name"`
+	Description string `json:"description"`
+	StoreID     int    `json:"storeID,omitempty"` // 如果这个值非0，表示门店角色
+}
+
+var (
+	storeRoleDescriptionMap = map[string]string{
+		StoreRoleBoss: "门店老板",
+	}
+	StoreRoleList = []*RoleInfo{
+		&RoleInfo{
+			Name:        StoreRoleBoss,
+			Description: storeRoleDescriptionMap[StoreRoleBoss],
+		},
+	}
+)
+
+func GetRoleDescription(name string, storeID int) (description string) {
+	if storeID != 0 {
+		description = storeRoleDescriptionMap[name]
+	} else {
+		if confList, err := dao.QueryConfigs(dao.GetDB(), name, model.ConfigTypeRole, ""); err == nil && len(confList) > 0 {
+			description = confList[0].Value
+		}
+	}
+	return description
+}
+
+func ValidateRole(name string, storeID int) (err error) {
+	if GetRoleDescription(name, storeID) == "" {
+		err = fmt.Errorf("角色%s不合法", name)
+	}
+	return err
+}
+
+func NewRole(name string, storeID int) (r *RoleInfo) {
+	r = &RoleInfo{
+		Name:        name,
+		StoreID:     storeID,
+		Description: GetRoleDescription(name, storeID),
+	}
+	return r
+}
+
+func NewRoleByModel(conf *model.NewConfig) (r *RoleInfo) {
+	if conf.Type != model.ConfigTypeRole {
+		r = NewRole(conf.Key, 0)
+	}
+	return r
+}
+
+func NewRoleByFullName(fullRoleName string) (r *RoleInfo) {
+	strList := strings.Split(fullRoleName, RoleNameSep)
+	if len(strList) == 2 {
+		r = NewRole(strList[1], 0)
+	} else if len(strList) == 4 {
+		r = NewRole(strList[1], int(utils.Str2Int64(strList[3])))
+	}
+	return r
+}
+
+func (r *RoleInfo) GetFullName() (fullRoleName string) {
+	strList := []string{
 		RolePrefix,
-		StoreRolePrefix,
-		utils.Int2Str(storeID),
-	}, RoleNameSep)
+		r.Name,
+	}
+	if r.StoreID > 0 {
+		strList = append(strList, StoreRolePrefix, utils.Int2Str(r.StoreID))
+	}
+	fullRoleName = strings.Join(strList, RoleNameSep)
+	return fullRoleName
+}
+
+func RoleName2StoreID(roleName string) (storeID int) {
+	if list := strings.Split(roleName, RoleNameSep); len(list) == 4 {
+		storeID = int(utils.Str2Int64(list[2]))
+	}
+	return storeID
 }

 func GetStoreIDFromRole(roleName string) (storeID int) {
@@ -27,3 +105,30 @@ func GetStoreIDFromRole(roleName string) (storeID int) {
 	}
 	return storeID
 }
+
+func RoleList2StoreIDList(roleList []*RoleInfo) (storeIDs []int) {
+	for _, v := range roleList {
+		if v.StoreID > 0 {
+			storeIDs = append(storeIDs, v.StoreID)
+		}
+	}
+	return storeIDs
+}
+
+func FullRoleName2RoleList(fullRoleNameList []string) (roleList []*RoleInfo) {
+	if len(fullRoleNameList) > 0 {
+		roleList = make([]*RoleInfo, len(fullRoleNameList))
+		for k, v := range fullRoleNameList {
+			roleList[k] = NewRoleByFullName(v)
+		}
+	}
+	return roleList
+}
+
+func RoleList2Map(roleList []*RoleInfo) (roleMap map[string]*RoleInfo) {
+	roleMap = make(map[string]*RoleInfo)
+	for _, v := range roleList {
+		roleMap[v.Name] = v
+	}
+	return roleMap
+}
--- a/business/authz/casbinauth/casbinauth.go
+++ b/business/authz/casbinauth/casbinauth.go
@@ -2,6 +2,7 @@ package casbinauth

 import (
 	"git.rosy.net.cn/jx-callback/business/authz"
+	"git.rosy.net.cn/jx-callback/globals"
 	"github.com/casbin/casbin"
 )

@@ -15,30 +16,30 @@ func New(modelFile string) (authObj authz.IAuthz, err error) {
 	return obj, err
 }

-func (c *CasbinAuthz) AddStoreRole4User(userID string, storeID int) (err error) {
-	return c.AddRole4User(userID, authz.GenStoreRoleName(storeID))
-}
-
-func (c *CasbinAuthz) DelStoreRole4User(userID string, storeID int) (err error) {
-	return c.DelRole4User(userID, authz.GenStoreRoleName(storeID))
-}
-
-func (c *CasbinAuthz) AddRole4User(userID, roleName string) (err error) {
-	_, err = c.enforcer.AddRoleForUser(userID, roleName)
+func (c *CasbinAuthz) AddRole4User(userID string, r *authz.RoleInfo) (err error) {
+	_, err = c.enforcer.AddRoleForUser(userID, r.GetFullName())
 	return err
 }

-func (c *CasbinAuthz) DelRole4User(userID, roleName string) (err error) {
-	_, err = c.enforcer.DeleteRoleForUser(userID, roleName)
+func (c *CasbinAuthz) DeleteRole4User(userID string, r *authz.RoleInfo) (err error) {
+	_, err = c.enforcer.DeleteRoleForUser(userID, r.GetFullName())
 	return err
 }

-func (c *CasbinAuthz) GetUserRoleList(userID string) (roleList []string, err error) {
-	roleList, err = c.enforcer.GetRolesForUser(userID)
+func (c *CasbinAuthz) GetUserRoleList(userID string) (roleList []*authz.RoleInfo, err error) {
+	roleNameList, err := c.enforcer.GetRolesForUser(userID)
+	if err == nil && len(roleNameList) > 0 {
+		roleList = authz.FullRoleName2RoleList(roleNameList)
+	}
 	return roleList, err
 }

-func (c *CasbinAuthz) GetRoleUserList(roleName string) (userIDList []string, err error) {
-	userIDList, err = c.enforcer.GetUsersForRole(roleName)
+func (c *CasbinAuthz) GetRoleUserList(r *authz.RoleInfo) (userIDList []string, err error) {
+	globals.SugarLogger.Debug(r.GetFullName())
+	userIDList, err = c.enforcer.GetUsersForRole(r.GetFullName())
 	return userIDList, err
 }
+
+// func (c *CasbinAuthz) GetAllRoleList() (roleList []*authz.RoleInfo) {
+// 	return authz.FullRoleName2RoleList(c.enforcer.GetAllRoles())
+// }
--- a/business/jxstore/cms/authz.go
+++ b/business/jxstore/cms/authz.go
@@ -3,12 +3,15 @@ package cms
 import (
 	"git.rosy.net.cn/jx-callback/business/auth2"
 	"git.rosy.net.cn/jx-callback/business/auth2/authprovider/weixin"
+	"git.rosy.net.cn/jx-callback/business/authz"
 	"git.rosy.net.cn/jx-callback/business/model"
 	"git.rosy.net.cn/jx-callback/business/model/dao"
 	"git.rosy.net.cn/jx-callback/business/model/legacymodel"
 	"git.rosy.net.cn/jx-callback/globals/api2"
 )

+// todo 是否需要将Store.MarketManPhone与OperatorPhone成角色？
+
 func TransferLegacyWeixins() (err error) {
 	const remark4Transfer = "transfer"
 	// DELETE t1
@@ -88,8 +91,8 @@ func TransferLegacyWeixins() (err error) {
 					},
 				})
 			}
-			if v.JxStoreID > 0 {
-				api2.RoleMan.AddStoreRole4User(user.GetID(), v.JxStoreID)
+			if v.JxStoreID > 0 && user.Type&model.UserTypeOperator == 0 { // 运营就不加到门店老板组里了
+				api2.RoleMan.AddRole4User(user.GetID(), authz.NewRole(authz.StoreRoleBoss, v.JxStoreID))
 			}
 		}
 	}
--- a/business/jxstore/cms/authz_test.go
+++ b/business/jxstore/cms/authz_test.go
@@ -6,6 +6,7 @@ import (
 	"git.rosy.net.cn/baseapi/utils"
 	"git.rosy.net.cn/jx-callback/globals/api2"

+	"git.rosy.net.cn/jx-callback/business/authz"
 	_ "git.rosy.net.cn/jx-callback/business/partner/purchase/ebai"
 	_ "git.rosy.net.cn/jx-callback/business/partner/purchase/elm"
 	_ "git.rosy.net.cn/jx-callback/business/partner/purchase/jd"
@@ -21,7 +22,7 @@ func TestTransferLegacyWeixins(t *testing.T) {
 }

 func TestCasbin(t *testing.T) {
-	userList, err := api2.RoleMan.GetRoleUserList("role/store/100324")
+	userList, err := api2.RoleMan.GetRoleUserList(authz.NewRole(authz.StoreRoleBoss, 100324))
 	t.Log(utils.Format4Output(userList, false))
 	if err != nil {
 		t.Fatal(err)
--- a/business/jxstore/cms/cms.go
+++ b/business/jxstore/cms/cms.go
@@ -6,9 +6,12 @@ import (
 	"strings"
 	"time"

+	"git.rosy.net.cn/jx-callback/globals/api2"
+
 	"git.rosy.net.cn/baseapi/platformapi/dingdingapi"

 	"git.rosy.net.cn/jx-callback/business/auth2/authprovider/mobile"
+	"git.rosy.net.cn/jx-callback/business/authz"
 	"git.rosy.net.cn/jx-callback/business/jxutils/msg"
 	"git.rosy.net.cn/jx-callback/business/partner"

@@ -216,6 +219,7 @@ func checkConfig(configType, key, value string) (err error) {
 				err = fmt.Errorf("此银行代码:%s不支持，请联系开发", value)
 			}
 		}
+	case model.ConfigTypeRole:
 	default:
 		err = fmt.Errorf("当前只支持配置:%s, 传入的配置类型:%s", utils.Format4Output(model.ConfigTypeName, true), configType)
 	}
@@ -245,21 +249,32 @@ func DeleteConfig(ctx *jxcontext.Context, key, configType string) (err error) {
 	switch configType {
 	case model.ConfigTypePricePack:
 		storeMapList, err := dao.GetStoresMapList(db, nil, nil, model.StoreStatusAll, model.StoreIsSyncYes, key)
-		if err != nil {
-			return err
-		}
-		if len(storeMapList) > 0 {
-			var storeInfo []string
-			for _, v := range storeMapList {
-				storeInfo = append(storeInfo, fmt.Sprintf("门店:%d, 平台:%s", v.StoreID, model.VendorChineseNames[v.VendorID]))
+		if err == nil {
+			if len(storeMapList) > 0 {
+				var storeInfo []string
+				for _, v := range storeMapList {
+					storeInfo = append(storeInfo, fmt.Sprintf("门店:%d, 平台:%s", v.StoreID, model.VendorChineseNames[v.VendorID]))
+				}
+				err = fmt.Errorf("还有门店在使用价格包:%s，门店信息:%s", key, strings.Join(storeInfo, ","))
+			}
+		}
+	case model.ConfigTypeRole:
+		userIDs, err2 := api2.RoleMan.GetRoleUserList(authz.NewRole(key, 0))
+		if err = err2; err == nil {
+			if len(userIDs) > 0 {
+				userList, err2 := GetUsers(ctx, 0, "", userIDs, "", "")
+				if err = err2; err == nil {
+					err = fmt.Errorf("还有人员在使用角色:%s，人员信息:%s", key, utils.MustMarshal(utils.Struct2Map(userList, "compact")))
+				}
 			}
-			return fmt.Errorf("还有门店在使用价格包:%s，门店信息:%s", key, strings.Join(storeInfo, ","))
 		}
 	}
-	_, err = dao.DeleteEntityLogically(db, &model.NewConfig{}, nil, ctx.GetUserName(), map[string]interface{}{
-		"Key":  key,
-		"Type": configType,
-	})
+	if err == nil {
+		_, err = dao.DeleteEntityLogically(db, &model.NewConfig{}, nil, ctx.GetUserName(), map[string]interface{}{
+			"Key":  key,
+			"Type": configType,
+		})
+	}
 	return err
 }

--- a/business/jxstore/cms/user.go
+++ b/business/jxstore/cms/user.go
@@ -4,7 +4,6 @@ import (
 	"fmt"

 	"git.rosy.net.cn/baseapi/utils"
-	"git.rosy.net.cn/jx-callback/business/auth2"
 	"git.rosy.net.cn/jx-callback/business/jxcallback/auth"
 	"git.rosy.net.cn/jx-callback/business/jxcallback/auth/mobile"
 	"git.rosy.net.cn/jx-callback/business/jxcallback/auth/weixin"
@@ -66,26 +65,8 @@ func GetSelfInfo(ctx *jxcontext.Context) (storeUserInfo *dao.StoreUserInfo, err
 	return storeUserInfo, err
 }

-func getMobileFromCtx(ctx *jxcontext.Context) (mobile string) {
-	token := ctx.GetToken()
-	if auth2.IsV2Token(token) {
-		authInfo, err2 := auth2.GetTokenInfo(token)
-		if err2 == nil {
-			if authInfo.TokenType == auth2.TokenTypeNormal {
-				mobile = authInfo.GetMobile()
-			}
-		}
-	} else {
-		userInfo, err2 := auth.GetUserInfo(token)
-		if err2 == nil {
-			mobile = userInfo.GetAuthID()
-		}
-	}
-	return mobile
-}
-
 func GetMyStoreList(ctx *jxcontext.Context) (storeList []*dao.StoreWithCityName, err error) {
-	mobileNum := getMobileFromCtx(ctx)
+	mobileNum, _ := ctx.GetMobileAndUserID()
 	if mobileNum == "" {
 		return nil, fmt.Errorf("不能得到用户手机号")
 	}
--- a/business/jxstore/cms/user2.go
+++ b/business/jxstore/cms/user2.go
@@ -2,16 +2,21 @@ package cms

 import (
 	"errors"
+	"fmt"
+
+	"git.rosy.net.cn/baseapi/utils/errlist"

 	"git.rosy.net.cn/baseapi/platformapi/dingdingapi"
 	"git.rosy.net.cn/baseapi/utils"
 	"git.rosy.net.cn/jx-callback/business/auth2"
 	"git.rosy.net.cn/jx-callback/business/auth2/authprovider/dingding"
+	"git.rosy.net.cn/jx-callback/business/authz"
 	"git.rosy.net.cn/jx-callback/business/jxutils/jxcontext"
 	"git.rosy.net.cn/jx-callback/business/model"
 	"git.rosy.net.cn/jx-callback/business/model/dao"
 	"git.rosy.net.cn/jx-callback/globals"
 	"git.rosy.net.cn/jx-callback/globals/api"
+	"git.rosy.net.cn/jx-callback/globals/api2"
 )

 var (
@@ -156,3 +161,76 @@ func OnDingDingMsg(msg map[string]interface{}) (callbackResponse *dingdingapi.Ca
 func GetUsers(ctx *jxcontext.Context, userType int, keyword string, userIDs []string, userID2, mobile string) (userList []*model.User, err error) {
 	return dao.GetUsers(dao.GetDB(), userType, keyword, userIDs, userID2, mobile)
 }
+
+func GetMyStoreListNew(ctx *jxcontext.Context) (storeList []*dao.StoreWithCityName, err error) {
+	mobileNum, userID := ctx.GetMobileAndUserID()
+	if mobileNum == "" {
+		return nil, fmt.Errorf("不能得到用户手机号")
+	}
+	roleList, err := api2.RoleMan.GetUserRoleList(userID)
+	if err != nil {
+		return nil, err
+	}
+	storeList, err = dao.GetStoreListByMobileOrStoreIDs(dao.GetDB(), mobileNum, authz.RoleList2StoreIDList(roleList))
+	return storeList, err
+}
+
+func GetStoreRoleList(ctx *jxcontext.Context) (roleList []*authz.RoleInfo, err error) {
+	return authz.StoreRoleList, nil
+}
+
+func GetUserRoleList(ctx *jxcontext.Context, userID string) (roleList []*authz.RoleInfo, err error) {
+	return api2.RoleMan.GetUserRoleList(userID)
+}
+
+func GetRoleUserList(ctx *jxcontext.Context, r *authz.RoleInfo) (userIDList []string, err error) {
+	return api2.RoleMan.GetRoleUserList(r)
+}
+
+func AddRoles4User(ctx *jxcontext.Context, userID string, rList []*authz.RoleInfo) (err error) {
+	errList := errlist.New()
+	for _, v := range rList {
+		if err = authz.ValidateRole(v.Name, v.StoreID); err == nil {
+			if err = api2.RoleMan.AddRole4User(userID, v); err != nil {
+				errList.AddErr(err)
+			}
+		} else {
+			errList.AddErr(err)
+		}
+	}
+	return errList.GetErrListAsOne()
+}
+
+func DeleteRoles4User(ctx *jxcontext.Context, userID string, rList []*authz.RoleInfo) (err error) {
+	errList := errlist.New()
+	for _, v := range rList {
+		if err = api2.RoleMan.DeleteRole4User(userID, v); err != nil {
+			errList.AddErr(err)
+		}
+	}
+	return errList.GetErrListAsOne()
+}
+
+func AddUsers4Role(ctx *jxcontext.Context, r *authz.RoleInfo, userIDList []string) (err error) {
+	if err = authz.ValidateRole(r.Name, r.StoreID); err != nil {
+		return err
+	}
+
+	errList := errlist.New()
+	for _, v := range userIDList {
+		if err = api2.RoleMan.AddRole4User(v, r); err != nil {
+			errList.AddErr(err)
+		}
+	}
+	return errList.GetErrListAsOne()
+}
+
+func DeleteUsers4Role(ctx *jxcontext.Context, r *authz.RoleInfo, userIDList []string) (err error) {
+	errList := errlist.New()
+	for _, v := range userIDList {
+		if err = api2.RoleMan.DeleteRole4User(v, r); err != nil {
+			errList.AddErr(err)
+		}
+	}
+	return errList.GetErrListAsOne()
+}
--- a/business/jxutils/jxcontext/jxcontext.go
+++ b/business/jxutils/jxcontext/jxcontext.go
@@ -129,3 +129,22 @@ func (ctx *Context) GetV2AuthInfo() (authInfo *auth2.AuthInfo, err error) {
 func (ctx *Context) GetTrackInfo() string {
 	return ctx.Context.GetTrackInfo() + "," + ctx.GetUserName()
 }
+
+func (ctx *Context) GetMobileAndUserID() (mobile, userID string) {
+	token := ctx.GetToken()
+	if auth2.IsV2Token(token) {
+		authInfo, err2 := auth2.GetTokenInfo(token)
+		if err2 == nil {
+			if authInfo.TokenType == auth2.TokenTypeNormal {
+				mobile = authInfo.GetMobile()
+				userID = authInfo.GetID()
+			}
+		}
+	} else {
+		userInfo, err2 := auth.GetUserInfo(token)
+		if err2 == nil {
+			mobile = userInfo.GetAuthID()
+		}
+	}
+	return mobile, userID
+}
--- a/business/model/dao/dao_user.go
+++ b/business/model/dao/dao_user.go
@@ -153,3 +153,25 @@ func GetStoreListByMobile(db *DaoDB, mobile string) (storeList []*StoreWithCityN
 	}
 	return storeList, err
 }
+
+func GetStoreListByMobileOrStoreIDs(db *DaoDB, mobile string, storeIDs []int) (storeList []*StoreWithCityName, err error) {
+	sql := `
+		SELECT t1.*, t2.name city_name
+		FROM store t1
+		LEFT JOIN place t2 ON t2.code = t1.city_code
+		WHERE t1.deleted_at = ? AND ( 1 = 0`
+	sqlParams := []interface{}{
+		utils.DefaultTimeValue,
+	}
+	if mobile != "" {
+		sql += " OR t1.market_man_phone = ? OR t1.operator_phone = ?"
+		sqlParams = append(sqlParams, mobile, mobile)
+	}
+	if len(storeIDs) > 0 {
+		sql += " OR t1.id IN (" + GenQuestionMarks(len(storeIDs)) + ")"
+		sqlParams = append(sqlParams, storeIDs)
+	}
+	sql += ")"
+	err = GetRows(db, &storeList, sql, sqlParams...)
+	return storeList, err
+}
--- a/business/model/new_config.go
+++ b/business/model/new_config.go
@@ -4,6 +4,7 @@ const (
 	ConfigTypeSys       = "Sys"
 	ConfigTypePricePack = "PricePack"
 	ConfigTypeBank      = "Bank"
+	ConfigTypeRole      = "Role"
 )

 var (
@@ -11,6 +12,7 @@ var (
 		ConfigTypeSys:       "系统",
 		ConfigTypePricePack: "价格包",
 		ConfigTypeBank:      "银行",
+		ConfigTypeRole:      "角色",
 	}
 )

--- a/business/model/user.go
+++ b/business/model/user.go
@@ -23,14 +23,14 @@ var (

 type User struct {
 	ModelIDCULD
-	UserID   string `orm:"size(48);column(user_id)" json:"userID"`   // 内部唯一标识
-	UserID2  string `orm:"size(48);column(user_id2)" json:"userID2"` // 外部唯一标识（一般用于登录）
-	Name     string `orm:"size(48);index" json:"name"`               // 外部唯一显示 标识（一般用于显示）
-	Mobile   string `orm:"size(32)" json:"mobile"`
-	Email    string `orm:"size(32);index" json:"email"`
-	Status   int8   `json:"status"`
-	Type     int8   `json:"type"`                                       // 用户类型
-	IDCardNo string `orm:"size(18);column(id_card_no)" json:"idCardNo"` // 身份证号
+	UserID   string `orm:"size(48);column(user_id)" json:"userID" compact:"userID"`    // 内部唯一标识
+	UserID2  string `orm:"size(48);column(user_id2)" json:"userID2" compact:"userID2"` // 外部唯一标识（一般用于登录）
+	Name     string `orm:"size(48);index" json:"name" compact:"name"`                  // 外部唯一显示 标识（一般用于显示）
+	Mobile   string `orm:"size(32)" json:"mobile" compact:"mobile"`
+	Email    string `orm:"size(32);index" json:"email" compact:"email"`
+	Status   int8   `json:"status" compact:"status"`
+	Type     int8   `json:"type" compact:"type"`                                           // 用户类型
+	IDCardNo string `orm:"size(18);column(id_card_no)" json:"idCardNo" compact:"idCardNo"` // 身份证号
 	Remark   string `orm:"size(255)" json:"remark"`
 }

--- a/controllers/cms_user2.go
+++ b/controllers/cms_user2.go
@@ -2,6 +2,7 @@ package controllers

 import (
 	"git.rosy.net.cn/jx-callback/business/auth2"
+	"git.rosy.net.cn/jx-callback/business/authz"
 	"git.rosy.net.cn/jx-callback/business/jxstore/cms"
 	"git.rosy.net.cn/jx-callback/business/jxutils"
 	"git.rosy.net.cn/jx-callback/business/model"
@@ -71,3 +72,132 @@ func (c *User2Controller) GetUsers() {
 		return retVal, "", err
 	})
 }
+
+// @Title 得到用户自己的门店列表
+// @Description 得到用户自己的门店列表
+// @Param	token			header		string	true	"认证token"
+// @Success 200 {object} controllers.CallResult
+// @Failure 200 {object} controllers.CallResult
+// @router /GetMyStoreList [get]
+func (c *User2Controller) GetMyStoreList() {
+	c.callGetMyStoreList(func(params *tUser2GetMyStoreListParams) (retVal interface{}, errCode string, err error) {
+		retVal, err = cms.GetMyStoreListNew(params.Ctx)
+		return retVal, "", err
+	})
+}
+
+// @Title 得到可用的门店角色列表
+// @Description 得到可用的门店角色列表
+// @Param	token			header		string	true	"认证token"
+// @Success 200 {object} controllers.CallResult
+// @Failure 200 {object} controllers.CallResult
+// @router /GetStoreRoleList [get]
+func (c *User2Controller) GetStoreRoleList() {
+	c.callGetStoreRoleList(func(params *tUser2GetStoreRoleListParams) (retVal interface{}, errCode string, err error) {
+		retVal, err = cms.GetStoreRoleList(params.Ctx)
+		return retVal, "", err
+	})
+}
+
+// @Title 得到用户所具有的角色列表
+// @Description 得到用户所具有的角色列表
+// @Param	token			header		string	true	"认证token"
+// @Param	userID			query		string	true	"用户i"
+// @Success 200 {object} controllers.CallResult
+// @Failure 200 {object} controllers.CallResult
+// @router /GetUserRoleList [get]
+func (c *User2Controller) GetUserRoleList() {
+	c.callGetUserRoleList(func(params *tUser2GetUserRoleListParams) (retVal interface{}, errCode string, err error) {
+		retVal, err = cms.GetUserRoleList(params.Ctx, params.UserID)
+		return retVal, "", err
+	})
+}
+
+// @Title 得到角色包括的用户列表
+// @Description 得到角色包括的用户列表
+// @Param	token			header		string	true	"认证token"
+// @Param	roleName		query		string	true	"角色名"
+// @Param	storeID			query		int		false	"门店ID（如果是全局角色不用填）"
+// @Success 200 {object} controllers.CallResult
+// @Failure 200 {object} controllers.CallResult
+// @router /GetRoleUserList [get]
+func (c *User2Controller) GetRoleUserList() {
+	c.callGetRoleUserList(func(params *tUser2GetRoleUserListParams) (retVal interface{}, errCode string, err error) {
+		retVal, err = cms.GetRoleUserList(params.Ctx, authz.NewRole(params.RoleName, params.StoreID))
+		return retVal, "", err
+	})
+}
+
+// @Title 给指定用户添加角色列表
+// @Description 给指定用户添加角色列表
+// @Param	token			header		string	true	"认证token"
+// @Param	userID			query		string	true	"用户ID"
+// @Param	roleList		query		string	true	"角色列表"
+// @Success 200 {object} controllers.CallResult
+// @Failure 200 {object} controllers.CallResult
+// @router /AddRoles4User [post]
+func (c *User2Controller) AddRoles4User() {
+	c.callAddRoles4User(func(params *tUser2AddRoles4UserParams) (retVal interface{}, errCode string, err error) {
+		var roleList []*authz.RoleInfo
+		if err = jxutils.Strings2Objs(params.RoleList, &roleList); err == nil {
+			err = cms.AddRoles4User(params.Ctx, params.UserID, roleList)
+		}
+		return retVal, "", err
+	})
+}
+
+// @Title 给指定用户删除角色列表
+// @Description 给指定用户删除角色列表
+// @Param	token			header		string	true	"认证token"
+// @Param	userID			query		string	true	"用户ID"
+// @Param	roleList		query		string	true	"角色列表"
+// @Success 200 {object} controllers.CallResult
+// @Failure 200 {object} controllers.CallResult
+// @router /DeleteRoles4User [delete]
+func (c *User2Controller) DeleteRoles4User() {
+	c.callDeleteRoles4User(func(params *tUser2DeleteRoles4UserParams) (retVal interface{}, errCode string, err error) {
+		var roleList []*authz.RoleInfo
+		if err = jxutils.Strings2Objs(params.RoleList, &roleList); err == nil {
+			err = cms.DeleteRoles4User(params.Ctx, params.UserID, roleList)
+		}
+		return retVal, "", err
+	})
+}
+
+// @Title 给指定角色添加用户列表
+// @Description 给指定角色添加用户列表
+// @Param	token			header		string	true	"认证token"
+// @Param	roleName		query		string	true	"角色名"
+// @Param	storeID			query		int		false	"门店ID"
+// @Param	userIDs			query		string	true	"用户ID列表"
+// @Success 200 {object} controllers.CallResult
+// @Failure 200 {object} controllers.CallResult
+// @router /AddUsers4Role [post]
+func (c *User2Controller) AddUsers4Role() {
+	c.callAddUsers4Role(func(params *tUser2AddUsers4RoleParams) (retVal interface{}, errCode string, err error) {
+		var userIDs []string
+		if err = jxutils.Strings2Objs(params.UserIDs, &userIDs); err == nil {
+			err = cms.AddUsers4Role(params.Ctx, authz.NewRole(params.RoleName, params.StoreID), userIDs)
+		}
+		return retVal, "", err
+	})
+}
+
+// @Title 给指定角色删除用户列表
+// @Description 给指定角色删除用户列表
+// @Param	token			header		string	true	"认证token"
+// @Param	roleName		query		string	true	"角色名"
+// @Param	storeID			query		int		false	"门店ID"
+// @Param	userIDs			query		string	true	"用户ID列表"
+// @Success 200 {object} controllers.CallResult
+// @Failure 200 {object} controllers.CallResult
+// @router /DeleteUsers4Role [delete]
+func (c *User2Controller) DeleteUsers4Role() {
+	c.callDeleteUsers4Role(func(params *tUser2DeleteUsers4RoleParams) (retVal interface{}, errCode string, err error) {
+		var userIDs []string
+		if err = jxutils.Strings2Objs(params.UserIDs, &userIDs); err == nil {
+			err = cms.DeleteUsers4Role(params.Ctx, authz.NewRole(params.RoleName, params.StoreID), userIDs)
+		}
+		return retVal, "", err
+	})
+}
--- a/routers/commentsRouter_controllers.go
+++ b/routers/commentsRouter_controllers.go
@@ -1708,6 +1708,42 @@ func init() {
            Filters: nil,
            Params: nil})

+    beego.GlobalControllerRouter["git.rosy.net.cn/jx-callback/controllers:User2Controller"] = append(beego.GlobalControllerRouter["git.rosy.net.cn/jx-callback/controllers:User2Controller"],
+        beego.ControllerComments{
+            Method: "AddRoles4User",
+            Router: `/AddRoles4User`,
+            AllowHTTPMethods: []string{"post"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
+    beego.GlobalControllerRouter["git.rosy.net.cn/jx-callback/controllers:User2Controller"] = append(beego.GlobalControllerRouter["git.rosy.net.cn/jx-callback/controllers:User2Controller"],
+        beego.ControllerComments{
+            Method: "AddUsers4Role",
+            Router: `/AddUsers4Role`,
+            AllowHTTPMethods: []string{"post"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
+    beego.GlobalControllerRouter["git.rosy.net.cn/jx-callback/controllers:User2Controller"] = append(beego.GlobalControllerRouter["git.rosy.net.cn/jx-callback/controllers:User2Controller"],
+        beego.ControllerComments{
+            Method: "DeleteRoles4User",
+            Router: `/DeleteRoles4User`,
+            AllowHTTPMethods: []string{"delete"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
+    beego.GlobalControllerRouter["git.rosy.net.cn/jx-callback/controllers:User2Controller"] = append(beego.GlobalControllerRouter["git.rosy.net.cn/jx-callback/controllers:User2Controller"],
+        beego.ControllerComments{
+            Method: "DeleteUsers4Role",
+            Router: `/DeleteUsers4Role`,
+            AllowHTTPMethods: []string{"delete"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
    beego.GlobalControllerRouter["git.rosy.net.cn/jx-callback/controllers:User2Controller"] = append(beego.GlobalControllerRouter["git.rosy.net.cn/jx-callback/controllers:User2Controller"],
        beego.ControllerComments{
            Method: "GetBindAuthInfo",
@@ -1717,6 +1753,42 @@ func init() {
            Filters: nil,
            Params: nil})

+    beego.GlobalControllerRouter["git.rosy.net.cn/jx-callback/controllers:User2Controller"] = append(beego.GlobalControllerRouter["git.rosy.net.cn/jx-callback/controllers:User2Controller"],
+        beego.ControllerComments{
+            Method: "GetMyStoreList",
+            Router: `/GetMyStoreList`,
+            AllowHTTPMethods: []string{"get"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
+    beego.GlobalControllerRouter["git.rosy.net.cn/jx-callback/controllers:User2Controller"] = append(beego.GlobalControllerRouter["git.rosy.net.cn/jx-callback/controllers:User2Controller"],
+        beego.ControllerComments{
+            Method: "GetRoleUserList",
+            Router: `/GetRoleUserList`,
+            AllowHTTPMethods: []string{"get"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
+    beego.GlobalControllerRouter["git.rosy.net.cn/jx-callback/controllers:User2Controller"] = append(beego.GlobalControllerRouter["git.rosy.net.cn/jx-callback/controllers:User2Controller"],
+        beego.ControllerComments{
+            Method: "GetStoreRoleList",
+            Router: `/GetStoreRoleList`,
+            AllowHTTPMethods: []string{"get"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
+    beego.GlobalControllerRouter["git.rosy.net.cn/jx-callback/controllers:User2Controller"] = append(beego.GlobalControllerRouter["git.rosy.net.cn/jx-callback/controllers:User2Controller"],
+        beego.ControllerComments{
+            Method: "GetUserRoleList",
+            Router: `/GetUserRoleList`,
+            AllowHTTPMethods: []string{"get"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
    beego.GlobalControllerRouter["git.rosy.net.cn/jx-callback/controllers:User2Controller"] = append(beego.GlobalControllerRouter["git.rosy.net.cn/jx-callback/controllers:User2Controller"],
        beego.ControllerComments{
            Method: "GetUsers",