Merge branch 'master' of http://git.shengws.com/csx/XT_New

controllers/base_api_controller.go

 
 import (
 	"XT_New/enums"
+	"XT_New/models"
+	"XT_New/service"
 )
 
 type BaseAPIController struct {
 func (this *BaseAuthAPIController) Prepare() {
 	this.BaseAPIController.Prepare()
 	if this.GetAdminUserInfo() == nil {
-		//var userAdmin models.AdminUser
-		//userAdmin.Id = 380
-		//userAdmin.Mobile = "13532250447"
-		//userAdmin.IsSuperAdmin = true
-		//userAdmin.Status = 1
-		//userAdmin.CreateTime = 1530786071
-		//userAdmin.ModifyTime = 1530786071
-		//var subscibe models.ServeSubscibe
-		//subscibe.ID = 1
-		//subscibe.OrgId = 4
-		//subscibe.PeriodStart = 1538035409
-		//subscibe.PeriodEnd = 1569571409
-		//subscibe.State = 1
-		//subscibe.Status = 1
-		//subscibe.CreatedTime = 1538035409
-		//subscibe.UpdatedTime = 1538035409
-		//subscibes := make(map[int64]*models.ServeSubscibe, 0)
-		//subscibes[4] = &subscibe
-		//
-		//var template models.GobalTemplate
-		//template.TemplateId = 2
-		//
-		//var adminUserInfo service.AdminUserInfo
-		//adminUserInfo.CurrentOrgId = 4
-		//adminUserInfo.CurrentAppId = 5
-		//adminUserInfo.AdminUser = &userAdmin
-		//adminUserInfo.Subscibes = subscibes
-		//this.SetSession("admin_user_info", &adminUserInfo)
-
-		this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodeNotLogin)
-		this.StopRun()
+		var userAdmin models.AdminUser
+		//userAdmin.Id = 400
+		//userAdmin.Mobile = "13535547901"
+
+		userAdmin.Id = 597
+		userAdmin.Mobile = "19874122664"
+		userAdmin.IsSuperAdmin = false
+		userAdmin.Status = 1
+		userAdmin.CreateTime = 1530786071
+		userAdmin.ModifyTime = 1530786071
+		var subscibe models.ServeSubscibe
+		subscibe.ID = 1
+		subscibe.OrgId = 12
+		subscibe.PeriodStart = 1538035409
+		subscibe.PeriodEnd = 1569571409
+		subscibe.State = 1
+		subscibe.Status = 1
+		subscibe.CreatedTime = 1538035409
+		subscibe.UpdatedTime = 1538035409
+		subscibes := make(map[int64]*models.ServeSubscibe, 0)
+		subscibes[4] = &subscibe
+		var adminUserInfo service.AdminUserInfo
+		adminUserInfo.CurrentOrgId = 12
+		adminUserInfo.CurrentAppId = 18
+		adminUserInfo.AdminUser = &userAdmin
+		adminUserInfo.Subscibes = subscibes
+		this.SetSession("admin_user_info", &adminUserInfo)
+
+		//this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodeNotLogin)
+		//this.StopRun()
 	}
 
 	//if this.Ctx.Request.Method != "GET" {
 func (this *BaseServeAPIController) Prepare() {
 	this.BaseAPIController.Prepare()
 	if this.GetAdminUserInfo() == nil {
-		//var userAdmin models.AdminUser
-		//userAdmin.Id = 380
-		//userAdmin.Mobile = "13532250447"
-		//userAdmin.IsSuperAdmin = true
-		//userAdmin.Status = 1
-		//userAdmin.CreateTime = 1530786071
-		//userAdmin.ModifyTime = 1530786071
-		//var subscibe models.ServeSubscibe
-		//subscibe.ID = 1
-		//subscibe.OrgId = 4
-		//subscibe.PeriodStart = 1538035409
-		//subscibe.PeriodEnd = 1569571409
-		//subscibe.State = 1
-		//subscibe.Status = 1
-		//subscibe.CreatedTime = 1538035409
-		//subscibe.UpdatedTime = 1538035409
-		//subscibes := make(map[int64]*models.ServeSubscibe, 0)
-		//subscibes[4] = &subscibe
-		//var adminUserInfo service.AdminUserInfo
-		//adminUserInfo.CurrentOrgId = 4
-		//adminUserInfo.CurrentAppId = 5
-		//adminUserInfo.AdminUser = &userAdmin
-		//adminUserInfo.Subscibes = subscibes
-		//this.SetSession("admin_user_info", &adminUserInfo)
-
-		this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodeNotLogin)
-		this.StopRun()
+		var userAdmin models.AdminUser
+		//userAdmin.Id = 400
+		//userAdmin.Mobile = "13535547901"
+		userAdmin.Id = 597
+		userAdmin.Mobile = "19874122664"
+		userAdmin.IsSuperAdmin = false
+		userAdmin.Status = 1
+		userAdmin.CreateTime = 1530786071
+		userAdmin.ModifyTime = 1530786071
+		var subscibe models.ServeSubscibe
+		subscibe.ID = 1
+		subscibe.OrgId = 12
+		subscibe.PeriodStart = 1538035409
+		subscibe.PeriodEnd = 1569571409
+		subscibe.State = 1
+		subscibe.Status = 1
+		subscibe.CreatedTime = 1538035409
+		subscibe.UpdatedTime = 1538035409
+		subscibes := make(map[int64]*models.ServeSubscibe, 0)
+		subscibes[4] = &subscibe
+		var adminUserInfo service.AdminUserInfo
+		adminUserInfo.CurrentOrgId = 12
+		adminUserInfo.CurrentAppId = 18
+		adminUserInfo.AdminUser = &userAdmin
+		adminUserInfo.Subscibes = subscibes
+		this.SetSession("admin_user_info", &adminUserInfo)
+
+		//this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodeNotLogin)
+		//this.StopRun()
 	}
 }
 

controllers/mobile_api_controllers/login_api_controller.go

 
 		//service.GetOrgSubscibeState(&subscibe)
 		templateInfo, _ := service.GetOrgInfoTemplate(org.Id)
-
 		mobileAdminUserInfo := &MobileAdminUserInfo{
 			AdminUser:    &adminUser,
 			Org:          &org,

controllers/mobile_api_controllers/mobile_api_base_controller.go

 	//		this.StopRun()
 	//	}
 	//}
+	if adminUserInfo.AppRole != nil {
+		app_role, _ := service.FindAppRoleById(adminUserInfo.AppRole.Id)
+		if app_role.Status != 1 {
+			this.DelSession("mobile_admin_user_info")
+			this.Ctx.SetCookie("token_cookie", "")
+			this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodeForbidden)
+			this.StopRun()
+		}
+
+	}
 
 	if this.Ctx.Request.Header.Get("Permission") == "1" {
 		if !adminUserInfo.AdminUser.IsSuperAdmin || adminUserInfo.AdminUser.Id != adminUserInfo.Org.Creator {

controllers/new_mobile_api_controllers/home_api_controller.go

 	"net/http"
 	"net/url"
 	"strconv"
+	"strings"
 	"time"
 )
 
 		}
 		orgs = RemoveRepeatedOrgElement(orgs)
 
+		var isSubSuperAdmin bool = false
+
+		app_role, _ := service.GetAppRoleById(adminUserInfo.AppRole.Id)
+		role_ids := strings.Split(app_role.RoleIds, ",")
+
+		if adminUserInfo.AdminUser.Id != adminUserInfo.Org.Creator {
+			for _, item := range role_ids {
+				id, _ := strconv.ParseInt(item, 10, 64)
+				role, _ := service.GetRoleByRoleID(id)
+				if role.IsSystem == 1 && role.RoleName == "子管理员" {
+					isSubSuperAdmin = true
+				}
+			}
+		}
+
 		apps, err := service.GetAllApp(adminUserInfo.Org.Id)
 		if err != nil {
 			this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodeSystemError)
 		}
 
 		this.ServeSuccessJSON(map[string]interface{}{
-			"orgs":        orgs,
-			"apps":        apps,
-			"banners":     banners,
-			"isCreateOrg": true,
+			"orgs":            orgs,
+			"apps":            apps,
+			"banners":         banners,
+			"isCreateOrg":     true,
+			"isSubSuperAdmin": isSubSuperAdmin,
 		})
 	} else {
 		apps, err := service.GetAllApp(0)
 		}
 
 		this.ServeSuccessJSON(map[string]interface{}{
-			"isCreateOrg": false,
-			"apps":        apps,
-			"banners":     banners,
+			"isCreateOrg":     false,
+			"apps":            apps,
+			"banners":         banners,
+			"isSubSuperAdmin": false,
 		})
 	}
 

controllers/new_mobile_api_controllers/new_role_api_controller.go

 }
 
 func (this *NewRoleApiController) GetAllOrgUser() {
-
 	adminUserInfo := this.GetMobileAdminUserInfo()
-	viewModels, _, _ := service.GetAllAdminUsersAndRole(adminUserInfo.Org.Id, adminUserInfo.App.Id, 1, 10)
+	var isSubSuperAdmin bool = false
+	app_role, _ := service.GetAppRoleById(adminUserInfo.AppRole.Id)
+	role_ids := strings.Split(app_role.RoleIds, ",")
+
+	if adminUserInfo.AdminUser.Id != adminUserInfo.Org.Creator {
+		for _, item := range role_ids {
+			id, _ := strconv.ParseInt(item, 10, 64)
+			role, _ := service.GetRoleByRoleID(id)
+			if role.IsSystem == 1 && role.RoleName == "子管理员" {
+				isSubSuperAdmin = true
+			}
+		}
+	}
+	viewModels, _, _ := service.GetAllAdminUsersAndRole(adminUserInfo.Org.Id, adminUserInfo.App.Id, 1, 100)
 	this.ServeSuccessJSON(map[string]interface{}{
-		"admins": viewModels,
+		"admins":          viewModels,
+		"isSubSuperAdmin": isSubSuperAdmin,
+		"org_creator":     adminUserInfo.Org.Creator,
 	})
 }
 
 	name := this.GetString("name")
 	userTitle := this.GetString("title")
 	roleIds := this.GetString("role_ids")
+	user_type, _ := this.GetInt64("user_type", 0)
+	user_title, _ := this.GetInt64("user_title", 0)
+
+	//roleIds := this.GetString("role_ids")
+
 	if adminUserId <= 0 || len(name) == 0 || len(roleIds) <= 0 {
 		this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodeParamWrong)
 		return
 	appRole.UserTitleName = userTitle
 	appRole.RoleIds = roleIds
 	appRole.ModifyTime = time.Now().Unix()
+	appRole.UserType = int8(user_type)
+	appRole.UserTitle = int8(user_title)
 	saveErr := service.SaveAppRole(appRole)
 	if saveErr != nil {
 		this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodeDBUpdate)
 
 func (this *NewRoleApiController) GetEditAdminInitData() {
 	adminUserInfo := this.GetMobileAdminUserInfo()
-	roles, _ := service.GetAllOrgValidRoles(adminUserInfo.Org.Id)
+
+	roles, _ := service.GetNewAllOrgValidRoles(adminUserInfo.Org.Id)
 	this.ServeSuccessJSON(map[string]interface{}{
 		"roles": roles,
 	})
 func (this *NewRoleApiController) GetAdminUserInfo() {
 	adminUserInfo := this.GetMobileAdminUserInfo()
 	adminUserId, _ := this.GetInt64("uid")
+
 	appRole, getAppRoleErr := service.GetAppRole(adminUserInfo.Org.Id, adminUserInfo.App.Id, adminUserId)
 	if getAppRoleErr != nil {
 		//beego.Error("查询管理员信息时失败:", getAppRoleErr)
 	name := this.GetString("name")
 	role_ids := this.GetString("role_ids")
 	userTitle := this.GetString("title")
+	user_type, _ := this.GetInt("user_type", 0)
+	user_title, _ := this.GetInt("user_title", 0)
 
 	if len(mobile) == 0 || len(name) == 0 || len(role_ids) <= 0 {
 		this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodeParamWrong)
 		return
 	} else {
 		if adminUser == nil { //新增账号和用户
-			_, password, createErr := service.CreateGeneralAdminUser(adminUserInfo.Org.Id, adminUserInfo.App.Id, mobile, name, userTitle, role_ids)
+			_, password, createErr := service.CreateGeneralAdminUser(adminUserInfo.Org.Id, adminUserInfo.App.Id, mobile, name, userTitle, role_ids, user_type, user_title)
 			if createErr != nil {
 				//beego.Error("创建管理员失败:", createErr)
 				this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodeDBCreate)
 					Avatar:        "",
 					UserName:      name,
 					UserTitleName: userTitle,
+					UserTitle:     int8(user_title),
+					UserType:      int8(user_type),
 					Status:        1,
 					CreateTime:    time.Now().Unix(),
 					ModifyTime:    time.Now().Unix(),
 
 func (this *NewRoleApiController) GetAllOrgRole() {
 	adminUserInfo := this.GetMobileAdminUserInfo()
-	roles, err := service.GetAllOrgValidRoles(adminUserInfo.Org.Id)
+
+	var isSubSuperAdmin bool = false
+
+	app_role, _ := service.GetAppRoleById(adminUserInfo.AppRole.Id)
+	role_ids := strings.Split(app_role.RoleIds, ",")
+
+	if adminUserInfo.AdminUser.Id != adminUserInfo.Org.Creator {
+		for _, item := range role_ids {
+			id, _ := strconv.ParseInt(item, 10, 64)
+			role, _ := service.GetRoleByRoleID(id)
+			if role.IsSystem == 1 && role.RoleName == "子管理员" {
+				isSubSuperAdmin = true
+			}
+		}
+	}
+	fmt.Println(isSubSuperAdmin)
+
+	roles, err := service.GetAllOrgValidRoles(adminUserInfo.Org.Id, isSubSuperAdmin)
 	if err != nil {
 		this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodeDataException)
 		return
 	role_name := this.GetString("name")
 	role_desc := this.GetString("desc")
 
+	total := service.FindRoleRecordByRoleName(role_name, adminUserInfo.Org.Id)
+	if total > 0 {
+		this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodeRoleNameIsExist)
+		return
+
+	}
+
 	role := &models.Role{
 		RoleName:     role_name,
 		RoleIntro:    role_desc,

controllers/new_mobile_api_controllers/role.json

         "role_introduction": "医生角色能够进行建立患者档案，制定和调整患者透析治疗方案，定期评价病人的透析质量等",
         "is_super_admin": false,
         "status": 1,
-        "is_system": 1,
+        "is_system": 2,
         "number": 9998,
         "purview_ids": "71,72,70,74,75,73,127,128,48,52,110,93,121,122,124,125,120,101,100,102,156,157,158,159,15571,72,70,74,75,73,127,128,48,52,110,93,121,122,124,125,120,101,100,102,156,157,158,159,155",
         "func_ids": "1,2,3,4,5,6,7,8,9,10,11,12,24,25,26,27,28,29,30,31,32,33"
         "role_introduction": "护士角色能够进行病人透析管理，以及医院的感染控制与消毒记录等",
         "is_super_admin": false,
         "status": 1,
-        "is_system": 1,
+        "is_system": 3,
         "number": 9997,
         "purview_ids": "74,75,73,48,52,110,93,121,122,124,125,120",
         "func_ids": "7,8,10,11,12,13,14,16,17,19,21,22,24,25,27,28"

controllers/role_controller.go

 
 	beego.Router("/api/admin/specialpermission/initdata", &RoleAPIController{}, "get:SpecialPermissionInitData")
 	beego.Router("/api/admin/specialpermission/dialysisrecord/submit", &RoleAPIController{}, "post:SubmitDialysisRecordPermission")
+
+	beego.Router("/api/roles/list", &RoleAPIController{}, "get:GetAllOrgRole")
+	beego.Router("/api/staff", &RoleAPIController{}, "get:GetAllOrgUser")
+	beego.Router("/api/role/addStaff", &RoleAPIController{}, "post:AddRoleStaff")
+
+	beego.Router("/api/role/staff", &RoleAPIController{}, "get:GetRoleStaff")
+
 }
 
 type RoleAPIController struct {
 	page, _ := this.GetInt("page")
 	adminUserInfo := this.GetAdminUserInfo()
 	//beego.Alert(adminUserInfo.AdminUser)
-	if adminUserInfo.AdminUser.IsSuperAdmin == false {
-		this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodePermissionDenied)
-		return
-	}
-
+	//if adminUserInfo.AdminUser.IsSuperAdmin == false {
+	//	this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodePermissionDenied)
+	//	return
+	//}
 	if page <= 0 {
 		page = 1
 	}
-	roles, total, getRoleErr := service.GetRoles(adminUserInfo.CurrentOrgId, adminUserInfo.CurrentAppId, page, 10)
+	roles, total, getRoleErr := service.GetRoles(adminUserInfo.CurrentOrgId, adminUserInfo.CurrentAppId, page, 100)
 	if getRoleErr != nil {
 		//beego.Error("获取角色列表失败:", getRoleErr)
 		this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodeDataException)
 		return
 	}
 	adminUserInfo := this.GetAdminUserInfo()
-	if adminUserInfo.AdminUser.IsSuperAdmin == false {
-		this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodePermissionDenied)
+	//if adminUserInfo.AdminUser.IsSuperAdmin == false {
+	//	this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodePermissionDenied)
+	//	return
+	//}
+
+	total := service.FindRoleRecordByRoleName(name, adminUserInfo.CurrentOrgId)
+	if total > 0 {
+		this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodeRoleNameIsExist)
 		return
 	}
-
 	role, createErr := service.CreateRole(adminUserInfo.AdminUser.Id, adminUserInfo.CurrentOrgId, adminUserInfo.CurrentAppId, name, intro)
 	if createErr != nil {
 		//beego.Error("创建角色失败:", createErr)
 		this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodeParamWrong)
 		return
 	}
-	adminUserInfo := this.GetAdminUserInfo()
-	if adminUserInfo.AdminUser.IsSuperAdmin == false {
-		this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodePermissionDenied)
-		return
-	}
+	//adminUserInfo := this.GetAdminUserInfo()
+	//if adminUserInfo.AdminUser.IsSuperAdmin == false {
+	//	this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodePermissionDenied)
+	//	return
+	//}
 
 	role, getRoleErr := service.GetRoleByRoleID(roleID)
 	if getRoleErr != nil {
 	}
 
 	adminUserInfo := this.GetAdminUserInfo()
-	if adminUserInfo.AdminUser.IsSuperAdmin == false {
-		this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodePermissionDenied)
-		return
-	}
+	//if adminUserInfo.AdminUser.IsSuperAdmin == false {
+	//	this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodePermissionDenied)
+	//	return
+	//}
 
 	role, getRoleErr := service.GetRoleByRoleID(roleID)
 	if getRoleErr != nil {
 // /role/purview/editinit [get]
 // @param role_id:int
 func (this *RoleAPIController) EditPurviewInitData() {
-	adminUserInfo := this.GetAdminUserInfo()
-	if adminUserInfo.AdminUser.IsSuperAdmin == false {
-		this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodePermissionDenied)
-		return
-	}
+	//adminUserInfo := this.GetAdminUserInfo()
+	//if adminUserInfo.AdminUser.IsSuperAdmin == false {
+	//	this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodePermissionDenied)
+	//	return
+	//}
 
 	roleId, _ := this.GetInt64("role_id")
 	if roleId <= 0 {
 // @param purview_ids:string
 func (this *RoleAPIController) EditPurview() {
 	adminUserInfo := this.GetAdminUserInfo()
-	if adminUserInfo.AdminUser.IsSuperAdmin == false {
-		this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodePermissionDenied)
-		return
-	}
+	//if adminUserInfo.AdminUser.IsSuperAdmin == false {
+	//	this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodePermissionDenied)
+	//	return
+	//}
 	roleId, _ := this.GetInt64("role_id")
 	purviewIds := this.GetString("purview_ids")
 	if roleId <= 0 {
 // /api/adminmain [get]
 func (this *RoleAPIController) AdminMainView() {
 	adminUserInfo := this.GetAdminUserInfo()
-	if adminUserInfo.AdminUser.IsSuperAdmin == false {
-		this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodePermissionDenied)
-		return
+
+	//org, _ := service.GetOrgById(adminUserInfo.CurrentOrgId)
+
+	var isSubSuperAdmin bool = false
+	adminUserRole, _ := service.GetAppRole(adminUserInfo.CurrentOrgId, adminUserInfo.CurrentAppId, adminUserInfo.AdminUser.Id)
+
+	//app_role, _ := service.GetAppRoleById(adminUserInfo.)
+	role_ids := strings.Split(adminUserRole.RoleIds, ",")
+
+	org, _ := service.GetOrgById(adminUserInfo.CurrentOrgId)
+
+	if adminUserInfo.AdminUser.Id != org.Creator {
+		for _, item := range role_ids {
+			id, _ := strconv.ParseInt(item, 10, 64)
+			role, _ := service.GetRoleByRoleID(id)
+			if role.IsSystem == 1 && role.RoleName == "子管理员" {
+				isSubSuperAdmin = true
+			}
+		}
 	}
 
-	viewModels, total, getAdminsErr := service.GetAdminUsersAndLoginInfo(adminUserInfo.CurrentOrgId, adminUserInfo.CurrentAppId, 1, 10)
+	viewModels, _, getAdminsErr := service.GetAdminUsersAndLoginInfo(adminUserInfo.CurrentOrgId, adminUserInfo.CurrentAppId, 1, 100)
 	if getAdminsErr != nil {
 		//beego.Error("获取管理员列表失败:", getAdminsErr)
 		this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodeDataException)
 		return
 	}
 
-	existRoleCount, _ := service.GetValidRoleCount(adminUserInfo.CurrentOrgId, adminUserInfo.CurrentAppId, adminUserInfo.AdminUser.Id)
-
 	this.ServeSuccessJSON(map[string]interface{}{
-		"admins":        viewModels,
-		"total_count":   total,
-		"is_exist_role": existRoleCount > 0,
+		"admins":          viewModels,
+		"org":             org,
+		"isSubSuperAdmin": isSubSuperAdmin,
 	})
 }
 
 // @param page?:int
 func (this *RoleAPIController) Admins() {
 	adminUserInfo := this.GetAdminUserInfo()
-	if adminUserInfo.AdminUser.IsSuperAdmin == false {
-		this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodePermissionDenied)
-		return
-	}
+	//if adminUserInfo.AdminUser.IsSuperAdmin == false {
+	//	this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodePermissionDenied)
+	//	return
+	//}
 
 	page, _ := this.GetInt("page")
-	viewModels, total, getAdminsErr := service.GetAdminUsersAndLoginInfo(adminUserInfo.CurrentOrgId, adminUserInfo.CurrentAppId, page, 10)
+	viewModels, total, getAdminsErr := service.GetAdminUsersAndLoginInfo(adminUserInfo.CurrentOrgId, adminUserInfo.CurrentAppId, page, 100)
 	if getAdminsErr != nil {
 		//beego.Error("获取管理员列表失败:", getAdminsErr)
 		this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodeDataException)
 // /api/admin/addinit [get]
 func (this *RoleAPIController) AddAdminInitData() {
 	adminUserInfo := this.GetAdminUserInfo()
-	if adminUserInfo.AdminUser.IsSuperAdmin == false {
-		this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodePermissionDenied)
-		return
+	//if adminUserInfo.AdminUser.IsSuperAdmin == false {
+	//	this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodePermissionDenied)
+	//	return
+	//}
+
+	var isSubSuperAdmin bool = false
+	adminUserRole, _ := service.GetAppRole(adminUserInfo.CurrentOrgId, adminUserInfo.CurrentAppId, adminUserInfo.AdminUser.Id)
+
+	//app_role, _ := service.GetAppRoleById(adminUserInfo.)
+	role_ids := strings.Split(adminUserRole.RoleIds, ",")
+
+	org, _ := service.GetOrgById(adminUserInfo.CurrentOrgId)
+
+	if adminUserInfo.AdminUser.Id != org.Creator {
+		for _, item := range role_ids {
+			id, _ := strconv.ParseInt(item, 10, 64)
+			role, _ := service.GetRoleByRoleID(id)
+			if role.IsSystem == 1 && role.RoleName == "子管理员" {
+				isSubSuperAdmin = true
+			}
+		}
 	}
 
 	roles, getRoleErr := service.GetAllValidRoles(adminUserInfo.CurrentOrgId, adminUserInfo.CurrentAppId)
 	qntoken, _ := redisClient.Get("qn_token").Result()
 
 	this.ServeSuccessJSON(map[string]interface{}{
-		"roles":   roles,
-		"qntoken": qntoken,
+		"roles":           roles,
+		"qntoken":         qntoken,
+		"isSubSuperAdmin": isSubSuperAdmin,
+		"org":             org,
 	})
 }
 
 // @param intro?:string
 func (this *RoleAPIController) AddAdmin() {
 	adminUserInfo := this.GetAdminUserInfo()
-	if adminUserInfo.AdminUser.IsSuperAdmin == false {
-		this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodePermissionDenied)
-		return
-	}
+	//if adminUserInfo.AdminUser.IsSuperAdmin == false {
+	//	this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodePermissionDenied)
+	//	return
+	//}
 
 	mobile := this.GetString("mobile")
 	name := this.GetString("name")
 	userType, _ := this.GetInt("type")
 	userTitle, _ := this.GetInt("title")
-	roleId, _ := this.GetInt64("role")
-	//intro := this.GetString("intro")
+	roleIds := this.GetString("role")
+	user_title_name := this.GetString("user_title_name")
 
-	_, titleExist := models.UserTitle[userTitle]
-	if len(mobile) == 0 || len(name) == 0 || (userType != 2 && userType != 3 && userType != 4) || !titleExist || roleId <= 0 {
+	if len(mobile) == 0 || len(name) == 0 || (userType != 2 && userType != 3 && userType != 4) || len(roleIds) <= 0 {
 		this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodeParamWrong)
 		return
 	}
 
-	isRoleExist, getRoleErr := service.IsRoleExist(adminUserInfo.CurrentOrgId, adminUserInfo.CurrentAppId, roleId)
-	if getRoleErr != nil {
-		//beego.Error("查询角色是否存在时失败:", getRoleErr)
-		this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodeDataException)
-		return
-	}
-	if !isRoleExist {
-		this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodeRoleNotExist)
-		return
-	}
-
-	// 判断该应用是否已存在该手机号
-	if isMobileDidUsed, err := service.IsMobileDidUsedAtApp(adminUserInfo.CurrentOrgId, adminUserInfo.CurrentAppId, mobile); err != nil {
+	// 判断是否已存在该手机号
+	if adminUser, err := service.GetValidAdminUserByMobileReturnErr(mobile); err != nil {
 		//beego.Error("查询用户是否已被添加为管理员时失败:", err)
 		this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodeDataException)
 		return
 	} else {
-		if isMobileDidUsed {
-			this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodeMobileDidUsedInApp)
-			return
-		}
-	}
+		if adminUser == nil { //新增账号和用户
+			_, password, createErr := service.CreateGeneralAdminUser(adminUserInfo.CurrentOrgId, adminUserInfo.CurrentAppId, mobile, name, user_title_name, roleIds, userType, userTitle)
+			if createErr != nil {
+				//beego.Error("创建管理员失败:", createErr)
+				this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodeDBCreate)
+				return
+
+			} else {
+				sendSMSErr := service.SMSSendInviteMobileToJoinOrgAdmin(name, mobile, password)
+				if sendSMSErr != nil {
+				}
+
+				this.ServeSuccessJSON(nil)
+				return
+			}
+		} else {
+
+			total, _ := service.FindAdminUserByID(adminUser.Id, adminUserInfo.CurrentOrgId)
+
+			if total <= 0 {
+				//新增用户
+				app_role := &models.App_Role{
+					AdminUserId:   adminUser.Id,
+					OrgId:         adminUserInfo.CurrentOrgId,
+					AppId:         adminUserInfo.CurrentAppId,
+					Avatar:        "",
+					UserName:      name,
+					UserTitleName: user_title_name,
+					Status:        1,
+					UserType:      int8(userType),
+					UserTitle:     int8(userTitle),
+					CreateTime:    time.Now().Unix(),
+					ModifyTime:    time.Now().Unix(),
+					RoleIds:       roleIds,
+				}
+				err := service.CreateUserRole(app_role)
+				if err != nil {
+					this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodeDBCreate)
+					return
+				}
+				this.ServeSuccessJSON(nil)
+			} else {
+				this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodeRepeatCreateStaffException)
+				return
+			}
 
-	if isSuperAdmin, err := service.IsUserSuperAdminWithMobile(mobile); err != nil {
-		this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodeMobileNotExit)
-		return
-	} else {
-		if isSuperAdmin {
-			this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodeRoleMobileIsSuperAdmin)
 			return
 		}
 	}
 
-	//TODO
-	//_, password, createErr := service.CreateGeneralAdminUser(adminUserInfo.CurrentOrgId, adminUserInfo.CurrentAppId, mobile, name, userType, userTitle, intro, roleId)
-	//if createErr != nil {
-	//	//beego.Error("创建管理员失败:", createErr)
-	//	this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodeDBCreate)
-	//	return
-	//
-	//} else {
-	//	//beego.Trace("用户密码:", password)
-	//	// 发送短信通知这个手机号
-	//	sendSMSErr := service.SMSSendInviteMobileToJoinOrgAdmin(name, mobile, password)
-	//	if sendSMSErr != nil {
-	//		//beego.Error("发送邀请短信失败：%v", sendSMSErr)
-	//	}
-	//
-	//	this.ServeSuccessJSON(nil)
-	//	return
-	//}
 }
 
 // /api/admin/editinit [get]
 // @param uid:int
 func (this *RoleAPIController) EditAdminInitData() {
 	adminUserInfo := this.GetAdminUserInfo()
-	if adminUserInfo.AdminUser.IsSuperAdmin == false {
-		this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodePermissionDenied)
-		return
-	}
 
 	admin_user_id, _ := this.GetInt64("uid")
 	if admin_user_id <= 0 {
 		return
 	}
 
-	adminUserViewModel, getInfoErr := service.GetGeneralAdminUser(adminUserInfo.CurrentOrgId, adminUserInfo.CurrentAppId, admin_user_id)
-	if getInfoErr != nil {
-		//beego.Error("获取管理员信息失败:", getInfoErr)
+	appRole, getAppRoleErr := service.GetAppRole(adminUserInfo.CurrentOrgId, adminUserInfo.CurrentAppId, admin_user_id)
+	if getAppRoleErr != nil {
+		//beego.Error("查询管理员信息时失败:", getAppRoleErr)
 		this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodeDataException)
 		return
 	}
-	if adminUserViewModel == nil {
+	if appRole == nil {
 		this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodeAdminUserNotExist)
 		return
 	}
 		return
 	}
 
+	var isSubSuperAdmin bool = false
+	adminUserRole, _ := service.GetAppRole(adminUserInfo.CurrentOrgId, adminUserInfo.CurrentAppId, adminUserInfo.AdminUser.Id)
+
+	//app_role, _ := service.GetAppRoleById(adminUserInfo.)
+	role_ids := strings.Split(adminUserRole.RoleIds, ",")
+
+	org, _ := service.GetOrgById(adminUserInfo.CurrentOrgId)
+
+	if adminUserInfo.AdminUser.Id != org.Creator {
+		for _, item := range role_ids {
+			id, _ := strconv.ParseInt(item, 10, 64)
+			role, _ := service.GetRoleByRoleID(id)
+			if role.IsSystem == 1 && role.RoleName == "子管理员" {
+				isSubSuperAdmin = true
+			}
+		}
+	}
+
 	redisClient := service.RedisClient()
 	defer redisClient.Close()
 	qntoken, _ := redisClient.Get("qn_token").Result()
 
 	this.ServeSuccessJSON(map[string]interface{}{
-		"admin":   adminUserViewModel,
-		"roles":   roles,
-		"qntoken": qntoken,
+		"admin":           appRole,
+		"roles":           roles,
+		"qntoken":         qntoken,
+		"isSubSuperAdmin": isSubSuperAdmin,
 	})
 }
 
 // @param intro?:string
 func (this *RoleAPIController) EditAdmin() {
 	adminUserInfo := this.GetAdminUserInfo()
-	if adminUserInfo.AdminUser.IsSuperAdmin == false {
-		this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodePermissionDenied)
-		return
-	}
+	//if adminUserInfo.AdminUser.IsSuperAdmin == false {
+	//	this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodePermissionDenied)
+	//	return
+	//}
 
 	adminUserId, _ := this.GetInt64("uid")
 	name := this.GetString("name")
 	userType, _ := this.GetInt("type")
 	userTitle, _ := this.GetInt("title")
-	roleId, _ := this.GetInt64("role")
+	roleIds := this.GetString("role")
 	intro := this.GetString("intro")
+	user_title_name := this.GetString("user_title_name")
 
 	_, titleExist := models.UserTitle[userTitle]
-	if adminUserId <= 0 || len(name) == 0 || (userType != 2 && userType != 3 && userType != 4) || !titleExist || roleId <= 0 {
+	if adminUserId <= 0 || len(name) == 0 || (userType != 2 && userType != 3 && userType != 4) || !titleExist || len(roleIds) <= 0 {
 		this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodeParamWrong)
 		return
 	}
 		return
 	}
 
-	isRoleExist, getRoleErr := service.IsRoleExist(adminUserInfo.CurrentOrgId, adminUserInfo.CurrentAppId, roleId)
-	if getRoleErr != nil {
-		//beego.Error("查询角色是否存在时失败:", getRoleErr)
-		this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodeDataException)
-		return
-	}
-	if !isRoleExist {
-		this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodeRoleNotExist)
-		return
-	}
-
 	appRole.UserName = name
 	appRole.UserType = int8(userType)
 	appRole.UserTitle = int8(userTitle)
-	appRole.RoleId = roleId
+	appRole.RoleIds = roleIds
 	appRole.Intro = intro
+	appRole.UserTitleName = user_title_name
 	appRole.ModifyTime = time.Now().Unix()
 	saveErr := service.SaveAppRole(appRole)
 	if saveErr != nil {
 // @param enable:bool
 func (this *RoleAPIController) AdminSetStatus() {
 	adminUserInfo := this.GetAdminUserInfo()
-	if adminUserInfo.AdminUser.IsSuperAdmin == false {
-		this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodePermissionDenied)
-		return
-	}
+	//if adminUserInfo.AdminUser.IsSuperAdmin == false {
+	//	this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodePermissionDenied)
+	//	return
+	//}
 
 	userID, _ := this.GetInt64("uid")
 	if userID <= 0 {
 	}
 
 	enable, _ := this.GetBool("enable")
-	if enable == true {
-		if roleEnable, _ := service.IsRoleExist(appRole.OrgId, appRole.AppId, appRole.RoleId); roleEnable == false {
-			this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodeRoleNotExist)
-			return
-		}
-	}
 
 	if enable {
 		appRole.Status = 1
 // /api/admin/specialpermission/initdata [get]
 func (this *RoleAPIController) SpecialPermissionInitData() {
 	adminUserInfo := this.GetAdminUserInfo()
-	if adminUserInfo.AdminUser.IsSuperAdmin == false {
-		this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodePermissionDenied)
-		return
-	}
+	//if adminUserInfo.AdminUser.IsSuperAdmin == false {
+	//	this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodePermissionDenied)
+	//	return
+	//}
 
 	adminUsers, getAdminUsersErr := service.GetAllGeneralAdminUsers(adminUserInfo.CurrentOrgId, adminUserInfo.CurrentAppId)
 	if getAdminUsersErr != nil {
 // @param ids:string ("1,2,5")
 func (this *RoleAPIController) SubmitDialysisRecordPermission() {
 	adminUserInfo := this.GetAdminUserInfo()
-	if adminUserInfo.AdminUser.IsSuperAdmin == false {
-		this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodePermissionDenied)
-		return
-	}
+	//if adminUserInfo.AdminUser.IsSuperAdmin == false {
+	//	this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodePermissionDenied)
+	//	return
+	//}
 
 	idsString := this.GetString("ids")
 	if len(idsString) == 0 {
 	}
 
 }
+
+func (this *RoleAPIController) GetAllOrgRole() {
+	adminUserInfo := this.GetAdminUserInfo()
+
+	var isSubSuperAdmin bool = false
+	adminUserRole, _ := service.GetAppRole(adminUserInfo.CurrentOrgId, adminUserInfo.CurrentAppId, adminUserInfo.AdminUser.Id)
+
+	//app_role, _ := service.GetAppRoleById(adminUserInfo.)
+	role_ids := strings.Split(adminUserRole.RoleIds, ",")
+
+	org, _ := service.GetOrgById(adminUserInfo.CurrentOrgId)
+
+	if adminUserInfo.AdminUser.Id != org.Creator {
+		for _, item := range role_ids {
+			id, _ := strconv.ParseInt(item, 10, 64)
+			role, _ := service.GetRoleByRoleID(id)
+			if role.IsSystem == 1 && role.RoleName == "子管理员" {
+				isSubSuperAdmin = true
+			}
+		}
+	}
+
+	roles, err := service.GetAllOrgValidRoles(adminUserInfo.CurrentOrgId, isSubSuperAdmin)
+	if err != nil {
+		this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodeDataException)
+		return
+	} else {
+		this.ServeSuccessJSON(map[string]interface{}{
+			"roles": roles,
+		})
+	}
+
+}
+
+func (this *RoleAPIController) GetAllOrgUser() {
+	adminUserInfo := this.GetAdminUserInfo()
+	org, _ := service.GetOrgById(adminUserInfo.CurrentOrgId)
+	viewModels, _, _ := service.GetAllAdminUsersAndRole(adminUserInfo.CurrentOrgId, adminUserInfo.CurrentAppId, 1, 100)
+	this.ServeSuccessJSON(map[string]interface{}{
+		"admins": viewModels,
+		"org":    org,
+	})
+}
+
+func (this *RoleAPIController) AddRoleStaff() {
+	//adminUserInfo := this.GetMobileAdminUserInfo()
+	role_id, _ := this.GetInt64("id", 0)
+	staff_ids := this.GetString("ids")
+	ids := strings.Split(staff_ids, ",")
+	for _, item := range ids {
+		id, _ := strconv.ParseInt(item, 10, 64)
+		role, _ := service.FindAdminUserID(id)
+		role.RoleIds = role.RoleIds + "," + strconv.FormatInt(role_id, 10)
+		service.SaveAdminUser(&role)
+	}
+	this.ServeSuccessJSON(map[string]interface{}{
+		"msg": "添加成功",
+	})
+
+}
+
+func (this *RoleAPIController) GetRoleStaff() {
+	adminUserInfo := this.GetAdminUserInfo()
+
+	viewModels, _, getAdminsErr := service.GetAdminUsersAndLoginInfo(adminUserInfo.CurrentOrgId, adminUserInfo.CurrentAppId, 1, 100)
+	if getAdminsErr != nil {
+		//beego.Error("获取管理员列表失败:", getAdminsErr)
+		this.ServeFailJSONWithSGJErrorCode(enums.ErrorCodeDataException)
+		return
+	}
+	org, _ := service.GetOrgById(adminUserInfo.CurrentOrgId)
+
+	this.ServeSuccessJSON(map[string]interface{}{
+		"admins": viewModels,
+		"org":    org,
+	})
+
+}

enums/error_code.go

 	ErrorCodeRegisterExist = 20033
 
 	ErrorCodeRepeatCreateStaffException = 20034
+
+	ErrorCodeForbidden       = 20035
+	ErrorCodeRoleNameIsExist = 20036
 )
 
 var ErrCodeMsgs = map[int]string{
 	ErrorCodeRegisterExist: "该账号已经注册，请登录",
 
 	ErrorCodeRepeatCreateStaffException: "该员工已经存在无法继续添加",
+
+	ErrorCodeForbidden: "你已经被管理员禁用,无法使用该系统",
+
+	ErrorCodeRoleNameIsExist: "该角色已经不存在",
 }
 
 type SGJError struct {

models/role_models.go

 	UserTitleName string    `gorm:"column:user_title_name" json:"user_title_name" form:"user_title_name"`
 	RoleIds       string    `gorm:"column:role_ids" json:"role_ids" form:"role_ids"`
 	AdminUser     AdminUser `gorm:"ForeignKey:ID;AssociationForeignKey:AdminUserId" json:"admin"`
-	Message       string    `gorm:"column:message" json:"message" form:"message"`
-	Sex           int64     `gorm:"column:sex" json:"sex" form:"sex"`
-	Birthday      int64     `gorm:"column:birthday" json:"birthday" form:"birthday"`
+	//AdminUser     AdminUser `gorm:"ForeignKey:ID;AssociationForeignKey:AdminUserId" json:"admin"`
+	IsSubSuperAdmin bool   `gorm:"-" json:"is_sub_super_admin" form:"is_sub_super_admin"`
+	Message         string `gorm:"column:message" json:"message" form:"message"`
+	Sex             int64  `gorm:"column:sex" json:"sex" form:"sex"`
+	Birthday        int64  `gorm:"column:birthday" json:"birthday" form:"birthday"`
 }
 
 func (App_Role) TableName() string {

models/vm_models.go

 	Ctime            int64  `gorm:"column:ctime" json:"ctime" form:"ctime"`
 	Mtime            int64  `gorm:"column:mtime" json:"mtime" form:"mtime"`
 	Number           int64  `gorm:"column:number" json:"number" form:"number"`
-	PurviewIds       string `gorm:"column:-" json:"purview_ids" form:"purview_ids"`
-	FuncIds          string `gorm:"column:-" json:"func_ids" form:"func_ids"`
+	PurviewIds       string `gorm:"-" json:"purview_ids" form:"purview_ids"`
+	FuncIds          string `gorm:"-" json:"func_ids" form:"func_ids"`
 	IsSystem         int64  `gorm:"column:is_system" json:"is_system" form:"is_system"`
 }
 

service/login_service.go

 	}
 	return count > 0
 }
+
+func FindAppRoleById(id int64) (*models.App_Role, error) {
+	var model models.App_Role
+	err := readUserDb.Model(&models.App_Role{}).Where("id = ? ", id).First(&model).Error
+	if err != nil {
+		if err == gorm.ErrRecordNotFound {
+			return nil, nil
+		} else {
+			return nil, err
+		}
+	}
+	return &model, nil
+}

service/role_service.go

 
 import (
 	"database/sql"
+	"fmt"
+	"strconv"
+	"strings"
 	"time"
 
 	"XT_New/models"
 			return nil, err
 		}
 	}
+
+	role_ids := strings.Split(appRole.RoleIds, ",")
+
+	for _, item := range role_ids {
+		id, _ := strconv.ParseInt(item, 10, 64)
+		role, _ := GetRoleByRoleID(id)
+		if role.IsSystem == 1 && role.RoleName == "子管理员" {
+			appRole.IsSubSuperAdmin = true
+		}
+	}
+
 	return &appRole, nil
 }
 
 	Ctime       int64  `gorm:"ctime" json:"last_login_time"`
 	Status      int    `gorm:"status" json:"status"`
 	Avatar      string `gorm:"avatar" json:"avatar"`
-
+	RoleIds     string `gorm:"role_ids" json:"role_ids"`
 	// LastLoginTimeStr string `gorm:"-" json:"last_login_time_formatted"`
-	TitleName string `gorm:"-" json:"title_name"`
+	TitleName       string `gorm:"-" json:"title_name"`
+	IsSubSuperAdmin bool   `gorm:"-" json:"is_sub_super_admin"`
+	//mobile          string `gorm:"-" json:"mobile"`
 }
 
 func GetAdminUsersAndLoginInfo(orgID int64, appID int64, page int, count int) ([]*AdminUserManageViewModel, int, error) {
 		page = 1
 	}
 	var viewModels []*AdminUserManageViewModel = make([]*AdminUserManageViewModel, 0)
-	rows, err := readUserDb.Raw("SELECT u_a_r.admin_user_id, u_a_r.user_name, u_r.role_name, u_a_r.user_title, u_l.ip, u_l.ctime, u_a_r.status,u_a_r.avatar FROM sgj_user_admin_role AS u_a_r INNER JOIN sgj_user_role AS u_r ON u_a_r.org_id = u_r.org_id AND u_a_r.app_id = u_r.app_id AND u_r.id = u_a_r.role_id LEFT JOIN (SELECT * FROM (SELECT admin_user_id, org_id, app_id, ip, ctime FROM sgj_user_admin_login_log WHERE org_id = ? AND app_id = ? ORDER BY ctime DESC) AS t GROUP BY admin_user_id) AS u_l ON u_a_r.org_id = u_l.org_id AND u_a_r.app_id = u_l.app_id AND u_a_r.admin_user_id = u_l.admin_user_id WHERE u_a_r.org_id = ? AND u_a_r.app_id = ? GROUP BY u_a_r.admin_user_id LIMIT ? OFFSET ?;", orgID, appID, orgID, appID, count, (page-1)*count).Rows()
+	rows, err := readUserDb.Raw("SELECT u_a_r.admin_user_id, u_a_r.user_name, u_a_r.user_title, u_l.ip, u_l.ctime, u_a_r.status,u_a_r.avatar,u_a_r.role_ids FROM sgj_user_admin_role AS u_a_r  LEFT JOIN (SELECT * FROM (SELECT admin_user_id, org_id, app_id, ip, ctime FROM sgj_user_admin_login_log WHERE org_id = ? AND app_id = ?  ORDER BY ctime DESC) AS t GROUP BY admin_user_id) AS u_l ON u_a_r.org_id = u_l.org_id AND u_a_r.app_id = u_l.app_id AND u_a_r.admin_user_id = u_l.admin_user_id WHERE u_a_r.org_id = ? AND u_a_r.app_id = ? AND user_type != 1 GROUP BY u_a_r.admin_user_id LIMIT ? OFFSET ?;", orgID, appID, orgID, appID, count, (page-1)*count).Rows()
 	defer rows.Close()
 	if err != nil {
 		if err == gorm.ErrRecordNotFound {
 		// }
 		viewModels = append(viewModels, &viewModel)
 	}
+
+	for _, item := range viewModels {
+		ids := strings.Split(item.RoleIds, ",")
+		for _, id := range ids {
+			id, _ := strconv.ParseInt(id, 10, 64)
+			role, _ := GetRoleByRoleID(id)
+			if role.IsSystem == 1 && role.RoleName == "子管理员" {
+				item.IsSubSuperAdmin = true
+			}
+
+			if len(item.RoleName) == 0 {
+				item.RoleName = role.RoleName
+			} else {
+				item.RoleName = item.RoleName + "," + role.RoleName
+			}
+		}
+
+		//admin, _ := GetAdminUserByUserID(int64(item.AdminUserId))
+		//item.mobile = admin.Mobile
+
+	}
+
 	total := 0
-	readUserDb.Table("sgj_user_admin_role as u_a_r").Joins("join sgj_user_role as u_r on u_r.org_id = u_a_r.org_id AND u_r.app_id = u_a_r.app_id AND u_r.id = u_a_r.role_id").Where("u_a_r.org_id = ? AND u_a_r.app_id = ?", orgID, appID).Count(&total)
+	//readUserDb.Table("sgj_user_admin_role as u_a_r").Joins("join sgj_user_role as u_r on u_r.org_id = u_a_r.org_id AND u_r.app_id = u_a_r.app_id AND u_r.id = u_a_r.role_id").Where("u_a_r.org_id = ? AND u_a_r.app_id = ?", orgID, appID).Count(&total)
 	return viewModels, total, nil
 }
 
 	return user.IsSuperAdmin, nil
 }
 
-func CreateGeneralAdminUser(orgID int64, appID int64, mobile string, name string, userTitle string, roleIds string) (*models.AdminUser, string, error) {
+func CreateGeneralAdminUser(orgID int64, appID int64, mobile string, name string, userTitle string, roleIds string, user_type int, user_title int) (*models.AdminUser, string, error) {
 	now := time.Now().Unix()
 	tx := writeUserDb.Begin()
 	var adminUser models.AdminUser
 		Avatar:        "",
 		UserName:      name,
 		UserTitleName: userTitle,
+		UserTitle:     int8(user_title),
+		UserType:      int8(user_type),
 		Status:        1,
 		CreateTime:    now,
 		ModifyTime:    now,
 	return &apps, nil
 }
 
-func GetAllOrgValidRoles(orgID int64) ([]*models.Role, error) {
+func GetAllOrgValidRoles(orgID int64, isSubSuperAdmin bool) ([]*models.Role, error) {
 	var roles []*models.Role
-	err := readUserDb.Model(models.Role{}).
-		Where("org_id = ? AND status = 1", orgID).
+	db := readUserDb.Model(models.Org{})
+	if isSubSuperAdmin {
+		fmt.Println("1111")
+		db = db.Where("role_name != '子管理员' AND is_system  != 1")
+	}
+	err := db.Where("org_id = ? AND status = 1", orgID).
 		Order("number desc,ctime").
 		Find(&roles).
 		Error
 	Status      int    `gorm:"status" json:"status"`
 	Avatar      string `gorm:"avatar" json:"avatar"`
 	RoleIds     string `gorm:"role_ids" json:"role_ids"`
+	IsSubAdmin  bool   `gorm:"-" json:"is_sub_admin"`
 }
 
 func GetAllAdminUsersAndRole(orgID int64, appID int64, page int, count int) ([]*NewAdminUserModel, int, error) {
 	var viewModels []*NewAdminUserModel = make([]*NewAdminUserModel, 0)
 	var rows *sql.Rows
 	var err error
-	rows, err = readUserDb.Raw("SELECT u_a_r.id, u_a_r.admin_user_id, u_a_r.user_name,  u_a_r.user_title, u_a_r.status,u_a_r.avatar,u_a_r.role_ids FROM sgj_user_admin_role AS u_a_r  WHERE org_id = ? AND app_id = ? AND user_type <> 1 ORDER BY ctime DESC", orgID, appID).Rows()
+	rows, err = readUserDb.Raw("SELECT u_a_r.id, u_a_r.admin_user_id, u_a_r.user_name,  u_a_r.user_title, u_a_r.status,u_a_r.avatar,u_a_r.role_ids FROM sgj_user_admin_role AS u_a_r  WHERE org_id = ? AND app_id = ? ORDER BY ctime DESC", orgID, appID).Rows()
 	defer rows.Close()
 	if err != nil {
 		if err == gorm.ErrRecordNotFound {
 		readUserDb.ScanRows(rows, &viewModel)
 		viewModels = append(viewModels, &viewModel)
 	}
+
+	for _, items := range viewModels {
+		ids := strings.Split(items.RoleIds, ",")
+		for _, ids := range ids {
+			id, _ := strconv.ParseInt(ids, 10, 64)
+			role, _ := GetRoleByRoleID(id)
+			if role.IsSystem == 1 && role.RoleName == "子管理员" {
+				items.IsSubAdmin = true
+			}
+		}
+	}
+
 	total := 0
 	return viewModels, total, nil
 }
 	return purview.ErrorMsg, err
 
 }
+
+func GetNewAllOrgValidRoles(orgID int64) ([]*models.Role, error) {
+	var roles []*models.Role
+	db := readUserDb.Model(models.Org{})
+	err := db.Where("org_id = ? AND status = 1", orgID).
+		Order("number desc,ctime").
+		Find(&roles).
+		Error
+	if err != nil {
+		if err == gorm.ErrRecordNotFound {
+			return make([]*models.Role, 0), nil
+		} else {
+			return nil, err
+		}
+	}
+	for _, item := range roles {
+		var total int64
+		readUserDb.Model(&models.App_Role{}).Where("org_id = ? AND find_in_set(?, role_ids)", orgID, item.Id).Count(&total)
+		item.StaffNumber = total
+	}
+	return roles, nil
+}
+
+func FindRoleRecordByRoleName(name string, org_id int64) (total int64) {
+	readUserDb.Model(&models.Role{}).Where("status = 1 AND role_name = ? AND org_id = ?", name, org_id).Count(&total)
+	return
+}