diff --git a/main.go b/main.go
index f4f8499..d7f5e87 100644
--- a/main.go
+++ b/main.go
@@ -85,7 +85,8 @@ func Run() error {
return err
}
- if len(model.FindAllUser()) == 0 {
+ users := model.FindAllUser()
+ if len(users) == 0 {
var pass []byte
if pass, err = utils.Encoder.Encode([]byte("admin")); err != nil {
@@ -97,11 +98,23 @@ func Run() error {
Username: "admin",
Password: string(pass),
Nickname: "超级管理员",
+ Type: model.TypeAdmin,
Created: utils.NowJsonTime(),
}
if err := model.CreateNewUser(&user); err != nil {
return err
}
+ } else {
+ for i := range users {
+ // 修正默认用户类型为管理员
+ if users[i].Type == "" {
+ user := model.User{
+ Type: model.TypeAdmin,
+ }
+ model.UpdateUserById(&user, users[i].ID)
+ logrus.Infof("自动修正用户「%v」ID「%v」类型为管理员", users[i].Nickname, users[i].ID)
+ }
+ }
}
if err := global.DB.AutoMigrate(&model.Asset{}); err != nil {
diff --git a/pkg/api/asset.go b/pkg/api/asset.go
index 03f4113..8a9b139 100644
--- a/pkg/api/asset.go
+++ b/pkg/api/asset.go
@@ -52,6 +52,9 @@ func AssetAllEndpoint(c echo.Context) error {
func AssetUpdateEndpoint(c echo.Context) error {
id := c.Param("id")
+ if err := PreCheckAssetPermission(c, id); err != nil {
+ return err
+ }
var item model.Asset
if err := c.Bind(&item); err != nil {
@@ -91,6 +94,9 @@ func AssetDeleteEndpoint(c echo.Context) error {
id := c.Param("id")
split := strings.Split(id, ",")
for i := range split {
+ if err := PreCheckAssetPermission(c, id); err != nil {
+ return err
+ }
model.DeleteAssetById(split[i])
}
diff --git a/pkg/api/command.go b/pkg/api/command.go
index 721955b..255f3c6 100644
--- a/pkg/api/command.go
+++ b/pkg/api/command.go
@@ -44,6 +44,9 @@ func CommandPagingEndpoint(c echo.Context) error {
func CommandUpdateEndpoint(c echo.Context) error {
id := c.Param("id")
+ if err := PreCheckCommandPermission(c, id); err != nil {
+ return err
+ }
var item model.Command
if err := c.Bind(&item); err != nil {
@@ -59,6 +62,9 @@ func CommandDeleteEndpoint(c echo.Context) error {
id := c.Param("id")
split := strings.Split(id, ",")
for i := range split {
+ if err := PreCheckCommandPermission(c, id); err != nil {
+ return err
+ }
model.DeleteCommandById(split[i])
}
return Success(c, nil)
diff --git a/pkg/api/middleware.go b/pkg/api/middleware.go
index 95610b7..156a793 100644
--- a/pkg/api/middleware.go
+++ b/pkg/api/middleware.go
@@ -21,6 +21,9 @@ func ErrorHandler(next echo.HandlerFunc) echo.HandlerFunc {
func Auth(next echo.HandlerFunc) echo.HandlerFunc {
urls := []string{"download", "recording", "login", "static", "favicon", "logo"}
+ permissionUrls := H{
+ "/users": "admin",
+ }
return func(c echo.Context) error {
// 路由拦截 - 登录身份、资源权限判断等
@@ -37,7 +40,15 @@ func Auth(next echo.HandlerFunc) echo.HandlerFunc {
authorization, found := global.Cache.Get(token)
if !found {
logrus.Debugf("您的登录信息已失效,请重新登录后再试。")
- return Fail(c, 403, "您的登录信息已失效,请重新登录后再试。")
+ return Fail(c, 401, "您的登录信息已失效,请重新登录后再试。")
+ }
+
+ for url := range permissionUrls {
+ if strings.HasPrefix(c.Request().RequestURI, url) {
+ if authorization.(Authorization).User.Type != permissionUrls[url] {
+ return Fail(c, 403, "permission denied")
+ }
+ }
}
if authorization.(Authorization).Remember {
diff --git a/pkg/api/routes.go b/pkg/api/routes.go
index eefd944..ec34233 100644
--- a/pkg/api/routes.go
+++ b/pkg/api/routes.go
@@ -166,7 +166,7 @@ func HasPermission(c echo.Context, owner string) bool {
if !found {
return false
}
- if model.RoleAdmin == account.Role {
+ if model.TypeAdmin == account.Type {
return true
}
diff --git a/pkg/model/asset.go b/pkg/model/asset.go
index 72aa7b5..38faf0e 100644
--- a/pkg/model/asset.go
+++ b/pkg/model/asset.go
@@ -51,7 +51,7 @@ func FindAllAsset() (o []Asset, err error) {
func FindAssetByConditions(protocol string, account User) (o []Asset, err error) {
db := global.DB.Table("assets").Select("assets.id,assets.name,assets.ip,assets.port,assets.protocol,assets.active,assets.owner,assets.created, users.nickname as owner_name,COUNT(resources.user_id) as sharer_count").Joins("left join users on assets.owner = users.id").Joins("left join resources on assets.id = resources.resource_id").Group("assets.id")
- if RoleUser == account.Role {
+ if TypeUser == account.Type {
owner := account.ID
db = db.Where("assets.owner = ? or resources.user_id = ?", owner, owner)
}
@@ -67,7 +67,7 @@ func FindPageAsset(pageIndex, pageSize int, name, protocol, tags string, account
db := global.DB.Table("assets").Select("assets.id,assets.name,assets.ip,assets.port,assets.protocol,assets.active,assets.owner,assets.created, users.nickname as owner_name,COUNT(resources.user_id) as sharer_count").Joins("left join users on assets.owner = users.id").Joins("left join resources on assets.id = resources.resource_id").Group("assets.id")
dbCounter := global.DB.Table("assets").Select("DISTINCT assets.id").Joins("left join resources on assets.id = resources.resource_id")
- if RoleUser == account.Role {
+ if TypeUser == account.Type {
owner := account.ID
db = db.Where("assets.owner = ? or resources.user_id = ?", owner, owner)
dbCounter = dbCounter.Where("assets.owner = ? or resources.user_id = ?", owner, owner)
diff --git a/pkg/model/command.go b/pkg/model/command.go
index e6b9cee..23f6c4b 100644
--- a/pkg/model/command.go
+++ b/pkg/model/command.go
@@ -32,7 +32,7 @@ func FindPageCommand(pageIndex, pageSize int, name, content string, account User
db := global.DB.Table("commands").Select("commands.id,commands.name,commands.content,commands.owner,commands.created, users.nickname as owner_name,COUNT(resources.user_id) as sharer_count").Joins("left join users on commands.owner = users.id").Joins("left join resources on commands.id = resources.resource_id").Group("commands.id")
dbCounter := global.DB.Table("commands").Select("DISTINCT commands.id").Joins("left join resources on commands.id = resources.resource_id")
- if RoleUser == account.Role {
+ if TypeUser == account.Type {
owner := account.ID
db = db.Where("commands.owner = ? or resources.user_id = ?", owner, owner)
dbCounter = dbCounter.Where("commands.owner = ? or resources.user_id = ?", owner, owner)
diff --git a/pkg/model/credential.go b/pkg/model/credential.go
index db15a09..66198e9 100644
--- a/pkg/model/credential.go
+++ b/pkg/model/credential.go
@@ -45,7 +45,7 @@ type CredentialSimpleVo struct {
func FindAllCredential(account User) (o []CredentialSimpleVo, err error) {
db := global.DB.Table("credentials").Select("DISTINCT credentials.id,credentials.name").Joins("left join resources on credentials.id = resources.resource_id")
- if account.Role == RoleUser {
+ if account.Type == TypeUser {
db = db.Where("credentials.owner = ? or resources.user_id = ?", account.ID, account.ID)
}
err = db.Find(&o).Error
@@ -56,7 +56,7 @@ func FindPageCredential(pageIndex, pageSize int, name string, account User) (o [
db := global.DB.Table("credentials").Select("credentials.id,credentials.name,credentials.type,credentials.username,credentials.owner,credentials.created,users.nickname as owner_name,COUNT(resources.user_id) as sharer_count").Joins("left join users on credentials.owner = users.id").Joins("left join resources on credentials.id = resources.resource_id").Group("credentials.id")
dbCounter := global.DB.Table("credentials").Select("DISTINCT credentials.id").Joins("left join resources on credentials.id = resources.resource_id")
- if RoleUser == account.Role {
+ if TypeUser == account.Type {
owner := account.ID
db = db.Where("credentials.owner = ? or resources.user_id = ?", owner, owner)
dbCounter = dbCounter.Where("credentials.owner = ? or resources.user_id = ?", owner, owner)
diff --git a/pkg/model/user.go b/pkg/model/user.go
index 69c55df..a1c338f 100644
--- a/pkg/model/user.go
+++ b/pkg/model/user.go
@@ -7,8 +7,8 @@ import (
)
const (
- RoleUser = "user"
- RoleAdmin = "admin"
+ TypeUser = "user"
+ TypeAdmin = "admin"
)
type User struct {
@@ -20,7 +20,7 @@ type User struct {
Online bool `json:"online"`
Enabled bool `json:"enabled"`
Created utils.JsonTime `json:"created"`
- Role string `json:"role"`
+ Type string `json:"type"`
}
func (r *User) TableName() string {
diff --git a/web/src/App.js b/web/src/App.js
index cba9498..10b6881 100644
--- a/web/src/App.js
+++ b/web/src/App.js
@@ -25,8 +25,8 @@ import {
MenuFoldOutlined,
MenuUnfoldOutlined,
SettingOutlined,
- SolutionOutlined,
- UserOutlined
+ SolutionOutlined, TeamOutlined,
+ UserOutlined, UserSwitchOutlined
} from '@ant-design/icons';
import Info from "./components/user/Info";
import request from "./common/request";
@@ -188,11 +188,26 @@ class App extends Component {
+ {/*}>*/}
+ {/* }>*/}
+ {/* */}
+ {/* 用户组管理*/}
+ {/* */}
+ {/* */}
+
+ {/* }>*/}
+ {/* */}
+ {/* 用户管理*/}
+ {/* */}
+ {/* */}
+ {/**/}
+
}>
用户管理
+
: undefined
}
diff --git a/web/src/common/request.js b/web/src/common/request.js
index 657006c..de55ed6 100644
--- a/web/src/common/request.js
+++ b/web/src/common/request.js
@@ -11,22 +11,25 @@ axios.defaults.baseURL = server;
const handleError = (error) => {
if ("Network Error" === error.toString()) {
message.error('网络异常');
- return;
+ return false;
}
- if (error.response !== undefined && error.response.status === 403) {
+ if (error.response !== undefined && error.response.status === 401) {
window.location.href = '#/login';
- return;
+ return false;
}
if (error.response !== undefined) {
- // message.error(error.response.data.message);
+ message.error(error.response.data.message);
+ return false;
}
+ return true;
};
const handleResult = (result) => {
- if (result['code'] === 403) {
+ if (result['code'] === 401) {
window.location.href = '#/login';
- return;
+ return false;
}
+ return true;
}
const request = {
@@ -37,11 +40,15 @@ const request = {
return new Promise((resolve, reject) => {
axios.get(url, {headers: headers})
.then((response) => {
- handleResult(response.data);
+ if (!handleResult(response.data)) {
+ return;
+ }
resolve(response.data);
})
.catch((error) => {
- handleError(error);
+ if (!handleError(error)) {
+ return;
+ }
reject(error);
});
})
@@ -54,11 +61,15 @@ const request = {
return new Promise((resolve, reject) => {
axios.post(url, params, {headers: headers})
.then((response) => {
- handleResult(response.data);
+ if (!handleResult(response.data)) {
+ return;
+ }
resolve(response.data);
})
.catch((error) => {
- handleError(error);
+ if (!handleError(error)) {
+ return;
+ }
reject(error);
});
})
@@ -71,11 +82,15 @@ const request = {
return new Promise((resolve, reject) => {
axios.put(url, params, {headers: headers})
.then((response) => {
- handleResult(response.data);
+ if (!handleResult(response.data)) {
+ return;
+ }
resolve(response.data);
})
.catch((error) => {
- handleError(error);
+ if (!handleError(error)) {
+ return;
+ }
reject(error);
});
})
@@ -87,11 +102,15 @@ const request = {
return new Promise((resolve, reject) => {
axios.delete(url, {headers: headers})
.then((response) => {
- handleResult(response.data);
+ if (!handleResult(response.data)) {
+ return;
+ }
resolve(response.data);
})
.catch((error) => {
- handleError(error);
+ if (!handleError(error)) {
+ return;
+ }
reject(error);
});
})
@@ -103,11 +122,15 @@ const request = {
return new Promise((resolve, reject) => {
axios.patch(url, params, {headers: headers})
.then((response) => {
- handleResult(response.data);
+ if (!handleResult(response.data)) {
+ return;
+ }
resolve(response.data);
})
.catch((error) => {
- handleError(error);
+ if (!handleError(error)) {
+ return;
+ }
reject(error);
});
})
diff --git a/web/src/components/session/OfflineSession.js b/web/src/components/session/OfflineSession.js
index 02a8724..821fd72 100644
--- a/web/src/components/session/OfflineSession.js
+++ b/web/src/components/session/OfflineSession.js
@@ -298,9 +298,8 @@ class OfflineSession extends Component {
-