完善资源隔离和授权管理
This commit is contained in:
dushixiang
@ -52,6 +52,9 @@ func AssetAllEndpoint(c echo.Context) error {
|
||||
|
||||
func AssetUpdateEndpoint(c echo.Context) error {
|
||||
id := c.Param("id")
|
||||
if err := PreCheckAssetPermission(c, id); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
var item model.Asset
|
||||
if err := c.Bind(&item); err != nil {
|
||||
@ -91,6 +94,9 @@ func AssetDeleteEndpoint(c echo.Context) error {
|
||||
id := c.Param("id")
|
||||
split := strings.Split(id, ",")
|
||||
for i := range split {
|
||||
if err := PreCheckAssetPermission(c, id); err != nil {
|
||||
return err
|
||||
}
|
||||
model.DeleteAssetById(split[i])
|
||||
}
|
||||
|
||||
|
||||
@ -44,6 +44,9 @@ func CommandPagingEndpoint(c echo.Context) error {
|
||||
|
||||
func CommandUpdateEndpoint(c echo.Context) error {
|
||||
id := c.Param("id")
|
||||
if err := PreCheckCommandPermission(c, id); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
var item model.Command
|
||||
if err := c.Bind(&item); err != nil {
|
||||
@ -59,6 +62,9 @@ func CommandDeleteEndpoint(c echo.Context) error {
|
||||
id := c.Param("id")
|
||||
split := strings.Split(id, ",")
|
||||
for i := range split {
|
||||
if err := PreCheckCommandPermission(c, id); err != nil {
|
||||
return err
|
||||
}
|
||||
model.DeleteCommandById(split[i])
|
||||
}
|
||||
return Success(c, nil)
|
||||
|
||||
@ -21,6 +21,9 @@ func ErrorHandler(next echo.HandlerFunc) echo.HandlerFunc {
|
||||
func Auth(next echo.HandlerFunc) echo.HandlerFunc {
|
||||
|
||||
urls := []string{"download", "recording", "login", "static", "favicon", "logo"}
|
||||
permissionUrls := H{
|
||||
"/users": "admin",
|
||||
}
|
||||
|
||||
return func(c echo.Context) error {
|
||||
// 路由拦截 - 登录身份、资源权限判断等
|
||||
@ -37,7 +40,15 @@ func Auth(next echo.HandlerFunc) echo.HandlerFunc {
|
||||
authorization, found := global.Cache.Get(token)
|
||||
if !found {
|
||||
logrus.Debugf("您的登录信息已失效,请重新登录后再试。")
|
||||
return Fail(c, 403, "您的登录信息已失效,请重新登录后再试。")
|
||||
return Fail(c, 401, "您的登录信息已失效,请重新登录后再试。")
|
||||
}
|
||||
|
||||
for url := range permissionUrls {
|
||||
if strings.HasPrefix(c.Request().RequestURI, url) {
|
||||
if authorization.(Authorization).User.Type != permissionUrls[url] {
|
||||
return Fail(c, 403, "permission denied")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if authorization.(Authorization).Remember {
|
||||
|
||||
@ -166,7 +166,7 @@ func HasPermission(c echo.Context, owner string) bool {
|
||||
if !found {
|
||||
return false
|
||||
}
|
||||
if model.RoleAdmin == account.Role {
|
||||
if model.TypeAdmin == account.Type {
|
||||
return true
|
||||
}
|
||||
|
||||
|
||||
@ -51,7 +51,7 @@ func FindAllAsset() (o []Asset, err error) {
|
||||
func FindAssetByConditions(protocol string, account User) (o []Asset, err error) {
|
||||
db := global.DB.Table("assets").Select("assets.id,assets.name,assets.ip,assets.port,assets.protocol,assets.active,assets.owner,assets.created, users.nickname as owner_name,COUNT(resources.user_id) as sharer_count").Joins("left join users on assets.owner = users.id").Joins("left join resources on assets.id = resources.resource_id").Group("assets.id")
|
||||
|
||||
if RoleUser == account.Role {
|
||||
if TypeUser == account.Type {
|
||||
owner := account.ID
|
||||
db = db.Where("assets.owner = ? or resources.user_id = ?", owner, owner)
|
||||
}
|
||||
@ -67,7 +67,7 @@ func FindPageAsset(pageIndex, pageSize int, name, protocol, tags string, account
|
||||
db := global.DB.Table("assets").Select("assets.id,assets.name,assets.ip,assets.port,assets.protocol,assets.active,assets.owner,assets.created, users.nickname as owner_name,COUNT(resources.user_id) as sharer_count").Joins("left join users on assets.owner = users.id").Joins("left join resources on assets.id = resources.resource_id").Group("assets.id")
|
||||
dbCounter := global.DB.Table("assets").Select("DISTINCT assets.id").Joins("left join resources on assets.id = resources.resource_id")
|
||||
|
||||
if RoleUser == account.Role {
|
||||
if TypeUser == account.Type {
|
||||
owner := account.ID
|
||||
db = db.Where("assets.owner = ? or resources.user_id = ?", owner, owner)
|
||||
dbCounter = dbCounter.Where("assets.owner = ? or resources.user_id = ?", owner, owner)
|
||||
|
||||
@ -32,7 +32,7 @@ func FindPageCommand(pageIndex, pageSize int, name, content string, account User
|
||||
db := global.DB.Table("commands").Select("commands.id,commands.name,commands.content,commands.owner,commands.created, users.nickname as owner_name,COUNT(resources.user_id) as sharer_count").Joins("left join users on commands.owner = users.id").Joins("left join resources on commands.id = resources.resource_id").Group("commands.id")
|
||||
dbCounter := global.DB.Table("commands").Select("DISTINCT commands.id").Joins("left join resources on commands.id = resources.resource_id")
|
||||
|
||||
if RoleUser == account.Role {
|
||||
if TypeUser == account.Type {
|
||||
owner := account.ID
|
||||
db = db.Where("commands.owner = ? or resources.user_id = ?", owner, owner)
|
||||
dbCounter = dbCounter.Where("commands.owner = ? or resources.user_id = ?", owner, owner)
|
||||
|
||||
@ -45,7 +45,7 @@ type CredentialSimpleVo struct {
|
||||
|
||||
func FindAllCredential(account User) (o []CredentialSimpleVo, err error) {
|
||||
db := global.DB.Table("credentials").Select("DISTINCT credentials.id,credentials.name").Joins("left join resources on credentials.id = resources.resource_id")
|
||||
if account.Role == RoleUser {
|
||||
if account.Type == TypeUser {
|
||||
db = db.Where("credentials.owner = ? or resources.user_id = ?", account.ID, account.ID)
|
||||
}
|
||||
err = db.Find(&o).Error
|
||||
@ -56,7 +56,7 @@ func FindPageCredential(pageIndex, pageSize int, name string, account User) (o [
|
||||
db := global.DB.Table("credentials").Select("credentials.id,credentials.name,credentials.type,credentials.username,credentials.owner,credentials.created,users.nickname as owner_name,COUNT(resources.user_id) as sharer_count").Joins("left join users on credentials.owner = users.id").Joins("left join resources on credentials.id = resources.resource_id").Group("credentials.id")
|
||||
dbCounter := global.DB.Table("credentials").Select("DISTINCT credentials.id").Joins("left join resources on credentials.id = resources.resource_id")
|
||||
|
||||
if RoleUser == account.Role {
|
||||
if TypeUser == account.Type {
|
||||
owner := account.ID
|
||||
db = db.Where("credentials.owner = ? or resources.user_id = ?", owner, owner)
|
||||
dbCounter = dbCounter.Where("credentials.owner = ? or resources.user_id = ?", owner, owner)
|
||||
|
||||
@ -7,8 +7,8 @@ import (
|
||||
)
|
||||
|
||||
const (
|
||||
RoleUser = "user"
|
||||
RoleAdmin = "admin"
|
||||
TypeUser = "user"
|
||||
TypeAdmin = "admin"
|
||||
)
|
||||
|
||||
type User struct {
|
||||
@ -20,7 +20,7 @@ type User struct {
|
||||
Online bool `json:"online"`
|
||||
Enabled bool `json:"enabled"`
|
||||
Created utils.JsonTime `json:"created"`
|
||||
Role string `json:"role"`
|
||||
Type string `json:"type"`
|
||||
}
|
||||
|
||||
func (r *User) TableName() string {
|
||||
|
||||
Reference in New Issue
Block a user