完善资源隔离和授权管理
This commit is contained in:
@ -52,6 +52,9 @@ func AssetAllEndpoint(c echo.Context) error {
|
||||
|
||||
func AssetUpdateEndpoint(c echo.Context) error {
|
||||
id := c.Param("id")
|
||||
if err := PreCheckAssetPermission(c, id); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
var item model.Asset
|
||||
if err := c.Bind(&item); err != nil {
|
||||
@ -91,6 +94,9 @@ func AssetDeleteEndpoint(c echo.Context) error {
|
||||
id := c.Param("id")
|
||||
split := strings.Split(id, ",")
|
||||
for i := range split {
|
||||
if err := PreCheckAssetPermission(c, id); err != nil {
|
||||
return err
|
||||
}
|
||||
model.DeleteAssetById(split[i])
|
||||
}
|
||||
|
||||
|
@ -44,6 +44,9 @@ func CommandPagingEndpoint(c echo.Context) error {
|
||||
|
||||
func CommandUpdateEndpoint(c echo.Context) error {
|
||||
id := c.Param("id")
|
||||
if err := PreCheckCommandPermission(c, id); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
var item model.Command
|
||||
if err := c.Bind(&item); err != nil {
|
||||
@ -59,6 +62,9 @@ func CommandDeleteEndpoint(c echo.Context) error {
|
||||
id := c.Param("id")
|
||||
split := strings.Split(id, ",")
|
||||
for i := range split {
|
||||
if err := PreCheckCommandPermission(c, id); err != nil {
|
||||
return err
|
||||
}
|
||||
model.DeleteCommandById(split[i])
|
||||
}
|
||||
return Success(c, nil)
|
||||
|
@ -21,6 +21,9 @@ func ErrorHandler(next echo.HandlerFunc) echo.HandlerFunc {
|
||||
func Auth(next echo.HandlerFunc) echo.HandlerFunc {
|
||||
|
||||
urls := []string{"download", "recording", "login", "static", "favicon", "logo"}
|
||||
permissionUrls := H{
|
||||
"/users": "admin",
|
||||
}
|
||||
|
||||
return func(c echo.Context) error {
|
||||
// 路由拦截 - 登录身份、资源权限判断等
|
||||
@ -37,7 +40,15 @@ func Auth(next echo.HandlerFunc) echo.HandlerFunc {
|
||||
authorization, found := global.Cache.Get(token)
|
||||
if !found {
|
||||
logrus.Debugf("您的登录信息已失效,请重新登录后再试。")
|
||||
return Fail(c, 403, "您的登录信息已失效,请重新登录后再试。")
|
||||
return Fail(c, 401, "您的登录信息已失效,请重新登录后再试。")
|
||||
}
|
||||
|
||||
for url := range permissionUrls {
|
||||
if strings.HasPrefix(c.Request().RequestURI, url) {
|
||||
if authorization.(Authorization).User.Type != permissionUrls[url] {
|
||||
return Fail(c, 403, "permission denied")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if authorization.(Authorization).Remember {
|
||||
|
@ -166,7 +166,7 @@ func HasPermission(c echo.Context, owner string) bool {
|
||||
if !found {
|
||||
return false
|
||||
}
|
||||
if model.RoleAdmin == account.Role {
|
||||
if model.TypeAdmin == account.Type {
|
||||
return true
|
||||
}
|
||||
|
||||
|
Reference in New Issue
Block a user