完善资源隔离和授权管理

This commit is contained in:
dushixiang
2021-01-16 17:29:20 +08:00
parent 44110722b2
commit 11c1ac23e4
16 changed files with 120 additions and 50 deletions

View File

@ -52,6 +52,9 @@ func AssetAllEndpoint(c echo.Context) error {
func AssetUpdateEndpoint(c echo.Context) error {
id := c.Param("id")
if err := PreCheckAssetPermission(c, id); err != nil {
return err
}
var item model.Asset
if err := c.Bind(&item); err != nil {
@ -91,6 +94,9 @@ func AssetDeleteEndpoint(c echo.Context) error {
id := c.Param("id")
split := strings.Split(id, ",")
for i := range split {
if err := PreCheckAssetPermission(c, id); err != nil {
return err
}
model.DeleteAssetById(split[i])
}

View File

@ -44,6 +44,9 @@ func CommandPagingEndpoint(c echo.Context) error {
func CommandUpdateEndpoint(c echo.Context) error {
id := c.Param("id")
if err := PreCheckCommandPermission(c, id); err != nil {
return err
}
var item model.Command
if err := c.Bind(&item); err != nil {
@ -59,6 +62,9 @@ func CommandDeleteEndpoint(c echo.Context) error {
id := c.Param("id")
split := strings.Split(id, ",")
for i := range split {
if err := PreCheckCommandPermission(c, id); err != nil {
return err
}
model.DeleteCommandById(split[i])
}
return Success(c, nil)

View File

@ -21,6 +21,9 @@ func ErrorHandler(next echo.HandlerFunc) echo.HandlerFunc {
func Auth(next echo.HandlerFunc) echo.HandlerFunc {
urls := []string{"download", "recording", "login", "static", "favicon", "logo"}
permissionUrls := H{
"/users": "admin",
}
return func(c echo.Context) error {
// 路由拦截 - 登录身份、资源权限判断等
@ -37,7 +40,15 @@ func Auth(next echo.HandlerFunc) echo.HandlerFunc {
authorization, found := global.Cache.Get(token)
if !found {
logrus.Debugf("您的登录信息已失效,请重新登录后再试。")
return Fail(c, 403, "您的登录信息已失效,请重新登录后再试。")
return Fail(c, 401, "您的登录信息已失效,请重新登录后再试。")
}
for url := range permissionUrls {
if strings.HasPrefix(c.Request().RequestURI, url) {
if authorization.(Authorization).User.Type != permissionUrls[url] {
return Fail(c, 403, "permission denied")
}
}
}
if authorization.(Authorization).Remember {

View File

@ -166,7 +166,7 @@ func HasPermission(c echo.Context, owner string) bool {
if !found {
return false
}
if model.RoleAdmin == account.Role {
if model.TypeAdmin == account.Type {
return true
}