完善资产的授权功能
This commit is contained in:
dushixiang
@ -1,6 +1,7 @@
|
||||
package api
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"github.com/labstack/echo/v4"
|
||||
"next-terminal/pkg/model"
|
||||
"next-terminal/pkg/utils"
|
||||
@ -31,7 +32,17 @@ func AssetPagingEndpoint(c echo.Context) error {
|
||||
protocol := c.QueryParam("protocol")
|
||||
tags := c.QueryParam("tags")
|
||||
|
||||
items, total, _ := model.FindPageAsset(pageIndex, pageSize, name, protocol, tags)
|
||||
var (
|
||||
total int64
|
||||
items []model.AssetVo
|
||||
)
|
||||
|
||||
account, _ := GetCurrentAccount(c)
|
||||
if account.Role == model.RoleUser {
|
||||
items, total, _ = model.FindPageAsset(pageIndex, pageSize, name, protocol, tags, account.ID)
|
||||
} else {
|
||||
items, total, _ = model.FindPageAsset(pageIndex, pageSize, name, protocol, tags, "")
|
||||
}
|
||||
|
||||
return Success(c, H{
|
||||
"total": total,
|
||||
@ -124,3 +135,27 @@ func AssetTagsEndpoint(c echo.Context) (err error) {
|
||||
}
|
||||
return Success(c, items)
|
||||
}
|
||||
|
||||
func AssetChangeOwnerEndpoint(c echo.Context) (err error) {
|
||||
id := c.Param("id")
|
||||
|
||||
if err := PreCheckAssetPermission(c, id); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
owner := c.QueryParam("owner")
|
||||
model.UpdateAssetById(&model.Asset{Owner: owner}, id)
|
||||
return Success(c, "")
|
||||
}
|
||||
|
||||
func PreCheckAssetPermission(c echo.Context, id string) error {
|
||||
item, err := model.FindAssetById(id)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if !HasPermission(c, item.Owner) {
|
||||
return errors.New("permission denied")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
package api
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"github.com/labstack/echo/v4"
|
||||
"next-terminal/pkg/model"
|
||||
"next-terminal/pkg/utils"
|
||||
@ -79,6 +80,10 @@ func CredentialPagingEndpoint(c echo.Context) error {
|
||||
func CredentialUpdateEndpoint(c echo.Context) error {
|
||||
id := c.Param("id")
|
||||
|
||||
if err := PreCheckCredentialPermission(c, id); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
var item model.Credential
|
||||
if err := c.Bind(&item); err != nil {
|
||||
return err
|
||||
@ -118,6 +123,9 @@ func CredentialDeleteEndpoint(c echo.Context) error {
|
||||
id := c.Param("id")
|
||||
split := strings.Split(id, ",")
|
||||
for i := range split {
|
||||
if err := PreCheckCredentialPermission(c, split[i]); err != nil {
|
||||
return err
|
||||
}
|
||||
model.DeleteCredentialById(split[i])
|
||||
}
|
||||
|
||||
@ -126,17 +134,39 @@ func CredentialDeleteEndpoint(c echo.Context) error {
|
||||
|
||||
func CredentialGetEndpoint(c echo.Context) error {
|
||||
id := c.Param("id")
|
||||
|
||||
item, err := model.FindCredentialById(id)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if !HasPermission(c, item.Owner) {
|
||||
return errors.New("permission denied")
|
||||
}
|
||||
|
||||
return Success(c, item)
|
||||
}
|
||||
|
||||
func CredentialChangeOwnerEndpoint(c echo.Context) error {
|
||||
id := c.Param("id")
|
||||
|
||||
if err := PreCheckCredentialPermission(c, id); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
owner := c.QueryParam("owner")
|
||||
model.UpdateCredentialById(&model.Credential{Owner: owner}, id)
|
||||
return Success(c, "")
|
||||
}
|
||||
|
||||
func PreCheckCredentialPermission(c echo.Context, id string) error {
|
||||
item, err := model.FindCredentialById(id)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if !HasPermission(c, item.Owner) {
|
||||
return errors.New("permission denied")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -18,9 +18,10 @@ func ResourceGetAssignEndPoint(c echo.Context) error {
|
||||
func ResourceOverwriteAssignEndPoint(c echo.Context) error {
|
||||
resourceId := c.Param("id")
|
||||
userIds := c.QueryParam("userIds")
|
||||
resourceType := c.QueryParam("type")
|
||||
uIds := strings.Split(userIds, ",")
|
||||
|
||||
model.OverwriteUserIdsByResourceId(resourceId, uIds)
|
||||
model.OverwriteUserIdsByResourceId(resourceId, resourceType, uIds)
|
||||
|
||||
return Success(c, "")
|
||||
}
|
||||
|
||||
@ -60,6 +60,7 @@ func SetupRoutes() *echo.Echo {
|
||||
assets.PUT("/:id", AssetUpdateEndpoint)
|
||||
assets.DELETE("/:id", AssetDeleteEndpoint)
|
||||
assets.GET("/:id", AssetGetEndpoint)
|
||||
assets.POST("/:id/change-owner", AssetChangeOwnerEndpoint)
|
||||
}
|
||||
|
||||
e.GET("/tags", AssetTagsEndpoint)
|
||||
@ -157,3 +158,19 @@ func GetCurrentAccount(c echo.Context) (model.User, bool) {
|
||||
}
|
||||
return model.User{}, false
|
||||
}
|
||||
|
||||
func HasPermission(c echo.Context, owner string) bool {
|
||||
// 检测是否为创建者
|
||||
account, found := GetCurrentAccount(c)
|
||||
if !found {
|
||||
return false
|
||||
}
|
||||
if model.RoleAdmin == account.Role {
|
||||
return true
|
||||
}
|
||||
|
||||
if owner == account.ID {
|
||||
return true
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user