diff --git a/pkg/api/session.go b/pkg/api/session.go
index 7b99446..20e2dbc 100644
--- a/pkg/api/session.go
+++ b/pkg/api/session.go
@@ -180,6 +180,18 @@ func SessionCreateEndpoint(c echo.Context) error {
assetId := c.QueryParam("assetId")
user, _ := GetCurrentAccount(c)
+ if model.TypeUser == user.Type {
+ // 检测是否有访问权限
+ assetIds, err := model.FindAssetIdsByUserId(user.ID)
+ if err != nil {
+ return err
+ }
+
+ if !utils.Contains(assetIds, assetId) {
+ return errors.New("您没有权限访问此资产")
+ }
+ }
+
asset, err := model.FindAssetById(assetId)
if err != nil {
return err
diff --git a/pkg/api/user.go b/pkg/api/user.go
index b5dd86e..2cab914 100644
--- a/pkg/api/user.go
+++ b/pkg/api/user.go
@@ -72,6 +72,17 @@ func UserDeleteEndpoint(c echo.Context) error {
if account.ID == userId {
return Fail(c, -1, "不允许删除自身账户")
}
+ // 将用户强制下线
+ loginLogs, err := model.FindAliveLoginLogsByUserId(userId)
+ if err != nil {
+ return err
+ }
+ if loginLogs != nil && len(loginLogs) > 0 {
+ for j := range loginLogs {
+ model.Logout(loginLogs[j].ID)
+ }
+ }
+ // 删除用户
model.DeleteUserById(userId)
}
diff --git a/pkg/model/login-log.go b/pkg/model/login-log.go
index 2830eba..03c279c 100644
--- a/pkg/model/login-log.go
+++ b/pkg/model/login-log.go
@@ -81,15 +81,15 @@ func FindLoginLogById(id string) (o LoginLog, err error) {
return
}
-func Logout(id string) {
+func Logout(token string) {
- loginLog, err := FindLoginLogById(id)
+ loginLog, err := FindLoginLogById(token)
if err != nil {
- logrus.Warnf("登录日志「%v」获取失败", id)
+ logrus.Warnf("登录日志「%v」获取失败", token)
return
}
- global.DB.Table("login_logs").Where("id = ?", id).Update("logout_time", utils.NowJsonTime())
+ global.DB.Table("login_logs").Where("token = ?", token).Update("logout_time", utils.NowJsonTime())
loginLogs, err := FindAliveLoginLogsByUserId(loginLog.UserId)
if err != nil {
diff --git a/pkg/model/resource-sharer.go b/pkg/model/resource-sharer.go
index 2a23a7e..d75c919 100644
--- a/pkg/model/resource-sharer.go
+++ b/pkg/model/resource-sharer.go
@@ -145,3 +145,21 @@ func AddSharerResources(userGroupId, userId, resourceType string, resourceIds []
return nil
})
}
+
+func FindAssetIdsByUserId(userId string) (assetIds []string, err error) {
+ groupIds, err := FindUserGroupIdsByUserId(userId)
+ if err != nil {
+ return nil, err
+ }
+
+ db := global.DB
+ db = db.Table("resource_sharers").Select("resource_id").Where("user_id = ?", userId)
+ if groupIds != nil && len(groupIds) > 0 {
+ db = db.Or("user_group_id in ?", groupIds)
+ }
+ err = db.Find(&assetIds).Error
+ if assetIds == nil {
+ assetIds = make([]string, 0)
+ }
+ return
+}
diff --git a/pkg/model/user.go b/pkg/model/user.go
index 963c83c..a03cac1 100644
--- a/pkg/model/user.go
+++ b/pkg/model/user.go
@@ -101,6 +101,10 @@ func UpdateUserById(o *User, id string) {
func DeleteUserById(id string) {
global.DB.Where("id = ?", id).Delete(&User{})
+ // 删除用户组中的用户关系
+ global.DB.Where("user_id = ?", id).Delete(&UserGroupMember{})
+ // 删除用户分享到的资产
+ global.DB.Where("user_id = ?", id).Delete(&ResourceSharer{})
}
func CountUser() (total int64, err error) {
diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go
index 14a477c..8d0b22f 100644
--- a/pkg/utils/utils.go
+++ b/pkg/utils/utils.go
@@ -143,3 +143,12 @@ func Sign(a []string) string {
has := md5.Sum(data)
return fmt.Sprintf("%x", has)
}
+
+func Contains(s []string, str string) bool {
+ for _, v := range s {
+ if v == str {
+ return true
+ }
+ }
+ return false
+}
diff --git a/web/src/components/access/Access.js b/web/src/components/access/Access.js
index 7353440..b6e682c 100644
--- a/web/src/components/access/Access.js
+++ b/web/src/components/access/Access.js
@@ -28,7 +28,8 @@ import {
CloudUploadOutlined,
CopyOutlined,
DeleteOutlined,
- DesktopOutlined, ExclamationCircleOutlined,
+ DesktopOutlined,
+ ExclamationCircleOutlined,
ExpandOutlined,
FileZipOutlined,
FolderAddOutlined,
@@ -37,7 +38,7 @@ import {
UploadOutlined
} from '@ant-design/icons';
import Upload from "antd/es/upload";
-import {download, exitFull, getToken, requestFullScreen} from "../../utils/utils";
+import {download, exitFull, getToken, isEmpty, requestFullScreen} from "../../utils/utils";
import './Access.css'
import Draggable from 'react-draggable';
@@ -100,6 +101,9 @@ class Access extends Component {
let assetsId = params.get('assetsId');
let protocol = params.get('protocol');
let sessionId = await this.createSession(assetsId);
+ if (isEmpty(sessionId)) {
+ return;
+ }
this.setState({
sessionId: sessionId,
@@ -157,7 +161,7 @@ class Access extends Component {
}
onTunnelStateChange = (state) => {
- if(state === Guacamole.Tunnel.State.CLOSED){
+ if (state === Guacamole.Tunnel.State.CLOSED) {
this.showMessage('连接已关闭');
}
};
@@ -285,7 +289,7 @@ class Access extends Component {
message.destroy();
Modal.confirm({
title: '提示',
- icon: ,
+ icon: ,
content: msg,
centered: true,
okText: '重新连接',
@@ -428,12 +432,12 @@ class Access extends Component {
async createSession(assetsId) {
let result = await request.post(`/sessions?assetId=${assetsId}`);
- if (result.code !== 1) {
- message.error(result.message, 10);
- return;
+ if (result['code'] !== 1) {
+ this.showMessage(result['message']);
+ return null;
}
- document.title = result.data['ip'] + ':' + result.data['port'];
- return result.data['id'];
+ document.title = result['data']['ip'] + ':' + result['data']['port'];
+ return result['data']['id'];
}
async renderDisplay(sessionId, protocol) {