From d771ad6ab6f6e335a5fcef7bc9c8689e3de814f4 Mon Sep 17 00:00:00 2001 From: dushixiang Date: Tue, 26 Jan 2021 21:54:44 +0800 Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E6=99=AE=E9=80=9A=E7=94=A8?= =?UTF-8?q?=E6=88=B7=E8=AE=BF=E9=97=AE=E8=B5=84=E4=BA=A7=E6=97=B6=E7=9A=84?= =?UTF-8?q?=E6=A0=A1=E9=AA=8C=20close=20#44?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pkg/api/session.go | 12 ++++++++++++ pkg/api/user.go | 11 +++++++++++ pkg/model/login-log.go | 8 ++++---- pkg/model/resource-sharer.go | 18 ++++++++++++++++++ pkg/model/user.go | 4 ++++ pkg/utils/utils.go | 9 +++++++++ web/src/components/access/Access.js | 22 +++++++++++++--------- 7 files changed, 71 insertions(+), 13 deletions(-) diff --git a/pkg/api/session.go b/pkg/api/session.go index 7b99446..20e2dbc 100644 --- a/pkg/api/session.go +++ b/pkg/api/session.go @@ -180,6 +180,18 @@ func SessionCreateEndpoint(c echo.Context) error { assetId := c.QueryParam("assetId") user, _ := GetCurrentAccount(c) + if model.TypeUser == user.Type { + // 检测是否有访问权限 + assetIds, err := model.FindAssetIdsByUserId(user.ID) + if err != nil { + return err + } + + if !utils.Contains(assetIds, assetId) { + return errors.New("您没有权限访问此资产") + } + } + asset, err := model.FindAssetById(assetId) if err != nil { return err diff --git a/pkg/api/user.go b/pkg/api/user.go index b5dd86e..2cab914 100644 --- a/pkg/api/user.go +++ b/pkg/api/user.go @@ -72,6 +72,17 @@ func UserDeleteEndpoint(c echo.Context) error { if account.ID == userId { return Fail(c, -1, "不允许删除自身账户") } + // 将用户强制下线 + loginLogs, err := model.FindAliveLoginLogsByUserId(userId) + if err != nil { + return err + } + if loginLogs != nil && len(loginLogs) > 0 { + for j := range loginLogs { + model.Logout(loginLogs[j].ID) + } + } + // 删除用户 model.DeleteUserById(userId) } diff --git a/pkg/model/login-log.go b/pkg/model/login-log.go index 2830eba..03c279c 100644 --- a/pkg/model/login-log.go +++ b/pkg/model/login-log.go @@ -81,15 +81,15 @@ func FindLoginLogById(id string) (o LoginLog, err error) { return } -func Logout(id string) { +func Logout(token string) { - loginLog, err := FindLoginLogById(id) + loginLog, err := FindLoginLogById(token) if err != nil { - logrus.Warnf("登录日志「%v」获取失败", id) + logrus.Warnf("登录日志「%v」获取失败", token) return } - global.DB.Table("login_logs").Where("id = ?", id).Update("logout_time", utils.NowJsonTime()) + global.DB.Table("login_logs").Where("token = ?", token).Update("logout_time", utils.NowJsonTime()) loginLogs, err := FindAliveLoginLogsByUserId(loginLog.UserId) if err != nil { diff --git a/pkg/model/resource-sharer.go b/pkg/model/resource-sharer.go index 2a23a7e..d75c919 100644 --- a/pkg/model/resource-sharer.go +++ b/pkg/model/resource-sharer.go @@ -145,3 +145,21 @@ func AddSharerResources(userGroupId, userId, resourceType string, resourceIds [] return nil }) } + +func FindAssetIdsByUserId(userId string) (assetIds []string, err error) { + groupIds, err := FindUserGroupIdsByUserId(userId) + if err != nil { + return nil, err + } + + db := global.DB + db = db.Table("resource_sharers").Select("resource_id").Where("user_id = ?", userId) + if groupIds != nil && len(groupIds) > 0 { + db = db.Or("user_group_id in ?", groupIds) + } + err = db.Find(&assetIds).Error + if assetIds == nil { + assetIds = make([]string, 0) + } + return +} diff --git a/pkg/model/user.go b/pkg/model/user.go index 963c83c..a03cac1 100644 --- a/pkg/model/user.go +++ b/pkg/model/user.go @@ -101,6 +101,10 @@ func UpdateUserById(o *User, id string) { func DeleteUserById(id string) { global.DB.Where("id = ?", id).Delete(&User{}) + // 删除用户组中的用户关系 + global.DB.Where("user_id = ?", id).Delete(&UserGroupMember{}) + // 删除用户分享到的资产 + global.DB.Where("user_id = ?", id).Delete(&ResourceSharer{}) } func CountUser() (total int64, err error) { diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go index 14a477c..8d0b22f 100644 --- a/pkg/utils/utils.go +++ b/pkg/utils/utils.go @@ -143,3 +143,12 @@ func Sign(a []string) string { has := md5.Sum(data) return fmt.Sprintf("%x", has) } + +func Contains(s []string, str string) bool { + for _, v := range s { + if v == str { + return true + } + } + return false +} diff --git a/web/src/components/access/Access.js b/web/src/components/access/Access.js index 7353440..b6e682c 100644 --- a/web/src/components/access/Access.js +++ b/web/src/components/access/Access.js @@ -28,7 +28,8 @@ import { CloudUploadOutlined, CopyOutlined, DeleteOutlined, - DesktopOutlined, ExclamationCircleOutlined, + DesktopOutlined, + ExclamationCircleOutlined, ExpandOutlined, FileZipOutlined, FolderAddOutlined, @@ -37,7 +38,7 @@ import { UploadOutlined } from '@ant-design/icons'; import Upload from "antd/es/upload"; -import {download, exitFull, getToken, requestFullScreen} from "../../utils/utils"; +import {download, exitFull, getToken, isEmpty, requestFullScreen} from "../../utils/utils"; import './Access.css' import Draggable from 'react-draggable'; @@ -100,6 +101,9 @@ class Access extends Component { let assetsId = params.get('assetsId'); let protocol = params.get('protocol'); let sessionId = await this.createSession(assetsId); + if (isEmpty(sessionId)) { + return; + } this.setState({ sessionId: sessionId, @@ -157,7 +161,7 @@ class Access extends Component { } onTunnelStateChange = (state) => { - if(state === Guacamole.Tunnel.State.CLOSED){ + if (state === Guacamole.Tunnel.State.CLOSED) { this.showMessage('连接已关闭'); } }; @@ -285,7 +289,7 @@ class Access extends Component { message.destroy(); Modal.confirm({ title: '提示', - icon: , + icon: , content: msg, centered: true, okText: '重新连接', @@ -428,12 +432,12 @@ class Access extends Component { async createSession(assetsId) { let result = await request.post(`/sessions?assetId=${assetsId}`); - if (result.code !== 1) { - message.error(result.message, 10); - return; + if (result['code'] !== 1) { + this.showMessage(result['message']); + return null; } - document.title = result.data['ip'] + ':' + result.data['port']; - return result.data['id']; + document.title = result['data']['ip'] + ':' + result['data']['port']; + return result['data']['id']; } async renderDisplay(sessionId, protocol) {