增加普通用户访问资产时的校验 close #44

2021-01-26 21:54:44 +08:00
parent 4f1bfa6c5a
commit d771ad6ab6
7 changed files with 71 additions and 13 deletions
--- a/pkg/api/session.go
+++ b/pkg/api/session.go
@ -180,6 +180,18 @@ func SessionCreateEndpoint(c echo.Context) error {
 	assetId := c.QueryParam("assetId")
 	user, _ := GetCurrentAccount(c)

+	if model.TypeUser == user.Type {
+		// 检测是否有访问权限
+		assetIds, err := model.FindAssetIdsByUserId(user.ID)
+		if err != nil {
+			return err
+		}
+
+		if !utils.Contains(assetIds, assetId) {
+			return errors.New("您没有权限访问此资产")
+		}
+	}
+
 	asset, err := model.FindAssetById(assetId)
 	if err != nil {
 		return err
--- a/pkg/api/user.go
+++ b/pkg/api/user.go
@ -72,6 +72,17 @@ func UserDeleteEndpoint(c echo.Context) error {
 		if account.ID == userId {
 			return Fail(c, -1, "不允许删除自身账户")
 		}
+		// 将用户强制下线
+		loginLogs, err := model.FindAliveLoginLogsByUserId(userId)
+		if err != nil {
+			return err
+		}
+		if loginLogs != nil && len(loginLogs) > 0 {
+			for j := range loginLogs {
+				model.Logout(loginLogs[j].ID)
+			}
+		}
+		// 删除用户
 		model.DeleteUserById(userId)
 	}