增加普通用户访问资产时的校验 close #44

2021-01-26 21:54:44 +08:00
parent 4f1bfa6c5a
commit d771ad6ab6
7 changed files with 71 additions and 13 deletions
--- a/pkg/api/session.go
+++ b/pkg/api/session.go
@ -180,6 +180,18 @@ func SessionCreateEndpoint(c echo.Context) error {
 	assetId := c.QueryParam("assetId")
 	user, _ := GetCurrentAccount(c)

+	if model.TypeUser == user.Type {
+		// 检测是否有访问权限
+		assetIds, err := model.FindAssetIdsByUserId(user.ID)
+		if err != nil {
+			return err
+		}
+
+		if !utils.Contains(assetIds, assetId) {
+			return errors.New("您没有权限访问此资产")
+		}
+	}
+
 	asset, err := model.FindAssetById(assetId)
 	if err != nil {
 		return err