diff --git a/internal/api/msg.go b/internal/api/msg.go index 7a3018cc7..04643893f 100644 --- a/internal/api/msg.go +++ b/internal/api/msg.go @@ -38,10 +38,15 @@ type MessageApi struct { *rpcclient.Message validate *validator.Validate userRpcClient *rpcclient.UserRpcClient + manager *config.Manager + imAdmin *config.IMAdmin } -func NewMessageApi(msgRpcClient *rpcclient.Message, userRpcClient *rpcclient.User) MessageApi { - return MessageApi{Message: msgRpcClient, validate: validator.New(), userRpcClient: rpcclient.NewUserRpcClientByUser(userRpcClient)} +func NewMessageApi(msgRpcClient *rpcclient.Message, userRpcClient *rpcclient.User, manager *config.Manager, + imAdmin *config.IMAdmin) MessageApi { + return MessageApi{Message: msgRpcClient, validate: validator.New(), + userRpcClient: rpcclient.NewUserRpcClientByUser(userRpcClient), + manager: manager, imAdmin: imAdmin} } func (MessageApi) SetOptions(options map[string]bool, value bool) { @@ -199,7 +204,7 @@ func (m *MessageApi) SendMessage(c *gin.Context) { } // Check if the user has the app manager role. - if !authverify.IsAppManagerUid(c, m.Config) { + if !authverify.IsAppManagerUid(c, m.manager, m.imAdmin) { // Respond with a permission error if the user is not an app manager. apiresp.GinError(c, errs.ErrNoPermission.Wrap("only app manager can send message")) return @@ -257,7 +262,7 @@ func (m *MessageApi) SendBusinessNotification(c *gin.Context) { return } - if !authverify.IsAppManagerUid(c, m.Config) { + if !authverify.IsAppManagerUid(c, m.manager, m.imAdmin) { apiresp.GinError(c, errs.ErrNoPermission.Wrap("only app manager can send message")) return } @@ -301,7 +306,7 @@ func (m *MessageApi) BatchSendMsg(c *gin.Context) { return } log.ZInfo(c, "BatchSendMsg", "req", req) - if err := authverify.CheckAdmin(c, m.Config); err != nil { + if err := authverify.CheckAdmin(c, m.manager, m.imAdmin); err != nil { apiresp.GinError(c, errs.ErrNoPermission.Wrap("only app manager can send message")) return } diff --git a/internal/api/route.go b/internal/api/route.go index 2531932d8..9d3c5c9f9 100644 --- a/internal/api/route.go +++ b/internal/api/route.go @@ -147,7 +147,7 @@ func newGinRouter(disCov discoveryregistry.SvcDiscoveryRegistry, rdb redis.Unive thirdRpc := rpcclient.NewThird(disCov, config.RpcRegisterName.OpenImThirdName, config.Prometheus.GrafanaUrl) u := NewUserApi(*userRpc) - m := NewMessageApi(messageRpc, userRpc) + m := NewMessageApi(messageRpc, userRpc, &config.Manager, &config.IMAdmin) ParseToken := GinParseToken(rdb, config) userRouterGroup := r.Group("/user") { diff --git a/internal/msggateway/hub_server.go b/internal/msggateway/hub_server.go index ed18c64ea..fe3b06582 100644 --- a/internal/msggateway/hub_server.go +++ b/internal/msggateway/hub_server.go @@ -90,7 +90,7 @@ func (s *Server) GetUsersOnlineStatus( ctx context.Context, req *msggateway.GetUsersOnlineStatusReq, ) (*msggateway.GetUsersOnlineStatusResp, error) { - if !authverify.IsAppManagerUid(ctx, s.config) { + if !authverify.IsAppManagerUid(ctx, &s.config.Manager, &s.config.IMAdmin) { return nil, errs.ErrNoPermission.Wrap("only app manager") } var resp msggateway.GetUsersOnlineStatusResp diff --git a/pkg/authverify/token.go b/pkg/authverify/token.go index 43a8c2a3f..d289cc1c8 100644 --- a/pkg/authverify/token.go +++ b/pkg/authverify/token.go @@ -47,16 +47,16 @@ func CheckAccessV3(ctx context.Context, ownerUserID string, config *config.Globa return errs.ErrNoPermission.Wrap("ownerUserID", ownerUserID) } -func IsAppManagerUid(ctx context.Context, config *config.GlobalConfig) bool { - return (len(config.Manager.UserID) > 0 && utils.IsContain(mcontext.GetOpUserID(ctx), config.Manager.UserID)) || - utils.IsContain(mcontext.GetOpUserID(ctx), config.IMAdmin.UserID) +func IsAppManagerUid(ctx context.Context, manager *config.Manager, imAdmin *config.IMAdmin) bool { + return (len(manager.UserID) > 0 && utils.IsContain(mcontext.GetOpUserID(ctx), manager.UserID)) || + utils.IsContain(mcontext.GetOpUserID(ctx), imAdmin.UserID) } -func CheckAdmin(ctx context.Context, config *config.GlobalConfig) error { - if len(config.Manager.UserID) > 0 && utils.IsContain(mcontext.GetOpUserID(ctx), config.Manager.UserID) { +func CheckAdmin(ctx context.Context, manager *config.Manager, imAdmin *config.IMAdmin) error { + if len(manager.UserID) > 0 && utils.IsContain(mcontext.GetOpUserID(ctx), manager.UserID) { return nil } - if utils.IsContain(mcontext.GetOpUserID(ctx), config.IMAdmin.UserID) { + if utils.IsContain(mcontext.GetOpUserID(ctx), imAdmin.UserID) { return nil } return errs.ErrNoPermission.Wrap(fmt.Sprintf("user %s is not admin userID", mcontext.GetOpUserID(ctx))) diff --git a/pkg/common/config/config.go b/pkg/common/config/config.go index d774dc971..1e0c3f1cc 100644 --- a/pkg/common/config/config.go +++ b/pkg/common/config/config.go @@ -248,6 +248,16 @@ type Push struct { Jpns Jpns `yaml:"jpns"` } +type Manager struct { + UserID []string `yaml:"userID"` + Nickname []string `yaml:"nickname"` +} + +type IMAdmin struct { + UserID []string `yaml:"userID"` + Nickname []string `yaml:"nickname"` +} + type Prometheus struct { Enable bool `yaml:"enable"` GrafanaUrl string `yaml:"grafanaUrl"` @@ -345,16 +355,10 @@ type GlobalConfig struct { LongConnSvr LongConnSvr `yaml:"longConnSvr"` - Push Push `yaml:"push"` - Manager struct { - UserID []string `yaml:"userID"` - Nickname []string `yaml:"nickname"` - } `yaml:"manager"` + Push Push `yaml:"push"` + Manager Manager `yaml:"manager"` - IMAdmin struct { - UserID []string `yaml:"userID"` - Nickname []string `yaml:"nickname"` - } `yaml:"im-admin"` + IMAdmin IMAdmin `yaml:"im-admin"` MultiLoginPolicy int `yaml:"multiLoginPolicy"` MsgCacheTimeout int `yaml:"msgCacheTimeout"`