From 39b67080f7466fad386ff45c2a505b673fcb6733 Mon Sep 17 00:00:00 2001
From: taoshihan1991 <630892807@qq.com>
Date: Tue, 18 Aug 2020 14:54:10 +0800
Subject: [PATCH] =?UTF-8?q?rbac=E5=88=A4=E6=96=AD=E9=83=A8=E5=88=86?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 middleware/rbac.go | 37 ++++++++++++++++++++++++-------------
 1 file changed, 24 insertions(+), 13 deletions(-)

diff --git a/middleware/rbac.go b/middleware/rbac.go
index 2a9c877..24eda70 100644
--- a/middleware/rbac.go
+++ b/middleware/rbac.go
@@ -9,30 +9,41 @@ import (
 func RbacAuth(c *gin.Context){
 	roleId, _ :=c.Get("role_id")
 	role:=models.FindRole(roleId)
+	var methodFlag bool
 	if role.Method!="*"{
 		methods:=strings.Split(role.Method,",")
 		for _,m:=range methods{
-			if c.Request.Method!=m{
-				c.JSON(200, gin.H{
-					"code": 403,
-					"msg":  "没有权限:"+c.Request.Method+","+c.Request.RequestURI,
-				})
-				c.Abort()
-				return
+			if c.Request.Method==m{
+				methodFlag=true
+				break
 			}
 		}
+		if !methodFlag{
+			c.JSON(200, gin.H{
+				"code": 403,
+				"msg":  "没有权限:"+c.Request.Method+","+c.Request.RequestURI,
+			})
+			c.Abort()
+			return
+		}
 	}
+	var flag bool
 	if role.Path!="*"{
 		paths:=strings.Split(role.Path,",")
 		for _,p:=range paths{
-			if c.Request.RequestURI!=p{
-				c.JSON(200, gin.H{
-					"code": 403,
-					"msg":  "没有权限:"+c.Request.Method+","+c.Request.RequestURI,
-				})
-				c.Abort()
+			if c.Request.RequestURI==p{
+				flag=true
+				break
 			}
 		}
+		if !flag{
+			c.JSON(200, gin.H{
+				"code": 403,
+				"msg":  "没有权限:"+c.Request.Method+","+c.Request.RequestURI,
+			})
+			c.Abort()
+			return
+		}
 	}
 }