rbac判断部分

middleware/rbac.go

@@ -9,30 +9,41 @@ import (
 func RbacAuth(c *gin.Context){
 	roleId, _ :=c.Get("role_id")
 	role:=models.FindRole(roleId)
+	var methodFlag bool
 	if role.Method!="*"{
 		methods:=strings.Split(role.Method,",")
 		for _,m:=range methods{
-			if c.Request.Method!=m{
+			if c.Request.Method==m{
-				c.JSON(200, gin.H{
+				methodFlag=true
-					"code": 403,
+				break
-					"msg":  "没有权限:"+c.Request.Method+","+c.Request.RequestURI,
-				})
-				c.Abort()
-				return
 			}
 		}
+		if !methodFlag{
+			c.JSON(200, gin.H{
+				"code": 403,
+				"msg":  "没有权限:"+c.Request.Method+","+c.Request.RequestURI,
+			})
+			c.Abort()
+			return
+		}
 	}
+	var flag bool
 	if role.Path!="*"{
 		paths:=strings.Split(role.Path,",")
 		for _,p:=range paths{
-			if c.Request.RequestURI!=p{
+			if c.Request.RequestURI==p{
-				c.JSON(200, gin.H{
+				flag=true
-					"code": 403,
+				break
-					"msg":  "没有权限:"+c.Request.Method+","+c.Request.RequestURI,
-				})
-				c.Abort()
 			}
 		}
+		if !flag{
+			c.JSON(200, gin.H{
+				"code": 403,
+				"msg":  "没有权限:"+c.Request.Method+","+c.Request.RequestURI,
+			})
+			c.Abort()
+			return
+		}
 	}
 }