diff --git a/config/go-fly.sql b/config/go-fly.sql index 7b25d38..763862a 100644 --- a/config/go-fly.sql +++ b/config/go-fly.sql @@ -71,7 +71,7 @@ CREATE TABLE `role` ( PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8| INSERT INTO `role` (`id`, `name`, `method`, `path`) VALUES -(1, '普通客服', 'GET', '/kefuinfo,/kefulist,/roles'), +(1, '普通客服', 'GET', 'GET:/kefuinfo,GET:/kefulist,GET:/roles'), (2, '管理员', '*', '*')| DROP TABLE IF EXISTS `welcome`| diff --git a/middleware/rbac.go b/middleware/rbac.go index 28d5a30..4ab2cff 100644 --- a/middleware/rbac.go +++ b/middleware/rbac.go @@ -1,6 +1,7 @@ package middleware import ( + "fmt" "github.com/gin-gonic/gin" "github.com/taoshihan1991/imaptool/models" "strings" @@ -9,30 +10,13 @@ import ( func RbacAuth(c *gin.Context) { roleId, _ := c.Get("role_id") role := models.FindRole(roleId) - var methodFlag bool - rPaths := strings.Split(c.Request.RequestURI, "?") - if role.Method != "*" { - methods := strings.Split(role.Method, ",") - for _, m := range methods { - if c.Request.Method == m { - methodFlag = true - break - } - } - if !methodFlag { - c.JSON(200, gin.H{ - "code": 403, - "msg": "没有权限:" + c.Request.Method + "," + rPaths[0], - }) - c.Abort() - return - } - } var flag bool - if role.Path != "*" { + rPaths := strings.Split(c.Request.RequestURI, "?") + uriParam := fmt.Sprintf("%s:%s", c.Request.Method, rPaths[0]) + if role.Method != "*" || role.Path != "*" { paths := strings.Split(role.Path, ",") for _, p := range paths { - if rPaths[0] == p { + if uriParam == p { flag = true break } @@ -40,10 +24,43 @@ func RbacAuth(c *gin.Context) { if !flag { c.JSON(200, gin.H{ "code": 403, - "msg": "没有权限:" + rPaths[0], + "msg": "没有权限:" + uriParam, }) c.Abort() return } + //methods := strings.Split(role.Method, ",") + //for _, m := range methods { + // if c.Request.Method == m { + // methodFlag = true + // break + // } + //} + //if !methodFlag { + // c.JSON(200, gin.H{ + // "code": 403, + // "msg": "没有权限:" + c.Request.Method + "," + rPaths[0], + // }) + // c.Abort() + // return + //} } + //var flag bool + //if role.Path != "*" { + // paths := strings.Split(role.Path, ",") + // for _, p := range paths { + // if rPaths[0] == p { + // flag = true + // break + // } + // } + // if !flag { + // c.JSON(200, gin.H{ + // "code": 403, + // "msg": "没有权限:" + rPaths[0], + // }) + // c.Abort() + // return + // } + //} } diff --git a/static/js/chat-main.js b/static/js/chat-main.js index 24491c3..9c5b971 100644 --- a/static/js/chat-main.js +++ b/static/js/chat-main.js @@ -186,7 +186,13 @@ var app=new Vue({ mes.from_id = this.kfConfig.id; mes.to_id = this.currentGuest; mes.content = this.messageContent; - $.post("/2/message",mes,function(){ + $.post("/2/message",mes,function(res){ + if(res.code!=200){ + _this.$message({ + message: data.msg, + type: 'error' + }); + } _this.messageContent = ""; });