msb-public
/
go-fly
mirror of https://github.com/taoshihan1991/go-fly.git
1
0
Code Issues Projects Releases Wiki Activity

rbac权限部分验证

Browse Source
pull/23/head
陶士涵 5 years ago
parent 819c52e6d5
commit ae8d3b3830
3 changed files with 47 additions and 24 deletions
Show Stats Download Patch File Download Diff File

2
config/go-fly.sql
Unescape View File

@ -71,7 +71,7 @@ CREATE TABLE `role` (
PRIMARY KEY (`id`) PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8| ) ENGINE=InnoDB DEFAULT CHARSET=utf8|
INSERT INTO `role` (`id`, `name`, `method`, `path`) VALUES INSERT INTO `role` (`id`, `name`, `method`, `path`) VALUES
(1, '普通客服', 'GET', '/kefuinfo,/kefulist,/roles'), (1, '普通客服', 'GET', 'GET:/kefuinfo,GET:/kefulist,GET:/roles'),
(2, '管理员', '*', '*')| (2, '管理员', '*', '*')|
DROP TABLE IF EXISTS `welcome`| DROP TABLE IF EXISTS `welcome`|

61
middleware/rbac.go
Unescape View File

@ -1,6 +1,7 @@
package middleware package middleware
import ( import (
"fmt"
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
"github.com/taoshihan1991/imaptool/models" "github.com/taoshihan1991/imaptool/models"
"strings" "strings"
@ -9,30 +10,13 @@ import (
func RbacAuth(c *gin.Context) { func RbacAuth(c *gin.Context) {
roleId, _ := c.Get("role_id") roleId, _ := c.Get("role_id")
role := models.FindRole(roleId) role := models.FindRole(roleId)
var methodFlag bool
rPaths := strings.Split(c.Request.RequestURI, "?")
if role.Method != "*" {
methods := strings.Split(role.Method, ",")
for _, m := range methods {
if c.Request.Method == m {
methodFlag = true
break
}
}
if !methodFlag {
c.JSON(200, gin.H{
"code": 403,
"msg": "没有权限:" + c.Request.Method + "," + rPaths[0],
})
c.Abort()
return
}
}
var flag bool var flag bool
if role.Path != "*" { rPaths := strings.Split(c.Request.RequestURI, "?")
uriParam := fmt.Sprintf("%s:%s", c.Request.Method, rPaths[0])
if role.Method != "*" || role.Path != "*" {
paths := strings.Split(role.Path, ",") paths := strings.Split(role.Path, ",")
for _, p := range paths { for _, p := range paths {
if rPaths[0] == p { if uriParam == p {
flag = true flag = true
break break
} }
@ -40,10 +24,43 @@ func RbacAuth(c *gin.Context) {
if !flag { if !flag {
c.JSON(200, gin.H{ c.JSON(200, gin.H{
"code": 403, "code": 403,
"msg": "没有权限:" + rPaths[0], "msg": "没有权限:" + uriParam,
}) })
c.Abort() c.Abort()
return return
} }
//methods := strings.Split(role.Method, ",")
//for _, m := range methods {
// if c.Request.Method == m {
// methodFlag = true
// break
// }
//}
//if !methodFlag {
// c.JSON(200, gin.H{
// "code": 403,
// "msg": "没有权限:" + c.Request.Method + "," + rPaths[0],
// })
// c.Abort()
// return
//}
} }
//var flag bool
//if role.Path != "*" {
// paths := strings.Split(role.Path, ",")
// for _, p := range paths {
// if rPaths[0] == p {
// flag = true
// break
// }
// }
// if !flag {
// c.JSON(200, gin.H{
// "code": 403,
// "msg": "没有权限:" + rPaths[0],
// })
// c.Abort()
// return
// }
//}
} }

8
static/js/chat-main.js
Unescape View File

@ -186,7 +186,13 @@ var app=new Vue({
mes.from_id = this.kfConfig.id; mes.from_id = this.kfConfig.id;
mes.to_id = this.currentGuest; mes.to_id = this.currentGuest;
mes.content = this.messageContent; mes.content = this.messageContent;
$.post("/2/message",mes,function(){ $.post("/2/message",mes,function(res){
if(res.code!=200){
_this.$message({
message: data.msg,
type: 'error'
});
}
_this.messageContent = ""; _this.messageContent = "";
}); });

Write Preview
Loading…
Cancel
Save