v1.1
This commit is contained in:
@@ -129,7 +129,7 @@ func (m *AdminAuthInterceptorMiddleware) validateJWT(r *http.Request) (*jwtx.Jwt
|
||||
}
|
||||
|
||||
// validateApiPermission 验证API权限
|
||||
func (m *AdminAuthInterceptorMiddleware) validateApiPermission(ctx context.Context, userId int64, method, path string) error {
|
||||
func (m *AdminAuthInterceptorMiddleware) validateApiPermission(ctx context.Context, userId string, method, path string) error {
|
||||
// 1. 获取用户角色
|
||||
userRoles, err := m.getUserRoles(ctx, userId)
|
||||
if err != nil {
|
||||
@@ -167,35 +167,35 @@ func (m *AdminAuthInterceptorMiddleware) validateApiPermission(ctx context.Conte
|
||||
}
|
||||
|
||||
// getUserRoles 获取用户角色
|
||||
func (m *AdminAuthInterceptorMiddleware) getUserRoles(ctx context.Context, userId int64) ([]int64, error) {
|
||||
builder := m.AdminUserRoleModel.SelectBuilder().Where("user_id = ?", userId)
|
||||
userRoles, err := m.AdminUserRoleModel.FindAll(ctx, builder, "")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
func (m *AdminAuthInterceptorMiddleware) getUserRoles(ctx context.Context, userId string) ([]string, error) {
|
||||
builder := m.AdminUserRoleModel.SelectBuilder().Where("user_id = ?", userId)
|
||||
userRoles, err := m.AdminUserRoleModel.FindAll(ctx, builder, "")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
var roleIds []int64
|
||||
for _, userRole := range userRoles {
|
||||
roleIds = append(roleIds, userRole.RoleId)
|
||||
}
|
||||
var roleIds []string
|
||||
for _, userRole := range userRoles {
|
||||
roleIds = append(roleIds, userRole.RoleId)
|
||||
}
|
||||
|
||||
return roleIds, nil
|
||||
return roleIds, nil
|
||||
}
|
||||
|
||||
// isSuperAdmin 检查是否为超级管理员
|
||||
func (m *AdminAuthInterceptorMiddleware) isSuperAdmin(ctx context.Context, roleIds []int64) bool {
|
||||
// 检查是否有超级管理员角色
|
||||
for _, roleId := range roleIds {
|
||||
role, err := m.AdminRoleModel.FindOne(ctx, roleId)
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
// 检查是否为超级管理员角色
|
||||
if role.RoleCode == model.AdminRoleCodeSuper {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
func (m *AdminAuthInterceptorMiddleware) isSuperAdmin(ctx context.Context, roleIds []string) bool {
|
||||
// 检查是否有超级管理员角色
|
||||
for _, roleId := range roleIds {
|
||||
role, err := m.AdminRoleModel.FindOne(ctx, roleId)
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
// 检查是否为超级管理员角色
|
||||
if role.RoleCode == model.AdminRoleCodeSuper {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
// getApiByMethodAndPath 根据方法和路径获取API信息
|
||||
@@ -216,19 +216,19 @@ func (m *AdminAuthInterceptorMiddleware) getApiByMethodAndPath(ctx context.Conte
|
||||
}
|
||||
|
||||
// checkRoleApiPermission 检查角色是否有API权限
|
||||
func (m *AdminAuthInterceptorMiddleware) checkRoleApiPermission(ctx context.Context, roleIds []int64, apiId int64) (bool, error) {
|
||||
for _, roleId := range roleIds {
|
||||
// 检查角色是否有该API权限
|
||||
_, err := m.AdminRoleApiModel.FindOneByRoleIdApiId(ctx, roleId, apiId)
|
||||
if err == nil {
|
||||
// 找到权限记录,说明有权限
|
||||
return true, nil
|
||||
}
|
||||
// 如果错误不是NotFound,说明是其他错误
|
||||
if !errors.Is(err, model.ErrNotFound) {
|
||||
return false, err
|
||||
}
|
||||
}
|
||||
func (m *AdminAuthInterceptorMiddleware) checkRoleApiPermission(ctx context.Context, roleIds []string, apiId string) (bool, error) {
|
||||
for _, roleId := range roleIds {
|
||||
// 检查角色是否有该API权限
|
||||
_, err := m.AdminRoleApiModel.FindOneByRoleIdApiId(ctx, roleId, apiId)
|
||||
if err == nil {
|
||||
// 找到权限记录,说明有权限
|
||||
return true, nil
|
||||
}
|
||||
// 如果错误不是NotFound,说明是其他错误
|
||||
if !errors.Is(err, model.ErrNotFound) {
|
||||
return false, err
|
||||
}
|
||||
}
|
||||
|
||||
return false, nil
|
||||
return false, nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user