123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143 |
- package middleware
- import (
- "github.com/gin-gonic/gin"
- "icloudapp.cn/tools/entity"
- "icloudapp.cn/tools/model"
- utString "icloudapp.cn/tools/util/string"
- "strings"
- )
- func RoleMiddleWare() func(c *gin.Context) {
- return func(ctx *gin.Context) {
- //获取用户的所有分组
- uid := utString.ConvertInt64(ctx.GetString("uid"))
- if uid == 0 {
- accessDenied(ctx, "请先登录后再试")
- ctx.Abort()
- return
- }
- _, err := model.NewMRoles(ctx).Verify(uid, ctx.Request.URL)
- if err != nil {
- accessDenied(ctx, err.Error())
- ctx.Abort()
- return
- }
- ctx.Next()
- /*
- url := ctx.Request.URL.String()
- path := ctx.Request.URL.Path
- userGroups := service.NewUserGroup(ctx).UserGroups(uid)
- splitGroups := strings.Split(userGroups.Groups, ",")
- var groupsID []int64
- for _, v := range splitGroups {
- groupsID = append(groupsID, utString.ConvertInt64(v))
- }
- if len(groupsID) == 0 {
- accessDenied(ctx, "无访问组权限")
- ctx.Abort()
- return
- }
- //获取分组对应的权限
- groupsField, _ := service.NewGroup(ctx).Infos(groupsID...)
- var rolesID strings.Builder
- for _, v := range groupsField {
- if v == nil {
- continue
- }
- rolesID.WriteString(v.Roles + ",")
- }
- //获取权限对应的model
- roles := uniqueToInt64(rolesID.String(), ",")
- if len(roles) == 0 {
- accessDenied(ctx, "无权限访问")
- ctx.Abort()
- return
- }
- mRole := service.NewRoles(ctx)
- modelsField, _ := mRole.Infos(roles...)
- var modelIds strings.Builder
- for _, v := range modelsField {
- modelIds.WriteString(v.ModelIds + ",")
- }
- //获取对应的model
- modulesId := uniqueToInt64(modelIds.String(), ",")
- modules := service.NewModule(ctx)
- moduleField, _ := modules.Infos(modulesId...)
- //验证request是否有权限
- matchedURL := make([]string, 0)
- for _, module := range moduleField {
- moduleURL := module.ModelURL
- //设置的url和请求的path一样直接通过,如果是带参数或*需要额外处理
- if moduleURL == path {
- ctx.Next()
- return
- } else if strings.Contains(moduleURL, path) {
- matchedURL = append(matchedURL, moduleURL)
- } else if strings.Contains(moduleURL, ".*") {
- //如果是以.*结尾的,将modelURL才分成两部分,前半部分能匹配上当前的url就可以
- urlSplit := strings.Split(moduleURL, ",")
- if strings.Contains(url, urlSplit[0]) {
- ctx.Next()
- return
- }
- }
- }
- if len(matchedURL) == 0 {
- accessDenied(ctx, "无模块访问权限")
- ctx.Abort()
- return
- }
- for _, singleURL := range matchedURL {
- //这里需要区分url中有没有参数,没有参数就直接过,有参数就再验证参数
- parseString, _ := url2.ParseString(singleURL)
- queries := parseString.Query()
- for name, _ := range queries {
- if queries.Get(name) != ctx.Request.URL.Query().Get(name) {
- accessDenied(ctx, "权限无匹配")
- ctx.Abort()
- return
- }
- }
- }
- ctx.Next()*/
- }
- }
- func accessDenied(ctx *gin.Context, msg string) {
- entity.ResponseNormal(ctx, entity.CodeDenied, msg, []interface{}{})
- }
- func splitStrToInt64(str, sep string) []int64 {
- splitSlice := strings.Split(str, sep)
- var res []int64
- for _, v := range splitSlice {
- res = append(res, utString.ConvertInt64(v))
- }
- return res
- }
- func uniqueToInt64(str, sep string) []int64 {
- var res []int64
- splitSlice := splitStrToInt64(str, sep)
- splitMap := make(map[int64]bool, 0)
- for _, v := range splitSlice {
- if v == 0 {
- continue
- }
- if _, ok := splitMap[v]; ok {
- continue
- }
- splitMap[v] = true
- res = append(res, v)
- }
- return res
- }
|