|
@@ -6,17 +6,134 @@
|
|
|
*/
|
|
|
package middleware
|
|
|
|
|
|
-import "github.com/kataras/iris/v12"
|
|
|
+import (
|
|
|
+ "encoding/json"
|
|
|
+ "errors"
|
|
|
+ "fmt"
|
|
|
+ "io/ioutil"
|
|
|
+ "log"
|
|
|
|
|
|
-func AccessAuth(ctx iris.Context) {
|
|
|
- // 人员判断
|
|
|
- // 1.是管理员- 拥有所有权限
|
|
|
+ "github.com/kataras/iris/v12"
|
|
|
+ "go.mod/models"
|
|
|
+)
|
|
|
+
|
|
|
+// 员工表权限解析
|
|
|
+type permission struct {
|
|
|
+ Add int ` json:"add" `
|
|
|
+ Delete int ` json:"delete" `
|
|
|
+ Access int ` json:"access" `
|
|
|
+}
|
|
|
+
|
|
|
+// 权限JSON对象
|
|
|
+type permissionPath struct {
|
|
|
+ Contract path `json:"contract" `
|
|
|
+ Safe path `json:"safe" `
|
|
|
+ Quality path `json:"quality" `
|
|
|
+ ProjectSetting []string `json:"projectSetting" `
|
|
|
+}
|
|
|
|
|
|
- // 2不是管理员
|
|
|
+// 对象中地址列表
|
|
|
+type path struct {
|
|
|
+ Add []string `json:"add" `
|
|
|
+ Access []string `json:"access" `
|
|
|
+ Delete []string `json:"delete" `
|
|
|
+}
|
|
|
+
|
|
|
+// 权限验证中间件
|
|
|
+func AccessAuth(ctx iris.Context) {
|
|
|
+ // 1.获得成员信息
|
|
|
+ account := ctx.Values().Get("account").(*models.CmProjectAccount)
|
|
|
+ // 1-1.是管理员- 拥有所有权限
|
|
|
+ if account.IsAdmin != 1 {
|
|
|
+ // if account.IsAdmin == 1 {
|
|
|
+ // 2.获得员工可访问的权限
|
|
|
+ contractPermission := permission{}
|
|
|
+ if account.ContractPermission != "" {
|
|
|
+ err := json.Unmarshal([]byte(account.ContractPermission), &contractPermission)
|
|
|
+ // 错误后 全部权限默认为0
|
|
|
+ if err != nil {
|
|
|
+ log.Println("合同权限解析错误:err=", err)
|
|
|
+ }
|
|
|
+ }
|
|
|
+ safePermission := permission{}
|
|
|
+ if account.SafePermission != "" {
|
|
|
+ err := json.Unmarshal([]byte(account.SafePermission), &safePermission)
|
|
|
+ if err != nil {
|
|
|
+ log.Println("安全权限解析错误:err=", err)
|
|
|
+ }
|
|
|
+ }
|
|
|
+ qualityPermission := permission{}
|
|
|
+ if account.QualityPermission != "" {
|
|
|
+ err := json.Unmarshal([]byte(account.QualityPermission), &qualityPermission)
|
|
|
+ if err != nil {
|
|
|
+ log.Println("质量权限解析错误:err=", err)
|
|
|
+ }
|
|
|
+ }
|
|
|
|
|
|
- // 2-1项目设置不可访问
|
|
|
+ // 2-1获得权限列表
|
|
|
+ permissionPath := permissionPath{}
|
|
|
+ permissionPathData, err := ioutil.ReadFile("../lib/permission.json")
|
|
|
+ err = json.Unmarshal(permissionPathData, &permissionPath)
|
|
|
+ if err != nil {
|
|
|
+ log.Println("权限解析错误:err=", err)
|
|
|
+ ctx.JSON(iris.Map{"code": 2, "msg": "权限解析错误"})
|
|
|
+ return
|
|
|
+ }
|
|
|
+ // 2-2 不容许访问的权限--比对访问路径
|
|
|
+ requestPath := ctx.Path()
|
|
|
+ // 合同权限
|
|
|
+ err = verifyAuth(contractPermission, permissionPath.Contract, requestPath)
|
|
|
+ if err != nil {
|
|
|
+ ctx.JSON(iris.Map{"code": 2, "msg": fmt.Sprintf("%s", err)})
|
|
|
+ return
|
|
|
+ }
|
|
|
+ // 安全权限
|
|
|
+ err = verifyAuth(contractPermission, permissionPath.Safe, requestPath)
|
|
|
+ if err != nil {
|
|
|
+ ctx.JSON(iris.Map{"code": 2, "msg": fmt.Sprintf("%s", err)})
|
|
|
+ return
|
|
|
+ }
|
|
|
+ // 质量权限
|
|
|
+ err = verifyAuth(contractPermission, permissionPath.Quality, requestPath)
|
|
|
+ if err != nil {
|
|
|
+ ctx.JSON(iris.Map{"code": 2, "msg": fmt.Sprintf("%s", err)})
|
|
|
+ return
|
|
|
+ }
|
|
|
+ // 项目设置 -只有管理员才能访问
|
|
|
+ for _, path := range permissionPath.ProjectSetting {
|
|
|
+ if path == requestPath {
|
|
|
+ ctx.JSON(iris.Map{"code": 2, "msg": "无权访问"})
|
|
|
+ return
|
|
|
+ }
|
|
|
+ }
|
|
|
|
|
|
- // 2-2 项目访问权限列表
|
|
|
+ }
|
|
|
|
|
|
ctx.Next()
|
|
|
}
|
|
|
+
|
|
|
+// 验证权限路径
|
|
|
+func verifyAuth(permission permission, pathList path, requestPath string) error {
|
|
|
+ if permission.Add == 0 {
|
|
|
+ for _, path := range pathList.Add {
|
|
|
+ if path == requestPath {
|
|
|
+ return errors.New("无权访问")
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+ if permission.Access == 0 {
|
|
|
+ for _, path := range pathList.Access {
|
|
|
+ if path == requestPath {
|
|
|
+ return errors.New("无权访问")
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+ if permission.Delete == 0 {
|
|
|
+ for _, path := range pathList.Delete {
|
|
|
+ if path == requestPath {
|
|
|
+ return errors.New("无权访问")
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+ return nil
|
|
|
+}
|