123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257 |
- package middlewares
- import (
- "errors"
- "fmt"
- "net/http"
- "sync"
- "xugu_license/internal/global"
- "xugu_license/internal/models"
- "github.com/gin-gonic/gin"
- )
- var Roles = map[string]Role{
- "admin": AdminRole,
- "supportRole": SupportRole,
- "guest": GuestRole,
- }
- type UserPermission struct {
- UserInfo models.UserInfo
- Role Role
- }
- type Permission string
- const (
-
- GenerateLicense Permission = "generate_license"
- UploadLicense Permission = "upload_license"
- ReadLicense Permission = "read_license"
- ReadAllLicense Permission = "read_all_license"
- ReadlicenseRecord Permission = "read_license_record"
- UpdateLicense Permission = "update_license"
- DeleteLicense Permission = "delete_license"
-
- DispatLicense Permission = "dispat_license"
-
- CaptureLicenseOnceToDb Permission = "capture_license_once_to_db"
-
-
-
- CreateUser Permission = "create_user"
- ReadUser Permission = "read_user"
- UpdateUser Permission = "update_user"
- DeleteUser Permission = "delete_user"
-
- CreateRole Permission = "create_role"
- DeleteRole Permission = "delete_role"
- UpdateRole Permission = "update_role"
- GetRole Permission = "get_role"
- )
- var permissionMap = map[string]Permission{
- "generate_license": GenerateLicense,
- "upload_license": UploadLicense,
- "read_license": ReadLicense,
- "read_all_license": ReadAllLicense,
- "read_license_record": ReadlicenseRecord,
- "update_license": UpdateLicense,
- "delete_license": DeleteLicense,
- "dispat_license": DispatLicense,
- "capture_license_once_to_db": CaptureLicenseOnceToDb,
-
- "create_user": CreateUser,
- "read_user": ReadUser,
- "update_user": UpdateUser,
- "delete_user": DeleteUser,
- "create_role": CreateRole,
- "delete_role": DeleteRole,
- "update_role": UpdateRole,
- "get_role": GetRole,
- }
- func MapBasedStringToPermission(permissionStr string) (Permission, error) {
- fmt.Println("permissionStr: ", permissionStr)
- if perm, exists := permissionMap[permissionStr]; exists {
- return perm, nil
- }
- return "", errors.New("invalid permission string")
- }
- func StringsToPermissions(permissionStrs []string) ([]Permission, error) {
- var permissions []Permission
- fmt.Println("permissionStrs: ", permissionStrs)
- for _, str := range permissionStrs {
- perm, err := MapBasedStringToPermission(str)
- if err != nil {
- return nil, err
- }
- permissions = append(permissions, perm)
- }
- return permissions, nil
- }
- type Role struct {
- Id int
- Name string
- Permissions []Permission
- }
- var AdminRole = Role{
- Id: 0,
- Name: "admin",
- Permissions: []Permission{
- GenerateLicense,
- UploadLicense,
- ReadLicense,
- ReadAllLicense,
- UpdateLicense,
- DeleteLicense,
- DispatLicense,
- CaptureLicenseOnceToDb,
-
- ReadlicenseRecord,
- CreateUser,
- ReadUser,
- UpdateUser,
- DeleteUser,
- CreateRole,
- DeleteRole,
- UpdateRole,
- GetRole,
- },
- }
- var SupportRole = Role{
- Id: 0,
- Name: "support",
- Permissions: []Permission{
- ReadLicense,
- DispatLicense,
-
- GenerateLicense,
- ReadlicenseRecord,
- ReadUser,
- UpdateUser,
- DeleteUser,
- },
- }
- var GuestRole = Role{
- Id: 0,
- Name: "guest",
- Permissions: []Permission{
- ReadLicense,
- },
- }
- func PermissionMiddleware(requiredPermission Permission) gin.HandlerFunc {
- return func(c *gin.Context) {
- userAny, exists := c.Get("userInfo")
- if !exists {
- c.JSON(http.StatusUnauthorized, gin.H{"error": "unauthorized"})
- c.Abort()
- return
- }
- userInfo := userAny.(*UserAuthInfo)
- uP := UserPermission{
-
- Role: Role{
- Name: userInfo.Role,
- },
- }
-
-
-
-
-
-
-
-
-
-
-
-
-
- roleKey := userInfo.Role
- if role, exists := Roles[roleKey]; exists {
-
- uP.Role = role
- } else {
-
- global.Logger.Errorln("Role does not exist ")
- c.JSON(http.StatusBadRequest, gin.H{"error": "invalid role"})
- c.Abort()
- return
- }
- hasPermission := false
- for _, p := range uP.Role.Permissions {
- if p == requiredPermission {
- hasPermission = true
- break
- }
- }
- if !hasPermission {
- global.Logger.Errorln("没有权限 ")
- c.JSON(http.StatusForbidden, gin.H{"error": "没有权限"})
- c.Abort()
- return
- }
- c.Next()
- }
- }
- var mu sync.Mutex
|