-
Notifications
You must be signed in to change notification settings - Fork 8
/
permission.go
69 lines (62 loc) · 1.83 KB
/
permission.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
package middleware
import (
"github.com/casbin/casbin/v2/util"
"github.com/gin-gonic/gin"
"github.com/kingwel-xie/k2/core/utils"
"net/http"
"github.com/kingwel-xie/k2/common"
"github.com/kingwel-xie/k2/common/api"
"github.com/kingwel-xie/k2/common/config"
"github.com/kingwel-xie/k2/common/response"
"github.com/kingwel-xie/k2/common/service"
)
// AuthCheckRole 权限检查中间件
func AuthCheckRole() gin.HandlerFunc {
return func(c *gin.Context) {
log := api.MustGetLogger(c)
// get jwt claims
v := service.GetIdentity(c)
// casbin
e := common.Runtime.GetCasbin()
var res, casbinExclude bool
var err error
//检查权限
if v.RoleKey == "admin" {
res = true
c.Next()
return
}
// DEV mode, check CasbinExclude
if config.ApplicationConfig.Mode == utils.ModeDev.String() {
for _, i := range CasbinExclude {
if util.KeyMatch2(c.Request.URL.Path, i.Url) && c.Request.Method == i.Method {
casbinExclude = true
break
}
}
if casbinExclude {
log.Errorf("Casbin exclusion, no validation method:%s path:%s", c.Request.Method, c.Request.URL.Path)
c.Next()
return
}
}
res, err = e.Enforce(v.RoleKey, c.Request.URL.Path, c.Request.Method)
if err != nil {
log.Errorf("AuthCheckRole error: %s method:%s path:%s", err, c.Request.Method, c.Request.URL.Path)
response.Error(c, err)
return
}
if res {
log.Infof("isTrue: %v, role: %s method: %s path: %s", res, v.RoleKey, c.Request.Method, c.Request.URL.Path)
c.Next()
} else {
log.Warnf("isTrue: %v, role: %s method: %s path: %s message: %s", res, v.RoleKey, c.Request.Method, c.Request.URL.Path, "当前request无权限,请管理员确认!")
c.JSON(http.StatusOK, gin.H{
"code": 403,
"msg": "对不起,您没有该接口访问权限,请联系管理员",
})
c.Abort()
return
}
}
}