12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576 |
- package routers
- import (
- "ERP_user/conf"
- "ERP_user/logs"
- "ERP_user/models/Account"
- "git.baozhida.cn/ERP_libs/lib"
- "github.com/beego/beego/v2/server/web/context"
- "strings"
- )
- var (
- filterExcludeURLMap = make(map[string]int) // 不鉴权的URL
- filterOnlyLoginCheckURLMap = make(map[string]int) // 只鉴权登录的URL
- )
- func init() {
- //初始化配置 不鉴权的URL和只鉴权登录的URL
- logs.Println("=========== 初始化路由筛选信息 =========")
- excludeUrl := conf.FilterExcludeURL
- if len(excludeUrl) > 0 {
- excludeUrlSlice := strings.Split(excludeUrl, ",")
- if len(excludeUrlSlice) > 0 {
- for _, v := range excludeUrlSlice {
- filterExcludeURLMap[v] = 1
- }
- }
- }
- checkLoginUrl := conf.FilterOnlyLoginCheckURL
- if len(checkLoginUrl) > 0 {
- checkLoginUrlSlice := strings.Split(checkLoginUrl, ",")
- if len(checkLoginUrlSlice) > 0 {
- for _, v := range checkLoginUrlSlice {
- filterOnlyLoginCheckURLMap[v] = 1
- }
- }
- }
- }
- func RBACFilter(ctx *context.Context) {
- //判断URL是否排除
- if _, ok := filterExcludeURLMap[ctx.Request.URL.Path]; ok {
- return
- }
- b_, admin_r := Account.Verification(ctx.GetCookie("User_tokey"), ctx.Input.Query("User_tokey"))
- if !b_ {
- ctx.Output.JSON(lib.JSONS{Code: 201, Msg: "请重新登陆!"}, true, false)
- return
- }
- //判断是否只验证登录的URL
- if _, ok := filterOnlyLoginCheckURLMap[ctx.Request.URL.Path]; b_ && ok {
- return
- }
- power, _ := Account.Read_Power_ByT_id(admin_r.T_power)
- if power.T_menu == "*" {
- return
- }
- api := Account.Read_API_List_ByPower(power.T_id, power.T_menu)
- flag := false
- for _, v := range api {
- if v.T_uri == ctx.Request.URL.Path {
- flag = true
- break
- }
- }
- if !flag {
- data := lib.JSONS{Code: 202, Msg: "无权访问!"}
- ctx.Output.JSON(data, true, false)
- return
- }
- }
|