From aa65ae0d4b90ad4382b0478c173c74e36dfd1c38 Mon Sep 17 00:00:00 2001 From: wanglei <34475144@qq.com> Date: Sat, 8 Nov 2025 16:10:04 +0800 Subject: [PATCH] =?UTF-8?q?=E5=AF=B9=E5=89=8D=E7=AB=AF=E7=9A=84=E8=B0=83?= =?UTF-8?q?=E7=94=A8=E6=8E=A5=E5=8F=A3=E5=A2=9E=E5=8A=A0=E6=9D=83=E9=99=90?= =?UTF-8?q?=E8=AE=A4=E8=AF=81=E4=BB=A3=E7=A0=81=EF=BC=8C=E6=9D=83=E9=99=90?= =?UTF-8?q?=E8=AE=A4=E8=AF=81=E5=A4=B1=E8=B4=A5=E8=BF=94=E5=9B=9E403?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/api/system/account.lua | 25 ++++++++++++--- src/api/system/application.lua | 25 ++++++++++++--- src/api/system/department.lua | 25 ++++++++++++--- src/api/system/permission.lua | 25 ++++++++++++--- src/api/system/postion.lua | 25 ++++++++++++--- src/api/system/role.lua | 25 ++++++++++++--- src/service/system/account.lua | 36 +++++++++++++++++++++ src/service/system/application.lua | 50 ++++++++++++++++++++++++++++++ src/service/system/department.lua | 37 ++++++++++++++++++++++ src/service/system/permission.lua | 43 +++++++++++++++++++++++++ src/service/system/position.lua | 36 +++++++++++++++++++++ src/service/system/role.lua | 36 +++++++++++++++++++++ src/service/system/user.lua | 45 ++++++++++++++++++++++----- 13 files changed, 396 insertions(+), 37 deletions(-) diff --git a/src/api/system/account.lua b/src/api/system/account.lua index 68c4a20..cb1e1ae 100644 --- a/src/api/system/account.lua +++ b/src/api/system/account.lua @@ -15,32 +15,47 @@ local routes = { { paths = { "/api/system/accounts" }, methods = { "GET" }, + filter_fun = function(vars) + ngx.ctx.perms = "system::accounts::list" + return true + end, handler = systemAccount.getSystemAccounts, - metadata = "system::accounts::list", }, { paths = { "/api/system/accounts/:id" }, methods = { "GET" }, + filter_fun = function(vars) + ngx.ctx.perms = "system::accounts::view" + return true + end, handler = systemAccount.getSystemAccount, - metadata = "system::accounts::view", }, { paths = { "/api/system/accounts" }, methods = { "POST" }, + filter_fun = function(vars) + ngx.ctx.perms = "system::accounts::add" + return true + end, handler = systemAccount.addSystemAccount, - metadata = "system::accounts::add", }, { paths = { "/api/system/accounts/:id" }, methods = { "DELETE" }, + filter_fun = function(vars) + ngx.ctx.perms = "system::accounts::delete" + return true + end, handler = systemAccount.deleteSystemAccount, - metadata = "system::accounts::delete", }, { paths = { "/api/system/accounts/:id" }, methods = { "PUT" }, + filter_fun = function(vars) + ngx.ctx.perms = "system::accounts::edit" + return true + end, handler = systemAccount.updateSystemAccount, - metadata = "system::accounts::edit", }, } diff --git a/src/api/system/application.lua b/src/api/system/application.lua index e2303cc..6b0b598 100644 --- a/src/api/system/application.lua +++ b/src/api/system/application.lua @@ -15,32 +15,47 @@ local routes = { { paths = { "/api/system/applications" }, methods = { "GET" }, + filter_fun = function(vars) + ngx.ctx.perms = "system::applications::list" + return true + end, handler = systemApplication.getSystemApplications, - metadata = "system::applications::list", }, { paths = { "/api/system/applications/:id" }, methods = { "GET" }, + filter_fun = function(vars) + ngx.ctx.perms = "system::applications::view" + return true + end, handler = systemApplication.getSystemApplication, - metadata = "system::applications::view", }, { paths = { "/api/system/applications" }, methods = { "POST" }, + filter_fun = function(vars) + ngx.ctx.perms = "system::applications::add" + return true + end, handler = systemApplication.addSystemApplication, - metadata = "system::applications::add", }, { paths = { "/api/system/applications/:id" }, methods = { "DELETE" }, + filter_fun = function(vars) + ngx.ctx.perms = "system::applications::delete" + return true + end, handler = systemApplication.deleteSystemApplication, - metadata = "system::applications::delete", }, { paths = { "/api/system/applications/:id" }, methods = { "PUT" }, + filter_fun = function(vars) + ngx.ctx.perms = "system::applications::edit" + return true + end, handler = systemApplication.updateSystemApplication, - metadata = "system::applications::edit", }, } diff --git a/src/api/system/department.lua b/src/api/system/department.lua index 9eb268f..81a38fc 100644 --- a/src/api/system/department.lua +++ b/src/api/system/department.lua @@ -15,32 +15,47 @@ local routes = { { paths = { "/api/system/departments" }, methods = { "GET" }, + filter_fun = function(vars) + ngx.ctx.perms = "system::departments::list" + return true + end, handler = systemDepartment.getSystemDepartments, - metadata = "system::departments::list", }, { paths = { "/api/system/departments/:id" }, methods = { "GET" }, + filter_fun = function(vars) + ngx.ctx.perms = "system::departments::view" + return true + end, handler = systemDepartment.getSystemDepartment, - metadata = "system::departments::view", }, { paths = { "/api/system/departments" }, methods = { "POST" }, + filter_fun = function(vars) + ngx.ctx.perms = "system::departments::add" + return true + end, handler = systemDepartment.addSystemDepartment, - metadata = "system::departments::add", }, { paths = { "/api/system/departments/:id" }, methods = { "DELETE" }, + filter_fun = function(vars) + ngx.ctx.perms = "system::departments::delete" + return true + end, handler = systemDepartment.deleteSystemDepartment, - metadata = "system::departments::delete", }, { paths = { "/api/system/departments/:id" }, methods = { "PUT" }, + filter_fun = function(vars) + ngx.ctx.perms = "system::departments::edit" + return true + end, handler = systemDepartment.updateSystemDepartment, - metadata = "system::departments::edit", }, } diff --git a/src/api/system/permission.lua b/src/api/system/permission.lua index a92585e..d66784c 100644 --- a/src/api/system/permission.lua +++ b/src/api/system/permission.lua @@ -15,32 +15,47 @@ local routes = { { paths = { "/api/system/permissions" }, methods = { "GET" }, + filter_fun = function(vars) + ngx.ctx.perms = "system::permissions::list" + return true + end, handler = systemPermission.getSystemPermissions, - metadata = "system::permissions::list", }, { paths = { "/api/system/permissions/:id" }, methods = { "GET" }, + filter_fun = function(vars) + ngx.ctx.perms = "system::permissions::view" + return true + end, handler = systemPermission.getSystemPermission, - metadata = "system::permissions::view", }, { paths = { "/api/system/permissions" }, methods = { "POST" }, + filter_fun = function(vars) + ngx.ctx.perms = "system::permissions::add" + return true + end, handler = systemPermission.addSystemPermission, - metadata = "system::permissions::add", }, { paths = { "/api/system/permissions/:id" }, methods = { "DELETE" }, + filter_fun = function(vars) + ngx.ctx.perms = "system::permissions::delete" + return true + end, handler = systemPermission.deleteSystemPermission, - metadata = "system::permissions::delete", }, { paths = { "/api/system/permissions/:id" }, methods = { "PUT" }, + filter_fun = function(vars) + ngx.ctx.perms = "system::permissions::edit" + return true + end, handler = systemPermission.updateSystemPermission, - metadata = "system::permissions::edit", }, } diff --git a/src/api/system/postion.lua b/src/api/system/postion.lua index 42dca38..672075d 100644 --- a/src/api/system/postion.lua +++ b/src/api/system/postion.lua @@ -15,32 +15,47 @@ local routes = { { paths = { "/api/system/positions" }, methods = { "GET" }, + filter_fun = function(vars) + ngx.ctx.perms = "system::positions::list" + return true + end, handler = systemPosition.getSystemPositions, - metadata = "system::positions::list", }, { paths = { "/api/system/positions/:id" }, methods = { "GET" }, + filter_fun = function(vars) + ngx.ctx.perms = "system::positions::view" + return true + end, handler = systemPosition.getSystemPosition, - metadata = "system::positions::list", }, { paths = { "/api/system/positions" }, methods = { "POST" }, + filter_fun = function(vars) + ngx.ctx.perms = "system::positions::add" + return true + end, handler = systemPosition.addSystemPosition, - metadata = "system::positions::list", }, { paths = { "/api/system/positions/:id" }, methods = { "DELETE" }, + filter_fun = function(vars) + ngx.ctx.perms = "system::positions::delete" + return true + end, handler = systemPosition.deleteSystemPosition, - metadata = "system::positions::list", }, { paths = { "/api/system/positions/:id" }, methods = { "PUT" }, + filter_fun = function(vars) + ngx.ctx.perms = "system::positions::edit" + return true + end, handler = systemPosition.updateSystemPosition, - metadata = "system::positions::list", }, } diff --git a/src/api/system/role.lua b/src/api/system/role.lua index 002fd0e..a7a478d 100644 --- a/src/api/system/role.lua +++ b/src/api/system/role.lua @@ -15,32 +15,47 @@ local routes = { { paths = { "/api/system/roles" }, methods = { "GET" }, + filter_fun = function(vars) + ngx.ctx.perms = "system::roles::list" + return true + end, handler = systemRole.getSystemRoles, - metadata = "system::roles::list", }, { paths = { "/api/system/roles/:id" }, methods = { "GET" }, + filter_fun = function(vars) + ngx.ctx.perms = "system::roles::view" + return true + end, handler = systemRole.getSystemRole, - metadata = "system::roles::view", }, { paths = { "/api/system/roles" }, methods = { "POST" }, + filter_fun = function(vars) + ngx.ctx.perms = "system::roles::add" + return true + end, handler = systemRole.addSystemRole, - metadata = "system::roles::add", }, { paths = { "/api/system/roles/:id" }, methods = { "DELETE" }, + filter_fun = function(vars) + ngx.ctx.perms = "system::roles::delete" + return true + end, handler = systemRole.deleteSystemRole, - metadata = "system::roles::delete", }, { paths = { "/api/system/roles/:id" }, methods = { "PUT" }, + filter_fun = function(vars) + ngx.ctx.perms = "system::roles::edit" + return true + end, handler = systemRole.updateSystemRole, - metadata = "system::roles::edit", }, } diff --git a/src/service/system/account.lua b/src/service/system/account.lua index a92e765..341e94e 100644 --- a/src/service/system/account.lua +++ b/src/service/system/account.lua @@ -7,11 +7,19 @@ local resp = require("util.response") local accountDao = require("dao.account") local validatorJson = require("validator.system.account") local cjson = require("cjson.safe") +local perm = require("util.permissionfilter") local _M = {} --获取所有账户信息 function _M.getSystemAccounts() + local role = ngx.ctx.role + --权限数据 + local perms = ngx.ctx.perms + --判断当前接口用户和角色是否有权限 + if perm:hasPermission(role, perms) == false then + ngx.exit(ngx.HTTP_FORBIDDEN) + end local pageNum = ngx.var.pagenum or 1 local pageSize = ngx.var.pagesize or 10 local code,ret = accountDao.getSystemAccounts(pageNum, pageSize) @@ -21,6 +29,13 @@ end --根据账户id获取账户信息 function _M.getSystemAccount(m) + local role = ngx.ctx.role + --权限数据 + local perms = ngx.ctx.perms + --判断当前接口用户和角色是否有权限 + if perm:hasPermission(role, perms) == false then + ngx.exit(ngx.HTTP_FORBIDDEN) + end local id = m.id local code,ret = accountDao.getSystemAccount(id) local result = resp:json(code, ret) @@ -29,6 +44,13 @@ end --根据账户id获取账户信息 function _M.addSystemAccount() + local role = ngx.ctx.role + --权限数据 + local perms = ngx.ctx.perms + --判断当前接口用户和角色是否有权限 + if perm:hasPermission(role, perms) == false then + ngx.exit(ngx.HTTP_FORBIDDEN) + end --读取请求体的数据 ngx.req.read_body() --获取请求数据 @@ -49,6 +71,13 @@ end --根据账户id删除账户信息 function _M.deleteSystemAccount(m) + local role = ngx.ctx.role + --权限数据 + local perms = ngx.ctx.perms + --判断当前接口用户和角色是否有权限 + if perm:hasPermission(role, perms) == false then + ngx.exit(ngx.HTTP_FORBIDDEN) + end local code, ret = accountDao.deleteSystemAccount(m.id) local result = resp:json(code, ret) resp:send(result) @@ -56,6 +85,13 @@ end --根据账户id删除账户信息 function _M.updateSystemAccount(m) + local role = ngx.ctx.role + --权限数据 + local perms = ngx.ctx.perms + --判断当前接口用户和角色是否有权限 + if perm:hasPermission(role, perms) == false then + ngx.exit(ngx.HTTP_FORBIDDEN) + end --读取请求体的数据 ngx.req.read_body() --获取请求数据 diff --git a/src/service/system/application.lua b/src/service/system/application.lua index 8560305..2e8658e 100644 --- a/src/service/system/application.lua +++ b/src/service/system/application.lua @@ -7,11 +7,19 @@ local resp = require("util.response") local applicationDao = require("dao.application") local validatorJson = require("validator.system.application") local cjson = require("cjson.safe") +local perm = require("util.permissionfilter") local _M = {} --获取所有应用程序信息 function _M.getSystemApplications() + local role = ngx.ctx.role + --权限数据 + local perms = ngx.ctx.perms + --判断当前接口用户和角色是否有权限 + if perm:hasPermission(role, perms) == false then + ngx.exit(ngx.HTTP_FORBIDDEN) + end --获取页码和请求的数据量 local pageNum = ngx.var.pagenum or 1 local pageSize = ngx.var.pagesize or 10 @@ -22,6 +30,13 @@ end --根据应用id获取应用信息 function _M.getSystemApplication(m) + local role = ngx.ctx.role + --权限数据 + local perms = ngx.ctx.perms + --判断当前接口用户和角色是否有权限 + if perm:hasPermission(role, perms) == false then + ngx.exit(ngx.HTTP_FORBIDDEN) + end local code,ret = applicationDao.getSystemApplication(m.id) local result = resp:json(code, ret) resp:send(result) @@ -29,6 +44,13 @@ end --根据组织id获取应用信息 function _M.getOrganizationApplication(m) + local role = ngx.ctx.role + --权限数据 + local perms = ngx.ctx.perms + --判断当前接口用户和角色是否有权限 + if perm:hasPermission(role, perms) == false then + ngx.exit(ngx.HTTP_FORBIDDEN) + end local code,ret = applicationDao.getOrganizationApplication(m.id) local result = resp:json(code, ret) resp:send(result) @@ -36,6 +58,13 @@ end --根据用户id获取应用的信息 function _M.getUserApplication(m) + local role = ngx.ctx.role + --权限数据 + local perms = ngx.ctx.perms + --判断当前接口用户和角色是否有权限 + if perm:hasPermission(role, perms) == false then + ngx.exit(ngx.HTTP_FORBIDDEN) + end local code,ret = applicationDao.getUserApplication(m.id) local result = resp:json(code, ret) resp:send(result) @@ -43,6 +72,13 @@ end --根据应用id获取应用信息 function _M.addSystemApplication() + local role = ngx.ctx.role + --权限数据 + local perms = ngx.ctx.perms + --判断当前接口用户和角色是否有权限 + if perm:hasPermission(role, perms) == false then + ngx.exit(ngx.HTTP_FORBIDDEN) + end --读取请求体的数据 ngx.req.read_body() --获取请求数据 @@ -63,6 +99,13 @@ end --根据应用id删除应用信息 function _M.deleteSystemApplication(m) + local role = ngx.ctx.role + --权限数据 + local perms = ngx.ctx.perms + --判断当前接口用户和角色是否有权限 + if perm:hasPermission(role, perms) == false then + ngx.exit(ngx.HTTP_FORBIDDEN) + end local code, ret = applicationDao.deleteApplication(m.id) local result = resp:json(code, ret) resp:send(result) @@ -70,6 +113,13 @@ end --根据应用id删除应用信息 function _M.updateSystemApplication(m) + local role = ngx.ctx.role + --权限数据 + local perms = ngx.ctx.perms + --判断当前接口用户和角色是否有权限 + if perm:hasPermission(role, perms) == false then + ngx.exit(ngx.HTTP_FORBIDDEN) + end --读取请求体的数据 ngx.req.read_body() --获取请求数据 diff --git a/src/service/system/department.lua b/src/service/system/department.lua index fef5e68..0dd0274 100644 --- a/src/service/system/department.lua +++ b/src/service/system/department.lua @@ -7,11 +7,19 @@ local resp = require("util.response") local departmentDao = require("dao.department") local validatorJson = require("validator.system.department") local cjson = require("cjson.safe") +local perm = require("util.permissionfilter") local _M = {} --获取所有组织架构信息 function _M.getSystemDepartments() + local role = ngx.ctx.role + --权限数据 + local perms = ngx.ctx.perms + --判断当前接口用户和角色是否有权限 + if perm:hasPermission(role, perms) == false then + ngx.exit(ngx.HTTP_FORBIDDEN) + end --获取页码和请求的数据量 local pageNum = ngx.var.pagenum or 1 local pageSize = ngx.var.pagesize or 10 @@ -22,6 +30,13 @@ end --根据组织id获取组织架构信息 function _M.getSystemDepartment(m) + local role = ngx.ctx.role + --权限数据 + local perms = ngx.ctx.perms + --判断当前接口用户和角色是否有权限 + if perm:hasPermission(role, perms) == false then + ngx.exit(ngx.HTTP_FORBIDDEN) + end local code,ret = departmentDao.getSystemDepartment(m.id) local result = resp:json(code, ret) resp:send(result) @@ -29,6 +44,13 @@ end --根据组织id添加组织架构信息 function _M.addSystemDepartment() + local role = ngx.ctx.role + --权限数据 + local perms = ngx.ctx.perms + --判断当前接口用户和角色是否有权限 + if perm:hasPermission(role, perms) == false then + ngx.exit(ngx.HTTP_FORBIDDEN) + end --读取请求体的数据 ngx.req.read_body() --获取请求数据 @@ -49,6 +71,14 @@ end --根据组织id删除组织架构信息 function _M.deleteSystemDepartment(m) + local role = ngx.ctx.role + --权限数据 + local perms = ngx.ctx.perms + --判断当前接口用户和角色是否有权限 + if perm:hasPermission(role, perms) == false then + ngx.exit(ngx.HTTP_FORBIDDEN) + end + --删除部门数据 local code, ret = departmentDao.deleteSystemDepartment(m.id) local result = resp:json(code, ret) resp:send(result) @@ -56,6 +86,13 @@ end --根据组织id删除组织架构信息 function _M.updateSystemDepartment(m) + local role = ngx.ctx.role + --权限数据 + local perms = ngx.ctx.perms + --判断当前接口用户和角色是否有权限 + if perm:hasPermission(role, perms) == false then + ngx.exit(ngx.HTTP_FORBIDDEN) + end --读取请求体的数据 ngx.req.read_body() --获取请求数据 diff --git a/src/service/system/permission.lua b/src/service/system/permission.lua index a218e81..87b4238 100644 --- a/src/service/system/permission.lua +++ b/src/service/system/permission.lua @@ -7,11 +7,19 @@ local resp = require("util.response") local permissionDao = require("dao.permission") local validatorJson = require("validator.system.permission") local cjson = require("cjson.safe") +local perm = require("util.permissionfilter") local _M = {} --获取所有权限信息 function _M.getSystemPermissions() + local role = ngx.ctx.role + --权限数据 + local perms = ngx.ctx.perms + --判断当前接口用户和角色是否有权限 + if perm:hasPermission(role, perms) == false then + ngx.exit(ngx.HTTP_FORBIDDEN) + end --获取页码和请求的数据量 local pageNum = ngx.var.pagenum or 1 local pageSize = ngx.var.pagesize or 10 @@ -22,6 +30,13 @@ end --根据权限id获取权限信息 function _M.get_permission(m) + local role = ngx.ctx.role + --权限数据 + local perms = ngx.ctx.perms + --判断当前接口用户和角色是否有权限 + if perm:hasPermission(role, perms) == false then + ngx.exit(ngx.HTTP_FORBIDDEN) + end local code,ret = permissionDao.getPermission(m.id) local result = resp:json(code, ret) resp:send(result) @@ -29,6 +44,13 @@ end --根据角色id获取使用的权限 function _M.getSystemPermissionByRole(m) + local role = ngx.ctx.role + --权限数据 + local perms = ngx.ctx.perms + --判断当前接口用户和角色是否有权限 + if perm:hasPermission(role, perms) == false then + ngx.exit(ngx.HTTP_FORBIDDEN) + end local code,ret = dao.getPermissionByRole(m.id) local result = resp:json(code, ret) resp:send(result) @@ -36,6 +58,13 @@ end --根据权限id获取账号信息 function _M.addSystemPermission() + local role = ngx.ctx.role + --权限数据 + local perms = ngx.ctx.perms + --判断当前接口用户和角色是否有权限 + if perm:hasPermission(role, perms) == false then + ngx.exit(ngx.HTTP_FORBIDDEN) + end --读取请求体的数据 ngx.req.read_body() --获取请求数据 @@ -56,6 +85,13 @@ end --根据账号id删除账号信息 function _M.deleteSystemPermission(m) + local role = ngx.ctx.role + --权限数据 + local perms = ngx.ctx.perms + --判断当前接口用户和角色是否有权限 + if perm:hasPermission(role, perms) == false then + ngx.exit(ngx.HTTP_FORBIDDEN) + end local code, ret = permissionDao.deleteSystemPermission(m.id) local result = resp:json(code, ret) resp:send(result) @@ -63,6 +99,13 @@ end --根据账号id删除账号信息 function _M.updateSystemPermission(m) + local role = ngx.ctx.role + --权限数据 + local perms = ngx.ctx.perms + --判断当前接口用户和角色是否有权限 + if perm:hasPermission(role, perms) == false then + ngx.exit(ngx.HTTP_FORBIDDEN) + end --读取请求体的数据 ngx.req.read_body() --获取请求数据 diff --git a/src/service/system/position.lua b/src/service/system/position.lua index 14966cc..420e2f0 100644 --- a/src/service/system/position.lua +++ b/src/service/system/position.lua @@ -7,11 +7,19 @@ local resp = require("util.response") local positionDao = require("dao.position") local validatorJson = require("validator.system.position") local cjson = require("cjson.safe") +local perm = require("util.permissionfilter") local _M = {} --获取所有岗位信息 function _M.getSystemPositions() + local role = ngx.ctx.role + --权限数据 + local perms = ngx.ctx.perms + --判断当前接口用户和角色是否有权限 + if perm:hasPermission(role, perms) == false then + ngx.exit(ngx.HTTP_FORBIDDEN) + end --获取页码和请求的数据量 local pageNum = ngx.var.pagenum or 1 local pageSize = ngx.var.pagesize or 10 @@ -22,6 +30,13 @@ end --根据岗位id获取岗位信息 function _M.getSystemPosition(m) + local role = ngx.ctx.role + --权限数据 + local perms = ngx.ctx.perms + --判断当前接口用户和角色是否有权限 + if perm:hasPermission(role, perms) == false then + ngx.exit(ngx.HTTP_FORBIDDEN) + end local code,ret = positionDao.getSystemPosition(m.id) local result = resp:json(code, ret) resp:send(result) @@ -29,6 +44,13 @@ end --根据岗位id添加岗位信息 function _M.addSystemPosition() + local role = ngx.ctx.role + --权限数据 + local perms = ngx.ctx.perms + --判断当前接口用户和角色是否有权限 + if perm:hasPermission(role, perms) == false then + ngx.exit(ngx.HTTP_FORBIDDEN) + end --读取请求体的数据 ngx.req.read_body() --获取请求数据 @@ -49,6 +71,13 @@ end --根据岗位id删除岗位信息 function _M.deleteSystemPosition(m) + local role = ngx.ctx.role + --权限数据 + local perms = ngx.ctx.perms + --判断当前接口用户和角色是否有权限 + if perm:hasPermission(role, perms) == false then + ngx.exit(ngx.HTTP_FORBIDDEN) + end local code, ret = positionDao.deleteSystemPosition(m.id) local result = resp:json(code, ret) resp:send(result) @@ -56,6 +85,13 @@ end --根据岗位id删除岗位信息 function _M.updateSystemPosition(m) + local role = ngx.ctx.role + --权限数据 + local perms = ngx.ctx.perms + --判断当前接口用户和角色是否有权限 + if perm:hasPermission(role, perms) == false then + ngx.exit(ngx.HTTP_FORBIDDEN) + end --读取请求体的数据 ngx.req.read_body() --获取请求数据 diff --git a/src/service/system/role.lua b/src/service/system/role.lua index 89239a7..391d4d9 100644 --- a/src/service/system/role.lua +++ b/src/service/system/role.lua @@ -7,11 +7,19 @@ local resp = require("util.response") local roleDao = require("dao.role") local validatorJson = require("validator.system.role") local cjson = require("cjson.safe") +local perm = require("util.permissionfilter") local _M = {} --获取所有角色信息 function _M.getSystemRoles() + local role = ngx.ctx.role + --权限数据 + local perms = ngx.ctx.perms + --判断当前接口用户和角色是否有权限 + if perm:hasPermission(role, perms) == false then + ngx.exit(ngx.HTTP_FORBIDDEN) + end --获取页码和请求的数据量 --local args = ngx.req.get_uri_args() local pageNum = ngx.var.pagenum or 1 @@ -23,6 +31,13 @@ end --根据角色id获取角色信息 function _M.getSystemRole(m) + local role = ngx.ctx.role + --权限数据 + local perms = ngx.ctx.perms + --判断当前接口用户和角色是否有权限 + if perm:hasPermission(role, perms) == false then + ngx.exit(ngx.HTTP_FORBIDDEN) + end local code,ret = roleDao.getSystemRole(m.id) local result = resp:json(code, ret) resp:send(result) @@ -30,6 +45,13 @@ end --根据角色id获取角色信息 function _M.addSystemRole() + local role = ngx.ctx.role + --权限数据 + local perms = ngx.ctx.perms + --判断当前接口用户和角色是否有权限 + if perm:hasPermission(role, perms) == false then + ngx.exit(ngx.HTTP_FORBIDDEN) + end --读取请求体的数据 ngx.req.read_body() --获取请求数据 @@ -50,6 +72,13 @@ end --根据角色id删除角色信息 function _M.deleteSystemRole(m) + local role = ngx.ctx.role + --权限数据 + local perms = ngx.ctx.perms + --判断当前接口用户和角色是否有权限 + if perm:hasPermission(role, perms) == false then + ngx.exit(ngx.HTTP_FORBIDDEN) + end local code, ret = roleDao.deleteSystemRole(m.id) local result = resp:json(code, ret) resp:send(result) @@ -57,6 +86,13 @@ end --根据角色id删除角色信息 function _M.updateSystemRole(m) + local role = ngx.ctx.role + --权限数据 + local perms = ngx.ctx.perms + --判断当前接口用户和角色是否有权限 + if perm:hasPermission(role, perms) == false then + ngx.exit(ngx.HTTP_FORBIDDEN) + end --读取请求体的数据 ngx.req.read_body() --获取请求数据 diff --git a/src/service/system/user.lua b/src/service/system/user.lua index 70ccc07..7620505 100644 --- a/src/service/system/user.lua +++ b/src/service/system/user.lua @@ -8,6 +8,7 @@ local userDao = require("dao.user") local validatorJson = require("validator.system.user") local cjson = require("cjson.safe") local token = require("util.token") +local perm = require("util.permissionfilter") local _M = {} @@ -26,17 +27,19 @@ end --获取所有用户信息 function _M.getSystemUsers(m) --获取登录的用户信息 - local userid = ngx.ctx.userid - local username = ngx.ctx.username + --local userid = ngx.ctx.userid + --local username = ngx.ctx.username local role = ngx.ctx.role - ngx.log(ngx.INFO, "userid:"..userid.." username:"..username.." role:"..role) + --ngx.log(ngx.INFO, "userid:"..userid.." username:"..username.." role:"..role) --权限数据 local perms = ngx.ctx.perms - local method = m._method - local path = m._path - ngx.log(ngx.INFO, "path:"..path.." method:"..method) + --local method = m._method + --local path = m._path + --ngx.log(ngx.INFO, "path:"..path.." method:"..method) --判断当前接口用户和角色是否有权限 - + if perm:hasPermission(role, perms) == false then + ngx.exit(ngx.HTTP_FORBIDDEN) + end --获取页码和请求的数据量 --local args = ngx.req.get_uri_args() local pageNum = ngx.var.pagenum or 1 @@ -48,6 +51,13 @@ end --根据用户id获取用户信息 function _M.getSystemUser(m) + local role = ngx.ctx.role + --权限数据 + local perms = ngx.ctx.perms + --判断当前接口用户和角色是否有权限 + if perm:hasPermission(role, perms) == false then + ngx.exit(ngx.HTTP_FORBIDDEN) + end --获取登录的用户信息 local payload = ngx.var.uid local metadata = m.metadata @@ -66,6 +76,13 @@ end --根据用户id获取用户信息 function _M.addSystemUser(m) + local role = ngx.ctx.role + --权限数据 + local perms = ngx.ctx.perms + --判断当前接口用户和角色是否有权限 + if perm:hasPermission(role, perms) == false then + ngx.exit(ngx.HTTP_FORBIDDEN) + end --读取请求体的数据 ngx.req.read_body() --获取请求数据 @@ -88,6 +105,13 @@ end --根据用户id删除用户信息 function _M.deleteSystemUser(m) + local role = ngx.ctx.role + --权限数据 + local perms = ngx.ctx.perms + --判断当前接口用户和角色是否有权限 + if perm:hasPermission(role, perms) == false then + ngx.exit(ngx.HTTP_FORBIDDEN) + end local code, ret = userDao.deleteSystemUser(m.id) local result = resp:json(code, ret) resp:send(result) @@ -95,6 +119,13 @@ end --根据用户id删除用户信息 function _M.updateSystemUser(m) + local role = ngx.ctx.role + --权限数据 + local perms = ngx.ctx.perms + --判断当前接口用户和角色是否有权限 + if perm:hasPermission(role, perms) == false then + ngx.exit(ngx.HTTP_FORBIDDEN) + end local userid = getUserId() if userid ~= m.id then ngx.log(ngx.WARN, "用户与使用token中的用户id不一致")