支持后端鉴权

router/Router.go

@@ -59,16 +59,16 @@ func commonRouter(r *gin.Engine) {
 	user := api.Group("/user", authMiddleware.MiddlewareFunc())
 	user.GET("/info", handler.GetUser)
 	user.GET("/nav", handler.GetUserNav)
-	user.GET("", handler.GetUserList)
-	user.PUT("", handler.PutUser)
+	user.GET("/query", handler.GetUserList)
+	user.PUT("/edit", handler.PutUser)
 	user.PUT("resetPassword", handler.PutResetPassword)
 
 	// role group
 	role := api.Group("/role", authMiddleware.MiddlewareFunc())
-	role.GET("", handler.RoleGet)
-	role.POST("", handler.RolePost)
-	role.PUT("", handler.RolePut)
-	role.DELETE("/:id", handler.RoleDelete)
+	role.GET("query", handler.RoleGet)
+	role.POST("add", handler.RolePost)
+	role.PUT("edit", handler.RolePut)
+	role.DELETE("delete/:id", handler.RoleDelete)
 	role.POST("permission", handler.RolePermissionPost)
 
 	// menu group
@@ -77,16 +77,16 @@ func commonRouter(r *gin.Engine) {
 
 	// instance group
 	instance := api.Group("/instance", authMiddleware.MiddlewareFunc())
-	instance.GET("", handler.InstanceGet)
+	instance.GET("query", handler.InstanceGet)
 	instance.GET("/:instId", handler.InstanceInstIdGet)
-	instance.POST("", handler.InstancePost)
-	instance.PUT("", handler.InstancePut)
-	instance.DELETE("/:id", handler.InstanceDelete)
+	instance.POST("add", handler.InstancePost)
+	instance.PUT("edit", handler.InstancePut)
+	instance.DELETE("delete/:id", handler.InstanceDelete)
 	instance.GET("db/:instId", handler.InstanceDdGet)
 
 	// inspection group
 	inspection := api.Group("/inspection", authMiddleware.MiddlewareFunc())
-	inspection.GET("", handler.InspectionGet)
+	inspection.GET("query", handler.InspectionGet)
 	inspection.GET("/:id", handler.InspectionDetailGet)
 
 	// score group
@@ -99,8 +99,8 @@ func commonRouter(r *gin.Engine) {
 	project := sqlAudit.Group("/project", authMiddleware.MiddlewareFunc())
 	project.GET("", handler.ProjectGet)
 	project.GET("/:projId", handler.ProjectProjIdGet)
-	project.POST("", handler.ProjectPost)
-	project.PUT("", handler.ProjectPut)
+	project.POST("add", handler.ProjectPost)
+	project.PUT("edit", handler.ProjectPut)
 	project.DELETE("/:id", handler.ProjectDelete)
 	project.POST("resource/config", handler.ProjectResourceConfigPost)
 	project.GET("role", handler.ProjectRoleGet)
@@ -111,8 +111,8 @@ func commonRouter(r *gin.Engine) {
 	workflow := sqlAudit.Group("/workflow", authMiddleware.MiddlewareFunc())
 	workflow.GET("", handler.WorkflowGet)
 	workflow.GET("/:id", handler.WorkflowIdGet)
-	workflow.POST("", handler.WorkflowPost)
-	workflow.PUT("", handler.WorkflowPut)
+	workflow.POST("add", handler.WorkflowPost)
+	workflow.PUT("edit", handler.WorkflowPut)
 	workflow.DELETE("/:id", handler.WorkflowDelete)
 	workflow.GET("progress/:id", handler.WorkflowIdProgressGet)
 	workflow.POST("audit", handler.WorkflowAuditPost)
@@ -124,8 +124,8 @@ func commonRouter(r *gin.Engine) {
 	// workflowTemplate group
 	workflowTemplate := sqlAudit.Group("/workflowTemplate", authMiddleware.MiddlewareFunc())
 	workflowTemplate.GET("", handler.WorkflowTemplateGet)
-	workflowTemplate.POST("", handler.WorkflowTemplatePost)
-	workflowTemplate.PUT("", handler.WorkflowTemplatePut)
+	workflowTemplate.POST("add", handler.WorkflowTemplatePost)
+	workflowTemplate.PUT("edit", handler.WorkflowTemplatePut)
 	workflowTemplate.DELETE("/:id", handler.WorkflowTemplateDelete)
 	workflowTemplate.POST("/config", handler.WorkflowTemplateConfigPost)
 }

service/ProjectService.go

@@ -182,7 +182,7 @@ func ProjectUserSelectByUserName(c *gin.Context) {
 	}
 	var results []result
 	// 执行查询
-	model.Db.Select("projects.*").Model(&model.ProjectUser{}).
+	model.Db.Debug().Select("distinct projects.*").Model(&model.ProjectUser{}).
 		Joins("inner join projects on project_users.proj_id = projects.proj_id").
 		Where("user_name = ?", c.Param("userName")).Scan(&results)
 	c.JSON(http.StatusOK, gin.H{"code": 1, "msg": "success", "data": &results, "err": ""})

service/WorkflowService.go

@@ -97,6 +97,10 @@ func WorkflowInsert(c *gin.Context) {
 	}
 	userInfo, _ := c.Keys["UserName"]
 	workflow.UserName = userInfo.(*model.User).UserName
+
+	// 查询是否有新增工单权限
+	// CanAddWorkflow(&workflow)
+
 	tx := model.Db.Begin()
 
 	var instance model.Instance
@@ -198,17 +202,19 @@ func WorkflowInsert(c *gin.Context) {
 	}
 }
 
+// WorkflowUpdate 重新修改
 func WorkflowUpdate(c *gin.Context) {
 	WorkflowInsert(c)
 }
 
+// WorkflowDelete 删除
 func WorkflowDelete(c *gin.Context) {
 	id := c.Param("id")
 	result := model.Db.Delete(&model.Workflow{}, id)
 	if result.Error != nil {
 		c.JSON(http.StatusOK, gin.H{"code": 0, "msg": "fail", "data": "", "err": result.Error.Error()})
 	} else if result.RowsAffected == 0 {
-		c.JSON(http.StatusOK, gin.H{"code": 0, "msg": "fail", "data": "", "err": "项目不存在"})
+		c.JSON(http.StatusOK, gin.H{"code": 0, "msg": "fail", "data": "", "err": "工单不存在"})
 	} else {
 		c.JSON(http.StatusOK, gin.H{"code": 1, "msg": "success", "data": "", "err": ""})
 	}
@@ -437,6 +443,7 @@ func WorkflowScheduledExecutionUpdate(c *gin.Context) {
 	c.JSON(http.StatusOK, gin.H{"code": 1, "msg": "success", "data": "", "err": ""})
 }
 
+// ExecuteSQL 执行实例SQL
 func ExecuteSQL(instance *model.Instance, db string, sql string) error {
 	dsn := "%s:%s@tcp(%s:%d)/%s?charset=utf8mb4&parseTime=True&loc=Local&timeout=1s"
 	dsn = fmt.Sprintf(dsn, instance.User, utils.DecryptAES([]byte(config.Conf.General.SecretKey), instance.Password), instance.Ip, instance.Port, db)
@@ -475,3 +482,9 @@ func WorkflowSqlDetailSelectById(c *gin.Context) {
 
 	c.JSON(http.StatusOK, gin.H{"code": 1, "msg": "success", "data": data, "err": ""})
 }
+
+func CanAddWorkflow(workflow *model.Workflow) bool {
+	// 判断用户当前是否可新增
+	// 工单项目 = 用户所属项目
+	return true
+}

utils/Middleware.go

@@ -9,6 +9,7 @@ import (
 	"horizon/config"
 	"horizon/model"
 	"log"
+	"regexp"
 	"time"
 )
 
@@ -59,13 +60,23 @@ func JWTAuthMiddleware() *jwt.GinJWTMiddleware {
 			return &user, nil
 		},
 		// 给定用户身份值（data参数）和 gin 上下文，此函数应检查用户是否有权到达此端点
-		// 后端鉴权
 		Authorizator: func(data interface{}, c *gin.Context) bool {
 			if v, ok := data.(*model.User); ok && v.UserName == "admin" {
 				return true
 			}
-			if _, ok := data.(*model.User); ok {
-				return true
+			if v, ok := data.(*model.User); ok {
+				// 后端鉴权
+				compileRegex := regexp.MustCompile("^/api(/.+)") // 正则表达式的分组，以括号()表示，每一对括号就是我们匹配到的一个文本，可以把他们提取出来。
+				matchPath := compileRegex.FindStringSubmatch(c.FullPath())[1]
+				var countNum int
+				sql := "SELECT count(*) as count_num FROM role_permissions rp " +
+					"inner join user_roles ur on rp.role_id = ur.role_id " +
+					"inner join users u on ur.user_id = u.id " +
+					"WHERE u.user_name = ? AND json_contains(rp.action_data, json_object('url', ?))"
+				model.Db.Raw(sql, v.UserName, matchPath).First(&countNum)
+				if countNum > 0 {
+					return true
+				}
 			}
 			return false
 		},