diff --git a/api/core/app_server.go b/api/core/app_server.go index 757e9df2..73b5b0ac 100644 --- a/api/core/app_server.go +++ b/api/core/app_server.go @@ -162,8 +162,7 @@ func authorizeMiddleware(s *AppServer, client *redis.Client) gin.HandlerFunc { strings.HasPrefix(c.Request.URL.Path, "/api/sms/") || strings.HasPrefix(c.Request.URL.Path, "/api/captcha/") || strings.HasPrefix(c.Request.URL.Path, "/api/payment/") || - strings.HasPrefix(c.Request.URL.Path, "/static/") || - c.Request.URL.Path == "/api/admin/config/get" { + strings.HasPrefix(c.Request.URL.Path, "/static/") { c.Next() return } diff --git a/api/core/types/web.go b/api/core/types/web.go index 9d0413c5..601612fa 100644 --- a/api/core/types/web.go +++ b/api/core/types/web.go @@ -30,6 +30,7 @@ const ( Success = BizCode(0) Failed = BizCode(1) NotAuthorized = BizCode(400) // 未授权 + NotPermission = BizCode(403) // 没有权限 OkMsg = "Success" ErrorMsg = "系统开小差了" diff --git a/api/handler/admin/admin_permission_handler.go b/api/handler/admin/admin_permission_handler.go index ad3bf724..b9a81d8d 100644 --- a/api/handler/admin/admin_permission_handler.go +++ b/api/handler/admin/admin_permission_handler.go @@ -25,6 +25,11 @@ func NewSysPermissionHandler(app *core.AppServer, db *gorm.DB) *SysPermissionHan } func (h *SysPermissionHandler) List(c *gin.Context) { + if err := utils.CheckPermission(c, h.db); err != nil { + resp.NotPermission(c) + return + } + var items []model.AdminPermission var data = make([]vo.AdminPermission, 0) res := h.db.Find(&items) diff --git a/api/handler/admin/admin_role_handler.go b/api/handler/admin/admin_role_handler.go index 9d7605a8..35e59ea0 100644 --- a/api/handler/admin/admin_role_handler.go +++ b/api/handler/admin/admin_role_handler.go @@ -26,12 +26,31 @@ func NewSysRoleHandler(app *core.AppServer, db *gorm.DB) *SysRoleHandler { type permission struct { Id int `json:"id"` Name string `json:"name"` + Slug string `json:"slug"` } func (h *SysRoleHandler) List(c *gin.Context) { + if err := utils.CheckPermission(c, h.db); err != nil { + resp.NotPermission(c) + return + } + + page := h.GetInt(c, "page", 1) + pageSize := h.GetInt(c, "page_size", 20) + name := h.GetTrim(c, "name") + + offset := (page - 1) * pageSize var items []model.AdminRole var data = make([]vo.AdminRole, 0) - res := h.db.Find(&items) + var total int64 + + session := h.db.Session(&gorm.Session{}) + if name != "" { + session = session.Where("name LIKE ?", "%"+name+"%") + } + + session.Model(&model.AdminRole{}).Count(&total) + res := session.Offset(offset).Limit(pageSize).Find(&items) if res.Error != nil { resp.ERROR(c, "暂无数据") return @@ -41,16 +60,18 @@ func (h *SysRoleHandler) List(c *gin.Context) { err := utils.CopyObject(item, &adminRoleVo) if err == nil { var permissions []permission - h.db.Raw("SELECT p.id,p.name "+ + h.db.Raw("SELECT p.id,p.name,p.slug "+ "FROM chatgpt_admin_role_permissions as rp "+ "LEFT JOIN chatgpt_admin_permissions as p ON rp.permission_id = p.id "+ "WHERE rp.role_id = ?", item.Id).Scan(&permissions) + adminRoleVo.Permissions = permissions adminRoleVo.CreatedAt = item.CreatedAt.Format("2006-01-02 15:04:05") data = append(data, adminRoleVo) } } - resp.SUCCESS(c, data) + pageVo := vo.NewPage(total, page, pageSize, data) + resp.SUCCESS(c, pageVo) } func (h *SysRoleHandler) Save(c *gin.Context) { diff --git a/api/handler/admin/admin_user_handler.go b/api/handler/admin/admin_user_handler.go index 2a50c203..94a94c89 100644 --- a/api/handler/admin/admin_user_handler.go +++ b/api/handler/admin/admin_user_handler.go @@ -30,6 +30,11 @@ type role struct { // List 用户列表 func (h *SysUserHandler) List(c *gin.Context) { + if err := utils.CheckPermission(c, h.db); err != nil { + resp.NotPermission(c) + return + } + page := h.GetInt(c, "page", 1) pageSize := h.GetInt(c, "page_size", 20) username := h.GetTrim(c, "username") diff --git a/api/handler/admin/api_key_handler.go b/api/handler/admin/api_key_handler.go index e4b65d2d..52b95358 100644 --- a/api/handler/admin/api_key_handler.go +++ b/api/handler/admin/api_key_handler.go @@ -68,6 +68,11 @@ func (h *ApiKeyHandler) Save(c *gin.Context) { } func (h *ApiKeyHandler) List(c *gin.Context) { + if err := utils.CheckPermission(c, h.db); err != nil { + resp.NotPermission(c) + return + } + var items []model.ApiKey var keys = make([]vo.ApiKey, 0) res := h.db.Find(&items) diff --git a/api/handler/admin/chat_handler.go b/api/handler/admin/chat_handler.go index 2f931e62..e663ca62 100644 --- a/api/handler/admin/chat_handler.go +++ b/api/handler/admin/chat_handler.go @@ -35,6 +35,11 @@ type chatItemVo struct { } func (h *ChatHandler) List(c *gin.Context) { + if err := utils.CheckPermission(c, h.db); err != nil { + resp.NotPermission(c) + return + } + var data struct { Title string `json:"title"` UserId uint `json:"user_id"` diff --git a/api/handler/admin/chat_model_handler.go b/api/handler/admin/chat_model_handler.go index 1fb9fdc7..56d1ef19 100644 --- a/api/handler/admin/chat_model_handler.go +++ b/api/handler/admin/chat_model_handler.go @@ -72,6 +72,11 @@ func (h *ChatModelHandler) Save(c *gin.Context) { // List 模型列表 func (h *ChatModelHandler) List(c *gin.Context) { + if err := utils.CheckPermission(c, h.db); err != nil { + resp.NotPermission(c) + return + } + session := h.db.Session(&gorm.Session{}) enable := h.GetBool(c, "enable") if enable { diff --git a/api/handler/admin/chat_role_handler.go b/api/handler/admin/chat_role_handler.go index 233d8434..907c136f 100644 --- a/api/handler/admin/chat_role_handler.go +++ b/api/handler/admin/chat_role_handler.go @@ -53,6 +53,11 @@ func (h *ChatRoleHandler) Save(c *gin.Context) { } func (h *ChatRoleHandler) List(c *gin.Context) { + if err := utils.CheckPermission(c, h.db); err != nil { + resp.NotPermission(c) + return + } + var items []model.ChatRole var roles = make([]vo.ChatRole, 0) res := h.db.Order("sort_num ASC").Find(&items) diff --git a/api/handler/admin/config_handler.go b/api/handler/admin/config_handler.go index 8c5cbcbf..32bf4b45 100644 --- a/api/handler/admin/config_handler.go +++ b/api/handler/admin/config_handler.go @@ -71,6 +71,11 @@ func (h *ConfigHandler) Update(c *gin.Context) { // Get 获取指定的系统配置 func (h *ConfigHandler) Get(c *gin.Context) { + if err := utils.CheckPermission(c, h.db); err != nil { + resp.NotPermission(c) + return + } + key := c.Query("key") var config model.Config res := h.db.Where("marker", key).First(&config) diff --git a/api/handler/admin/dashboard_handler.go b/api/handler/admin/dashboard_handler.go index 8c7a1c1d..b36195d1 100644 --- a/api/handler/admin/dashboard_handler.go +++ b/api/handler/admin/dashboard_handler.go @@ -5,6 +5,7 @@ import ( "chatplus/core/types" "chatplus/handler" "chatplus/store/model" + "chatplus/utils" "chatplus/utils/resp" "github.com/gin-gonic/gin" "github.com/shopspring/decimal" @@ -32,6 +33,11 @@ type statsVo struct { } func (h *DashboardHandler) Stats(c *gin.Context) { + if err := utils.CheckPermission(c, h.db); err != nil { + resp.NotPermission(c) + return + } + stats := statsVo{} // new users statistic var userCount int64 diff --git a/api/handler/admin/function_handler.go b/api/handler/admin/function_handler.go index abd22753..03c3ba6f 100644 --- a/api/handler/admin/function_handler.go +++ b/api/handler/admin/function_handler.go @@ -74,6 +74,11 @@ func (h *FunctionHandler) Set(c *gin.Context) { } func (h *FunctionHandler) List(c *gin.Context) { + if err := utils.CheckPermission(c, h.db); err != nil { + resp.NotPermission(c) + return + } + var items []model.Function res := h.db.Find(&items) if res.Error != nil { diff --git a/api/handler/admin/order_handler.go b/api/handler/admin/order_handler.go index 44edc839..99d41b86 100644 --- a/api/handler/admin/order_handler.go +++ b/api/handler/admin/order_handler.go @@ -25,6 +25,11 @@ func NewOrderHandler(app *core.AppServer, db *gorm.DB) *OrderHandler { } func (h *OrderHandler) List(c *gin.Context) { + if err := utils.CheckPermission(c, h.db); err != nil { + resp.NotPermission(c) + return + } + var data struct { OrderNo string `json:"order_no"` Status int `json:"status"` diff --git a/api/handler/admin/product_handler.go b/api/handler/admin/product_handler.go index 08e3ac11..516a839e 100644 --- a/api/handler/admin/product_handler.go +++ b/api/handler/admin/product_handler.go @@ -70,6 +70,11 @@ func (h *ProductHandler) Save(c *gin.Context) { // List 模型列表 func (h *ProductHandler) List(c *gin.Context) { + if err := utils.CheckPermission(c, h.db); err != nil { + resp.NotPermission(c) + return + } + session := h.db.Session(&gorm.Session{}) enable := h.GetBool(c, "enable") if enable { diff --git a/api/handler/admin/reward_handler.go b/api/handler/admin/reward_handler.go index a9d05bea..4625e7a8 100644 --- a/api/handler/admin/reward_handler.go +++ b/api/handler/admin/reward_handler.go @@ -24,6 +24,11 @@ func NewRewardHandler(app *core.AppServer, db *gorm.DB) *RewardHandler { } func (h *RewardHandler) List(c *gin.Context) { + if err := utils.CheckPermission(c, h.db); err != nil { + resp.NotPermission(c) + return + } + var items []model.Reward res := h.db.Order("id DESC").Find(&items) var rewards = make([]vo.Reward, 0) diff --git a/api/handler/admin/user_handler.go b/api/handler/admin/user_handler.go index b84fdf54..580831e7 100644 --- a/api/handler/admin/user_handler.go +++ b/api/handler/admin/user_handler.go @@ -27,6 +27,11 @@ func NewUserHandler(app *core.AppServer, db *gorm.DB) *UserHandler { // List 用户列表 func (h *UserHandler) List(c *gin.Context) { + if err := utils.CheckPermission(c, h.db); err != nil { + resp.NotPermission(c) + return + } + page := h.GetInt(c, "page", 1) pageSize := h.GetInt(c, "page_size", 20) username := h.GetTrim(c, "username") diff --git a/api/utils/permission.go b/api/utils/permission.go new file mode 100644 index 00000000..a81de9bf --- /dev/null +++ b/api/utils/permission.go @@ -0,0 +1,40 @@ +package utils + +import ( + "chatplus/core/types" + "chatplus/store/model" + "fmt" + "github.com/gin-gonic/gin" + "gorm.io/gorm" + "net/url" + "strings" +) + +// CheckPermission Todo: 放在缓存 +// CheckPermission 检查权限 +func CheckPermission(c *gin.Context, db *gorm.DB) error { + u, err := url.Parse(c.Request.RequestURI) + if err != nil { + panic(err) + } + slug := strings.Replace(u.Path, "/", "_", -1)[1:] + + // 用户名 + userName, _ := c.Get(types.LoginUserID) + + var manager model.AdminUser + db.Table("chatgpt_admin_users").Select("chatgpt_admin_users.id").Where("username = ?", userName).First(&manager) + + // 超级管理员不判断 + if manager.Id == 1 { + return nil + } + var roleIds []int + var count int64 + db.Raw("SELECT `chatgpt_admin_user_roles`.role_id FROM `chatgpt_admin_users` LEFT JOIN `chatgpt_admin_user_roles` ON ( `chatgpt_admin_users`.id = `chatgpt_admin_user_roles`.admin_id ) WHERE `chatgpt_admin_users`.id = ?", manager.Id).Find(&roleIds) + db.Raw("SELECT `chatgpt_admin_permissions`.slug FROM `chatgpt_admin_permissions` LEFT JOIN `chatgpt_admin_role_permissions` ON (`chatgpt_admin_permissions`.id = `chatgpt_admin_role_permissions`.permission_id) WHERE `chatgpt_admin_role_permissions`.role_id IN ? and `chatgpt_admin_permissions`.slug = ? ", roleIds, slug).Count(&count) + if count > 0 { + return nil + } + return fmt.Errorf("没有权限") +} diff --git a/api/utils/resp/response.go b/api/utils/resp/response.go index 0406c722..55c301ed 100644 --- a/api/utils/resp/response.go +++ b/api/utils/resp/response.go @@ -34,3 +34,11 @@ func NotAuth(c *gin.Context, messages ...string) { c.JSON(http.StatusOK, types.BizVo{Code: types.NotAuthorized, Message: "Not Authorized"}) } } + +func NotPermission(c *gin.Context, messages ...string) { + if messages != nil { + c.JSON(http.StatusOK, types.BizVo{Code: types.NotPermission, Message: messages[0]}) + } else { + c.JSON(http.StatusOK, types.BizVo{Code: types.NotPermission, Message: "Not Permission"}) + } +}