feature: 优化严格模式角色鉴权操作。

pixelmaxQm · pixelmaxQm · commit a7b5b1e95d39 · 2024-08-25T16:51:25.000+08:00
diff --git a/server/service/system/sys_authority.go b/server/service/system/sys_authority.go
@@ -233,6 +233,27 @@ func (authorityService *AuthorityService) GetStructAuthorityList(authorityID uin
 	return list, err
 }
 
+func (authorityService *AuthorityService) CheckAuthorityIDAuth(authorityID, targetID uint) (err error) {
+	if !global.GVA_CONFIG.System.UseStrictAuth {
+		return nil
+	}
+	authIDS, err := authorityService.GetStructAuthorityList(authorityID)
+	if err != nil {
+		return err
+	}
+	hasAuth := false
+	for _, v := range authIDS {
+		if v == targetID {
+			hasAuth = true
+			break
+		}
+	}
+	if !hasAuth {
+		return errors.New("您提交的角色ID不合法")
+	}
+	return nil
+}
+
 //@author: [piexlmax](https://github.com/piexlmax)
 //@function: GetAuthorityInfo
 //@description: 获取所有角色信息
@@ -251,22 +272,19 @@ func (authorityService *AuthorityService) GetAuthorityInfo(auth system.SysAuthor
 //@return: error
 
 func (authorityService *AuthorityService) SetDataAuthority(adminAuthorityID uint, auth system.SysAuthority) error {
-	if global.GVA_CONFIG.System.UseStrictAuth {
-		authids, err := AuthorityServiceApp.GetStructAuthorityList(adminAuthorityID)
+	var checkIDs []uint
+	checkIDs = append(checkIDs, auth.AuthorityId)
+	for i := range auth.DataAuthorityId {
+		checkIDs = append(checkIDs, auth.DataAuthorityId[i].AuthorityId)
+	}
+
+	for i := range checkIDs {
+		err := authorityService.CheckAuthorityIDAuth(adminAuthorityID, checkIDs[i])
 		if err != nil {
 			return err
 		}
-		hasAuth := false
-		for _, v := range authids {
-			if v == auth.AuthorityId {
-				hasAuth = true
-				break
-			}
-		}
-		if !hasAuth {
-			return errors.New("您提交的角色ID不合法")
-		}
 	}
+
 	var s system.SysAuthority
 	global.GVA_DB.Preload("DataAuthorityId").First(&s, "authority_id = ?", auth.AuthorityId)
 	err := global.GVA_DB.Model(&s).Association("DataAuthorityId").Replace(&auth.DataAuthorityId)
diff --git a/server/service/system/sys_casbin.go b/server/service/system/sys_casbin.go
@@ -28,21 +28,9 @@ var CasbinServiceApp = new(CasbinService)
 
 func (casbinService *CasbinService) UpdateCasbin(adminAuthorityID, AuthorityID uint, casbinInfos []request.CasbinInfo) error {
 
-	if global.GVA_CONFIG.System.UseStrictAuth {
-		authids, err := AuthorityServiceApp.GetStructAuthorityList(adminAuthorityID)
-		if err != nil {
-			return err
-		}
-		hasAuth := false
-		for _, v := range authids {
-			if v == AuthorityID {
-				hasAuth = true
-				break
-			}
-		}
-		if !hasAuth {
-			return errors.New("您提交的角色ID不合法")
-		}
+	err := AuthorityServiceApp.CheckAuthorityIDAuth(adminAuthorityID, AuthorityID)
+	if err != nil {
+		return err
 	}
 
 	authorityId := strconv.Itoa(int(AuthorityID))
diff --git a/server/service/system/sys_menu.go b/server/service/system/sys_menu.go
@@ -201,21 +201,9 @@ func (menuService *MenuService) AddMenuAuthority(menus []system.SysBaseMenu, adm
 	auth.AuthorityId = authorityId
 	auth.SysBaseMenus = menus
 
-	if global.GVA_CONFIG.System.UseStrictAuth {
-		authids, err := AuthorityServiceApp.GetStructAuthorityList(adminAuthorityID)
-		if err != nil {
-			return err
-		}
-		hasAuth := false
-		for _, v := range authids {
-			if v == authorityId {
-				hasAuth = true
-				break
-			}
-		}
-		if !hasAuth {
-			return errors.New("您提交的角色ID不合法")
-		}
+	err = AuthorityServiceApp.CheckAuthorityIDAuth(adminAuthorityID, authorityId)
+	if err != nil {
+		return err
 	}
 
 	err = AuthorityServiceApp.SetMenuAuthority(&auth)
diff --git a/server/service/system/sys_user.go b/server/service/system/sys_user.go
@@ -164,27 +164,11 @@ func (userService *UserService) SetUserAuthorities(adminAuthorityID, id uint, au
 		if TxErr != nil {
 			return TxErr
 		}
-		var childrenIDS []uint
-		if global.GVA_CONFIG.System.UseStrictAuth {
-			childrenIDS, err = AuthorityServiceApp.GetStructAuthorityList(adminAuthorityID)
-			if err != nil {
-				return errors.New("获取当前角色可用角色失败")
-			}
-		}
-
 		var useAuthority []system.SysUserAuthority
 		for _, v := range authorityIds {
-			if global.GVA_CONFIG.System.UseStrictAuth {
-				hasAuth := false
-				for i := range childrenIDS {
-					if childrenIDS[i] == v {
-						hasAuth = true
-						break
-					}
-				}
-				if !hasAuth {
-					return errors.New("您提交的角色ID不合法")
-				}
+			e := AuthorityServiceApp.CheckAuthorityIDAuth(adminAuthorityID, v)
+			if e != nil {
+				return e
 			}
 			useAuthority = append(useAuthority, system.SysUserAuthority{
 				SysUserId: id, SysAuthorityAuthorityId: v,
diff --git a/web/src/view/superAdmin/authority/components/datas.vue b/web/src/view/superAdmin/authority/components/datas.vue
@@ -131,6 +131,7 @@ const authDataEnter = async() => {
 
 //   选择
 const selectAuthority = () => {
+  dataAuthorityId.value = dataAuthorityId.value.filter(item => item)
   emit('changeRow', 'dataAuthorityId', dataAuthorityId.value)
   needConfirm.value = true
 }

Original file line number	Diff line number	Diff line change
`@@ -131,6 +131,7 @@ const authDataEnter = async() => {`
`131`	`131`
`132`	`132`	`// 选择`
`133`	`133`	`const selectAuthority = () => {`
	`134`	`+ dataAuthorityId.value = dataAuthorityId.value.filter(item => item)`
`134`	`135`	`emit('changeRow', 'dataAuthorityId', dataAuthorityId.value)`
`135`	`136`	`needConfirm.value = true`
`136`	`137`	`}`