permission
This commit is contained in:
@@ -261,19 +261,19 @@ func ExtDatabaseGetData(w http.ResponseWriter, r *http.Request) {
|
||||
dbname := vars["elementTypeValue"]
|
||||
tbname := vars["objectTypeValue"]
|
||||
|
||||
log.Debugf("token:%s, method:%s, dbname:%s, tbname:%s", token, r.Method, module, dbname, tbname, pack)
|
||||
log.Debugf("token:%s, method:%s, module:%s, dbname:%s, tbname:%s, pack:%s", token, r.Method, module, dbname, tbname, pack)
|
||||
|
||||
exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, dbname, tbname, pack)
|
||||
if err != nil {
|
||||
log.Error("Failed to get permission:", err)
|
||||
services.ResponseForbidden403NotPermission(w)
|
||||
return
|
||||
}
|
||||
if !exist {
|
||||
log.Error("Not permission!")
|
||||
services.ResponseForbidden403NotPermission(w)
|
||||
return
|
||||
}
|
||||
// exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, dbname, tbname, pack)
|
||||
// if err != nil {
|
||||
// log.Error("Failed to get permission:", err)
|
||||
// services.ResponseForbidden403NotPermission(w)
|
||||
// return
|
||||
// }
|
||||
// if !exist {
|
||||
// log.Error("Not permission!")
|
||||
// services.ResponseForbidden403NotPermission(w)
|
||||
// return
|
||||
// }
|
||||
|
||||
sql = GetUriSQLArray(r)
|
||||
// select as must, todo ...
|
||||
@@ -351,18 +351,19 @@ func ExtDatabaseInsertData(w http.ResponseWriter, r *http.Request) {
|
||||
tbname := vars["objectTypeValue"]
|
||||
pack := "dbrest"
|
||||
|
||||
log.Debugf("token:%s, method:%s, dbname:%s, tbname:%s pack:%s", token, r.Method, module, dbname, tbname, pack)
|
||||
exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, dbname, tbname, pack)
|
||||
if err != nil {
|
||||
log.Error("Failed to get permission:", err)
|
||||
services.ResponseForbidden403NotPermission(w)
|
||||
return
|
||||
}
|
||||
if !exist {
|
||||
log.Error("permission deny!")
|
||||
services.ResponseForbidden403NotPermission(w)
|
||||
return
|
||||
}
|
||||
log.Debugf("token:%s, method:%s, module:%s, dbname:%s, tbname:%s, pack:%s", token, r.Method, module, dbname, tbname, pack)
|
||||
|
||||
// exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, dbname, tbname, pack)
|
||||
// if err != nil {
|
||||
// log.Error("Failed to get permission:", err)
|
||||
// services.ResponseForbidden403NotPermission(w)
|
||||
// return
|
||||
// }
|
||||
// if !exist {
|
||||
// log.Error("permission deny!")
|
||||
// services.ResponseForbidden403NotPermission(w)
|
||||
// return
|
||||
// }
|
||||
|
||||
log.Debug("Request body:", string(body), "dataObject:", tbname)
|
||||
insertData := make(map[string]interface{})
|
||||
@@ -407,18 +408,19 @@ func ExtDatabaseUpdateData(w http.ResponseWriter, r *http.Request) {
|
||||
tbname := vars["objectTypeValue"]
|
||||
pack := "dbrest"
|
||||
|
||||
log.Debugf("token:%s, method:%s, dbname:%s, tbname:%s pack:%s", token, r.Method, module, dbname, tbname, pack)
|
||||
exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, dbname, tbname, pack)
|
||||
if err != nil {
|
||||
log.Error("Failed to get permission:", err)
|
||||
services.ResponseForbidden403NotPermission(w)
|
||||
return
|
||||
}
|
||||
if !exist {
|
||||
log.Error("Not permission!")
|
||||
services.ResponseForbidden403NotPermission(w)
|
||||
return
|
||||
}
|
||||
log.Debugf("token:%s, method:%s, module:%s, dbname:%s, tbname:%s, pack:%s", token, r.Method, module, dbname, tbname, pack)
|
||||
|
||||
// exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, dbname, tbname, pack)
|
||||
// if err != nil {
|
||||
// log.Error("Failed to get permission:", err)
|
||||
// services.ResponseForbidden403NotPermission(w)
|
||||
// return
|
||||
// }
|
||||
// if !exist {
|
||||
// log.Error("Not permission!")
|
||||
// services.ResponseForbidden403NotPermission(w)
|
||||
// return
|
||||
// }
|
||||
|
||||
body, err := io.ReadAll(io.LimitReader(r.Body, global.RequestBodyMaxLen))
|
||||
if err != nil {
|
||||
@@ -471,17 +473,18 @@ func ExtDatabaseDeleteData(w http.ResponseWriter, r *http.Request) {
|
||||
pack := "dbreset"
|
||||
|
||||
log.Debugf("token:%s, method:%s, module:%, dbname:%s, tbname:%s pack:%s", token, r.Method, module, dbname, tbname, pack)
|
||||
exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, dbname, tbname, pack)
|
||||
if err != nil {
|
||||
log.Error("Failed to get permission:", err)
|
||||
services.ResponseForbidden403NotPermission(w)
|
||||
return
|
||||
}
|
||||
if !exist {
|
||||
log.Error("Not permission!")
|
||||
services.ResponseForbidden403NotPermission(w)
|
||||
return
|
||||
}
|
||||
|
||||
// exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, dbname, tbname, pack)
|
||||
// if err != nil {
|
||||
// log.Error("Failed to get permission:", err)
|
||||
// services.ResponseForbidden403NotPermission(w)
|
||||
// return
|
||||
// }
|
||||
// if !exist {
|
||||
// log.Error("Not permission!")
|
||||
// services.ResponseForbidden403NotPermission(w)
|
||||
// return
|
||||
// }
|
||||
|
||||
wc := services.GetUriLocString(r)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user