permission

features/mml/mml.go

@@ -50,6 +50,12 @@ var (
 func PostMMLToNF(w http.ResponseWriter, r *http.Request) {
 	log.Debug("PostMMLToNF processing... ")
 
+	token, err := services.CheckExtValidRequest(w, r)
+	if err != nil {
+		log.Error("Request error:", err)
+		return
+	}
+
 	vars := mux.Vars(r)
 	neType := vars["elementTypeValue"]
 	params := r.URL.Query()
@@ -61,14 +67,36 @@ func PostMMLToNF(w http.ResponseWriter, r *http.Request) {
 	}
 	log.Debug("neType:", neType, "neId", neId)
 
-	if strings.ToLower(neType) == "omc" {
-		PostMMLToOMC(w, r)
+	log.Debugf("token:%s, method:%s, dbname:%s, tbname:%s", token, r.Method, neType, neId[0])
+
+	var buf [8192]byte
+	var n int
+	var mmlResult []string
+
+	exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), neType, neId[0])
+	if err != nil {
+		log.Error("Failed to get permission:", err)
+		errMsg := fmt.Sprintf("RetCode = -1 operation failed: do not have the operation permissions")
+		log.Error(errMsg)
+		mmlResult = append(mmlResult, errMsg)
+		response := Response{mmlResult}
+		services.ResponseWithJson(w, http.StatusOK, response)
+		//services.ResponseForbidden403NotPermission(w)
+		return
+	}
+	if !exist {
+		log.Error("Not permission!")
+		errMsg := fmt.Sprintf("RetCode = -1 operation failed: do not have the operation permissions")
+		log.Error(errMsg)
+		mmlResult = append(mmlResult, errMsg)
+		response := Response{mmlResult}
+		services.ResponseWithJson(w, http.StatusOK, response)
+		//services.ResponseForbidden403NotPermission(w)
 		return
 	}
 
-	_, err := services.CheckExtValidRequest(w, r)
-	if err != nil {
-		log.Error("Failed to CheckMmlValidRequest:", err)
+	if strings.ToLower(neType) == "omc" {
+		PostMMLToOMC(w, r)
 		return
 	}
 
@@ -80,10 +108,6 @@ func PostMMLToNF(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	var buf [8192]byte
-	var n int
-	var mmlResult []string
-
 	if neInfo != nil {
 		hostMML := fmt.Sprintf("%s:%d", neInfo.Ip, config.GetYamlConfig().MML.Port)
 		conn, err := net.Dial("tcp", hostMML)