fix

controllers/base_auth.go

@@ -3,6 +3,7 @@ package controllers
 import (
 	"encoding/json"
 	"eta/eta_api/cache"
+	"eta/eta_api/models/company"
 	"eta/eta_api/models/system"
 	"eta/eta_api/services/alarm_msg"
 	"eta/eta_api/services/data"
@@ -187,28 +188,32 @@ func (c *BaseAuthController) Prepare() {
 			c.SysUser = admin
 
 			//接口权限校验
-			roleId := admin.RoleId
-			list, e := system.GetMenuButtonApisByRoleId(roleId)
-			if e != nil {
-				c.JSON(models.BaseResponse{Ret: 403, Msg: "获取接口权限出错！", ErrMsg: "获取接口权限出错！"}, false, false)
-				c.StopRun()
-				return
-			}
-			var api string
-			for _, v := range list {
-				api += v.Api + ","
-			}
-			//处理uri请求，去除前缀和参数
-			api = strings.TrimRight(api,",")
-			uri = strings.Replace(uri,"/adminapi","",1)
-			uris := strings.Split(uri,"?")
-			uri = uris[0]
-			fmt.Println("uri:",uri)
-			if !strings.Contains(api,uri) {
-				//c.JSON(models.BaseResponse{Ret: 403, Msg: "无权访问！", ErrMsg: "无权访问！"}, false, false)
-				//c.StopRun()
-				//return
+			crmConfig, _ := company.GetConfigDetailByCode("api_check")
+			if crmConfig.ConfigValue == "1" {
+				roleId := admin.RoleId
+				list, e := system.GetMenuButtonApisByRoleId(roleId)
+				if e != nil {
+					c.JSON(models.BaseResponse{Ret: 403, Msg: "获取接口权限出错！", ErrMsg: "获取接口权限出错！"}, false, false)
+					c.StopRun()
+					return
+				}
+				var api string
+				for _, v := range list {
+					api += v.Api + ","
+				}
+				//处理uri请求，去除前缀和参数
+				api = strings.TrimRight(api,",")
+				uri = strings.Replace(uri,"/adminapi","",1)
+				uris := strings.Split(uri,"?")
+				uri = uris[0]
+				fmt.Println("uri:",uri)
+				if !strings.Contains(api,uri) {
+					c.JSON(models.BaseResponse{Ret: 403, Msg: "无权访问！", ErrMsg: "无权访问！"}, false, false)
+					c.StopRun()
+					return
+				}
 			}
+
 		} else {
 			c.JSON(models.BaseResponse{Ret: 408, Msg: "请求异常，请联系客服!", ErrMsg: "POST之外的请求，暂不支持"}, false, false)
 			c.StopRun()