hai 1 ano · fb0013adfe
--- a/controllers/base_auth.go
+++ b/controllers/base_auth.go
@@ -3,7 +3,6 @@ package controllers
 
				 import (
			
 
				 	"encoding/json"
			
 
				 	"eta/eta_api/cache"
			
 
				-	"eta/eta_api/models/company"
			
 
				 	"eta/eta_api/models/system"
			
 
				 	"eta/eta_api/services/alarm_msg"
			
 
				 	"eta/eta_api/services/data"
			
@@ -187,41 +186,33 @@ func (c *BaseAuthController) Prepare() {
 
				 			c.SysUser = admin
			
 
				 
			
 
				 			//接口权限校验
			
 
				-			crmConfig, _ := company.GetConfigDetailByCode("api_check")
			
 
				-			if crmConfig.ConfigValue == "1" {
			
 
				-				roleId := admin.RoleId
			
 
				-				list, e := system.GetMenuButtonApisByRoleId(roleId)
			
 
				-				if e != nil {
			
 
				-					c.JSON(models.BaseResponse{Ret: 403, Msg: "获取接口权限出错！", ErrMsg: "获取接口权限出错！"}, false, false)
			
 
				-					c.StopRun()
			
 
				-					return
			
 
				-				}
			
 
				-				var api string
			
 
				-				for _, v := range list {
			
 
				-					api += v.Api + "&"
			
 
				-				}
			
 
				-				//处理uri请求，去除前缀和参数
			
 
				-				api = strings.TrimRight(api, "&")
			
 
				-				uri = strings.Replace(uri, "/adminapi", "", 1)
			
 
				-				uris := strings.Split(uri, "?")
			
 
				-				uri = uris[0]
			
 
				-				fmt.Println("uri:", uri)
			
 
				-				apis := strings.Split(api, "&")
			
 
				-				apiMap := make(map[string]bool, 0)
			
 
				-				for _, s := range apis {
			
 
				-					apiMap[s] = true
			
 
				-				}
			
 
				-				if !apiMap[uri] {
			
 
				-					c.JSON(models.BaseResponse{Ret: 403, Msg: "无权访问！", ErrMsg: "无权访问！"}, false, false)
			
 
				-					c.StopRun()
			
 
				-					return
			
 
				-				}
			
 
				-				//if !strings.Contains(api, uri) {
			
 
				-				//	c.JSON(models.BaseResponse{Ret: 403, Msg: "无权访问！", ErrMsg: "无权访问！"}, false, false)
			
 
				-				//	c.StopRun()
			
 
				-				//}
			
 
				+			roleId := admin.RoleId
			
 
				+			list, e := system.GetMenuButtonApisByRoleId(roleId)
			
 
				+			if e != nil {
			
 
				+				c.JSON(models.BaseResponse{Ret: 403, Msg: "获取接口权限出错！", ErrMsg: "获取接口权限出错！"}, false, false)
			
 
				+				c.StopRun()
			
 
				+				return
			
 
				+			}
			
 
				+			var api string
			
 
				+			for _, v := range list {
			
 
				+				api += v.Api + "&"
			
 
				+			}
			
 
				+			//处理uri请求，去除前缀和参数
			
 
				+			api = strings.TrimRight(api, "&")
			
 
				+			uri = strings.Replace(uri, "/adminapi", "", 1)
			
 
				+			uris := strings.Split(uri, "?")
			
 
				+			uri = uris[0]
			
 
				+			fmt.Println("uri:", uri)
			
 
				+			apis := strings.Split(api, "&")
			
 
				+			apiMap := make(map[string]bool, 0)
			
 
				+			for _, s := range apis {
			
 
				+				apiMap[s] = true
			
 
				+			}
			
 
				+			if !apiMap[uri] {
			
 
				+				c.JSON(models.BaseResponse{Ret: 403, Msg: "无权访问！", ErrMsg: "无权访问！"}, false, false)
			
 
				+				c.StopRun()
			
 
				+				return
			
 
				 			}
			
 
				-
			
 
				 		} else {
			
 
				 			c.JSON(models.BaseResponse{Ret: 408, Msg: "请求异常，请联系客服!", ErrMsg: "POST之外的请求，暂不支持"}, false, false)
			
 
				 			c.StopRun()