Browse Source

fix:完善报告权限校验

zqbao 10 months ago
parent
commit
d01914e8a2
3 changed files with 64 additions and 7 deletions
  1. 50 5
      controllers/report.go
  2. 6 2
      models/response/report.go
  3. 8 0
      utils/constants.go

+ 50 - 5
controllers/report.go

@@ -6,6 +6,7 @@ import (
 	"eta/eta_mini_bridge/utils"
 	"html"
 	"strconv"
+	"time"
 
 	"github.com/rdlucklib/rdluck_tools/paging"
 )
@@ -156,6 +157,14 @@ func (this *ReportController) Detail() {
 		br.ErrMsg = "参数错误,用户id小于等于0"
 		return
 	}
+	user, err := models.GetUserById(userId)
+	if err != nil {
+		br.Msg = "用户不存在"
+		br.ErrMsg = "用户不存在,系统异常,Err:" + err.Error()
+		return
+	}
+	// 有效期是否到期
+	IsVail := user.ValidEndTime.After(time.Now())
 
 	report, err := models.GetReportById(reportId)
 	if err != nil {
@@ -163,7 +172,8 @@ func (this *ReportController) Detail() {
 		br.ErrMsg = "获取报告详情失败,Err:" + err.Error()
 		return
 	}
-
+	report.ContentSub = html.UnescapeString(report.ContentSub)
+	report.Content = html.UnescapeString(report.Content)
 	if report == nil {
 		br.Msg = "报告不存在"
 		return
@@ -189,7 +199,28 @@ func (this *ReportController) Detail() {
 		}
 	}
 
+	resp := new(response.ReportDetailResp)
 	if !IsPublic {
+		// 如果被禁用或是潜在用户,直接返回无阅读报告权限
+		if user.Status == 0 || user.Status == 1 {
+			resp.Report = report
+			resp.Status = utils.ReportPermissionStatusNo
+			report.Content = ""
+			br.Ret = 408
+			br.Data = resp
+			br.Msg = "用户权限不足"
+			return
+		}
+		// 如果是私有报告,用户权限过期直接返回有效期已过
+		if !IsVail {
+			resp.Report = report
+			resp.Status = utils.ReportPermissionStatusExpired
+			report.Content = ""
+			br.Ret = 408
+			br.Data = resp
+			br.Msg = "用户权限不足"
+			return
+		}
 		chartPermissionIds, err := models.GetChartPermissionIdByUserId(userId)
 		if err != nil {
 			br.Msg = "获取用户权限失败"
@@ -197,6 +228,11 @@ func (this *ReportController) Detail() {
 			return
 		}
 		if len(chartPermissionIds) <= 0 {
+			resp.Report = report
+			resp.Status = utils.ReportPermissionStatusNo
+			report.Content = ""
+			br.Ret = 408
+			br.Data = resp
 			br.Msg = "用户权限不足"
 			return
 		}
@@ -207,6 +243,11 @@ func (this *ReportController) Detail() {
 			return
 		}
 		if len(classifyIds) <= 0 {
+			resp.Report = report
+			resp.Status = utils.ReportPermissionStatusNoPermission
+			report.Content = ""
+			br.Ret = 408
+			br.Data = resp
 			br.Msg = "用户权限不足"
 			return
 		}
@@ -217,15 +258,19 @@ func (this *ReportController) Detail() {
 			}
 		}
 		if !IsHas {
+			resp.Report = report
+			resp.Status = utils.ReportPermissionStatusNoPermission
+			report.Content = ""
+			br.Ret = 408
+			br.Data = resp
 			br.Msg = "用户权限不足"
 			return
 		}
 	}
+	resp.Report = report
+	resp.Status = utils.ReportPermissionStatusHas
 
-	report.ContentSub = html.UnescapeString(report.ContentSub)
-	report.Content = html.UnescapeString(report.Content)
-
-	br.Data = report
+	br.Data = resp
 	br.Ret = 200
 	br.Success = true
 	br.Msg = "获取成功"

+ 6 - 2
models/response/report.go

@@ -11,7 +11,11 @@ type ReportListResp struct {
 	Paging *paging.PagingItem
 }
 
+//	type ReportDetailResp struct {
+//		Report   *models.ReportDetail   `description:"报告"`
+//		Classify *models.ClassifyDetail `description:"对应专栏"`
+//	}
 type ReportDetailResp struct {
-	Report   *models.ReportDetail   `description:"报告"`
-	Classify *models.ClassifyDetail `description:"对应专栏"`
+	Report *models.ReportDetail `description:"报告"`
+	Status int                  `description:"报告状态"`
 }

+ 8 - 0
utils/constants.go

@@ -14,3 +14,11 @@ const (
 	PageSize20            = 20
 	PageSize30            = 30
 )
+
+// 报告权限状态定义
+const (
+	ReportPermissionStatusExpired      = 1 //已过期
+	ReportPermissionStatusNoPermission = 2 //没有该品种权限
+	ReportPermissionStatusNo           = 3 //没有权限
+	ReportPermissionStatusHas          = 4 //有该品种权限
+)