fix:完善权限控制

controllers/base_auth.go

@@ -22,7 +22,7 @@ type BaseAuthController struct {
 
 func (c *BaseAuthController) Prepare() {
 	method := c.Ctx.Input.Method()
-	// uri := c.Ctx.Input.URI()
+	uri := c.Ctx.Input.URI()
 	if method != "HEAD" {
 		if method == "POST" || method == "GET" {
 			authorization := c.Ctx.Input.Header("authorization")
@@ -98,6 +98,35 @@ func (c *BaseAuthController) Prepare() {
 			}
 			c.SysUser = sysUser
 			c.Session = session
+
+			//接口权限校验
+			roleId := sysUser.SysRoleId
+			list, e := models.GetMenuButtonsByRoleId(roleId)
+			if e != nil {
+				c.JSON(models.BaseResponse{Ret: 403, Msg: "获取接口权限出错！", ErrMsg: "获取接口权限出错！"}, false, false)
+				c.StopRun()
+				return
+			}
+			var api string
+			for _, v := range list {
+				api += v.Api + "&"
+			}
+			api = strings.TrimRight(api, "&")
+			uri = strings.Replace(uri, "/adminapi", "", 1)
+			uris := strings.Split(uri, "?")
+			uri = uris[0]
+			//fmt.Println("uri:", uri)
+			apis := strings.Split(api, "&")
+			apiMap := make(map[string]bool, 0)
+			for _, s := range apis {
+				apiMap[s] = true
+			}
+			if !apiMap[uri] {
+				c.JSON(models.BaseResponse{Ret: 403, Msg: "无权访问！", ErrMsg: "无权访问！"}, false, false)
+				c.StopRun()
+				return
+			}
+
 		}
 	}
 }

models/response/sys_menu.go

@@ -1,6 +1,8 @@
 package response
 
-import "eta/eta_mini_crm/models"
+import (
+	"eta/eta_mini_crm/models"
+)
 
 type SysMenuButtonResp struct {
 	SysMenuId  int    `description:"菜单ID"`

models/sys_menu.go

@@ -15,6 +15,7 @@ type SysMenu struct {
 	ButtonCode string    `description:"按钮唯一编码"`
 	Name       string    `description:"按钮名称"`
 	Path       string    `description:"路径"`
+	Api        string    `description:"api接口"`
 	IconPath   string    `description:"图标路径"`
 	Level      int       `description:"层级"`
 	MenuType   int       `description:"菜单类型，1:菜单，2:按钮"`