fix

controllers/base_auth.go

@@ -188,7 +188,7 @@ func (c *BaseAuthController) Prepare() {
 
 			//接口权限校验
 			roleId := admin.RoleId
-			list, e := system.GetMenuButtonsByRoleId(roleId)
+			list, e := system.GetMenuButtonApisByRoleId(roleId)
 			if e != nil {
 				c.JSON(models.BaseResponse{Ret: 403, Msg: "获取接口权限出错！", ErrMsg: "获取接口权限出错！"}, false, false)
 				c.StopRun()
@@ -205,9 +205,9 @@ func (c *BaseAuthController) Prepare() {
 			uri = uris[0]
 			fmt.Println("uri:",uri)
 			if !strings.Contains(api,uri) {
-				//c.JSON(models.BaseResponse{Ret: 403, Msg: "无权访问！", ErrMsg: "无权访问！"}, false, false)
-				//c.StopRun()
-				//return
+				c.JSON(models.BaseResponse{Ret: 403, Msg: "无权访问！", ErrMsg: "无权访问！"}, false, false)
+				c.StopRun()
+				return
 			}
 		} else {
 			c.JSON(models.BaseResponse{Ret: 408, Msg: "请求异常，请联系客服!", ErrMsg: "POST之外的请求，暂不支持"}, false, false)

models/system/sys_menu.go

@@ -172,3 +172,19 @@ type BusinessConf struct {
 	ConfKey string `description:"配置Key"`
 	ConfVal string `description:"配置值"`
 }
+
+// GetMenuButtonApisByRoleId 获取角色按钮api菜单
+func GetMenuButtonApisByRoleId(roleId int) (items []*SysMenu, err error) {
+	sql := `SELECT
+				r.*
+			FROM
+				sys_menu AS r
+			JOIN sys_role_menu AS rm ON r.menu_id = rm.menu_id 
+			WHERE
+				rm.role_id = ?
+			ORDER BY
+				r.sort ASC,
+				r.create_time DESC`
+	_, err = orm.NewOrm().Raw(sql, roleId).QueryRows(&items)
+	return
+}