diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e4cdf45 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ + +admin diff --git a/Router.go b/Router.go index f1e6044..cafb1de 100644 --- a/Router.go +++ b/Router.go @@ -2,7 +2,7 @@ package admin import ( "github.com/astaxie/beego" - "github.com/beego/admin/src/rbac" + "admin/src/rbac" ) func router() { diff --git a/admin.go b/admin.go index 2f3268e..6735f2f 100644 --- a/admin.go +++ b/admin.go @@ -6,8 +6,8 @@ import ( "os" "github.com/astaxie/beego" - . "github.com/beego/admin/src/lib" - "github.com/beego/admin/src/models" + . "admin/src/lib" + "admin/src/models" ) const VERSION = "0.1.1" diff --git a/src/models/AdminInit.go b/src/models/AdminInit.go index ba502c2..9cbafd9 100644 --- a/src/models/AdminInit.go +++ b/src/models/AdminInit.go @@ -6,9 +6,9 @@ import ( "log" "os" + . "admin/src/lib" "github.com/astaxie/beego" "github.com/astaxie/beego/orm" - . "github.com/beego/admin/src/lib" _ "github.com/go-sql-driver/mysql" _ "github.com/lib/pq" _ "github.com/mattn/go-sqlite3" @@ -52,14 +52,14 @@ func Connect() { db_sslmode := beego.AppConfig.String("db_sslmode") switch db_type { case "mysql": - orm.RegisterDriver("mysql", orm.DR_MySQL) + orm.RegisterDriver("mysql", orm.DRMySQL) dns = fmt.Sprintf("%s:%s@tcp(%s:%s)/%s?charset=utf8", db_user, db_pass, db_host, db_port, db_name) break case "postgres": - orm.RegisterDriver("postgres", orm.DR_Postgres) + orm.RegisterDriver("postgres", orm.DRPostgres) dns = fmt.Sprintf("dbname=%s host=%s user=%s password=%s port=%s sslmode=%s", db_name, db_host, db_user, db_pass, db_port, db_sslmode) case "sqlite3": - orm.RegisterDriver("sqlite3", orm.DR_Sqlite) + orm.RegisterDriver("sqlite3", orm.DRSqlite) if db_path == "" { db_path = "./" } diff --git a/src/models/RoleModel.go b/src/models/RoleModel.go index 52db011..1711803 100644 --- a/src/models/RoleModel.go +++ b/src/models/RoleModel.go @@ -131,6 +131,7 @@ func DelGroupNode(roleid int64, groupid int64) error { } return nil } + func AddRoleNode(roleid int64, nodeid int64) (int64, error) { o := orm.NewOrm() role := Role{Id: roleid} diff --git a/src/models/UserModel.go b/src/models/UserModel.go index ac54c8e..610291d 100644 --- a/src/models/UserModel.go +++ b/src/models/UserModel.go @@ -5,10 +5,10 @@ import ( "log" "time" + . "admin/src/lib" "github.com/astaxie/beego" "github.com/astaxie/beego/orm" "github.com/astaxie/beego/validation" - . "github.com/beego/admin/src/lib" ) //用户表 diff --git a/src/rbac.go b/src/rbac.go index 4498a35..4d5f137 100644 --- a/src/rbac.go +++ b/src/rbac.go @@ -6,10 +6,10 @@ import ( "strconv" "strings" + . "admin/src/lib" + m "admin/src/models" "github.com/astaxie/beego" "github.com/astaxie/beego/context" - . "github.com/beego/admin/src/lib" - m "github.com/beego/admin/src/models" ) //check access and register user's nodes @@ -43,7 +43,7 @@ func AccessRegister() { ret := AccessDecision(params, accesslist) if !ret { - ctx.Output.Json(&map[string]interface{}{"status": false, "info": "权限不足"}, true, false) + ctx.Output.JSON(&map[string]interface{}{"status": false, "info": "权限不足"}, true, false) } } diff --git a/src/rbac/common.go b/src/rbac/common.go index f8f6a45..6854aff 100644 --- a/src/rbac/common.go +++ b/src/rbac/common.go @@ -1,9 +1,11 @@ package rbac import ( + . "admin/src" + m "admin/src/models" + "fmt" "github.com/astaxie/beego" - . "github.com/beego/admin/src" - m "github.com/beego/admin/src/models" + "strings" ) type CommonController struct { @@ -13,7 +15,7 @@ type CommonController struct { func (this *CommonController) Rsp(status bool, str string) { this.Data["json"] = &map[string]interface{}{"status": status, "info": str} - this.ServeJson() + this.ServeJSON() } func (this *CommonController) GetTemplatetype() string { @@ -24,25 +26,150 @@ func (this *CommonController) GetTemplatetype() string { return templatetype } -func (this *CommonController) GetTree() []Tree { +func (this *CommonController) GetTree(userinfo interface{}) []Tree { nodes, _ := m.GetNodeTree(0, 1) tree := make([]Tree, len(nodes)) + if nil == userinfo { + return tree + } + fmt.Println("******* userinfo:", userinfo) + accesslist, _ := GetAccessRightList(userinfo.(m.User).Id) + fmt.Println("******* accesslist:", accesslist) + adminuser := beego.AppConfig.String("rbac_admin_user") + isAdminUser := false + if userinfo.(m.User).Username == adminuser { + isAdminUser = true + } for k, v := range nodes { tree[k].Id = v["Id"].(int64) tree[k].Text = v["Title"].(string) children, _ := m.GetNodeTree(v["Id"].(int64), 2) - tree[k].Children = make([]Tree, len(children)) - for k1, v1 := range children { - tree[k].Children[k1].Id = v1["Id"].(int64) - tree[k].Children[k1].Text = v1["Title"].(string) - tree[k].Children[k1].Attributes.Url = "/" + v["Name"].(string) + "/" + v1["Name"].(string) + tree[k].Children = []Tree{} + for _, v1 := range children { + url := v["Name"].(string) + "/" + v1["Name"].(string) + if !isAdminUser { + if r := hasAccessRight(accesslist, url); !r { + continue + } + } + node := Tree{} + node.Id = v1["Id"].(int64) + node.Text = v1["Title"].(string) + node.Attributes.Url = "/" + url + tree[k].Children = append(tree[k].Children, node) + } + } + for i := 0; i < len(tree); i++ { + if len(tree[i].Children) == 0 { + if i == len(tree) { + tree = tree[:i] + break + } else { + tree = append(tree[:i], tree[i+1:]...) + i-- + } + } } + return tree } +//Access permissions list +func GetAccessRightList(uid int64) (map[string]bool, error) { + list, err := m.AccessList(uid) + if err != nil { + return nil, err + } + alist := make([]*AccessNode, 0) + for _, l := range list { + if l["Pid"].(int64) == 0 && l["Level"].(int64) == 1 { + anode := new(AccessNode) + anode.Id = l["Id"].(int64) + anode.Name = l["Name"].(string) + alist = append(alist, anode) + } + } + for _, l := range list { + if l["Level"].(int64) == 2 { + for _, an := range alist { + if an.Id == l["Pid"].(int64) { + anode := new(AccessNode) + anode.Id = l["Id"].(int64) + anode.Name = l["Name"].(string) + an.Childrens = append(an.Childrens, anode) + } + } + } + } + for _, l := range list { + if l["Level"].(int64) == 3 { + for _, an := range alist { + for _, an1 := range an.Childrens { + if an1.Id == l["Pid"].(int64) { + anode := new(AccessNode) + anode.Id = l["Id"].(int64) + anode.Name = l["Name"].(string) + an1.Childrens = append(an1.Childrens, anode) + } + } + + } + } + } + accesslist := make(map[string]bool) + for _, v := range alist { + for _, v1 := range v.Childrens { + for _, v2 := range v1.Childrens { + vname := strings.Split(v.Name, "/") + v1name := strings.Split(v1.Name, "/") + v2name := strings.Split(v2.Name, "/") + str := fmt.Sprintf("%s/%s/%s", strings.ToLower(vname[0]), strings.ToLower(v1name[0]), strings.ToLower(v2name[0])) + accesslist[str] = true + } + } + } + return accesslist, nil +} + +func hasAccessRight(accesslist interface{}, url string) bool { + params := strings.Split(strings.ToLower(url), "/") + ret := AccessRightDecision(params, accesslist.(map[string]bool)) + return ret +} + +//To test whether permissions +func AccessRightDecision(params []string, accesslist map[string]bool) bool { + if CheckAccessRight(params) { + s := fmt.Sprintf("%s/%s/%s", params[0], params[1], params[2]) + if len(accesslist) < 1 { + return false + } + _, ok := accesslist[s] + if ok != false { + return true + } + } else { + return true + } + return false +} + +//Determine whether need to verify +func CheckAccessRight(params []string) bool { + if len(params) < 3 { + return false + } + for _, nap := range strings.Split(beego.AppConfig.String("not_auth_package"), ",") { + if params[1] == nap { + return false + } + } + return true +} + func init() { //验证权限 - AccessRegister() + // AccessRegister() } diff --git a/src/rbac/group.go b/src/rbac/group.go index 4b196e6..a9f37b2 100644 --- a/src/rbac/group.go +++ b/src/rbac/group.go @@ -1,7 +1,7 @@ package rbac import ( - m "github.com/beego/admin/src/models" + m "admin/src/models" ) type GroupController struct { @@ -23,10 +23,10 @@ func (this *GroupController) Index() { } nodes, count := m.GetGrouplist(page, page_size, sort) this.Data["json"] = &map[string]interface{}{"total": count, "rows": &nodes} - this.ServeJson() + this.ServeJSON() return } else { - this.TplNames = this.GetTemplatetype() + "/rbac/group.tpl" + this.TplName = this.GetTemplatetype() + "/rbac/group.tpl" } } diff --git a/src/rbac/node.go b/src/rbac/node.go index c65eba7..cde199b 100644 --- a/src/rbac/node.go +++ b/src/rbac/node.go @@ -3,8 +3,8 @@ package rbac import ( "encoding/json" + m "admin/src/models" "github.com/astaxie/beego/orm" - m "github.com/beego/admin/src/models" ) type NodeController struct { @@ -13,7 +13,7 @@ type NodeController struct { func (this *NodeController) Rsp(status bool, str string) { this.Data["json"] = &map[string]interface{}{"status": status, "info": str} - this.ServeJson() + this.ServeJSON() } func (this *NodeController) Index() { @@ -41,13 +41,13 @@ func (this *NodeController) Index() { nodes = []orm.Params{} } this.Data["json"] = &map[string]interface{}{"total": count, "rows": &nodes} - this.ServeJson() + this.ServeJSON() return } else { grouplist := m.GroupList() b, _ := json.Marshal(grouplist) this.Data["grouplist"] = string(b) - this.TplNames = this.GetTemplatetype() + "/rbac/node.tpl" + this.TplName = this.GetTemplatetype() + "/rbac/node.tpl" } } diff --git a/src/rbac/public.go b/src/rbac/public.go index 73f5ae4..866e61e 100644 --- a/src/rbac/public.go +++ b/src/rbac/public.go @@ -2,9 +2,9 @@ package rbac import ( //"fmt" + . "admin/src" + m "admin/src/models" "github.com/astaxie/beego" - . "github.com/beego/admin/src" - m "github.com/beego/admin/src/models" ) type MainController struct { @@ -31,20 +31,20 @@ func (this *MainController) Index() { if userinfo == nil { this.Ctx.Redirect(302, beego.AppConfig.String("rbac_auth_gateway")) } - tree:=this.GetTree() + tree := this.GetTree(userinfo) if this.IsAjax() { this.Data["json"] = &tree - this.ServeJson() + this.ServeJSON() return } else { groups := m.GroupList() this.Data["userinfo"] = userinfo this.Data["groups"] = groups this.Data["tree"] = &tree - if this.GetTemplatetype() != "easyui"{ + if this.GetTemplatetype() != "easyui" { this.Layout = this.GetTemplatetype() + "/public/layout.tpl" } - this.TplNames = this.GetTemplatetype() + "/public/index.tpl" + this.TplName = this.GetTemplatetype() + "/public/index.tpl" } } @@ -71,7 +71,7 @@ func (this *MainController) Login() { if userinfo != nil { this.Ctx.Redirect(302, "/public/index") } - this.TplNames = this.GetTemplatetype() + "/public/login.tpl" + this.TplName = this.GetTemplatetype() + "/public/login.tpl" } //退出 diff --git a/src/rbac/role.go b/src/rbac/role.go index a5beb45..a465d63 100644 --- a/src/rbac/role.go +++ b/src/rbac/role.go @@ -5,8 +5,9 @@ import ( "strconv" "strings" + m "admin/src/models" + "github.com/astaxie/beego" "github.com/astaxie/beego/orm" - m "github.com/beego/admin/src/models" ) type RoleController struct { @@ -31,10 +32,10 @@ func (this *RoleController) Index() { roles = []orm.Params{} } this.Data["json"] = &map[string]interface{}{"total": count, "rows": &roles} - this.ServeJson() + this.ServeJSON() return } else { - this.TplNames = this.GetTemplatetype() + "/rbac/role.tpl" + this.TplName = this.GetTemplatetype() + "/rbac/role.tpl" } } @@ -81,7 +82,7 @@ func (this *RoleController) Getlist() { roles = []orm.Params{} } this.Data["json"] = &roles - this.ServeJson() + this.ServeJSON() return } @@ -97,6 +98,7 @@ func (this *RoleController) AccessToNode() { } else { nodes[i]["state"] = "closed" } + nodes[i]["checked"] = 0 for x := 0; x < len(list); x++ { if nodes[i]["Id"] == list[x]["Id"] { nodes[i]["checked"] = 1 @@ -107,14 +109,14 @@ func (this *RoleController) AccessToNode() { nodes = []orm.Params{} } this.Data["json"] = &map[string]interface{}{"total": count, "rows": &nodes} - this.ServeJson() + this.ServeJSON() return } else { grouplist := m.GroupList() b, _ := json.Marshal(grouplist) this.Data["grouplist"] = string(b) this.Data["roleid"] = roleid - this.TplNames = this.GetTemplatetype() + "/rbac/accesstonode.tpl" + this.TplName = this.GetTemplatetype() + "/rbac/accesstonode.tpl" } } @@ -125,8 +127,13 @@ func (this *RoleController) AddAccess() { err := m.DelGroupNode(roleid, group_id) if err != nil { this.Rsp(false, err.Error()) + return } ids := this.GetString("ids") + if len(ids) == 0 { + this.Rsp(true, "success") + return + } nodeids := strings.Split(ids, ",") for _, v := range nodeids { id, _ := strconv.Atoi(v) @@ -140,6 +147,7 @@ func (this *RoleController) AddAccess() { } func (this *RoleController) RoleToUserList() { + beego.Info("******** role id:", this.GetString("Id"), "********") roleid, _ := this.GetInt64("Id") if this.IsAjax() { users, count := m.Getuserlist(1, 1000, "Id") @@ -155,11 +163,11 @@ func (this *RoleController) RoleToUserList() { users = []orm.Params{} } this.Data["json"] = &map[string]interface{}{"total": count, "rows": &users} - this.ServeJson() + this.ServeJSON() return } else { this.Data["roleid"] = roleid - this.TplNames = this.GetTemplatetype() + "/rbac/roletouserlist.tpl" + this.TplName = this.GetTemplatetype() + "/rbac/roletouserlist.tpl" } } diff --git a/src/rbac/user.go b/src/rbac/user.go index e920230..8b9b96b 100644 --- a/src/rbac/user.go +++ b/src/rbac/user.go @@ -1,7 +1,7 @@ package rbac import ( - m "github.com/beego/admin/src/models" + m "admin/src/models" ) type UserController struct { @@ -23,16 +23,16 @@ func (this *UserController) Index() { users, count := m.Getuserlist(page, page_size, sort) if this.IsAjax() { this.Data["json"] = &map[string]interface{}{"total": count, "rows": &users} - this.ServeJson() + this.ServeJSON() return } else { - tree := this.GetTree() - this.Data["tree"] = &tree + // tree := this.GetTree() + // this.Data["tree"] = &tree this.Data["users"] = &users if this.GetTemplatetype() != "easyui" { this.Layout = this.GetTemplatetype() + "/public/layout.tpl" } - this.TplNames = this.GetTemplatetype() + "/rbac/user.tpl" + this.TplName = this.GetTemplatetype() + "/rbac/user.tpl" } }