版权声明:本文为博主原创文章,未经博主允许不得转载。 https://cloud.tencent.com/developer/article/1334565
登录用户,对于已经进行了权限设置的文档,将根据权限数据库,比对用户名,当与用户有关时,就显示相对应的权限,当都与登录用户无关时,则显示拒绝访问;
对于未登录用户,已经设置了权限的文档,都将显示拒绝访问;
对于登录和未登录用户,未进行权限设置的文档,则显示全部允许。
如果是用户自己上传的,则全部允许。
下图登陆用户和未登陆用户箭头指反了。
权限用casbin进行。
//提供给列表页的table中json数据
func (c *OnlyController) GetData() {
//1.取得客户端用户名
var uname, useridstring string
v := c.GetSession("uname")
if v != nil {
uname = v.(string)
user, err := models.GetUserByUsername(uname)
if err != nil {
beego.Error(err)
}
c.Data["Uid"] = user.Id
useridstring = strconv.FormatInt(user.Id, 10)
}
var myRes [][]string
if useridstring != "" {
myRes = e.GetPermissionsForUser(useridstring)
}
myResall := e.GetPermissionsForUser("") //取出所有设置了权限的数据
var err error
docs, err := models.GetDocs()
if err != nil {
beego.Error(err)
}
link := make([]OnlyLink, 0)
Docxslice := make([]DocxLink, 0)
for _, w := range docs {
Attachments, err := models.GetOnlyAttachments(w.Id)
if err != nil {
beego.Error(err)
}
linkarr := make([]OnlyLink, 1)
linkarr[0].Id = w.Id
linkarr[0].Code = w.Code
linkarr[0].Title = w.Title
linkarr[0].Label = w.Label
linkarr[0].End = w.End
linkarr[0].Principal = w.Principal
linkarr[0].Uid = w.Uid
linkarr[0].Created = w.Created
linkarr[0].Updated = w.Updated
for _, v := range Attachments {
docxarr := make([]DocxLink, 1)
docxarr[0].Permission = "1"
//查询v.Id是否和myres的V1路径后面的id一致,如果一致,则取得V2(权限)
//查询用户具有的权限
if useridstring != "" { //如果是登录用户,则设置了权限的文档不能看
for _, k := range myResall {
if strconv.FormatInt(v.Id, 10) == path.Base(k[1]) {
docxarr[0].Permission = "4"
}
}
for _, k := range myRes {
if strconv.FormatInt(v.Id, 10) == path.Base(k[1]) {
docxarr[0].Permission = k[2]
}
}
} else { //如果用户没登录,则设置了权限的文档不能看
for i, k := range myResall { //所有设置了权限的不能看
if strconv.FormatInt(v.Id, 10) == path.Base(k[1]) {
docxarr[0].Permission = "4"
}
}
}
docxarr[0].Id = v.Id
docxarr[0].Title = v.FileName
if path.Ext(v.FileName) == ".docx" || path.Ext(v.FileName) == ".DOCX" || path.Ext(v.FileName) == ".doc" || path.Ext(v.FileName) == ".DOC" {
docxarr[0].Suffix = "docx"
} else if path.Ext(v.FileName) == ".XLSX" || path.Ext(v.FileName) == ".xlsx" || path.Ext(v.FileName) == ".XLS" || path.Ext(v.FileName) == ".xls" {
docxarr[0].Suffix = "xlsx"
} else if path.Ext(v.FileName) == ".pptx" || path.Ext(v.FileName) == ".PPTX" || path.Ext(v.FileName) == ".ppt" || path.Ext(v.FileName) == ".PPT" {
docxarr[0].Suffix = "pptx"
} else if path.Ext(v.FileName) == ".pdf" || path.Ext(v.FileName) == ".PDF" {
docxarr[0].Suffix = "pdf"
} else if path.Ext(v.FileName) == ".txt" || path.Ext(v.FileName) == ".TXT" {
docxarr[0].Suffix = "txt"
}
Docxslice = append(Docxslice, docxarr...)
}
linkarr[0].Docxlink = Docxslice
Docxslice = make([]DocxLink, 0) //再把slice置0
link = append(link, linkarr...)
}
c.Data["json"] = link //products
c.ServeJSON()
}