feat: user migration
This commit is contained in:
@@ -1,6 +1,8 @@
|
||||
package middleware
|
||||
|
||||
import (
|
||||
"hr_receiver/config"
|
||||
"hr_receiver/models"
|
||||
"hr_receiver/util"
|
||||
"net/http"
|
||||
"strings"
|
||||
@@ -33,12 +35,33 @@ func JWTAuth() gin.HandlerFunc {
|
||||
return
|
||||
}
|
||||
|
||||
role := claims.Role
|
||||
flavorType := claims.FlavorType
|
||||
regionIDs := claims.RegionIDs
|
||||
|
||||
if role == "" || flavorType == "" {
|
||||
var user models.User
|
||||
if err := config.DB.Preload("Regions").First(&user, claims.UserID).Error; err != nil {
|
||||
c.JSON(http.StatusUnauthorized, gin.H{"error": "User not found"})
|
||||
c.Abort()
|
||||
return
|
||||
}
|
||||
if !user.IsActive {
|
||||
c.JSON(http.StatusForbidden, gin.H{"error": "User is disabled"})
|
||||
c.Abort()
|
||||
return
|
||||
}
|
||||
role = user.Role
|
||||
flavorType = user.FlavorType
|
||||
regionIDs = user.RegionIDs()
|
||||
}
|
||||
|
||||
// 将用户信息存入上下文
|
||||
c.Set("userID", claims.UserID)
|
||||
c.Set("username", claims.Username)
|
||||
c.Set("role", claims.Role)
|
||||
c.Set("flavorType", claims.FlavorType)
|
||||
c.Set("regionIDs", claims.RegionIDs)
|
||||
c.Set("role", role)
|
||||
c.Set("flavorType", flavorType)
|
||||
c.Set("regionIDs", regionIDs)
|
||||
|
||||
c.Next()
|
||||
}
|
||||
|
||||
@@ -0,0 +1,55 @@
|
||||
package middleware
|
||||
|
||||
import (
|
||||
"hr_receiver/models"
|
||||
"net/http"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
)
|
||||
|
||||
func RequireStepTrainingAccess() gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
roleValue, exists := c.Get("role")
|
||||
if !exists {
|
||||
c.JSON(http.StatusForbidden, gin.H{"error": "missing user role"})
|
||||
c.Abort()
|
||||
return
|
||||
}
|
||||
role, ok := roleValue.(models.UserRole)
|
||||
if !ok {
|
||||
c.JSON(http.StatusForbidden, gin.H{"error": "invalid user role"})
|
||||
c.Abort()
|
||||
return
|
||||
}
|
||||
|
||||
if role != models.UserRoleSuperAdmin &&
|
||||
role != models.UserRoleRegionAdmin &&
|
||||
role != models.UserRoleOperator {
|
||||
c.JSON(http.StatusForbidden, gin.H{"error": "insufficient role permissions"})
|
||||
c.Abort()
|
||||
return
|
||||
}
|
||||
|
||||
flavorValue, exists := c.Get("flavorType")
|
||||
if !exists {
|
||||
c.JSON(http.StatusForbidden, gin.H{"error": "missing user flavor"})
|
||||
c.Abort()
|
||||
return
|
||||
}
|
||||
flavorType, ok := flavorValue.(models.UserFlavorType)
|
||||
if !ok {
|
||||
c.JSON(http.StatusForbidden, gin.H{"error": "invalid user flavor"})
|
||||
c.Abort()
|
||||
return
|
||||
}
|
||||
|
||||
if flavorType != models.UserFlavorAll &&
|
||||
flavorType != models.UserFlavorFlink {
|
||||
c.JSON(http.StatusForbidden, gin.H{"error": "insufficient flavor permissions"})
|
||||
c.Abort()
|
||||
return
|
||||
}
|
||||
|
||||
c.Next()
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user