Merge pull request #2934 from actiontech/fix-premission-middle-ware

fix: remove hardcoded project id in permission middleware
actiontech · Feb 25, 2025 · 0fa401c · 0fa401c
2 parents 4a5a8ed + 83eeb75
commit 0fa401c
Showing 1 changed file with 15 additions and 28 deletions.
diff --git a/sqle/api/middleware/permission.go b/sqle/api/middleware/permission.go
@@ -10,42 +10,20 @@ import (
 	"github.com/labstack/echo/v4"
 )
 
-// AdminUserAllowed is a `echo` middleware, only allow admin user to access next.
-func AdminUserAllowed() echo.MiddlewareFunc {
-	return func(next echo.HandlerFunc) echo.HandlerFunc {
-		return func(c echo.Context) error {
-			uid, err := dmsJWT.GetUserUidStrFromContextWithOldJwt(c)
-			if err != nil {
-				return echo.NewHTTPError(http.StatusForbidden)
-			}
-			up, err := dms.NewUserPermission(uid, "700300" /*TODO 支持不传空间 */)
-			if err != nil {
-				return echo.NewHTTPError(http.StatusForbidden)
-			}
-			if up.IsAdmin() {
-				return next(c)
-			}
-			return echo.NewHTTPError(http.StatusForbidden)
-		}
-	}
-}
-
 func OpGlobalAllowed() echo.MiddlewareFunc {
 	return func(next echo.HandlerFunc) echo.HandlerFunc {
 		return func(c echo.Context) error {
 			uid, err := dmsJWT.GetUserUidStrFromContextWithOldJwt(c)
 			if err != nil {
 				return echo.NewHTTPError(http.StatusForbidden)
 			}
-			up, err := dms.NewUserPermission(uid, "700300" /*TODO 支持不传空间 */)
+			up, err := dms.NewUserPermission(uid, "")
 			if err != nil {
 				return echo.NewHTTPError(http.StatusForbidden)
 			}
-
 			if up.CanOpGlobal() {
 				return next(c)
 			}
-
 			return echo.NewHTTPError(http.StatusForbidden)
 		}
 	}
@@ -58,7 +36,13 @@ func OpProjectAllowed() echo.MiddlewareFunc {
 			if err != nil {
 				return echo.NewHTTPError(http.StatusForbidden)
 			}
-			up, err := dms.NewUserPermission(uid, "700300" /*TODO 支持不传空间 */)
+
+			projectUid, err := dms.GetPorjectUIDByName(context.TODO(), c.Param("project_name"))
+			if err != nil {
+				return controller.JSONBaseErrorReq(c, err)
+			}
+
+			up, err := dms.NewUserPermission(uid, projectUid)
 			if err != nil {
 				return echo.NewHTTPError(http.StatusForbidden)
 			}
@@ -79,15 +63,13 @@ func ViewGlobalAllowed() echo.MiddlewareFunc {
 			if err != nil {
 				return echo.NewHTTPError(http.StatusForbidden)
 			}
-			up, err := dms.NewUserPermission(uid, "700300" /*TODO 支持不传空间 */)
+			up, err := dms.NewUserPermission(uid, "")
 			if err != nil {
 				return echo.NewHTTPError(http.StatusForbidden)
 			}
-
 			if up.CanViewGlobal() {
 				return next(c)
 			}
-
 			return echo.NewHTTPError(http.StatusForbidden)
 		}
 	}
@@ -100,7 +82,12 @@ func ViewProjectAllowed() echo.MiddlewareFunc {
 			if err != nil {
 				return echo.NewHTTPError(http.StatusForbidden)
 			}
-			up, err := dms.NewUserPermission(uid, "700300" /*TODO 支持不传空间 */)
+			projectUid, err := dms.GetPorjectUIDByName(context.TODO(), c.Param("project_name"))
+			if err != nil {
+				return controller.JSONBaseErrorReq(c, err)
+			}
+
+			up, err := dms.NewUserPermission(uid, projectUid)
 			if err != nil {
 				return echo.NewHTTPError(http.StatusForbidden)
 			}