From f2c9c5a7f65fc094b293b271cc660a391edbab51 Mon Sep 17 00:00:00 2001 From: Leufolium Date: Mon, 22 Apr 2024 07:18:23 +0800 Subject: [PATCH] by Robin at 20240422 --- app/mix/service/business_validator/auth.go | 83 ++++++++++++++++++++++ 1 file changed, 83 insertions(+) diff --git a/app/mix/service/business_validator/auth.go b/app/mix/service/business_validator/auth.go index 90e95a15..304b2fa7 100644 --- a/app/mix/service/business_validator/auth.go +++ b/app/mix/service/business_validator/auth.go @@ -27,6 +27,7 @@ type AuthBusinessValidator struct { accountrelation *dbstruct.AccountRelation momentCreateTimes *dbstruct.MomentCreateTimes accountpunishment *dbstruct.AccountPunishment + zoneThirdPartner *dbstruct.ZoneThirdPartner } func NewAuthBusinessValidator(ctx *gin.Context, req any) *AuthBusinessValidator { @@ -51,6 +52,18 @@ func (a *AuthBusinessValidator) EnsureIsOperatingHisOwn(reqMid int64) *AuthBusin return a } +// 确认不对本人操作 +func (a *AuthBusinessValidator) EnsureIsNotOperatingHisOwn(Uid int64) *AuthBusinessValidator { + a.oplist = append(a.oplist, func() { + if a.OperMid != Uid { + logger.Error("Insufficient privileges: this operation is self-execute-only") + a.ec = errcode.ErrCodeOperationToSelfIsNotPermitted + return + } + }) + return a +} + // 查询账户 func (a *AuthBusinessValidator) QueryAccount(QueryFunc func(ctx *gin.Context, req *accountproto.OpListByMidReq) (*dbstruct.Account, error)) *AuthBusinessValidator { a.oplist = append(a.oplist, func() { @@ -69,6 +82,24 @@ func (a *AuthBusinessValidator) QueryAccount(QueryFunc func(ctx *gin.Context, re return a } +// 查询指定账户 +func (a *AuthBusinessValidator) QueryAccountForUid(QueryFunc func(ctx *gin.Context, req *accountproto.OpListByMidReq) (*dbstruct.Account, error), Uid int64) *AuthBusinessValidator { + a.oplist = append(a.oplist, func() { + listByMidReq := &accountproto.OpListByMidReq{ + Mid: goproto.Int64(Uid), + } + account, err := QueryFunc(a.ctx, listByMidReq) + + if err != nil { + logger.Error("Query account failed, err: %v", err) + a.ec = errcode.ErrCodeAccountSrvFail + return + } + a.account = account + }) + return a +} + func (a *AuthBusinessValidator) EnsureAccountExist() *AuthBusinessValidator { a.oplist = append(a.oplist, func() { if a.account == nil { @@ -127,6 +158,21 @@ func (a *AuthBusinessValidator) EnsureIsInTheseRoles(roles []int64) *AuthBusines return a } +// 角色鉴权 +func (a *AuthBusinessValidator) EnsureIsNotThisRole(role int64) *AuthBusinessValidator { + a.oplist = append(a.oplist, func() { + + accountRole := util.DerefInt64(a.account.Role) + + if accountRole == role { + logger.Error("Insufficient privileges of role: %v, this operation to %v is not permitted", consts.RoleNameMap[role]) + a.ec = errcode.ErrCodeRolePrivilegesNotEnough + return + } + }) + return a +} + // 角色鉴权-后台系统 func (a *AuthBusinessValidator) EnsureIsOpRole() *AuthBusinessValidator { a.oplist = append(a.oplist, func() { @@ -454,6 +500,43 @@ func (l *AuthBusinessValidator) EnsureZoneMomentImagesEnoughForEncryption(mType } +func (l *AuthBusinessValidator) QueryZoneThirdPartnerByZid(fun func(*gin.Context, int64) (*dbstruct.ZoneThirdPartner, error), zid int64) *AuthBusinessValidator { + l.oplist = append(l.oplist, func() { + + zoneThirdPartner, err := fun(l.ctx, zid) + if err != nil { + l.ec = errcode.ErrCodeZoneThirdPartnerSrvFail + return + } + l.zoneThirdPartner = zoneThirdPartner + + }) + return l +} + +func (l *AuthBusinessValidator) EnsureZoneThirdPartnerExist() *AuthBusinessValidator { + l.oplist = append(l.oplist, func() { + + if l.zoneThirdPartner == nil { + l.ec = errcode.ErrCodeZoneThirdPartnerNotExist + return + } + }) + return l +} + +func (l *AuthBusinessValidator) EnsureZoneCollaboratorCreaterIsZoneThirdPartner(createrMid int64) *AuthBusinessValidator { + l.oplist = append(l.oplist, func() { + + if l.zoneThirdPartner.GetThirdPartnerMid() != createrMid { + l.ec = errcode.ErrCodeZoneCollaboratorCreateIsZTPOnlyOperation + return + } + + }) + return l +} + // 执行校验 func (a *AuthBusinessValidator) Validate() *AuthBusinessValidator { a.BusinessValidateStream.Validate()