【权限路径对比逻辑】

2023-08-30 15:22:48 +08:00 · 2023-08-30 15:22:48 +08:00 · 6b2a07b4f7
parent daeaf08854
commit 6b2a07b4f7
2 changed files with 8 additions and 7 deletions
--- a/api/project.go
+++ b/api/project.go
@ -37,7 +37,7 @@ func InitProjectRouter(api *gin.RouterGroup, authMiddleware *jwt.GinJWTMiddlewar
 //	@Failure		401	{object}	dto.ErrorDto
 //	@Failure		404	{object}	dto.ErrorDto
 //	@Failure		500	{object}	dto.ErrorDto
-//	@Router			/api/v1/Project/paging [get]
+//	@Router			/api/v1/project/paging [get]
 func pageQueryProject(c *gin.Context) {
 	req := dto.PageProjectReqDto{}
 	if err := c.ShouldBind(&req); err != nil {
@ -68,7 +68,7 @@ func pageQueryProject(c *gin.Context) {
 //	@Failure		401	{object}	dto.ErrorDto
 //	@Failure		404	{object}	dto.ErrorDto
 //	@Failure		500	{object}	dto.ErrorDto
-//	@Router			/api/v1/Project/list [get]
+//	@Router			/api/v1/project/list [get]
 func listQueryProject(c *gin.Context) {
 	req := dto.ProjectReqDto{}
 	if err := c.ShouldBind(&req); err != nil {
@ -98,7 +98,7 @@ func listQueryProject(c *gin.Context) {
 //	@Failure		401	{object}	dto.ErrorDto
 //	@Failure		404	{object}	dto.ErrorDto
 //	@Failure		500	{object}	dto.ErrorDto
-//	@Router			/api/v1/Project [post]
+//	@Router			/api/v1/project [post]
 func createProject(c *gin.Context) {
 	req := dto.ProjectDto{}
 	if err := c.ShouldBind(&req); err != nil {
@ -129,7 +129,7 @@ func createProject(c *gin.Context) {
 //	@Failure		401	{object}	dto.ErrorDto
 //	@Failure		404	{object}	dto.ErrorDto
 //	@Failure		500	{object}	dto.ErrorDto
-//	@Router			/api/v1/Project/{id} [get]
+//	@Router			/api/v1/project/{id} [get]
 func queryProjectInfo(c *gin.Context) {
 	id, exist := c.Params.Get("id")
 	if !exist {
@ -157,7 +157,7 @@ func queryProjectInfo(c *gin.Context) {
 //	@Failure		401	{object}	dto.ErrorDto
 //	@Failure		404	{object}	dto.ErrorDto
 //	@Failure		500	{object}	dto.ErrorDto
-//	@Router			/api/v1/Project/{id} [put]
+//	@Router			/api/v1/project/{id} [put]
 func updateProjectInfo(c *gin.Context) {
 	id, exist := c.Params.Get("id")
 	if !exist {
@ -194,7 +194,7 @@ func updateProjectInfo(c *gin.Context) {
 //	@Failure		401	{object}	dto.ErrorDto
 //	@Failure		404	{object}	dto.ErrorDto
 //	@Failure		500	{object}	dto.ErrorDto
-//	@Router			/api/v1/Project/{id} [delete]
+//	@Router			/api/v1/project/{id} [delete]
 func deleteProject(c *gin.Context) {
 	user, _ := c.Get(middleware.IdentityKey)
 	zap.S().Debug("id删除草稿的图形数据", user)
--- a/middleware/auth.go
+++ b/middleware/auth.go
@ -38,6 +38,7 @@ func permissionMiddleware() gin.HandlerFunc {
 				if isVaild { // 用户有权限
 					c.Next()
 				} else {
 					zap.S().Errorf("无权限操作请求路径：%s, 方法：%s", path, method)
 					panic(dto.ErrorDto{Code: dto.NoAuthOperationError, Message: "无权限操作"})
 				}
 			}
@ -53,7 +54,7 @@ func validateUserPath(path, method string, paths []*dto.AuthPath) bool {
 			authPathArr := strings.Split(p.Path, "/")
 			isValid := true
 			for i, p := range reqPathArr {
-				if p == "{id}" || p == ":id" || p == authPathArr[i] {
+				if authPathArr[i] == "{id}" || authPathArr[i] == ":id" || p == authPathArr[i] {
 					continue
 				} else if authPathArr[i] == "*" {
 					isValid = true