登录用户,对于已经进行了权限设置的文档,将根据权限数据库,比对用户名,当与用户有关时,就显示相对应的权限,当都与登录用户无关时,则显示拒绝访问;
对于未登录用户,已经设置了权限的文档,都将显示拒绝访问;
对于登录和未登录用户,未进行权限设置的文档,则显示全部允许。
如果是用户自己上传的,则全部允许。
下图登陆用户和未登陆用户箭头指反了。
权限用casbin进行。
//提供给列表页的table中json数据 func (c *OnlyController) GetData() { //1.取得客户端用户名 var uname, useridstring string v := c.GetSession("uname") if v != nil { uname = v.(string) user, err := models.GetUserByUsername(uname) if err != nil { beego.Error(err) } c.Data["Uid"] = user.Id useridstring = strconv.FormatInt(user.Id, 10) } var myRes [][]string if useridstring != "" { myRes = e.GetPermissionsForUser(useridstring) } myResall := e.GetPermissionsForUser("") //取出所有设置了权限的数据 var err error docs, err := models.GetDocs() if err != nil { beego.Error(err) } link := make([]OnlyLink, 0) Docxslice := make([]DocxLink, 0) for _, w := range docs { Attachments, err := models.GetOnlyAttachments(w.Id) if err != nil { beego.Error(err) } linkarr := make([]OnlyLink, 1) linkarr[0].Id = w.Id linkarr[0].Code = w.Code linkarr[0].Title = w.Title linkarr[0].Label = w.Label linkarr[0].End = w.End linkarr[0].Principal = w.Principal linkarr[0].Uid = w.Uid linkarr[0].Created = w.Created linkarr[0].Updated = w.Updated for _, v := range Attachments { docxarr := make([]DocxLink, 1) docxarr[0].Permission = "1" //查询v.Id是否和myres的V1路径后面的id一致,如果一致,则取得V2(权限) //查询用户具有的权限 if useridstring != "" { //如果是登录用户,则设置了权限的文档不能看 for _, k := range myResall { if strconv.FormatInt(v.Id, 10) == path.Base(k[1]) { docxarr[0].Permission = "4" } } for _, k := range myRes { if strconv.FormatInt(v.Id, 10) == path.Base(k[1]) { docxarr[0].Permission = k[2] } } } else { //如果用户没登录,则设置了权限的文档不能看 for i, k := range myResall { //所有设置了权限的不能看 if strconv.FormatInt(v.Id, 10) == path.Base(k[1]) { docxarr[0].Permission = "4" } } } docxarr[0].Id = v.Id docxarr[0].Title = v.FileName if path.Ext(v.FileName) == ".docx" || path.Ext(v.FileName) == ".DOCX" || path.Ext(v.FileName) == ".doc" || path.Ext(v.FileName) == ".DOC" { docxarr[0].Suffix = "docx" } else if path.Ext(v.FileName) == ".XLSX" || path.Ext(v.FileName) == ".xlsx" || path.Ext(v.FileName) == ".XLS" || path.Ext(v.FileName) == ".xls" { docxarr[0].Suffix = "xlsx" } else if path.Ext(v.FileName) == ".pptx" || path.Ext(v.FileName) == ".PPTX" || path.Ext(v.FileName) == ".ppt" || path.Ext(v.FileName) == ".PPT" { docxarr[0].Suffix = "pptx" } else if path.Ext(v.FileName) == ".pdf" || path.Ext(v.FileName) == ".PDF" { docxarr[0].Suffix = "pdf" } else if path.Ext(v.FileName) == ".txt" || path.Ext(v.FileName) == ".TXT" { docxarr[0].Suffix = "txt" } Docxslice = append(Docxslice, docxarr...) } linkarr[0].Docxlink = Docxslice Docxslice = make([]DocxLink, 0) //再把slice置0 link = append(link, linkarr...) } c.Data["json"] = link //products c.ServeJSON() }