llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-05-23 18:54:03 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix delete-resource authz failure.

Browse Source
This commit is contained in:
Yang Luo 2022-03-01 22:37:23 +08:00
parent 697b3e4998
commit 18aa70dfb2
2 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
authz/authz.go
View File

@ -54,7 +54,7 @@ m = (r.subOwner == p.subOwner || p.subOwner == "*") && \
(r.urlPath == p.urlPath || p.urlPath == "*") && \
(r.objOwner == p.objOwner || p.objOwner == "*") && \
(r.objName == p.objName || p.objName == "*") || \
(r.urlPath == "/api/update-user" && r.subOwner == r.objOwner && r.subName == r.objName)
(r.subOwner == r.objOwner && r.subName == r.objName)
`
m, err := model.NewModelFromString(modelText)

11
routers/authz_filter.go
View File

@ -18,6 +18,7 @@ import (
"encoding/json"
"fmt"
"net/http"
"strings"
"github.com/astaxie/beego/context"
"github.com/casdoor/casdoor/authz"
@ -57,6 +58,8 @@ func getSubject(ctx *context.Context) (string, string) {
func getObject(ctx *context.Context) (string, string) {
method := ctx.Request.Method
path := ctx.Request.URL.Path
if method == http.MethodGet {
// query == "?id=built-in/admin"
id := ctx.Input.Query("id")
@ -78,6 +81,14 @@ func getObject(ctx *context.Context) (string, string) {
//panic(err)
return "", ""
}
if path == "/api/delete-resource" {
tokens := strings.Split(obj.Name, "/")
if len(tokens) >= 2 {
obj.Name = tokens[len(tokens)-2]
}
}
return obj.Owner, obj.Name
}
}