Refactor CheckAccessPermission().

2025-05-23 18:54:03 +08:00 · 2022-07-13 00:50:32 +08:00 · 2022-07-13 00:50:32 +08:00 · 6e70f0fc58
commit 6e70f0fc58
parent 2bca424370
2 changed files with 20 additions and 11 deletions
--- a/controllers/auth.go
+++ b/controllers/auth.go
@ -51,7 +51,7 @@ func tokenToResponse(token *object.Token) *Response {
 func (c *ApiController) HandleLoggedIn(application *object.Application, user *object.User, form *RequestForm) (resp *Response) {
 	userId := user.GetId()
-	allowed, err := object.CheckPermission(userId, application)
+	allowed, err := object.CheckAccessPermission(userId, application)
 	if err != nil {
 		c.ResponseError(err.Error(), nil)
 		return
--- a/object/check.go
+++ b/object/check.go
@ -231,19 +231,28 @@ func CheckUserPermission(requestUserId, userId string, strict bool) (bool, error
 	return hasPermission, fmt.Errorf("you don't have the permission to do this")
 }
-func CheckPermission(userId string, application *Application) (bool, error) {
+func CheckAccessPermission(userId string, application *Application) (bool, error) {
 	permissions := GetPermissions(application.Organization)
-	allow := true
+	allowed := true
 	var err error
 	for _, permission := range permissions {
-		if permission.IsEnabled {
+		if !permission.IsEnabled {
-			for _, resource := range permission.Resources {
+			continue
-				if resource == application.Name {
+		}
-					enforcer := getEnforcer(permission)
+
-					allow, err = enforcer.Enforce(userId, application.Name, "read")
+		isHit := false
-				}
+		for _, resource := range permission.Resources {
 			if application.Name == resource {
 				isHit = true
 				break
 			}
 		}
 		if isHit {
 			enforcer := getEnforcer(permission)
 			allowed, err = enforcer.Enforce(userId, application.Name, "read")
 			break
 		}
 	}
-	return allow, err
+	return allowed, err
 }