llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-09-09 02:32:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

Return 200 for denied request.

Browse Source
This commit is contained in:
Yang Luo
2021-08-14 14:02:45 +08:00
parent d3c4f14bd4
commit b7e0a4fe4e
3 changed files with 45 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
routers/authz_filter.go
View File

@@ -22,7 +22,6 @@ import (
"github.com/astaxie/beego/context" "github.com/astaxie/beego/context"
"github.com/casbin/casdoor/authz" "github.com/casbin/casdoor/authz"
"github.com/casbin/casdoor/controllers"
"github.com/casbin/casdoor/object" "github.com/casbin/casdoor/object"
"github.com/casbin/casdoor/util" "github.com/casbin/casdoor/util"
) )
@@ -104,16 +103,6 @@ func getObject(ctx *context.Context) (string, string) {
} }
} }
func denyRequest(ctx *context.Context) {
w := ctx.ResponseWriter
w.WriteHeader(403)
resp := &controllers.Response{Status: "error", Msg: "Unauthorized operation"}
_, err := w.Write([]byte(util.StructToJson(resp)))
if err != nil {
panic(err)
}
}
func willLog(subOwner string, subName string, method string, urlPath string, objOwner string, objName string) bool { func willLog(subOwner string, subName string, method string, urlPath string, objOwner string, objName string) bool {
if subOwner == "anonymous" && subName == "anonymous" && method == "GET" && (urlPath == "/api/get-account" || urlPath == "/api/get-app-login") && objOwner == "" && objName == "" { if subOwner == "anonymous" && subName == "anonymous" && method == "GET" && (urlPath == "/api/get-account" || urlPath == "/api/get-app-login") && objOwner == "" && objName == "" {
return false return false

44
routers/base.go Normal file
View File

@@ -0,0 +1,44 @@
// Copyright 2021 The casbin Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package routers
import "github.com/astaxie/beego/context"
type Response struct {
Status string `json:"status"`
Msg string `json:"msg"`
Data interface{} `json:"data"`
Data2 interface{} `json:"data2"`
}
func responseError(ctx *context.Context, error string, data ...interface{}) {
resp := Response{Status: "error", Msg: error}
switch len(data) {
case 2:
resp.Data2 = data[1]
fallthrough
case 1:
resp.Data = data[0]
}
err := ctx.Output.JSON(resp, true, false)
if err != nil {
panic(err)
}
}
func denyRequest(ctx *context.Context) {
responseError(ctx, "Unauthorized operation")
}

2
web/src/UserEditPage.js
View File

@@ -179,7 +179,7 @@ class UserEditPage extends React.Component {
</Col> </Col>
</Row> </Row>
<Row style={{marginTop: '20px'}}> <Row style={{marginTop: '20px'}}>
<CropperDiv buttonText={`${i18next.t("user:Upload a photo")}...`} title={i18next.t("user:Upload a photo")} targetFunction={UserBackend.uploadAvatar} /> <CropperDiv buttonText={`${i18next.t("user:Upload a photo")}...`} title={i18next.t("user:Upload a photo")} user={this.state.user} />
</Row> </Row>
</Col> </Col>
</Row> </Row>