From e266696b323b790427cde0ae75828742fe87c143 Mon Sep 17 00:00:00 2001 From: cofecatt <60803595+cofecatt@users.noreply.github.com> Date: Fri, 2 Sep 2022 12:03:13 +0800 Subject: [PATCH] feat: add default permission to built-in group (#1087) * fix: add default permission * fix: add default permission * fix: add default permission --- object/check.go | 4 ++++ object/init.go | 2 +- object/permission.go | 14 ++++++++++++++ 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/object/check.go b/object/check.go index f009e88a..92acd7c0 100644 --- a/object/check.go +++ b/object/check.go @@ -302,6 +302,10 @@ func CheckAccessPermission(userId string, application *Application) (bool, error } if isHit { + containsAsterisk := ContainsAsterisk(userId, permission.Users) + if containsAsterisk { + return true, err + } enforcer := getEnforcer(permission) allowed, err = enforcer.Enforce(userId, application.Name, "read") break diff --git a/object/init.go b/object/init.go index 4cef263e..ddea800a 100644 --- a/object/init.go +++ b/object/init.go @@ -276,7 +276,7 @@ func initBuiltInPermission() { Name: "permission-built-in", CreatedTime: util.GetCurrentTime(), DisplayName: "Built-in Permission", - Users: []string{"built-in/admin"}, + Users: []string{"built-in/*"}, Roles: []string{}, Domains: []string{}, Model: "model-built-in", diff --git a/object/permission.go b/object/permission.go index 019989bf..29506321 100644 --- a/object/permission.go +++ b/object/permission.go @@ -207,3 +207,17 @@ func GetPermissionsBySubmitter(owner string, submitter string) []*Permission { return permissions } + +func ContainsAsterisk(userId string, users []string) bool { + containsAsterisk := false + group, _ := util.GetOwnerAndNameFromId(userId) + for _, user := range users { + permissionGroup, permissionUserName := util.GetOwnerAndNameFromId(user) + if permissionGroup == group && permissionUserName == "*" { + containsAsterisk = true + break + } + } + + return containsAsterisk +}