llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-05-23 02:35:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: fix CheckLoginPermission() logic

Browse Source
This commit is contained in:
Yang Luo 2023-10-13 15:41:23 +08:00
parent 80a8000057
commit ec0a8e16f7
3 changed files with 45 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
object/check.go
View File

@ -361,6 +361,8 @@ func CheckLoginPermission(userId string, application *Application) (bool, error)
return false, err return false, err
} }
allowPermissionCount := 0
denyPermissionCount := 0
allowCount := 0 allowCount := 0
denyCount := 0 denyCount := 0
for _, permission := range permissions { for _, permission := range permissions {
@ -368,8 +370,13 @@ func CheckLoginPermission(userId string, application *Application) (bool, error)
continue continue
} }
if permission.isUserHit(userId) { if !permission.isUserHit(userId) {
allowCount += 1 if permission.Effect == "Allow" {
allowPermissionCount += 1
} else {
denyPermissionCount += 1
}
continue
} }
enforcer := getPermissionEnforcer(permission) enforcer := getPermissionEnforcer(permission)
@ -391,8 +398,18 @@ func CheckLoginPermission(userId string, application *Application) (bool, error)
} }
} }
// Deny-override, if one deny is found, then deny
if denyCount > 0 { if denyCount > 0 {
return false, nil return false, nil
} else if allowCount > 0 {
return true, nil
}
// For no-allow and no-deny condition
// If only allow permissions exist, we suppose it's Deny-by-default, aka no-allow means deny
// Otherwise, it's Allow-by-default, aka no-deny means allow
if allowPermissionCount > 0 && denyPermissionCount == 0 {
return false, nil
} }
return true, nil return true, nil
} }

6
object/permission.go
View File

@ -424,10 +424,10 @@ func (p *Permission) GetId() string {
} }
func (p *Permission) isUserHit(name string) bool { func (p *Permission) isUserHit(name string) bool {
targetOrg, _ := util.GetOwnerAndNameFromId(name) targetOrg, targetName := util.GetOwnerAndNameFromId(name)
for _, user := range p.Users { for _, user := range p.Users {
userOrg, userName := util.GetOwnerAndNameFromId(user) userOrg, userName := util.GetOwnerAndNameFromId(user)
if userOrg == targetOrg && userName == "*" { if userOrg == targetOrg && (userName == "*" || userName == targetName) {
return true return true
} }
} }
@ -436,7 +436,7 @@ func (p *Permission) isUserHit(name string) bool {
func (p *Permission) isResourceHit(name string) bool { func (p *Permission) isResourceHit(name string) bool {
for _, resource := range p.Resources { for _, resource := range p.Resources {
if name == resource { if resource == "*" || resource == name {
return true return true
} }
} }

31
web/src/PermissionEditPage.js
View File

@ -277,7 +277,10 @@ class PermissionEditPage extends React.Component {
<Col span={22} > <Col span={22} >
<Select virtual={false} mode="multiple" style={{width: "100%"}} value={this.state.permission.users} <Select virtual={false} mode="multiple" style={{width: "100%"}} value={this.state.permission.users}
onChange={(value => {this.updatePermissionField("users", value);})} onChange={(value => {this.updatePermissionField("users", value);})}
options={this.state.users.map((user) => Setting.getOption(`${user.owner}/${user.name}`, `${user.owner}/${user.name}`))} options={[
Setting.getOption(i18next.t("organization:All"), "*"),
...this.state.users.map((user) => Setting.getOption(`${user.owner}/${user.name}`, `${user.owner}/${user.name}`)),
]}
/> />
</Col> </Col>
</Row> </Row>
@ -288,7 +291,10 @@ class PermissionEditPage extends React.Component {
<Col span={22} > <Col span={22} >
<Select virtual={false} mode="multiple" style={{width: "100%"}} value={this.state.permission.groups} <Select virtual={false} mode="multiple" style={{width: "100%"}} value={this.state.permission.groups}
onChange={(value => {this.updatePermissionField("groups", value);})} onChange={(value => {this.updatePermissionField("groups", value);})}
options={this.state.groups.map((group) => Setting.getOption(`${group.owner}/${group.name}`, `${group.owner}/${group.name}`))} options={[
Setting.getOption(i18next.t("organization:All"), "*"),
...this.state.groups.map((group) => Setting.getOption(`${group.owner}/${group.name}`, `${group.owner}/${group.name}`)),
]}
/> />
</Col> </Col>
</Row> </Row>
@ -299,8 +305,11 @@ class PermissionEditPage extends React.Component {
<Col span={22} > <Col span={22} >
<Select disabled={!this.hasRoleDefinition(this.state.model)} virtual={false} mode="multiple" style={{width: "100%"}} value={this.state.permission.roles} <Select disabled={!this.hasRoleDefinition(this.state.model)} virtual={false} mode="multiple" style={{width: "100%"}} value={this.state.permission.roles}
onChange={(value => {this.updatePermissionField("roles", value);})} onChange={(value => {this.updatePermissionField("roles", value);})}
options={this.state.roles.filter(roles => (roles.owner !== this.state.roles.owner || roles.name !== this.state.roles.name)).map((permission) => Setting.getOption(`${permission.owner}/${permission.name}`, `${permission.owner}/${permission.name}`)) options={[
} /> Setting.getOption(i18next.t("organization:All"), "*"),
...this.state.roles.filter(roles => (roles.owner !== this.state.roles.owner || roles.name !== this.state.roles.name)).map((permission) => Setting.getOption(`${permission.owner}/${permission.name}`, `${permission.owner}/${permission.name}`)),
]}
/>
</Col> </Col>
</Row> </Row>
<Row style={{marginTop: "20px"}} > <Row style={{marginTop: "20px"}} >
@ -312,8 +321,11 @@ class PermissionEditPage extends React.Component {
onChange={(value => { onChange={(value => {
this.updatePermissionField("domains", value); this.updatePermissionField("domains", value);
})} })}
options={this.state.permission.domains.map((domain) => Setting.getOption(domain, domain)) options={[
} /> Setting.getOption(i18next.t("organization:All"), "*"),
...this.state.permission.domains.map((domain) => Setting.getOption(domain, domain)),
]}
/>
</Col> </Col>
</Row> </Row>
<Row style={{marginTop: "20px"}} > <Row style={{marginTop: "20px"}} >
@ -340,8 +352,11 @@ class PermissionEditPage extends React.Component {
<Col span={22} > <Col span={22} >
<Select virtual={false} mode={(this.state.permission.resourceType === "Custom") ? "tags" : "multiple"} style={{width: "100%"}} value={this.state.permission.resources} <Select virtual={false} mode={(this.state.permission.resourceType === "Custom") ? "tags" : "multiple"} style={{width: "100%"}} value={this.state.permission.resources}
onChange={(value => {this.updatePermissionField("resources", value);})} onChange={(value => {this.updatePermissionField("resources", value);})}
options={this.state.resources.map((resource) => Setting.getOption(`${resource.name}`, `${resource.name}`)) options={[
} /> Setting.getOption(i18next.t("organization:All"), "*"),
...this.state.resources.map((resource) => Setting.getOption(`${resource.name}`, `${resource.name}`)),
]}
/>
</Col> </Col>
</Row> </Row>
<Row style={{marginTop: "20px"}} > <Row style={{marginTop: "20px"}} >