Fix error handling in SetPassword()

feat: optimize batch-enforce (#1997 )
fix: unsafe verification username in CheckUsername (#2006 )
2025-08-05 20:38:47 +08:00 · 2023-06-22 14:51:56 +08:00 · 2023-06-22 14:40:09 +08:00 · 2023-06-21 23:20:23 +08:00 · 2023-06-21 21:29:53 +08:00
6 changed files with 28 additions and 14 deletions
--- a/controllers/enforcer.go
+++ b/controllers/enforcer.go
@@ -135,8 +135,20 @@ func (c *ApiController) BatchEnforce() {
 	}

 	res := [][]bool{}
+	listPermissionIdMap := map[string][]string{}
+
 	for _, permission := range permissions {
-		enforceResult, err := object.BatchEnforce(permission.GetId(), &requests)
+		key := permission.Model + permission.Adapter
+		permissionIds, ok := listPermissionIdMap[key]
+		if !ok {
+			listPermissionIdMap[key] = []string{permission.GetId()}
+		} else {
+			listPermissionIdMap[key] = append(permissionIds, permission.GetId())
+		}
+	}
+
+	for _, permissionIds := range listPermissionIdMap {
+		enforceResult, err := object.BatchEnforce(permissionIds[0], &requests, permissionIds...)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
@@ -144,6 +156,7 @@ func (c *ApiController) BatchEnforce() {

 		res = append(res, enforceResult)
 	}
+
 	c.ResponseOk(res)
 }

--- a/controllers/user.go
+++ b/controllers/user.go
@@ -416,6 +416,7 @@ func (c *ApiController) SetPassword() {

 	requestUserId := c.GetSessionUsername()
 	if requestUserId == "" && code == "" {
+		c.ResponseError(c.T("general:Please login first"), "Please login first")
 		return
 	} else if code == "" {
 		hasPermission, err := object.CheckUserPermission(requestUserId, userId, true, c.GetAcceptLanguage())
@@ -425,7 +426,7 @@ func (c *ApiController) SetPassword() {
 		}
 	} else {
 		if code != c.GetSession("verifiedCode") {
-			c.ResponseError("")
+			c.ResponseError(c.T("general:Missing parameter"))
 			return
 		}
 		c.SetSession("verifiedCode", "")
--- a/object/check.go
+++ b/object/check.go
@@ -396,11 +396,6 @@ func CheckUsername(username string, lang string) string {
 		return i18n.Translate(lang, "check:Username is too long (maximum is 39 characters).")
 	}

-	exclude, _ := regexp.Compile("^[\u0021-\u007E]+$")
-	if !exclude.MatchString(username) {
-		return ""
-	}
-
 	// https://stackoverflow.com/questions/58726546/github-username-convention-using-regex
 	re, _ := regexp.Compile("^[a-zA-Z0-9]+((?:-[a-zA-Z0-9]+)|(?:_[a-zA-Z0-9]+))*$")
 	if !re.MatchString(username) {
--- a/object/permission_enforcer.go
+++ b/object/permission_enforcer.go
@@ -26,7 +26,7 @@ import (
 	xormadapter "github.com/casdoor/xorm-adapter/v3"
 )

-func getEnforcer(permission *Permission) *casbin.Enforcer {
+func getEnforcer(permission *Permission, permissionIDs ...string) *casbin.Enforcer {
 	tableName := "permission_rule"
 	if len(permission.Adapter) != 0 {
 		adapterObj, err := getCasbinAdapter(permission.Owner, permission.Adapter)
@@ -77,8 +77,13 @@ func getEnforcer(permission *Permission) *casbin.Enforcer {

 	enforcer.SetAdapter(adapter)

+	policyFilterV5 := []string{permission.GetId()}
+	if len(permissionIDs) != 0 {
+		policyFilterV5 = permissionIDs
+	}
+
 	policyFilter := xormadapter.Filter{
-		V5: []string{permission.GetId()},
+		V5: policyFilterV5,
 	}

 	if !HasRoleDefinition(m) {
@@ -251,7 +256,7 @@ func Enforce(permissionId string, request *CasbinRequest) (bool, error) {
 	return enforcer.Enforce(*request...)
 }

-func BatchEnforce(permissionId string, requests *[]CasbinRequest) ([]bool, error) {
+func BatchEnforce(permissionId string, requests *[]CasbinRequest, permissionIds ...string) ([]bool, error) {
 	permission, err := GetPermission(permissionId)
 	if err != nil {
 		res := []bool{}
@@ -262,7 +267,7 @@ func BatchEnforce(permissionId string, requests *[]CasbinRequest) ([]bool, error
 		return res, err
 	}

-	enforcer := getEnforcer(permission)
+	enforcer := getEnforcer(permission, permissionIds...)
 	return enforcer.BatchEnforce(*requests)
 }

--- a/object/token.go
+++ b/object/token.go
@@ -794,7 +794,7 @@ func GetWechatMiniProgramToken(application *Application, code string, host strin
 			ErrorDescription: "the wechat mini program session is invalid",
 		}, nil
 	}
-	user, err := getUserByWechatId(openId, unionId)
+	user, err := getUserByWechatId(application.Organization, openId, unionId)
 	if err != nil {
 		return nil, nil, err
 	}
--- a/object/user.go
+++ b/object/user.go
@@ -319,12 +319,12 @@ func getUserById(owner string, id string) (*User, error) {
 	}
 }

-func getUserByWechatId(wechatOpenId string, wechatUnionId string) (*User, error) {
+func getUserByWechatId(owner string, wechatOpenId string, wechatUnionId string) (*User, error) {
 	if wechatUnionId == "" {
 		wechatUnionId = wechatOpenId
 	}
 	user := &User{}
-	existed, err := adapter.Engine.Where("wechat = ? OR wechat = ?", wechatOpenId, wechatUnionId).Get(user)
+	existed, err := adapter.Engine.Where("owner = ?", owner).Where("wechat = ? OR wechat = ?", wechatOpenId, wechatUnionId).Get(user)
 	if err != nil {
 		return nil, err
 	}
Author	SHA1	Message	Date
Yang Luo	b817a55f9f	Fix error handling in SetPassword()	2023-06-22 14:51:56 +08:00
June	2c2ddfbb92	feat: optimize batch-enforce (#1997 )	2023-06-22 14:40:09 +08:00
Alex OvsInc	cadb533595	fix: unsafe verification username in CheckUsername (#2006 ) * Customization of the initialization file * Unsafe verification username in CheckUsername	2023-06-21 23:20:23 +08:00
Yang Luo	a3b0f1fc74	feat: add owner to getUserByWechatId()	2023-06-21 21:29:53 +08:00