权限检验中间件

server/ldap-admin/internal/logic/saveapilogic.go

@@ -3,8 +3,8 @@ package logic
 import (
 	"errors"
 	"fusenapi/model/gmodel"
-	"fusenapi/utils/auth"
 	"fusenapi/utils/basic"
+	"net/http"
 
 	"context"
 
@@ -33,9 +33,14 @@ func NewSaveApiLogic(ctx context.Context, svcCtx *svc.ServiceContext) *SaveApiLo
 // func (l *SaveApiLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) {
 // }
 
-func (l *SaveApiLogic) SaveApi(req *types.SaveApiReq, userinfo *auth.UserInfo) (resp *basic.Response) {
+func (l *SaveApiLogic) SaveApi(req *types.SaveApiReq, r *http.Request) (resp *basic.Response) {
 	// 返回值必须调用Set重新返回, resp可以空指针调用 resp.SetStatus(basic.CodeOK, data)
 	// userinfo 传入值时, 一定不为null
+
+	if !l.svcCtx.Ldap.VerifyAuthorityGroup(r) {
+		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
+	}
+
 	var err1 error
 	if req.Id > 0 {
 		resOne, err := l.svcCtx.AllModels.LdapApis.FindOneById(l.ctx, req.Id)
@@ -48,6 +53,9 @@ func (l *SaveApiLogic) SaveApi(req *types.SaveApiReq, userinfo *auth.UserInfo) (
 			return resp.SetStatus(basic.CodeServiceErr)
 		}
 		var updateMap = make(map[string]interface{})
+		if req.Name != "" {
+			updateMap["name"] = req.Name
+		}
 		if req.Method != "" {
 			updateMap["method"] = req.Method
 		}
@@ -63,6 +71,7 @@ func (l *SaveApiLogic) SaveApi(req *types.SaveApiReq, userinfo *auth.UserInfo) (
 		err1 = l.svcCtx.AllModels.LdapApis.UpdateOne(l.ctx, resOne, updateMap)
 	} else {
 		err1 = l.svcCtx.AllModels.LdapApis.InsertOne(l.ctx, gmodel.LdapApis{
+			Name:     &req.Name,
 			Method:   &req.Method,
 			Path:     &req.Path,
 			Category: &req.Category,