🐛 Fix decoding permission nodes from db
This commit is contained in:
parent
1e2d5e9f9d
commit
ebef35a619
|
|
@ -838,50 +838,50 @@ false Zulu
|
|||
<Replication>1</Replication>
|
||||
<SuperRole>1</SuperRole>
|
||||
</role>
|
||||
<role id="8" parent="1" name="pg_checkpoint">
|
||||
<ObjectId>4544</ObjectId>
|
||||
</role>
|
||||
<role id="9" parent="1" name="pg_create_subscription">
|
||||
<ObjectId>6304</ObjectId>
|
||||
</role>
|
||||
<role id="10" parent="1" name="pg_database_owner">
|
||||
<role id="8" parent="1" name="pg_database_owner">
|
||||
<ObjectId>6171</ObjectId>
|
||||
</role>
|
||||
<role id="11" parent="1" name="pg_execute_server_program">
|
||||
<ObjectId>4571</ObjectId>
|
||||
<role id="9" parent="1" name="pg_read_all_data">
|
||||
<ObjectId>6181</ObjectId>
|
||||
</role>
|
||||
<role id="12" parent="1" name="pg_monitor">
|
||||
<role id="10" parent="1" name="pg_write_all_data">
|
||||
<ObjectId>6182</ObjectId>
|
||||
</role>
|
||||
<role id="11" parent="1" name="pg_monitor">
|
||||
<ObjectId>3373</ObjectId>
|
||||
<RoleGrants>3374
|
||||
3375
|
||||
3377</RoleGrants>
|
||||
</role>
|
||||
<role id="13" parent="1" name="pg_read_all_data">
|
||||
<ObjectId>6181</ObjectId>
|
||||
</role>
|
||||
<role id="14" parent="1" name="pg_read_all_settings">
|
||||
<role id="12" parent="1" name="pg_read_all_settings">
|
||||
<ObjectId>3374</ObjectId>
|
||||
</role>
|
||||
<role id="15" parent="1" name="pg_read_all_stats">
|
||||
<role id="13" parent="1" name="pg_read_all_stats">
|
||||
<ObjectId>3375</ObjectId>
|
||||
</role>
|
||||
<role id="16" parent="1" name="pg_read_server_files">
|
||||
<ObjectId>4569</ObjectId>
|
||||
</role>
|
||||
<role id="17" parent="1" name="pg_signal_backend">
|
||||
<ObjectId>4200</ObjectId>
|
||||
</role>
|
||||
<role id="18" parent="1" name="pg_stat_scan_tables">
|
||||
<role id="14" parent="1" name="pg_stat_scan_tables">
|
||||
<ObjectId>3377</ObjectId>
|
||||
</role>
|
||||
<role id="19" parent="1" name="pg_use_reserved_connections">
|
||||
<role id="15" parent="1" name="pg_read_server_files">
|
||||
<ObjectId>4569</ObjectId>
|
||||
</role>
|
||||
<role id="16" parent="1" name="pg_write_server_files">
|
||||
<ObjectId>4570</ObjectId>
|
||||
</role>
|
||||
<role id="17" parent="1" name="pg_execute_server_program">
|
||||
<ObjectId>4571</ObjectId>
|
||||
</role>
|
||||
<role id="18" parent="1" name="pg_signal_backend">
|
||||
<ObjectId>4200</ObjectId>
|
||||
</role>
|
||||
<role id="19" parent="1" name="pg_checkpoint">
|
||||
<ObjectId>4544</ObjectId>
|
||||
</role>
|
||||
<role id="20" parent="1" name="pg_use_reserved_connections">
|
||||
<ObjectId>4550</ObjectId>
|
||||
</role>
|
||||
<role id="20" parent="1" name="pg_write_all_data">
|
||||
<ObjectId>6182</ObjectId>
|
||||
</role>
|
||||
<role id="21" parent="1" name="pg_write_server_files">
|
||||
<ObjectId>4570</ObjectId>
|
||||
<role id="21" parent="1" name="pg_create_subscription">
|
||||
<ObjectId>6304</ObjectId>
|
||||
</role>
|
||||
<role id="22" parent="1" name="postgres">
|
||||
<CanLogin>1</CanLogin>
|
||||
|
|
|
|||
|
|
@ -4,13 +4,10 @@
|
|||
<option name="autoReloadType" value="ALL" />
|
||||
</component>
|
||||
<component name="ChangeListManager">
|
||||
<list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":sparkles: Bug fixes of permission check">
|
||||
<list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":sparkles: Check permissions GRPC method">
|
||||
<change beforePath="$PROJECT_DIR$/.idea/dataSources/74bcf3ef-a2b9-435b-b9e5-f32902a33b25.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/dataSources/74bcf3ef-a2b9-435b-b9e5-f32902a33b25.xml" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/pkg/grpc/auth.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/grpc/auth.go" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/pkg/grpc/proto/auth.pb.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/grpc/proto/auth.pb.go" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/pkg/grpc/proto/auth.proto" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/grpc/proto/auth.proto" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/pkg/grpc/proto/auth_grpc.pb.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/grpc/proto/auth_grpc.pb.go" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/pkg/server/auth_middleware.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/server/auth_middleware.go" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/pkg/services/auth.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/services/auth.go" afterDir="false" />
|
||||
</list>
|
||||
<option name="SHOW_DIALOG" value="false" />
|
||||
|
|
@ -49,7 +46,7 @@
|
|||
<component name="PropertiesComponent"><![CDATA[{
|
||||
"keyToString": {
|
||||
"DefaultGoTemplateProperty": "Go File",
|
||||
"Go 构建.Backend.executor": "Run",
|
||||
"Go 构建.Backend.executor": "Debug",
|
||||
"RunOnceActivity.ShowReadmeOnStart": "true",
|
||||
"RunOnceActivity.go.formatter.settings.were.checked": "true",
|
||||
"RunOnceActivity.go.migrated.go.modules.settings": "true",
|
||||
|
|
@ -144,7 +141,6 @@
|
|||
</option>
|
||||
</component>
|
||||
<component name="VcsManagerConfiguration">
|
||||
<MESSAGE value=":truck: Update well known" />
|
||||
<MESSAGE value=":sparkles: Others userinfo" />
|
||||
<MESSAGE value=":lipstick: Fix ui design" />
|
||||
<MESSAGE value=":bug: Bug fixes of design" />
|
||||
|
|
@ -169,7 +165,8 @@
|
|||
<MESSAGE value=":sparkles: Permission check" />
|
||||
<MESSAGE value=":zap: In memory auth context cache" />
|
||||
<MESSAGE value=":sparkles: Bug fixes of permission check" />
|
||||
<option name="LAST_COMMIT_MESSAGE" value=":sparkles: Bug fixes of permission check" />
|
||||
<MESSAGE value=":sparkles: Check permissions GRPC method" />
|
||||
<option name="LAST_COMMIT_MESSAGE" value=":sparkles: Check permissions GRPC method" />
|
||||
</component>
|
||||
<component name="VgoProject">
|
||||
<settings-migrated>true</settings-migrated>
|
||||
|
|
|
|||
|
|
@ -48,9 +48,13 @@ func (v *Server) CheckPerm(_ context.Context, in *proto.CheckPermRequest) (*prot
|
|||
return nil, err
|
||||
}
|
||||
|
||||
var heldPerms map[string]any
|
||||
rawHeldPerms, _ := jsoniter.Marshal(ctx.Account.PermNodes)
|
||||
_ = jsoniter.Unmarshal(rawHeldPerms, &heldPerms)
|
||||
|
||||
var value any
|
||||
_ = jsoniter.Unmarshal(in.GetValue(), &value)
|
||||
perms := services.FilterPermNodes(ctx.Account.PermNodes, ctx.Ticket.Claims)
|
||||
perms := services.FilterPermNodes(heldPerms, ctx.Ticket.Claims)
|
||||
valid := services.HasPermNode(perms, in.GetKey(), value)
|
||||
|
||||
return &proto.CheckPermReply{
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ package services
|
|||
|
||||
import (
|
||||
"fmt"
|
||||
jsoniter "github.com/json-iterator/go"
|
||||
"time"
|
||||
|
||||
"git.solsynth.dev/hydrogen/passport/pkg/models"
|
||||
|
|
@ -30,7 +31,11 @@ func Authenticate(access, refresh string, depth int) (ctx models.AuthContext, pe
|
|||
newRefresh = refresh
|
||||
|
||||
if ctx, err = GetAuthContext(claims.ID); err == nil {
|
||||
perms = FilterPermNodes(ctx.Account.PermNodes, ctx.Ticket.Claims)
|
||||
var heldPerms map[string]any
|
||||
rawHeldPerms, _ := jsoniter.Marshal(ctx.Account.PermNodes)
|
||||
_ = jsoniter.Unmarshal(rawHeldPerms, &heldPerms)
|
||||
|
||||
perms = FilterPermNodes(heldPerms, ctx.Ticket.Claims)
|
||||
return
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user