🐛 Fix decoding permission nodes from db
This commit is contained in:
parent
1e2d5e9f9d
commit
ebef35a619
@ -838,50 +838,50 @@ false Zulu
|
|||||||
<Replication>1</Replication>
|
<Replication>1</Replication>
|
||||||
<SuperRole>1</SuperRole>
|
<SuperRole>1</SuperRole>
|
||||||
</role>
|
</role>
|
||||||
<role id="8" parent="1" name="pg_checkpoint">
|
<role id="8" parent="1" name="pg_database_owner">
|
||||||
<ObjectId>4544</ObjectId>
|
|
||||||
</role>
|
|
||||||
<role id="9" parent="1" name="pg_create_subscription">
|
|
||||||
<ObjectId>6304</ObjectId>
|
|
||||||
</role>
|
|
||||||
<role id="10" parent="1" name="pg_database_owner">
|
|
||||||
<ObjectId>6171</ObjectId>
|
<ObjectId>6171</ObjectId>
|
||||||
</role>
|
</role>
|
||||||
<role id="11" parent="1" name="pg_execute_server_program">
|
<role id="9" parent="1" name="pg_read_all_data">
|
||||||
<ObjectId>4571</ObjectId>
|
<ObjectId>6181</ObjectId>
|
||||||
</role>
|
</role>
|
||||||
<role id="12" parent="1" name="pg_monitor">
|
<role id="10" parent="1" name="pg_write_all_data">
|
||||||
|
<ObjectId>6182</ObjectId>
|
||||||
|
</role>
|
||||||
|
<role id="11" parent="1" name="pg_monitor">
|
||||||
<ObjectId>3373</ObjectId>
|
<ObjectId>3373</ObjectId>
|
||||||
<RoleGrants>3374
|
<RoleGrants>3374
|
||||||
3375
|
3375
|
||||||
3377</RoleGrants>
|
3377</RoleGrants>
|
||||||
</role>
|
</role>
|
||||||
<role id="13" parent="1" name="pg_read_all_data">
|
<role id="12" parent="1" name="pg_read_all_settings">
|
||||||
<ObjectId>6181</ObjectId>
|
|
||||||
</role>
|
|
||||||
<role id="14" parent="1" name="pg_read_all_settings">
|
|
||||||
<ObjectId>3374</ObjectId>
|
<ObjectId>3374</ObjectId>
|
||||||
</role>
|
</role>
|
||||||
<role id="15" parent="1" name="pg_read_all_stats">
|
<role id="13" parent="1" name="pg_read_all_stats">
|
||||||
<ObjectId>3375</ObjectId>
|
<ObjectId>3375</ObjectId>
|
||||||
</role>
|
</role>
|
||||||
<role id="16" parent="1" name="pg_read_server_files">
|
<role id="14" parent="1" name="pg_stat_scan_tables">
|
||||||
<ObjectId>4569</ObjectId>
|
|
||||||
</role>
|
|
||||||
<role id="17" parent="1" name="pg_signal_backend">
|
|
||||||
<ObjectId>4200</ObjectId>
|
|
||||||
</role>
|
|
||||||
<role id="18" parent="1" name="pg_stat_scan_tables">
|
|
||||||
<ObjectId>3377</ObjectId>
|
<ObjectId>3377</ObjectId>
|
||||||
</role>
|
</role>
|
||||||
<role id="19" parent="1" name="pg_use_reserved_connections">
|
<role id="15" parent="1" name="pg_read_server_files">
|
||||||
|
<ObjectId>4569</ObjectId>
|
||||||
|
</role>
|
||||||
|
<role id="16" parent="1" name="pg_write_server_files">
|
||||||
|
<ObjectId>4570</ObjectId>
|
||||||
|
</role>
|
||||||
|
<role id="17" parent="1" name="pg_execute_server_program">
|
||||||
|
<ObjectId>4571</ObjectId>
|
||||||
|
</role>
|
||||||
|
<role id="18" parent="1" name="pg_signal_backend">
|
||||||
|
<ObjectId>4200</ObjectId>
|
||||||
|
</role>
|
||||||
|
<role id="19" parent="1" name="pg_checkpoint">
|
||||||
|
<ObjectId>4544</ObjectId>
|
||||||
|
</role>
|
||||||
|
<role id="20" parent="1" name="pg_use_reserved_connections">
|
||||||
<ObjectId>4550</ObjectId>
|
<ObjectId>4550</ObjectId>
|
||||||
</role>
|
</role>
|
||||||
<role id="20" parent="1" name="pg_write_all_data">
|
<role id="21" parent="1" name="pg_create_subscription">
|
||||||
<ObjectId>6182</ObjectId>
|
<ObjectId>6304</ObjectId>
|
||||||
</role>
|
|
||||||
<role id="21" parent="1" name="pg_write_server_files">
|
|
||||||
<ObjectId>4570</ObjectId>
|
|
||||||
</role>
|
</role>
|
||||||
<role id="22" parent="1" name="postgres">
|
<role id="22" parent="1" name="postgres">
|
||||||
<CanLogin>1</CanLogin>
|
<CanLogin>1</CanLogin>
|
||||||
|
|||||||
@ -4,13 +4,10 @@
|
|||||||
<option name="autoReloadType" value="ALL" />
|
<option name="autoReloadType" value="ALL" />
|
||||||
</component>
|
</component>
|
||||||
<component name="ChangeListManager">
|
<component name="ChangeListManager">
|
||||||
<list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":sparkles: Bug fixes of permission check">
|
<list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":sparkles: Check permissions GRPC method">
|
||||||
|
<change beforePath="$PROJECT_DIR$/.idea/dataSources/74bcf3ef-a2b9-435b-b9e5-f32902a33b25.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/dataSources/74bcf3ef-a2b9-435b-b9e5-f32902a33b25.xml" afterDir="false" />
|
||||||
<change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
|
<change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
|
||||||
<change beforePath="$PROJECT_DIR$/pkg/grpc/auth.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/grpc/auth.go" afterDir="false" />
|
<change beforePath="$PROJECT_DIR$/pkg/grpc/auth.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/grpc/auth.go" afterDir="false" />
|
||||||
<change beforePath="$PROJECT_DIR$/pkg/grpc/proto/auth.pb.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/grpc/proto/auth.pb.go" afterDir="false" />
|
|
||||||
<change beforePath="$PROJECT_DIR$/pkg/grpc/proto/auth.proto" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/grpc/proto/auth.proto" afterDir="false" />
|
|
||||||
<change beforePath="$PROJECT_DIR$/pkg/grpc/proto/auth_grpc.pb.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/grpc/proto/auth_grpc.pb.go" afterDir="false" />
|
|
||||||
<change beforePath="$PROJECT_DIR$/pkg/server/auth_middleware.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/server/auth_middleware.go" afterDir="false" />
|
|
||||||
<change beforePath="$PROJECT_DIR$/pkg/services/auth.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/services/auth.go" afterDir="false" />
|
<change beforePath="$PROJECT_DIR$/pkg/services/auth.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/services/auth.go" afterDir="false" />
|
||||||
</list>
|
</list>
|
||||||
<option name="SHOW_DIALOG" value="false" />
|
<option name="SHOW_DIALOG" value="false" />
|
||||||
@ -49,7 +46,7 @@
|
|||||||
<component name="PropertiesComponent"><![CDATA[{
|
<component name="PropertiesComponent"><![CDATA[{
|
||||||
"keyToString": {
|
"keyToString": {
|
||||||
"DefaultGoTemplateProperty": "Go File",
|
"DefaultGoTemplateProperty": "Go File",
|
||||||
"Go 构建.Backend.executor": "Run",
|
"Go 构建.Backend.executor": "Debug",
|
||||||
"RunOnceActivity.ShowReadmeOnStart": "true",
|
"RunOnceActivity.ShowReadmeOnStart": "true",
|
||||||
"RunOnceActivity.go.formatter.settings.were.checked": "true",
|
"RunOnceActivity.go.formatter.settings.were.checked": "true",
|
||||||
"RunOnceActivity.go.migrated.go.modules.settings": "true",
|
"RunOnceActivity.go.migrated.go.modules.settings": "true",
|
||||||
@ -144,7 +141,6 @@
|
|||||||
</option>
|
</option>
|
||||||
</component>
|
</component>
|
||||||
<component name="VcsManagerConfiguration">
|
<component name="VcsManagerConfiguration">
|
||||||
<MESSAGE value=":truck: Update well known" />
|
|
||||||
<MESSAGE value=":sparkles: Others userinfo" />
|
<MESSAGE value=":sparkles: Others userinfo" />
|
||||||
<MESSAGE value=":lipstick: Fix ui design" />
|
<MESSAGE value=":lipstick: Fix ui design" />
|
||||||
<MESSAGE value=":bug: Bug fixes of design" />
|
<MESSAGE value=":bug: Bug fixes of design" />
|
||||||
@ -169,7 +165,8 @@
|
|||||||
<MESSAGE value=":sparkles: Permission check" />
|
<MESSAGE value=":sparkles: Permission check" />
|
||||||
<MESSAGE value=":zap: In memory auth context cache" />
|
<MESSAGE value=":zap: In memory auth context cache" />
|
||||||
<MESSAGE value=":sparkles: Bug fixes of permission check" />
|
<MESSAGE value=":sparkles: Bug fixes of permission check" />
|
||||||
<option name="LAST_COMMIT_MESSAGE" value=":sparkles: Bug fixes of permission check" />
|
<MESSAGE value=":sparkles: Check permissions GRPC method" />
|
||||||
|
<option name="LAST_COMMIT_MESSAGE" value=":sparkles: Check permissions GRPC method" />
|
||||||
</component>
|
</component>
|
||||||
<component name="VgoProject">
|
<component name="VgoProject">
|
||||||
<settings-migrated>true</settings-migrated>
|
<settings-migrated>true</settings-migrated>
|
||||||
|
|||||||
@ -48,9 +48,13 @@ func (v *Server) CheckPerm(_ context.Context, in *proto.CheckPermRequest) (*prot
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var heldPerms map[string]any
|
||||||
|
rawHeldPerms, _ := jsoniter.Marshal(ctx.Account.PermNodes)
|
||||||
|
_ = jsoniter.Unmarshal(rawHeldPerms, &heldPerms)
|
||||||
|
|
||||||
var value any
|
var value any
|
||||||
_ = jsoniter.Unmarshal(in.GetValue(), &value)
|
_ = jsoniter.Unmarshal(in.GetValue(), &value)
|
||||||
perms := services.FilterPermNodes(ctx.Account.PermNodes, ctx.Ticket.Claims)
|
perms := services.FilterPermNodes(heldPerms, ctx.Ticket.Claims)
|
||||||
valid := services.HasPermNode(perms, in.GetKey(), value)
|
valid := services.HasPermNode(perms, in.GetKey(), value)
|
||||||
|
|
||||||
return &proto.CheckPermReply{
|
return &proto.CheckPermReply{
|
||||||
|
|||||||
@ -2,6 +2,7 @@ package services
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
|
jsoniter "github.com/json-iterator/go"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"git.solsynth.dev/hydrogen/passport/pkg/models"
|
"git.solsynth.dev/hydrogen/passport/pkg/models"
|
||||||
@ -30,7 +31,11 @@ func Authenticate(access, refresh string, depth int) (ctx models.AuthContext, pe
|
|||||||
newRefresh = refresh
|
newRefresh = refresh
|
||||||
|
|
||||||
if ctx, err = GetAuthContext(claims.ID); err == nil {
|
if ctx, err = GetAuthContext(claims.ID); err == nil {
|
||||||
perms = FilterPermNodes(ctx.Account.PermNodes, ctx.Ticket.Claims)
|
var heldPerms map[string]any
|
||||||
|
rawHeldPerms, _ := jsoniter.Marshal(ctx.Account.PermNodes)
|
||||||
|
_ = jsoniter.Unmarshal(rawHeldPerms, &heldPerms)
|
||||||
|
|
||||||
|
perms = FilterPermNodes(heldPerms, ctx.Ticket.Claims)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user