From 1fd5e7b9aa5dcff5276891f6eb2bbcb088d5f8f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BE=90=E6=B6=9B?= Date: Mon, 5 Jun 2023 21:53:57 +0800 Subject: [PATCH] =?UTF-8?q?enhance(park):=E5=B0=86=E5=88=A4=E6=96=AD?= =?UTF-8?q?=E5=9B=AD=E5=8C=BA=E5=BD=92=E5=B1=9E=E5=87=BD=E6=95=B0=E6=8F=90?= =?UTF-8?q?=E5=8D=87=E5=88=B0=E6=8E=A7=E5=88=B6=E5=99=A8=E5=85=A8=E5=B1=80?= =?UTF-8?q?=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- controller/park.go | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/controller/park.go b/controller/park.go index e959cd2..1c70ff6 100644 --- a/controller/park.go +++ b/controller/park.go @@ -2,6 +2,7 @@ package controller import ( "electricity_bill_calc/logger" + "electricity_bill_calc/model" "electricity_bill_calc/repository" "electricity_bill_calc/response" "electricity_bill_calc/security" @@ -29,6 +30,24 @@ func InitializeParkHandlers(router *fiber.App) { router.Put("/park/:pid/building/:bid/enabled", security.EnterpriseAuthorize, modifyParkBuildingEnabling) } +// 检查当前用户是否拥有指定园区,在判断完成之后直接产生响应 +func checkParkBelongs(logger *zap.Logger, parkId string, session *model.Session, result *response.Result) (bool, error) { + if session == nil { + logger.Error("用户会话无效。") + return false, result.Unauthorized("用户会话无效。") + } + ok, err := repository.ParkRepository.IsParkBelongs(parkId, session.Uid) + switch { + case err != nil: + logger.Error("无法判断园区是否隶属于当前用户。", zap.String("park id", parkId), zap.String("user id", session.Uid), zap.Error(err)) + return false, result.Error(http.StatusInternalServerError, err.Error()) + case err == nil && !ok: + logger.Error("用户试图访问不属于自己的园区。", zap.String("park id", parkId), zap.String("user id", session.Uid)) + return false, result.Forbidden("您无权访问该园区。") + } + return true, nil +} + // 列出隶属于当前用户的全部园区 func listParksBelongsToCurrentUser(c *fiber.Ctx) error { result := response.NewResult(c)