首次完整推送，

V：1.20240808.006
2024-08-13 18:32:37 +08:00
parent 15be3e9373
commit c62d15b288
939 changed files with 111777 additions and 0 deletions
--- a/uni_modules/uni-id-pages/uniCloud/cloudfunctions/uni-id-co/middleware/access-control.js
+++ b/uni_modules/uni-id-pages/uniCloud/cloudfunctions/uni-id-co/middleware/access-control.js
@ -0,0 +1,59 @@
+const methodPermission = require('../config/permission')
+const {
+  ERROR
+} = require('../common/error')
+
+function isAccessAllowed (user, setting) {
+  const {
+    role: userRole = [],
+    permission: userPermission = []
+  } = user
+  const {
+    role: settingRole = [],
+    permission: settingPermission = []
+  } = setting
+  if (userRole.includes('admin')) {
+    return
+  }
+  if (
+    settingRole.length > 0 &&
+    settingRole.every(item => !userRole.includes(item))
+  ) {
+    throw {
+      errCode: ERROR.PERMISSION_ERROR
+    }
+  }
+  if (
+    settingPermission.length > 0 &&
+    settingPermission.every(item => !userPermission.includes(item))
+  ) {
+    throw {
+      errCode: ERROR.PERMISSION_ERROR
+    }
+  }
+}
+
+module.exports = async function () {
+  const methodName = this.getMethodName()
+  if (!(methodName in methodPermission)) {
+    return
+  }
+  const {
+    auth,
+    role,
+    permission
+  } = methodPermission[methodName]
+  if (auth || role || permission) {
+    await this.middleware.auth()
+  }
+  if (role && role.length === 0) {
+    throw new Error('[AccessControl]Empty role array is not supported')
+  }
+  if (permission && permission.length === 0) {
+    throw new Error('[AccessControl]Empty permission array is not supported')
+  }
+  return isAccessAllowed(this.authInfo, {
+    role,
+    permission
+  })
+}