mirror/ezbookkeeping
1
0
Fork 0
mirror of https://github.com/mayswind/ezbookkeeping.git synced 2026-05-19 09:14:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

support user features restrictions

Browse Source
This commit is contained in:
MaysWind
2024-11-10 01:44:58 +08:00
parent b8253b6dcc
commit 1f159bf826
11 changed files with 289 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/api/tokens.go
+34
View File
@@ -135,6 +135,22 @@ func (a *TokensApi) TokenRevokeHandler(c *core.WebContext) (any, *errs.Error) {
return nil, errs.ErrInvalidTokenId
}
if utils.Int64ToString(tokenRecord.UserTokenId) != c.GetTokenClaims().UserTokenId || tokenRecord.CreatedUnixTime != c.GetTokenClaims().IssuedAt {
user, err := a.users.GetUserById(c, uid)
if err != nil {
if !errs.IsCustomError(err) {
log.Errorf(c, "[token.TokenRevokeHandler] failed to get user, because %s", err.Error())
}
return nil, errs.ErrUserNotFound
}
if user.FeatureRestriction.Contains(models.USER_FEATURE_RESTRICTION_TYPE_REVOKE_OTHER_SESSION) {
return nil, errs.ErrNotPermittedToPerformThisAction
}
}
err = a.tokens.DeleteToken(c, tokenRecord)
if err != nil {
@@ -170,6 +186,24 @@ func (a *TokensApi) TokenRevokeAllHandler(c *core.WebContext) (any, *errs.Error)
tokens = append(tokens[:currentTokenIndex], tokens[currentTokenIndex+1:]...)
if len(tokens) < 1 {
return nil, errs.ErrTokenRecordNotFound
}
user, err := a.users.GetUserById(c, uid)
if err != nil {
if !errs.IsCustomError(err) {
log.Errorf(c, "[token.TokenRevokeAllHandler] failed to get user, because %s", err.Error())
}
return nil, errs.ErrUserNotFound
}
if user.FeatureRestriction.Contains(models.USER_FEATURE_RESTRICTION_TYPE_REVOKE_OTHER_SESSION) {
return nil, errs.ErrNotPermittedToPerformThisAction
}
err = a.tokens.DeleteTokens(c, uid, tokens)
if err != nil {