优化上传权限处理
This commit is contained in:
不做码农
parent
1e1e494d5b
commit
b84e8b6774
@ -79,7 +79,7 @@ namespace ZR.Admin.WebApi.Controllers
|
|||||||
/// <returns></returns>
|
/// <returns></returns>
|
||||||
[HttpPost()]
|
[HttpPost()]
|
||||||
[Verify]
|
[Verify]
|
||||||
[ActionPermissionFilter(Permission = "system")]
|
[ActionPermissionFilter(Permission = "common")]
|
||||||
public IActionResult UploadFile([FromForm(Name = "file")] IFormFile formFile)
|
public IActionResult UploadFile([FromForm(Name = "file")] IFormFile formFile)
|
||||||
{
|
{
|
||||||
if (formFile == null) throw new CustomException(ResultCode.PARAM_ERROR, "上传文件不能为空");
|
if (formFile == null) throw new CustomException(ResultCode.PARAM_ERROR, "上传文件不能为空");
|
||||||
@ -114,7 +114,7 @@ namespace ZR.Admin.WebApi.Controllers
|
|||||||
/// <returns></returns>
|
/// <returns></returns>
|
||||||
[HttpPost]
|
[HttpPost]
|
||||||
[Verify]
|
[Verify]
|
||||||
[ActionPermissionFilter(Permission = "system")]
|
[ActionPermissionFilter(Permission = "common")]
|
||||||
public IActionResult UploadFileAliyun([FromForm(Name = "file")] IFormFile formFile, string fileDir = "")
|
public IActionResult UploadFileAliyun([FromForm(Name = "file")] IFormFile formFile, string fileDir = "")
|
||||||
{
|
{
|
||||||
if (formFile == null) throw new CustomException(ResultCode.PARAM_ERROR, "上传文件不能为空");
|
if (formFile == null) throw new CustomException(ResultCode.PARAM_ERROR, "上传文件不能为空");
|
||||||
|
|||||||
@ -55,12 +55,12 @@ namespace ZR.Admin.WebApi.Filters
|
|||||||
bool isDemoMode = ConfigUtils.Instance.GetAppConfig("DemoMode", false);
|
bool isDemoMode = ConfigUtils.Instance.GetAppConfig("DemoMode", false);
|
||||||
|
|
||||||
//演示公开环境屏蔽权限
|
//演示公开环境屏蔽权限
|
||||||
string[] denyPerms = new string[] { "update", "add", "remove", "add", "edit", "delete", "import", "run", "start", "stop", "clear", "send" ,"export"};
|
string[] denyPerms = new string[] { "update", "add", "remove", "add", "edit", "delete", "import", "run", "start", "stop", "clear", "send" ,"export", "upload", "common"};
|
||||||
if (isDemoMode && (denyPerms.Any(f => Permission.ToLower().Contains(f.ToLower())) || Permission.Equals("system")))
|
if (isDemoMode && denyPerms.Any(f => Permission.ToLower().Contains(f)))
|
||||||
{
|
{
|
||||||
context.Result = new JsonResult(new { code = ResultCode.FORBIDDEN, msg = "演示模式 , 不允许操作" });
|
context.Result = new JsonResult(new { code = ResultCode.FORBIDDEN, msg = "演示模式 , 不允许操作" });
|
||||||
}
|
}
|
||||||
if (!HasPermi && !Permission.Equals("system"))
|
if (!HasPermi && !Permission.Equals("common"))
|
||||||
{
|
{
|
||||||
logger.Info($"用户{info.NickName}没有权限访问{context.HttpContext.Request.Path},当前权限[{Permission}]");
|
logger.Info($"用户{info.NickName}没有权限访问{context.HttpContext.Request.Path},当前权限[{Permission}]");
|
||||||
context.Result = new JsonResult(new { code = ResultCode.FORBIDDEN, msg = "你没有权限访问" });
|
context.Result = new JsonResult(new { code = ResultCode.FORBIDDEN, msg = "你没有权限访问" });
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user