优化上传权限处理

2021-12-12 16:39:33 +08:00 · 2021-12-12 16:39:33 +08:00 · b84e8b6774
commit b84e8b6774
parent 1e1e494d5b
2 changed files with 5 additions and 5 deletions
--- a/ZR.Admin.WebApi/Controllers/CommonController.cs
+++ b/ZR.Admin.WebApi/Controllers/CommonController.cs
@ -79,7 +79,7 @@ namespace ZR.Admin.WebApi.Controllers
        /// <returns></returns>
        [HttpPost()]
        [Verify]
-        [ActionPermissionFilter(Permission = "system")]
+        [ActionPermissionFilter(Permission = "common")]
        public IActionResult UploadFile([FromForm(Name = "file")] IFormFile formFile)
        {
            if (formFile == null) throw new CustomException(ResultCode.PARAM_ERROR, "上传文件不能为空");
@ -114,7 +114,7 @@ namespace ZR.Admin.WebApi.Controllers
        /// <returns></returns>
        [HttpPost]
        [Verify]
-        [ActionPermissionFilter(Permission = "system")]
+        [ActionPermissionFilter(Permission = "common")]
        public IActionResult UploadFileAliyun([FromForm(Name = "file")] IFormFile formFile, string fileDir = "")
        {
            if (formFile == null) throw new CustomException(ResultCode.PARAM_ERROR, "上传文件不能为空");
--- a/ZR.Admin.WebApi/Filters/ActionPermissionFilter.cs
+++ b/ZR.Admin.WebApi/Filters/ActionPermissionFilter.cs
@ -55,12 +55,12 @@ namespace ZR.Admin.WebApi.Filters
                bool isDemoMode = ConfigUtils.Instance.GetAppConfig("DemoMode", false);

                //演示公开环境屏蔽权限
-                string[] denyPerms = new string[] { "update", "add", "remove", "add", "edit", "delete", "import", "run", "start", "stop", "clear", "send" ,"export"};
-                if (isDemoMode && (denyPerms.Any(f => Permission.ToLower().Contains(f.ToLower())) || Permission.Equals("system")))
+                string[] denyPerms = new string[] { "update", "add", "remove", "add", "edit", "delete", "import", "run", "start", "stop", "clear", "send" ,"export", "upload", "common"};
+                if (isDemoMode && denyPerms.Any(f => Permission.ToLower().Contains(f)))
                {
                    context.Result = new JsonResult(new { code = ResultCode.FORBIDDEN, msg = "演示模式 , 不允许操作" });
                }
-                if (!HasPermi && !Permission.Equals("system"))
+                if (!HasPermi && !Permission.Equals("common"))
                {
                    logger.Info($"用户{info.NickName}没有权限访问{context.HttpContext.Request.Path}，当前权限[{Permission}]");
                    context.Result = new JsonResult(new { code = ResultCode.FORBIDDEN, msg = "你没有权限访问" });