权限问题 #1

hildxd · 2023-01-11T08:29:05Z

当user.roles为空数组的时候我给Ptl 增加auths: { roles: ["1"] } 不会触发校验是正常的吗

The text was updated successfully, but these errors were encountered:

hildxd · 2023-01-11T08:40:05Z

如果用户的roles为空就算协议文件定义了roles也能让用户请求成功
改成这样会不会好一点

        const userRoles = node.userRoles ?? [];
        if (type === "SOME") {
          const hasRole = roles.some((role) => userRoles.includes(role));
          if (!hasRole) {
            await node.error(
              new TsrpcError({
                message: "您没有权限操作。",
                code: "NOT_PERMISSION",
                type: TsrpcErrorType.ApiError,
              })
            );
          }
        } else if (type === "EVERY") {
          const mustRole = roles.every((role) => userRoles.includes(role));
          if (!mustRole) {
            await node.error(
              new TsrpcError({
                message: "您没有权限执行此操作。",
                code: "NOT_PERMISSION",
                type: TsrpcErrorType.ApiError,
              })
            );
          }
        }

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

权限问题 #1

权限问题 #1

hildxd commented Jan 11, 2023

hildxd commented Jan 11, 2023

权限问题 #1

权限问题 #1

Comments

hildxd commented Jan 11, 2023

hildxd commented Jan 11, 2023