For the logged-in user, for the document that has been set with permissions, the user name will be compared according to the permissions database. When it is related to the user, the corresponding permissions will be displayed.
For users who are not logged in, documents that have already set permissions will display access denied;
For logged-in and logged-in users, documents without permission settings are displayed as Allow All.
If uploaded by the user, all are allowed.
In the figure below, the arrows for logged-in users and non-logged-in users are reversed.
Permissions are performed with casbin.
//The json data in the table provided to the list page
func (c *OnlyController) GetData() {
//1. Get the client user name
var uname, useridstring string
v := c.GetSession("uname")
if v != nil {
uname = v.(string)
user, err := models.GetUserByUsername(uname)
if err != nil {
beego.Error(err)
}
c.Data["Uid"] = user.Id
useridstring = strconv.FormatInt(user.Id, 10)
}
var myRes [][]string
if useridstring != "" {
myRes = e.GetPermissionsForUser(useridstring)
}
myResall := e.GetPermissionsForUser("") //Remove all data with permissions set
var err error
docs, err := models.GetDocs()
if err != nil {
beego.Error(err)
}
link := make([]OnlyLink, 0)
Docxslice := make([]DocxLink, 0)
for _, w := range docs {
Attachments, err := models.GetOnlyAttachments(w.Id)
if err != nil {
beego.Error(err)
}
linkarr := make([]OnlyLink, 1)
linkarr[0].Id = w.Id
linkarr[0].Code = w.Code
linkarr[0].Title = w.Title
linkarr[0].Label = w.Label
linkarr[0].End = w.End
linkarr[0].Principal = w.Principal
linkarr[0].Uid = w.Uid
linkarr[0].Created = w.Created
linkarr[0].Updated = w.Updated
for _, v := range Attachments {
docxarr := make([]DocxLink, 1)
docxarr[0].Permission = "1"
//Check whether v.Id is the same as the id behind the V1 path of myres, if it is the same, get V2 (permission)
//Query the permissions the user has
if useridstring != "" { //If it is a logged in user, the document with permissions set cannot be viewed
for _, k := range myResall {
if strconv.FormatInt(v.Id, 10) == path.Base(k[1]) {
docxarr[0].Permission = "4"
}
}
for _, k := range myRes {
if strconv.FormatInt(v.Id, 10) == path.Base(k[1]) {
docxarr[0].Permission = k[2]
}
}
} else { //If the user is not logged in, the document with the permission set cannot be viewed
for i, k := range myResall { //All those with permissions set cannot be viewed
if strconv.FormatInt(v.Id, 10) == path.Base(k[1]) {
docxarr[0].Permission = "4"
}
}
}
docxarr[0].Id = v.Id
docxarr[0].Title = v.FileName
if path.Ext(v.FileName) == ".docx" || path.Ext(v.FileName) == ".DOCX" || path.Ext(v.FileName) == ".doc" || path.Ext(v.FileName) == ".DOC" {
docxarr[0].Suffix = "docx"
} else if path.Ext(v.FileName) == ".XLSX" || path.Ext(v.FileName) == ".xlsx" || path.Ext(v.FileName) == ".XLS" || path.Ext(v.FileName) == ".xls" {
docxarr[0].Suffix = "xlsx"
} else if path.Ext(v.FileName) == ".pptx" || path.Ext(v.FileName) == ".PPTX" || path.Ext(v.FileName) == ".ppt" || path.Ext(v.FileName) == ".PPT" {
docxarr[0].Suffix = "pptx"
} else if path.Ext(v.FileName) == ".pdf" || path.Ext(v.FileName) == ".PDF" {
docxarr[0].Suffix = "pdf"
} else if path.Ext(v.FileName) == ".txt" || path.Ext(v.FileName) == ".TXT" {
docxarr[0].Suffix = "txt"
}
Docxslice = append(Docxslice, docxarr...)
}
linkarr [0] .Docxlink = Docxslice
Docxslice = make([]DocxLink, 0) //Set the slice to 0 again
link = append(link, linkarr...)
}
c.Data["json"] = link //products
c.ServeJSON ()
}