boenadmin/BastionSSO
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(api): 修复权限可见性与资源访问授权判定

Browse Source
This commit is contained in:
Boen_Shi 2026-05-06 18:26:00 +08:00
parent ce907ee7c4
commit fa966ab489
3 changed files with 3 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Http/Controllers/Api/PermissionController.php
View File

@ -17,7 +17,7 @@ class PermissionController extends Controller
public function __construct() public function __construct()
{ {
$this->middleware('auth:api'); $this->middleware('auth:api');
$this->middleware('permission:platform.permissions.view,api')->only(['index', 'show']); $this->middleware('permission:platform.permissions.view|platform.roles.manage|platform.users.manage,api')->only(['index', 'show']);
$this->middleware('permission:platform.permissions.manage,api')->only(['store', 'update', 'destroy', 'syncRolePermissions']); $this->middleware('permission:platform.permissions.manage,api')->only(['store', 'update', 'destroy', 'syncRolePermissions']);
} }

9
app/Http/Controllers/Api/ServerResourceController.php
View File

@ -72,13 +72,6 @@ class ServerResourceController extends Controller
private function resolveResourceIdsFromPermissions(User $user): Collection private function resolveResourceIdsFromPermissions(User $user): Collection
{ {
$allPermissions = $user->getAllPermissions(); $allPermissions = $user->getAllPermissions();
if ($allPermissions->contains(fn (Permission $permission): bool => $permission->name === 'resource.servers.use')) {
return ServerResource::query()
->whereNotNull('parent_id')
->pluck('id')
->values();
}
$resourceIds = collect(); $resourceIds = collect();
foreach ($allPermissions as $permission) { foreach ($allPermissions as $permission) {
$permissionName = (string) $permission->name; $permissionName = (string) $permission->name;
@ -682,7 +675,7 @@ class ServerResourceController extends Controller
private function canUseResource(User $user, ServerResource $resource, string $protocol): bool private function canUseResource(User $user, ServerResource $resource, string $protocol): bool
{ {
if ($user->can('platform.servers.view') || $user->can('resource.servers.use')) { if ($user->can('platform.servers.view')) {
return true; return true;
} }

2
app/Http/Controllers/Api/UserController.php
View File

@ -544,7 +544,7 @@ class UserController extends Controller
$managedResourceIds = Permission::query() $managedResourceIds = Permission::query()
->where('guard_name', 'api') ->where('guard_name', 'api')
->where('name', 'like', 'resource.servers.use.%') ->where('name', 'like', 'resource.servers.use.%')
->where('description', 'like', '服务器资源访问权限(资源ID:%') ->where('description', 'like', '服务器资源访问权限(%资源ID:%')
->pluck('description') ->pluck('description')
->map(fn (string $description): ?int => $this->resourceIdFromPermissionDescription($description)) ->map(fn (string $description): ?int => $this->resourceIdFromPermissionDescription($description))
->filter(fn (?int $resourceId): bool => $resourceId !== null) ->filter(fn (?int $resourceId): bool => $resourceId !== null)