v0.3.3: peimission control for kkFileView

6 months ago · 2759f41725
1 changed files with 11 additions and 1 deletions
--- a/code/rest/share_controller.go
+++ b/code/rest/share_controller.go
@ -359,7 +359,7 @@ func (this *ShareController) Browse(writer http.ResponseWriter, request *http.Re

 	share := this.shareService.CheckShare(request, shareUuid, code, user)
 	//by han: add permitList verification feature
-	if user.Uuid != share.UserUuid && share.PermitList != "" && !strings.Contains(share.PermitList, user.Uuid) {
+	if user.Uuid == "" || (user.Uuid != share.UserUuid && share.PermitList != "" && !strings.Contains(share.PermitList, user.Uuid)) {
 		panic(result.UNAUTHORIZED)
 	}

@ -440,6 +440,16 @@ func (this *ShareController) Zip(writer http.ResponseWriter, request *http.Reque
 		//download all things.
 		share := this.shareService.CheckShare(request, shareUuid, code, user)

+		//预览服务特别处理: 由于预览服务没有用户信息,但是文件访问又必须验证权限,
+		//id是用base64处理过的，所以这里要用base64解码
+		if user.Uuid == "" {
+			user.Uuid = request.FormValue("uid")
+			data, err := base64.StdEncoding.DecodeString(user.Uuid)
+			if err == nil {
+				user.Uuid = string(data)
+			}
+		}
+
 		//by han: add verification for downloadAPI
 		if user.Uuid != share.UserUuid && share.PermitList != "" && !strings.Contains(share.PermitList, user.Uuid) {
 			panic(result.UNAUTHORIZED)