diff --git a/gocron-node.go b/gocron-node.go
index c751f0d..c53c9f0 100644
--- a/gocron-node.go
+++ b/gocron-node.go
@@ -14,7 +14,7 @@ import (
"strings"
)
-const AppVersion = "1.2.2"
+const AppVersion = "1.3"
func main() {
var serverAddr string
diff --git a/routers/routers.go b/routers/routers.go
index a27eff9..3bfa014 100644
--- a/routers/routers.go
+++ b/routers/routers.go
@@ -171,6 +171,7 @@ func RegisterMiddleware(m *macaron.Macaron) {
if app.Installed {
ipAuth(ctx)
userAuth(ctx, sess)
+ urlAuth(ctx, sess)
setShareData(ctx, sess)
}
})
@@ -224,6 +225,33 @@ func userAuth(ctx *macaron.Context, sess session.Store) {
}
}
+// URL权限验证
+func urlAuth(ctx *macaron.Context, sess session.Store) {
+ if user.IsAdmin(sess) {
+ return
+ }
+ // 普通用户允许访问的URL地址
+ allowPaths := []string{
+ "",
+ "/task",
+ "/task/log",
+ "/host",
+ "/user/login",
+ "/user/logout",
+ "/user/editMyPassword",
+ }
+ uri := strings.TrimSpace(ctx.Req.URL.Path)
+ uri = strings.TrimRight(uri, "/")
+ for _, path := range allowPaths {
+ if path == uri {
+ return
+ }
+ }
+
+ ctx.Status(403)
+
+}
+
/** 设置共享数据 **/
func setShareData(ctx *macaron.Context, sess session.Store) {
ctx.Data["URI"] = ctx.Req.URL.Path
@@ -239,6 +267,7 @@ func setShareData(ctx *macaron.Context, sess session.Store) {
}
ctx.Data["LoginUsername"] = user.Username(sess)
ctx.Data["LoginUid"] = user.Uid(sess)
+ ctx.Data["IsAdmin"] = user.IsAdmin(sess)
ctx.Data["AppName"] = app.Setting.AppName
}
diff --git a/templates/common/header.html b/templates/common/header.html
index d82f842..af6e849 100644
--- a/templates/common/header.html
+++ b/templates/common/header.html
@@ -62,9 +62,9 @@
diff --git a/templates/host/index.html b/templates/host/index.html
index 6505ac7..5056f77 100644
--- a/templates/host/index.html
+++ b/templates/host/index.html
@@ -4,7 +4,8 @@
{{{ template "host/menu" . }}}
-