|
@@ -30,6 +30,11 @@ func syscfg_account(resp http.ResponseWriter, req *http.Request) {
|
|
|
if !ok {
|
|
|
return
|
|
|
}
|
|
|
+ if !sess.Account.IsSuper {
|
|
|
+ resp.Header().Set("Location", "/index/forbidden")
|
|
|
+ resp.WriteHeader(302)
|
|
|
+ return
|
|
|
+ }
|
|
|
//视图输出
|
|
|
files := []string{
|
|
|
filepath.Join(Cfg.TmplDir, "syscfg", "account.tmpl"),
|
|
@@ -53,10 +58,15 @@ func syscfg_account(resp http.ResponseWriter, req *http.Request) {
|
|
|
}
|
|
|
|
|
|
func syscfg_account_list(resp http.ResponseWriter, req *http.Request) {
|
|
|
- _, ok := checkLogin(resp, req)
|
|
|
+ sess, ok := checkLogin(resp, req)
|
|
|
if !ok {
|
|
|
return
|
|
|
}
|
|
|
+ if !sess.Account.IsSuper {
|
|
|
+ ret, _ := json.Marshal(ErrorRet{Errno: 404, Error: "Forbidden"})
|
|
|
+ resp.Write(ret)
|
|
|
+ return
|
|
|
+ }
|
|
|
req.ParseForm()
|
|
|
mdlAccounts := model.NewAccounts(Db)
|
|
|
list, err := mdlAccounts.GetAll()
|
|
@@ -69,10 +79,15 @@ func syscfg_account_list(resp http.ResponseWriter, req *http.Request) {
|
|
|
}
|
|
|
|
|
|
func syscfg_account_get(resp http.ResponseWriter, req *http.Request) {
|
|
|
- _, ok := checkLogin(resp, req)
|
|
|
+ sess, ok := checkLogin(resp, req)
|
|
|
if !ok {
|
|
|
return
|
|
|
}
|
|
|
+ if !sess.Account.IsSuper {
|
|
|
+ ret, _ := json.Marshal(ErrorRet{Errno: 404, Error: "Forbidden"})
|
|
|
+ resp.Write(ret)
|
|
|
+ return
|
|
|
+ }
|
|
|
req.ParseForm()
|
|
|
idStr := req.Form.Get("id")
|
|
|
if idStr == "" {
|
|
@@ -95,10 +110,15 @@ func syscfg_account_get(resp http.ResponseWriter, req *http.Request) {
|
|
|
}
|
|
|
|
|
|
func syscfg_account_set(resp http.ResponseWriter, req *http.Request) {
|
|
|
- _, ok := checkLogin(resp, req)
|
|
|
+ sess, ok := checkLogin(resp, req)
|
|
|
if !ok {
|
|
|
return
|
|
|
}
|
|
|
+ if !sess.Account.IsSuper {
|
|
|
+ ret, _ := json.Marshal(ErrorRet{Errno: 404, Error: "Forbidden"})
|
|
|
+ resp.Write(ret)
|
|
|
+ return
|
|
|
+ }
|
|
|
req.ParseForm()
|
|
|
Id := req.PostForm.Get("Id")
|
|
|
Account := req.PostForm.Get("Account")
|
|
@@ -187,6 +207,11 @@ func syscfg_account_del(resp http.ResponseWriter, req *http.Request) {
|
|
|
if !ok {
|
|
|
return
|
|
|
}
|
|
|
+ if !sess.Account.IsSuper {
|
|
|
+ ret, _ := json.Marshal(ErrorRet{Errno: 404, Error: "Forbidden"})
|
|
|
+ resp.Write(ret)
|
|
|
+ return
|
|
|
+ }
|
|
|
req.ParseForm()
|
|
|
idStr := req.Form.Get("id")
|
|
|
if idStr == "" {
|
|
@@ -215,6 +240,11 @@ func syscfg_account_reset_pwd(resp http.ResponseWriter, req *http.Request) {
|
|
|
if !ok {
|
|
|
return
|
|
|
}
|
|
|
+ if !sess.Account.IsSuper {
|
|
|
+ ret, _ := json.Marshal(ErrorRet{Errno: 404, Error: "Forbidden"})
|
|
|
+ resp.Write(ret)
|
|
|
+ return
|
|
|
+ }
|
|
|
req.ParseForm()
|
|
|
idStr := req.PostForm.Get("id")
|
|
|
if idStr == "" {
|