cid添加run权限判断

handler/cid.go

@@ -50,10 +50,17 @@ func SetUpCIDGroup(router *gin.Engine) {
 }
 func RunCID(c *gin.Context) {
 	var req CIDRunReq
-	if err := c.ShouldBind(&req); err == nil {
-		// 获取用户ID
 	id, _ := c.Get("id")
 	authID := int(id.(float64))
+	//获取权限
+	user := dao.FindUserByUserID(authID)
+	if user.Run == false {
+		c.JSON(200, gin.H{"error": "no run Permissions", "code": proto.NoRunPermissions, "message": "no run Permissions"})
+		return
+	}
+
+	if err := c.ShouldBind(&req); err == nil {
+		// 获取用户ID
 		username, _ := c.Get("username")
 		cid := dao.FindCIDByID(req.ID, authID)
 		if cid.ID == 0 {
@@ -165,11 +172,18 @@ func CIDCallback(c *gin.Context) {
 	fmt.Println("token:", token, "cid_id:", cid_id)
 	//将cid转换为int
 	cid, _ := strconv.Atoi(cid_id)
+
 	if token == "" || cid == 0 {
 		c.JSON(200, gin.H{"error": "parameter error", "code": proto.ParameterError, "message": "failed"})
 		return
 	}
 	res := dao.FindCIDByIDAndToken(cid, token)
+
+	user := dao.FindUserByUserID(res.Auth_id)
+	if user.Run == false {
+		c.JSON(200, gin.H{"error": "no run Permissions", "code": proto.NoRunPermissions, "message": "the user has no run Permissions"})
+		return
+	}
 	if res.ID != 0 {
 		user := dao.FindUserByID(res.Auth_id)
 		go RunShell(user[0].Name, res.Url, res.Script, int(res.ID), res.Auth_id)

proto/status.go

@@ -44,4 +44,6 @@ const (
 
 	//Tool
 	NoRedisPermissions  = 51
+	NoRunPermissions    = 52
+	NoDevicePermissions = 53
 )