fix: auth issue for target. (#634)

* fix: auth issue for target. * docs: update CHANGELOG.MD
ikaros-dev · Jul 26, 2024 · 4e819c8 · 4e819c8
1 parent 9bc9592
commit 4e819c8
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 15 deletions.
diff --git a/CHANGELOG.MD b/CHANGELOG.MD
@@ -7,6 +7,7 @@
 ## 问题修复
 
 - 条目更新乐观锁问题 #631
+- 授权的附件接口判断问题 #633
 
 # 0.14.1
 

diff --git a/...r/src/main/java/run/ikaros/server/security/authorization/RequestAuthorizationManager.java b/...r/src/main/java/run/ikaros/server/security/authorization/RequestAuthorizationManager.java
@@ -85,19 +85,9 @@ public Mono<AuthorizationDecision> check(Mono<Authentication> authentication,
 
                 if (AuthorityType.API.equals(type)) {
 
-                    if (target.contains("/**")) {
-                        String apiPrefix = target.substring(0, target.lastIndexOf("/**"));
-                        if (!granted && path.contains(apiPrefix)) {
-                            granted = true;
-                            continue;
-                        }
-
-
-                    } else {
-                        if (!granted && path.equalsIgnoreCase(target)) {
-                            granted = true;
-                            continue;
-                        }
+                    if (authTarget(target, path, granted)) {
+                        granted = true;
+                        continue;
                     }
 
                     if (Authorization.Target.ALL.equals(target)
@@ -108,8 +98,10 @@ public Mono<AuthorizationDecision> check(Mono<Authentication> authentication,
 
                     if (!Authorization.Authority.ALL.equals(author) && author.startsWith("HTTP")) {
                         if (author.contains(method.name())) {
-                            granted = true;
-                            continue;
+                            if (authTarget(target, path, granted)) {
+                                granted = true;
+                                continue;
+                            }
                         }
                     }
                 }
@@ -125,4 +117,20 @@ public Mono<AuthorizationDecision> check(Mono<Authentication> authentication,
         });
     }
 
+    private boolean authTarget(String target, String path, boolean granted) {
+        if (target.contains("/**")) {
+            String apiPrefix = target.substring(0, target.lastIndexOf("/**"));
+            if (!granted && path.contains(apiPrefix)) {
+                return true;
+            }
+
+
+        } else {
+            if (!granted && path.equalsIgnoreCase(target)) {
+                return true;
+            }
+        }
+        return granted;
+    }
+
 }