升级IP名单权限判断逻辑

internal/db/models/http_firewall_policy_dao.go

@@ -558,6 +558,7 @@ func (this *HTTPFirewallPolicyDAO) CheckUserFirewallPolicy(tx *dbs.Tx, userId in
 }
 
 // FindEnabledFirewallPolicyIdsWithIPListId 查找包含某个IPList的所有策略
+// TODO 改成通过 serverId 查询
 func (this *HTTPFirewallPolicyDAO) FindEnabledFirewallPolicyIdsWithIPListId(tx *dbs.Tx, ipListId int64) ([]int64, error) {
 	ones, err := this.Query(tx).
 		ResultPk().
@@ -576,6 +577,7 @@ func (this *HTTPFirewallPolicyDAO) FindEnabledFirewallPolicyIdsWithIPListId(tx *
 }
 
 // FindEnabledFirewallPolicyWithIPListId 查找使用某个IPList的策略
+// TODO 改成通过 serverId 查询
 func (this *HTTPFirewallPolicyDAO) FindEnabledFirewallPolicyWithIPListId(tx *dbs.Tx, ipListId int64) (*HTTPFirewallPolicy, error) {
 	one, err := this.Query(tx).
 		State(HTTPFirewallPolicyStateEnabled).

internal/db/models/ip_list_dao.go

@@ -138,10 +138,11 @@ func (this *IPListDAO) FindIPListCacheable(tx *dbs.Tx, listId int64) (*IPList, e
 }
 
 // CreateIPList 创建名单
-func (this *IPListDAO) CreateIPList(tx *dbs.Tx, userId int64, listType ipconfigs.IPListType, name string, code string, timeoutJSON []byte, description string, isPublic bool, isGlobal bool) (int64, error) {
-	op := NewIPListOperator()
+func (this *IPListDAO) CreateIPList(tx *dbs.Tx, userId int64, serverId int64, listType ipconfigs.IPListType, name string, code string, timeoutJSON []byte, description string, isPublic bool, isGlobal bool) (int64, error) {
+	var op = NewIPListOperator()
 	op.IsOn = true
 	op.UserId = userId
+	op.ServerId = serverId
 	op.State = IPListStateEnabled
 	op.Type = listType
 	op.Name = name
@@ -189,26 +190,25 @@ func (this *IPListDAO) CheckUserIPList(tx *dbs.Tx, userId int64, listId int64) e
 		return ErrNotFound
 	}
 
-	ok, err := this.Query(tx).
+	// 获取名单信息
+	listOne, err := this.Query(tx).
 		Pk(listId).
-		Attr("userId", userId).
-		Exist()
+		Result("userId", "serverId").
+		Find()
 	if err != nil {
 		return err
 	}
-	if ok {
+	if listOne == nil {
+		return ErrNotFound
+	}
+	var list = listOne.(*IPList)
+	if int64(list.UserId) == userId {
 		return nil
 	}
 
-	// 检查是否被用户的服务所使用
-	policyIds, err := SharedHTTPFirewallPolicyDAO.FindEnabledFirewallPolicyIdsWithIPListId(tx, listId)
-	if err != nil {
-		return err
-	}
-	for _, policyId := range policyIds {
-		if SharedHTTPFirewallPolicyDAO.CheckUserFirewallPolicy(tx, userId, policyId) == nil {
-			return nil
-		}
+	var serverId = int64(list.ServerId)
+	if serverId > 0 {
+		return SharedServerDAO.CheckUserServer(tx, userId, serverId)
 	}
 
 	return ErrNotFound

internal/db/models/ip_list_dao_test.go

@@ -20,6 +20,39 @@ func TestIPListDAO_IncreaseVersion(t *testing.T) {
 	t.Log("version:", version)
 }
 
+func TestIPListDAO_CheckUserIPList(t *testing.T) {
+	dbs.NotifyReady()
+
+	var tx *dbs.Tx
+
+	{
+		err := NewIPListDAO().CheckUserIPList(tx, 1, 100)
+		if err == ErrNotFound {
+			t.Log("not found")
+		} else {
+			t.Log(err)
+		}
+	}
+
+	{
+		err := NewIPListDAO().CheckUserIPList(tx, 1, 85)
+		if err == ErrNotFound {
+			t.Log("not found")
+		} else {
+			t.Log(err)
+		}
+	}
+
+	{
+		err := NewIPListDAO().CheckUserIPList(tx, 1, 17)
+		if err == ErrNotFound {
+			t.Log("not found")
+		} else {
+			t.Log(err)
+		}
+	}
+}
+
 func BenchmarkIPListDAO_IncreaseVersion(b *testing.B) {
 	runtime.GOMAXPROCS(1)
 
@@ -32,3 +65,4 @@ func BenchmarkIPListDAO_IncreaseVersion(b *testing.B) {
 		_, _ = dao.IncreaseVersion(tx)
 	}
 }
+

internal/db/models/ip_list_model.go

@@ -9,6 +9,7 @@ type IPList struct {
 	Type        string   `field:"type"`        // 类型
 	AdminId     uint32   `field:"adminId"`     // 用户ID
 	UserId      uint32   `field:"userId"`      // 用户ID
+	ServerId    uint64   `field:"serverId"`    // 服务ID
 	Name        string   `field:"name"`        // 列表名
 	Code        string   `field:"code"`        // 代号
 	State       uint8    `field:"state"`       // 状态
@@ -26,6 +27,7 @@ type IPListOperator struct {
 	Type        interface{} // 类型
 	AdminId     interface{} // 用户ID
 	UserId      interface{} // 用户ID
+	ServerId    interface{} // 服务ID
 	Name        interface{} // 列表名
 	Code        interface{} // 代号
 	State       interface{} // 状态