mirror of
https://github.com/linux-do/new-api.git
synced 2025-09-17 16:06:38 +08:00
fix: error user role
This commit is contained in:
1808837298@qq.com
parent
50eab6b4e4
commit
221894d972
@ -126,6 +126,10 @@ const (
|
|||||||
RoleRootUser = 100
|
RoleRootUser = 100
|
||||||
)
|
)
|
||||||
|
|
||||||
|
func IsValidateRole(role int) bool {
|
||||||
|
return role == RoleGuestUser || role == RoleCommonUser || role == RoleAdminUser || role == RoleRootUser
|
||||||
|
}
|
||||||
|
|
||||||
var (
|
var (
|
||||||
FileUploadPermission = RoleGuestUser
|
FileUploadPermission = RoleGuestUser
|
||||||
FileDownloadPermission = RoleGuestUser
|
FileDownloadPermission = RoleGuestUser
|
||||||
|
|||||||
@ -7,6 +7,7 @@ import (
|
|||||||
"one-api/common"
|
"one-api/common"
|
||||||
"one-api/model"
|
"one-api/model"
|
||||||
"strconv"
|
"strconv"
|
||||||
|
"strings"
|
||||||
"sync"
|
"sync"
|
||||||
|
|
||||||
"github.com/gin-contrib/sessions"
|
"github.com/gin-contrib/sessions"
|
||||||
@ -616,6 +617,7 @@ func DeleteSelf(c *gin.Context) {
|
|||||||
func CreateUser(c *gin.Context) {
|
func CreateUser(c *gin.Context) {
|
||||||
var user model.User
|
var user model.User
|
||||||
err := json.NewDecoder(c.Request.Body).Decode(&user)
|
err := json.NewDecoder(c.Request.Body).Decode(&user)
|
||||||
|
user.Username = strings.TrimSpace(user.Username)
|
||||||
if err != nil || user.Username == "" || user.Password == "" {
|
if err != nil || user.Username == "" || user.Password == "" {
|
||||||
c.JSON(http.StatusOK, gin.H{
|
c.JSON(http.StatusOK, gin.H{
|
||||||
"success": false,
|
"success": false,
|
||||||
@ -663,8 +665,8 @@ func CreateUser(c *gin.Context) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
type ManageRequest struct {
|
type ManageRequest struct {
|
||||||
Username string `json:"username"`
|
Id int `json:"id"`
|
||||||
Action string `json:"action"`
|
Action string `json:"action"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// ManageUser Only admin user can do this
|
// ManageUser Only admin user can do this
|
||||||
@ -680,7 +682,7 @@ func ManageUser(c *gin.Context) {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
user := model.User{
|
user := model.User{
|
||||||
Username: req.Username,
|
Id: req.Id,
|
||||||
}
|
}
|
||||||
// Fill attributes
|
// Fill attributes
|
||||||
model.DB.Unscoped().Where(&user).First(&user)
|
model.DB.Unscoped().Where(&user).First(&user)
|
||||||
|
|||||||
@ -10,6 +10,17 @@ import (
|
|||||||
"strings"
|
"strings"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
func validUserInfo(username string, role int) bool {
|
||||||
|
// check username is empty
|
||||||
|
if strings.TrimSpace(username) == "" {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
if !common.IsValidateRole(role) {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
||||||
func authHelper(c *gin.Context, minRole int) {
|
func authHelper(c *gin.Context, minRole int) {
|
||||||
session := sessions.Default(c)
|
session := sessions.Default(c)
|
||||||
username := session.Get("username")
|
username := session.Get("username")
|
||||||
@ -30,6 +41,14 @@ func authHelper(c *gin.Context, minRole int) {
|
|||||||
}
|
}
|
||||||
user := model.ValidateAccessToken(accessToken)
|
user := model.ValidateAccessToken(accessToken)
|
||||||
if user != nil && user.Username != "" {
|
if user != nil && user.Username != "" {
|
||||||
|
if !validUserInfo(user.Username, user.Role) {
|
||||||
|
c.JSON(http.StatusOK, gin.H{
|
||||||
|
"success": false,
|
||||||
|
"message": "无权进行此操作,用户信息无效",
|
||||||
|
})
|
||||||
|
c.Abort()
|
||||||
|
return
|
||||||
|
}
|
||||||
// Token is valid
|
// Token is valid
|
||||||
username = user.Username
|
username = user.Username
|
||||||
role = user.Role
|
role = user.Role
|
||||||
@ -91,6 +110,14 @@ func authHelper(c *gin.Context, minRole int) {
|
|||||||
c.Abort()
|
c.Abort()
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
if !validUserInfo(username.(string), role.(int)) {
|
||||||
|
c.JSON(http.StatusOK, gin.H{
|
||||||
|
"success": false,
|
||||||
|
"message": "无权进行此操作,用户信息无效",
|
||||||
|
})
|
||||||
|
c.Abort()
|
||||||
|
return
|
||||||
|
}
|
||||||
c.Set("username", username)
|
c.Set("username", username)
|
||||||
c.Set("role", role)
|
c.Set("role", role)
|
||||||
c.Set("id", id)
|
c.Set("id", id)
|
||||||
|
|||||||
@ -295,11 +295,12 @@ func (user *User) ValidateAndFill() (err error) {
|
|||||||
// that means if your field’s value is 0, '', false or other zero values,
|
// that means if your field’s value is 0, '', false or other zero values,
|
||||||
// it won’t be used to build query conditions
|
// it won’t be used to build query conditions
|
||||||
password := user.Password
|
password := user.Password
|
||||||
if user.Username == "" || password == "" {
|
username := strings.TrimSpace(user.Username)
|
||||||
|
if username == "" || password == "" {
|
||||||
return errors.New("用户名或密码为空")
|
return errors.New("用户名或密码为空")
|
||||||
}
|
}
|
||||||
// find buy username or email
|
// find buy username or email
|
||||||
DB.Where("username = ? OR email = ?", user.Username, user.Username).First(user)
|
DB.Where("username = ? OR email = ?", username, username).First(user)
|
||||||
okay := common.ValidatePasswordAndHash(password, user.Password)
|
okay := common.ValidatePasswordAndHash(password, user.Password)
|
||||||
if !okay || user.Status != common.UserStatusEnabled {
|
if !okay || user.Status != common.UserStatusEnabled {
|
||||||
return errors.New("用户名或密码错误,或用户已被封禁")
|
return errors.New("用户名或密码错误,或用户已被封禁")
|
||||||
|
|||||||
@ -151,7 +151,7 @@ const UsersTable = () => {
|
|||||||
title='确定?'
|
title='确定?'
|
||||||
okType={'warning'}
|
okType={'warning'}
|
||||||
onConfirm={() => {
|
onConfirm={() => {
|
||||||
manageUser(record.username, 'promote', record);
|
manageUser(record.id, 'promote', record);
|
||||||
}}
|
}}
|
||||||
>
|
>
|
||||||
<Button theme='light' type='warning' style={{ marginRight: 1 }}>
|
<Button theme='light' type='warning' style={{ marginRight: 1 }}>
|
||||||
@ -162,7 +162,7 @@ const UsersTable = () => {
|
|||||||
title='确定?'
|
title='确定?'
|
||||||
okType={'warning'}
|
okType={'warning'}
|
||||||
onConfirm={() => {
|
onConfirm={() => {
|
||||||
manageUser(record.username, 'demote', record);
|
manageUser(record.id, 'demote', record);
|
||||||
}}
|
}}
|
||||||
>
|
>
|
||||||
<Button
|
<Button
|
||||||
@ -179,7 +179,7 @@ const UsersTable = () => {
|
|||||||
type='warning'
|
type='warning'
|
||||||
style={{ marginRight: 1 }}
|
style={{ marginRight: 1 }}
|
||||||
onClick={async () => {
|
onClick={async () => {
|
||||||
manageUser(record.username, 'disable', record);
|
manageUser(record.id, 'disable', record);
|
||||||
}}
|
}}
|
||||||
>
|
>
|
||||||
禁用
|
禁用
|
||||||
@ -190,7 +190,7 @@ const UsersTable = () => {
|
|||||||
type='secondary'
|
type='secondary'
|
||||||
style={{ marginRight: 1 }}
|
style={{ marginRight: 1 }}
|
||||||
onClick={async () => {
|
onClick={async () => {
|
||||||
manageUser(record.username, 'enable', record);
|
manageUser(record.id, 'enable', record);
|
||||||
}}
|
}}
|
||||||
disabled={record.status === 3}
|
disabled={record.status === 3}
|
||||||
>
|
>
|
||||||
@ -214,7 +214,7 @@ const UsersTable = () => {
|
|||||||
okType={'danger'}
|
okType={'danger'}
|
||||||
position={'left'}
|
position={'left'}
|
||||||
onConfirm={() => {
|
onConfirm={() => {
|
||||||
manageUser(record.username, 'delete', record).then(() => {
|
manageUser(record.id, 'delete', record).then(() => {
|
||||||
removeRecord(record.id);
|
removeRecord(record.id);
|
||||||
});
|
});
|
||||||
}}
|
}}
|
||||||
@ -303,9 +303,9 @@ const UsersTable = () => {
|
|||||||
fetchGroups().then();
|
fetchGroups().then();
|
||||||
}, []);
|
}, []);
|
||||||
|
|
||||||
const manageUser = async (username, action, record) => {
|
const manageUser = async (userId, action, record) => {
|
||||||
const res = await API.post('/api/user/manage', {
|
const res = await API.post('/api/user/manage', {
|
||||||
username,
|
id: userId,
|
||||||
action,
|
action,
|
||||||
});
|
});
|
||||||
const { success, message } = res.data;
|
const { success, message } = res.data;
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user