gameui/ai
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

users 權限

Browse Source
This commit is contained in:
桜華
2023-05-16 04:32:50 +08:00
parent 346f9093b8
commit 983447bfc2
1 changed files with 66 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

89
routers/users.go
View File

@@ -50,6 +50,11 @@ func UsersPost(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("400 - " + err.Error())) w.Write([]byte("400 - " + err.Error()))
return return
} }
// 如果是第一個用戶, 設置為管理員
if user.ID == 1 {
user.Admin = true
configs.ORMDB().Save(&user)
}
// 返回信息 // 返回信息
w.Header().Set("Content-Type", "application/json; charset=utf-8") w.Header().Set("Content-Type", "application/json; charset=utf-8")
w.Write(utils.ToJSON(user)) w.Write(utils.ToJSON(user))
@@ -69,32 +74,70 @@ func UsersItemGet(w http.ResponseWriter, r *http.Request) {
// 更新用戶 // 更新用戶
func UsersItemPatch(w http.ResponseWriter, r *http.Request) { func UsersItemPatch(w http.ResponseWriter, r *http.Request) {
form := utils.BodyRead(r) models.AccountRead(w, r, func(account *models.Account) {
user := models.User{ID: utils.ParamInt(mux.Vars(r)["id"], 0)} var form map[string]interface{} = utils.BodyRead(r)
configs.ORMDB().First(&user) var user models.User = models.User{ID: utils.ParamInt(mux.Vars(r)["id"], 0)}
if name, ok := form["name"].(string); ok { configs.ORMDB().First(&user)
user.Name = name
}
if email, ok := form["email"].(string); ok {
user.Email = email
}
if password, ok := form["password"].(string); ok {
user.Slat = uuid.New().String()
user.Password = fmt.Sprintf("%x", md5.Sum([]byte(password+user.Slat)))
}
if admin, ok := form["admin"].(bool); ok {
user.Admin = admin
}
configs.ORMDB().Save(&user) // 只有自己的賬戶或是管理員才能更新用戶信息
w.Header().Set("Content-Type", "application/json; charset=utf-8") if account.ID != user.ID && !account.Admin {
w.Write(utils.ToJSON(user)) w.WriteHeader(http.StatusForbidden)
w.Write([]byte("403 - Forbidden"))
return
}
// 用戶不能修改管理員權限, 管理員不能修改自己的管理員權限
if account.ID == user.ID || !account.Admin {
delete(form, "admin")
}
if name, ok := form["name"].(string); ok {
user.Name = name
}
if email, ok := form["email"].(string); ok {
user.Email = email
}
if password, ok := form["password"].(string); ok {
user.Slat = uuid.New().String()
user.Password = fmt.Sprintf("%x", md5.Sum([]byte(password+user.Slat)))
}
if admin, ok := form["admin"].(bool); ok {
user.Admin = admin
}
configs.ORMDB().Save(&user)
w.Header().Set("Content-Type", "application/json; charset=utf-8")
w.Write(utils.ToJSON(user))
})
} }
// 刪除用戶 // 刪除用戶
func UsersItemDelete(w http.ResponseWriter, r *http.Request) { func UsersItemDelete(w http.ResponseWriter, r *http.Request) {
user := models.User{ID: utils.ParamInt(mux.Vars(r)["id"], 0)} models.AccountRead(w, r, func(account *models.Account) {
configs.ORMDB().Delete(&user) var user models.User = models.User{ID: utils.ParamInt(mux.Vars(r)["id"], 0)}
w.Header().Set("Content-Type", "application/json; charset=utf-8")
w.Write(utils.ToJSON(user)) // 獲取目標用戶
if err := configs.ORMDB().First(&user).Error; err != nil {
w.WriteHeader(http.StatusNotFound)
w.Write([]byte("404 - " + err.Error()))
return
}
// 只有自己的賬戶或是管理員才能刪除用戶
if account.ID != user.ID && !account.Admin {
w.WriteHeader(http.StatusForbidden)
w.Write([]byte("403 - 只有自己的賬戶或是管理員才能刪除用戶"))
return
}
// 管理員不能刪除自己
if account.ID == user.ID && account.Admin {
w.WriteHeader(http.StatusForbidden)
w.Write([]byte("403 - 管理員不能刪除自己"))
return
}
configs.ORMDB().Delete(&user)
w.Header().Set("Content-Type", "application/json; charset=utf-8")
w.Write(utils.ToJSON(user))
})
} }