From 7f085a321cc26c7aaefe67d08deb89d05936a00f Mon Sep 17 00:00:00 2001
From: satori <huan0016@gmail.com>
Date: Wed, 2 Feb 2022 20:13:16 +0800
Subject: [PATCH] =?UTF-8?q?=E5=AE=89=E5=85=A8=E6=9B=B4=E6=96=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 index.js | 35 ++++++++++++++++++++++++++++-------
 1 file changed, 28 insertions(+), 7 deletions(-)

diff --git a/index.js b/index.js
index eb46aab..ba98ff6 100644
--- a/index.js
+++ b/index.js
@@ -22,10 +22,15 @@ const session_store = sessionDb(session, db('session'))
 // 登录验证
 const online = function (req, res, next) {
   if (!req.session.account) return res.status(401).send('未登录')
-  if (req.session.account.gid != 1) req.params.uid = req.session.account.uid
+  if (req.session.account.gid !== 1) req.params.uid = req.session.account.uid
   next()
 }
 
+// 权限(合并优化)
+const admin = function (account, item) {
+  return (account.gid === 1 || account.uid === item.uid)
+}
+
 // 列表计量
 const count_load = async (name, query) => await new Promise(resolve => db(name).count(query, (err, count) => resolve(count)))
 
@@ -183,6 +188,13 @@ const object_list = async function (req, res) {
       } else {
         item.user = await user_load(item.uid) // 附加用户信息(user对象没有作者)
       }
+      if (req.params.name != 'user' && req.session.account) {
+        item.like = !!(await count_load('like', {
+          attach: req.params.name,
+          aid: item._id,
+          uid: req.session.account.uid
+        }))
+      }
       return item
     })))
   })
@@ -268,17 +280,25 @@ const object_create = async function (req, res) {
   })
 }
 
+//import memory from "./memory.js"
+//function object_patch(req, res, next) {
+//  let obj = new memory({ name: req.params.name, _id: req.params._id })
+//  return res.send(obj.PATCH({ account: req.session.account, data: req.body }))
+//}
+
 // 修改对象
-const object_patch = function (req, res) {
+function object_patch(req, res, next) {
   return db(req.params.name).findOne({ _id: req.params._id }, function (err, doc) {
     if (!doc) return res.status(404).send('目标对象不存在')
     // 如果是 user 做一些特殊处理
     if (req.params.name === 'user') {
-      if (req.session.account.uid !== doc._id && req.session.account.gid !== 1) {
-        return res.status(403).send('没有权限修改账户')
-      }
-      if (req.body.gid && req.session.account.gid !== 1) {
-        return res.status(403).send('没有权限修改权限')
+      if (req.session.account.gid !== 1) {
+        if (req.session.account.uid !== doc._id) {
+          return res.status(403).send('没有权限修改账户')
+        }
+        if (typeOf(req.body.gid) == "undefined") {
+          return res.status(403).send('没有权限修改权限')
+        }
       }
       if (req.body.password) {
         req.body.salt = random(32)                                 // 密码加盐
@@ -322,6 +342,7 @@ const object_remove = function (req, res) {
     }
 
     // TODO: 处理掉一些附属对象
+    // 似乎要遍历所有对象类型?
 
     return db(req.params.name).remove({ _id: req.params._id }, function (err, count) {
       return count ? res.send('删除成功') : res.status(403).send('删除失败')