fumiama/paper-manager
1
0
Fork 0
mirror of https://github.com/fumiama/paper-manager.git synced 2026-06-28 06:40:28 +08:00
Code Activity

add /api/setRole /api/disableUser

Browse Source
This commit is contained in:
源文雨
2023-03-21 13:56:45 +08:00
parent 0b166c6302
commit 7132aab796
8 changed files with 175 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
backend/api.go
View File

@@ -6,6 +6,7 @@ import (
"strconv" "strconv"
"strings" "strings"
"github.com/fumiama/paper-manager/backend/global"
"github.com/fumiama/paper-manager/backend/utils" "github.com/fumiama/paper-manager/backend/utils"
) )
@@ -238,6 +239,73 @@ func init() {
writeresult(w, codeSuccess, &message{M: "成功"}, messageOk, typeSuccess) writeresult(w, codeSuccess, &message{M: "成功"}, messageOk, typeSuccess)
}} }}
apimap["/api/setRole"] = &apihandler{"POST", func(w http.ResponseWriter, r *http.Request) {
type setrolebody struct {
ID int `json:"id"`
Role global.UserRole `json:"role"`
}
token := r.Header.Get("Authorization")
user := usertokens.Get(token)
if user == nil {
writeresult(w, codeError, nil, errInvalidToken.Error(), typeError)
return
}
if !user.IsSuper() {
writeresult(w, codeError, nil, errNoSetRolePermission.Error(), typeError)
return
}
var body setrolebody
defer r.Body.Close()
err := json.NewDecoder(r.Body).Decode(&body)
if err != nil {
writeresult(w, codeError, nil, err.Error(), typeError)
return
}
if body.ID == *user.ID {
writeresult(w, codeError, nil, "cannot set self", typeError)
return
}
err = setUserRole(body.ID, body.Role, user.Name)
if err != nil {
writeresult(w, codeError, nil, err.Error(), typeError)
return
}
writeresult(w, codeSuccess, nil, messageOk, typeSuccess)
}}
apimap["/api/disableUser"] = &apihandler{"POST", func(w http.ResponseWriter, r *http.Request) {
type disableuserbody struct {
ID int `json:"id"`
}
token := r.Header.Get("Authorization")
user := usertokens.Get(token)
if user == nil {
writeresult(w, codeError, nil, errInvalidToken.Error(), typeError)
return
}
if !user.IsSuper() {
writeresult(w, codeError, nil, errNoSetRolePermission.Error(), typeError)
return
}
var body disableuserbody
defer r.Body.Close()
err := json.NewDecoder(r.Body).Decode(&body)
if err != nil {
writeresult(w, codeError, nil, err.Error(), typeError)
return
}
if body.ID == *user.ID {
writeresult(w, codeError, nil, "cannot disbale self", typeError)
return
}
err = global.UserDB.DisableUser(body.ID, user.Name)
if err != nil {
writeresult(w, codeError, nil, err.Error(), typeError)
return
}
writeresult(w, codeSuccess, nil, messageOk, typeSuccess)
}}
apimap["/api/resetPassword"] = &apihandler{"POST", func(w http.ResponseWriter, r *http.Request) { apimap["/api/resetPassword"] = &apihandler{"POST", func(w http.ResponseWriter, r *http.Request) {
type resetpwdbody struct { type resetpwdbody struct {
Username string `json:"username"` Username string `json:"username"`

41
backend/global/user.go
View File

@@ -14,10 +14,15 @@ const (
RoleSuper RoleSuper
RoleFileManager RoleFileManager
RoleUser RoleUser
RoleTop
) )
type UserRole uint8 type UserRole uint8
func (r UserRole) IsVaild() bool {
return r > RoleNil && r < RoleTop
}
func (r UserRole) String() string { func (r UserRole) String() string {
switch r { switch r {
case RoleSuper: case RoleSuper:
@@ -27,7 +32,7 @@ func (r UserRole) String() string {
case RoleUser: case RoleUser:
return "user" return "user"
} }
return "nil" return "invalid"
} }
func (r UserRole) Nick() string { func (r UserRole) Nick() string {
@@ -39,7 +44,7 @@ func (r UserRole) Nick() string {
case RoleUser: case RoleUser:
return "课程组员" return "课程组员"
} }
return "nil" return "非法角色"
} }
const ( const (
@@ -156,7 +161,7 @@ func (u *UserDatabase) AddUser(user *User, opname string) error {
if err != nil { if err != nil {
return err return err
} }
return u.SendMessage("创建了账号", opname, *nu.ID) return u.SendMessage(opname+"创建了账号", opname, *nu.ID)
} }
// UpdateUserInfo ... // UpdateUserInfo ...
@@ -180,7 +185,7 @@ func (u *UserDatabase) UpdateUserInfo(id int, opname, nick, avtr, desc string) e
if err != nil { if err != nil {
return err return err
} }
return u.SendMessage("更新了个人信息", opname, *user.ID) return u.SendMessage(opname+"更新了个人信息", opname, *user.ID)
} }
// UpdateUserRole ... // UpdateUserRole ...
@@ -199,7 +204,25 @@ func (u *UserDatabase) UpdateUserRole(id int, nr UserRole, opname string) error
if err != nil { if err != nil {
return err return err
} }
return u.SendMessage("您的权限被变更为"+user.Role.Nick(), opname, *user.ID) return u.SendMessage("您的权限被"+opname+"变更为"+user.Role.Nick(), opname, *user.ID)
}
// DisableUser ...
func (u *UserDatabase) DisableUser(id int, opname string) error {
user, err := u.GetUserByID(id)
if err != nil {
return err
}
user.Last = time.Now().Unix()
user.Pswd = ""
_ = u.SendMessage("账户被"+opname+"禁用", opname, *user.ID)
u.mu.Lock()
err = u.db.Insert(UserTableUser, &user)
u.mu.Unlock()
if err != nil {
return err
}
return u.SendMessage(user.Name+"的账户被"+opname+"禁用", opname, *user.ID)
} }
// UpdateUserPassword ... // UpdateUserPassword ...
@@ -220,7 +243,7 @@ func (u *UserDatabase) UpdateUserPassword(id int, opname, npwd string) error {
if err != nil { if err != nil {
return err return err
} }
return u.SendMessage("更新了密码", opname, *user.ID) return u.SendMessage(opname+"更新了密码", opname, *user.ID)
} }
// UpdateUserContact ... // UpdateUserContact ...
@@ -240,7 +263,7 @@ func (u *UserDatabase) UpdateUserContact(id int, opname, ncont string) error {
if err != nil { if err != nil {
return err return err
} }
return u.SendMessage("更新了联系方式", opname, *user.ID) return u.SendMessage(opname+"更新了联系方式", opname, *user.ID)
} }
// GetUserByName avoids sql injection by limiting username to 0-9A-Za-z // GetUserByName avoids sql injection by limiting username to 0-9A-Za-z
@@ -304,7 +327,9 @@ func (u *UserDatabase) GetUsers() (users []User, err error) {
users = make([]User, n) users = make([]User, n)
i := 0 i := 0
err = u.db.FindFor(UserTableUser, &user, "", func() error { err = u.db.FindFor(UserTableUser, &user, "", func() error {
user.Pswd = "" if user.Pswd != "" {
user.Pswd = "-"
}
users[i] = user users[i] = user
i++ i++
if i > n { if i > n {

4
backend/login.go
View File

@@ -24,6 +24,7 @@ var (
errEmptySalt = errors.New("empty salt") errEmptySalt = errors.New("empty salt")
errWrongPassword = errors.New("invalid username or password") errWrongPassword = errors.New("invalid username or password")
errTooManyFailedLogins = errors.New("too many failed logins") errTooManyFailedLogins = errors.New("too many failed logins")
errAccountIsDisabled = errors.New("account is disabled")
) )
const ( const (
@@ -119,6 +120,9 @@ func login(username, challenge string) (*loginResult, error) {
if err != nil { if err != nil {
return nil, err return nil, err
} }
if user.Pswd == "" {
return nil, errAccountIsDisabled
}
h := md5.New() h := md5.New()
h.Write(base14.StringToBytes(user.Pswd)) h.Write(base14.StringToBytes(user.Pswd))
h.Write(base14.StringToBytes(salt.Salt)) h.Write(base14.StringToBytes(salt.Salt))

17
backend/user.go
View File

@@ -20,6 +20,8 @@ const (
var ( var (
errInvalidToken = errors.New("invalid token") errInvalidToken = errors.New("invalid token")
errNoListUsersPermission = errors.New("no list users permission") errNoListUsersPermission = errors.New("no list users permission")
errNoSetRolePermission = errors.New("no set role permission")
errInvalidRole = errors.New("invalid role")
) )
type getUserInfoResult struct { type getUserInfoResult struct {
@@ -94,6 +96,7 @@ type getUsersListResult struct {
ID int `json:"id"` ID int `json:"id"`
Name string `json:"name"` Name string `json:"name"`
Nick string `json:"nick"` Nick string `json:"nick"`
Stat bool `json:"stat"`
Role string `json:"role"` Role string `json:"role"`
Date string `json:"date"` Date string `json:"date"`
Desc string `json:"desc"` Desc string `json:"desc"`
@@ -116,8 +119,9 @@ func getUsersList(token string) ([]getUsersListResult, error) {
ret[i].ID = *u.ID ret[i].ID = *u.ID
ret[i].Name = u.Name ret[i].Name = u.Name
ret[i].Nick = u.Nick ret[i].Nick = u.Nick
ret[i].Stat = u.Pswd != ""
ret[i].Role = u.Role.Nick() ret[i].Role = u.Role.Nick()
ret[i].Date = time.Unix(user.Date, 0).Format(chineseDateLayout) ret[i].Date = time.Unix(u.Date, 0).Format(chineseDateLayout)
ret[i].Desc = u.Desc ret[i].Desc = u.Desc
} }
return ret, nil return ret, nil
@@ -192,6 +196,17 @@ func setUserInfo(id int, nick, desc, avtr *string) error {
return global.UserDB.UpdateUserInfo(id, user.Name, n, a, d) return global.UserDB.UpdateUserInfo(id, user.Name, n, a, d)
} }
func setUserRole(id int, role global.UserRole, opname string) error {
if !role.IsVaild() {
return errInvalidRole
}
user, err := global.UserDB.GetUserByID(id)
if err != nil {
return err
}
return global.UserDB.UpdateUserRole(*user.ID, role, opname)
}
func resetPassword(ip, name, mobile string) error { func resetPassword(ip, name, mobile string) error {
if registerlimit.Get(ip) { if registerlimit.Get(ip) {
return errRequestTooFast return errRequestTooFast

8
frontend/vben/src/api/sys/user.ts
View File

@@ -29,6 +29,8 @@ enum Api {
GetUsersCount = '/getUsersCount', GetUsersCount = '/getUsersCount',
GetUsersList = '/getUsersList', GetUsersList = '/getUsersList',
IsNameExist = '/isNameExist', IsNameExist = '/isNameExist',
SetRole = '/setRole',
SetStatus = '/setStatus',
} }
/** /**
@@ -162,3 +164,9 @@ export function isNameExist(username: string) {
export function doLogout() { export function doLogout() {
return defHttp.get({ url: Api.Logout }, { errorMessageMode: 'none' }) return defHttp.get({ url: Api.Logout }, { errorMessageMode: 'none' })
} }
export const setRole = (id: number, role: number) =>
defHttp.post({ url: Api.SetRole, params: { id, role } })
export const setStatus = (id: number, stat: boolean) =>
defHttp.post({ url: Api.SetStatus, params: { id, stat } })

3
frontend/vben/src/views/dashboard/account/AccountModal.vue
View File

@@ -25,6 +25,9 @@
field: 'name', field: 'name',
label: '用户名', label: '用户名',
component: 'Input', component: 'Input',
ifShow: () => {
return !unref(isUpdate)
},
rules: [ rules: [
{ {
required: true, required: true,

44
frontend/vben/src/views/dashboard/account/account.data.ts
View File

@@ -1,5 +1,9 @@
import { BasicColumn } from '/@/components/Table' import { BasicColumn } from '/@/components/Table'
import { FormSchema } from '/@/components/Table' import { FormSchema } from '/@/components/Table'
import { h } from 'vue'
import { Switch } from 'ant-design-vue'
import { useMessage } from '/@/hooks/web/useMessage'
import { setStatus } from '/@/api/sys/user'
export const columns: BasicColumn[] = [ export const columns: BasicColumn[] = [
{ {
@@ -12,15 +16,51 @@ export const columns: BasicColumn[] = [
dataIndex: 'nick', dataIndex: 'nick',
width: 120, width: 120,
}, },
{
title: '状态',
dataIndex: 'stat',
width: 120,
customRender: ({ record }) => {
if (!Reflect.has(record, 'pendingStatus')) {
record.pendingStatus = false
}
return h(Switch, {
checked: record.stat,
checkedChildren: '已启用',
unCheckedChildren: '已禁用',
loading: record.pendingStatus,
onChange(checked: boolean) {
const { createMessage } = useMessage()
if (checked) {
record.stat = false
createMessage.error('请让用户通过找回密码启用账户')
return
}
record.pendingStatus = true
setStatus(record.id, checked)
.then(() => {
record.stat = checked
createMessage.success(`已成功禁用账户并清空密码, 如需重新启用, 请让用户找回密码`)
})
.catch((error) => {
createMessage.error('禁用失败: ' + (error as unknown as Error).message)
})
.finally(() => {
record.pendingStatus = false
})
},
})
},
},
{ {
title: '创建时间', title: '创建时间',
dataIndex: 'date', dataIndex: 'date',
width: 180, width: 240,
}, },
{ {
title: '角色', title: '角色',
dataIndex: 'role', dataIndex: 'role',
width: 200, width: 120,
}, },
{ {
title: '简介', title: '简介',

3
frontend/vben/src/views/dashboard/account/index.vue
View File

@@ -97,8 +97,7 @@
if (isUpdate) { if (isUpdate) {
// 演示不刷新表格直接更新内部数据。 // 演示不刷新表格直接更新内部数据。
// 注意updateTableDataRecord要求表格的rowKey属性为string并且存在于每一行的record的keys中 // 注意updateTableDataRecord要求表格的rowKey属性为string并且存在于每一行的record的keys中
const result = updateTableDataRecord(values.id, values) updateTableDataRecord(values.id, values)
console.log(result)
} else { } else {
reload() reload()
} }