fix: 只读文件也能修改文件
This commit is contained in:
kuaifan
parent
6ef59f703a
commit
6c67ff3fe8
@ -146,7 +146,7 @@ class FileController extends AbstractController
|
||||
//
|
||||
if ($id > 0) {
|
||||
// 修改
|
||||
$file = File::allowFind($id);
|
||||
$file = File::allowFind($id, 1);
|
||||
//
|
||||
$file->name = $name;
|
||||
$file->save();
|
||||
@ -180,7 +180,7 @@ class FileController extends AbstractController
|
||||
if (File::wherePid($pid)->count() >= 300) {
|
||||
return Base::retError('每个文件夹里最多只能创建300个文件或文件夹');
|
||||
}
|
||||
$row = File::allowFind($pid, '主文件不存在');
|
||||
$row = File::allowFind($pid, 1, '主文件不存在');
|
||||
$userid = $row->userid;
|
||||
} else {
|
||||
if (File::whereUserid($user->userid)->wherePid(0)->count() >= 300) {
|
||||
@ -257,13 +257,7 @@ class FileController extends AbstractController
|
||||
$id = intval(Request::input('id'));
|
||||
$pid = intval(Request::input('pid'));
|
||||
//
|
||||
$file = File::whereId($id)->first();
|
||||
if (empty($file)) {
|
||||
return Base::retError('文件不存在或已被删除');
|
||||
}
|
||||
if ($file->userid != $user->userid) {
|
||||
return Base::retError('仅限所有者操作');
|
||||
}
|
||||
$file = File::allowFind($id, 1000);
|
||||
//
|
||||
if ($pid > 0) {
|
||||
if (!File::whereUserid($user->userid)->whereId($pid)->exists()) {
|
||||
@ -293,9 +287,12 @@ class FileController extends AbstractController
|
||||
*/
|
||||
public function remove()
|
||||
{
|
||||
User::auth();
|
||||
//
|
||||
$id = intval(Request::input('id'));
|
||||
//
|
||||
$file = File::allowFind($id);
|
||||
$file = File::allowFind($id, 1000);
|
||||
//
|
||||
$file->deleteFile();
|
||||
return Base::retSuccess('删除成功', $file);
|
||||
}
|
||||
@ -337,7 +334,7 @@ class FileController extends AbstractController
|
||||
$id = Base::getPostInt('id');
|
||||
$content = Base::getPostValue('content');
|
||||
//
|
||||
$file = File::allowFind($id);
|
||||
$file = File::allowFind($id, 1);
|
||||
//
|
||||
$text = '';
|
||||
if ($file->type == 'document') {
|
||||
@ -390,7 +387,7 @@ class FileController extends AbstractController
|
||||
$key = Request::input('key');
|
||||
$url = Request::input('url');
|
||||
//
|
||||
$file = File::allowFind($id);
|
||||
$file = File::allowFind($id, 1);
|
||||
//
|
||||
if ($status === 2) {
|
||||
$parse = parse_url($url);
|
||||
@ -437,7 +434,7 @@ class FileController extends AbstractController
|
||||
if (File::wherePid($pid)->count() >= 300) {
|
||||
return Base::retError('每个文件夹里最多只能创建300个文件或文件夹');
|
||||
}
|
||||
$row = File::allowFind($pid, '主文件不存在');
|
||||
$row = File::allowFind($pid, 1, '主文件不存在');
|
||||
$userid = $row->userid;
|
||||
} else {
|
||||
if (File::whereUserid($user->userid)->wherePid(0)->count() >= 300) {
|
||||
@ -651,16 +648,12 @@ class FileController extends AbstractController
|
||||
*/
|
||||
public function link()
|
||||
{
|
||||
$user = User::auth();
|
||||
User::auth();
|
||||
//
|
||||
$id = intval(Request::input('id'));
|
||||
$refresh = Request::input('refresh', 'no');
|
||||
//
|
||||
$file = File::allowFind($id);
|
||||
//
|
||||
if ($file->userid != $user->userid) {
|
||||
return Base::retError('仅限所有者操作');
|
||||
}
|
||||
$file = File::allowFind($id, 1000);
|
||||
if ($file->type == 'folder') {
|
||||
return Base::retError('文件夹暂不支持此功能');
|
||||
}
|
||||
|
||||
@ -53,11 +53,19 @@ class File extends AbstractModel
|
||||
/**
|
||||
* 是否有访问权限
|
||||
* @param $userid
|
||||
* @param int $permission 要求权限: 0-访问权限、1-读写权限、1000-所有者
|
||||
*/
|
||||
public function exceAllow($userid)
|
||||
public function exceAllow($userid, $permission = 0)
|
||||
{
|
||||
if ($this->chackAllow($userid) === -1) {
|
||||
throw new ApiException('没有访问权限');
|
||||
if ($this->chackAllow($userid) < $permission) {
|
||||
if ($permission == 1000) {
|
||||
$msg = '仅限所有者操作';
|
||||
} elseif ($permission == 1) {
|
||||
$msg = '没有读写权限';
|
||||
} else {
|
||||
$msg = '没有访问权限';
|
||||
}
|
||||
throw new ApiException($msg);
|
||||
}
|
||||
}
|
||||
|
||||
@ -66,13 +74,13 @@ class File extends AbstractModel
|
||||
* ① 自己的文件夹
|
||||
* ② 在指定共享成员内
|
||||
* @param $userid
|
||||
* @return int -1:没有权限,0:只读,1:读写
|
||||
* @return int -1:没有权限,0:访问权限,1:读写权限,1000:所有者
|
||||
*/
|
||||
public function chackAllow($userid)
|
||||
{
|
||||
if ($userid == $this->userid) {
|
||||
// ① 自己的文件夹
|
||||
return 1;
|
||||
return 1000;
|
||||
}
|
||||
$row = $this->getShareInfo();
|
||||
if ($row) {
|
||||
@ -230,16 +238,17 @@ class File extends AbstractModel
|
||||
/**
|
||||
* 获取文件并检测权限
|
||||
* @param $id
|
||||
* @param null $noExistTis
|
||||
* @param int $permission 要求权限: 0-访问权限、1-读写权限、1000-所有者
|
||||
* @param null $noExistTis 文件不存在的描述
|
||||
* @return File
|
||||
*/
|
||||
public static function allowFind($id, $noExistTis = null)
|
||||
public static function allowFind($id, $permission = 0, $noExistTis = null)
|
||||
{
|
||||
$file = File::find($id);
|
||||
if (empty($file)) {
|
||||
throw new ApiException($noExistTis ?: '文件不存在或已被删除');
|
||||
}
|
||||
$file->exceAllow(User::userid());
|
||||
$file->exceAllow(User::userid(), $permission);
|
||||
return $file;
|
||||
}
|
||||
}
|
||||
|
||||
@ -475,7 +475,7 @@ export default {
|
||||
let {pid, files} = this;
|
||||
let array = [];
|
||||
while (pid > 0) {
|
||||
let file = files.find(({id, allow}) => id == pid && allow !== -1);
|
||||
let file = files.find(({id, allow}) => id == pid && allow > -1);
|
||||
if (file) {
|
||||
array.unshift(file);
|
||||
pid = file.pid;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user