fix: 只读文件也能修改文件

This commit is contained in:
kuaifan 2021-12-29 21:57:23 +08:00
parent 6ef59f703a
commit 6c67ff3fe8
3 changed files with 30 additions and 28 deletions

View File

@ -146,7 +146,7 @@ class FileController extends AbstractController
//
if ($id > 0) {
// 修改
$file = File::allowFind($id);
$file = File::allowFind($id, 1);
//
$file->name = $name;
$file->save();
@ -180,7 +180,7 @@ class FileController extends AbstractController
if (File::wherePid($pid)->count() >= 300) {
return Base::retError('每个文件夹里最多只能创建300个文件或文件夹');
}
$row = File::allowFind($pid, '主文件不存在');
$row = File::allowFind($pid, 1, '主文件不存在');
$userid = $row->userid;
} else {
if (File::whereUserid($user->userid)->wherePid(0)->count() >= 300) {
@ -257,13 +257,7 @@ class FileController extends AbstractController
$id = intval(Request::input('id'));
$pid = intval(Request::input('pid'));
//
$file = File::whereId($id)->first();
if (empty($file)) {
return Base::retError('文件不存在或已被删除');
}
if ($file->userid != $user->userid) {
return Base::retError('仅限所有者操作');
}
$file = File::allowFind($id, 1000);
//
if ($pid > 0) {
if (!File::whereUserid($user->userid)->whereId($pid)->exists()) {
@ -293,9 +287,12 @@ class FileController extends AbstractController
*/
public function remove()
{
User::auth();
//
$id = intval(Request::input('id'));
//
$file = File::allowFind($id);
$file = File::allowFind($id, 1000);
//
$file->deleteFile();
return Base::retSuccess('删除成功', $file);
}
@ -337,7 +334,7 @@ class FileController extends AbstractController
$id = Base::getPostInt('id');
$content = Base::getPostValue('content');
//
$file = File::allowFind($id);
$file = File::allowFind($id, 1);
//
$text = '';
if ($file->type == 'document') {
@ -390,7 +387,7 @@ class FileController extends AbstractController
$key = Request::input('key');
$url = Request::input('url');
//
$file = File::allowFind($id);
$file = File::allowFind($id, 1);
//
if ($status === 2) {
$parse = parse_url($url);
@ -437,7 +434,7 @@ class FileController extends AbstractController
if (File::wherePid($pid)->count() >= 300) {
return Base::retError('每个文件夹里最多只能创建300个文件或文件夹');
}
$row = File::allowFind($pid, '主文件不存在');
$row = File::allowFind($pid, 1, '主文件不存在');
$userid = $row->userid;
} else {
if (File::whereUserid($user->userid)->wherePid(0)->count() >= 300) {
@ -651,16 +648,12 @@ class FileController extends AbstractController
*/
public function link()
{
$user = User::auth();
User::auth();
//
$id = intval(Request::input('id'));
$refresh = Request::input('refresh', 'no');
//
$file = File::allowFind($id);
//
if ($file->userid != $user->userid) {
return Base::retError('仅限所有者操作');
}
$file = File::allowFind($id, 1000);
if ($file->type == 'folder') {
return Base::retError('文件夹暂不支持此功能');
}

View File

@ -53,11 +53,19 @@ class File extends AbstractModel
/**
* 是否有访问权限
* @param $userid
* @param int $permission 要求权限: 0-访问权限、1-读写权限、1000-所有者
*/
public function exceAllow($userid)
public function exceAllow($userid, $permission = 0)
{
if ($this->chackAllow($userid) === -1) {
throw new ApiException('没有访问权限');
if ($this->chackAllow($userid) < $permission) {
if ($permission == 1000) {
$msg = '仅限所有者操作';
} elseif ($permission == 1) {
$msg = '没有读写权限';
} else {
$msg = '没有访问权限';
}
throw new ApiException($msg);
}
}
@ -66,13 +74,13 @@ class File extends AbstractModel
* 自己的文件夹
* 在指定共享成员内
* @param $userid
* @return int -1:没有权限0:只读1:读写
* @return int -1:没有权限0:访问权限1:读写权限1000:所有者
*/
public function chackAllow($userid)
{
if ($userid == $this->userid) {
// ① 自己的文件夹
return 1;
return 1000;
}
$row = $this->getShareInfo();
if ($row) {
@ -230,16 +238,17 @@ class File extends AbstractModel
/**
* 获取文件并检测权限
* @param $id
* @param null $noExistTis
* @param int $permission 要求权限: 0-访问权限、1-读写权限、1000-所有者
* @param null $noExistTis 文件不存在的描述
* @return File
*/
public static function allowFind($id, $noExistTis = null)
public static function allowFind($id, $permission = 0, $noExistTis = null)
{
$file = File::find($id);
if (empty($file)) {
throw new ApiException($noExistTis ?: '文件不存在或已被删除');
}
$file->exceAllow(User::userid());
$file->exceAllow(User::userid(), $permission);
return $file;
}
}

View File

@ -475,7 +475,7 @@ export default {
let {pid, files} = this;
let array = [];
while (pid > 0) {
let file = files.find(({id, allow}) => id == pid && allow !== -1);
let file = files.find(({id, allow}) => id == pid && allow > -1);
if (file) {
array.unshift(file);
pid = file.pid;