From 6c67ff3fe88c4b8ac6dbe41daa73df2858f87a11 Mon Sep 17 00:00:00 2001 From: kuaifan Date: Wed, 29 Dec 2021 21:57:23 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E5=8F=AA=E8=AF=BB=E6=96=87=E4=BB=B6?= =?UTF-8?q?=E4=B9=9F=E8=83=BD=E4=BF=AE=E6=94=B9=E6=96=87=E4=BB=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/Http/Controllers/Api/FileController.php | 31 ++++++++------------- app/Models/File.php | 25 +++++++++++------ resources/assets/js/pages/manage/file.vue | 2 +- 3 files changed, 30 insertions(+), 28 deletions(-) diff --git a/app/Http/Controllers/Api/FileController.php b/app/Http/Controllers/Api/FileController.php index c4ae6534..a3fe123c 100755 --- a/app/Http/Controllers/Api/FileController.php +++ b/app/Http/Controllers/Api/FileController.php @@ -146,7 +146,7 @@ class FileController extends AbstractController // if ($id > 0) { // 修改 - $file = File::allowFind($id); + $file = File::allowFind($id, 1); // $file->name = $name; $file->save(); @@ -180,7 +180,7 @@ class FileController extends AbstractController if (File::wherePid($pid)->count() >= 300) { return Base::retError('每个文件夹里最多只能创建300个文件或文件夹'); } - $row = File::allowFind($pid, '主文件不存在'); + $row = File::allowFind($pid, 1, '主文件不存在'); $userid = $row->userid; } else { if (File::whereUserid($user->userid)->wherePid(0)->count() >= 300) { @@ -257,13 +257,7 @@ class FileController extends AbstractController $id = intval(Request::input('id')); $pid = intval(Request::input('pid')); // - $file = File::whereId($id)->first(); - if (empty($file)) { - return Base::retError('文件不存在或已被删除'); - } - if ($file->userid != $user->userid) { - return Base::retError('仅限所有者操作'); - } + $file = File::allowFind($id, 1000); // if ($pid > 0) { if (!File::whereUserid($user->userid)->whereId($pid)->exists()) { @@ -293,9 +287,12 @@ class FileController extends AbstractController */ public function remove() { + User::auth(); + // $id = intval(Request::input('id')); // - $file = File::allowFind($id); + $file = File::allowFind($id, 1000); + // $file->deleteFile(); return Base::retSuccess('删除成功', $file); } @@ -337,7 +334,7 @@ class FileController extends AbstractController $id = Base::getPostInt('id'); $content = Base::getPostValue('content'); // - $file = File::allowFind($id); + $file = File::allowFind($id, 1); // $text = ''; if ($file->type == 'document') { @@ -390,7 +387,7 @@ class FileController extends AbstractController $key = Request::input('key'); $url = Request::input('url'); // - $file = File::allowFind($id); + $file = File::allowFind($id, 1); // if ($status === 2) { $parse = parse_url($url); @@ -437,7 +434,7 @@ class FileController extends AbstractController if (File::wherePid($pid)->count() >= 300) { return Base::retError('每个文件夹里最多只能创建300个文件或文件夹'); } - $row = File::allowFind($pid, '主文件不存在'); + $row = File::allowFind($pid, 1, '主文件不存在'); $userid = $row->userid; } else { if (File::whereUserid($user->userid)->wherePid(0)->count() >= 300) { @@ -651,16 +648,12 @@ class FileController extends AbstractController */ public function link() { - $user = User::auth(); + User::auth(); // $id = intval(Request::input('id')); $refresh = Request::input('refresh', 'no'); // - $file = File::allowFind($id); - // - if ($file->userid != $user->userid) { - return Base::retError('仅限所有者操作'); - } + $file = File::allowFind($id, 1000); if ($file->type == 'folder') { return Base::retError('文件夹暂不支持此功能'); } diff --git a/app/Models/File.php b/app/Models/File.php index e1ba6752..4cd8b777 100644 --- a/app/Models/File.php +++ b/app/Models/File.php @@ -53,11 +53,19 @@ class File extends AbstractModel /** * 是否有访问权限 * @param $userid + * @param int $permission 要求权限: 0-访问权限、1-读写权限、1000-所有者 */ - public function exceAllow($userid) + public function exceAllow($userid, $permission = 0) { - if ($this->chackAllow($userid) === -1) { - throw new ApiException('没有访问权限'); + if ($this->chackAllow($userid) < $permission) { + if ($permission == 1000) { + $msg = '仅限所有者操作'; + } elseif ($permission == 1) { + $msg = '没有读写权限'; + } else { + $msg = '没有访问权限'; + } + throw new ApiException($msg); } } @@ -66,13 +74,13 @@ class File extends AbstractModel * ① 自己的文件夹 * ② 在指定共享成员内 * @param $userid - * @return int -1:没有权限,0:只读,1:读写 + * @return int -1:没有权限,0:访问权限,1:读写权限,1000:所有者 */ public function chackAllow($userid) { if ($userid == $this->userid) { // ① 自己的文件夹 - return 1; + return 1000; } $row = $this->getShareInfo(); if ($row) { @@ -230,16 +238,17 @@ class File extends AbstractModel /** * 获取文件并检测权限 * @param $id - * @param null $noExistTis + * @param int $permission 要求权限: 0-访问权限、1-读写权限、1000-所有者 + * @param null $noExistTis 文件不存在的描述 * @return File */ - public static function allowFind($id, $noExistTis = null) + public static function allowFind($id, $permission = 0, $noExistTis = null) { $file = File::find($id); if (empty($file)) { throw new ApiException($noExistTis ?: '文件不存在或已被删除'); } - $file->exceAllow(User::userid()); + $file->exceAllow(User::userid(), $permission); return $file; } } diff --git a/resources/assets/js/pages/manage/file.vue b/resources/assets/js/pages/manage/file.vue index 71d924ca..375b73d7 100644 --- a/resources/assets/js/pages/manage/file.vue +++ b/resources/assets/js/pages/manage/file.vue @@ -475,7 +475,7 @@ export default { let {pid, files} = this; let array = []; while (pid > 0) { - let file = files.find(({id, allow}) => id == pid && allow !== -1); + let file = files.find(({id, allow}) => id == pid && allow > -1); if (file) { array.unshift(file); pid = file.pid;