整理用户权限

.docker-compose/mysql/db/docker-entrypoint-initdb.d/init-db.sql

@@ -40,14 +40,14 @@ INSERT INTO t_user (
 ) SELECT
     1,
     'admin',
-    '管理员',
+    '站长',
     '',
     '[email protected]',
     '$2a$10$ofA39bAFMpYpIX/Xiz7jtOMH9JnPvYfPRlzHXqAtLPFpbE/cLdjmS',
     0,
     1555419028975,
     1555419028975,
-    '管理员',
+    'owner',
     0,
     '轻轻地我走了，正如我轻轻的来。'
 FROM

docs/guide.md

@@ -168,7 +168,7 @@ CREATE TABLE IF NOT EXISTS `t_user` (
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
 
 -- 初始化用户数据（用户名：admin、密码：123456）
-INSERT INTO `t_user`(`id`, `username`, `nickname`, `avatar`, `email`, `password`, `status`, `create_time`, `update_time`, `roles`, `type`, `description`) VALUES (1, 'admin', '管理员', '', '', '$2a$10$ofA39bAFMpYpIX/Xiz7jtOMH9JnPvYfPRlzHXqAtLPFpbE/cLdjmS', 0, 1555419028975, 1555419028975, '管理员', 0, '轻轻地我走了，正如我轻轻的来。');
+INSERT INTO `t_user`(`id`, `username`, `nickname`, `avatar`, `email`, `password`, `status`, `create_time`, `update_time`, `roles`, `type`, `description`) VALUES (1, 'admin', '管理员', '', '', '$2a$10$ofA39bAFMpYpIX/Xiz7jtOMH9JnPvYfPRlzHXqAtLPFpbE/cLdjmS', 0, 1555419028975, 1555419028975, 'owner', 0, '轻轻地我走了，正如我轻轻的来。');
 
 -- 初始化系统配置表
 CREATE TABLE IF NOT EXISTS `t_sys_config` (

server/controllers/api/article_controller.go

@@ -74,7 +74,7 @@ func (c *ArticleController) GetEditBy(articleId int64) *simple.JsonResult {
 	}
 
 	// 非作者、且非管理员
-	if article.UserId != user.Id && !services.UserService.HasAnyRole(user, model.ROLE_ADMIN, model.ROLE_MANAGER) {
+	if article.UserId != user.Id && !services.UserService.HasAnyRole(user, model.RoleAdmin, model.RoleOwner) {
 		return simple.JsonErrorMsg("无权限")
 	}
 
@@ -113,7 +113,7 @@ func (c *ArticleController) PostEditBy(articleId int64) *simple.JsonResult {
 	}
 
 	// 非作者、且非管理员
-	if article.UserId != user.Id && !services.UserService.HasAnyRole(user, model.ROLE_ADMIN, model.ROLE_MANAGER) {
+	if article.UserId != user.Id && !services.UserService.HasAnyRole(user, model.RoleAdmin, model.RoleOwner) {
 		return simple.JsonErrorMsg("无权限")
 	}
 
@@ -139,7 +139,7 @@ func (c *ArticleController) PostDeleteBy(articleId int64) *simple.JsonResult {
 	}
 
 	// 非作者、且非管理员
-	if article.UserId != user.Id && !services.UserService.HasAnyRole(user, model.ROLE_ADMIN, model.ROLE_MANAGER) {
+	if article.UserId != user.Id && !services.UserService.HasAnyRole(user, model.RoleAdmin, model.RoleOwner) {
 		return simple.JsonErrorMsg("无权限")
 	}
 

server/controllers/api/topic_controller.go

@@ -72,7 +72,7 @@ func (c *TopicController) GetEditBy(topicId int64) *simple.JsonResult {
 	}
 
 	// 非作者、且非管理员
-	if topic.UserId != user.Id && !services.UserService.HasAnyRole(user, model.ROLE_ADMIN, model.ROLE_MANAGER) {
+	if topic.UserId != user.Id && !services.UserService.HasAnyRole(user, model.RoleAdmin, model.RoleOwner) {
 		return simple.JsonErrorMsg("无权限")
 	}
 
@@ -106,7 +106,7 @@ func (c *TopicController) PostEditBy(topicId int64) *simple.JsonResult {
 	}
 
 	// 非作者、且非管理员
-	if topic.UserId != user.Id && !services.UserService.HasAnyRole(user, model.ROLE_ADMIN, model.ROLE_MANAGER) {
+	if topic.UserId != user.Id && !services.UserService.HasAnyRole(user, model.RoleAdmin, model.RoleOwner) {
 		return simple.JsonErrorMsg("无权限")
 	}
 
@@ -138,7 +138,7 @@ func (c *TopicController) PostDeleteBy(topicId int64) *simple.JsonResult {
 	}
 
 	// 非作者、且非管理员
-	if topic.UserId != user.Id && !services.UserService.HasAnyRole(user, model.ROLE_ADMIN, model.ROLE_MANAGER) {
+	if topic.UserId != user.Id && !services.UserService.HasAnyRole(user, model.RoleAdmin, model.RoleOwner) {
 		return simple.JsonErrorMsg("无权限")
 	}
 

server/middleware/api_auth_middleware.go

@@ -1,10 +1,10 @@
 package middleware
 
 import (
+	"bbs-go/services"
 	"github.com/kataras/iris/v12"
 	"github.com/mlogclub/simple"
 
-	"bbs-go/controllers/render"
 	"bbs-go/model"
 	"bbs-go/services/cache"
 )
@@ -26,8 +26,7 @@ func AdminAuth(ctx iris.Context) {
 	}
 
 	user := cache.UserCache.Get(userToken.UserId)
-	userInfo := render.BuildUser(user)
-	if userInfo == nil || !userInfo.HasRole(model.ROLE_ADMIN) {
+	if user == nil || !services.UserService.HasRole(user, model.RoleOwner) {
 		_, _ = ctx.JSON(simple.JsonErrorCode(2, "无权限"))
 		ctx.StopExecution()
 		return

server/model/constants.go

@@ -17,9 +17,9 @@ const (
 
 // 用户角色
 const (
-	ROLE_USER    = "用户"
-	ROLE_ADMIN   = "管理员"
-	ROLE_MANAGER = "副站长"
+	RoleOwner = "owner" // 站长
+	RoleAdmin = "admin" // 管理员
+	RoleUser  = "user"  // 用户
 )
 
 // 操作类型

site/common/UserHelper.js

@@ -23,12 +23,12 @@ class UserHelper {
     return false
   }
 
-  isAdmin(user) {
-    return this.hasRole(user, '管理员')
+  isOwner(user) {
+    return this.hasRole(user, 'owner')
   }
 
-  isManager(user) {
-    return this.hasRole(user, '副站长')
+  isAdmin(user) {
+    return this.hasRole(user, 'admin')
   }
 }
 

site/components/MyNav.vue

@@ -82,7 +82,7 @@
               <a class="navbar-item" href="/user/settings">
                 <i class="iconfont icon-username" />&nbsp;编辑资料
               </a>
-              <a v-if="isAdmin" class="navbar-item" href="/admin">
+              <a v-if="isOwner" class="navbar-item" href="/admin">
                 <i class="iconfont icon-dashboard" />&nbsp;后台管理
               </a>
               <a class="navbar-item" @click="signout">
@@ -105,6 +105,7 @@
 
 <script>
 import utils from '~/common/utils'
+import UserHelper from '~/common/UserHelper'
 import MsgNotice from '~/components/MsgNotice'
 
 export default {
@@ -120,18 +121,8 @@ export default {
     user() {
       return this.$store.state.user.current
     },
-    isAdmin() {
-      const user = this.$store.state.user.current
-      if (!user || !user.roles || user.roles.length === 0) {
-        return false
-      }
-      for (let i = 0; i < user.roles.length; i++) {
-        const role = user.roles[i]
-        if (role === '管理员') {
-          return true
-        }
-      }
-      return false
+    isOwner() {
+      return UserHelper.isOwner(this.user)
     },
     config() {
       return this.$store.state.config.config

site/middleware/authenticated.js

@@ -7,7 +7,7 @@ export default function(context) {
     return
   }
   if (isAdminUrl(context)) {
-    if (!UserHelper.isAdmin(user)) {
+    if (!UserHelper.isOwner(user)) {
       context.error({
         statusCode: 403,
         message: '403 forbidden'

site/pages/admin/settings/index.vue

@@ -87,10 +87,7 @@
               </el-form-item>
 
               <el-form-item label="发表文章审核">
-                <el-tooltip
-                  content="发布文章后是否开启管理员审核"
-                  placement="top"
-                >
+                <el-tooltip content="发布文章后是否开启审核" placement="top">
                   <el-switch v-model="config.articlePending"></el-switch>
                 </el-tooltip>
               </el-form-item>

site/pages/article/_id.vue

@@ -236,8 +236,8 @@ export default {
     hasPermission() {
       return (
         this.isOwner ||
-        UserHelper.isAdmin(this.user) ||
-        UserHelper.isManager(this.user)
+        UserHelper.isOwner(this.user) ||
+        UserHelper.isAdmin(this.user)
       )
     },
     isOwner() {

site/pages/topic/_id.vue

@@ -268,8 +268,8 @@ export default {
     hasPermission() {
       return (
         this.isOwner ||
-        UserHelper.isAdmin(this.user) ||
-        UserHelper.isManager(this.user)
+        UserHelper.isOwner(this.user) ||
+        UserHelper.isAdmin(this.user)
       )
     },
     isOwner() {