From 2972da7a3b0b44642ea894e1d68906ab9d6d02e3 Mon Sep 17 00:00:00 2001
From: zhl <zhl010101@gmail.com>
Date: Sat, 8 May 2021 16:51:54 +0800
Subject: [PATCH] =?UTF-8?q?=E8=B0=83=E6=95=B4=E4=B8=80=E4=BA=9B=E6=8E=A5?=
 =?UTF-8?q?=E5=8F=A3=E7=9A=84=E6=9D=83=E9=99=90?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/admin/controllers/coupon.controller.ts | 12 +++++++++---
 src/admin/controllers/game.controller.ts   |  2 +-
 src/admin/controllers/shop.controller.ts   | 17 +++++++++++++++++
 3 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/src/admin/controllers/coupon.controller.ts b/src/admin/controllers/coupon.controller.ts
index 0e196c6..1ba3ee8 100644
--- a/src/admin/controllers/coupon.controller.ts
+++ b/src/admin/controllers/coupon.controller.ts
@@ -4,12 +4,18 @@ import { ZError } from '../../common/ZError'
 import { Coupon } from '../../models/shop/Coupon'
 
 class CouponController extends BaseController{
-  @permission('coupon:read')
+  @permission(['coupon:read', 'activity:edit'])
   @router('post /coupons')
   async list(req, res) {
     let { start, limit, page } = req.params
     limit = +limit || 10
     start = +start || (+page - 1) * limit|| 0
+    const admin = req.params
+    if (admin.level > 1 && req.params.shop) {
+      if (admin.department !== req.params.shop) {
+        throw new ZError(11, 'no permission to query')
+      }
+    }
     let { opt, sort } = Coupon.parseQueryParam(req.params)
     let articles = await Coupon.find(opt)
       .sort(sort)
@@ -39,7 +45,7 @@ class CouponController extends BaseController{
     return record.toJson()
   }
 
-  @permission('coupon:read')
+  @permission('coupon:edit')
   @router('post /coupon/save')
   async save(req: any) {
     let { _id } = req.params
@@ -55,7 +61,7 @@ class CouponController extends BaseController{
     await record.save()
     return record.toJson()
   }
-  @permission('coupon:read')
+  @permission('coupon:delete')
   @router('post /coupon/:id/delete')
   async delete(req: any) {
     let { id } = req.params
diff --git a/src/admin/controllers/game.controller.ts b/src/admin/controllers/game.controller.ts
index 3bf7f06..adfe7f9 100644
--- a/src/admin/controllers/game.controller.ts
+++ b/src/admin/controllers/game.controller.ts
@@ -4,7 +4,7 @@ import { ZError } from '../../common/ZError'
 import { Game } from '../../models/content/Game'
 
 class GameController extends BaseController{
-  @permission('game:read')
+  @permission(['game:read', 'shop:game_setting'])
   @router('post /games')
   async list(req, res) {
     let { start, limit, page } = req.params
diff --git a/src/admin/controllers/shop.controller.ts b/src/admin/controllers/shop.controller.ts
index dde1104..dc8b8d9 100644
--- a/src/admin/controllers/shop.controller.ts
+++ b/src/admin/controllers/shop.controller.ts
@@ -42,6 +42,23 @@ class ShopController extends BaseController {
     return record.toJson()
   }
 
+  @permission('self:read')
+  @router('get /myshop')
+  async detailSelf(req: any) {
+    let admin = req.user
+    if (admin.level === 1) {
+      throw new ZError(12, 'this api not for you')
+    }
+    if (!admin.department) {
+      throw new ZError(13, 'you account has no shop bind')
+    }
+    const record = await Shop.findById(admin.department)
+    if (!record) {
+      throw new ZError(11, 'shop not found')
+    }
+    return record.toJson()
+  }
+
   @permission('shop:edit')
   @router('post /shop/save')
   async save(req: any) {