node/corgi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

调整一些接口的权限

Browse Source
This commit is contained in:
zhl 2021-05-08 16:51:54 +08:00
parent 374fa5eb70
commit 2972da7a3b
3 changed files with 27 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/admin/controllers/coupon.controller.ts
View File

@ -4,12 +4,18 @@ import { ZError } from '../../common/ZError'
import { Coupon } from '../../models/shop/Coupon' import { Coupon } from '../../models/shop/Coupon'
class CouponController extends BaseController{ class CouponController extends BaseController{
@permission('coupon:read') @permission(['coupon:read', 'activity:edit'])
@router('post /coupons') @router('post /coupons')
async list(req, res) { async list(req, res) {
let { start, limit, page } = req.params let { start, limit, page } = req.params
limit = +limit || 10 limit = +limit || 10
start = +start || (+page - 1) * limit|| 0 start = +start || (+page - 1) * limit|| 0
const admin = req.params
if (admin.level > 1 && req.params.shop) {
if (admin.department !== req.params.shop) {
throw new ZError(11, 'no permission to query')
}
}
let { opt, sort } = Coupon.parseQueryParam(req.params) let { opt, sort } = Coupon.parseQueryParam(req.params)
let articles = await Coupon.find(opt) let articles = await Coupon.find(opt)
.sort(sort) .sort(sort)
@ -39,7 +45,7 @@ class CouponController extends BaseController{
return record.toJson() return record.toJson()
} }
@permission('coupon:read') @permission('coupon:edit')
@router('post /coupon/save') @router('post /coupon/save')
async save(req: any) { async save(req: any) {
let { _id } = req.params let { _id } = req.params
@ -55,7 +61,7 @@ class CouponController extends BaseController{
await record.save() await record.save()
return record.toJson() return record.toJson()
} }
@permission('coupon:read') @permission('coupon:delete')
@router('post /coupon/:id/delete') @router('post /coupon/:id/delete')
async delete(req: any) { async delete(req: any) {
let { id } = req.params let { id } = req.params

2
src/admin/controllers/game.controller.ts
View File

@ -4,7 +4,7 @@ import { ZError } from '../../common/ZError'
import { Game } from '../../models/content/Game' import { Game } from '../../models/content/Game'
class GameController extends BaseController{ class GameController extends BaseController{
@permission('game:read') @permission(['game:read', 'shop:game_setting'])
@router('post /games') @router('post /games')
async list(req, res) { async list(req, res) {
let { start, limit, page } = req.params let { start, limit, page } = req.params

17
src/admin/controllers/shop.controller.ts
View File

@ -42,6 +42,23 @@ class ShopController extends BaseController {
return record.toJson() return record.toJson()
} }
@permission('self:read')
@router('get /myshop')
async detailSelf(req: any) {
let admin = req.user
if (admin.level === 1) {
throw new ZError(12, 'this api not for you')
}
if (!admin.department) {
throw new ZError(13, 'you account has no shop bind')
}
const record = await Shop.findById(admin.department)
if (!record) {
throw new ZError(11, 'shop not found')
}
return record.toJson()
}
@permission('shop:edit') @permission('shop:edit')
@router('post /shop/save') @router('post /shop/save')
async save(req: any) { async save(req: any) {