调整管理员相关接口的权限
This commit is contained in:
parent
c98c73d787
commit
374fa5eb70
@ -33,7 +33,7 @@ class AccountController extends BaseController {
|
|||||||
async logout(req, res) {
|
async logout(req, res) {
|
||||||
return {}
|
return {}
|
||||||
}
|
}
|
||||||
@permission('admin:save')
|
@permission(['admin:edit', 'shopadmin:edit'])
|
||||||
@router('post /admin/save')
|
@router('post /admin/save')
|
||||||
async save(req) {
|
async save(req) {
|
||||||
const { id, username, password, roles, showname, sex, locked, department, level, avatar } = req.params
|
const { id, username, password, roles, showname, sex, locked, department, level, avatar } = req.params
|
||||||
@ -49,6 +49,7 @@ class AccountController extends BaseController {
|
|||||||
throw new ZError(10, 'account already exists')
|
throw new ZError(10, 'account already exists')
|
||||||
}
|
}
|
||||||
account = new Admin()
|
account = new Admin()
|
||||||
|
account.level = 9
|
||||||
}
|
}
|
||||||
if (username) {
|
if (username) {
|
||||||
if (ADMINS.indexOf(username) >= 0) {
|
if (ADMINS.indexOf(username) >= 0) {
|
||||||
@ -56,6 +57,10 @@ class AccountController extends BaseController {
|
|||||||
}
|
}
|
||||||
account.username = username
|
account.username = username
|
||||||
}
|
}
|
||||||
|
let admin = req.user
|
||||||
|
if (admin.level > account.level) {
|
||||||
|
throw new ZError(13, 'operate no permission')
|
||||||
|
}
|
||||||
account.roles = roles
|
account.roles = roles
|
||||||
if (password) {
|
if (password) {
|
||||||
account.updatePassword(password)
|
account.updatePassword(password)
|
||||||
@ -64,11 +69,16 @@ class AccountController extends BaseController {
|
|||||||
account.sex = sex || '0'
|
account.sex = sex || '0'
|
||||||
// 管理员不需要设置部门属性
|
// 管理员不需要设置部门属性
|
||||||
if (ADMINS.indexOf(username) < 0) {
|
if (ADMINS.indexOf(username) < 0) {
|
||||||
|
if (admin.level > 1) {
|
||||||
|
account.department = admin.department
|
||||||
|
} else {
|
||||||
account.department = department
|
account.department = department
|
||||||
}
|
}
|
||||||
if (level) {
|
|
||||||
account.level = level
|
|
||||||
}
|
}
|
||||||
|
if (level) {
|
||||||
|
account.level = Math.max(level, admin.level)
|
||||||
|
}
|
||||||
|
|
||||||
if (avatar) {
|
if (avatar) {
|
||||||
account.avatar = avatar
|
account.avatar = avatar
|
||||||
}
|
}
|
||||||
@ -87,14 +97,18 @@ class AccountController extends BaseController {
|
|||||||
return account.toJson()
|
return account.toJson()
|
||||||
}
|
}
|
||||||
|
|
||||||
@permission('admin:read')
|
@permission(['admin:read', 'shopadmin:read'])
|
||||||
@router('get /admins')
|
@router('get /admins')
|
||||||
async users(req) {
|
async users(req) {
|
||||||
const user = req.user
|
const user = req.user
|
||||||
|
let { dept } = req.params
|
||||||
let queryData: any = {deleted: false}
|
let queryData: any = {deleted: false}
|
||||||
if (!user.isSysAdmin()) {
|
if (!user.isSysAdmin()) {
|
||||||
queryData.show = true
|
queryData.show = true
|
||||||
}
|
}
|
||||||
|
if (dept) {
|
||||||
|
queryData.department = dept
|
||||||
|
}
|
||||||
let users = await Admin.find(queryData)
|
let users = await Admin.find(queryData)
|
||||||
return users.map(o => o.toJson())
|
return users.map(o => o.toJson())
|
||||||
}
|
}
|
||||||
@ -128,7 +142,7 @@ class AccountController extends BaseController {
|
|||||||
return result
|
return result
|
||||||
}
|
}
|
||||||
|
|
||||||
@permission('self:save')
|
@permission('self:edit')
|
||||||
@router('post /admin/:uid/passwd')
|
@router('post /admin/:uid/passwd')
|
||||||
async changePass(req) {
|
async changePass(req) {
|
||||||
let { uid, passwordOld, passwordNew } = req.params
|
let { uid, passwordOld, passwordNew } = req.params
|
||||||
@ -144,7 +158,7 @@ class AccountController extends BaseController {
|
|||||||
return account.toJson()
|
return account.toJson()
|
||||||
}
|
}
|
||||||
|
|
||||||
@permission('admin:save')
|
@permission(['admin:lock', 'shopadmin:lock'])
|
||||||
@router('post /admin/:uid/locker')
|
@router('post /admin/:uid/locker')
|
||||||
async changeLocked(req) {
|
async changeLocked(req) {
|
||||||
let { uid, lock } = req.params
|
let { uid, lock } = req.params
|
||||||
@ -152,7 +166,17 @@ class AccountController extends BaseController {
|
|||||||
if (!account) {
|
if (!account) {
|
||||||
throw new ZError(10, 'account not found')
|
throw new ZError(10, 'account not found')
|
||||||
}
|
}
|
||||||
|
let admin = req.user
|
||||||
const locker = isTrue(lock)
|
const locker = isTrue(lock)
|
||||||
|
if (admin.id === account.id && locker) {
|
||||||
|
throw new ZError(14, 'can not lock self')
|
||||||
|
}
|
||||||
|
if (admin.level > 1) {
|
||||||
|
if (admin.department !== account.department || account.level < admin.level ) {
|
||||||
|
throw new ZError(13, 'operate no permission')
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
account.locked = isTrue(locker)
|
account.locked = isTrue(locker)
|
||||||
if (locker) {
|
if (locker) {
|
||||||
account.lockTime = new Date()
|
account.lockTime = new Date()
|
||||||
@ -161,7 +185,7 @@ class AccountController extends BaseController {
|
|||||||
return account.toJson()
|
return account.toJson()
|
||||||
}
|
}
|
||||||
|
|
||||||
@permission('admin:delete')
|
@permission(['admin:delete', 'shopadmin:delete'])
|
||||||
@router('post /admin/:uid/delete')
|
@router('post /admin/:uid/delete')
|
||||||
async deleteAdmin(req: any) {
|
async deleteAdmin(req: any) {
|
||||||
let { uid } = req.params
|
let { uid } = req.params
|
||||||
@ -175,6 +199,15 @@ class AccountController extends BaseController {
|
|||||||
if (ADMINS.indexOf(account.username) >= 0) {
|
if (ADMINS.indexOf(account.username) >= 0) {
|
||||||
throw new ZError(12, 'can`t delete admin')
|
throw new ZError(12, 'can`t delete admin')
|
||||||
}
|
}
|
||||||
|
let admin = req.user
|
||||||
|
if (admin.id === account.id ) {
|
||||||
|
throw new ZError(14, 'can not delete self')
|
||||||
|
}
|
||||||
|
if (admin.level > 1) {
|
||||||
|
if (admin.department !== account.department || account.level < admin.level) {
|
||||||
|
throw new ZError(13, 'operate no permission')
|
||||||
|
}
|
||||||
|
}
|
||||||
account.deleted = true
|
account.deleted = true
|
||||||
account.deleteTime = new Date()
|
account.deleteTime = new Date()
|
||||||
await account.save()
|
await account.save()
|
||||||
|
@ -16,7 +16,7 @@ class RoleController extends BaseController {
|
|||||||
return role.toJson()
|
return role.toJson()
|
||||||
}
|
}
|
||||||
|
|
||||||
@permission('role:read')
|
@permission(['role:read', 'shopadmin:read'])
|
||||||
// @role('sysadmin')
|
// @role('sysadmin')
|
||||||
@router('get /roles')
|
@router('get /roles')
|
||||||
async roles(req) {
|
async roles(req) {
|
||||||
@ -25,6 +25,10 @@ class RoleController extends BaseController {
|
|||||||
if (!user.isSysAdmin()) {
|
if (!user.isSysAdmin()) {
|
||||||
queryData.show = true
|
queryData.show = true
|
||||||
}
|
}
|
||||||
|
const { level } = req.params
|
||||||
|
if (level != undefined) {
|
||||||
|
queryData.level = {$gte: level}
|
||||||
|
}
|
||||||
const records = await AdminRole.find(queryData)
|
const records = await AdminRole.find(queryData)
|
||||||
return records.map(o => o.toJson())
|
return records.map(o => o.toJson())
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user