github/dootask
1
0
Fork 0
mirror of https://github.com/kuaifan/dootask.git synced 2025-12-13 20:12:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: 优化文件访问权限检查逻辑

Browse Source 
- 移除冗余的游客访问权限检查代码
- 简化用户认证逻辑,确保在文件不允许游客访问时强制用户登录
- 更新返回数据结构,移除不再使用的 is_guest_access 字段
This commit is contained in:
kuaifan 2025-09-24 19:00:07 +08:00
parent 4b45d5ca26
commit 068de0fa9f
1 changed files with 3 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
app/Http/Controllers/Api/FileController.php
View File

@ -74,8 +74,6 @@ class FileController extends AbstractController
$id = Request::input('id'); $id = Request::input('id');
// //
$permission = 0; $permission = 0;
$isGuestAccess = false;
if (Base::isNumber($id)) { if (Base::isNumber($id)) {
$user = User::auth(); $user = User::auth();
$file = File::permissionFind(intval($id), $user, 0, $permission); $file = File::permissionFind(intval($id), $user, 0, $permission);
@ -91,37 +89,9 @@ class FileController extends AbstractController
return Base::retError($msg, $data); return Base::retError($msg, $data);
} }
// 检查游客访问权限 // 如果文件不允许游客访问,则需要登录
$isGuestAccess = true;
// 尝试获取当前用户如果未登录则为null
$user = null;
$token = Base::token();
if ($token) {
try {
$user = User::auth();
} catch (\Exception $e) {
$user = null;
}
}
// 如果文件不允许游客访问且用户未登录,抛出登录异常
if (!$file->guest_access && !$user) {
throw new ApiException('请登录后继续...', [], -1);
}
// 如果用户已登录,检查用户是否有权限访问该文件
if ($user) {
try {
File::permissionFind($file->id, $user, 0, $permission);
} catch (\Exception $e) {
// 如果用户没有权限且文件不允许游客访问,抛出登录异常
if (!$file->guest_access) { if (!$file->guest_access) {
throw new ApiException('请登录后继续...', [], -1); User::auth();
}
// 否则作为游客访问
$permission = 0;
}
} }
$fileLink->increment("num"); $fileLink->increment("num");
@ -131,7 +101,6 @@ class FileController extends AbstractController
// //
$array = $file->toArray(); $array = $file->toArray();
$array['permission'] = $permission; $array['permission'] = $permission;
$array['is_guest_access'] = $isGuestAccess;
return Base::retSuccess('success', $array); return Base::retSuccess('success', $array);
} }