From 5f0b858bafd35eb68f3b07e715d881945b133629 Mon Sep 17 00:00:00 2001 From: kuaifan Date: Sun, 19 Feb 2023 23:20:19 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E6=96=B0=E5=A2=9E=E4=B8=B4=E6=97=B6?= =?UTF-8?q?=E5=B8=90=E5=8F=B7=E5=8A=9F=E8=83=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/Http/Controllers/Api/DialogController.php | 2 +- app/Http/Controllers/Api/FileController.php | 49 ++++++++--------- app/Http/Controllers/Api/SystemController.php | 4 +- app/Http/Controllers/Api/UsersController.php | 11 ++++ app/Models/File.php | 27 +++++----- app/Models/User.php | 25 +++++++-- app/Models/WebSocketDialogMsg.php | 2 +- .../manage/components/TeamManagement.vue | 52 ++++++++++++++++++- .../setting/components/SystemSetting.vue | 17 ++++++ 9 files changed, 145 insertions(+), 44 deletions(-) diff --git a/app/Http/Controllers/Api/DialogController.php b/app/Http/Controllers/Api/DialogController.php index ad50fb525..fee31cb0e 100755 --- a/app/Http/Controllers/Api/DialogController.php +++ b/app/Http/Controllers/Api/DialogController.php @@ -862,7 +862,7 @@ class DialogController extends AbstractController return Base::retError("请选择转发对话或成员"); } // - $file = File::permissionFind($file_id); + $file = File::permissionFind($file_id, $user); $fileLink = $file->getShareLink($user->userid); $fileMsg = "~{$file->getNameAndExt()}"; // diff --git a/app/Http/Controllers/Api/FileController.php b/app/Http/Controllers/Api/FileController.php index 439d0e609..41de9c038 100755 --- a/app/Http/Controllers/Api/FileController.php +++ b/app/Http/Controllers/Api/FileController.php @@ -45,9 +45,10 @@ class FileController extends AbstractController $pid = intval($data['pid']); // $permission = 1000; + $userids = $user->isTemp() ? [$user->userid] : [0, $user->userid]; $builder = File::wherePid($pid); if ($pid > 0) { - File::permissionFind($pid, 0, $permission); + File::permissionFind($pid, $userids, 0, $permission); } else { $builder->whereUserid($user->userid); } @@ -66,7 +67,7 @@ class FileController extends AbstractController } $pid = $file->pid; $temp = $file->toArray(); - $temp['permission'] = $file->getPermission($user->userid); + $temp['permission'] = $file->getPermission($userids); $array[] = $temp; } // 去除没有权限的文件 @@ -92,9 +93,7 @@ class FileController extends AbstractController $list = File::select(["files.*", DB::raw("MAX({$pre}file_users.permission) as permission")]) ->join('file_users', 'files.id', '=', 'file_users.file_id') ->where('files.userid', '!=', $user->userid) - ->where(function ($query) use ($user) { - $query->whereIn('file_users.userid', [0, $user->userid]); - }) + ->whereIn('file_users.userid', $userids) ->groupBy('files.id') ->take(100) ->get(); @@ -135,8 +134,8 @@ class FileController extends AbstractController // $permission = 0; if (Base::isNumber($id)) { - User::auth(); - $file = File::permissionFind(intval($id), 0, $permission); + $user = User::auth(); + $file = File::permissionFind(intval($id), $user, 0, $permission); } elseif ($id) { $fileLink = FileLink::whereCode($id)->first(); $file = $fileLink?->file; @@ -239,7 +238,7 @@ class FileController extends AbstractController // if ($id > 0) { // 修改 - $file = File::permissionFind($id, 1); + $file = File::permissionFind($id, $user, 1); // $file->name = $name; $file->handleDuplicateName(); @@ -282,7 +281,7 @@ class FileController extends AbstractController if (File::wherePid($pid)->count() >= 300) { return Base::retError('每个文件夹里最多只能创建300个文件或文件夹'); } - $row = File::permissionFind($pid, 1); + $row = File::permissionFind($pid, $user, 1); $userid = $row->userid; } else { if (File::whereUserid($user->userid)->wherePid(0)->count() >= 300) { @@ -327,7 +326,7 @@ class FileController extends AbstractController // $id = intval(Request::input('id')); // - $row = File::permissionFind($id); + $row = File::permissionFind($id, $user); // $userid = $user->userid; if ($row->pid > 0) { @@ -397,14 +396,14 @@ class FileController extends AbstractController } $toShareFile = false; if ($pid > 0) { - $tmpFile = File::permissionFind($pid, 1); + $tmpFile = File::permissionFind($pid, $user, 1); $toShareFile = $tmpFile->getShareInfo(); } // $files = []; AbstractModel::transaction(function() use ($user, $pid, $ids, $toShareFile, &$files) { foreach ($ids as $id) { - $file = File::permissionFind($id, 1000); + $file = File::permissionFind($id, $user, 1000); // if ($pid > 0) { if ($toShareFile) { @@ -458,7 +457,7 @@ class FileController extends AbstractController */ public function remove() { - User::auth(); + $user = User::auth(); // $ids = Request::input('ids'); // @@ -470,9 +469,9 @@ class FileController extends AbstractController } // $files = []; - AbstractModel::transaction(function() use ($ids, &$files) { + AbstractModel::transaction(function() use ($user, $ids, &$files) { foreach ($ids as $id) { - $file = File::permissionFind($id, 1000); + $file = File::permissionFind($id, $user, 1000); $file->deleteFile(); $files[] = $file; } @@ -513,8 +512,8 @@ class FileController extends AbstractController $history_id = intval(Request::input('history_id')); // if (Base::isNumber($id)) { - User::auth(); - $file = File::permissionFind(intval($id)); + $user = User::auth(); + $file = File::permissionFind(intval($id), $user); } elseif ($id) { $fileLink = FileLink::whereCode($id)->first(); $file = $fileLink?->file; @@ -566,7 +565,7 @@ class FileController extends AbstractController $id = Base::getPostInt('id'); $content = Base::getPostValue('content'); // - $file = File::permissionFind($id, 1); + $file = File::permissionFind($id, $user, 1); // $text = ''; if ($file->type == 'document') { @@ -659,7 +658,7 @@ class FileController extends AbstractController $key = Request::input('key'); $url = Request::input('url'); // - $file = File::permissionFind($id, 1); + $file = File::permissionFind($id, $user, 1); // if ($status === 2) { $parse = parse_url($url); @@ -717,7 +716,7 @@ class FileController extends AbstractController if (File::wherePid($pid)->count() >= 300) { return Base::retError('每个文件夹里最多只能创建300个文件或文件夹'); } - $row = File::permissionFind($pid, 1); + $row = File::permissionFind($pid, $user, 1); $userid = $row->userid; } else { if (File::whereUserid($user->userid)->wherePid(0)->count() >= 300) { @@ -863,9 +862,11 @@ class FileController extends AbstractController */ public function content__history() { + $user = User::auth(); + // $id = Request::input('id'); // - $file = File::permissionFind(intval($id)); + $file = File::permissionFind(intval($id), $user); // $data = FileContent::select(['id', 'size', 'userid', 'created_at']) ->whereFid($file->id) @@ -896,7 +897,7 @@ class FileController extends AbstractController $id = intval(Request::input('id')); $history_id = intval(Request::input('history_id')); // - $file = File::permissionFind($id); + $file = File::permissionFind($id, $user); // $history = FileContent::whereFid($file->id)->whereId($history_id)->first(); if (empty($history)) { @@ -1060,7 +1061,7 @@ class FileController extends AbstractController // $id = intval(Request::input('id')); // - $file = File::permissionFind($id); + $file = File::permissionFind($id, $user); // if ($file->userid == $user->userid) { return Base::retError('不能退出自己共享的文件'); @@ -1098,7 +1099,7 @@ class FileController extends AbstractController $id = intval(Request::input('id')); $refresh = Request::input('refresh', 'no'); // - $file = File::permissionFind($id); + $file = File::permissionFind($id, $user); $fileLink = $file->getShareLink($user->userid, $refresh == 'yes'); // return Base::retSuccess('success', $fileLink); diff --git a/app/Http/Controllers/Api/SystemController.php b/app/Http/Controllers/Api/SystemController.php index 6dbabce35..640d0d0be 100755 --- a/app/Http/Controllers/Api/SystemController.php +++ b/app/Http/Controllers/Api/SystemController.php @@ -41,7 +41,7 @@ class SystemController extends AbstractController * @apiParam {String} type * - get: 获取(默认) * - all: 获取所有(需要管理员权限) - * - save: 保存设置(参数:['reg', 'reg_invite', 'login_code', 'password_policy', 'project_invite', 'chat_information', 'auto_archived', 'archived_day', 'all_group_mute', 'all_group_autoin', 'start_home', 'home_footer']) + * - save: 保存设置(参数:['reg', 'reg_identity', 'reg_invite', 'login_code', 'password_policy', 'project_invite', 'chat_information', 'auto_archived', 'archived_day', 'all_group_mute', 'all_group_autoin', 'start_home', 'home_footer']) * @apiSuccess {Number} ret 返回状态码(1正确、0错误) * @apiSuccess {String} msg 返回信息(错误描述) @@ -59,6 +59,7 @@ class SystemController extends AbstractController foreach ($all AS $key => $value) { if (!in_array($key, [ 'reg', + 'reg_identity', 'reg_invite', 'login_code', 'password_policy', @@ -95,6 +96,7 @@ class SystemController extends AbstractController } // $setting['reg'] = $setting['reg'] ?: 'open'; + $setting['reg_identity'] = $setting['reg_identity'] ?: 'normal'; $setting['login_code'] = $setting['login_code'] ?: 'auto'; $setting['password_policy'] = $setting['password_policy'] ?: 'simple'; $setting['project_invite'] = $setting['project_invite'] ?: 'open'; diff --git a/app/Http/Controllers/Api/UsersController.php b/app/Http/Controllers/Api/UsersController.php index 86e901f5a..b47ab604f 100755 --- a/app/Http/Controllers/Api/UsersController.php +++ b/app/Http/Controllers/Api/UsersController.php @@ -699,6 +699,8 @@ class UsersController extends AbstractController * @apiParam {String} [type] 操作 * - setadmin 设为管理员 * - clearadmin 取消管理员 + * - settemp 设为临时帐号 + * - cleartemp 取消临时身份(取消临时帐号) * - checkin_macs 修改自动签到mac地址(需要参数 checkin_macs) * - department 修改部门(需要参数 department) * - setdisable 设为离职(需要参数 disable_time、transfer_userid) @@ -746,6 +748,15 @@ class UsersController extends AbstractController $upArray['identity'] = array_diff($userInfo->identity, ['admin']); break; + case 'settemp': + $upArray['identity'] = array_diff($userInfo->identity, ['temp']); + $upArray['identity'][] = 'temp'; + break; + + case 'cleartemp': + $upArray['identity'] = array_diff($userInfo->identity, ['temp']); + break; + case 'checkin_macs': $list = is_array($data['checkin_macs']) ? $data['checkin_macs'] : []; $array = []; diff --git a/app/Models/File.php b/app/Models/File.php index a28a8e8e8..36ae70102 100644 --- a/app/Models/File.php +++ b/app/Models/File.php @@ -96,21 +96,18 @@ class File extends AbstractModel /** * 是否有访问权限 - * @param $userid + * @param array $userids * @return int -1:没有权限,0:访问权限,1:读写权限,1000:所有者或创建者 */ - public function getPermission($userid) + public function getPermission(array $userids) { - if ($userid == $this->userid || $userid == $this->created_id) { + if (in_array($this->userid, $userids) || in_array($this->created_id, $userids)) { // ① 自己的文件夹 或 自己创建的文件夹 return 1000; } $row = $this->getShareInfo(); if ($row) { - $fileUser = FileUser::whereFileId($row->id)->where(function ($query) use ($userid) { - $query->where('userid', 0); - $query->orWhere('userid', $userid); - })->orderByDesc('permission')->first(); + $fileUser = FileUser::whereFileId($row->id)->whereIn('userid', $userids)->orderByDesc('permission')->first(); if ($fileUser) { // ② 在指定共享成员内 return $fileUser->permission; @@ -411,19 +408,25 @@ class File extends AbstractModel /** * 获取文件并检测权限 - * @param $id - * @param int $limit 要求权限: 0-访问权限、1-读写权限、1000-所有者或创建者 - * @param $permission + * @param int $id + * @param User|array|int $user 要求权限的用户,如:[0, 1] + * @param int $limit 要求权限: 0-访问权限、1-读写权限、1000-所有者或创建者 + * @param int $permission * @return File */ - public static function permissionFind($id, $limit = 0, &$permission = -1) + public static function permissionFind(int $id, $user, int $limit = 0, int &$permission = -1) { $file = File::find($id); if (empty($file)) { throw new ApiException('文件不存在或已被删除'); } // - $permission = $file->getPermission(User::userid()); + if ($user instanceof User) { + $userids = $user->isTemp() ? [$user->userid] : [0, $user->userid]; + } else { + $userids = is_array($user) ? $user : [$user]; + } + $permission = $file->getPermission($userids); if ($permission < $limit) { $msg = match ($limit) { 1000 => '仅限所有者或创建者操作', diff --git a/app/Models/User.php b/app/Models/User.php index afec671b4..67aa801f2 100644 --- a/app/Models/User.php +++ b/app/Models/User.php @@ -179,6 +179,15 @@ class User extends AbstractModel return in_array('ldap', $this->identity); } + /** + * 返回是否临时帐号 + * @return bool + */ + public function isTemp() + { + return in_array('temp', $this->identity); + } + /** * 判断是否管理员 */ @@ -260,7 +269,7 @@ class User extends AbstractModel */ public static function reg($email, $password, $other = []) { - //邮箱 + // 邮箱 if (!Base::isEmail($email)) { throw new ApiException('请输入正确的邮箱地址'); } @@ -273,9 +282,9 @@ class User extends AbstractModel } throw new ApiException('邮箱地址已存在'); } - //密码 + // 密码 self::passwordPolicy($password); - //开始注册 + // 开始注册 $encrypt = Base::generatePassword(6); $inArray = [ 'encrypt' => $encrypt, @@ -290,8 +299,16 @@ class User extends AbstractModel $user->az = Base::getFirstCharter($user->nickname); $user->pinyin = Base::cn2pinyin($user->nickname); if ($user->save()) { + $setting = Base::setting('system'); + $reg_identity = $setting['reg_identity'] ?: 'normal'; + $all_group_autoin = $setting['all_group_autoin'] ?: 'yes'; + // 注册临时身份 + if ($reg_identity === 'temp') { + $user->identity = Base::arrayImplode(array_merge(array_diff($user->identity, ['temp']), ['temp'])); + $user->save(); + } // 加入全员群组 - if (Base::settingFind('system', 'all_group_autoin', 'yes') === 'yes') { + if ($all_group_autoin === 'yes') { $dialog = WebSocketDialog::whereGroupType('all')->orderByDesc('id')->first(); $dialog?->joinGroup($user->userid, 0); } diff --git a/app/Models/WebSocketDialogMsg.php b/app/Models/WebSocketDialogMsg.php index 11eb42ab3..d34e4994c 100644 --- a/app/Models/WebSocketDialogMsg.php +++ b/app/Models/WebSocketDialogMsg.php @@ -677,7 +677,7 @@ class WebSocketDialogMsg extends AbstractModel $keyId = $matchId[1]; if ($matchChar[1] === "~") { if (Base::isNumber($keyId)) { - $file = File::permissionFind($keyId); + $file = File::permissionFind($keyId, User::auth()); if ($file->type == 'folder') { throw new ApiException('文件夹不支持分享'); } diff --git a/resources/assets/js/pages/manage/components/TeamManagement.vue b/resources/assets/js/pages/manage/components/TeamManagement.vue index 15c114697..a7e1d51ba 100644 --- a/resources/assets/js/pages/manage/components/TeamManagement.vue +++ b/resources/assets/js/pages/manage/components/TeamManagement.vue @@ -76,6 +76,8 @@ + + @@ -329,7 +331,7 @@ export default { { title: this.$L('邮箱'), key: 'email', - minWidth: 100, + minWidth: 160, render: (h, {row}) => { const arr = [h('AutoTip', row.email)]; const {email_verity, identity, disable_at} = row; @@ -354,6 +356,13 @@ export default { } }, this.$L('管理员'))) } + if (identity.includes("temp")) { + arr.push(h('Tag', { + props: { + color: 'success' + } + }, this.$L('临时'))) + } if (identity.includes("disable")) { arr.push(h('Tooltip', { props: { @@ -505,6 +514,21 @@ export default { }, [h('div', this.$L('设为管理员'))])); } + + if (identity.includes('temp')) { + dropdownItems.push(h('EDropdownItem', { + props: { + command: 'cleartemp', + }, + }, [h('div', this.$L('取消临时身份'))])); + } else { + dropdownItems.push(h('EDropdownItem', { + props: { + command: 'settemp', + }, + }, [h('div', this.$L('设为临时帐号'))])); + } + dropdownItems.push(h('EDropdownItem', { props: { command: 'email', @@ -793,6 +817,32 @@ export default { dropUser(name, row) { switch (name) { + case 'settemp': + $A.modalConfirm({ + content: `你确定将【ID:${row.userid},${row.nickname}】设为临时帐号吗?(注:临时帐号限制请查看系统设置)`, + loading: true, + onOk: () => { + return this.operationUser({ + userid: row.userid, + type: name + }); + } + }); + break; + + case 'cleartemp': + $A.modalConfirm({ + content: `你确定取消【ID:${row.userid},${row.nickname}】临时身份吗?`, + loading: true, + onOk: () => { + return this.operationUser({ + userid: row.userid, + type: name + }); + } + }); + break; + case 'email': $A.modalInput({ title: "修改邮箱", diff --git a/resources/assets/js/pages/manage/setting/components/SystemSetting.vue b/resources/assets/js/pages/manage/setting/components/SystemSetting.vue index 0af6463cb..daec72d2c 100644 --- a/resources/assets/js/pages/manage/setting/components/SystemSetting.vue +++ b/resources/assets/js/pages/manage/setting/components/SystemSetting.vue @@ -15,6 +15,21 @@ + + + {{$L('正常帐号')}} + {{$L('临时帐号')}} + +
+

{{$L('临时帐号')}}:

+
    +
  1. {{$L('禁止查看共享所有人的文件。')}}
    2. +
  2. {{$L('禁止发起会话。')}}
    3. +
  3. {{$L('禁止创建群聊。')}}
    4. +
  4. {{$L('禁止拨打电话。')}}
    5. +
+
+ {{$L('自动')}} @@ -22,6 +37,8 @@ {{$L('关闭')}}
{{$L('自动:密码输入错误后必须添加验证码。')}}
+
{{$L('开启:每次登录都需要图形验证码。')}}
+
{{$L('关闭:不需要输入图形验证。')}}