gdxz/hospital-admin-api
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

统一验证管理员

Browse Source
This commit is contained in:
wucongxing 2023-07-03 09:02:27 +08:00
parent b569249a6e
commit 80261cd9b2
2 changed files with 8 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
api/controller/user.go
View File

@ -187,19 +187,6 @@ func (r *User) PutUser(c *gin.Context) {
return return
} }
// 获取角色身份
roleService := service.RoleService{}
isAdmin, err := roleService.GetRoleIden(c)
if err != nil {
responses.FailWithMessage(err.Error(), c)
return
}
if !isAdmin {
responses.FailWithMessage("非管理员,无法操作", c)
return
}
// 业务处理 // 业务处理
userService := service.UserService{} userService := service.UserService{}
_, err = userService.PutUser(c, userId, UserRequest.PutUser) _, err = userService.PutUser(c, userId, UserRequest.PutUser)

8
api/service/user.go
View File

@ -221,6 +221,14 @@ func (r *UserService) PutUser(c *gin.Context, requestUserId int64, putUserReques
} }
adminRoleDao := dao.AdminRoleDao{} adminRoleDao := dao.AdminRoleDao{}
adminRole, err := adminRoleDao.GetAdminRoleFirstById(loginRoleId)
if err != nil || adminRole == nil {
return false, errors.New("非法操作")
}
if adminRole.IsAdmin == 0 && loginUserId != requestUserId {
return false, errors.New("普通用户只可修改自己的用户数据")
}
if putUserRequest.Access != adminUser.Access { if putUserRequest.Access != adminUser.Access {
// 检测账号名 // 检测账号名