feature: builtin metric_view can be modified by admin

2022-04-27 10:51:12 +08:00 · 2022-04-27 10:51:12 +08:00 · 882952de3e
parent 279bec6eaa
commit 882952de3e
3 changed files with 37 additions and 17 deletions
--- a/src/models/metric_view.go
+++ b/src/models/metric_view.go
@ -44,11 +44,10 @@ func (v *MetricView) Add() error {
 	now := time.Now().Unix()
 	v.CreateAt = now
 	v.UpdateAt = now
-	v.Cate = 1
 	return Insert(v)
 }

-func (v *MetricView) Update(name, configs string) error {
+func (v *MetricView) Update(name, configs string, cate int) error {
 	if err := v.Verify(); err != nil {
 		return err
 	}
@ -56,17 +55,22 @@ func (v *MetricView) Update(name, configs string) error {
 	v.UpdateAt = time.Now().Unix()
 	v.Name = name
 	v.Configs = configs
+	v.Cate = cate

-	return DB().Model(v).Select("name", "configs", "update_at").Updates(v).Error
+	return DB().Model(v).Select("name", "configs", "cate", "update_at").Updates(v).Error
 }

 // MetricViewDel: userid for safe delete
-func MetricViewDel(ids []int64, createBy interface{}) error {
+func MetricViewDel(ids []int64, createBy ...interface{}) error {
 	if len(ids) == 0 {
 		return nil
 	}

-	return DB().Where("id in ? and create_by = ?", ids, createBy).Delete(new(MetricView)).Error
+	if len(createBy) > 0 {
+		return DB().Where("id in ? and create_by = ?", ids, createBy[0]).Delete(new(MetricView)).Error
+	}
+
+	return DB().Where("id in ?", ids).Delete(new(MetricView)).Error
 }

 func MetricViewGets(createBy interface{}) ([]MetricView, error) {
--- a/src/webapi/router/router.go
+++ b/src/webapi/router/router.go
@ -136,9 +136,9 @@ func configRoute(r *gin.Engine, version string) {
 		pages.DELETE("/user/:id", jwtAuth(), admin(), userDel)

 		pages.GET("/metric-views", jwtAuth(), metricViewGets)
-		pages.DELETE("/metric-views", jwtAuth(), metricViewDel)
-		pages.POST("/metric-views", jwtAuth(), metricViewAdd)
-		pages.PUT("/metric-views", jwtAuth(), metricViewPut)
+		pages.DELETE("/metric-views", jwtAuth(), user(), metricViewDel)
+		pages.POST("/metric-views", jwtAuth(), user(), metricViewAdd)
+		pages.PUT("/metric-views", jwtAuth(), user(), metricViewPut)

 		pages.GET("/user-groups", jwtAuth(), user(), userGroupGets)
 		pages.POST("/user-groups", jwtAuth(), user(), perm("/user-groups/add"), userGroupAdd)
--- a/src/webapi/router/router_metric_view.go
+++ b/src/webapi/router/router_metric_view.go
@ -14,13 +14,19 @@ func metricViewGets(c *gin.Context) {
 	ginx.NewRender(c).Data(lst, err)
 }

-// body: name, configs
+// body: name, configs, cate
 func metricViewAdd(c *gin.Context) {
 	var f models.MetricView
 	ginx.BindJSON(c, &f)

+	me := c.MustGet("user").(*models.User)
+	if !me.IsAdmin() {
+		// 管理员可以选择当前这个视图是公开呢，还是私有，普通用户的话就只能是私有的
+		f.Cate = 1
+	}
+
 	f.Id = 0
-	f.CreateBy = c.MustGet("userid").(int64)
+	f.CreateBy = me.Id

 	ginx.Dangerous(f.Add())

@ -32,10 +38,15 @@ func metricViewDel(c *gin.Context) {
 	var f idsForm
 	ginx.BindJSON(c, &f)

-	ginx.NewRender(c).Message(models.MetricViewDel(f.Ids, c.MustGet("userid")))
+	me := c.MustGet("user").(*models.User)
+	if me.IsAdmin() {
+		ginx.NewRender(c).Message(models.MetricViewDel(f.Ids))
+	} else {
+		ginx.NewRender(c).Message(models.MetricViewDel(f.Ids, me.Id))
+	}
 }

-// body: id, name, configs
+// body: id, name, configs, cate
 func metricViewPut(c *gin.Context) {
 	var f models.MetricView
 	ginx.BindJSON(c, &f)
@ -48,11 +59,16 @@ func metricViewPut(c *gin.Context) {
 		return
 	}

-	userid := c.MustGet("userid").(int64)
-	if view.CreateBy != userid {
-		ginx.NewRender(c, http.StatusForbidden).Message("forbidden")
-		return
+	me := c.MustGet("user").(*models.User)
+	if !me.IsAdmin() {
+		f.Cate = 1
+
+		// 如果是普通用户，只能修改自己的
+		if view.CreateBy != me.Id {
+			ginx.NewRender(c, http.StatusForbidden).Message("forbidden")
+			return
+		}
 	}

-	ginx.NewRender(c).Message(view.Update(f.Name, f.Configs))
+	ginx.NewRender(c).Message(view.Update(f.Name, f.Configs, f.Cate))
 }