feature: builtin metric_view can be modified by admin

2022-04-27 10:51:12 +08:00 · 2022-04-27 10:51:12 +08:00 · 882952de3e
parent 279bec6eaa
commit 882952de3e
3 changed files with 37 additions and 17 deletions
--- a/src/models/metric_view.go
+++ b/src/models/metric_view.go
@ -44,11 +44,10 @@ func (v *MetricView) Add() error {
 	now := time.Now().Unix()
 	v.CreateAt = now
 	v.UpdateAt = now
 	v.Cate = 1
 	return Insert(v)
 }
-func (v *MetricView) Update(name, configs string) error {
+func (v *MetricView) Update(name, configs string, cate int) error {
 	if err := v.Verify(); err != nil {
 		return err
 	}
@ -56,17 +55,22 @@ func (v *MetricView) Update(name, configs string) error {
 	v.UpdateAt = time.Now().Unix()
 	v.Name = name
 	v.Configs = configs
 	v.Cate = cate
-	return DB().Model(v).Select("name", "configs", "update_at").Updates(v).Error
+	return DB().Model(v).Select("name", "configs", "cate", "update_at").Updates(v).Error
 }
 // MetricViewDel: userid for safe delete
-func MetricViewDel(ids []int64, createBy interface{}) error {
+func MetricViewDel(ids []int64, createBy ...interface{}) error {
 	if len(ids) == 0 {
 		return nil
 	}
-	return DB().Where("id in ? and create_by = ?", ids, createBy).Delete(new(MetricView)).Error
+	if len(createBy) > 0 {
 		return DB().Where("id in ? and create_by = ?", ids, createBy[0]).Delete(new(MetricView)).Error
 	}
 	return DB().Where("id in ?", ids).Delete(new(MetricView)).Error
 }
 func MetricViewGets(createBy interface{}) ([]MetricView, error) {
--- a/src/webapi/router/router.go
+++ b/src/webapi/router/router.go
@ -136,9 +136,9 @@ func configRoute(r *gin.Engine, version string) {
 		pages.DELETE("/user/:id", jwtAuth(), admin(), userDel)
 		pages.GET("/metric-views", jwtAuth(), metricViewGets)
-		pages.DELETE("/metric-views", jwtAuth(), metricViewDel)
+		pages.DELETE("/metric-views", jwtAuth(), user(), metricViewDel)
-		pages.POST("/metric-views", jwtAuth(), metricViewAdd)
+		pages.POST("/metric-views", jwtAuth(), user(), metricViewAdd)
-		pages.PUT("/metric-views", jwtAuth(), metricViewPut)
+		pages.PUT("/metric-views", jwtAuth(), user(), metricViewPut)
 		pages.GET("/user-groups", jwtAuth(), user(), userGroupGets)
 		pages.POST("/user-groups", jwtAuth(), user(), perm("/user-groups/add"), userGroupAdd)
--- a/src/webapi/router/router_metric_view.go
+++ b/src/webapi/router/router_metric_view.go
@ -14,13 +14,19 @@ func metricViewGets(c *gin.Context) {
 	ginx.NewRender(c).Data(lst, err)
 }
-// body: name, configs
+// body: name, configs, cate
 func metricViewAdd(c *gin.Context) {
 	var f models.MetricView
 	ginx.BindJSON(c, &f)
 	me := c.MustGet("user").(*models.User)
 	if !me.IsAdmin() {
 		// 管理员可以选择当前这个视图是公开呢，还是私有，普通用户的话就只能是私有的
 		f.Cate = 1
 	}
 	f.Id = 0
-	f.CreateBy = c.MustGet("userid").(int64)
+	f.CreateBy = me.Id
 	ginx.Dangerous(f.Add())
@ -32,10 +38,15 @@ func metricViewDel(c *gin.Context) {
 	var f idsForm
 	ginx.BindJSON(c, &f)
-	ginx.NewRender(c).Message(models.MetricViewDel(f.Ids, c.MustGet("userid")))
+	me := c.MustGet("user").(*models.User)
 	if me.IsAdmin() {
 		ginx.NewRender(c).Message(models.MetricViewDel(f.Ids))
 	} else {
 		ginx.NewRender(c).Message(models.MetricViewDel(f.Ids, me.Id))
 	}
 }
-// body: id, name, configs
+// body: id, name, configs, cate
 func metricViewPut(c *gin.Context) {
 	var f models.MetricView
 	ginx.BindJSON(c, &f)
@ -48,11 +59,16 @@ func metricViewPut(c *gin.Context) {
 		return
 	}
-	userid := c.MustGet("userid").(int64)
+	me := c.MustGet("user").(*models.User)
-	if view.CreateBy != userid {
+	if !me.IsAdmin() {
-		ginx.NewRender(c, http.StatusForbidden).Message("forbidden")
+		f.Cate = 1
-		return
+
 		// 如果是普通用户，只能修改自己的
 		if view.CreateBy != me.Id {
 			ginx.NewRender(c, http.StatusForbidden).Message("forbidden")
 			return
 		}
 	}
-	ginx.NewRender(c).Message(view.Update(f.Name, f.Configs))
+	ginx.NewRender(c).Message(view.Update(f.Name, f.Configs, f.Cate))
 }