Merge remote-tracking branch 'github/fix/1.0.6/admin-permission' into test

2023-02-23 17:13:09 +08:00 · 2023-02-23 17:13:09 +08:00 · 0d1b043557
parent 9df7cfe3f4 1de3ec27e5
commit 0d1b043557
7 changed files with 25 additions and 10 deletions
--- a/i18n/en_US.yaml
+++ b/i18n/en_US.yaml
@ -35,6 +35,10 @@ backend:
    other: Email and password do not match.
  error:
    admin:
+      cannot_update_their_password:
+        other: You cannot modify your password.
+      cannot_modify_self_status:
+        other: You cannot modify your status.
      email_or_password_wrong:
        other: Email and password do not match.
    answer:
--- a/internal/base/reason/reason.go
+++ b/internal/base/reason/reason.go
@ -64,4 +64,6 @@ const (
 	TagCannotSetSynonymAsItself      = "error.tag.cannot_set_synonym_as_itself"
 	NotAllowedRegistration           = "error.user.not_allowed_registration"
 	SMTPConfigFromNameCannotBeEmail  = "error.smtp.config_from_name_cannot_be_email"
+	AdminCannotUpdateTheirPassword   = "error.admin.cannot_update_their_password"
+	AdminCannotModifySelfStatus      = "error.admin.cannot_modify_self_status"
 )
--- a/internal/controller/user_controller.go
+++ b/internal/controller/user_controller.go
@ -157,7 +157,7 @@ func (uc *UserController) RetrievePassWord(ctx *gin.Context) {
 		return
 	}
 	_, _ = uc.actionService.ActionRecordAdd(ctx, schema.ActionRecordTypeFindPass, ctx.ClientIP())
-	_, err := uc.userService.RetrievePassWord(ctx, req)
+	err := uc.userService.RetrievePassWord(ctx, req)
 	handler.HandleResponse(ctx, err, nil)
 }

--- a/internal/controller_admin/user_backyard_controller.go
+++ b/internal/controller_admin/user_backyard_controller.go
@ -34,6 +34,8 @@ func (uc *UserAdminController) UpdateUserStatus(ctx *gin.Context) {
 		return
 	}

+	req.LoginUserID = middleware.GetLoginUserIDFromContext(ctx)
+
 	err := uc.userService.UpdateUserStatus(ctx, req)
 	handler.HandleResponse(ctx, err, nil)
 }
--- a/internal/schema/backyard_user_schema.go
+++ b/internal/schema/backyard_user_schema.go
@ -2,10 +2,9 @@ package schema

 // UpdateUserStatusReq update user request
 type UpdateUserStatusReq struct {
-	// user id
-	UserID string `validate:"required" json:"user_id"`
-	// user status
-	Status string `validate:"required,oneof=normal suspended deleted inactive" json:"status" enums:"normal,suspended,deleted,inactive"`
+	UserID      string `validate:"required" json:"user_id"`
+	Status      string `validate:"required,oneof=normal suspended deleted inactive" json:"status" enums:"normal,suspended,deleted,inactive"`
+	LoginUserID string `json:"-"`
 }

 const (
--- a/internal/service/user_admin/user_backyard.go
+++ b/internal/service/user_admin/user_backyard.go
@ -61,6 +61,10 @@ func NewUserAdminService(

 // UpdateUserStatus update user
 func (us *UserAdminService) UpdateUserStatus(ctx context.Context, req *schema.UpdateUserStatusReq) (err error) {
+	// Admin cannot modify their status
+	if req.UserID == req.LoginUserID {
+		return errors.BadRequest(reason.AdminCannotModifySelfStatus)
+	}
 	userInfo, exist, err := us.userRepo.GetUserInfo(ctx, req.UserID)
 	if err != nil {
 		return
@ -153,6 +157,10 @@ func (us *UserAdminService) AddUser(ctx context.Context, req *schema.AddUserReq)

 // UpdateUserPassword update user password
 func (us *UserAdminService) UpdateUserPassword(ctx context.Context, req *schema.UpdateUserPasswordReq) (err error) {
+	// Users cannot modify their password
+	if req.UserID == req.LoginUserID {
+		return errors.BadRequest(reason.AdminCannotUpdateTheirPassword)
+	}
 	userInfo, exist, err := us.userRepo.GetUserInfo(ctx, req.UserID)
 	if err != nil {
 		return err
--- a/internal/service/user_service.go
+++ b/internal/service/user_service.go
@ -149,13 +149,13 @@ func (us *UserService) EmailLogin(ctx context.Context, req *schema.UserEmailLogi
 }

 // RetrievePassWord .
-func (us *UserService) RetrievePassWord(ctx context.Context, req *schema.UserRetrievePassWordRequest) (string, error) {
+func (us *UserService) RetrievePassWord(ctx context.Context, req *schema.UserRetrievePassWordRequest) error {
 	userInfo, has, err := us.userRepo.GetByEmail(ctx, req.Email)
 	if err != nil {
-		return "", err
+		return err
 	}
 	if !has {
-		return "", errors.BadRequest(reason.UserNotFound)
+		return nil
 	}

 	// send email
@ -167,10 +167,10 @@ func (us *UserService) RetrievePassWord(ctx context.Context, req *schema.UserRet
 	verifyEmailURL := fmt.Sprintf("%s/users/password-reset?code=%s", us.getSiteUrl(ctx), code)
 	title, body, err := us.emailService.PassResetTemplate(ctx, verifyEmailURL)
 	if err != nil {
-		return "", err
+		return err
 	}
 	go us.emailService.SendAndSaveCode(ctx, req.Email, title, body, code, data.ToJSONString())
-	return code, nil
+	return nil
 }

 // UseRePassword