From 03491029f24d3276482ec456b5139ab79fbb633c Mon Sep 17 00:00:00 2001 From: JustSong Date: Wed, 26 Apr 2023 11:10:14 +0800 Subject: [PATCH] feat: limit the ability of common user to set the remaining usage times of token (#9) --- controller/token.go | 26 +++++++++++-------- web/src/pages/Token/EditToken.js | 43 ++++++++++++++++++-------------- 2 files changed, 40 insertions(+), 29 deletions(-) diff --git a/controller/token.go b/controller/token.go index d7db8f2d..f08c9911 100644 --- a/controller/token.go +++ b/controller/token.go @@ -76,6 +76,7 @@ func GetToken(c *gin.Context) { } func AddToken(c *gin.Context) { + isAdmin := c.GetInt("role") >= common.RoleAdminUser token := model.Token{} err := c.ShouldBindJSON(&token) if err != nil { @@ -93,14 +94,16 @@ func AddToken(c *gin.Context) { return } cleanToken := model.Token{ - UserId: c.GetInt("id"), - Name: token.Name, - Key: common.GetUUID(), - CreatedTime: common.GetTimestamp(), - AccessedTime: common.GetTimestamp(), - ExpiredTime: token.ExpiredTime, - RemainTimes: token.RemainTimes, - UnlimitedTimes: token.UnlimitedTimes, + UserId: c.GetInt("id"), + Name: token.Name, + Key: common.GetUUID(), + CreatedTime: common.GetTimestamp(), + AccessedTime: common.GetTimestamp(), + ExpiredTime: token.ExpiredTime, + } + if isAdmin { + cleanToken.RemainTimes = token.RemainTimes + cleanToken.UnlimitedTimes = token.UnlimitedTimes } err = cleanToken.Insert() if err != nil { @@ -136,6 +139,7 @@ func DeleteToken(c *gin.Context) { } func UpdateToken(c *gin.Context) { + isAdmin := c.GetInt("role") >= common.RoleAdminUser userId := c.GetInt("id") statusOnly := c.Query("status_only") token := model.Token{} @@ -177,8 +181,10 @@ func UpdateToken(c *gin.Context) { // If you add more fields, please also update token.Update() cleanToken.Name = token.Name cleanToken.ExpiredTime = token.ExpiredTime - cleanToken.RemainTimes = token.RemainTimes - cleanToken.UnlimitedTimes = token.UnlimitedTimes + if isAdmin { + cleanToken.RemainTimes = token.RemainTimes + cleanToken.UnlimitedTimes = token.UnlimitedTimes + } } err = cleanToken.Update() if err != nil { diff --git a/web/src/pages/Token/EditToken.js b/web/src/pages/Token/EditToken.js index dcd31807..ccd50ce1 100644 --- a/web/src/pages/Token/EditToken.js +++ b/web/src/pages/Token/EditToken.js @@ -1,7 +1,7 @@ import React, { useEffect, useState } from 'react'; import { Button, Form, Header, Segment } from 'semantic-ui-react'; import { useParams } from 'react-router-dom'; -import { API, showError, showSuccess, timestamp2string } from '../../helpers'; +import { API, isAdmin, showError, showSuccess, timestamp2string } from '../../helpers'; const EditToken = () => { const params = useParams(); @@ -12,8 +12,9 @@ const EditToken = () => { name: '', remain_times: 0, expired_time: -1, - unlimited_times: false, + unlimited_times: false }; + const isAdminUser = isAdmin(); const [inputs, setInputs] = useState(originInputs); const { name, remain_times, expired_time, unlimited_times } = inputs; @@ -38,7 +39,7 @@ const EditToken = () => { const setUnlimitedTimes = () => { setInputs({ ...inputs, unlimited_times: !unlimited_times }); - } + }; const loadToken = async () => { let res = await API.get(`/api/token/${tokenId}`); @@ -93,7 +94,7 @@ const EditToken = () => { return ( <> -
{isEdit ? "更新令牌信息" : "创建新的令牌"}
+
{isEdit ? '更新令牌信息' : '创建新的令牌'}
{ required={!isEdit} /> - - - - + { + isAdminUser && <> + + + + + + }