From 259615618a6d637b76c542251e3a9efdf4461bd9 Mon Sep 17 00:00:00 2001 From: KindSeven <2845382437@qq.com> Date: Mon, 19 May 2025 15:37:22 +0800 Subject: [PATCH 1/2] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E4=BF=AE=E6=94=B9?= =?UTF-8?q?=E7=94=A8=E6=88=B7=E6=9D=83=E9=99=90=E6=8E=A5=E5=8F=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/auth/guards/admin.guard.ts | 2 +- src/auth/guards/superAdmin.gurad.ts | 33 +++++++++++++++++++ .../resume-template.service.ts | 2 +- src/usercenter/dto/update-usercenter.dto.ts | 10 +++++- src/usercenter/usercenter.controller.ts | 12 +++++++ src/usercenter/usercenter.service.ts | 23 +++++++++++++ 6 files changed, 79 insertions(+), 3 deletions(-) create mode 100644 src/auth/guards/superAdmin.gurad.ts diff --git a/src/auth/guards/admin.guard.ts b/src/auth/guards/admin.guard.ts index e6f73de..ce9706d 100644 --- a/src/auth/guards/admin.guard.ts +++ b/src/auth/guards/admin.guard.ts @@ -27,7 +27,7 @@ export class AdminGuard implements CanActivate { const userInfo = await this.usercenterService.findOne(user.sub); // 检查用户是否具有管理员权限 (userAuth === 2) - if (userInfo.userAuth !== 2 || userInfo.userAuth !== 3 ) { + if (userInfo.userAuth !== 2 && userInfo.userAuth !== 3) { throw new ForbiddenException('需要管理员权限'); } diff --git a/src/auth/guards/superAdmin.gurad.ts b/src/auth/guards/superAdmin.gurad.ts new file mode 100644 index 0000000..c176105 --- /dev/null +++ b/src/auth/guards/superAdmin.gurad.ts @@ -0,0 +1,33 @@ +import { + CanActivate, + ExecutionContext, + Injectable, + ForbiddenException, +} from '@nestjs/common'; +import { UsercenterService } from '../../usercenter/usercenter.service'; + +@Injectable() +export class SuperAdminGuard implements CanActivate { + constructor(private readonly usercenterService: UsercenterService) {} + + async canActivate(context: ExecutionContext): Promise { + const request = context.switchToHttp().getRequest(); + const user = request.user; + + // 确保用户已认证(例如 JWT 解析成功) + // 确保用户已经通过了认证 + if (!user || !user.sub) { + throw new ForbiddenException('未经授权的访问'); + } + + // 获取用户信息 + const userInfo = await this.usercenterService.findOne(user.sub); + + // 检查是否为超级管理员 + if (userInfo.userAuth !== 3) { + throw new ForbiddenException('需要超级管理员权限'); + } + + return true; + } +} diff --git a/src/resume-template/resume-template.service.ts b/src/resume-template/resume-template.service.ts index c229f30..78b291e 100644 --- a/src/resume-template/resume-template.service.ts +++ b/src/resume-template/resume-template.service.ts @@ -33,7 +33,7 @@ export class ResumeTemplateService { if (!user) { throw new NotFoundException(`用户ID ${id} 不存在`); } - if (user.userAuth !== 2 || user.userAuth !== 3) { + if (user.userAuth !== 2 && user.userAuth !== 3) { throw new NotFoundException(`用户无权限创建简历模板`); } const ResumeTemplate = this.resumeTemplateRepository.create({ diff --git a/src/usercenter/dto/update-usercenter.dto.ts b/src/usercenter/dto/update-usercenter.dto.ts index 588ac1b..9a1d4f3 100644 --- a/src/usercenter/dto/update-usercenter.dto.ts +++ b/src/usercenter/dto/update-usercenter.dto.ts @@ -1,4 +1,12 @@ import { PartialType } from '@nestjs/mapped-types'; import { CreateUsercenterDto } from './create-usercenter.dto'; +import { IsInt, IsOptional, Max, Min } from 'class-validator'; -export class UpdateUsercenterDto extends PartialType(CreateUsercenterDto) {} +export class UpdateUsercenterDto extends PartialType(CreateUsercenterDto) { + // 添加 userAuth 字段 + @IsOptional() + @IsInt({ message: '权限必须是整数' }) + @Min(1, { message: '权限最小为1' }) + @Max(3, { message: '权限最大为3' }) + userAuth: number; +} diff --git a/src/usercenter/usercenter.controller.ts b/src/usercenter/usercenter.controller.ts index 987f408..bf7a180 100644 --- a/src/usercenter/usercenter.controller.ts +++ b/src/usercenter/usercenter.controller.ts @@ -17,6 +17,7 @@ import { UpdateUsercenterDto } from './dto/update-usercenter.dto'; import { AuthGuard } from '../auth/auth.guard'; import { AdminGuard } from '../auth/guards/admin.guard'; import { QueryUsercenterDto } from './dto/query-usercenter.dto'; +import { SuperAdminGuard } from 'src/auth/guards/superAdmin.gurad'; @Controller('usercenter') export class UsercenterController { @@ -84,4 +85,15 @@ export class UsercenterController { remove(@Param('id') id: string, @Request() req) { return this.usercenterService.remove(+id); } + + @Patch(':id/auth') + @UseGuards(AuthGuard, SuperAdminGuard) // 只有登录 + 超级管理员才能访问 + async updateUserAuth( + @Param('id') id: string, + @Body() dto: UpdateUsercenterDto, + @Request() req, + ) { + const operatorId = req.user.userId; + return this.usercenterService.updateUserAuth(+id, dto.userAuth, operatorId); + } } diff --git a/src/usercenter/usercenter.service.ts b/src/usercenter/usercenter.service.ts index 700ae22..931a18d 100644 --- a/src/usercenter/usercenter.service.ts +++ b/src/usercenter/usercenter.service.ts @@ -4,6 +4,7 @@ import { InternalServerErrorException, NotFoundException, ConflictException, + ForbiddenException, } from '@nestjs/common'; import { CreateUsercenterDto } from './dto/create-usercenter.dto'; import { UpdateUsercenterDto } from './dto/update-usercenter.dto'; @@ -181,4 +182,26 @@ export class UsercenterService { return data; } + async updateUserAuth(userId: number, newAuth: number, operatorId: number) { + // 1. 禁止修改自己 + if (userId === operatorId) { + throw new ForbiddenException('不能修改自己的权限'); + } + + // 2. 查询当前用户是否存在 + const user = await this.userRepository.findOneBy({ userId }); + + if (!user) { + throw new NotFoundException(`用户 ID ${userId} 不存在`); + } + + // 3. 确保当前要修改的目标权限是 1 或 2 + if (![1, 2].includes(user.userAuth)) { + throw new ForbiddenException('只能修改普通用户或管理员的权限'); + } + + // 4. 更新权限 + user.userAuth = newAuth; + return this.userRepository.save(user); + } } From e4660c30270e66b4e9524674523a9cd4ece91c7c Mon Sep 17 00:00:00 2001 From: KindSeven <2845382437@qq.com> Date: Mon, 19 May 2025 15:42:49 +0800 Subject: [PATCH 2/2] Merge branch 'main' into dev-niaoyu