Dev niaoyu

src/auth/guards/admin.guard.ts

@@ -27,7 +27,7 @@ export class AdminGuard implements CanActivate {
     const userInfo = await this.usercenterService.findOne(user.sub);
 
     // 检查用户是否具有管理员权限 (userAuth === 2)
-    if (userInfo.userAuth !== 2 || userInfo.userAuth !== 3 ) {
+    if (userInfo.userAuth !== 2 && userInfo.userAuth !== 3) {
       throw new ForbiddenException('需要管理员权限');
     }
 

src/auth/guards/superAdmin.gurad.ts

@@ -0,0 +1,33 @@
+import {
+  CanActivate,
+  ExecutionContext,
+  Injectable,
+  ForbiddenException,
+} from '@nestjs/common';
+import { UsercenterService } from '../../usercenter/usercenter.service';
+
+@Injectable()
+export class SuperAdminGuard implements CanActivate {
+  constructor(private readonly usercenterService: UsercenterService) {}
+
+  async canActivate(context: ExecutionContext): Promise<boolean> {
+    const request = context.switchToHttp().getRequest();
+    const user = request.user;
+
+    // 确保用户已认证（例如 JWT 解析成功）
+    // 确保用户已经通过了认证
+    if (!user || !user.sub) {
+      throw new ForbiddenException('未经授权的访问');
+    }
+
+    // 获取用户信息
+    const userInfo = await this.usercenterService.findOne(user.sub);
+
+    // 检查是否为超级管理员
+    if (userInfo.userAuth !== 3) {
+      throw new ForbiddenException('需要超级管理员权限');
+    }
+
+    return true;
+  }
+}

src/resume-template/resume-template.service.ts

@@ -33,7 +33,7 @@ export class ResumeTemplateService {
     if (!user) {
       throw new NotFoundException(`用户ID ${id} 不存在`);
     }
-    if (user.userAuth !== 2 || user.userAuth !== 3) {
+    if (user.userAuth !== 2 && user.userAuth !== 3) {
       throw new NotFoundException(`用户无权限创建简历模板`);
     }
     const ResumeTemplate = this.resumeTemplateRepository.create({

src/usercenter/dto/update-usercenter.dto.ts

@@ -1,4 +1,12 @@
 import { PartialType } from '@nestjs/mapped-types';
 import { CreateUsercenterDto } from './create-usercenter.dto';
+import { IsInt, IsOptional, Max, Min } from 'class-validator';
 
-export class UpdateUsercenterDto extends PartialType(CreateUsercenterDto) {}
+export class UpdateUsercenterDto extends PartialType(CreateUsercenterDto) {
+  // 添加 userAuth 字段
+  @IsOptional()
+  @IsInt({ message: '权限必须是整数' })
+  @Min(1, { message: '权限最小为1' })
+  @Max(3, { message: '权限最大为3' })
+  userAuth: number;
+}

src/usercenter/usercenter.controller.ts

@@ -17,6 +17,7 @@ import { UpdateUsercenterDto } from './dto/update-usercenter.dto';
 import { AuthGuard } from '../auth/auth.guard';
 import { AdminGuard } from '../auth/guards/admin.guard';
 import { QueryUsercenterDto } from './dto/query-usercenter.dto';
+import { SuperAdminGuard } from 'src/auth/guards/superAdmin.gurad';
 
 @Controller('usercenter')
 export class UsercenterController {
@@ -84,4 +85,15 @@ export class UsercenterController {
   remove(@Param('id') id: string, @Request() req) {
     return this.usercenterService.remove(+id);
   }
+
+  @Patch(':id/auth')
+  @UseGuards(AuthGuard, SuperAdminGuard) // 只有登录 + 超级管理员才能访问
+  async updateUserAuth(
+    @Param('id') id: string,
+    @Body() dto: UpdateUsercenterDto,
+    @Request() req,
+  ) {
+    const operatorId = req.user.userId; 
+    return this.usercenterService.updateUserAuth(+id, dto.userAuth, operatorId);
+  }
 }

src/usercenter/usercenter.service.ts

@@ -4,6 +4,7 @@ import {
   InternalServerErrorException,
   NotFoundException,
   ConflictException,
+  ForbiddenException,
 } from '@nestjs/common';
 import { CreateUsercenterDto } from './dto/create-usercenter.dto';
 import { UpdateUsercenterDto } from './dto/update-usercenter.dto';
@@ -181,4 +182,26 @@ export class UsercenterService {
 
     return data;
   }
+  async updateUserAuth(userId: number, newAuth: number, operatorId: number) {
+    // 1. 禁止修改自己
+    if (userId === operatorId) {
+      throw new ForbiddenException('不能修改自己的权限');
+    }
+
+    // 2. 查询当前用户是否存在
+    const user = await this.userRepository.findOneBy({ userId });
+
+    if (!user) {
+      throw new NotFoundException(`用户 ID ${userId} 不存在`);
+    }
+
+    // 3. 确保当前要修改的目标权限是 1 或 2
+    if (![1, 2].includes(user.userAuth)) {
+      throw new ForbiddenException('只能修改普通用户或管理员的权限');
+    }
+
+    // 4. 更新权限
+    user.userAuth = newAuth;
+    return this.userRepository.save(user);
+  }
 }