chore: project query

2026-04-24 12:27:25 +08:00 · 2026-02-13 00:41:40 +08:00
parent 99db1b1cc3
commit 67f347197e
24 changed files with 183 additions and 89 deletions
@@ -105,13 +105,17 @@ export abstract class BaseController {
   * @param service 检查记录是否属于某用户或某项目
   * @param id 
   */
-  async checkEntityOwner(service:any,id:number,permission:string){
+  async checkOwner(service:any,id:number,permission:string,allowAdmin:boolean = false){
    let { projectId,userId } = await this.getProjectUserId(permission)
    const authService:any = await this.applicationContext.getAsync("authService");
    if (projectId) {
-      await authService.checkEntityProjectId(service, id, projectId);
+      await authService.checkProjectId(service, id, projectId);
    }else{
-      await authService.checkEntityUserId(this.ctx, service, id);
+      if(allowAdmin){
        await authService.checkUserIdButAllowAdmin(this.ctx, service, id);
      }else{
        await authService.checkUserId(this.ctx, service, id);
      }
    }
    return {projectId,userId}
  }
@@ -151,6 +151,9 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
          title: t("certd.fields.projectName"),
          type: "dict-select",
          dict: myProjectDict,
          form: {
            show: false,
          },
        },
      },
    },
@@ -127,6 +127,9 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
          title: t("certd.fields.projectName"),
          type: "dict-select",
          dict: myProjectDict,
          form: {
            show: false,
          },
        },
      },
    },
@@ -206,6 +206,9 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
          title: t("certd.fields.projectName"),
          type: "dict-select",
          dict: myProjectDict,
          form: {
            show: false,
          },
        },
        updateTime: {
          title: t("certd.fields.updateTime"),
@@ -351,6 +351,9 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
          title: t("certd.fields.projectName"),
          type: "dict-select",
          dict: myProjectDict,
          form: {
            show: false,
          },
        },
      },
    },
@@ -813,6 +813,9 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
          title: t("certd.fields.projectName"),
          type: "dict-select",
          dict: myProjectDict,
          form: {
            show: false,
          },
        },
      },
    },
@@ -255,6 +255,9 @@ export function getCommonColumnDefine(crudExpose: any, typeRef: any, api: any) {
      title: t("certd.fields.projectName"),
      type: "dict-select",
      dict: myProjectDict,
      form: {
        show: false,
      },
    },
  };
 }
@@ -173,6 +173,9 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
          title: t("certd.fields.projectName"),
          type: "dict-select",
          dict: myProjectDict,
          form: {
            show: false,
          },
        },
        createTime: {
          title: t("certd.fields.createTime"),
@@ -140,6 +140,9 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
          title: t("certd.fields.projectName"),
          type: "dict-select",
          dict: myProjectDict,
          form: {
            show: false,
          },
        },
      },
    },
@@ -245,6 +245,9 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
          title: t("certd.fields.projectName"),
          type: "dict-select",
          dict: myProjectDict,
          form: {
            show: false,
          },
        },
      },
    },
@@ -140,7 +140,7 @@ export class AddonController extends CrudController<AddonService> {
      const simple = await this.service.getSimpleInfo(res.id);
      return this.ok(simple);
    }
-    await this.authService.checkEntityUserId(this.ctx, this.service, id);
+    await this.authService.checkUserIdButAllowAdmin(this.ctx, this.service, id);
    const res = await this.service.getSimpleInfo(id);
    return this.ok(res);
  }
@@ -30,7 +30,10 @@ export class CertInfoController extends CrudController<CertInfoService> {
  @Post('/page', { summary: Constants.per.authOnly })
  async page(@Body(ALL) body: any) {
    body.query = body.query ?? {};
-    body.query.userId = this.getUserId();
+
    const { projectId, userId } = await this.getProjectUserIdRead()
    body.query.projectId = projectId
    body.query.userId = userId;
    const domains = body.query?.domains;
    delete body.query.domains;
@@ -76,17 +79,20 @@ export class CertInfoController extends CrudController<CertInfoService> {
  @Post('/list', { summary: Constants.per.authOnly })
  async list(@Body(ALL) body: any) {
    body.query = body.query ?? {};
-    body.query.userId = this.getUserId();
+    const { projectId, userId } = await this.getProjectUserIdRead()
    body.query.projectId = projectId
    body.query.userId = userId;
    return await super.list(body);
  }
  @Post('/getOptionsByIds', { summary: Constants.per.authOnly })
  async getOptionsByIds(@Body(ALL) body: {ids:any[]}) {
-
+    const { projectId, userId } = await this.getProjectUserIdRead()
    const list = await this.service.list({
      query:{
-        userId: this.getUserId(),
+        projectId,
        userId,
      },
      buildQuery: (bq: SelectQueryBuilder<any>) => {
        bq.andWhere('id in (:...ids)', { ids: body.ids });
@@ -107,33 +113,37 @@ export class CertInfoController extends CrudController<CertInfoService> {
  @Post('/add', { summary: Constants.per.authOnly })
  async add(@Body(ALL) bean: any) {
-    bean.userId = this.getUserId();
+    const { projectId, userId } = await this.getProjectUserIdWrite()
    bean.projectId = projectId
    bean.userId = userId;
    return await super.add(bean);
  }
  @Post('/update', { summary: Constants.per.authOnly })
  async update(@Body(ALL) bean) {
-    await this.service.checkUserId(bean.id, this.getUserId());
+    await this.checkOwner(this.service,bean.id,"write");
    delete bean.userId;
    return await super.update(bean);
  }
  @Post('/info', { summary: Constants.per.authOnly })
  async info(@Query('id') id: number) {
-    await this.service.checkUserId(id, this.getUserId());
+    await this.checkOwner(this.service,id,"read");
    return await super.info(id);
  }
  @Post('/delete', { summary: Constants.per.authOnly })
  async delete(@Query('id') id: number) {
-    await this.service.checkUserId(id, this.getUserId());
+    await this.checkOwner(this.service,id,"write");
    return await super.delete(id);
  }
  @Post('/all', { summary: Constants.per.authOnly })
  async all() {
    const { projectId, userId } = await this.getProjectUserIdRead()
    const list: any = await this.service.find({
      where: {
-        userId: this.getUserId(),
+        projectId,
        userId,
      },
    });
    return this.ok(list);
@@ -143,7 +153,7 @@ export class CertInfoController extends CrudController<CertInfoService> {
  @Post('/getCert', { summary: Constants.per.authOnly })
  async getCert(@Query('id') id: number) {
-    await this.service.checkUserId(id, this.getUserId());
+    await this.checkOwner(this.getService(),id,"read");
    const certInfoEntity = await this.service.info(id);
    const certInfo = JSON.parse(certInfoEntity.certInfo);
    return this.ok(certInfo);
@@ -151,7 +161,8 @@ export class CertInfoController extends CrudController<CertInfoService> {
  @Get('/download', { summary: Constants.per.authOnly })
  async download(@Query('id') id: number) {
-    const certInfo = await this.service.info(id)
+    await this.checkOwner(this.getService(),id,"read");
    const certInfo = await this.getService().info(id)
    if (certInfo == null) {
      throw new CommonException('file not found');
    }
@@ -26,7 +26,9 @@ export class SiteInfoController extends CrudController<SiteInfoService> {
  @Post('/page', { summary: Constants.per.authOnly })
  async page(@Body(ALL) body: any) {
    body.query = body.query ?? {};
-    body.query.userId = this.getUserId();
+    const { projectId, userId } = await this.getProjectUserIdRead()
    body.query.projectId = projectId
    body.query.userId = userId;
    const certDomains = body.query.certDomains;
    const domain = body.query.domain;
    const name = body.query.name;
@@ -55,13 +57,17 @@ export class SiteInfoController extends CrudController<SiteInfoService> {
  @Post('/list', { summary: Constants.per.authOnly })
  async list(@Body(ALL) body: any) {
    body.query = body.query ?? {};
-    body.query.userId = this.getUserId();
+    const { projectId, userId } = await this.getProjectUserIdRead()
    body.query.projectId = projectId
    body.query.userId = userId;
    return await super.list(body);
  }
  @Post('/add', { summary: Constants.per.authOnly })
  async add(@Body(ALL) bean: any) {
-    bean.userId = this.getUserId();
+    const { projectId, userId } = await this.getProjectUserIdWrite()
    bean.projectId = projectId
    bean.userId = userId;
    const res = await this.service.add(bean);
    const entity = await this.service.info(res.id);
    if (entity.disabled) {
@@ -72,7 +78,7 @@ export class SiteInfoController extends CrudController<SiteInfoService> {
  @Post('/update', { summary: Constants.per.authOnly })
  async update(@Body(ALL) bean) {
-    await this.service.checkUserId(bean.id, this.getUserId());
+    await this.checkOwner(this.service,bean.id,"write");
    delete bean.userId;
    await this.service.update(bean);
    const entity = await this.service.info(bean.id);
@@ -83,27 +89,27 @@ export class SiteInfoController extends CrudController<SiteInfoService> {
  }
  @Post('/info', { summary: Constants.per.authOnly })
  async info(@Query('id') id: number) {
-    await this.service.checkUserId(id, this.getUserId());
+    await this.checkOwner(this.service,id,"read");
    return await super.info(id);
  }
  @Post('/delete', { summary: Constants.per.authOnly })
  async delete(@Query('id') id: number) {
-    await this.service.checkUserId(id, this.getUserId());
+    await this.checkOwner(this.service,id,"write");
    return await super.delete(id);
  }
  @Post('/batchDelete', { summary: Constants.per.authOnly })
  async batchDelete(@Body(ALL) body: any) {
-    const userId = this.getUserId();
+    const { projectId, userId } = await this.getProjectUserIdWrite()
-    await this.service.batchDelete(body.ids,userId);
+    await this.service.batchDelete(body.ids,userId,projectId);
    return this.ok();
  }
  @Post('/check', { summary: Constants.per.authOnly })
  async check(@Body('id') id: number) {
-    await this.service.checkUserId(id, this.getUserId());
+    await this.checkOwner(this.service,id,"read");
    await this.service.check(id, true, 0);
    await utils.sleep(1000);
    return this.ok();
@@ -111,26 +117,27 @@ export class SiteInfoController extends CrudController<SiteInfoService> {
  @Post('/checkAll', { summary: Constants.per.authOnly })
  async checkAll() {
-    const userId = this.getUserId();
+    const { projectId, userId } = await this.getProjectUserIdWrite()
-    await this.service.checkAllByUsers(userId);
+    await this.service.checkAllByUsers(userId,projectId);
    return this.ok();
  }
  @Post('/import', { summary: Constants.per.authOnly })
  async doImport(@Body(ALL) body: any) {
-    const userId = this.getUserId();
+    const { projectId, userId } = await this.getProjectUserIdWrite()
    await this.service.doImport({
      text:body.text,
      groupId:body.groupId,
-      userId
+      userId,
      projectId
    })
    return this.ok();
  }
  @Post('/ipCheckChange', { summary: Constants.per.authOnly })
  async ipCheckChange(@Body(ALL) bean: any) {
-    const userId = this.getUserId();
+    await this.checkOwner(this.service,bean.id,"read");
    await this.service.checkUserId(bean.id, userId)
    await this.service.ipCheckChange({
      id: bean.id,
      ipCheck: bean.ipCheck
@@ -140,8 +147,7 @@ export class SiteInfoController extends CrudController<SiteInfoService> {
  @Post('/disabledChange', { summary: Constants.per.authOnly })
  async disabledChange(@Body(ALL) bean: any) {
-    const userId = this.getUserId();
+    await this.checkOwner(this.service,bean.id,"write");
    await this.service.checkUserId(bean.id, userId)
    await this.service.disabledChange({
      id: bean.id,
      disabled: bean.disabled
@@ -151,14 +157,19 @@ export class SiteInfoController extends CrudController<SiteInfoService> {
  @Post("/setting/get", { summary: Constants.per.authOnly })
  async get() {
-    const userId = this.getUserId();
+    const { userId } = await this.getProjectUserIdRead()
    const setting = await this.service.getSetting(userId)
    return this.ok(setting);
  }
  @Post("/setting/save", { summary: Constants.per.authOnly })
  async save(@Body(ALL) bean: any) {
-    const userId = this.getUserId();
+    const { userId } = await this.getProjectUserIdWrite()
    if(userId === 0){
      if(!this.isAdmin()){
        throw new Error("仅管理员可以修改");
      }
    }
    const setting = new UserSiteMonitorSetting();
    merge(setting, bean);
@@ -22,8 +22,10 @@ export class SiteInfoController extends CrudController<SiteIpService> {
  @Post('/page', { summary: Constants.per.authOnly })
  async page(@Body(ALL) body: any) {
    const { projectId, userId } = await this.getProjectUserIdRead()
    body.query = body.query ?? {};
-    body.query.userId = this.getUserId();
+    body.query.userId = userId;
    body.query.projectId = projectId
    const res = await this.service.page({
      query: body.query,
      page: body.page,
@@ -35,13 +37,17 @@ export class SiteInfoController extends CrudController<SiteIpService> {
  @Post('/list', { summary: Constants.per.authOnly })
  async list(@Body(ALL) body: any) {
    body.query = body.query ?? {};
-    body.query.userId = this.getUserId();
+    const { projectId, userId } = await this.getProjectUserIdRead()
    body.query.userId = userId;
    body.query.projectId = projectId
    return await super.list(body);
  }
  @Post('/add', { summary: Constants.per.authOnly })
  async add(@Body(ALL) bean: any) {
-    bean.userId = this.getUserId();
+    const { projectId, userId } = await this.getProjectUserIdWrite()
    bean.userId = userId;
    bean.projectId = projectId
    bean.from = "manual"
    const res = await this.service.add(bean);
    const siteEntity = await this.siteInfoService.info(bean.siteId);
@@ -54,7 +60,7 @@ export class SiteInfoController extends CrudController<SiteIpService> {
  @Post('/update', { summary: Constants.per.authOnly })
  async update(@Body(ALL) bean) {
-    await this.service.checkUserId(bean.id, this.getUserId());
+    await this.checkOwner(this.service,bean.id,"write");
    delete bean.userId;
    await this.service.update(bean);
    const siteEntity = await this.siteInfoService.info(bean.siteId);
@@ -66,23 +72,24 @@ export class SiteInfoController extends CrudController<SiteIpService> {
  }
  @Post('/info', { summary: Constants.per.authOnly })
  async info(@Query('id') id: number) {
-    await this.service.checkUserId(id, this.getUserId());
+    await this.checkOwner(this.service,id,"read");
    return await super.info(id);
  }
  @Post('/delete', { summary: Constants.per.authOnly })
  async delete(@Query('id') id: number) {
    await this.checkOwner(this.service,id,"write");
    const entity = await this.service.info(id);
    await this.service.checkUserId(id, this.getUserId());
    const res = await super.delete(id);
    await this.service.updateIpCount(entity.siteId)
    return res
  }
  @Post('/check', { summary: Constants.per.authOnly })
  async check(@Body('id') id: number) {
-    await this.service.checkUserId(id, this.getUserId());
+    await this.checkOwner(this.service,id,"read");
    const entity = await this.service.info(id);
    const siteEntity = await this.siteInfoService.info(entity.siteId);
    const domain = siteEntity.domain;
@@ -93,8 +100,7 @@ export class SiteInfoController extends CrudController<SiteIpService> {
  @Post('/checkAll', { summary: Constants.per.authOnly })
  async checkAll(@Body('siteId') siteId: number) {
-    const userId = this.getUserId();
+    await this.getProjectUserIdRead()
    await this.siteInfoService.checkUserId(siteId, userId);
    const siteEntity = await this.siteInfoService.info(siteId);
    await this.service.syncAndCheck(siteEntity);
    return this.ok();
@@ -102,22 +108,20 @@ export class SiteInfoController extends CrudController<SiteIpService> {
  @Post('/sync', { summary: Constants.per.authOnly })
  async sync(@Body('siteId') siteId: number) {
-    const userId = this.getUserId();
+    await this.getProjectUserIdWrite()
    const entity = await this.siteInfoService.info(siteId)
    if(entity.userId != userId){
      throw new Error('无权限')
    }
    await this.service.sync(entity);
    return this.ok();
  }
  @Post('/import', { summary: Constants.per.authOnly })
  async doImport(@Body(ALL) body: any) {
-    const userId = this.getUserId();
+    const { userId, projectId } = await this.getProjectUserIdWrite()
    await this.service.doImport({
      text:body.text,
      userId,
-      siteId:body.siteId
+      siteId:body.siteId,
      projectId
    })
    return this.ok();
  }
@@ -102,7 +102,7 @@ export class AccessController extends CrudController<AccessService> {
  @Post('/simpleInfo', { summary: Constants.per.authOnly })
  async simpleInfo(@Query('id') id: number) {
-    await this.authService.checkEntityUserId(this.ctx, this.service, id);
+    await this.authService.checkUserIdButAllowAdmin(this.ctx, this.service, id);
    const res = await this.service.getSimpleInfo(id);
    return this.ok(res);
  }
@@ -159,7 +159,7 @@ export class HistoryController extends CrudController<HistoryService> {
  @Post('/update', { summary: Constants.per.authOnly })
  async update(@Body(ALL) bean) {
-    await this.checkEntityOwner(this.getService(), bean.id,"write");
+    await this.checkOwner(this.getService(), bean.id,"write",true);
    delete bean.userId;
    return super.update(bean);
  }
@@ -173,7 +173,7 @@ export class HistoryController extends CrudController<HistoryService> {
      //修改
      delete bean.projectId;
      delete bean.userId;
-      await this.checkEntityOwner(this.getService(), bean.id,"write");
+      await this.checkOwner(this.getService(), bean.id,"write",true);
    }
    await this.service.save(bean);
@@ -189,7 +189,7 @@ export class HistoryController extends CrudController<HistoryService> {
      //修改
      delete bean.projectId;
      delete bean.userId;
-      await this.checkEntityOwner(this.logService, bean.id,"write");
+      await this.checkOwner(this.logService, bean.id,"write",true);
    }
    await this.logService.save(bean);
    return this.ok(bean.id);
@@ -197,14 +197,14 @@ export class HistoryController extends CrudController<HistoryService> {
  @Post('/delete', { summary: Constants.per.authOnly })
  async delete(@Query('id') id: number) {
-    await this.checkEntityOwner(this.getService(), id,"write");
+    await this.checkOwner(this.getService(), id,"write",true);
    await super.delete(id);
    return this.ok();
  }
  @Post('/deleteByIds', { summary: Constants.per.authOnly })
  async deleteByIds(@Body(ALL) body: any) {
-    let {userId} = await this.checkEntityOwner(this.getService(), body.ids,"write");
+    let {userId} = await this.checkOwner(this.getService(), body.ids,"write",true);
    const isAdmin = await this.authService.isAdmin(this.ctx);
    userId = isAdmin ? null : userId;
    await this.getService().deleteByIds(body.ids, userId);
@@ -213,14 +213,14 @@ export class HistoryController extends CrudController<HistoryService> {
  @Post('/detail', { summary: Constants.per.authOnly })
  async detail(@Query('id') id: number) {
-    await this.checkEntityOwner(this.getService(), id,"read");
+    await this.checkOwner(this.getService(), id,"read",true);
    const detail = await this.service.detail(id);
    return this.ok(detail);
  }
  @Post('/logs', { summary: Constants.per.authOnly })
  async logs(@Query('id') id: number) {
-    await this.checkEntityOwner(this.logService, id,"read");
+    await this.checkOwner(this.logService, id,"read",true);
    const logInfo = await this.logService.info(id);
    return this.ok(logInfo);
  }
@@ -127,7 +127,7 @@ export class NotificationController extends CrudController<NotificationService>
      const simple = await this.service.getSimpleInfo(res.id);
      return this.ok(simple);
    }
-    await this.authService.checkEntityUserId(this.ctx, this.service, id);
+    await this.authService.checkUserIdButAllowAdmin(this.ctx, this.service, id);
    const res = await this.service.getSimpleInfo(id);
    return this.ok(res);
  }
@@ -95,7 +95,7 @@ export class PipelineController extends CrudController<PipelineService> {
  @Post('/update', { summary: Constants.per.authOnly })
  async update(@Body(ALL) bean) {
-    await this.checkEntityOwner(this.getService(), bean.id,"write");
+    await this.checkOwner(this.getService(), bean.id,"write",true);
    delete bean.userId;
    return super.update(bean);
  }
@@ -104,7 +104,7 @@ export class PipelineController extends CrudController<PipelineService> {
  async save(@Body(ALL) bean: { addToMonitorEnabled: boolean, addToMonitorDomains: string } & PipelineEntity) {
     const { userId } = await this.getProjectUserIdWrite()
    if (bean.id > 0) {
-      await this.checkEntityOwner(this.getService(), bean.id,"write");
+      await this.checkOwner(this.getService(), bean.id,"write",true);
    } else {
      bean.userId = userId;
    }
@@ -131,14 +131,14 @@ export class PipelineController extends CrudController<PipelineService> {
  @Post('/delete', { summary: Constants.per.authOnly })
  async delete(@Query('id') id: number) {
-    await this.checkEntityOwner(this.getService(), id,"write");
+    await this.checkOwner(this.getService(), id,"write",true);
    await this.service.delete(id);
    return this.ok({});
  }
  @Post('/disabled', { summary: Constants.per.authOnly })
  async disabled(@Body(ALL) bean) {
-    await this.checkEntityOwner(this.getService(), bean.id,"write");
+    await this.checkOwner(this.getService(), bean.id,"write",true);
    delete bean.userId;
    await this.service.disabled(bean.id, bean.disabled);
    return this.ok({});
@@ -146,21 +146,21 @@ export class PipelineController extends CrudController<PipelineService> {
  @Post('/detail', { summary: Constants.per.authOnly })
  async detail(@Query('id') id: number) {
-    await this.checkEntityOwner(this.getService(), id,"read");
+    await this.checkOwner(this.getService(), id,"read",true);
    const detail = await this.service.detail(id);
    return this.ok(detail);
  }
  @Post('/trigger', { summary: Constants.per.authOnly })
  async trigger(@Query('id') id: number, @Query('stepId') stepId?: string) {
-    await this.checkEntityOwner(this.getService(), id,"write");
+    await this.checkOwner(this.getService(), id,"write",true);
    await this.service.trigger(id, stepId, true);
    return this.ok({});
  }
  @Post('/cancel', { summary: Constants.per.authOnly })
  async cancel(@Query('historyId') historyId: number) {
-    await this.checkEntityOwner(this.historyService, historyId,"write");
+    await this.checkOwner(this.historyService, historyId,"write",true);
    await this.service.cancel(historyId);
    return this.ok({});
  }
@@ -258,7 +258,7 @@ export class PipelineController extends CrudController<PipelineService> {
  @Post('/refreshWebhookKey', { summary: Constants.per.authOnly })
  async refreshWebhookKey(@Body('id') id: number) {
-    await this.checkEntityOwner(this.getService(), id,"write");
+    await this.checkOwner(this.getService(), id,"write",true);
    const res = await this.service.refreshWebhookKey(id);
    return this.ok({
      webhookKey: res,
@@ -19,10 +19,14 @@ export class TemplateController extends CrudController<TemplateService> {
  @Post('/page', { summary: Constants.per.authOnly })
  async page(@Body(ALL) body) {
    body.query = body.query ?? {};
    delete body.query.userId;
    const { projectId, userId } = await this.getProjectUserIdRead()
    body.query.projectId = projectId
    const buildQuery = qb => {
-      qb.andWhere('user_id = :userId', { userId: this.getUserId() });
+      qb.andWhere('user_id = :userId', { userId: userId });
    };
    const res = await this.service.page({
      query: body.query,
@@ -36,49 +40,58 @@ export class TemplateController extends CrudController<TemplateService> {
  @Post('/list', { summary: Constants.per.authOnly })
  async list(@Body(ALL) body) {
    body.query = body.query ?? {};
-    body.query.userId = this.getUserId();
+    const { projectId, userId } = await this.getProjectUserIdRead()
    body.query.projectId = projectId
    body.query.userId = userId
    return super.list(body);
  }
  @Post('/add', { summary: Constants.per.authOnly })
  async add(@Body(ALL) bean) {
-    bean.userId = this.getUserId();
+    const { projectId, userId } = await this.getProjectUserIdRead()
    bean.userId = userId;
    bean.projectId = projectId
    checkPlus()
    return super.add(bean);
  }
  @Post('/update', { summary: Constants.per.authOnly })
  async update(@Body(ALL) bean) {
-    await this.service.checkUserId(bean.id, this.getUserId());
+    await this.checkOwner(this.service, bean.id, "write");
    delete bean.userId;
    return super.update(bean);
  }
  @Post('/info', { summary: Constants.per.authOnly })
  async info(@Query('id') id: number) {
-    await this.service.checkUserId(id, this.getUserId());
+     await this.checkOwner(this.service, id, "read");
    return super.info(id);
  }
  @Post('/delete', { summary: Constants.per.authOnly })
  async delete(@Query('id') id: number) {
-    await this.service.batchDelete([id], this.getUserId());
+     const { userId ,projectId } = await this.getProjectUserIdWrite()
    await this.service.batchDelete([id], userId,projectId);
    return this.ok({});
  }
  @Post('/batchDelete', { summary: Constants.per.authOnly })
  async batchDelete(@Body('ids') ids: number[]) {
-    await this.service.batchDelete(ids, this.getUserId());
+    const { userId ,projectId } = await this.getProjectUserIdWrite()
    await this.service.batchDelete(ids, userId,projectId);
    return this.ok({});
  }
  @Post('/detail', { summary: Constants.per.authOnly })
  async detail(@Query('id') id: number) {
-    const detail = await this.service.detail(id, this.getUserId());
+    const { userId ,projectId } = await this.getProjectUserIdRead()
    const detail = await this.service.detail(id, userId,projectId);
    return this.ok(detail);
  }
  @Post('/createPipelineByTemplate', { summary: Constants.per.authOnly })
  async createPipelineByTemplate(@Body(ALL) body: any) {
-    body.userId = this.getUserId();
+    const { userId ,projectId } = await this.getProjectUserIdWrite()
    body.userId = userId;
    body.projectId = projectId
    checkPlus()
    const res = await this.service.createPipelineByTemplate(body);
    return this.ok(res);
@@ -1,7 +1,7 @@
 import {Inject, Provide, Scope, ScopeEnum} from "@midwayjs/core";
 import {BaseService, NeedSuiteException, NeedVIPException, SysSettingsService} from "@certd/lib-server";
 import {InjectEntityModel} from "@midwayjs/typeorm";
-import {Repository} from "typeorm";
+import {In, Repository} from "typeorm";
 import {SiteInfoEntity} from "../entity/site-info.js";
 import {siteTester} from "./site-tester.js";
 import dayjs from "dayjs";
@@ -344,12 +344,12 @@ export class SiteInfoService extends BaseService<SiteInfoEntity> {
    }
  }
-  async checkAllByUsers(userId: any) {
+  async checkAllByUsers(userId: any,projectId?: number) {
    if (!userId) {
      throw new Error("userId is required");
    }
    const sites = await this.repository.find({
-      where: {userId}
+      where: {userId,projectId}
    });
    this.checkList(sites,false);
  }
@@ -418,7 +418,7 @@ export class SiteInfoService extends BaseService<SiteInfoEntity> {
    }
  }
-  async doImport(req: { text: string; userId: number,groupId?:number }) {
+  async doImport(req: { text: string; userId: number,groupId?:number,projectId?:number }) {
    if (!req.text) {
      throw new Error("text is required");
    }
@@ -461,7 +461,8 @@ export class SiteInfoService extends BaseService<SiteInfoEntity> {
        httpsPort: port,
        userId: req.userId,
        remark,
-        groupId: req.groupId
+        groupId: req.groupId,
        projectId: req.projectId
      });
    }
@@ -537,4 +538,12 @@ export class SiteInfoService extends BaseService<SiteInfoEntity> {
    logger.info(`站点证书检查完成[${userId??'所有用户'}]`);
  }
  async batchDelete(ids: number[], userId: number,projectId?:number): Promise<void> {
    await this.repository.delete({
      id: In(ids),
      userId,
      projectId,
    });
  }
 }
@@ -278,7 +278,7 @@ export class SiteIpService extends BaseService<SiteIpEntity> {
    })
  }
-  async doImport(req: { text: string; userId:number, siteId:number }) {
+  async doImport(req: { text: string; userId:number, siteId:number,projectId?:number }) {
    if (!req.text) {
      throw new Error("text is required");
    }
@@ -289,7 +289,8 @@ export class SiteIpService extends BaseService<SiteIpEntity> {
    const siteEntity = await this.siteInfoRepository.findOne({
      where: {
        id: req.siteId,
-        userId:req.userId
+        userId:req.userId,
        projectId:req.projectId
      }
    });
    if (!siteEntity) {
@@ -311,6 +312,7 @@ export class SiteIpService extends BaseService<SiteIpEntity> {
        siteId: req.siteId,
        from: "import",
        disabled:false,
        projectId: req.projectId,
      });
    }
@@ -756,6 +756,9 @@ export class PipelineService extends BaseService<PipelineEntity> {
        id: pipelineId,
      },
    });
    if(!pipelineEntity){
      return null
    }
    return pipelineEntity.projectId;
  }
  private async saveHistory(history: RunHistory) {
@@ -67,7 +67,7 @@ export class TemplateService extends BaseService<TemplateEntity> {
  }
-  async detail(id: number, userId: number) {
+  async detail(id: number, userId: number,projectId?:number) {
    const info = await this.info(id)
    if (!info) {
      throw new Error('模板不存在');
@@ -75,6 +75,9 @@ export class TemplateService extends BaseService<TemplateEntity> {
    if (info.userId !== userId) {
      throw new Error('无权限');
    }
    if (projectId && info.projectId !== projectId) {
      throw new Error('无权限');
    }
    let pipeline = null
    if (info.pipelineId) {
      const pipelineEntity = await this.pipelineService.info(info.pipelineId);
@@ -88,19 +91,22 @@ export class TemplateService extends BaseService<TemplateEntity> {
    }
  }
-  async batchDelete(ids: number[], userId: number) {
+  async batchDelete(ids: number[], userId: number,projectId?:number) {
    const where: any = {
      id: In(ids),
    }
-    if (userId > 0) {
+    if (userId != null) {
      where.userId = userId
    }
    if (projectId) {
      where.projectId = projectId
    }
    const list = await this.getRepository().find({where})
    ids = list.map(item => item.id)
    const pipelineIds = list.map(item => item.pipelineId)
    await this.delete(ids);
-    await this.pipelineService.batchDelete(pipelineIds, userId)
+    await this.pipelineService.batchDelete(pipelineIds, userId, projectId)
  }
  async createPipelineByTemplate(body: PipelineEntity) {
@@ -28,7 +28,7 @@ export class AuthService {
  }
  //管理员有权限查看其他用户的数据
-  async checkEntityUserId(ctx: any, service: any, ids: number| number[] = null, userKey = 'userId') {
+  async checkUserIdButAllowAdmin(ctx: any, service: any, ids: number| number[] = null, userKey = 'userId') {
    const isAdmin = await this.isAdmin(ctx);
    if (isAdmin) {
      return true;
@@ -36,7 +36,11 @@ export class AuthService {
    await service.checkUserId(ids, ctx.user.id, userKey);
  }
-  async checkEntityProjectId(service:any,ids:number| number[] = null,projectId = null){
+  async checkProjectId(service:any,ids:number| number[] = null,projectId = null){
    await service.checkUserId(ids, projectId , "projectId");
  }
  async checkUserId(service:any,ids:number| number[] = null,userId = null){
    await service.checkUserId(ids, userId , "userId");
  }
 }