lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-23 19:37:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

admin permission control

Browse Source
This commit is contained in:
xiaomlove
2022-07-18 01:37:50 +08:00
parent c147ba528f
commit ffd25a1dae
5 changed files with 39 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Repositories/ExamRepository.php
+4
View File
@@ -16,6 +16,7 @@ use Illuminate\Database\Eloquent\Builder;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Query\JoinClause;
use Illuminate\Support\Arr;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\DB;
class ExamRepository extends BaseRepository
@@ -292,6 +293,9 @@ class ExamRepository extends BaseRepository
$logPrefix = "uid: $uid, examId: $examId, begin: $begin, end: $end";
$exam = Exam::query()->find($examId);
$user = User::query()->findOrFail($uid);
if (Auth::user()->Class <= $user->class) {
throw new NexusException("No permission !");
}
if (!$this->isExamMatchUser($exam, $user)) {
throw new NexusException("Exam: {$exam->id} no match this user.");
}
app/Repositories/MedalRepository.php
+4
View File
@@ -5,6 +5,7 @@ use App\Models\Medal;
use App\Models\User;
use App\Models\UserMedal;
use Carbon\Carbon;
use Illuminate\Support\Facades\Auth;
use Nexus\Database\NexusDB;
class MedalRepository extends BaseRepository
@@ -56,6 +57,9 @@ class MedalRepository extends BaseRepository
public function grantToUser(int $uid, int $medalId, $duration = null)
{
$user = User::query()->findOrFail($uid, User::$commonFields);
if (Auth::user()->class <= $user->class) {
throw new \LogicException("No permission!");
}
$medal = Medal::query()->findOrFail($medalId);
$exists = $user->valid_medals()->where('medal_id', $medalId)->exists();
do_log(last_query());
app/Repositories/UserRepository.php
+14 -1
View File
@@ -11,6 +11,7 @@ use App\Models\User;
use App\Models\UserBanLog;
use Carbon\Carbon;
use Illuminate\Database\Eloquent\Builder;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\DB;
use Nexus\Database\NexusDB;
@@ -132,7 +133,10 @@ class UserRepository extends BaseRepository
if ($password != $passwordConfirmation) {
throw new \InvalidArgumentException("password confirmation != password");
}
$user = User::query()->findOrFail($id, ['id', 'username']);
$user = User::query()->findOrFail($id, ['id', 'username', 'class']);
if (Auth::user()->class <= $user->class) {
throw new \LogicException("Sorry, you don't have enough permission to reset this user's password.");
}
$secret = mksecret();
$passhash = md5($secret . $password . $secret);
$update = [
@@ -182,6 +186,9 @@ class UserRepository extends BaseRepository
if ($targetUser->enabled == User::ENABLED_YES) {
throw new NexusException('Already enabled !');
}
if ($targetUser->class >= $operator->class) {
throw new NexusException('No Permission !');
}
$update = [
'enabled' => User::ENABLED_YES
];
@@ -226,6 +233,9 @@ class UserRepository extends BaseRepository
}
$sourceField = $fieldMap[$field];
$targetUser = User::query()->findOrFail($uid, User::$commonFields);
if (Auth::user()->Class <= $targetUser->class) {
throw new NexusException("No permission !");
}
$old = $targetUser->{$sourceField};
$valueAtomic = $value;
$formatSize = false;
@@ -310,6 +320,9 @@ class UserRepository extends BaseRepository
throw new \RuntimeException("No permission.");
}
$user = User::query()->findOrFail($uid, User::$commonFields);
if ($operator->class <= $user->class) {
throw new \RuntimeException("No permission!");
}
$user->two_step_secret = '';
return $user->save();
}