...
 
Commits (2)
...@@ -291,12 +291,17 @@ func (micUser *MicUser) leave(operateUserId uint64, operateExternalId string) er ...@@ -291,12 +291,17 @@ func (micUser *MicUser) leave(operateUserId uint64, operateExternalId string) er
} }
// //
externalId := micUser.ExternalId externalId := micUser.ExternalId
// 超管处理
if flag, err := user_m.IsSuperManagerV2(micUser.model, operateUserId, micUser.UserId); err != nil {
return err
} else if !flag {
if micUser.ExternalId != operateExternalId { if micUser.ExternalId != operateExternalId {
//检查权限,管理人权限, 不过不拥有管理人权限,则抛出错误 //检查权限,管理人权限, 不过不拥有管理人权限,则抛出错误
if err := MgrPermission(micUser.model, micUser.GroupUuid, operateUserId, micUser.UserId); err != nil { if err := MgrPermission(micUser.model, micUser.GroupUuid, operateUserId, micUser.UserId); err != nil {
return err return err
} }
} }
}
//设置值到redis //设置值到redis
//redisCli.GetRedis().ScriptFlush(context.Background()) //redisCli.GetRedis().ScriptFlush(context.Background())
script := strings.Replace(strings.Replace( script := strings.Replace(strings.Replace(
...@@ -576,7 +581,7 @@ func (micUser *MicUser) SpeechClose(userId uint64, externalId, lang string) erro ...@@ -576,7 +581,7 @@ func (micUser *MicUser) SpeechClose(userId uint64, externalId, lang string) erro
} else if flag { } else if flag {
//不能让超级管理人移除 //不能让超级管理人移除
return bizerr.OfficialStaffLimit return bizerr.OfficialStaffLimit
} else if flag, err := user_m.IsSuperManager(micUser.model, userId); err != nil { } else if flag, err := user_m.IsSuperManagerV2(micUser.model, userId, micUser.UserId); err != nil {
return err return err
} else if flag { } else if flag {
//超级管理人,无敌状态 //超级管理人,无敌状态
......
...@@ -3,13 +3,17 @@ package user_m ...@@ -3,13 +3,17 @@ package user_m
import ( import (
"git.hilo.cn/hilo-common/domain" "git.hilo.cn/hilo-common/domain"
"git.hilo.cn/hilo-common/resource/mysql" "git.hilo.cn/hilo-common/resource/mysql"
"gorm.io/gorm"
"hilo-group/myerr" "hilo-group/myerr"
"strings"
) )
type SuperManager struct { type SuperManager struct {
mysql.Entity mysql.Entity
*domain.Model `gorm:"-"` *domain.Model `gorm:"-"`
UserId mysql.ID UserId mysql.ID
IsAll bool
Countries string
} }
func IsSuperManager(model *domain.Model, userId mysql.ID) (bool, error) { func IsSuperManager(model *domain.Model, userId mysql.ID) (bool, error) {
...@@ -22,6 +26,33 @@ func IsSuperManager(model *domain.Model, userId mysql.ID) (bool, error) { ...@@ -22,6 +26,33 @@ func IsSuperManager(model *domain.Model, userId mysql.ID) (bool, error) {
return n > 0, nil return n > 0, nil
} }
// 对某人是否有超管权限
func IsSuperManagerV2(model *domain.Model, userId, targetUserId mysql.ID) (bool, error) {
var man SuperManager
if err := model.Db.Model(&SuperManager{}).Where(&SuperManager{
UserId: userId,
}).First(&man).Error; err != nil {
if err != gorm.ErrRecordNotFound {
model.Log.Errorf("IsSuperManagerV2 fail:%v", err)
}
return false, nil
}
if man.IsAll {
return true, nil
}
targetUser, err := GetUser(model, targetUserId)
if err != nil {
return false, err
}
countries := strings.Split(man.Countries, ",")
for _, c := range countries {
if c == targetUser.Country {
return true, nil
}
}
return false, nil
}
func GetSuperManagerAll(model *domain.Model) ([]uint64, error) { func GetSuperManagerAll(model *domain.Model) ([]uint64, error) {
superManagers := []SuperManager{} superManagers := []SuperManager{}
if err := model.Db.Model(&SuperManager{}).Find(&superManagers).Error; err != nil { if err := model.Db.Model(&SuperManager{}).Find(&superManagers).Error; err != nil {
......
...@@ -401,7 +401,7 @@ func (s *GroupService) GroupKick(groupUuid string, userId uint64, userExternalId ...@@ -401,7 +401,7 @@ func (s *GroupService) GroupKick(groupUuid string, userId uint64, userExternalId
} }
//超级管理人,无敌状态 //超级管理人,无敌状态
if flag, err := user_m.IsSuperManager(model, userId); err != nil { if flag, err := user_m.IsSuperManagerV2(model, userId, beKickUserId); err != nil {
return err return err
} else if !flag { } else if !flag {
//判断权限 //判断权限
......
...@@ -878,14 +878,14 @@ func SearchGroup(c *gin.Context) (*mycontext.MyContext, error) { ...@@ -878,14 +878,14 @@ func SearchGroup(c *gin.Context) (*mycontext.MyContext, error) {
return myContext, err return myContext, err
} }
if owner.Status == user_e.UserStatusFrozen { if owner.Status == user_e.UserStatusFrozen {
if flag, _ := user_m.IsSuperManager(model, myUserId); !flag { if flag, _ := user_m.IsSuperManagerV2(model, myUserId, owner.ID); !flag {
// 被封锁的用户,除了超管账户,其它用户搜索他的群组和个人ID,搜索结果为空 // 被封锁的用户,除了超管账户,其它用户搜索他的群组和个人ID,搜索结果为空
resp.ResponsePageOk(c, result, uint(total), 1) resp.ResponsePageOk(c, result, uint(total), 1)
return myContext, nil return myContext, nil
} }
} }
if group_m.IsHiddenGroupBy(model, g.ImGroupId) { if group_m.IsHiddenGroupBy(model, g.ImGroupId) {
if flag, _ := user_m.IsSuperManager(model, myUserId); !flag { if flag, _ := user_m.IsSuperManagerV2(model, myUserId, g.Owner); !flag {
// 被隐藏的用户,除了超管账户,其它用户搜索他的群组和个人ID,搜索结果为空 // 被隐藏的用户,除了超管账户,其它用户搜索他的群组和个人ID,搜索结果为空
resp.ResponsePageOk(c, result, uint(total), 1) resp.ResponsePageOk(c, result, uint(total), 1)
return myContext, nil return myContext, nil
......
...@@ -543,7 +543,7 @@ func AddGroupBlacklist(c *gin.Context) (*mycontext.MyContext, error) { ...@@ -543,7 +543,7 @@ func AddGroupBlacklist(c *gin.Context) (*mycontext.MyContext, error) {
// 检查是否可以对svip6进行操作 optUserId:被操作的用户id // 检查是否可以对svip6进行操作 optUserId:被操作的用户id
func CheckOptToSvip6(model *domain.Model, userId, optUserId uint64, lang string, privilegeId int) error { func CheckOptToSvip6(model *domain.Model, userId, optUserId uint64, lang string, privilegeId int) error {
// 是否超管 // 是否超管
isM, err := user_m.IsSuperManager(model, userId) isM, err := user_m.IsSuperManagerV2(model, userId, optUserId)
if err != nil { if err != nil {
return err return err
} }
......