...
 
Commits (2)
......@@ -291,12 +291,17 @@ func (micUser *MicUser) leave(operateUserId uint64, operateExternalId string) er
}
//
externalId := micUser.ExternalId
// 超管处理
if flag, err := user_m.IsSuperManagerV2(micUser.model, operateUserId, micUser.UserId); err != nil {
return err
} else if !flag {
if micUser.ExternalId != operateExternalId {
//检查权限,管理人权限, 不过不拥有管理人权限,则抛出错误
if err := MgrPermission(micUser.model, micUser.GroupUuid, operateUserId, micUser.UserId); err != nil {
return err
}
}
}
//设置值到redis
//redisCli.GetRedis().ScriptFlush(context.Background())
script := strings.Replace(strings.Replace(
......@@ -576,7 +581,7 @@ func (micUser *MicUser) SpeechClose(userId uint64, externalId, lang string) erro
} else if flag {
//不能让超级管理人移除
return bizerr.OfficialStaffLimit
} else if flag, err := user_m.IsSuperManager(micUser.model, userId); err != nil {
} else if flag, err := user_m.IsSuperManagerV2(micUser.model, userId, micUser.UserId); err != nil {
return err
} else if flag {
//超级管理人,无敌状态
......
......@@ -3,13 +3,17 @@ package user_m
import (
"git.hilo.cn/hilo-common/domain"
"git.hilo.cn/hilo-common/resource/mysql"
"gorm.io/gorm"
"hilo-group/myerr"
"strings"
)
type SuperManager struct {
mysql.Entity
*domain.Model `gorm:"-"`
UserId mysql.ID
IsAll bool
Countries string
}
func IsSuperManager(model *domain.Model, userId mysql.ID) (bool, error) {
......@@ -22,6 +26,33 @@ func IsSuperManager(model *domain.Model, userId mysql.ID) (bool, error) {
return n > 0, nil
}
// 对某人是否有超管权限
func IsSuperManagerV2(model *domain.Model, userId, targetUserId mysql.ID) (bool, error) {
var man SuperManager
if err := model.Db.Model(&SuperManager{}).Where(&SuperManager{
UserId: userId,
}).First(&man).Error; err != nil {
if err != gorm.ErrRecordNotFound {
model.Log.Errorf("IsSuperManagerV2 fail:%v", err)
}
return false, nil
}
if man.IsAll {
return true, nil
}
targetUser, err := GetUser(model, targetUserId)
if err != nil {
return false, err
}
countries := strings.Split(man.Countries, ",")
for _, c := range countries {
if c == targetUser.Country {
return true, nil
}
}
return false, nil
}
func GetSuperManagerAll(model *domain.Model) ([]uint64, error) {
superManagers := []SuperManager{}
if err := model.Db.Model(&SuperManager{}).Find(&superManagers).Error; err != nil {
......
......@@ -401,7 +401,7 @@ func (s *GroupService) GroupKick(groupUuid string, userId uint64, userExternalId
}
//超级管理人,无敌状态
if flag, err := user_m.IsSuperManager(model, userId); err != nil {
if flag, err := user_m.IsSuperManagerV2(model, userId, beKickUserId); err != nil {
return err
} else if !flag {
//判断权限
......
......@@ -878,14 +878,14 @@ func SearchGroup(c *gin.Context) (*mycontext.MyContext, error) {
return myContext, err
}
if owner.Status == user_e.UserStatusFrozen {
if flag, _ := user_m.IsSuperManager(model, myUserId); !flag {
if flag, _ := user_m.IsSuperManagerV2(model, myUserId, owner.ID); !flag {
// 被封锁的用户,除了超管账户,其它用户搜索他的群组和个人ID,搜索结果为空
resp.ResponsePageOk(c, result, uint(total), 1)
return myContext, nil
}
}
if group_m.IsHiddenGroupBy(model, g.ImGroupId) {
if flag, _ := user_m.IsSuperManager(model, myUserId); !flag {
if flag, _ := user_m.IsSuperManagerV2(model, myUserId, g.Owner); !flag {
// 被隐藏的用户,除了超管账户,其它用户搜索他的群组和个人ID,搜索结果为空
resp.ResponsePageOk(c, result, uint(total), 1)
return myContext, nil
......
......@@ -543,7 +543,7 @@ func AddGroupBlacklist(c *gin.Context) (*mycontext.MyContext, error) {
// 检查是否可以对svip6进行操作 optUserId:被操作的用户id
func CheckOptToSvip6(model *domain.Model, userId, optUserId uint64, lang string, privilegeId int) error {
// 是否超管
isM, err := user_m.IsSuperManager(model, userId)
isM, err := user_m.IsSuperManagerV2(model, userId, optUserId)
if err != nil {
return err
}
......