diff --git a/controllers/BookController.go b/controllers/BookController.go index eb9caba7..a809764e 100644 --- a/controllers/BookController.go +++ b/controllers/BookController.go @@ -411,7 +411,10 @@ func (c *BookController) Users() { } c.Abort("500") } - + //如果不是创始人也不是管理员则不能操作 + if book.RoleId != conf.BookFounder && book.RoleId != conf.BookAdmin { + c.Abort("403") + } c.Data["Model"] = *book members, totalCount, err := models.NewMemberRelationshipResult().FindForUsersByBookId(book.BookId, pageIndex, conf.PageSize) @@ -854,7 +857,10 @@ func (c *BookController) Team() { } c.ShowErrorPage(500, "系统错误") } - + //如果不是创始人也不是管理员则不能操作 + if book.RoleId != conf.BookFounder && book.RoleId != conf.BookAdmin { + c.Abort("403") + } c.Data["Model"] = book members, totalCount, err := models.NewTeamRelationship().FindByBookToPager(book.BookId, pageIndex, conf.PageSize) @@ -884,7 +890,10 @@ func (c *BookController) TeamAdd() { if err != nil { c.JsonResult(500, err.Error()) } - + //如果不是创始人也不是管理员则不能操作 + if book.RoleId != conf.BookFounder && book.RoleId != conf.BookAdmin { + c.Abort("403") + } _, err = models.NewTeam().First(teamId, "team_id") if err != nil { if err == orm.ErrNoRows { @@ -921,7 +930,11 @@ func (c *BookController) TeamDelete() { if err != nil { c.JsonResult(5002, err.Error()) } - beego.Error(book) + //如果不是创始人也不是管理员则不能操作 + if book.RoleId != conf.BookFounder && book.RoleId != conf.BookAdmin { + c.Abort("403") + } + err = models.NewTeamRelationship().DeleteByBookId(book.BookId, teamId) if err != nil { @@ -944,6 +957,7 @@ func (c *BookController) TeamSearch() { if err != nil { c.JsonResult(500, err.Error()) } + searchResult, err := models.NewTeamRelationship().FindNotJoinBookByBookIdentify(book.BookId, keyword, 10) if err != nil { diff --git a/controllers/DocumentController.go b/controllers/DocumentController.go index 89ad79c6..7f4f51cf 100644 --- a/controllers/DocumentController.go +++ b/controllers/DocumentController.go @@ -183,7 +183,7 @@ func (c *DocumentController) Edit() { bookResult := models.NewBookResult() var err error - // 如果是超级管理者,则不判断权限 + // 如果是管理者,则不判断权限 if c.Member.IsAdministrator() { book, err := models.NewBook().FindByFieldFirst("identify", identify) if err != nil { @@ -195,7 +195,7 @@ func (c *DocumentController) Edit() { bookResult, err = models.NewBookResult().FindByIdentify(identify, c.Member.MemberId) if err != nil { - if err == orm.ErrNoRows { + if err == orm.ErrNoRows || err == models.ErrPermissionDenied{ c.ShowErrorPage(403, "项目不存在或没有权限") } else { beego.Error("查询项目时出错 -> ", err) diff --git a/models/BookModel.go b/models/BookModel.go index 1ea3defc..1e17e1ed 100644 --- a/models/BookModel.go +++ b/models/BookModel.go @@ -330,12 +330,12 @@ func (book *Book) FindToPager(pageIndex, pageSize, memberId int) (books []*BookR count(*) AS total_count FROM md_books AS book LEFT JOIN md_relationship AS rel ON book.book_id = rel.book_id AND rel.member_id = ? - left join (select * + left join (select book_id,min(role_id) as role_id from (select book_id,team_member_id,role_id from md_team_relationship as mtr - left join md_team_member as mtm on mtm.team_id=mtr.team_id and mtm.member_id=? order by role_id desc )as t group by t.book_id) - as team on team.book_id=book.book_id -WHERE rel.relationship_id > 0 or team.team_member_id > 0` + left join md_team_member as mtm on mtm.team_id=mtr.team_id and mtm.member_id=? order by role_id desc ) + as t group by t.book_id) + as team on team.book_id=book.book_id WHERE rel.role_id >= 0 or team.role_id >= 0` err = o.Raw(sql1, memberId, memberId).QueryRow(&totalCount) @@ -357,14 +357,15 @@ WHERE rel.relationship_id > 0 or team.team_member_id > 0` m.account as create_name FROM md_books AS book LEFT JOIN md_relationship AS rel ON book.book_id = rel.book_id AND rel.member_id = ? - left join (select * + left join (select book_id,min(role_id) as role_id from (select book_id,team_member_id,role_id from md_team_relationship as mtr - left join md_team_member as mtm on mtm.team_id=mtr.team_id and mtm.member_id=? order by role_id desc )as t group by t.book_id) as team + left join md_team_member as mtm on mtm.team_id=mtr.team_id and mtm.member_id=? order by role_id desc ) + as t group by book_id) as team on team.book_id=book.book_id LEFT JOIN md_relationship AS rel1 ON book.book_id = rel1.book_id AND rel1.role_id = 0 LEFT JOIN md_members AS m ON rel1.member_id = m.member_id -WHERE rel.relationship_id > 0 or team.team_member_id > 0 +WHERE rel.role_id >= 0 or team.role_id >= 0 ORDER BY book.order_index, book.book_id DESC limit ?,?` _, err = o.Raw(sql2, memberId, memberId, offset, pageSize).QueryRows(&books) @@ -479,24 +480,26 @@ func (book *Book) FindForHomeToPager(pageIndex, pageSize, memberId int) (books [ sql1 := `SELECT COUNT(*) FROM md_books AS book LEFT JOIN md_relationship AS rel ON rel.book_id = book.book_id AND rel.member_id = ? - left join (select * - from (select book_id,team_member_id,role_id + left join (select book_id,min(role_id) AS role_id + from (select book_id,role_id from md_team_relationship as mtr - left join md_team_member as mtm on mtm.team_id=mtr.team_id and mtm.member_id=? order by role_id desc )as t group by t.book_id,t.team_member_id,t.book_id) as team on team.book_id=book.book_id -WHERE relationship_id > 0 OR book.privately_owned = 0 or team.team_member_id > 0` + left join md_team_member as mtm on mtm.team_id=mtr.team_id and mtm.member_id=? order by role_id desc ) +as t group by book_id) as team on team.book_id=book.book_id +WHERE book.privately_owned = 0 or rel.role_id >=0 or team.role_id >=0` err = o.Raw(sql1, memberId, memberId).QueryRow(&totalCount) if err != nil { return } sql2 := `SELECT book.*,rel1.*,member.account AS create_name,member.real_name FROM md_books AS book LEFT JOIN md_relationship AS rel ON rel.book_id = book.book_id AND rel.member_id = ? - left join (select * - from (select book_id,team_member_id,role_id + left join (select book_id,min(role_id) AS role_id + from (select book_id,role_id from md_team_relationship as mtr - left join md_team_member as mtm on mtm.team_id=mtr.team_id and mtm.member_id=? order by role_id desc )as t group by t.book_id,t.team_member_id,t.book_id) as team on team.book_id=book.book_id + left join md_team_member as mtm on mtm.team_id=mtr.team_id and mtm.member_id=? order by role_id desc ) +as t group by book_id) as team on team.book_id=book.book_id LEFT JOIN md_relationship AS rel1 ON rel1.book_id = book.book_id AND rel1.role_id = 0 LEFT JOIN md_members AS member ON rel1.member_id = member.member_id -WHERE rel.relationship_id > 0 OR book.privately_owned = 0 or team.team_member_id > 0 ORDER BY order_index ,book.book_id DESC LIMIT ?,?` +WHERE book.privately_owned = 0 or rel.role_id >=0 or team.role_id >=0 ORDER BY order_index ,book.book_id DESC LIMIT ?,?` _, err = o.Raw(sql2, memberId, memberId, offset, pageSize).QueryRows(&books) @@ -534,7 +537,7 @@ FROM md_books AS book left join (select * from (select book_id,team_member_id,role_id from md_team_relationship as mtr - left join md_team_member as mtm on mtm.team_id=mtr.team_id and mtm.member_id=? order by role_id desc )as t group by t.book_id,t.team_member_id,t.book_id) as team on team.book_id = book.book_id + left join md_team_member as mtm on mtm.team_id=mtr.team_id and mtm.member_id=? order by role_id desc )as t group by t.role_id,t.team_member_id,t.book_id) as team on team.book_id = book.book_id WHERE (relationship_id > 0 OR book.privately_owned = 0 or team.team_member_id > 0) AND book.label LIKE ?` err = o.Raw(sql1, memberId, memberId, keyword).QueryRow(&totalCount) @@ -545,7 +548,7 @@ WHERE (relationship_id > 0 OR book.privately_owned = 0 or team.team_member_id > LEFT JOIN md_relationship AS rel ON rel.book_id = book.book_id AND rel.member_id = ? left join (select * from (select book_id,team_member_id,role_id from md_team_relationship as mtr - left join md_team_member as mtm on mtm.team_id=mtr.team_id and mtm.member_id=? order by role_id desc )as t group by t.book_id,t.team_member_id,t.book_id) as team + left join md_team_member as mtm on mtm.team_id=mtr.team_id and mtm.member_id=? order by role_id desc )as t group by t.role_id,t.team_member_id,t.book_id) as team on team.book_id = book.book_id LEFT JOIN md_relationship AS rel1 ON rel1.book_id = book.book_id AND rel1.role_id = 0 LEFT JOIN md_members AS member ON rel1.member_id = member.member_id diff --git a/models/DocumentSearchResult.go b/models/DocumentSearchResult.go index ced9d39f..ac3842f2 100644 --- a/models/DocumentSearchResult.go +++ b/models/DocumentSearchResult.go @@ -58,7 +58,7 @@ WHERE book.privately_owned = 0 AND (doc.document_name LIKE ? OR doc.release LIKE LEFT JOIN md_relationship AS rel1 ON doc.book_id = rel1.book_id AND rel1.member_id = ? left join (select * from (select book_id,team_member_id,role_id from md_team_relationship as mtr - left join md_team_member as mtm on mtm.team_id=mtr.team_id and mtm.member_id=? order by role_id desc )as t group by t.book_id) as team + left join md_team_member as mtm on mtm.team_id=mtr.team_id and mtm.member_id=? order by role_id desc )as t group by t.role_id,t.team_member_id,t.book_id) as team on team.book_id = book.book_id WHERE (book.privately_owned = 0 OR rel1.relationship_id > 0 or team.team_member_id > 0) AND (doc.document_name LIKE ? OR doc.release LIKE ?) ` @@ -69,7 +69,7 @@ WHERE (book.privately_owned = 0 OR rel1.relationship_id > 0 or team.team_member_ LEFT JOIN md_relationship AS rel1 ON doc.book_id = rel1.book_id AND rel1.member_id = ? left join (select * from (select book_id,team_member_id,role_id from md_team_relationship as mtr - left join md_team_member as mtm on mtm.team_id=mtr.team_id and mtm.member_id=? order by role_id desc )as t group by t.book_id) as team + left join md_team_member as mtm on mtm.team_id=mtr.team_id and mtm.member_id=? order by role_id desc )as t group by t.role_id,t.team_member_id,t.book_id) as team on team.book_id = book.book_id WHERE (book.privately_owned = 0 OR rel1.relationship_id > 0 or team.team_member_id > 0) AND (doc.document_name LIKE ? OR doc.release LIKE ?) ORDER BY doc.document_id DESC LIMIT ?,? ` diff --git a/models/Itemsets.go b/models/Itemsets.go index d56ca56b..303001e2 100644 --- a/models/Itemsets.go +++ b/models/Itemsets.go @@ -222,11 +222,12 @@ func (item *Itemsets) FindItemsetsByItemKey(key string, pageIndex, pageSize, mem sql1 := `SELECT COUNT(*) FROM md_books AS book LEFT JOIN md_relationship AS rel ON rel.book_id = book.book_id AND rel.member_id = ? - left join (select * - from (select book_id,team_member_id,role_id + left join (select book_id,min(role_id) as role_id + from (select book_id,role_id from md_team_relationship as mtr - left join md_team_member as mtm on mtm.team_id=mtr.team_id and mtm.member_id=? order by role_id desc )as t group by t.book_id,t.team_member_id,t.book_id) as team on team.book_id = book.book_id -WHERE book.item_id = ? AND (relationship_id > 0 OR book.privately_owned = 0 or team.team_member_id > 0)` + left join md_team_member as mtm on mtm.team_id=mtr.team_id and mtm.member_id=? order by role_id desc ) +as t group by book_id) as team on team.book_id = book.book_id +WHERE book.item_id = ? AND (book.privately_owned = 0 or rel.role_id >= 0 or team.role_id >= 0)` err = o.Raw(sql1, memberId, memberId, item.ItemId).QueryRow(&totalCount) if err != nil { @@ -235,13 +236,14 @@ WHERE book.item_id = ? AND (relationship_id > 0 OR book.privately_owned = 0 or t } sql2 := `SELECT book.*,rel1.*,member.account AS create_name FROM md_books AS book LEFT JOIN md_relationship AS rel ON rel.book_id = book.book_id AND rel.member_id = ? - left join (select * from (select book_id,team_member_id,role_id + left join (select book_id,min(role_id) as role_id from (select book_id,role_id from md_team_relationship as mtr - left join md_team_member as mtm on mtm.team_id=mtr.team_id and mtm.member_id=? order by role_id desc )as t group by t.book_id,t.team_member_id,t.book_id) as team + left join md_team_member as mtm on mtm.team_id=mtr.team_id and mtm.member_id=? order by role_id desc ) +as t group by book_id) as team on team.book_id = book.book_id LEFT JOIN md_relationship AS rel1 ON rel1.book_id = book.book_id AND rel1.role_id = 0 LEFT JOIN md_members AS member ON rel1.member_id = member.member_id - WHERE book.item_id = ? AND (rel.relationship_id > 0 OR book.privately_owned = 0 or team.team_member_id > 0) + WHERE book.item_id = ? AND (book.privately_owned = 0 or rel.role_id >= 0 or team.role_id >= 0) ORDER BY order_index DESC ,book.book_id DESC LIMIT ?,?` _, err = o.Raw(sql2, memberId, memberId, item.ItemId, offset, pageSize).QueryRows(&books) diff --git a/models/TeamMember.go b/models/TeamMember.go index d0cbfb67..e7944304 100644 --- a/models/TeamMember.go +++ b/models/TeamMember.go @@ -204,10 +204,10 @@ func (m *TeamMember) FindNotJoinMemberByAccount(teamId int, account string, limi } o := orm.NewOrm() - sql := `select member.member_id,member.account + sql := `select member.member_id,member.account,team.team_member_id from md_members as member - left join md_team_member as team on team.team_id = ? and member.member_id != team.member_id - where member.account like ? and team.member_id is null + left join md_team_member as team on team.team_id = ? and member.member_id = team.member_id + where member.account like ? AND team_member_id IS NULL order by member.member_id desc limit ?;` diff --git a/views/book/dashboard.tpl b/views/book/dashboard.tpl index f1933765..9c8dd687 100644 --- a/views/book/dashboard.tpl +++ b/views/book/dashboard.tpl @@ -27,8 +27,8 @@