Merge pull request #2274 from visuddhinanda/development

Development

api-v8/app/Http/Api/ChannelApi.php

@@ -1,33 +1,38 @@
 <?php
+
 namespace App\Http\Api;
+
 use App\Models\Channel;
 use Illuminate\Support\Str;
 use Illuminate\Support\Facades\Log;
 
-class ChannelApi{
-    public static function getById($id){
-        if(!Str::isUuid($id)){
+class ChannelApi
+{
+    public static function getById($id)
+    {
+        if (!Str::isUuid($id)) {
             return false;
         }
-        $channel = Channel::where("uid",$id)->first();
-        if($channel){
+        $channel = Channel::where("uid", $id)->first();
+        if ($channel) {
             return [
-                    'id'=>$id,
-                    'name'=>$channel['name'],
-                    'type'=>$channel['type'],
-                    'lang'=>$channel['lang'],
-                    'studio_id'=>$channel['owner_uid'],
-                ];
-        }else{
+                'id' => $id,
+                'name' => $channel['name'],
+                'type' => $channel['type'],
+                'lang' => $channel['lang'],
+                'studio_id' => $channel['owner_uid'],
+            ];
+        } else {
             return false;
         }
     }
-    public static function getCanReadByUser($userUuid=null){
+    public static function getCanReadByUser($userUuid = null)
+    {
         #获取 user 在某章节 所有有权限的 channel 列表
         $channelId = [];
         //我自己的
 
-        if($userUuid){
+        if ($userUuid) {
             $my = Channel::select('uid')->where('owner_uid', $userUuid)->get();
             foreach ($my as $key => $value) {
                 $channelId[$value->uid] = $value->uid;
@@ -35,7 +40,7 @@ class ChannelApi{
 
             //获取共享channel
 
-            $allSharedChannels = ShareApi::getResList($userUuid,2);
+            $allSharedChannels = ShareApi::getResList($userUuid, 2);
             foreach ($allSharedChannels as $key => $value) {
                 $channelId[$value['res_id']] = $value['res_id'];
             }
@@ -52,16 +57,13 @@ class ChannelApi{
         return $output;
     }
 
-    public static function userCanEdit($userUid,$channelUid){
-        $channels = ChannelApi::getCanEditByUser($userUid);
-        return in_array($channelUid,$channels);
-    }
-    public static function getCanEditByUser($userUuid=null){
+    public static function getCanEditByUser($userUuid = null)
+    {
         #获取 user 在某章节 所有有权限的 channel 列表
         $channelId = [];
         //我自己的
 
-        if($userUuid){
+        if ($userUuid) {
             $my = Channel::select('uid')->where('owner_uid', $userUuid)->get();
             foreach ($my as $key => $value) {
                 $channelId[$value->uid] = $value->uid;
@@ -69,10 +71,10 @@ class ChannelApi{
 
             //获取共享channel
 
-            $allSharedChannels = ShareApi::getResList($userUuid,2);
+            $allSharedChannels = ShareApi::getResList($userUuid, 2);
             foreach ($allSharedChannels as $key => $value) {
-                if($value['power'] >= 20){
-                   $channelId[$value['res_id']] = $value['res_id'];
+                if ($value['power'] >= 20) {
+                    $channelId[$value['res_id']] = $value['res_id'];
                 }
             }
         }
@@ -83,28 +85,41 @@ class ChannelApi{
         }
         return $output;
     }
-    public static function canManageByUser($channelId,$userUuid){
+    public static function userCanRead($userUid, $channelUid)
+    {
+        $channels = ChannelApi::getCanReadByUser($userUid);
+        return in_array($channelUid, $channels);
+    }
+    public static function userCanEdit($userUid, $channelUid)
+    {
+        $channels = ChannelApi::getCanEditByUser($userUid);
+        return in_array($channelUid, $channels);
+    }
+
+    public static function canManageByUser($channelId, $userUuid)
+    {
         $isOwner = Channel::where('owner_uid', $userUuid)
-                    ->where('uid', $channelId)->exists();
+            ->where('uid', $channelId)->exists();
         return $isOwner;
     }
-    public static function getSysChannel($channel_name,$fallback=""){
-        $channel = Channel::where('name',$channel_name)
-                    ->where('owner_uid',config("mint.admin.root_uuid"))
+    public static function getSysChannel($channel_name, $fallback = "")
+    {
+        $channel = Channel::where('name', $channel_name)
+            ->where('owner_uid', config("mint.admin.root_uuid"))
+            ->first();
+        if (!$channel) {
+            if (!empty($fallback)) {
+                $channel = Channel::where('name', $fallback)
+                    ->where('owner_uid', config("mint.admin.root_uuid"))
                     ->first();
-        if(!$channel){
-            if(!empty($fallback)){
-                $channel = Channel::where('name',$fallback)
-                                  ->where('owner_uid',config("mint.admin.root_uuid"))
-                                  ->first();
-                if(!$channel){
+                if (!$channel) {
                     return false;
-                }else{
+                } else {
                     return $channel->uid;
                 }
             }
             return false;
-        }else{
+        } else {
             return $channel->uid;
         }
     }
@@ -113,11 +128,12 @@ class ChannelApi{
      * 获取某个studio 的某个语言的自定义书的channel
      * 如果没有，建立
      */
-    public static function userBookGetOrCreate($studioId,$lang,$status){
-        $channelName = '_user_book_'.$lang;
-        $channel = Channel::where('owner_uid',$studioId)
-                        ->where('name',$channelName)->first();
-        if($channel){
+    public static function userBookGetOrCreate($studioId, $lang, $status)
+    {
+        $channelName = '_user_book_' . $lang;
+        $channel = Channel::where('owner_uid', $studioId)
+            ->where('name', $channelName)->first();
+        if ($channel) {
             return $channel->uid;
         }
         $channelUuid = Str::uuid();
@@ -130,15 +146,15 @@ class ChannelApi{
         $channel->lang = $lang;
         $channel->editor_id = 0;
         $channel->is_system = true;
-        $channel->create_time = time()*1000;
-        $channel->modify_time = time()*1000;
+        $channel->create_time = time() * 1000;
+        $channel->modify_time = time() * 1000;
         $channel->status = $status;
         $saveOk = $channel->save();
-        if($saveOk){
-            Log::debug('copy user book : create channel success name='.$channelName);
+        if ($saveOk) {
+            Log::debug('copy user book : create channel success name=' . $channelName);
             return $channel->uid;
-        }else{
-            Log::error('copy user book : create channel fail.',['channel'=>$channelName,'studioId'=>$studioId]);
+        } else {
+            Log::error('copy user book : create channel fail.', ['channel' => $channelName, 'studioId' => $studioId]);
             return false;
         }
     }

api-v8/app/Http/Controllers/AccessTokenController.php

@@ -8,6 +8,8 @@ use Illuminate\Support\Str;
 use Firebase\JWT\JWT;
 use Firebase\JWT\Key;
 use Illuminate\Support\Facades\Log;
+use App\Http\Api\AuthApi;
+use App\Http\Api\ChannelApi;
 
 class AccessTokenController extends Controller
 {
@@ -31,9 +33,31 @@ class AccessTokenController extends Controller
     public function store(Request $request)
     {
         //
+        $user = AuthApi::current($request);
+        if (!$user) {
+            Log::error('未登录');
+            return $this->error(__('auth.failed'), [], 401);
+        }
         $payload = $request->get('payload');
         $result = array();
         foreach ($payload as $key => $value) {
+            //鉴权
+            switch ($value['res_type']) {
+                case 'channel':
+                    if ($value['power'] === 'edit') {
+                        if (!ChannelApi::userCanEdit($user['user_uid'], $value['res_id'])) {
+                            continue;
+                        }
+                    } else {
+                        if (!ChannelApi::userCanRead($user['user_uid'], $value['res_id'])) {
+                            continue;
+                        }
+                    }
+                    break;
+                default:
+                    continue;
+                    break;
+            }
             //获取token
             $token = AccessToken::firstOrNew(
                 [

dashboard-v4/dashboard/src/components/task/TaskTable.tsx

@@ -121,8 +121,8 @@ const TaskTable = ({ tasks, onChange }: IWidget) => {
         <tbody>
           {projects?.map((row, index) => (
             <tr key={index}>
-              <td>{row.title}</td>
-              <td>{row.weight}</td>
+              <td key={"title"}>{row.title}</td>
+              <td key={"weight"}>{row.weight}</td>
               {dataHeading?.map((task, id) => {
                 const taskData = tasks?.find(
                   (value: ITaskData) =>