Merge pull request #1581 from visuddhinanda/laravel

文集读取判断协作

app/Http/Controllers/ArticleController.php

@@ -13,6 +13,7 @@ use App\Http\Api\AuthApi;
 use App\Http\Api\ShareApi;
 use App\Http\Api\StudioApi;
 use Illuminate\Support\Facades\DB;
+use Illuminate\Support\Facades\Log;
 
 class ArticleController extends Controller
 {
@@ -247,6 +248,7 @@ class ArticleController extends Controller
         //判断权限
         $user = AuthApi::current($request);
         if(!$user){
+            Log::error('未登录');
             return $this->error(__('auth.failed'),[],401);
         }else{
             $user_uid=$user['user_uid'];
@@ -254,13 +256,16 @@ class ArticleController extends Controller
 
         $canManage = ArticleController::userCanManage($user_uid,$request->get('studio'));
         if(!$canManage){
+            Log::error('userCanManage 失败');
             //判断是否有文集权限
             if($request->has('anthologyId')){
                 $currPower = ShareApi::getResPower($user_uid,$request->get('anthologyId'));
                 if($currPower <= 10){
+                    Log::error('没有文集编辑权限');
                     return $this->error(__('auth.failed'),[],403);
                 }
             }else{
+                Log::error('没有文集id');
                 return $this->error(__('auth.failed'),[],403);
             }
         }

app/Http/Controllers/ArticleMapController.php

@@ -9,6 +9,7 @@ use App\Http\Api\ShareApi;
 use App\Http\Api\AuthApi;
 use Illuminate\Http\Request;
 use App\Http\Resources\ArticleMapResource;
+use Illuminate\Support\Facades\Log;
 
 class ArticleMapController extends Controller
 {
@@ -57,6 +58,7 @@ class ArticleMapController extends Controller
             return $this->error(__('auth.failed'));
         }
         if(!CollectionController::UserCanEdit($user["user_uid"],$collection)){
+            Log::error($user["user_uid"].'无文集编辑权限'.$collection->uid);
             return $this->error(__('auth.failed'));
         }
         switch ($validated['operation']) {

app/Http/Controllers/CollectionController.php

@@ -130,6 +130,17 @@ class CollectionController extends Controller
         }
         return false;
     }
+    public static function UserCanRead($user_uid,$collection){
+        if($collection->owner === $user_uid){
+            return true;
+        }
+        //查协作
+        $currPower = ShareApi::getResPower($user_uid,$collection->uid);
+        if($currPower >= 10){
+            return true;
+        }
+        return false;
+    }
     /**
      * Store a newly created resource in storage.
      *
@@ -184,16 +195,20 @@ class CollectionController extends Controller
 		if($result){
             if($result->status<30){
                 //私有文章，判断权限
+                Log::error('私有文章，判断权限'.$id);
                 $user = \App\Http\Api\AuthApi::current($request);
-                if($user){
-                    //判断当前用户是否有指定的studio的权限
-                    if($user['user_uid'] !== $result->owner){
-                        //非所有者
-                        //TODO 判断是否协作
+                if(!$user){
+                    Log::error('未登录');
+                    return $this->error(__('auth.failed'));
+                }
+                //判断当前用户是否有指定的studio的权限
+                if($user['user_uid'] !== $result->owner){
+                    Log::error($user["user_uid"].'私有文章，判断权限'.$id);
+                    //非所有者
+                    if(CollectionController::UserCanRead($user['user_uid'],$result)===false){
+                        Log::error($user["user_uid"].'没有读取权限');
                         return $this->error(__('auth.failed'));
                     }
-                }else{
-                    return $this->error(__('auth.failed'));
                 }
             }
             $result->fullArticleList = true;