Merge pull request #1573 from visuddhinanda/laravel

文集增加鉴权

app/Http/Api/MdRender.php

@@ -272,10 +272,18 @@ class MdRender{
                 }
                 break;
             case 'text':
-                return $tplProps;
+                if(is_array($tplProps)){
+                    return '';
+                }else{
+                    return $tplProps;
+                }
                 break;
             case 'tex':
-                return $tplProps;
+                if(is_array($tplProps)){
+                    return '';
+                }else{
+                    return $tplProps;
+                }
                 break;
             default:
                 return '';

app/Http/Api/TemplateRender.php

@@ -384,12 +384,33 @@ class TemplateRender{
         }else{
             $tpl = "sentedit";
         }
-        return [
-            'props'=>base64_encode(\json_encode($props)),
-            'html'=>"",
-            'tag'=>'span',
-            'tpl'=>$tpl,
-            ];
+
+        switch ($this->format) {
+            case 'react':
+                $output = [
+                    'props'=>base64_encode(\json_encode($props)),
+                    'html'=>"",
+                    'tag'=>'span',
+                    'tpl'=>$tpl,
+                    ];
+                break;
+            case 'unity':
+                $output = [
+                    'props'=>base64_encode(\json_encode($props)),
+                    'tpl'=>$tpl,
+                    ];
+                break;
+            case 'text':
+                $output = '';
+                break;
+            case 'tex':
+                $output = '';
+                break;
+            default:
+                $output = '';
+                break;
+        }
+        return $output;
     }
 
     private  function render_mermaid(){

app/Http/Controllers/ArticleMapController.php

@@ -5,7 +5,8 @@ namespace App\Http\Controllers;
 use App\Models\ArticleCollection;
 use App\Models\Article;
 use App\Models\Collection;
-
+use App\Http\Api\ShareApi;
+use App\Http\Api\AuthApi;
 use Illuminate\Http\Request;
 use App\Http\Resources\ArticleMapResource;
 
@@ -41,10 +42,23 @@ class ArticleMapController extends Controller
     public function store(Request $request)
     {
         //
+
         $validated = $request->validate([
                 'anthology_id' => 'required',
                 'operation' => 'required'
             ]);
+        $collection  = Collection::find($request->get('anthology_id'));
+        if(!$collection){
+            return $this->error("no recorder");
+        }
+        //鉴权
+        $user = AuthApi::current($request);
+        if(!$user){
+            return $this->error(__('auth.failed'));
+        }
+        if(!CollectionController::UserCanEdit($user["user_uid"],$collection)){
+            return $this->error(__('auth.failed'));
+        }
         switch ($validated['operation']) {
             case 'add':
                 # 添加多个文章到文集
@@ -62,6 +76,7 @@ class ArticleMapController extends Controller
                         $new->collect_id = $request->get('anthology_id');
                         $new->title = Article::find($article)->title;
                         $new->level = 1;
+                        $new->editor_id = $user["user_id"];
                         $new->save();
                         $count++;
                     }
@@ -98,6 +113,20 @@ class ArticleMapController extends Controller
         $validated = $request->validate([
             'operation' => 'required'
         ]);
+
+        $collection  = Collection::find($id);
+        if(!$collection){
+            return $this->error("no recorder");
+        }
+        //鉴权
+        $user = AuthApi::current($request);
+        if(!$user){
+            return $this->error(__('auth.failed'));
+        }
+        if(!CollectionController::UserCanEdit($user["user_uid"],$collection)){
+            return $this->error(__('auth.failed'));
+        }
+
         switch ($validated['operation']) {
             case 'anthology':
                 $delete = ArticleCollection::where('collect_id',$id)->delete();
@@ -111,6 +140,10 @@ class ArticleMapController extends Controller
                     $new->title = $row["title"];
                     $new->level = $row["level"];
                     $new->children = $row["children"];
+                    $new->editor_id = $user["user_id"];
+                    if(isset($row["deleted_at"])){
+                        $new->deleted_at = $row["deleted_at"];
+                    }
                     $new->save();
                     $count++;
                 }

app/Http/Controllers/CollectionController.php

@@ -119,6 +119,17 @@ class CollectionController extends Controller
         return $this->ok(['my'=>$my,'collaboration'=>$collaboration]);
     }
 
+    public static function UserCanEdit($user_uid,$collection){
+        if($collection->owner === $user_uid){
+            return true;
+        }
+        //查协作
+        $currPower = ShareApi::getResPower($user_uid,$collection->uid);
+        if($currPower >= 20){
+            return true;
+        }
+        return false;
+    }
     /**
      * Store a newly created resource in storage.
      *
@@ -203,31 +214,28 @@ class CollectionController extends Controller
     {
         //
         $collection  = Collection::find($id);
-        if($collection){
-            //鉴权
-            $user = \App\Http\Api\AuthApi::current($request);
-            if($user && $collection->owner === $user["user_uid"]){
-                $collection->title = $request->get('title');
-                $collection->subtitle = $request->get('subtitle');
-                $collection->summary = $request->get('summary');
-                if($request->has('aritcle_list')){
-                    $collection->article_list = \json_encode($request->get('aritcle_list'));
-                } ;
-                $collection->lang = $request->get('lang');
-                $collection->status = $request->get('status');
-                $collection->modify_time = time()*1000;
-                $collection->save();
-                return $this->ok(new CollectionResource($collection));
-            }else{
-                //鉴权失败
-
-                //TODO 判断是否为协作
-                return $this->error(__('auth.failed'));
-            }
-
-        }else{
+        if(!$collection){
             return $this->error("no recorder");
         }
+        //鉴权
+        $user = AuthApi::current($request);
+        if(!$user){
+            return $this->error(__('auth.failed'));
+        }
+        if(!CollectionController::UserCanEdit($user["user_uid"],$collection)){
+            return $this->error(__('auth.failed'));
+        }
+        $collection->title = $request->get('title');
+        $collection->subtitle = $request->get('subtitle');
+        $collection->summary = $request->get('summary');
+        if($request->has('aritcle_list')){
+            $collection->article_list = \json_encode($request->get('aritcle_list'));
+        } ;
+        $collection->lang = $request->get('lang');
+        $collection->status = $request->get('status');
+        $collection->modify_time = time()*1000;
+        $collection->save();
+        return $this->ok(new CollectionResource($collection));
     }
 
     /**

app/Http/Resources/ArticleMapResource.php

@@ -3,6 +3,7 @@
 namespace App\Http\Resources;
 
 use Illuminate\Http\Resources\Json\JsonResource;
+use App\Http\Api\UserApi;
 
 class ArticleMapResource extends JsonResource
 {
@@ -14,6 +15,18 @@ class ArticleMapResource extends JsonResource
      */
     public function toArray($request)
     {
+        $data = [
+            'id' => $this->id,
+            "collect_id" => $this->collect_id,
+            "article_id" => $this->article_id,
+            "level" => $this->level,
+            "title" => $this->title,
+            "editor"=> UserApi::getById($this->editor_id),
+            "children" => $this->children,
+            "deleted_at" => $this->deleted_at,
+            "created_at" => $this->created_at,
+            "updated_at" => $this->updated_at,
+        ];
         return parent::toArray($request);
     }
 }

app/Http/Resources/CollectionResource.php

@@ -25,6 +25,7 @@ class CollectionResource extends JsonResource
             "studio" => StudioApi::getById($this->owner),
             "childrenNumber" => ArticleCollection::where('collect_id',$this->uid)->count(),
             "status" => $this->status,
+            'lang' => $this->lang,
             "created_at" => $this->created_at,
             "updated_at" => $this->updated_at,
         ];