更新:修复已知Bug

zhuchunshu · zhuchunshu · commit 92179efb6145 · 2022-12-25T19:13:39.000+08:00
diff --git a/app/Plugins/Comment/src/Controller/ApiController.php b/app/Plugins/Comment/src/Controller/ApiController.php
@@ -268,35 +268,6 @@ public function topic_comment_data(): array
         return Json_Api(200,true,$data);
     }
 
-    #[PostMapping(path:"topic.comment.update")]
-    public function topic_comment_update(UpdateComment $request){
-        $id = $request->input("comment_id"); // 获取评论id
-        if(!TopicComment::query()->where("id",$id)->exists()){
-            return Json_Api(404,false,["id为:".$id."的评论不存在"]);
-        }
-        $data = TopicComment::query()->where("id",$id)->first();
-        $quanxian = false;
-        if(Authority()->check("admin_topic_edit") && curd()->GetUserClass(auth()->data()->class_id)['permission-value']>curd()->GetUserClass($data->user->class_id)['permission-value']){
-            $quanxian = true;
-        }
-        if(Authority()->check("topic_edit") && auth()->id() === $data->user->id){
-            $quanxian = true;
-        }
-        if($quanxian===false){
-            return Json_Api(419,false,["无权修改!"]);
-        }
-        // 过滤xss
-        $content = xss()->clean($request->input('content'));
-
-        // 解析艾特
-        $content = $this->topic_create_at($content);
-        $post_id = TopicComment::query()->find($id)->post_id;
-		Post::query()->where("id",$post_id)->update([
-			'content' => $content,
-		]);
-        return Json_Api(200,true,["更新成功!"]);
-    }
-
     #[PostMapping("topic.caina.comment")]
     public function topic_caina_comment(){
         $comment_id = request()->input('comment_id');
diff --git a/app/Plugins/Comment/src/Controller/EditTopicCommentController.php b/app/Plugins/Comment/src/Controller/EditTopicCommentController.php
@@ -27,10 +27,10 @@ public function index($id)
         }
         $data = TopicComment::query()->find($id);
         $quanxian = false;
-        if (Authority()->check('admin_topic_edit') && curd()->GetUserClass(auth()->data()->class_id)['permission-value'] > curd()->GetUserClass($data->user->class_id)['permission-value']) {
+        if (Authority()->check('admin_comment_edit') && curd()->GetUserClass(auth()->data()->class_id)['permission-value'] > curd()->GetUserClass($data->user->class_id)['permission-value']) {
             $quanxian = true;
         }
-        if (Authority()->check('topic_edit') && auth()->id() === $data->user->id) {
+        if (Authority()->check('comment_edit') && auth()->id() === $data->user->id) {
             $quanxian = true;
         }
         if ($quanxian === false) {
diff --git a/app/Plugins/Topic/src/Controllers/ApiController.php b/app/Plugins/Topic/src/Controllers/ApiController.php
@@ -239,9 +239,9 @@ public function set_topic_delete(): array
         }
         $data = Topic::query()->where('id', $topic_id)->first();
         $quanxian = false;
-        if (Authority()->check('admin_topic_edit') && curd()->GetUserClass(auth()->data()->class_id)['permission-value'] > curd()->GetUserClass($data->user->class_id)['permission-value']) {
+        if (Authority()->check('admin_topic_delete') && curd()->GetUserClass(auth()->data()->class_id)['permission-value'] > curd()->GetUserClass($data->user->class_id)['permission-value']) {
             $quanxian = true;
-        } elseif (Authority()->check('topic_edit') && auth()->id() === $data->user->id) {
+        } elseif (Authority()->check('topic_delete') && auth()->id() === $data->user->id) {
             $quanxian = true;
         }
 
diff --git a/app/Plugins/Topic/src/Controllers/TopicController.php b/app/Plugins/Topic/src/Controllers/TopicController.php
@@ -15,8 +15,6 @@
 use App\Plugins\Topic\src\Handler\Topic\EditTopic;
 use App\Plugins\Topic\src\Handler\Topic\EditTopicView;
 use App\Plugins\Topic\src\Models\Topic;
-use App\Plugins\Topic\src\Requests\Topic\CreateTopicRequest;
-use App\Plugins\Topic\src\Requests\Topic\UpdateTopicRequest;
 use App\Plugins\User\src\Middleware\LoginMiddleware;
 use Hyperf\HttpServer\Annotation\Controller;
 use Hyperf\HttpServer\Annotation\GetMapping;
@@ -87,7 +85,7 @@ public function edit($topic_id)
     }
 
     #[PostMapping(path: '/topic/update')]
-    #[RateLimit(create:1, capacity:1, consume:1)]
+    #[RateLimit(create: 1, capacity: 1, consume: 1)]
     public function edit_post()
     {
         $quanxian = false;
diff --git a/app/Plugins/Topic/src/Handler/Topic/Middleware/Update/UpdateMiddleware.php b/app/Plugins/Topic/src/Handler/Topic/Middleware/Update/UpdateMiddleware.php
@@ -51,6 +51,17 @@ public function handler($data, \Closure $next)
             return redirect()->with('danger', $validator->errors()->first())->url('topic/' . $data['basis']['topic_id'] . '/edit')->go();
         }
         $data['topic_id'] = $data['basis']['topic_id'];
+        $topic = Topic::query()->find($data['topic_id']);
+        $quanxian = false;
+        if(Authority()->check("admin_topic_edit") && auth()->Class()['permission-value']>curd()->GetUserClass($topic->user->class_id)['permission-value']){
+            $quanxian = true;
+        }
+        if(Authority()->check("topic_edit") && auth()->id() === $topic->user->id){
+            $quanxian = true;
+        }
+        if($quanxian===false){
+            return redirect()->back()->with('danger','无权修改!')->go();
+        }
         $data = $this->update($data);
         return $next($data);
     }

Original file line number	Diff line number	Diff line change
`@@ -27,10 +27,10 @@ public function index($id)`
`27`	`27`	`}`
`28`	`28`	`$data = TopicComment::query()->find($id);`
`29`	`29`	`$quanxian = false;`
`30`		`- if (Authority()->check('admin_topic_edit') && curd()->GetUserClass(auth()->data()->class_id)['permission-value'] > curd()->GetUserClass($data->user->class_id)['permission-value']) {`
	`30`	`+ if (Authority()->check('admin_comment_edit') && curd()->GetUserClass(auth()->data()->class_id)['permission-value'] > curd()->GetUserClass($data->user->class_id)['permission-value']) {`
`31`	`31`	`$quanxian = true;`
`32`	`32`	`}`
`33`		`- if (Authority()->check('topic_edit') && auth()->id() === $data->user->id) {`
	`33`	`+ if (Authority()->check('comment_edit') && auth()->id() === $data->user->id) {`
`34`	`34`	`$quanxian = true;`
`35`	`35`	`}`
`36`	`36`	`if ($quanxian === false) {`
Original file line number	Diff line number	Diff line change
`@@ -239,9 +239,9 @@ public function set_topic_delete(): array`
`239`	`239`	`}`
`240`	`240`	`$data = Topic::query()->where('id', $topic_id)->first();`
`241`	`241`	`$quanxian = false;`
`242`		`- if (Authority()->check('admin_topic_edit') && curd()->GetUserClass(auth()->data()->class_id)['permission-value'] > curd()->GetUserClass($data->user->class_id)['permission-value']) {`
	`242`	`+ if (Authority()->check('admin_topic_delete') && curd()->GetUserClass(auth()->data()->class_id)['permission-value'] > curd()->GetUserClass($data->user->class_id)['permission-value']) {`
`243`	`243`	`$quanxian = true;`
`244`		`- } elseif (Authority()->check('topic_edit') && auth()->id() === $data->user->id) {`
	`244`	`+ } elseif (Authority()->check('topic_delete') && auth()->id() === $data->user->id) {`
`245`	`245`	`$quanxian = true;`
`246`	`246`	`}`
`247`	`247`