creation/memory
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix:修复用户无法编辑帖子的 bug

Browse Source
This commit is contained in:
amos
2025-12-19 16:59:01 +08:00
parent 4ddde23819
commit adcd553e2a
1 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
server/internal/handler/post.go
View File

@@ -90,7 +90,7 @@ func (h *PostHandler) List(c *gin.Context) {
LIMIT ? OFFSET ?
`, userID, pageSize, offset)
} else {
// 普通用户:只能看到非超管的帖子 + 可见性为所有人的帖子 + 自己的帖子
// 普通用户:可以看到公开帖子(包括超管的公开帖子)+ 自己的私密帖子
rows, err = h.db.Query(`
SELECT p.id, p.user_id, p.content, p.created_at, p.updated_at, COALESCE(p.visibility, 0),
u.id, u.username, u.nickname, u.avatar_url, COALESCE(u.is_superadmin, 0),
@@ -99,8 +99,7 @@ func (h *PostHandler) List(c *gin.Context) {
(SELECT COUNT(*) FROM comments WHERE post_id = p.id) as comment_count
FROM posts p
JOIN users u ON p.user_id = u.id
WHERE COALESCE(u.is_superadmin, 0) = 0
AND (COALESCE(p.visibility, 0) = 0 OR p.user_id = ?)
WHERE COALESCE(p.visibility, 0) = 0 OR p.user_id = ?
ORDER BY p.created_at DESC
LIMIT ? OFFSET ?
`, userID, userID, pageSize, offset)
@@ -191,6 +190,7 @@ func (h *PostHandler) Update(c *gin.Context) {
postID, _ := strconv.ParseInt(c.Param("id"), 10, 64)
userID := middleware.GetUserID(c)
isAdmin, _ := c.Get("is_admin")
isAdminBool := isAdmin != nil && isAdmin.(bool)
var req model.UpdatePostRequest
if err := c.ShouldBindJSON(&req); err != nil {
@@ -206,7 +206,8 @@ func (h *PostHandler) Update(c *gin.Context) {
return
}
if postUserID != userID && !isAdmin.(bool) {
// 帖子作者或管理员可以编辑
if postUserID != userID && !isAdminBool {
c.JSON(http.StatusForbidden, gin.H{"error": "permission denied"})
return
}
@@ -263,6 +264,7 @@ func (h *PostHandler) Delete(c *gin.Context) {
postID, _ := strconv.ParseInt(c.Param("id"), 10, 64)
userID := middleware.GetUserID(c)
isAdmin, _ := c.Get("is_admin")
isAdminBool := isAdmin != nil && isAdmin.(bool)
// 检查权限
var postUserID int64
@@ -272,7 +274,8 @@ func (h *PostHandler) Delete(c *gin.Context) {
return
}
if postUserID != userID && !isAdmin.(bool) {
// 帖子作者或管理员可以删除
if postUserID != userID && !isAdminBool {
c.JSON(http.StatusForbidden, gin.H{"error": "permission denied"})
return
}