✨ feat(Admin): 增加网站管理接口

apis/Admin/GetUserList.js

@@ -0,0 +1,66 @@
+const API = require("../../lib/API");
+const { BaseStdResponse } = require("../../BaseStdResponse");
+const db = require("../../plugin/DataBase/db");
+const AccessControl = require("../../lib/AccessControl");
+
+class GetUserList extends API {
+    constructor() {
+        super();
+
+        this.setPath('/Admin/User');
+        this.setMethod('GET');
+    }
+
+    async onRequest(req, res) {
+        let {
+            uuid,
+            session
+        } = req.query;
+
+        if (!uuid || !session) {
+            res.json({
+                ...BaseStdResponse.MISSING_PARAMETER,
+                endpoint: 1513123
+            });
+            return;
+        }
+
+        //检查session
+        if (!await AccessControl.checkSession(uuid, session)) {
+            res.json({
+                ...BaseStdResponse.ACCESS_DENIED,
+                endpoint: 4815312
+            });
+            return;
+        }
+
+        //确认操作人权限
+        let permission = await AccessControl.getPermission(uuid);
+
+        if (!permission.includes("admin")) {
+            res.json({
+                ...BaseStdResponse.PERMISSION_DENIED,
+                endpoint: 4815456,
+            });
+            return;
+        }
+
+        let sql = `SELECT id, uuid, username, wxid, avatar, admin, manage FROM users`;
+        let result = await db.query(sql);
+
+        if (!result) {
+            res.json({
+                ...BaseStdResponse.ERR,
+                endpoint: 132456,
+            });
+            return;
+        }
+
+        res.json({
+            ...BaseStdResponse.OK,
+            data: result,
+        });
+    }
+}
+
+module.exports.GetUserList = GetUserList;

apis/Admin/SetPermission.js

@@ -0,0 +1,66 @@
+const API = require("../../lib/API");
+const { BaseStdResponse } = require("../../BaseStdResponse");
+const db = require("../../plugin/DataBase/db");
+const AccessControl = require("../../lib/AccessControl");
+
+class SetPermission extends API {
+    constructor() {
+        super();
+
+        this.setPath('/Admin/SetPermission');
+        this.setMethod('POST');
+    }
+
+    async onRequest(req, res) {
+        let {
+            uuid,
+            session,
+            userid,
+            manage
+        } = req.body;
+
+        if ([uuid, session, userid, manage].some(value => value === '' || value === null || value === undefined)) {
+            res.json({
+                ...BaseStdResponse.MISSING_PARAMETER,
+                endpoint: 151456
+            });
+            return;
+        }
+
+        //检查session
+        if (!await AccessControl.checkSession(uuid, session)) {
+            res.json({
+                ...BaseStdResponse.ACCESS_DENIED,
+                endpoint: 485367
+            });
+            return;
+        }
+
+        //确认操作人权限
+        let permission = await AccessControl.getPermission(uuid);
+        if (!permission.includes("admin")) {
+            res.json({
+                ...BaseStdResponse.PERMISSION_DENIED,
+                endpoint: 4815478,
+            });
+            return;
+        }
+
+        let sql = `UPDATE users SET manage = ? WHERE id = ?`;
+        let result = await db.query(sql, [manage, userid]);
+
+        if (result.affectedRows !== 1) {
+            res.json({
+                ...BaseStdResponse.DATABASE_ERR,
+                endpoint: 5135135
+            });
+            return;
+        }
+
+        res.json({
+            ...BaseStdResponse.OK
+        });
+    }
+}
+
+module.exports.SetPermission = SetPermission;

apis/ClockIn/SupplementRecord.js

@@ -51,7 +51,7 @@ class SupplementRecord extends API {
 
             // 检查权限
             const permission = await AccessControl.getPermission(uuid);
-            if (item.createUser !== uuid && !permission.groups.includes('admin') && !item.admin.includes(uuid)) {
+            if (item.createUser !== uuid && !permission.includes('admin') && !item.admin.includes(uuid)) {
                 return res.json({
                     ...BaseStdResponse.PERMISSION_DENIED,
                     endpoint: 481454,