diff --git a/internal/rpc/services/service_sys_setting.go b/internal/rpc/services/service_sys_setting.go index 8e38e494..f4aee815 100644 --- a/internal/rpc/services/service_sys_setting.go +++ b/internal/rpc/services/service_sys_setting.go @@ -3,8 +3,10 @@ package services import ( "context" "github.com/TeaOSLab/EdgeAPI/internal/db/models" - rpcutils "github.com/TeaOSLab/EdgeAPI/internal/rpc/utils" + "github.com/TeaOSLab/EdgeAPI/internal/errors" "github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb" + "github.com/TeaOSLab/EdgeCommon/pkg/systemconfigs" + "github.com/iwind/TeaGo/lists" ) type SysSettingService struct { @@ -14,7 +16,8 @@ type SysSettingService struct { // UpdateSysSetting 更改配置 func (this *SysSettingService) UpdateSysSetting(ctx context.Context, req *pb.UpdateSysSettingRequest) (*pb.RPCSuccess, error) { // 校验请求 - _, _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin, rpcutils.UserTypeUser) + // 不要允许用户修改 + _, err := this.ValidateAdmin(ctx) if err != nil { return nil, err } @@ -32,13 +35,27 @@ func (this *SysSettingService) UpdateSysSetting(ctx context.Context, req *pb.Upd // ReadSysSetting 读取配置 func (this *SysSettingService) ReadSysSetting(ctx context.Context, req *pb.ReadSysSettingRequest) (*pb.ReadSysSettingResponse, error) { // 校验请求 - _, _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin, rpcutils.UserTypeUser) + _, userId, err := this.ValidateAdminAndUser(ctx) if err != nil { return nil, err } var tx = this.NullTx() + // 检查权限 + if userId > 0 { + // TODO 限制用户只能为专有用户,比如1_000_000_000 + if !lists.ContainsString([]string{ + systemconfigs.SettingCodeUserRegisterConfig, + systemconfigs.SettingCodeUserServerConfig, + systemconfigs.SettingCodeUserUIConfig, + systemconfigs.SettingCodeNSUserConfig, + systemconfigs.SettingCodeUserOrderConfig, + }, req.Code) { + return nil, errors.New("can not read setting code '" + req.Code + "'") + } + } + valueJSON, err := models.SharedSysSettingDAO.ReadSetting(tx, req.Code) if err != nil { return nil, err