From c639d98b00227749e8051df018f325f779e996e6 Mon Sep 17 00:00:00 2001
From: GoEdgeLab <goedgecloud@gmail.com>
Date: Sat, 10 Sep 2022 17:00:54 +0800
Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=BC=BA=E7=B3=BB=E7=BB=9F=E9=85=8D?=
 =?UTF-8?q?=E7=BD=AE=E6=8E=A5=E5=8F=A3=E7=9A=84=E6=9D=83=E9=99=90=E6=A3=80?=
 =?UTF-8?q?=E6=9F=A5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 internal/rpc/services/service_sys_setting.go | 23 +++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

diff --git a/internal/rpc/services/service_sys_setting.go b/internal/rpc/services/service_sys_setting.go
index 8e38e494..f4aee815 100644
--- a/internal/rpc/services/service_sys_setting.go
+++ b/internal/rpc/services/service_sys_setting.go
@@ -3,8 +3,10 @@ package services
 import (
 	"context"
 	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
-	rpcutils "github.com/TeaOSLab/EdgeAPI/internal/rpc/utils"
+	"github.com/TeaOSLab/EdgeAPI/internal/errors"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/systemconfigs"
+	"github.com/iwind/TeaGo/lists"
 )
 
 type SysSettingService struct {
@@ -14,7 +16,8 @@ type SysSettingService struct {
 // UpdateSysSetting 更改配置
 func (this *SysSettingService) UpdateSysSetting(ctx context.Context, req *pb.UpdateSysSettingRequest) (*pb.RPCSuccess, error) {
 	// 校验请求
-	_, _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin, rpcutils.UserTypeUser)
+	// 不要允许用户修改
+	_, err := this.ValidateAdmin(ctx)
 	if err != nil {
 		return nil, err
 	}
@@ -32,13 +35,27 @@ func (this *SysSettingService) UpdateSysSetting(ctx context.Context, req *pb.Upd
 // ReadSysSetting 读取配置
 func (this *SysSettingService) ReadSysSetting(ctx context.Context, req *pb.ReadSysSettingRequest) (*pb.ReadSysSettingResponse, error) {
 	// 校验请求
-	_, _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin, rpcutils.UserTypeUser)
+	_, userId, err := this.ValidateAdminAndUser(ctx)
 	if err != nil {
 		return nil, err
 	}
 
 	var tx = this.NullTx()
 
+	// 检查权限
+	if userId > 0 {
+		// TODO 限制用户只能为专有用户，比如1_000_000_000
+		if !lists.ContainsString([]string{
+			systemconfigs.SettingCodeUserRegisterConfig,
+			systemconfigs.SettingCodeUserServerConfig,
+			systemconfigs.SettingCodeUserUIConfig,
+			systemconfigs.SettingCodeNSUserConfig,
+			systemconfigs.SettingCodeUserOrderConfig,
+		}, req.Code) {
+			return nil, errors.New("can not read setting code '" + req.Code + "'")
+		}
+	}
+
 	valueJSON, err := models.SharedSysSettingDAO.ReadSetting(tx, req.Code)
 	if err != nil {
 		return nil, err