管理员和用户状态为不可用时，删除已生成的API令牌

2025-11-04 16:00:24 +08:00 · 2022-12-02 17:33:45 +08:00
parent 2ee1ee9387
commit e91d593081
4 changed files with 50 additions and 6 deletions
--- a/internal/db/models/admin_dao.go
+++ b/internal/db/models/admin_dao.go
@@ -44,11 +44,17 @@ func (this *AdminDAO) EnableAdmin(tx *dbs.Tx, id int64) (rowsAffected int64, err
 }

 // DisableAdmin 禁用条目
-func (this *AdminDAO) DisableAdmin(tx *dbs.Tx, id int64) (rowsAffected int64, err error) {
-	return this.Query(tx).
-		Pk(id).
+func (this *AdminDAO) DisableAdmin(tx *dbs.Tx, adminId int64) error {
+	err := this.Query(tx).
+		Pk(adminId).
 		Set("state", AdminStateDisabled).
-		Update()
+		UpdateQuickly()
+	if err != nil {
+		return err
+	}
+
+	// 删除AccessTokens
+	return SharedAPIAccessTokenDAO.DeleteAccessTokens(tx, adminId, 0)
 }

 // FindEnabledAdmin 查找启用中的条目
@@ -190,7 +196,19 @@ func (this *AdminDAO) UpdateAdmin(tx *dbs.Tx, adminId int64, username string, ca
 	}
 	op.IsOn = isOn
 	err := this.Save(tx, op)
-	return err
+	if err != nil {
+		return err
+	}
+
+	if !isOn {
+		// 删除AccessTokens
+		err = SharedAPIAccessTokenDAO.DeleteAccessTokens(tx, adminId, 0)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
 }

 // CheckAdminUsername 检查用户名是否存在
--- a/internal/db/models/api_access_token_dao.go
+++ b/internal/db/models/api_access_token_dao.go
@@ -81,3 +81,16 @@ func (this *APIAccessTokenDAO) FindAccessToken(tx *dbs.Tx, token string) (*APIAc
 	}
 	return one.(*APIAccessToken), nil
 }
+
+// DeleteAccessTokens 删除用户的令牌
+func (this *APIAccessTokenDAO) DeleteAccessTokens(tx *dbs.Tx, adminId int64, userId int64) error {
+	var query = this.Query(tx)
+	if adminId > 0 {
+		query.Attr("adminId", adminId)
+	} else if userId > 0 {
+		query.Attr("userId", userId)
+	} else {
+		return nil
+	}
+	return query.DeleteQuickly()
+}
--- a/internal/db/models/user_dao.go
+++ b/internal/db/models/user_dao.go
@@ -74,6 +74,11 @@ func (this *UserDAO) DisableUser(tx *dbs.Tx, userId int64) error {
 		return err
 	}

+	err = SharedAPIAccessTokenDAO.DeleteAccessTokens(tx, 0, userId)
+	if err != nil {
+		return err
+	}
+
 	return this.NotifyUpdate(tx, userId)
 }

@@ -217,6 +222,14 @@ func (this *UserDAO) UpdateUser(tx *dbs.Tx, userId int64, username string, passw
 		return err
 	}

+	// 删除AccessTokens
+	if !isOn {
+		err = SharedAPIAccessTokenDAO.DeleteAccessTokens(tx, 0, userId)
+		if err != nil {
+			return err
+		}
+	}
+
 	return this.NotifyUpdate(tx, userId)
 }

--- a/internal/rpc/services/service_admin.go
+++ b/internal/rpc/services/service_admin.go
@@ -425,7 +425,7 @@ func (this *AdminService) DeleteAdmin(ctx context.Context, req *pb.DeleteAdminRe

 	// TODO 超级管理员用户是不能删除的，或者要至少留一个超级管理员用户

-	_, err = models.SharedAdminDAO.DisableAdmin(tx, req.AdminId)
+	err = models.SharedAdminDAO.DisableAdmin(tx, req.AdminId)
 	if err != nil {
 		return nil, err
 	}