评查文件列表的查询查看、文档列表的查询查看修改删除都添加了user_id去限制用户操作。

2025-07-21 09:41:20 +08:00
parent e80b6b7da3
commit e7ffbe875e
8 changed files with 177 additions and 88 deletions
@@ -1,9 +1,4 @@
 import { postgrestPut, postgrestPost } from '../postgrest-client';
-// import dayjs from 'dayjs';
-// import { getDocumentTypes } from '../document-types/document-types';
-// import type { DocumentTypeUI } from '../document-types/document-types';
-// import weekday from 'dayjs/plugin/weekday';
-// import updateLocale from 'dayjs/plugin/updateLocale';
 import { formatDate } from '../../utils';

 // 文档数据库表接口
@@ -107,58 +102,6 @@ export interface DocumentSearchParams {
  pageSize?: number; // 每页条数
 }

-// 添加评查结果和评查点类型定义
-// 评查结果类型
-// interface EvaluationResult {
-//   id: string | number;
-//   document_id: string | number;
-//   evaluation_point_id: string | number;
-//   evaluated_results?: {
-//     result?: boolean;
-//     message?: string;
-//     data?: string;
-//     [key: string]: unknown;
-//   };
-//   [key: string]: unknown;
-// }
-
-// 评查点类型
-// interface EvaluationPoint {
-//   id: string | number;
-//   post_action?: string;
-//   score?: number;
-//   [key: string]: unknown;
-// }
-
-// 文档评查状态结果
-// interface DocumentReviewResult {
-//   status: number;
-//   issueCount: number;
-//   passCount: number;
-//   warningCount: number;
-//   failCount: number;
-//   manualCount: number;
-// }
-
-// /**
-//  * 从不同格式的 API 响应中提取数据
-//  * @param responseData API 响应数据
-//  * @returns 提取后的数据或 null
-//  */
-// function extractApiData<T>(responseData: unknown): T | null {
-//   if (!responseData) return null;
-  
-//   // 格式1: { code: number, msg: string, data: T }
-//   if (typeof responseData === 'object' && responseData !== null && 
-//       'code' in responseData && 
-//       'data' in responseData && 
-//       (responseData as { data: unknown }).data) {
-//     return (responseData as { data: T }).data;
-//   }
-  
-//   // 格式2: 直接是数据对象
-//   return responseData as T;
-// }

 /**
 * 将评查状态代码映射到UI状态
@@ -202,14 +145,21 @@ export function getFileExtension(fileName: string): string {
 /**
 * 获取评查文件列表
 * @param searchParams 搜索参数
+ * @param documentIds 文档ID数组（可选）
+ * @param userId 用户ID
 * @returns 评查文件列表和总数
 */
-export async function getReviewFiles(searchParams: DocumentSearchParams = {}, documentIds: number[] | null = null): Promise<{
+export async function getReviewFiles(searchParams: DocumentSearchParams = {}, documentIds: number[] | null = null, userId?: string): Promise<{
  data?: { files: ReviewFileUI[], total: number };
  error?: string;
  status?: number;
 }> {
  try {
+    // 确保userId必须存在，如果不存在则抛出错误
+    if (!userId) {
+      return { error: '用户身份验证失败，无法获取评查文件列表', status: 401 };
+    }
+
    const {
      page = 1,
      pageSize = 10,
@@ -242,6 +192,7 @@ export async function getReviewFiles(searchParams: DocumentSearchParams = {}, do
      p_date_from: dateFrom || null,
      p_date_to: dateTo || null,
      p_document_ids: documentIds || null,
+      p_user_id: parseInt(userId, 10), // 强制要求传递用户ID
    };
    
    const listParams = {
@@ -364,9 +315,10 @@ export async function getReviewFiles(searchParams: DocumentSearchParams = {}, do
 * 更新文件的审核状态
 * @param id 文件ID
 * @param auditStatus 审核状态
+ * @param userId 用户ID
 * @returns 更新结果
 */
-export async function updateDocumentAuditStatus(id: string, auditStatus: number): Promise<{
+export async function updateDocumentAuditStatus(id: string, auditStatus: number, userId: string): Promise<{
  success?: boolean;
  error?: string;
  status?: number;
@@ -376,10 +328,17 @@ export async function updateDocumentAuditStatus(id: string, auditStatus: number)
      return { error: '文件ID不能为空', status: 400 };
    }
    
+    if (!userId) {
+      return { error: '用户身份验证失败', status: 401 };
+    }
+    
    const response = await postgrestPut<Document, Partial<Document>>(
      'documents',
      { audit_status: auditStatus },
-      { id: parseInt(id) }
+      { 
+        id: parseInt(id),
+        user_id: parseInt(userId) // 确保只能更新自己的文档
+      }
    );
    
    if (response.error) {
@@ -304,9 +304,10 @@ export async function getDocuments(searchParams: DocumentSearchParams = {}): Pro
 /**
 * 删除文档
 * @param id 文档ID
+ * @param userId 用户ID
 * @returns 删除结果
 */
-export async function deleteDocument(id: string): Promise<{
+export async function deleteDocument(id: string, userId: string): Promise<{
  success?: boolean;
  error?: string;
  status?: number;
@@ -316,11 +317,16 @@ export async function deleteDocument(id: string): Promise<{
      return { error: '文档ID不能为空', status: 400 };
    }
    
+    if (!userId) {
+      return { error: '用户身份验证失败', status: 401 };
+    }
+    
    const response = await postgrestDelete(
      'documents',
      {
        filter: {
-          'id': `eq.${id}`
+          'id': `eq.${id}`,
+          'user_id': `eq.${userId}` // 确保只能删除自己的文档
        }
      }
    );
@@ -344,7 +350,7 @@ export async function deleteDocument(id: string): Promise<{
 * @param id 文档ID
 * @returns 文档详情
 */
-export async function getDocument(id: string): Promise<{
+export async function getDocument(id: string, userId: string): Promise<{
  data?: DocumentUI;
  error?: string;
  status?: number;
@@ -354,11 +360,16 @@ export async function getDocument(id: string): Promise<{
      return { error: '文档ID不能为空', status: 400 };
    }
    
+    if (!userId) {
+      return { error: '用户身份验证失败', status: 401 };
+    }
+    
    const response = await postgrestGet<Document[]>(
      'documents',
      {
        filter: {
-          'id': `eq.${id}`
+          'id': `eq.${id}`,
+          'user_id': `eq.${userId}`
        },
        limit: 1
      }
@@ -427,7 +438,7 @@ export async function getFileDownloadUrl(filePath: string): Promise<{
 * @param document 部分文档数据
 * @returns 更新结果
 */
-export async function updateDocument(id: string, document: Partial<DocumentUI> & { remark?: string }): Promise<{
+export async function updateDocument(id: string, document: Partial<DocumentUI> & { remark?: string }, userId: string): Promise<{
  data?: DocumentUI;
  error?: string;
  status?: number;
@@ -437,6 +448,10 @@ export async function updateDocument(id: string, document: Partial<DocumentUI> &
      return { error: '文档ID不能为空', status: 400 };
    }
    
+    if (!userId) {
+      return { error: '用户身份验证失败', status: 401 };
+    }
+    
    // 准备API数据 - 将UI数据转换为API格式
    const apiDocument: Partial<Document> = {};
    
@@ -465,7 +480,10 @@ export async function updateDocument(id: string, document: Partial<DocumentUI> &
    const response = await postgrestPut<Document, Partial<Document>>(
      'documents',
      apiDocument,
-      { id: parseInt(id) }
+      { 
+        id: parseInt(id),
+        user_id: parseInt(userId) // 确保只能更新自己的文档
+      }
    );
    
    if (response.error) {
@@ -474,7 +492,7 @@ export async function updateDocument(id: string, document: Partial<DocumentUI> &
    }
    
    // 获取更新后的完整文档数据
-    const updatedResponse = await getDocument(id);
+    const updatedResponse = await getDocument(id, userId);
    
    return updatedResponse;
  } catch (error) {