评查文件列表的查询查看、文档列表的查询查看修改删除都添加了user_id去限制用户操作。
This commit is contained in:
@@ -304,9 +304,10 @@ export async function getDocuments(searchParams: DocumentSearchParams = {}): Pro
|
||||
/**
|
||||
* 删除文档
|
||||
* @param id 文档ID
|
||||
* @param userId 用户ID
|
||||
* @returns 删除结果
|
||||
*/
|
||||
export async function deleteDocument(id: string): Promise<{
|
||||
export async function deleteDocument(id: string, userId: string): Promise<{
|
||||
success?: boolean;
|
||||
error?: string;
|
||||
status?: number;
|
||||
@@ -316,11 +317,16 @@ export async function deleteDocument(id: string): Promise<{
|
||||
return { error: '文档ID不能为空', status: 400 };
|
||||
}
|
||||
|
||||
if (!userId) {
|
||||
return { error: '用户身份验证失败', status: 401 };
|
||||
}
|
||||
|
||||
const response = await postgrestDelete(
|
||||
'documents',
|
||||
{
|
||||
filter: {
|
||||
'id': `eq.${id}`
|
||||
'id': `eq.${id}`,
|
||||
'user_id': `eq.${userId}` // 确保只能删除自己的文档
|
||||
}
|
||||
}
|
||||
);
|
||||
@@ -344,7 +350,7 @@ export async function deleteDocument(id: string): Promise<{
|
||||
* @param id 文档ID
|
||||
* @returns 文档详情
|
||||
*/
|
||||
export async function getDocument(id: string): Promise<{
|
||||
export async function getDocument(id: string, userId: string): Promise<{
|
||||
data?: DocumentUI;
|
||||
error?: string;
|
||||
status?: number;
|
||||
@@ -354,11 +360,16 @@ export async function getDocument(id: string): Promise<{
|
||||
return { error: '文档ID不能为空', status: 400 };
|
||||
}
|
||||
|
||||
if (!userId) {
|
||||
return { error: '用户身份验证失败', status: 401 };
|
||||
}
|
||||
|
||||
const response = await postgrestGet<Document[]>(
|
||||
'documents',
|
||||
{
|
||||
filter: {
|
||||
'id': `eq.${id}`
|
||||
'id': `eq.${id}`,
|
||||
'user_id': `eq.${userId}`
|
||||
},
|
||||
limit: 1
|
||||
}
|
||||
@@ -427,7 +438,7 @@ export async function getFileDownloadUrl(filePath: string): Promise<{
|
||||
* @param document 部分文档数据
|
||||
* @returns 更新结果
|
||||
*/
|
||||
export async function updateDocument(id: string, document: Partial<DocumentUI> & { remark?: string }): Promise<{
|
||||
export async function updateDocument(id: string, document: Partial<DocumentUI> & { remark?: string }, userId: string): Promise<{
|
||||
data?: DocumentUI;
|
||||
error?: string;
|
||||
status?: number;
|
||||
@@ -437,6 +448,10 @@ export async function updateDocument(id: string, document: Partial<DocumentUI> &
|
||||
return { error: '文档ID不能为空', status: 400 };
|
||||
}
|
||||
|
||||
if (!userId) {
|
||||
return { error: '用户身份验证失败', status: 401 };
|
||||
}
|
||||
|
||||
// 准备API数据 - 将UI数据转换为API格式
|
||||
const apiDocument: Partial<Document> = {};
|
||||
|
||||
@@ -465,7 +480,10 @@ export async function updateDocument(id: string, document: Partial<DocumentUI> &
|
||||
const response = await postgrestPut<Document, Partial<Document>>(
|
||||
'documents',
|
||||
apiDocument,
|
||||
{ id: parseInt(id) }
|
||||
{
|
||||
id: parseInt(id),
|
||||
user_id: parseInt(userId) // 确保只能更新自己的文档
|
||||
}
|
||||
);
|
||||
|
||||
if (response.error) {
|
||||
@@ -474,7 +492,7 @@ export async function updateDocument(id: string, document: Partial<DocumentUI> &
|
||||
}
|
||||
|
||||
// 获取更新后的完整文档数据
|
||||
const updatedResponse = await getDocument(id);
|
||||
const updatedResponse = await getDocument(id, userId);
|
||||
|
||||
return updatedResponse;
|
||||
} catch (error) {
|
||||
|
||||
Reference in New Issue
Block a user