Merge branch 'feat/development' into develop

Author: smileShirmy

README.md

@@ -61,7 +61,13 @@ QQ 群号：643205479
 
 ## 版本日志
 
-最新版本 `0.3.1`
+最新版本 `0.3.2`
+
+### 0.3.2
+
+1. `F` 更改文件上传返回字段
+2. `F` `GET admin/users` 和 `GET admin/group/all` 接口过滤 `root` 用户
+3. `F` `PUT /admin/user/{id}` 接口不允许修改 `root` 用户的分组
 
 ### 0.3.1
 

app/dao/admin.js

@@ -32,6 +32,11 @@ class AdminDao {
   async getUsers (groupId, page, count1) {
     let userIds = [];
     const condition = {
+      where: {
+        username: {
+          [Op.ne]: 'root'
+        }
+      },
       offset: page * count1,
       limit: count1
     };
@@ -42,12 +47,8 @@ class AdminDao {
         }
       });
       userIds = userGroup.map(v => v.user_id);
-      Object.assign(condition, {
-        where: {
-          id: {
-            [Op.in]: userIds
-          }
-        }
+      set(condition, 'where.id', {
+        [Op.in]: userIds
       });
     }
     const { rows, count } = await UserModel.findAndCountAll(condition);
@@ -134,6 +135,29 @@ class AdminDao {
         errorCode: 10021
       });
     }
+
+    const userGroup = await UserGroupModel.findAll({
+      where: {
+        user_id: user.id
+      }
+    });
+    const groupIds = userGroup.map(v => v.group_id);
+    const isAdmin = await GroupModel.findOne({
+      where: {
+        name: 'root',
+        id: {
+          [Op.in]: groupIds
+        }
+      }
+    });
+
+    if (isAdmin) {
+      throw new Forbidden({
+        msg: '不可修改root用户的分组',
+        errorCode: 10078
+      });
+    }
+
     for (const id of v.get('body.group_ids') || []) {
       const group = await GroupModel.findByPk(id);
       if (group.name === 'root') {
@@ -189,7 +213,13 @@ class AdminDao {
   }
 
   async getAllGroups () {
-    const allGroups = await GroupModel.findAll();
+    const allGroups = await GroupModel.findAll({
+      where: {
+        name: {
+          [Op.ne]: 'root'
+        }
+      }
+    });
     return allGroups;
   }
 

app/extensions/file/local-uploader.js

@@ -24,7 +24,9 @@ class LocalUploader extends Uploader {
       if (exist) {
         arr.push({
           id: exist.id,
-          path: `${siteDomain}/assets/${exist.path}`,
+          key: file.fieldname,
+          path: exist.path,
+          url: `${siteDomain}/assets/${exist.path}`,
           type: exist.type,
           name: exist.name,
           extension: exist.extension,
@@ -50,7 +52,9 @@ class LocalUploader extends Uploader {
         );
         arr.push({
           id: saved.id,
-          path: `${siteDomain}/assets/${saved.path}`,
+          key: file.fieldname,
+          path: exist.path,
+          url: `${siteDomain}/assets/${saved.path}`,
           type: saved.type,
           name: file.name,
           extension: saved.extension,

app/models/permission.js

@@ -23,7 +23,8 @@ class Permission extends Model {
         if (
           permissions.find(
             permission =>
-              permission.name === permissionName && permission.module === moduleName
+              permission.name === permissionName &&
+              permission.module === moduleName
           )
         ) {
           continue;
@@ -38,7 +39,9 @@ class Permission extends Model {
       }
       const permissionIds = [];
       for (const { id, name, module: moduleName } of permissions) {
-        if (info.find(val => val.permission === name && val.module === moduleName)) {
+        if (
+          info.find(val => val.permission === name && val.module === moduleName)
+        ) {
           continue;
         }
         await this.destroy({

tests/api/cms/test1.test.js

@@ -1,9 +1,9 @@
-import "../../helper/initial";
-import request from "supertest";
+import '../../helper/initial';
+import request from 'supertest';
 import { createApp } from '../../../app/app';
-import sequelize from "../../../app/libs/db";
+import sequelize from '../../../app/libs/db';
 
-describe("test1.test.js", () => {
+describe('test1.test.js', () => {
   // 必须，app示例
   let app;
 
@@ -21,23 +21,23 @@ describe("test1.test.js", () => {
 
   // 测试 api 的函数
   // 测试 api的 URL 为 /cms/test/
-  test("测试/cms/test/", async () => {
-    const response = await request(app.callback()).get("/cms/test/");
+  test('测试/cms/test/', async () => {
+    const response = await request(app.callback()).get('/cms/test/');
     expect(response.status).toBe(200);
     expect(response.type).toMatch(/html/);
   });
 
   // 这个测试不会通过，缺少认证，可以参考 user2.test.js 添加 bearer
-  test("测试/cms/user/register 输入不规范用户名", async () => {
+  test('测试/cms/user/register 输入不规范用户名', async () => {
     const response = await request(app.callback())
-      .post("/cms/user/register")
+      .post('/cms/user/register')
       .send({
-        username: "p",
-        password: "123456",
-        confirm_password: "123456"
+        username: 'p',
+        password: '123456',
+        confirm_password: '123456'
       });
     expect(response.status).toBe(400);
-    expect(response.body).toHaveProperty("error_code", 10030);
+    expect(response.body).toHaveProperty('error_code', 10030);
     expect(response.type).toMatch(/json/);
   });
 });