diff --git a/server/models/group/group.ts b/server/models/group/group.ts index 39fcf216..a0e3e19c 100644 --- a/server/models/group/group.ts +++ b/server/models/group/group.ts @@ -10,7 +10,14 @@ import { import { Base, TimeStamps } from '@typegoose/typegoose/lib/defaultClasses'; import _ from 'lodash'; import { Types } from 'mongoose'; -import { allPermission, GroupPanelType } from 'tailchat-server-sdk'; +import { + allPermission, + call, + GroupPanelType, + NoPermissionError, + PERMISSION, + TcContext, +} from 'tailchat-server-sdk'; import { User } from '../user/user'; class GroupMember { @@ -296,8 +303,11 @@ export class Group extends TimeStamps implements Base { * * 带权限验证 */ - static async updateGroupMemberField( + static async updateGroupMemberField< + K extends keyof Pick + >( this: ReturnModelType, + ctx: TcContext, groupId: string, memberId: string, fieldName: K, @@ -305,14 +315,33 @@ export class Group extends TimeStamps implements Base { operatorUserId: string ): Promise { const group = await this.findById(groupId); - - if (String(group.owner) !== operatorUserId) { - throw new Error('没有操作权限'); + const t = ctx.meta.t; + + if (fieldName === 'roles') { + // 检查操作用户是否有管理角色的权限 + const [hasRolePermission] = await call(ctx).checkUserPermissions( + groupId, + operatorUserId, + [PERMISSION.core.manageRoles] + ); + if (!hasRolePermission) { + throw new NoPermissionError(t('没有操作角色权限')); + } + } else { + // 检查操作用户是否有管理用户权限 + const [hasUserPermission] = await call(ctx).checkUserPermissions( + groupId, + operatorUserId, + [PERMISSION.core.manageUser] + ); + if (!hasUserPermission) { + throw new NoPermissionError(t('没有操作用户权限')); + } } const member = group.members.find((m) => String(m.userId) === memberId); if (!member) { - throw new Error('没有找到该成员'); + throw new Error(t('没有找到该成员')); } if (typeof fieldValue === 'function') { diff --git a/server/services/core/group/group.service.ts b/server/services/core/group/group.service.ts index fbfc74ea..95dc207d 100644 --- a/server/services/core/group/group.service.ts +++ b/server/services/core/group/group.service.ts @@ -487,20 +487,12 @@ class GroupService extends TcService { }> ) { const { groupId, memberIds, roles } = ctx.params; - const { t, userId } = ctx.meta; - - const [hasPermission] = await call(ctx).checkUserPermissions( - groupId, - userId, - [PERMISSION.core.manageRoles] - ); - if (!hasPermission) { - throw new NoPermissionError(t('没有操作权限')); - } + const { userId } = ctx.meta; await Promise.all( memberIds.map((memberId) => this.adapter.model.updateGroupMemberField( + ctx, groupId, memberId, 'roles', @@ -532,20 +524,12 @@ class GroupService extends TcService { }> ) { const { groupId, memberIds, roles } = ctx.params; - const { t, userId } = ctx.meta; - - const [hasPermission] = await call(ctx).checkUserPermissions( - groupId, - userId, - [PERMISSION.core.manageRoles] - ); - if (!hasPermission) { - throw new NoPermissionError(t('没有操作权限')); - } + const { userId } = ctx.meta; await Promise.all( memberIds.map((memberId) => this.adapter.model.updateGroupMemberField( + ctx, groupId, memberId, 'roles', @@ -954,19 +938,10 @@ class GroupService extends TcService { const { groupId, memberId, muteMs } = ctx.params; const userId = ctx.meta.userId; const language = ctx.meta.language; - const t = ctx.meta.t; const isUnmute = muteMs < 0; - const [hasPermission] = await call(ctx).checkUserPermissions( - groupId, - userId, - [PERMISSION.core.manageUser] - ); - if (!hasPermission) { - throw new NoPermissionError(t('没有操作权限')); - } - const group = await this.adapter.model.updateGroupMemberField( + ctx, groupId, memberId, 'muteUntil',