图书接口增加权限，图书章节树自动悬浮

Author: shen100

controller/book/book.go

@@ -5,6 +5,7 @@ import (
 	"net/http"
 	"strconv"
 	"strings"
+	"time"
 	"unicode/utf8"
 
 	"github.com/gin-gonic/gin"
@@ -89,6 +90,10 @@ func Save(c *gin.Context, isEdit bool) {
 	} else {
 		//更新图书
 		if err := model.DB.First(&updatedBook, bookData.ID).Error; err == nil {
+			if updatedBook.UserID != user.ID {
+				SendErrJSON("您没有权限执行此操作", c)
+				return
+			}
 			updatedBook.ReadLimits = bookData.ReadLimits
 			updatedBook.Name = bookData.Name
 			updatedBook.CoverURL = bookData.CoverURL
@@ -158,6 +163,15 @@ func UpdateName(c *gin.Context) {
 		SendErrJSON("错误的图书id", c)
 		return
 	}
+
+	userInter, _ := c.Get("user")
+	user := userInter.(model.User)
+
+	if book.UserID != user.ID {
+		SendErrJSON("您没有权限执行此操作", c)
+		return
+	}
+
 	book.Name = bookData.Name
 	if err := model.DB.Save(&book).Error; err != nil {
 		SendErrJSON("error", c)
@@ -187,6 +201,15 @@ func Publish(c *gin.Context) {
 		SendErrJSON("错误的图书id", c)
 		return
 	}
+
+	userInter, _ := c.Get("user")
+	user := userInter.(model.User)
+
+	if book.UserID != user.ID {
+		SendErrJSON("您没有权限执行此操作", c)
+		return
+	}
+
 	book.Status = model.BookVerifySuccess
 	if err := model.DB.Save(&book).Error; err != nil {
 		fmt.Println(err.Error())
@@ -246,7 +269,7 @@ func List(c *gin.Context) {
 
 	if err := model.DB.Model(&model.Book{}).Where("read_limits <> ?", model.BookReadLimitsPrivate).
 		Where("status <> ?", model.BookVerifyFail).Where("status <> ?", model.BookUnpublish).
-		Find(&books).Error; err != nil {
+		Order("created_at desc").Find(&books).Error; err != nil {
 		fmt.Println(err.Error())
 		SendErrJSON("error", c)
 		return
@@ -287,7 +310,7 @@ func MyBooks(c *gin.Context) {
 	pageSize := 20
 	offset := (pageNo - 1) * pageSize
 
-	if err := model.DB.Model(&model.Book{}).Where("user_id = ?", user.ID).Offset(offset).Limit(pageSize).Find(&books).Error; err != nil {
+	if err := model.DB.Model(&model.Book{}).Where("user_id = ?", user.ID).Offset(offset).Limit(pageSize).Order("created_at desc").Find(&books).Error; err != nil {
 		fmt.Println(err.Error())
 		SendErrJSON("error", c)
 		return
@@ -310,7 +333,7 @@ func MyBooks(c *gin.Context) {
 	})
 }
 
-// UserPublicBooks 用户公开的图书
+// UserPublicBooks 用户公开的图书列表
 func UserPublicBooks(c *gin.Context) {
 	SendErrJSON := common.SendErrJSON
 
@@ -363,7 +386,7 @@ func UserPublicBooks(c *gin.Context) {
 	})
 }
 
-// Info 获取图书信息
+// Info 获取图书信息, 若图书是私有的，那么只有作者本人才能查看
 func Info(c *gin.Context) {
 	SendErrJSON := common.SendErrJSON
 	id, err := strconv.Atoi(c.Param("id"))
@@ -412,7 +435,7 @@ func Info(c *gin.Context) {
 	})
 }
 
-// Chapters 获取图书的所有章节
+// Chapters 获取图书的所有章节, 若图书是私有的，那么只有作者本人才能查看
 func Chapters(c *gin.Context) {
 	SendErrJSON := common.SendErrJSON
 	id, err := strconv.Atoi(c.Param("bookID"))
@@ -455,7 +478,7 @@ func Chapters(c *gin.Context) {
 	})
 }
 
-// Chapter 查询章节
+// Chapter 查询章节, 若图书是私有的，那么只有作者本人才能查看
 func Chapter(c *gin.Context) {
 	SendErrJSON := common.SendErrJSON
 	id, err := strconv.Atoi(c.Param("chapterID"))
@@ -581,8 +604,23 @@ func DeleteChapter(c *gin.Context) {
 		SendErrJSON("错误的章节id", c)
 		return
 	}
-	var sql = "DELETE FROM book_chapters WHERE id = ? OR parent_id = ?"
-	if err := model.DB.Exec(sql, id, id).Error; err != nil {
+
+	var chapter model.BookChapter
+	if err := model.DB.First(&chapter, id).Error; err != nil {
+		SendErrJSON("错误的章节id", c)
+		return
+	}
+
+	userInter, _ := c.Get("user")
+	user := userInter.(model.User)
+
+	if chapter.UserID != user.ID {
+		SendErrJSON("您没有权限执行此操作", c)
+		return
+	}
+
+	var sql = "UPDATE book_chapters SET deleted_at = ? WHERE id = ? OR parent_id = ?"
+	if err := model.DB.Exec(sql, time.Now(), id, id).Error; err != nil {
 		fmt.Println(err.Error())
 		SendErrJSON("error", c)
 		return
@@ -623,6 +661,15 @@ func UpdateChapterContent(c *gin.Context) {
 		SendErrJSON("错误的章节id", c)
 		return
 	}
+
+	userInter, _ := c.Get("user")
+	user := userInter.(model.User)
+
+	if chapter.UserID != user.ID {
+		SendErrJSON("您没有权限执行此操作", c)
+		return
+	}
+
 	chapter.Content = reqData.Content
 	chapter.HTMLContent = reqData.HTMLContent
 
@@ -666,6 +713,15 @@ func UpdateChapterName(c *gin.Context) {
 		SendErrJSON("无效的章节id", c)
 		return
 	}
+
+	userInter, _ := c.Get("user")
+	user := userInter.(model.User)
+
+	if chapter.UserID != user.ID {
+		SendErrJSON("您没有权限执行此操作", c)
+		return
+	}
+
 	chapter.Name = reqData.Name
 	if err := model.DB.Save(&chapter).Error; err != nil {
 		fmt.Println(err.Error())

model/errorcode.go

@@ -11,19 +11,10 @@ type errorCode struct {
 
 // ErrorCode 错误码
 var ErrorCode = errorCode{
-	SUCCESS      : 0,
-	ERROR        : 1,
-	NotFound     : 404,
-	LoginError   : 1000, //用户名或密码错误
-	LoginTimeout : 1001, //登录超时
-	InActive     : 1002, //未激活账号
+	SUCCESS:      0,
+	ERROR:        1,
+	NotFound:     404,
+	LoginError:   1000, //用户名或密码错误
+	LoginTimeout: 1001, //登录超时
+	InActive:     1002, //未激活账号
 }
-
-
-
-
-
-
-
-
-

website/assets/styles/book/book.css

@@ -2,32 +2,54 @@ body {
     background-color: #e1e1e1;
 }
 
+.common-body {
+    width: auto;
+    margin-bottom: 0!important;
+}
+
 .book-box {
-    width: 1200px;
     margin: 0 auto;
-    background-color: #fff;
+    text-align: center;
+}
+
+.book-container {
+    padding-right: 20px;
+    display: inline-block;
+    vertical-align: top;
+    position: relative;
+    background: #fff;
 }
 
 .book-header {
-    height: 55px;
-    padding-left: 20px;
     border-bottom: 1px #e2e2e2 solid;
+    padding-left: 20px;
 }
 
 .book-header h1 {
-    line-height: 55px;
+    line-height: 40px;
     font-size: 26px;
+    padding: 8px 0;
 }
 
 .book-tree-box {
+    text-align: left;
     display: inline-block;
     vertical-align: top;
     width: 320px;
-    padding-left: 20px;
-    margin-top: 4px;
     margin-bottom: 4px;
     border-right: 1px solid #e2e2e2;
-    min-height: 600px;
+    overflow-y: auto;
+    overflow-x: hidden;
+}
+
+.book-tree-box-fixed {
+    position: fixed;
+    top: 0;
+}
+
+.book-tree-container {
+    background: #fff;
+    padding-left: 20px;
 }
 
 .book-tree-link:hover {
@@ -39,11 +61,15 @@ body {
 }
 
 .book-content-box {
+    text-align: left;
     width: 840px;
     display: inline-block;
     vertical-align: top;
     margin-left: 19px;
-    margin-top: 4px;
+}
+
+.book-content-box-expand {
+    margin-left: 339px;
 }
 
 .book-chapter-name {

website/layouts/nosidebar.vue

@@ -17,11 +17,7 @@
     export default {
         data () {
             return {
-                siteConfig: this.$store.state.siteConfig,
-                user: this.$store.state.user,
-                userLoginVisible: !this.$store.state.user,
-                messages: this.$store.state.messages,
-                messageCount: this.$store.state.messageCount
+                siteConfig: this.$store.state.siteConfig
             }
         },
         head () {

website/layouts/onlyfooter.vue

@@ -11,8 +11,7 @@
     export default {
         data () {
             return {
-                siteConfig: this.$store.state.siteConfig,
-                user: this.$store.state.user
+                siteConfig: this.$store.state.siteConfig
             }
         },
         head () {

website/layouts/onlyheader.vue

@@ -0,0 +1,38 @@
+<template>
+    <div>
+        <app-header />
+        <div class="common-body" style="margin-bottom: 20px;">
+            <nuxt/>
+        </div>
+        <BackTop></BackTop>
+    </div>
+</template>
+
+<script>
+    import Header from '~/components/Header'
+    import config from '~/config'
+
+    export default {
+        data () {
+            return {
+                siteConfig: this.$store.state.siteConfig
+            }
+        },
+        head () {
+            let siteConfig = this.siteConfig
+            let allowBaiduAd = this.$store.state.baiduAdConfig.allowBaiduAd
+            return {
+                titleTemplate: '%s - ' + siteConfig.title,
+                meta: [
+                    { hid: 'description', name: 'description', content: siteConfig.description },
+                    { name: 'keywords', content: siteConfig.keywords }
+                ],
+                script: allowBaiduAd ? [ {src: config.baiduAdURL} ] : []
+            }
+        },
+        middleware: 'appData',
+        components: {
+            'app-header': Header
+        }
+    }
+</script>