This commit is contained in:
tsuki
parent
2f55eec940
commit
58ea36e73c
@ -1,5 +1,6 @@
|
|||||||
|
use crate::auth::get_auth_user;
|
||||||
use crate::graphql::types::{blog::*, PaginatedResult, PaginationInput};
|
use crate::graphql::types::{blog::*, PaginatedResult, PaginationInput};
|
||||||
use crate::services::blog_service::BlogService;
|
use crate::services::{blog_service::BlogService, casbin_service::CasbinService};
|
||||||
use async_graphql::{Context, Error as GraphQLError, Object, Result};
|
use async_graphql::{Context, Error as GraphQLError, Object, Result};
|
||||||
use uuid::Uuid;
|
use uuid::Uuid;
|
||||||
|
|
||||||
@ -16,8 +17,49 @@ impl BlogQuery {
|
|||||||
pagination: Option<PaginationInput>,
|
pagination: Option<PaginationInput>,
|
||||||
) -> Result<PaginatedResult<Blog>> {
|
) -> Result<PaginatedResult<Blog>> {
|
||||||
let blog_service = ctx.data::<BlogService>()?;
|
let blog_service = ctx.data::<BlogService>()?;
|
||||||
|
|
||||||
|
// 检查用户权限
|
||||||
|
let mut updated_filter = filter.unwrap_or(BlogFilterInput {
|
||||||
|
title: None,
|
||||||
|
slug: None,
|
||||||
|
category_id: None,
|
||||||
|
status: None,
|
||||||
|
is_featured: None,
|
||||||
|
is_active: None,
|
||||||
|
tag_ids: None,
|
||||||
|
search: None,
|
||||||
|
date_from: None,
|
||||||
|
date_to: None,
|
||||||
|
});
|
||||||
|
|
||||||
|
// 尝试获取用户信息和权限检查
|
||||||
|
match get_auth_user(ctx).await {
|
||||||
|
Ok(user) => {
|
||||||
|
// 用户已认证,检查是否有读取 blogs 的权限
|
||||||
|
let casbin_service = ctx.data::<CasbinService>()?;
|
||||||
|
let has_permission = casbin_service
|
||||||
|
.can_read(&user.id.to_string(), "blogs")
|
||||||
|
.await
|
||||||
|
.unwrap_or(false);
|
||||||
|
|
||||||
|
// 如果没有权限,则只返回非 draft 状态的博客
|
||||||
|
if !has_permission {
|
||||||
|
// 如果过滤器中没有设置状态,或者状态包含 draft,则排除 draft 状态
|
||||||
|
if updated_filter.status.is_none() || updated_filter.status.as_ref() == Some(&"draft".to_string()) {
|
||||||
|
updated_filter.status = Some("published".to_string());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Err(_) => {
|
||||||
|
// 用户未认证,只返回已发布的博客
|
||||||
|
if updated_filter.status.is_none() || updated_filter.status.as_ref() == Some(&"draft".to_string()) {
|
||||||
|
updated_filter.status = Some("published".to_string());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
let result = blog_service
|
let result = blog_service
|
||||||
.get_blogs(filter, sort, pagination)
|
.get_blogs(Some(updated_filter), sort, pagination)
|
||||||
.await
|
.await
|
||||||
.map_err(|e| GraphQLError::new(e.to_string()))?;
|
.map_err(|e| GraphQLError::new(e.to_string()))?;
|
||||||
|
|
||||||
@ -37,6 +79,27 @@ impl BlogQuery {
|
|||||||
.get_blog_by_id(id)
|
.get_blog_by_id(id)
|
||||||
.await
|
.await
|
||||||
.map_err(|e| GraphQLError::new(e.to_string()))?;
|
.map_err(|e| GraphQLError::new(e.to_string()))?;
|
||||||
|
|
||||||
|
// 权限检查:如果是 draft 状态,需要验证用户权限
|
||||||
|
if blog.status == "draft" {
|
||||||
|
match get_auth_user(ctx).await {
|
||||||
|
Ok(user) => {
|
||||||
|
let casbin_service = ctx.data::<CasbinService>()?;
|
||||||
|
let has_permission = casbin_service
|
||||||
|
.can_read(&user.id.to_string(), "blogs")
|
||||||
|
.await
|
||||||
|
.unwrap_or(false);
|
||||||
|
|
||||||
|
if !has_permission {
|
||||||
|
return Err(GraphQLError::new("Insufficient permissions to access draft content"));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Err(_) => {
|
||||||
|
return Err(GraphQLError::new("Authentication required to access draft content"));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
Ok(blog.into())
|
Ok(blog.into())
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -47,6 +110,27 @@ impl BlogQuery {
|
|||||||
.get_blog_by_slug(&slug)
|
.get_blog_by_slug(&slug)
|
||||||
.await
|
.await
|
||||||
.map_err(|e| GraphQLError::new(e.to_string()))?;
|
.map_err(|e| GraphQLError::new(e.to_string()))?;
|
||||||
|
|
||||||
|
// 权限检查:如果是 draft 状态,需要验证用户权限
|
||||||
|
if blog.status == "draft" {
|
||||||
|
match get_auth_user(ctx).await {
|
||||||
|
Ok(user) => {
|
||||||
|
let casbin_service = ctx.data::<CasbinService>()?;
|
||||||
|
let has_permission = casbin_service
|
||||||
|
.can_read(&user.id.to_string(), "blogs")
|
||||||
|
.await
|
||||||
|
.unwrap_or(false);
|
||||||
|
|
||||||
|
if !has_permission {
|
||||||
|
return Err(GraphQLError::new("Insufficient permissions to access draft content"));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Err(_) => {
|
||||||
|
return Err(GraphQLError::new("Authentication required to access draft content"));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
Ok(blog.into())
|
Ok(blog.into())
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -56,6 +140,26 @@ impl BlogQuery {
|
|||||||
.get_blog_detail(id)
|
.get_blog_detail(id)
|
||||||
.await
|
.await
|
||||||
.map_err(|e| GraphQLError::new(e.to_string()))?;
|
.map_err(|e| GraphQLError::new(e.to_string()))?;
|
||||||
|
|
||||||
|
// 权限检查:如果是 draft 状态,需要验证用户权限
|
||||||
|
if detail.blog.status == "draft" {
|
||||||
|
match get_auth_user(ctx).await {
|
||||||
|
Ok(user) => {
|
||||||
|
let casbin_service = ctx.data::<CasbinService>()?;
|
||||||
|
let has_permission = casbin_service
|
||||||
|
.can_read(&user.id.to_string(), "blogs")
|
||||||
|
.await
|
||||||
|
.unwrap_or(false);
|
||||||
|
|
||||||
|
if !has_permission {
|
||||||
|
return Err(GraphQLError::new("Insufficient permissions to access draft content"));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Err(_) => {
|
||||||
|
return Err(GraphQLError::new("Authentication required to access draft content"));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// 手动转换 BlogDetail,因为它包含嵌套结构
|
// 手动转换 BlogDetail,因为它包含嵌套结构
|
||||||
Ok(BlogDetail {
|
Ok(BlogDetail {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user