mmosaic/mmap
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sycn
Some checks are pending
Docker Build and Push / build (push) Waiting to run
Details

Browse Source
This commit is contained in:
tsuki 2025-08-18 23:14:02 +08:00
parent 2f55eec940
commit 58ea36e73c
1 changed files with 106 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

108
src/graphql/queries/blog.rs
View File

@ -1,5 +1,6 @@
use crate::auth::get_auth_user;
use crate::graphql::types::{blog::*, PaginatedResult, PaginationInput};
use crate::services::blog_service::BlogService;
use crate::services::{blog_service::BlogService, casbin_service::CasbinService};
use async_graphql::{Context, Error as GraphQLError, Object, Result};
use uuid::Uuid;
@ -16,8 +17,49 @@ impl BlogQuery {
pagination: Option<PaginationInput>,
) -> Result<PaginatedResult<Blog>> {
let blog_service = ctx.data::<BlogService>()?;
// 检查用户权限
let mut updated_filter = filter.unwrap_or(BlogFilterInput {
title: None,
slug: None,
category_id: None,
status: None,
is_featured: None,
is_active: None,
tag_ids: None,
search: None,
date_from: None,
date_to: None,
});
// 尝试获取用户信息和权限检查
match get_auth_user(ctx).await {
Ok(user) => {
// 用户已认证,检查是否有读取 blogs 的权限
let casbin_service = ctx.data::<CasbinService>()?;
let has_permission = casbin_service
.can_read(&user.id.to_string(), "blogs")
.await
.unwrap_or(false);
// 如果没有权限,则只返回非 draft 状态的博客
if !has_permission {
// 如果过滤器中没有设置状态,或者状态包含 draft则排除 draft 状态
if updated_filter.status.is_none() || updated_filter.status.as_ref() == Some(&"draft".to_string()) {
updated_filter.status = Some("published".to_string());
}
}
}
Err(_) => {
// 用户未认证,只返回已发布的博客
if updated_filter.status.is_none() || updated_filter.status.as_ref() == Some(&"draft".to_string()) {
updated_filter.status = Some("published".to_string());
}
}
}
let result = blog_service
.get_blogs(filter, sort, pagination)
.get_blogs(Some(updated_filter), sort, pagination)
.await
.map_err(|e| GraphQLError::new(e.to_string()))?;
@ -37,6 +79,27 @@ impl BlogQuery {
.get_blog_by_id(id)
.await
.map_err(|e| GraphQLError::new(e.to_string()))?;
// 权限检查:如果是 draft 状态,需要验证用户权限
if blog.status == "draft" {
match get_auth_user(ctx).await {
Ok(user) => {
let casbin_service = ctx.data::<CasbinService>()?;
let has_permission = casbin_service
.can_read(&user.id.to_string(), "blogs")
.await
.unwrap_or(false);
if !has_permission {
return Err(GraphQLError::new("Insufficient permissions to access draft content"));
}
}
Err(_) => {
return Err(GraphQLError::new("Authentication required to access draft content"));
}
}
}
Ok(blog.into())
}
@ -47,6 +110,27 @@ impl BlogQuery {
.get_blog_by_slug(&slug)
.await
.map_err(|e| GraphQLError::new(e.to_string()))?;
// 权限检查:如果是 draft 状态,需要验证用户权限
if blog.status == "draft" {
match get_auth_user(ctx).await {
Ok(user) => {
let casbin_service = ctx.data::<CasbinService>()?;
let has_permission = casbin_service
.can_read(&user.id.to_string(), "blogs")
.await
.unwrap_or(false);
if !has_permission {
return Err(GraphQLError::new("Insufficient permissions to access draft content"));
}
}
Err(_) => {
return Err(GraphQLError::new("Authentication required to access draft content"));
}
}
}
Ok(blog.into())
}
@ -56,6 +140,26 @@ impl BlogQuery {
.get_blog_detail(id)
.await
.map_err(|e| GraphQLError::new(e.to_string()))?;
// 权限检查:如果是 draft 状态,需要验证用户权限
if detail.blog.status == "draft" {
match get_auth_user(ctx).await {
Ok(user) => {
let casbin_service = ctx.data::<CasbinService>()?;
let has_permission = casbin_service
.can_read(&user.id.to_string(), "blogs")
.await
.unwrap_or(false);
if !has_permission {
return Err(GraphQLError::new("Insufficient permissions to access draft content"));
}
}
Err(_) => {
return Err(GraphQLError::new("Authentication required to access draft content"));
}
}
}
// 手动转换 BlogDetail因为它包含嵌套结构
Ok(BlogDetail {