fix: 检查用户权限

EchoBliss · Sep 28, 2024 · f8f3edc · f8f3edc
1 parent 7a0b038
commit f8f3edc
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/backend/handler/memo.go b/backend/handler/memo.go
@@ -402,10 +402,15 @@ func (m MemoHandler) GetMemo(c echo.Context) error {
 	var (
 		memo db.Memo
 	)
+
+	ctx := c.(CustomContext)
+	currentUser := ctx.CurrentUser()
+
 	id, err := strconv.Atoi(c.QueryParam("id"))
 	if err != nil {
 		return FailResp(c, ParamError)
 	}
+
 	latest := c.QueryParam("latest")
 
 	if err = m.base.db.Preload("User", func(x *gorm.DB) *gorm.DB {
@@ -414,6 +419,10 @@ func (m MemoHandler) GetMemo(c echo.Context) error {
 		return FailResp(c, ParamError)
 	}
 
+	if *memo.ShowType != 1 && (currentUser == nil || currentUser.Id != memo.UserId) {
+		return FailRespWithMsg(c, Fail, "暂无权限查看")
+	}
+
 	var comments []db.Comment
 	tx := m.base.db.Where("memoId = ?", memo.Id).Order("createdAt DESC")
 	if latest != "" {