From f8c29b23b99c08e30ce259aa60af2ea17c4d1a67 Mon Sep 17 00:00:00 2001
From: dushixiang <helloworld1024@foxmail.com>
Date: Sun, 16 May 2021 17:02:22 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E6=99=AE=E9=80=9A=E7=94=A8?=
 =?UTF-8?q?=E6=88=B7=E5=88=86=E4=BA=AB=E8=B5=84=E4=BA=A7=E6=97=B6=E5=8F=AA?=
 =?UTF-8?q?=E8=83=BD=E6=9F=A5=E7=9C=8B=E5=88=B0=E6=99=AE=E9=80=9A=E7=94=A8?=
 =?UTF-8?q?=E6=88=B7=20close=20#133?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 server/api/user.go        |  3 ++-
 server/repository/user.go | 10 +++++++++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/server/api/user.go b/server/api/user.go
index e564dd1..35abe0b 100644
--- a/server/api/user.go
+++ b/server/api/user.go
@@ -49,7 +49,8 @@ func UserPagingEndpoint(c echo.Context) error {
 	order := c.QueryParam("order")
 	field := c.QueryParam("field")
 
-	items, total, err := userRepository.Find(pageIndex, pageSize, username, nickname, mail, order, field)
+	account, _ := GetCurrentAccount(c)
+	items, total, err := userRepository.Find(pageIndex, pageSize, username, nickname, mail, order, field, account)
 	if err != nil {
 		return err
 	}
diff --git a/server/repository/user.go b/server/repository/user.go
index 4ba8a33..f12c916 100644
--- a/server/repository/user.go
+++ b/server/repository/user.go
@@ -1,6 +1,7 @@
 package repository
 
 import (
+	"next-terminal/pkg/constant"
 	"next-terminal/server/model"
 
 	"gorm.io/gorm"
@@ -22,9 +23,16 @@ func (r UserRepository) FindAll() (o []model.User) {
 	return
 }
 
-func (r UserRepository) Find(pageIndex, pageSize int, username, nickname, mail, order, field string) (o []model.UserForPage, total int64, err error) {
+func (r UserRepository) Find(pageIndex, pageSize int, username, nickname, mail, order, field string, account model.User) (o []model.UserForPage, total int64, err error) {
 	db := r.DB.Table("users").Select("users.id,users.username,users.nickname,users.mail,users.online,users.enabled,users.created,users.type, count(resource_sharers.user_id) as sharer_asset_count, users.totp_secret").Joins("left join resource_sharers on users.id = resource_sharers.user_id and resource_sharers.resource_type = 'asset'").Group("users.id")
 	dbCounter := r.DB.Table("users")
+
+	if constant.TypeUser == account.Type {
+		// 普通用户只能查看到普通用户
+		db = db.Where("users.type = ?", constant.TypeUser)
+		dbCounter = dbCounter.Where("type = ?", constant.TypeUser)
+	}
+
 	if len(username) > 0 {
 		db = db.Where("users.username like ?", "%"+username+"%")
 		dbCounter = dbCounter.Where("username like ?", "%"+username+"%")