修改普通用户分享资产时只能查看到普通用户 close #133

server/api/user.go

@@ -49,7 +49,8 @@ func UserPagingEndpoint(c echo.Context) error {
 	order := c.QueryParam("order")
 	field := c.QueryParam("field")
 
-	items, total, err := userRepository.Find(pageIndex, pageSize, username, nickname, mail, order, field)
+	account, _ := GetCurrentAccount(c)
+	items, total, err := userRepository.Find(pageIndex, pageSize, username, nickname, mail, order, field, account)
 	if err != nil {
 		return err
 	}

server/repository/user.go

@@ -1,6 +1,7 @@
 package repository
 
 import (
+	"next-terminal/pkg/constant"
 	"next-terminal/server/model"
 
 	"gorm.io/gorm"
@@ -22,9 +23,16 @@ func (r UserRepository) FindAll() (o []model.User) {
 	return
 }
 
-func (r UserRepository) Find(pageIndex, pageSize int, username, nickname, mail, order, field string) (o []model.UserForPage, total int64, err error) {
+func (r UserRepository) Find(pageIndex, pageSize int, username, nickname, mail, order, field string, account model.User) (o []model.UserForPage, total int64, err error) {
 	db := r.DB.Table("users").Select("users.id,users.username,users.nickname,users.mail,users.online,users.enabled,users.created,users.type, count(resource_sharers.user_id) as sharer_asset_count, users.totp_secret").Joins("left join resource_sharers on users.id = resource_sharers.user_id and resource_sharers.resource_type = 'asset'").Group("users.id")
 	dbCounter := r.DB.Table("users")
+
+	if constant.TypeUser == account.Type {
+		// 普通用户只能查看到普通用户
+		db = db.Where("users.type = ?", constant.TypeUser)
+		dbCounter = dbCounter.Where("type = ?", constant.TypeUser)
+	}
+
 	if len(username) > 0 {
 		db = db.Where("users.username like ?", "%"+username+"%")
 		dbCounter = dbCounter.Where("username like ?", "%"+username+"%")