feat: Add authentication to UpdateUserProfileHandler and change save …

…function parameter in repository/user.go from value to reference
SJTU-jCourse · Aug 14, 2024 · 3ae2d29 · 3ae2d29
1 parent 16cae31
commit 3ae2d29
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 2 deletions.
diff --git a/handler/user.go b/handler/user.go
@@ -131,11 +131,24 @@ func WatchUserHandler(c *gin.Context) {}
 func UnWatchUserHandler(c *gin.Context) {}
 
 func UpdateUserProfileHandler(c *gin.Context) {
+	userInterface, exists := c.Get(constant.CtxKeyUser)
+	if !exists {
+		c.JSON(http.StatusNotFound, dto.BaseResponse{Message: "用户未登录！"})
+		return
+	}
+	user, _ := userInterface.(*domain.User)
+
 	var request dto.UserProfileDTO
 	if err := c.ShouldBindJSON(&request); err != nil {
 		c.JSON(http.StatusBadRequest, dto.BaseResponse{Message: "参数错误"})
 		return
 	}
+
+	if user.ID != request.UserID {
+		c.JSON(http.StatusForbidden, dto.BaseResponse{Message: "无权更新其他用户信息！"})
+		return
+	}
+
 	err := service.UpdateUserProfileByID(c, &request)
 	if err != nil {
 		c.JSON(http.StatusInternalServerError, dto.BaseResponse{Message: "用户信息更新失败。"})

diff --git a/repository/user.go b/repository/user.go
@@ -131,7 +131,7 @@ func (q *UserProfileQuery) GetUserProfileCount(ctx context.Context, opts ...DBOp
 }
 
 func (q *UserProfileQuery) UpdateUserProfileByID(ctx context.Context, userProfile *po.UserProfilePO) error {
-	result := q.optionDB(ctx, q.WithUserID(userProfile.UserID)).Save(userProfile).Error
+	result := q.optionDB(ctx, q.WithUserID(userProfile.UserID)).Save(&userProfile).Error
 	return result
 }
 
@@ -223,7 +223,7 @@ func (q *UserQuery) GetUserCount(ctx context.Context, opts ...DBOption) (int64,
 }
 
 func (q *UserQuery) UpdateUserByID(ctx context.Context, user *po.UserPO) error {
-	result := q.optionDB(ctx, q.WithID(int64(user.ID))).Save(user).Error
+	result := q.optionDB(ctx, q.WithID(int64(user.ID))).Save(&user).Error
 	return result
 }