From ce3348acfd7ca3b1e5dd5c962495ad3bb8fe8fd2 Mon Sep 17 00:00:00 2001
From: wangyaqi <wangyaqi988@163.com>
Date: Fri, 26 Aug 2022 14:59:36 +0800
Subject: [PATCH] fix: permission error

---
 .../uni-id-co/config/permission.js            |  3 +++
 .../uni-id-co/module/admin/add-user.js        | 27 ++++++++++++-------
 .../uni-id-co/module/admin/update-user.js     | 23 ++++++++--------
 3 files changed, 33 insertions(+), 20 deletions(-)

diff --git a/uni_modules/uni-id-pages/uniCloud/cloudfunctions/uni-id-co/config/permission.js b/uni_modules/uni-id-pages/uniCloud/cloudfunctions/uni-id-co/config/permission.js
index ce5b02d..f67725c 100644
--- a/uni_modules/uni-id-pages/uniCloud/cloudfunctions/uni-id-co/config/permission.js
+++ b/uni_modules/uni-id-pages/uniCloud/cloudfunctions/uni-id-co/config/permission.js
@@ -7,6 +7,9 @@ module.exports = {
     // permission: [] // 允许进行此操作的权限，包含任一权限均可操作。
     // 权限角色均配置时，用户拥有任一权限或任一角色均可操作
   },
+  updateUser: {
+    role: ['admin']
+  },
   authorizeAppLogin: {
     role: ['admin']
   },
diff --git a/uni_modules/uni-id-pages/uniCloud/cloudfunctions/uni-id-co/module/admin/add-user.js b/uni_modules/uni-id-pages/uniCloud/cloudfunctions/uni-id-co/module/admin/add-user.js
index c682147..6baa575 100644
--- a/uni_modules/uni-id-pages/uniCloud/cloudfunctions/uni-id-co/module/admin/add-user.js
+++ b/uni_modules/uni-id-pages/uniCloud/cloudfunctions/uni-id-co/module/admin/add-user.js
@@ -18,10 +18,10 @@ const PasswordUtils = require('../../lib/utils/password')
  * @param {String}  params.nickname       昵称
  * @param {Array}   params.authorizedApp  允许登录的AppID列表
  * @param {Array}   params.role           用户角色列表
- * @param {String} params.mobile          手机号
- * @param {String} params.email           邮箱
- * @param {Array}  params.tags            用户标签
- * @param {Number} params.status          用户状态
+ * @param {String}  params.mobile         手机号
+ * @param {String}  params.email          邮箱
+ * @param {Array}   params.tags           用户标签
+ * @param {Number}  params.status         用户状态
  * @returns
  */
 module.exports = async function (params = {}) {
@@ -71,7 +71,9 @@ module.exports = async function (params = {}) {
   } = params
   const userMatched = await findUser({
     userQuery: {
-      username
+      username,
+      mobile,
+      email
     },
     authorizedApp
   })
@@ -89,8 +91,7 @@ module.exports = async function (params = {}) {
   } = passwordUtils.generatePasswordHash({
     password
   })
-
-  await userCollection.add({
+  const data = {
     username,
     password: passwordHash,
     password_secret_version: version,
@@ -101,9 +102,17 @@ module.exports = async function (params = {}) {
     email,
     tags: tags || [],
     status
-  })
+  }
+  if (email) {
+    data.email_confirmed = 1
+  }
+  if (mobile) {
+    data.mobile_confirmed = 1
+  }
 
+  await userCollection.add(data)
   return {
-    errCode: 0
+    errCode: 0,
+    errMsg: ''
   }
 }
diff --git a/uni_modules/uni-id-pages/uniCloud/cloudfunctions/uni-id-co/module/admin/update-user.js b/uni_modules/uni-id-pages/uniCloud/cloudfunctions/uni-id-co/module/admin/update-user.js
index 8bb07cc..5dc1b29 100644
--- a/uni_modules/uni-id-pages/uniCloud/cloudfunctions/uni-id-co/module/admin/update-user.js
+++ b/uni_modules/uni-id-pages/uniCloud/cloudfunctions/uni-id-co/module/admin/update-user.js
@@ -13,20 +13,21 @@ const PasswordUtils = require('../../lib/utils/password')
  * 修改用户
  * @tutorial https://uniapp.dcloud.net.cn/uniCloud/uni-id-pages.html#update-user
  * @param {Object}  params
- * @param {String} params.id              要更新的用户id
+ * @param {String}  params.uid            要更新的用户id
  * @param {String}  params.username       用户名
  * @param {String}  params.password       密码
  * @param {String}  params.nickname       昵称
  * @param {Array}   params.authorizedApp  允许登录的AppID列表
  * @param {Array}   params.role           用户角色列表
- * @param {String} params.mobile          手机号
- * @param {String} params.email           邮箱
- * @param {Array}  params.tags            用户标签
- * @param {Number} params.status          用户状态
+ * @param {String}  params.mobile         手机号
+ * @param {String}  params.email          邮箱
+ * @param {Array}   params.tags           用户标签
+ * @param {Number}  params.status         用户状态
  * @returns
  */
 module.exports = async function (params = {}) {
   const schema = {
+    uid: 'string',
     username: 'username',
     password: {
       required: false,
@@ -65,7 +66,7 @@ module.exports = async function (params = {}) {
   this.middleware.validate(params, schema)
 
   const {
-    id,
+    uid,
     username,
     password,
     authorizedApp,
@@ -78,7 +79,7 @@ module.exports = async function (params = {}) {
   } = params
 
   // 更新的用户数据字段
-  const collection = {
+  const data = {
     username,
     dcloud_appid: authorizedApp || [],
     nickname,
@@ -97,7 +98,7 @@ module.exports = async function (params = {}) {
       },
       authorizedApp
     })
-    if (userMatched.filter(user => user._id !== id).length) {
+    if (userMatched.filter(user => user._id !== uid).length) {
       throw {
         errCode: ERROR.ACCOUNT_EXISTS
       }
@@ -115,11 +116,11 @@ module.exports = async function (params = {}) {
       password
     })
 
-    collection.passwordHash = passwordHash
-    collection.password = password
+    data.password = passwordHash
+    data.password_secret_version = version
   }
 
-  await userCollection.where({_id: id}).update(collection)
+  await userCollection.doc(uid).update(data)
 
   return {
     errCode: 0
-- 
GitLab