添加了待办事项的操作的权限检查

2025-05-12 17:00:29 +08:00 · 2025-05-12 17:00:29 +08:00 · 0165c5c6ef
commit 0165c5c6ef
parent b377e208b4
2 changed files with 86 additions and 3 deletions
--- a/Release/database/XNSim.db
+++ b/Release/database/XNSim.db
--- a/XNSimHtml/components/todo-component.js
+++ b/XNSimHtml/components/todo-component.js
@ -94,19 +94,58 @@ class TodoComponent extends HTMLElement {
    }

    showError(message) {
+        // 首先移除之前的错误消息
+        const existingErrorMessage = this.shadowRoot.querySelector('.error-message');
+        if (existingErrorMessage) {
+            existingErrorMessage.remove();
+        }
+
+        // 创建错误消息元素
        const errorDiv = document.createElement('div');
        errorDiv.className = 'error-message';
        errorDiv.textContent = message;
-        this.shadowRoot.appendChild(errorDiv);
+        
+        // 添加自动消失功能
+        errorDiv.style.position = 'fixed';
+        errorDiv.style.top = '20px';
+        errorDiv.style.left = '50%';
+        errorDiv.style.transform = 'translateX(-50%)';
+        errorDiv.style.zIndex = '1000';
+        errorDiv.style.padding = '10px';
+        errorDiv.style.backgroundColor = '#f8d7da';
+        errorDiv.style.color = '#721c24';
+        errorDiv.style.borderRadius = '4px';
+        errorDiv.style.boxShadow = '0 2px 5px rgba(0,0,0,0.2)';
+
+        // 将错误消息添加到文档主体，而不是shadowRoot
+        document.body.appendChild(errorDiv);
+
+        // 3秒后自动消失
+        setTimeout(() => {
+            if (errorDiv.parentNode) {
+                errorDiv.parentNode.removeChild(errorDiv);
+            }
+        }, 3000);
    }

    // 显示编辑执行人对话框
    showEditExecutorModal(todo) {
+        // 权限检查
+        const currentUserLevel = this.currentUser.level || 0;
+        if (currentUserLevel <= 2 && todo.adduser !== this.currentUser.username) {
+            this.showError('您没有权限编辑他人创建的待办事项');
+            return;
+        }
+        if (currentUserLevel === 3 && todo.adduser === 'admin') {
+            this.showError('您没有权限编辑管理员创建的待办事项');
+            return;
+        }
+
        this.editingTodo = todo;
        const { modal, style } = TodoModal.createModal('executor');
        
        // 获取当前用户等级
-        const currentUserLevel = this.currentUser.access_level || 0;
+        const currentUserAccessLevel = this.currentUser.access_level || 0;
        
        // 填充用户下拉列表
        const executorSelect = modal.querySelector('#executor');
@ -115,7 +154,7 @@ class TodoComponent extends HTMLElement {
        const availableUsers = this.users.filter(user => 
            user && 
            user.access_level > 0 && 
-            user.access_level <= currentUserLevel
+            user.access_level <= currentUserAccessLevel
        );

        // 添加用户选项
@ -157,6 +196,17 @@ class TodoComponent extends HTMLElement {

    // 显示编辑计划时间对话框
    showEditScheduleModal(todo) {
+        // 权限检查
+        const currentUserLevel = this.currentUser.level || 0;
+        if (currentUserLevel <= 2 && todo.adduser !== this.currentUser.username) {
+            this.showError('您没有权限编辑他人创建的待办事项');
+            return;
+        }
+        if (currentUserLevel === 3 && todo.adduser === 'admin') {
+            this.showError('您没有权限编辑管理员创建的待办事项');
+            return;
+        }
+
        this.editingTodo = todo;
        const { modal, style } = TodoModal.createModal('schedule');
        
@ -856,6 +906,17 @@ class TodoComponent extends HTMLElement {
            onEditExecutor: (todo) => this.showEditExecutorModal(todo),
            onEditSchedule: (todo) => this.showEditScheduleModal(todo),
            onEditTitle: (todo) => {
+                // 权限检查
+                const currentUserLevel = this.currentUser.level || 0;
+                if (currentUserLevel <= 2 && todo.adduser !== this.currentUser.username) {
+                    this.showError('您没有权限编辑他人创建的待办事项');
+                    return;
+                }
+                if (currentUserLevel === 3 && todo.adduser === 'admin') {
+                    this.showError('您没有权限编辑管理员创建的待办事项');
+                    return;
+                }
+
                const { modal, style } = TodoModal.createModal('edit-title');
                const titleInput = modal.querySelector('#title');
                titleInput.value = todo.title;
@ -887,6 +948,17 @@ class TodoComponent extends HTMLElement {
                document.body.appendChild(modal);
            },
            onEditDescription: (todo) => {
+                // 权限检查
+                const currentUserLevel = this.currentUser.level || 0;
+                if (currentUserLevel <= 2 && todo.adduser !== this.currentUser.username) {
+                    this.showError('您没有权限编辑他人创建的待办事项');
+                    return;
+                }
+                if (currentUserLevel === 3 && todo.adduser === 'admin') {
+                    this.showError('您没有权限编辑管理员创建的待办事项');
+                    return;
+                }
+
                const { modal, style } = TodoModal.createModal('edit-description');
                const textInput = modal.querySelector('#text');
                textInput.value = todo.text || '';
@ -914,6 +986,17 @@ class TodoComponent extends HTMLElement {
                document.body.appendChild(modal);
            },
            onDelete: async (todo) => {
+                // 权限检查
+                const currentUserLevel = this.currentUser.level || 0;
+                if (currentUserLevel <= 2 && todo.adduser !== this.currentUser.username) {
+                    this.showError('您没有权限删除他人创建的待办事项');
+                    return;
+                }
+                if (currentUserLevel === 3 && todo.adduser === 'admin') {
+                    this.showError('您没有权限删除管理员创建的待办事项');
+                    return;
+                }
+
                if (confirm('确定要删除这条待办事项吗？')) {
                    try {
                        await TodoService.deleteTodo(todo.id);