diff --git a/conf/app.conf.example b/conf/app.conf.example index 6890c281..94892c84 100644 --- a/conf/app.conf.example +++ b/conf/app.conf.example @@ -142,7 +142,7 @@ ldap_base="${MINDOC_LDAP_BASE||dc=example,dc=com}" ldap_user="${MINDOC_LDAP_USER||cn=ldap helper,ou=example.com,dc=example,dc=com}" #第一次绑定ldap用户密码 ldap_password="${MINDOC_LDAP_PASSWORD||xxx}" -#自动注册用户角色:0 超级管理员 /1 管理员/ 2 普通用户 +#自动注册用户角色:0 超级管理员 /1 管理员/ 2 普通用户/ 3 只读用户 ldap_user_role=${MINDOC_LDAP_USER_ROLE||2} #ldap搜索filter规则,AD服务器: objectClass=User, openldap服务器: objectClass=posixAccount ,也可以定义为其他属性,如: title=mindoc ldap_filter="${MINDOC_LDAP_FILTER||objectClass=posixAccount}" diff --git a/conf/enumerate.go b/conf/enumerate.go index 3a66afa3..8323c0bd 100644 --- a/conf/enumerate.go +++ b/conf/enumerate.go @@ -33,6 +33,8 @@ const ( MemberAdminRole //普通用户. MemberGeneralRole + //只读用户. + MemberReaderRole ) // 系统角色 diff --git a/conf/lang/en-us.ini b/conf/lang/en-us.ini index 76771ddd..33d4da30 100644 --- a/conf/lang/en-us.ini +++ b/conf/lang/en-us.ini @@ -91,6 +91,7 @@ password_length_invalid = The password cannot be empty and must be between 6-50 mail_expired = Mail has expired captcha_expired = The verification code has expired, please try again. user_not_existed = User does not exist +readusr_only_observer = Read only users can only be set as observers email_not_exist = Email does not exist failed_save_password = Failed to save password mail_service_not_enable = Mail service is not enabled diff --git a/conf/lang/ru-ru.ini b/conf/lang/ru-ru.ini index f436ec88..12fbc58e 100644 --- a/conf/lang/ru-ru.ini +++ b/conf/lang/ru-ru.ini @@ -91,6 +91,7 @@ password_length_invalid = Пароль не может быть пустым и mail_expired = почта просрочена captcha_expired = Срок действия капчи истек, попробуйте еще раз user_not_existed = этот пользователь не существует +readusr_only_observer = Толькі для чытання карыстальнікаў можна ўсталяваць толькі як назіральнікі email_not_exist = этот адрес электронной почты не существует failed_save_password = Не удалось сохранить пароль mail_service_not_enable = Служба электронной почты не включена diff --git a/conf/lang/zh-cn.ini b/conf/lang/zh-cn.ini index b95e0c0a..76d075fc 100644 --- a/conf/lang/zh-cn.ini +++ b/conf/lang/zh-cn.ini @@ -91,6 +91,7 @@ password_length_invalid = 密码不能为空且必须在6-50个字符之间 mail_expired = 邮件已失效 captcha_expired = 验证码已过期,请重新操作。 user_not_existed = 用户不存在 +readusr_only_observer = 只读用户只能设置为观察者 email_not_exist = 邮箱不存在 failed_save_password = 保存密码失败 mail_service_not_enable = 未启用邮件服务 @@ -496,6 +497,7 @@ status = 状态 super_admin = 超级管理员 admin = 管理员 user = 普通用户 +read_usr = 只读用户 normal = 正常 disable = 禁用 enable = 启用 diff --git a/controllers/BlogController.go b/controllers/BlogController.go index 4e7eea58..c125638d 100644 --- a/controllers/BlogController.go +++ b/controllers/BlogController.go @@ -162,6 +162,9 @@ func (c *BlogController) ManageSetting() { bookIdentify := strings.TrimSpace(c.GetString("bookIdentify")) documentId := 0 + if c.Member.Role == conf.MemberReaderRole { + c.JsonResult(6001, i18n.Tr(c.Lang, "message.no_permission")) + } if blogTitle == "" { c.JsonResult(6001, i18n.Tr(c.Lang, "message.blog_title_empty")) } @@ -286,6 +289,10 @@ func (c *BlogController) ManageEdit() { c.Prepare() c.TplName = "blog/manage_edit.tpl" + if c.Member.Role == conf.MemberReaderRole { + c.JsonResult(6001, i18n.Tr(c.Lang, "message.no_permission")) + } + if c.Ctx.Input.IsPost() { blogId, _ := c.GetInt("blogId", 0) diff --git a/controllers/BookController.go b/controllers/BookController.go index f636dd0d..3e6fbc2a 100644 --- a/controllers/BookController.go +++ b/controllers/BookController.go @@ -466,6 +466,9 @@ func (c *BookController) Create() { editor := c.GetString("editor") itemId, _ := c.GetInt("itemId") + if c.Member.Role == conf.MemberReaderRole { + c.JsonResult(6001, i18n.Tr(c.Lang, "message.no_permission")) + } if bookName == "" { c.JsonResult(6001, i18n.Tr(c.Lang, "message.project_name_empty")) } @@ -566,7 +569,9 @@ func (c *BookController) Copy() { if _, err := c.IsPermission(); err != nil { c.JsonResult(500, err.Error()) } - + if c.Member.Role == conf.MemberReaderRole { + c.JsonResult(6001, i18n.Tr(c.Lang, "message.no_permission")) + } identify := strings.TrimSpace(c.GetString("identify", "")) if identify == "" { c.JsonResult(6001, i18n.Tr(c.Lang, "message.param_error")) @@ -587,7 +592,9 @@ func (c *BookController) Copy() { // 导入zip压缩包或docx func (c *BookController) Import() { - + if c.Member.Role == conf.MemberReaderRole { + c.JsonResult(6001, i18n.Tr(c.Lang, "message.no_permission")) + } file, moreFile, err := c.GetFile("import-file") if err == http.ErrMissingFile { c.JsonResult(6003, "没有发现需要上传的文件") diff --git a/controllers/BookMemberController.go b/controllers/BookMemberController.go index df0d7020..60b059c5 100644 --- a/controllers/BookMemberController.go +++ b/controllers/BookMemberController.go @@ -41,6 +41,10 @@ func (c *BookMemberController) AddMember() { if _, err := models.NewRelationship().FindForRoleId(book.BookId, member.MemberId); err == nil { c.JsonResult(6003, i18n.Tr(c.Lang, "message.user_exist_in_proj")) } + //如果是只读用户,只能设置为观察者 + if member.Role == conf.MemberReaderRole && roleId != int(conf.BookObserver) { + c.JsonResult(6003, i18n.Tr(c.Lang, "message.readusr_only_observer")) + } relationship := models.NewRelationship() relationship.BookId = book.BookId @@ -94,6 +98,10 @@ func (c *BookMemberController) ChangeRole() { if member.Status == 1 { c.JsonResult(6004, i18n.Tr(c.Lang, "message.user_disable")) } + //如果是只读用户,只能设置为观察者 + if member.Role == conf.MemberReaderRole && role != int(conf.BookObserver) { + c.JsonResult(6003, i18n.Tr(c.Lang, "message.readusr_only_observer")) + } relationship, err := models.NewRelationship().UpdateRoleId(book.BookId, memberId, conf.BookRole(role)) diff --git a/controllers/DocumentController.go b/controllers/DocumentController.go index 35e6f0c4..c63db876 100644 --- a/controllers/DocumentController.go +++ b/controllers/DocumentController.go @@ -328,6 +328,10 @@ func Flatten(list []*models.DocumentTree, flattened *[]DocumentTreeFlatten) { func (c *DocumentController) Edit() { c.Prepare() + if c.Member.Role == conf.MemberReaderRole { + c.JsonResult(6001, i18n.Tr(c.Lang, "message.no_permission")) + } + identify := c.Ctx.Input.Param(":key") if identify == "" { c.ShowErrorPage(404, i18n.Tr(c.Lang, "message.project_id_error")) diff --git a/controllers/ManagerController.go b/controllers/ManagerController.go index 472f6f0e..39822773 100644 --- a/controllers/ManagerController.go +++ b/controllers/ManagerController.go @@ -175,7 +175,7 @@ func (c *ManagerController) ChangeMemberRole() { if memberId <= 0 { c.JsonResult(6001, i18n.Tr(c.Lang, "message.param_error")) } - if role != int(conf.MemberAdminRole) && role != int(conf.MemberGeneralRole) { + if role != int(conf.MemberAdminRole) && role != int(conf.MemberGeneralRole) && role != int(conf.MemberReaderRole) { c.JsonResult(6001, i18n.Tr(c.Lang, "message.no_permission")) } member := models.NewMember() diff --git a/models/Member.go b/models/Member.go index d217cd72..90139a4b 100644 --- a/models/Member.go +++ b/models/Member.go @@ -42,8 +42,8 @@ type Member struct { Email string `orm:"size(100);column(email);unique;description(邮箱)" json:"email"` Phone string `orm:"size(255);column(phone);null;default(null);description(手机)" json:"phone"` Avatar string `orm:"size(1000);column(avatar);description(头像)" json:"avatar"` - //用户角色:0 超级管理员 /1 管理员/ 2 普通用户 . - Role conf.SystemRole `orm:"column(role);type(int);default(1);index;description(用户角色: 0:超级管理员 1:管理员 2:普通用户)" json:"role"` + //用户角色:0 超级管理员 /1 管理员/ 2 普通用户/ 3 只读用户 . + Role conf.SystemRole `orm:"column(role);type(int);default(1);index;description(用户角色: 0:超级管理员 1:管理员 2:普通用户 3:只读用户)" json:"role"` RoleName string `orm:"-" json:"role_name"` Status int `orm:"column(status);type(int);default(0);description(状态 0:启用 1:禁用)" json:"status"` //用户状态:0 正常/1 禁用 CreateTime time.Time `orm:"type(datetime);column(create_time);auto_now_add;description(创建时间)" json:"create_time"` @@ -389,6 +389,8 @@ func (m *Member) ResolveRoleName() { m.RoleName = i18n.Tr(m.Lang, "uc.admin") } else if m.Role == conf.MemberGeneralRole { m.RoleName = i18n.Tr(m.Lang, "uc.user") + } else if m.Role == conf.MemberReaderRole { + m.RoleName = i18n.Tr(m.Lang, "uc.read_usr") } } diff --git a/models/MemberResult.go b/models/MemberResult.go index 4983c4ac..bf6fa2f4 100644 --- a/models/MemberResult.go +++ b/models/MemberResult.go @@ -61,7 +61,7 @@ func (m *MemberRelationshipResult) ResolveRoleName(lang string) *MemberRelations } else if m.RoleId == conf.BookEditor { m.RoleName = i18n.Tr(lang, "common.editor") } else if m.RoleId == conf.BookObserver { - m.RoleName = i18n.Tr(lang, "common.obverser") + m.RoleName = i18n.Tr(lang, "common.observer") } return m } diff --git a/static/cherry/cherry-markdown.css b/static/cherry/cherry-markdown.css index 7b83f655..c5e4f7f8 100644 --- a/static/cherry/cherry-markdown.css +++ b/static/cherry/cherry-markdown.css @@ -1969,6 +1969,14 @@ div[data-type=codeBlock] .token.inserted { .whole-article-wrap > div > .markdown-article { width: calc(100% - 260px); } +@media screen and (max-width: 839px) { + .toc { + display: none !important; + } + .whole-article-wrap > div > .markdown-article { + width: 100%; + } +} [data-code-block-theme=coy] div[data-type=codeBlock] pre[class*=language-]:after { right: 0.75em; diff --git a/static/css/markdown.preview.css b/static/css/markdown.preview.css index 2c96303f..9a691426 100644 --- a/static/css/markdown.preview.css +++ b/static/css/markdown.preview.css @@ -159,6 +159,9 @@ .article-body .markdown-toc{ display: none; } + .article-body .markdown-article{ + width: 100%; + } .article-body .markdown-article{ margin-right: 0; } diff --git a/views/blog/manage_list.tpl b/views/blog/manage_list.tpl index a1264922..3ae2c7d2 100644 --- a/views/blog/manage_list.tpl +++ b/views/blog/manage_list.tpl @@ -36,7 +36,9 @@