| 619 | } |
| 620 | |
| 621 | func CreateUser(c *gin.Context) { |
| 622 | var user model.User |
| 623 | err := json.NewDecoder(c.Request.Body).Decode(&user) |
| 624 | user.Username = strings.TrimSpace(user.Username) |
| 625 | if err != nil || user.Username == "" || user.Password == "" { |
| 626 | c.JSON(http.StatusOK, gin.H{ |
| 627 | "success": false, |
| 628 | "message": "无效的参数", |
| 629 | }) |
| 630 | return |
| 631 | } |
| 632 | if err := common.Validate.Struct(&user); err != nil { |
| 633 | c.JSON(http.StatusOK, gin.H{ |
| 634 | "success": false, |
| 635 | "message": "输入不合法 " + err.Error(), |
| 636 | }) |
| 637 | return |
| 638 | } |
| 639 | if user.DisplayName == "" { |
| 640 | user.DisplayName = user.Username |
| 641 | } |
| 642 | myRole := c.GetInt("role") |
| 643 | if user.Role >= myRole { |
| 644 | c.JSON(http.StatusOK, gin.H{ |
| 645 | "success": false, |
| 646 | "message": "无法创建权限大于等于自己的用户", |
| 647 | }) |
| 648 | return |
| 649 | } |
| 650 | // Even for admin users, we cannot fully trust them! |
| 651 | cleanUser := model.User{ |
| 652 | Username: user.Username, |
| 653 | Password: user.Password, |
| 654 | DisplayName: user.DisplayName, |
| 655 | } |
| 656 | if err := cleanUser.Insert(0); err != nil { |
| 657 | common.ApiError(c, err) |
| 658 | return |
| 659 | } |
| 660 | |
| 661 | c.JSON(http.StatusOK, gin.H{ |
| 662 | "success": true, |
| 663 | "message": "", |
| 664 | }) |
| 665 | return |
| 666 | } |
| 667 | |
| 668 | type ManageRequest struct { |
| 669 | Id int `json:"id"` |