From 5d69b326b98a7ca7f79831116da99d53da0bf902 Mon Sep 17 00:00:00 2001
From: moonrailgun <moonrailgun@gmail.com>
Date: Fri, 24 Nov 2023 22:48:26 +0800
Subject: [PATCH] feat: add permission to edit basic info and fixed the bug of
 incorrect display of group fields

---
 client/shared/utils/role-helper.ts            |  8 ++++++
 .../components/modals/GroupDetail/Summary.tsx |  9 +++++--
 server/packages/sdk/src/services/lib/role.ts  |  1 +
 server/services/core/group/group.service.ts   | 25 ++++++++++++++-----
 4 files changed, 35 insertions(+), 8 deletions(-)

diff --git a/client/shared/utils/role-helper.ts b/client/shared/utils/role-helper.ts
index 54caa3b8611..15e77331de3 100644
--- a/client/shared/utils/role-helper.ts
+++ b/client/shared/utils/role-helper.ts
@@ -51,6 +51,7 @@ export const PERMISSION = {
     unlimitedInvite: 'core.unlimitedInvite',
     editInvite: 'core.editInvite',
     groupDetail: 'core.groupDetail',
+    groupBaseInfo: 'core.groupBaseInfo',
     groupConfig: 'core.groupConfig',
     manageUser: 'core.manageUser',
     managePanel: 'core.managePanel',
@@ -101,6 +102,13 @@ export const getPermissionList = (): PermissionItemType[] => [
     desc: t('允许成员查看群组详情'),
     default: false,
   },
+  {
+    key: PERMISSION.core.groupBaseInfo,
+    title: t('修改群组基本信息'),
+    desc: t('允许成员修改群组基本信息'),
+    default: false,
+    required: [PERMISSION.core.groupDetail],
+  },
   {
     key: PERMISSION.core.groupConfig,
     title: t('修改群组配置'),
diff --git a/client/web/src/components/modals/GroupDetail/Summary.tsx b/client/web/src/components/modals/GroupDetail/Summary.tsx
index 7d272de0f70..02c593d0655 100644
--- a/client/web/src/components/modals/GroupDetail/Summary.tsx
+++ b/client/web/src/components/modals/GroupDetail/Summary.tsx
@@ -11,18 +11,23 @@ import React from 'react';
 import { Avatar } from 'tailchat-design';
 import {
   modifyGroupField,
+  PERMISSION,
   showSuccessToasts,
   showToasts,
   t,
   UploadFileResult,
   useAsyncRequest,
   useGroupInfo,
+  useHasGroupPermission,
 } from 'tailchat-shared';
 
 export const GroupSummary: React.FC<{
   groupId: string;
 }> = React.memo(({ groupId }) => {
   const groupInfo = useGroupInfo(groupId);
+  const [hasBaseInfoPermission] = useHasGroupPermission(groupId, [
+    PERMISSION.core.groupBaseInfo,
+  ]);
 
   const [, handleUpdateGroupName] = useAsyncRequest(
     async (newName: string) => {
@@ -70,7 +75,7 @@ export const GroupSummary: React.FC<{
           <FullModalField
             title={t('群组名称')}
             value={groupInfo.name}
-            editable={true}
+            editable={hasBaseInfoPermission}
             renderEditor={DefaultFullModalInputEditorRender}
             onSave={handleUpdateGroupName}
           />
@@ -84,7 +89,7 @@ export const GroupSummary: React.FC<{
             title={t('群组描述')}
             value={groupInfo.description ?? ''}
             content={<pre>{groupInfo.description ?? ''}</pre>}
-            editable={true}
+            editable={hasBaseInfoPermission}
             renderEditor={GroupDescriptionEditorRender}
             onSave={handleUpdateGroupDescription}
           />
diff --git a/server/packages/sdk/src/services/lib/role.ts b/server/packages/sdk/src/services/lib/role.ts
index c8e620587a0..4294f7dd5c6 100644
--- a/server/packages/sdk/src/services/lib/role.ts
+++ b/server/packages/sdk/src/services/lib/role.ts
@@ -9,6 +9,7 @@ export const PERMISSION = {
     unlimitedInvite: 'core.unlimitedInvite',
     editInvite: 'core.editInvite', // 编辑邀请码权限，需要有创建无限制邀请码的权限
     groupDetail: 'core.groupDetail',
+    groupBaseInfo: 'core.groupBaseInfo',
     groupConfig: 'core.groupConfig',
     manageUser: 'core.manageUser',
     managePanel: 'core.managePanel',
diff --git a/server/services/core/group/group.service.ts b/server/services/core/group/group.service.ts
index 51ba684c1d9..002a5bc6d43 100644
--- a/server/services/core/group/group.service.ts
+++ b/server/services/core/group/group.service.ts
@@ -425,19 +425,32 @@ class GroupService extends TcService {
       throw new EntityError(t('该数据不允许修改'));
     }
 
-    const [isGroupOwner, hasRolePermission] = await call(
-      ctx
-    ).checkUserPermissions(groupId, userId, [
+    const [
+      isGroupOwner,
+      hasBaseInfoPermission,
+      hasRolePermission,
+      hasManagePanelPermission,
+    ] = await call(ctx).checkUserPermissions(groupId, userId, [
       PERMISSION.core.owner,
+      PERMISSION.core.groupBaseInfo,
       PERMISSION.core.manageRoles,
+      PERMISSION.core.managePanel,
     ]);
 
-    if (fieldName === 'fallbackPermissions') {
+    if (['roles', 'fallbackPermissions'].includes(fieldName)) {
       if (!hasRolePermission) {
-        throw new NoPermissionError(t('没有操作权限'));
+        throw new NoPermissionError(t('没有编辑群组身份组权限'));
+      }
+    } else if (['name', 'avatar', 'description'].includes(fieldName)) {
+      if (!hasBaseInfoPermission) {
+        throw new NoPermissionError(t('没有编辑群组信息权限'));
+      }
+    } else if (fieldName === 'panels') {
+      if (!hasManagePanelPermission) {
+        throw new NoPermissionError(t('没有编辑群组面板权限'));
       }
     } else if (!isGroupOwner) {
-      throw new NoPermissionError(t('不是群组管理员无法编辑'));
+      throw new NoPermissionError(t('不是群组所有者无法编辑'));
     }
 
     const group = await this.adapter.model.findById(groupId).exec();