diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 3f7cd417..237ce9e6 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -74,11 +74,10 @@ class UsersController < ApplicationController def update return render_not_found unless @user = User.find_by_id(params[:id]) || User.find_by(login: params[:id]) + return render_forbidden unless User.current.logged? && (current_user&.admin? || current_user.id == @user.id) Util.write_file(@image, avatar_path(@user)) if user_params[:image].present? @user.attributes = user_params.except(:image) - if @user.save - render_ok - else + unless @user.save render_error(@user.errors.full_messages.join(", ")) end end diff --git a/app/views/users/_user.json.jbuilder b/app/views/users/_user.json.jbuilder index 96299c7e..dc43d6bc 100644 --- a/app/views/users/_user.json.jbuilder +++ b/app/views/users/_user.json.jbuilder @@ -1,7 +1,20 @@ json.user_id user.id -json.login user.login json.name user.full_name +json.username @user.full_name +json.real_name @user.real_name json.grade user.grade -json.identity user&.user_extension&.identity -# json.email user.mail # 邮箱原则上不暴露的,如果实在需要的话只能对某些具体的接口公开 -json.image_url url_to_avatar(user) +json.gender @user.gender +json.login @user.login +json.user_id @user.id +json.image_url url_to_avatar(@user) +json.admin @user.admin? +json.user_identity @user.identity +json.is_watch current_user&.watched?(@user) +json.watched_count @user.fan_count #粉丝 +json.watching_count @user.follow_count #关注数 +json.created_time format_time(@user.created_on) +json.email @user.show_email ? @user.mail : nil +json.province @user.show_location ? @user.province : nil +json.city @user.show_location ? @user.city : nil +json.custom_department @user.show_department ? @user.custom_department : nil +json.description @user.description \ No newline at end of file diff --git a/app/views/users/show.json.jbuilder b/app/views/users/show.json.jbuilder index aee46cb0..0bbd915b 100644 --- a/app/views/users/show.json.jbuilder +++ b/app/views/users/show.json.jbuilder @@ -1,16 +1,4 @@ -# json.partial! 'users/user', locals: { user: @user } - -json.username @user.full_name -json.real_name @user.real_name -json.gender @user.gender -json.login @user.login -json.user_id @user.id -json.image_url url_to_avatar(@user) -json.admin @user.admin? -json.user_identity @user.identity -json.is_watch current_user&.watched?(@user) -json.watched_count @user.fan_count #粉丝 -json.watching_count @user.follow_count #关注数 +json.partial! 'users/user', locals: { user: @user } json.undo_messages @waiting_applied_messages.size json.undo_transfer_projects @common_applied_transfer_projects.size json.undo_events @undo_events @@ -18,10 +6,4 @@ json.user_composes_count @user_composes_count json.user_org_count @user_org_count json.common_projects_count @projects_common_count json.mirror_projects_count @projects_mirrior_count -json.sync_mirror_projects_count @projects_sync_mirrior_count -json.created_time format_time(@user.created_on) -json.email @user.show_email ? @user.mail : nil -json.province @user.show_location ? @user.province : nil -json.city @user.show_location ? @user.city : nil -json.custom_department @user.show_department ? @user.custom_department : nil -json.description @user.description \ No newline at end of file +json.sync_mirror_projects_count @projects_sync_mirrior_count \ No newline at end of file diff --git a/app/views/users/update.json.jbuilder b/app/views/users/update.json.jbuilder new file mode 100644 index 00000000..2b31e182 --- /dev/null +++ b/app/views/users/update.json.jbuilder @@ -0,0 +1 @@ +json.partial! 'users/user', locals: { user: @user }