const API = require("../../../lib/API"); const db = require("../../../plugin/DataBase/db"); const AccessControl = require("../../../lib/AccessControl"); const { BaseStdResponse } = require("../../../BaseStdResponse"); // 添加/编辑商品 class AddProduct extends API { constructor() { super() this.setPath('/Admin/Goods') this.setMethod('POST') } async onRequest(req, res) { let { uuid, session, id, name, state, content, price, num, lepao_count, ic_count } = req.body if ([uuid, session, name, state, content, price, num, lepao_count, ic_count].some(value => value === '' || value === null || value === undefined)) return res.json({ ...BaseStdResponse.MISSING_PARAMETER }) // 检查 session if (!await AccessControl.checkSession(uuid, session)) return res.status(401).json({ ...BaseStdResponse.ACCESS_DENIED }) // 检查权限 let permission = await AccessControl.getPermission(uuid) if (!permission.includes("admin") && !permission.includes("product")) return res.json({ ...BaseStdResponse.PERMISSION_DENIED }) let sql, r const time = new Date().getTime() if (!id) { sql = 'INSERT INTO goods (name, create_user, create_time, update_time, state, content, price, lepao_count, ic_count, num) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)' r = await db.query(sql, [name, uuid, time, time, state, content, price, lepao_count, ic_count, num]) } else { sql = 'UPDATE goods SET name = ?, update_user = ?, update_time = ?, state = ?, content = ?, price = ?, lepao_count = ?, ic_count = ?, num = ? WHERE id = ?' r = await db.query(sql, [name, uuid, time, state, content, price, lepao_count, ic_count, num, id]) } try { if (r && r.affectedRows > 0) { res.json({ ...BaseStdResponse.OK }) } else { res.json({ ...BaseStdResponse.ERR, endpoint: 7894378, msg: '编辑商品失败!数据库错误!请检查参数是否正确' }) } } catch (err) { this.logger.error(`编辑商品失败!${err.stack}`) res.json({ ...BaseStdResponse.ERR, msg: "编辑商品失败!", }); } } } module.exports.AddProduct = AddProduct;