From df7c98e27df72a90b0f7aed727f9c0ac4d0a2b85 Mon Sep 17 00:00:00 2001
From: withchao <993506633@qq.com>
Date: Wed, 19 Apr 2023 15:11:24 +0800
Subject: [PATCH] config

---
 internal/rpc/group/group.go | 42 ++++++++++++++++++++++++++++++++++++-
 1 file changed, 41 insertions(+), 1 deletion(-)

diff --git a/internal/rpc/group/group.go b/internal/rpc/group/group.go
index 9a9fd3d7c..8904e8edf 100644
--- a/internal/rpc/group/group.go
+++ b/internal/rpc/group/group.go
@@ -1045,14 +1045,54 @@ func (s *groupServer) SetGroupMemberInfo(ctx context.Context, req *pbGroup.SetGr
 	})
 	if !tokenverify.IsAppManagerUid(ctx) {
 		opUserID := mcontext.GetOpUserID(ctx)
+		for _, member := range req.Members {
+			if member.RoleLevel != nil {
+				switch member.RoleLevel.Value {
+				case constant.GroupOrdinaryUsers, constant.GroupAdmin:
+				default:
+					return nil, errs.ErrArgs.Wrap("invalid role level")
+				}
+			}
+			if member.UserID == opUserID {
+				if member.RoleLevel != nil {
+					return nil, errs.ErrNoPermission.Wrap("can not change self role level")
+				}
+				continue
+			}
+			opMember, ok := memberMap[[...]string{member.GroupID, opUserID}]
+			if !ok {
+				return nil, errs.ErrArgs.Wrap(fmt.Sprintf("user %s not in group %s", opUserID, member.GroupID))
+			}
+			dbMember, ok := memberMap[[...]string{member.GroupID, member.UserID}]
+			if !ok {
+				return nil, errs.ErrRecordNotFound.Wrap(fmt.Sprintf("user %s not in group %s", member.UserID, member.GroupID))
+			}
+			if opMember.RoleLevel == constant.GroupOrdinaryUsers {
+				return nil, errs.ErrNoPermission.Wrap("ordinary users can not change other role level")
+			}
+			switch opMember.RoleLevel {
+			case constant.GroupOrdinaryUsers:
+				return nil, errs.ErrNoPermission.Wrap("ordinary users can not change other role level")
+			case constant.GroupAdmin:
+				if dbMember.RoleLevel != constant.GroupOrdinaryUsers {
+					return nil, errs.ErrNoPermission.Wrap("admin can not change other role level")
+				}
+			case constant.GroupOwner:
+				//if member.RoleLevel != nil && member.RoleLevel.Value == constant.GroupOwner {
+				//	return nil, errs.ErrNoPermission.Wrap("owner only one")
+				//}
+			}
+		}
+
 		for _, member := range members {
 			if member.UserID == opUserID {
 				continue
 			}
-			opMember, ok := memberMap[[...]string{member.GroupID, member.UserID}]
+			opMember, ok := memberMap[[...]string{member.GroupID, opUserID}]
 			if !ok {
 				return nil, errs.ErrArgs.Wrap(fmt.Sprintf("user %s not in group %s", opUserID, member.GroupID))
 			}
+
 			if member.RoleLevel >= opMember.RoleLevel {
 				return nil, errs.ErrNoPermission.Wrap(fmt.Sprintf("group %s : %s RoleLevel %d >= %s RoleLevel %d", member.GroupID, member.UserID, member.RoleLevel, opMember.UserID, opMember.RoleLevel))
 			}