From daf7acb4f107a427e4a83ba1eb26e5e6012cbdaf Mon Sep 17 00:00:00 2001
From: kongzy <kongzy>
Date: Wed, 26 Jun 2024 17:04:52 +0800
Subject: [PATCH] update
---
exam-system/src/main/java/com/gkhy/exam/system/service/impl/ExResourceServiceImpl.java | 53 +++++++++++++++++++++++++++++++++++++++++++++++------
1 files changed, 47 insertions(+), 6 deletions(-)
diff --git a/exam-system/src/main/java/com/gkhy/exam/system/service/impl/ExResourceServiceImpl.java b/exam-system/src/main/java/com/gkhy/exam/system/service/impl/ExResourceServiceImpl.java
index 1defc76..52ebb5b 100644
--- a/exam-system/src/main/java/com/gkhy/exam/system/service/impl/ExResourceServiceImpl.java
+++ b/exam-system/src/main/java/com/gkhy/exam/system/service/impl/ExResourceServiceImpl.java
@@ -44,16 +44,46 @@
@Override
public ExResource selectResourceById(Long resourceId) {
- return baseMapper.selectResourceById(resourceId);
+ ExResource resource= baseMapper.selectResourceById(resourceId);
+ if(resource==null){
+ return resource;
+ }
+ if(resource.getPrivatize().equals(PrivatizeEnum.PUBLIC.getCode())){
+ return resource;
+ }
+ SysUser currentUser=SecurityUtils.getLoginUser().getUser();
+ if(currentUser.getUserType().equals(UserTypeEnum.SYSTEM_USER.getCode())){
+ return resource;
+ }
+ if(!resource.getCompanyId().equals(currentUser.getCompanyId())){
+ throw new ApiException("无权限查看其它企业资源");
+ }
+ return resource;
}
@Override
public ExResource selectResourceByPeriodId(Long periodId) {
- return baseMapper.selectResourceByPeriodId(periodId);
+ ExResource resource= baseMapper.selectResourceByPeriodId(periodId);
+ if(resource==null){
+ return resource;
+ }
+ if(resource.getPrivatize().equals(PrivatizeEnum.PUBLIC.getCode())){
+ return resource;
+ }
+ SysUser currentUser=SecurityUtils.getLoginUser().getUser();
+ if(currentUser.getUserType().equals(UserTypeEnum.SYSTEM_USER.getCode())){
+ return resource;
+ }
+ if(!resource.getCompanyId().equals(currentUser.getCompanyId())){
+ throw new ApiException("无权限查看其它企业资源");
+ }
+ return resource;
+
}
@Override
public int insertResource(ExResource resource) {
+ checkUserAllowed(resource);
if(!checkNameUnique(resource)){
throw new ApiException("资源名称已存在");
}
@@ -61,11 +91,7 @@
if(user.getUserType().equals(UserTypeEnum.SYSTEM_USER.getCode())){
resource.setPrivatize(PrivatizeEnum.PUBLIC.getCode());
}else{
- if(user.getCompanyId()==null){
- throw new ApiException("获取用户公司id失败");
- }
resource.setCompanyId(user.getCompanyId());
- resource.setPrivatize(PrivatizeEnum.PRIVATE.getCode());
}
UploadObjectVO uploadObjectVO =commonService.doUpload(resource.getFile());
resource.setResourceUri(uploadObjectVO.getPath());
@@ -87,6 +113,7 @@
@Override
public int updateResource(ExResource resource) {
+ checkUserAllowed(resource);
if(!checkNameUnique(resource)){
throw new ApiException("资源名称已存在");
}
@@ -97,9 +124,23 @@
return row;
}
+ public void checkUserAllowed(ExResource resource) {
+ SysUser currentUser= SecurityUtils.getLoginUser().getUser();
+ if(currentUser.getUserType().equals(UserTypeEnum.SYSTEM_USER.getCode())){
+ return;
+ }
+ if(currentUser.getUserType().equals(UserTypeEnum.STUDENT.getCode())){
+ throw new ApiException("没有权限操作");
+ }
+ if(!currentUser.getCompanyId().equals(resource.getCompanyId())){
+ throw new ApiException("没有权限操作其他企业资源");
+ }
+ }
+
@Override
public int deleteResourceById(Long resourceId) {
//校验资源是否绑定
+ checkUserAllowed(baseMapper.selectById(resourceId));
ExResource resource=getById(resourceId);
int row=baseMapper.deleteById(resourceId);
if(row<1){
--
Gitblit v1.9.2