From daf7acb4f107a427e4a83ba1eb26e5e6012cbdaf Mon Sep 17 00:00:00 2001
From: kongzy <kongzy>
Date: Wed, 26 Jun 2024 17:04:52 +0800
Subject: [PATCH] update

---
 exam-system/src/main/java/com/gkhy/exam/system/service/impl/ExStudentServiceImpl.java |   32 ++++++++++++++++++++++++++++----
 1 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/exam-system/src/main/java/com/gkhy/exam/system/service/impl/ExStudentServiceImpl.java b/exam-system/src/main/java/com/gkhy/exam/system/service/impl/ExStudentServiceImpl.java
index 6b6b60e..67ca293 100644
--- a/exam-system/src/main/java/com/gkhy/exam/system/service/impl/ExStudentServiceImpl.java
+++ b/exam-system/src/main/java/com/gkhy/exam/system/service/impl/ExStudentServiceImpl.java
@@ -69,15 +69,22 @@
 
     @Override
     public ExStudent selectStudentById(Long studentId) {
-        return baseMapper.selectStudentById(studentId);
+        ExStudent student= baseMapper.selectStudentById(studentId);
+        SysUser currentUser=SecurityUtils.getLoginUser().getUser();
+        if(currentUser.getUserType().equals(UserTypeEnum.SYSTEM_USER.getCode())){
+            return student;
+        }
+        if(!student.getCompanyId().equals(currentUser.getCompanyId())){
+            throw new ApiException("无权限查看其它企业学员");
+        }
+        return student;
+
     }
 
     @Override
     public int insertStudent(ExStudent student) {
         SysUser currentUser= SecurityUtils.getLoginUser().getUser();
-        if(currentUser.getUserType().equals(UserTypeEnum.SYSTEM_USER.getCode())){
-            throw new ApiException("系统管理员不能新增学员");
-        }
+        checkUserAllowed(student);
         if(!checkPhoneUnique(student)){
             throw new ApiException("手机号已存在");
         }
@@ -94,6 +101,7 @@
 
     @Override
     public int updateStudent(ExStudent student) {
+        checkUserAllowed(student);
         if(!checkPhoneUnique(student)){
             throw new ApiException("手机号已存在");
         }
@@ -112,6 +120,7 @@
     @Override
     public int deleteStudentById(Long studentId) {
         ExStudent existStudent=checkUserDataScope(studentId);
+        checkUserAllowed(existStudent);
         int row=baseMapper.deleteByStudentId(studentId);
         if(row<0){
             throw new ApiException("删除学员失败");
@@ -153,6 +162,7 @@
     @Override
     public boolean resetUserPwd(ExStudent student) {
         ExStudent existStudent=getById(student.getId());
+        checkUserAllowed(existStudent);
         ExStudent su=new ExStudent().setId(student.getId()).setPassword(SecurityUtils.encryptPassword(Base64.decodeStr(student.getPassword())));
         su.setUpdateBy(SecurityUtils.getUsername());
         delCacheByPhone(existStudent.getPhone());
@@ -170,4 +180,18 @@
         }
         return student;
     }
+
+    public void checkUserAllowed(ExStudent student) {
+        SysUser currentUser= SecurityUtils.getLoginUser().getUser();
+        if(currentUser.getUserType().equals(UserTypeEnum.SYSTEM_USER.getCode())){
+            throw new ApiException("系统管理员没有权限操作");
+        }
+        if(currentUser.getUserType().equals(UserTypeEnum.STUDENT.getCode())){
+            throw new ApiException("没有权限操作");
+        }
+        if(!currentUser.getCompanyId().equals(student.getCompanyId())){
+            throw new ApiException("没有权限操作其他企业学员");
+        }
+    }
+
 }

--
Gitblit v1.9.2