加入查看权限，后端校验逻辑

electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/aop/FilePermissionCheckAspect.java

@@ -4,6 +4,7 @@ import com.electromagnetic.industry.software.common.annotations.RequiredPermissi
 import com.electromagnetic.industry.software.common.enums.FilePermission;
 import com.electromagnetic.industry.software.common.exception.PermissionDeniedException;
 import com.electromagnetic.industry.software.common.util.UserThreadLocal;
+import com.electromagnetic.industry.software.manage.pojo.req.FileInfoQueryDTO;
 import com.electromagnetic.industry.software.manage.pojo.req.UpdateFileInfoDTO;
 import com.electromagnetic.industry.software.manage.service.EdFileInfoService;
 import com.electromagnetic.industry.software.manage.service.PermissionService;
@@ -46,7 +47,12 @@ public class FilePermissionCheckAspect {
                 id = edFileInfoService.getCategoryId(childId);
             }
 
-            Map<String,Boolean> permissions = permissionService.getUserPermission(userId,id);
+            if (args[0] instanceof FileInfoQueryDTO) {
+                FileInfoQueryDTO fileInfoQueryDTO = (FileInfoQueryDTO) args[0];
+                id = fileInfoQueryDTO.getParentId();
+            }
+
+            Map<String,Boolean> permissions = permissionService.getUserPermission(userId,id,true);
             if (!permissions.get(filePermission.getCode()).equals(Boolean.TRUE)) {
                 throw new PermissionDeniedException("用户无权限执行此操作");
             }

electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/controller/EdFileInfoController.java

@@ -40,6 +40,7 @@ public class EdFileInfoController {
         return edFileInfoService.delete(id);
     }
 
+    @RequiredPermission(value = FilePermission.VIEW)
     @RequestMapping("info")
     public ElectromagneticResult<?> info(@RequestBody FileInfoQueryDTO fileInfoQueryDTO) {
         return edFileInfoService.queryEdFileInfo(fileInfoQueryDTO);

electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/controller/PermissionController.java

@@ -23,7 +23,7 @@ public class PermissionController {
     @GetMapping(value = "/{id}")
     public ElectromagneticResult<?> getUserPermission(@PathVariable("id") String id) {
         String userId = UserThreadLocal.getUserId();
-        return ElectromagneticResultUtil.success(permissionService.getUserPermission(userId, id));
+        return ElectromagneticResultUtil.success(permissionService.getUserPermission(userId, id, false));
     }
 
 }

electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/PermissionService.java

@@ -12,7 +12,7 @@ public interface PermissionService {
      * @param id
      * @return
      */
-    Map<String, Boolean> getUserPermission(String userId, String id);
+    Map<String, Boolean> getUserPermission(String userId, String id, Boolean includeView);
 
     /**
      * 获取当前用户有权限访问的目录id
@@ -36,7 +36,7 @@ public interface PermissionService {
      * @param permissionCodes
      * @return
      */
-    Map<String, Boolean> transToMap(List<String> permissionCodes);
+    Map<String, Boolean> transToMap(List<String> permissionCodes, Boolean includeView);
 
     /**
      * 过滤有导出权限的文件id

electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/serviceimpl/PermissionServiceImpl.java

@@ -38,7 +38,7 @@ public class PermissionServiceImpl implements PermissionService {
      */
     @Override
     @Transactional
-    public Map<String, Boolean> getUserPermission(String userId, String id) {
+    public Map<String, Boolean> getUserPermission(String userId, String id, Boolean includeView) {
 
         List<String> roleIds = getRoles(userId);
         // 只有当 roleIds 不为空且不为 null 时，才添加 in 条件
@@ -50,9 +50,10 @@ public class PermissionServiceImpl implements PermissionService {
                 .eq(RolePermission::getFileId, id)
                 .in(RolePermission::getRoleId, roleIds);
         List<String> permissionCodes = rolePermissionMapper.selectObjs(queryWrapper1).stream().map(Object::toString).collect(Collectors.toList());
-        return transToMap(permissionCodes);
+        return transToMap(permissionCodes, includeView);
     }
 
+
     /**
      * 获取当前用户有权限访问的目录id
      *
@@ -118,9 +119,14 @@ public class PermissionServiceImpl implements PermissionService {
      * @return
      */
     @Override
-    public Map<String, Boolean> transToMap(List<String> permissionCodes) {
+    public Map<String, Boolean> transToMap(List<String> permissionCodes, Boolean includeView) {
         Map<String, Boolean> result = new HashMap<>();
-        List<String> allCodes = FilePermission.getAllCodesExcludeView();
+        List<String> allCodes = new ArrayList<>();
+        if (includeView.equals(Boolean.TRUE)) {
+            allCodes = FilePermission.getAllCodes();
+        } else {
+            allCodes = FilePermission.getAllCodesExcludeView();
+        }
         for (String code : allCodes) {
             if (permissionCodes.contains(code)) {
                 result.put(code, true);

electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/serviceimpl/RoleServiceImpl.java

@@ -191,7 +191,7 @@ public class RoleServiceImpl extends ServiceImpl<RoleMapper, Role> implements Ro
                 dataAuth.put("data", false);
                 rolePermissionDTO.setDataAuth(dataAuth);
             }
-            rolePermissionDTO.setPermission(permissionService.transToMap(permissionCodes));
+            rolePermissionDTO.setPermission(permissionService.transToMap(permissionCodes,false));
             nodes.add(rolePermissionDTO);
         }
 
@@ -290,7 +290,7 @@ public class RoleServiceImpl extends ServiceImpl<RoleMapper, Role> implements Ro
             dataAuth.put("data", false);
             rolePermissionDTO.setDataAuth(dataAuth);
 
-            rolePermissionDTO.setPermission(permissionService.transToMap(permissionCodes));
+            rolePermissionDTO.setPermission(permissionService.transToMap(permissionCodes,false));
             nodes.add(rolePermissionDTO);
         }