From e4024a2daebe912bec7ad37b4282083755ea56c2 Mon Sep 17 00:00:00 2001 From: chenxudong Date: Fri, 10 Jan 2025 10:24:47 +0800 Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E5=AF=BC=E5=87=BA=E5=8A=9F?= =?UTF-8?q?=E8=83=BD=E7=9A=84=E6=9D=83=E9=99=90=E6=A0=A1=E9=AA=8C=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../software/manage/config/LoginInterceptor.java | 13 +++++++------ .../manage/service/PermissionService.java | 2 +- .../serviceimpl/EdFileInfoServiceImpl.java | 4 ++++ .../serviceimpl/PermissionServiceImpl.java | 15 +++++++-------- 4 files changed, 19 insertions(+), 15 deletions(-) diff --git a/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/config/LoginInterceptor.java b/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/config/LoginInterceptor.java index af7a2f7..3b79c41 100644 --- a/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/config/LoginInterceptor.java +++ b/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/config/LoginInterceptor.java @@ -2,6 +2,7 @@ package com.electromagnetic.industry.software.manage.config; import cn.hutool.core.date.SystemClock; import com.electromagnetic.industry.software.common.cons.UserConstants; +import com.electromagnetic.industry.software.common.enums.AdminTypeEnum; import com.electromagnetic.industry.software.common.pojo.UserLoginInfo; import com.electromagnetic.industry.software.common.util.TokenUtil; import com.electromagnetic.industry.software.common.util.UserThreadLocal; @@ -36,12 +37,12 @@ public class LoginInterceptor implements HandlerInterceptor { } private boolean checkSysAdminOperation(HttpServletRequest request, HttpServletResponse response) { -// String requestURI = request.getRequestURI(); -// if (requestURI.startsWith("/data/ed/prj") && !UserThreadLocal.getAdminType().equals(AdminTypeEnum.SYSTEM.getValue())) { -// log.warn("{}没有层级操作权限,当前用户类型是{}", UserThreadLocal.getUsername(), UserThreadLocal.getAdminType()); -// response.setStatus(HttpServletResponse.SC_FORBIDDEN); -// return false; -// } + String requestURI = request.getRequestURI(); + if (requestURI.startsWith("/data/ed/prj") && !UserThreadLocal.getAdminType().equals(AdminTypeEnum.SYSTEM.getValue())) { + log.warn("{}没有层级操作权限,当前用户类型是{}", UserThreadLocal.getUsername(), UserThreadLocal.getAdminType()); + response.setStatus(HttpServletResponse.SC_FORBIDDEN); + return false; + } return true; } diff --git a/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/PermissionService.java b/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/PermissionService.java index 817d1ce..1969b9c 100644 --- a/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/PermissionService.java +++ b/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/PermissionService.java @@ -42,5 +42,5 @@ public interface PermissionService { * 检查文件id列表是否可具有导出权限 * @param ids */ - String[] filterExportIds(String[] ids); + Map filterExportIds(String[] ids); } diff --git a/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/serviceimpl/EdFileInfoServiceImpl.java b/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/serviceimpl/EdFileInfoServiceImpl.java index af6a741..a22049a 100644 --- a/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/serviceimpl/EdFileInfoServiceImpl.java +++ b/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/serviceimpl/EdFileInfoServiceImpl.java @@ -610,6 +610,10 @@ public class EdFileInfoServiceImpl extends ServiceImpl batchExport(String dataIdArr, HttpServletResponse response) throws IOException { String userDownloadDataDir = downloadDataDir + File.separator + UserThreadLocal.getUserId(); String[] ids = dataIdArr.split(","); + Map map = permissionService.filterExportIds(ids); + if (map.containsValue(Boolean.FALSE)) { + throw new BizException(-1, "有未授权的层级接口,禁止导出"); + } Map maps = new HashMap<>(); for (String id : ids) { Map edFileInfos = this.baseMapper.selectList(Wrappers.lambdaQuery(EdFileInfo.class) diff --git a/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/serviceimpl/PermissionServiceImpl.java b/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/serviceimpl/PermissionServiceImpl.java index 339b3a7..a9b2b86 100644 --- a/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/serviceimpl/PermissionServiceImpl.java +++ b/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/serviceimpl/PermissionServiceImpl.java @@ -123,23 +123,22 @@ public class PermissionServiceImpl implements PermissionService { * @param ids */ @Override - public String[] filterExportIds(String[] ids){ + public Map filterExportIds(String[] ids) { + Map map = new HashMap<>(); if (ids.length==0) { - return ids; + return map; } + String userId=UserThreadLocal.getUserId(); List roleIds = getRoles(userId); - List result = new ArrayList<>(); for (String id : ids) { LambdaQueryWrapper queryWrapper = new LambdaQueryWrapper<>(); queryWrapper.eq(RolePermission::getFileId, id) .eq(RolePermission::getPermissionCode, FilePermission.EXPORT.getCode()) .in(RolePermission::getRoleId, roleIds); - List list = rolePermissionMapper.selectList(queryWrapper); - if (!list.isEmpty()) { - result.add(id); - } + long count = rolePermissionMapper.selectCount(queryWrapper); + map.put(id, count > 0); } - return result.toArray(new String[0]); + return map; } }