chenxudong
/
electromagnetic-data-new
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

增加导出功能的权限校验。

This commit is contained in:
chenxudong 2025-01-10 10:24:47 +08:00
parent 8dc4c731d0
commit e4024a2dae
4 changed files with 19 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/config/LoginInterceptor.java
View File

@ -2,6 +2,7 @@ package com.electromagnetic.industry.software.manage.config;
import cn.hutool.core.date.SystemClock; import cn.hutool.core.date.SystemClock;
import com.electromagnetic.industry.software.common.cons.UserConstants; import com.electromagnetic.industry.software.common.cons.UserConstants;
import com.electromagnetic.industry.software.common.enums.AdminTypeEnum;
import com.electromagnetic.industry.software.common.pojo.UserLoginInfo; import com.electromagnetic.industry.software.common.pojo.UserLoginInfo;
import com.electromagnetic.industry.software.common.util.TokenUtil; import com.electromagnetic.industry.software.common.util.TokenUtil;
import com.electromagnetic.industry.software.common.util.UserThreadLocal; import com.electromagnetic.industry.software.common.util.UserThreadLocal;
@ -36,12 +37,12 @@ public class LoginInterceptor implements HandlerInterceptor {
} }
private boolean checkSysAdminOperation(HttpServletRequest request, HttpServletResponse response) { private boolean checkSysAdminOperation(HttpServletRequest request, HttpServletResponse response) {
// String requestURI = request.getRequestURI(); String requestURI = request.getRequestURI();
// if (requestURI.startsWith("/data/ed/prj") && !UserThreadLocal.getAdminType().equals(AdminTypeEnum.SYSTEM.getValue())) { if (requestURI.startsWith("/data/ed/prj") && !UserThreadLocal.getAdminType().equals(AdminTypeEnum.SYSTEM.getValue())) {
// log.warn("{}没有层级操作权限,当前用户类型是{}", UserThreadLocal.getUsername(), UserThreadLocal.getAdminType()); log.warn("{}没有层级操作权限,当前用户类型是{}", UserThreadLocal.getUsername(), UserThreadLocal.getAdminType());
// response.setStatus(HttpServletResponse.SC_FORBIDDEN); response.setStatus(HttpServletResponse.SC_FORBIDDEN);
// return false; return false;
// } }
return true; return true;
} }

2
electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/PermissionService.java
View File

@ -42,5 +42,5 @@ public interface PermissionService {
* 检查文件id列表是否可具有导出权限 * 检查文件id列表是否可具有导出权限
* @param ids * @param ids
*/ */
String[] filterExportIds(String[] ids); Map<String, Boolean> filterExportIds(String[] ids);
} }

4
electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/serviceimpl/EdFileInfoServiceImpl.java
View File

@ -610,6 +610,10 @@ public class EdFileInfoServiceImpl extends ServiceImpl<EdFileInfoMapper, EdFileI
public ResponseEntity<InputStreamResource> batchExport(String dataIdArr, HttpServletResponse response) throws IOException { public ResponseEntity<InputStreamResource> batchExport(String dataIdArr, HttpServletResponse response) throws IOException {
String userDownloadDataDir = downloadDataDir + File.separator + UserThreadLocal.getUserId(); String userDownloadDataDir = downloadDataDir + File.separator + UserThreadLocal.getUserId();
String[] ids = dataIdArr.split(","); String[] ids = dataIdArr.split(",");
Map<String, Boolean> map = permissionService.filterExportIds(ids);
if (map.containsValue(Boolean.FALSE)) {
throw new BizException(-1, "有未授权的层级接口,禁止导出");
}
Map<String, EdFileInfo> maps = new HashMap<>(); Map<String, EdFileInfo> maps = new HashMap<>();
for (String id : ids) { for (String id : ids) {
Map<String, EdFileInfo> edFileInfos = this.baseMapper.selectList(Wrappers.lambdaQuery(EdFileInfo.class) Map<String, EdFileInfo> edFileInfos = this.baseMapper.selectList(Wrappers.lambdaQuery(EdFileInfo.class)

15
electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/serviceimpl/PermissionServiceImpl.java
View File

@ -123,23 +123,22 @@ public class PermissionServiceImpl implements PermissionService {
* @param ids * @param ids
*/ */
@Override @Override
public String[] filterExportIds(String[] ids){ public Map<String, Boolean> filterExportIds(String[] ids) {
Map<String, Boolean> map = new HashMap<>();
if (ids.length==0) { if (ids.length==0) {
return ids; return map;
} }
String userId=UserThreadLocal.getUserId(); String userId=UserThreadLocal.getUserId();
List<String> roleIds = getRoles(userId); List<String> roleIds = getRoles(userId);
List<String> result = new ArrayList<>();
for (String id : ids) { for (String id : ids) {
LambdaQueryWrapper<RolePermission> queryWrapper = new LambdaQueryWrapper<>(); LambdaQueryWrapper<RolePermission> queryWrapper = new LambdaQueryWrapper<>();
queryWrapper.eq(RolePermission::getFileId, id) queryWrapper.eq(RolePermission::getFileId, id)
.eq(RolePermission::getPermissionCode, FilePermission.EXPORT.getCode()) .eq(RolePermission::getPermissionCode, FilePermission.EXPORT.getCode())
.in(RolePermission::getRoleId, roleIds); .in(RolePermission::getRoleId, roleIds);
List<RolePermission> list = rolePermissionMapper.selectList(queryWrapper); long count = rolePermissionMapper.selectCount(queryWrapper);
if (!list.isEmpty()) { map.put(id, count > 0);
result.add(id);
} }
} return map;
return result.toArray(new String[0]);
} }
} }