electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/config/LoginInterceptor.java

@@ -2,7 +2,6 @@ package com.electromagnetic.industry.software.manage.config;
 
 import cn.hutool.core.date.SystemClock;
 import com.electromagnetic.industry.software.common.cons.UserConstants;
-import com.electromagnetic.industry.software.common.enums.AdminTypeEnum;
 import com.electromagnetic.industry.software.common.pojo.UserLoginInfo;
 import com.electromagnetic.industry.software.common.util.TokenUtil;
 import com.electromagnetic.industry.software.common.util.UserThreadLocal;
@@ -37,12 +36,12 @@ public class LoginInterceptor implements HandlerInterceptor {
     }
 
     private boolean checkSysAdminOperation(HttpServletRequest request, HttpServletResponse response) {
-        String requestURI = request.getRequestURI();
+//        String requestURI = request.getRequestURI();
-        if (requestURI.startsWith("/data/ed/prj") && !UserThreadLocal.getAdminType().equals(AdminTypeEnum.SYSTEM.getValue())) {
+//        if (requestURI.startsWith("/data/ed/prj") && !UserThreadLocal.getAdminType().equals(AdminTypeEnum.SYSTEM.getValue())) {
-            log.warn("{}没有层级操作权限，当前用户类型是{}", UserThreadLocal.getUsername(), UserThreadLocal.getAdminType());
+//            log.warn("{}没有层级操作权限，当前用户类型是{}", UserThreadLocal.getUsername(), UserThreadLocal.getAdminType());
-            response.setStatus(HttpServletResponse.SC_FORBIDDEN);
+//            response.setStatus(HttpServletResponse.SC_FORBIDDEN);
-            return false;
+//            return false;
-        }
+//        }
         return true;
     }
 

electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/PermissionService.java

@@ -42,5 +42,5 @@ public interface PermissionService {
      * 过滤有导出权限的文件id
      * @param ids
      */
-    Map<String, Boolean> filterExportIds(String[] ids);
+    String[] filterExportIds(String[] ids);
 }

electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/serviceimpl/EdFileInfoServiceImpl.java

@@ -72,10 +72,17 @@ public class EdFileInfoServiceImpl extends ServiceImpl<EdFileInfoMapper, EdFileI
     private Environment environment;
     @Resource
     private PermissionService permissionService;
+    @Resource
+    @Lazy
+    private EdFileRelationService edFileRelationService;
 
     private String downloadDataDir = "";
     private String uploadDataDir = "";
 
+    @Value("${file.security.passwd}")
+    private String password;
+
+
     @PostConstruct
     public void init() {
         String osName = System.getProperty("os.name").toLowerCase();
@@ -406,7 +413,7 @@ public class EdFileInfoServiceImpl extends ServiceImpl<EdFileInfoMapper, EdFileI
         String mainName = FileUtil.mainName(destColibPath);
         String parentDir = FileUtil.getParent(destColibPath, 1);
         String zipDirPath = parentDir + File.separator + mainName + ".zip";
-        AES aes = SecureUtil.aes(FILE_SEC_PASSWD.getBytes());
+        AES aes = SecureUtil.aes(password.getBytes());
         try (
                 InputStream inputStream = Files.newInputStream(Paths.get(destColibPath));
                 OutputStream outputStream = Files.newOutputStream(Paths.get(zipDirPath));
@@ -603,10 +610,6 @@ public class EdFileInfoServiceImpl extends ServiceImpl<EdFileInfoMapper, EdFileI
     public ResponseEntity<InputStreamResource> batchExport(String dataIdArr, HttpServletResponse response) throws IOException {
         String userDownloadDataDir = downloadDataDir + File.separator + UserThreadLocal.getUserId();
         String[] ids = dataIdArr.split(",");
-        Map<String, Boolean> map = permissionService.filterExportIds(ids);
-        if (map.containsValue(Boolean.FALSE)) {
-            throw new BizException(-1, "有未授权的层级接口，禁止导出");
-        }
         Map<String, EdFileInfo> maps = new HashMap<>();
         for (String id : ids) {
             Map<String, EdFileInfo> edFileInfos = this.baseMapper.selectList(Wrappers.lambdaQuery(EdFileInfo.class)
@@ -652,7 +655,7 @@ public class EdFileInfoServiceImpl extends ServiceImpl<EdFileInfoMapper, EdFileI
         }
 
         ZipUtil.zip(prjDirPath, exportZipFile);
-        AES aes = SecureUtil.aes(FILE_SEC_PASSWD.getBytes());
+        AES aes = SecureUtil.aes(password.getBytes());
         try (
                 InputStream inputStream = Files.newInputStream(Paths.get(exportZipFile));
                 OutputStream outputStream = Files.newOutputStream(Paths.get(exportColibFile));
@@ -742,7 +745,7 @@ public class EdFileInfoServiceImpl extends ServiceImpl<EdFileInfoMapper, EdFileI
                 this.saveOrUpdate(newEdFileInfo);
                 String fileDestPath = commonService.getFileSysPath(newEdFileInfo.getFilePath());
                 FileUtil.writeFromStream(file.getInputStream(), fileDestPath);
-                EleCommonUtil.encryptFile(fileDestPath, SecureUtil.aes(FILE_SEC_PASSWD.getBytes()));
+                EleCommonUtil.encryptFile(fileDestPath, SecureUtil.aes(password.getBytes()));
                 fileSystemService.save(FileUtil.getInputStream(fileDestPath), fileDestPath);
             }
         } catch (Exception e) {

electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/serviceimpl/EdFileRelationServiceImpl.java

@@ -45,6 +45,8 @@ public class EdFileRelationServiceImpl extends ServiceImpl<EdFileRelationMapper,
     private CommonService commonService;
     @Resource
     private FileSystemService fileSystemService;
+    @Value("${file.security.passwd}")
+    private String password;
 
     /**
      * 创建文件关系
@@ -233,7 +235,7 @@ public class EdFileRelationServiceImpl extends ServiceImpl<EdFileRelationMapper,
                 edFileInfoService.saveOrUpdate(newEdFileInfo);
                 String fileDestPath = commonService.getFileSysPath(newEdFileInfo.getFilePath());
                 FileUtil.writeFromStream(file.getInputStream(), fileDestPath);
-                EleCommonUtil.encryptFile(fileDestPath, SecureUtil.aes(FILE_SEC_PASSWD.getBytes()));
+                EleCommonUtil.encryptFile(fileDestPath, SecureUtil.aes(password.getBytes()));
                 fileSystemService.save(FileUtil.getInputStream(fileDestPath), fileDestPath);
 
                 // 创建文件关系

electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/serviceimpl/PermissionServiceImpl.java

@@ -123,22 +123,23 @@ public class PermissionServiceImpl implements PermissionService {
      * @param ids
      */
     @Override
-    public Map<String, Boolean> filterExportIds(String[] ids) {
+    public String[] filterExportIds(String[] ids){
-        Map<String, Boolean> map = new HashMap<>();
         if (ids.length==0) {
-            return map;
+            return ids;
         }
-
         String userId=UserThreadLocal.getUserId();
         List<String> roleIds = getRoles(userId);
+        List<String> result = new ArrayList<>();
         for (String id : ids) {
             LambdaQueryWrapper<RolePermission> queryWrapper = new LambdaQueryWrapper<>();
             queryWrapper.eq(RolePermission::getFileId, id)
                     .eq(RolePermission::getPermissionCode, FilePermission.EXPORT.getCode())
                     .in(RolePermission::getRoleId, roleIds);
-            long count = rolePermissionMapper.selectCount(queryWrapper);
+            List<RolePermission> list = rolePermissionMapper.selectList(queryWrapper);
-            map.put(id, count > 0);
+            if (!list.isEmpty()) {
-        }
+                result.add(id);
-        return map;
+            }
+        }
+        return result.toArray(new String[0]);
     }
 }

electromagnetic-common/src/main/java/com/electromagnetic/industry/software/common/cons/ElectromagneticConstants.java

@@ -13,6 +13,4 @@ public interface ElectromagneticConstants {
     String UPLOAD_FILE_CHUNK_SUFFIX = ".part";
 
     String NAME_VALID_MSG = "文件名不符合规范，只能包含中文字符、下划线、连字符、加号、数字和英文字符且长度小于32。";
-
-    String FILE_SEC_PASSWD = "adknfhkj87654knd";
 }