权限优化

2019-06-01 09:36:55 +08:00
parent 7f4f3fd432
commit 48f81dc547
22 changed files with 228 additions and 38 deletions
--- a/zyplayer-doc-wiki/src/main/java/com/zyplayer/doc/wiki/controller/WikiPageAuthController.java
+++ b/zyplayer-doc-wiki/src/main/java/com/zyplayer/doc/wiki/controller/WikiPageAuthController.java
@@ -0,0 +1,86 @@
+package com.zyplayer.doc.wiki.controller;
+
+import com.zyplayer.doc.core.json.DocResponseJson;
+import com.zyplayer.doc.core.json.ResponseJson;
+import com.zyplayer.doc.data.aspect.AuthMan;
+import com.zyplayer.doc.data.config.security.DocUserDetails;
+import com.zyplayer.doc.data.config.security.DocUserUtil;
+import com.zyplayer.doc.data.repository.manage.entity.*;
+import com.zyplayer.doc.data.service.manage.*;
+import com.zyplayer.doc.wiki.framework.consts.SpaceType;
+import com.zyplayer.doc.wiki.framework.consts.WikiAuthType;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import javax.annotation.Resource;
+import java.util.Date;
+import java.util.List;
+import java.util.Objects;
+
+/**
+ * 文档控制器
+ *
+ * @author 暮光：城中城
+ * @since 2019年2月17日
+ */
+@AuthMan
+@RestController
+@RequestMapping("/zyplayer-doc-wiki/page/auth")
+public class WikiPageAuthController {
+	private static Logger logger = LoggerFactory.getLogger(WikiPageAuthController.class);
+	
+	@Resource
+	WikiPageZanService wikiPageZanService;
+	@Resource
+	WikiSpaceService wikiSpaceService;
+	@Resource
+	WikiPageService wikiPageService;
+	@Resource
+	UserAuthService userAuthService;
+	@Resource
+	AuthInfoService authInfoService;
+	
+	@PostMapping("/assign")
+	public ResponseJson<List<WikiPageZan>> assign(Long pageId, Long userId, Long authId) {
+		DocUserDetails currentUser = DocUserUtil.getCurrentUser();
+		WikiPage wikiPageSel = wikiPageService.getById(pageId);
+		WikiSpace wikiSpaceSel = wikiSpaceService.getById(wikiPageSel.getSpaceId());
+		if (SpaceType.isPrivate(wikiSpaceSel.getType())) {
+			return DocResponseJson.warn("");
+		}
+		if (SpaceType.isPublic(wikiSpaceSel.getType())) {
+			return DocResponseJson.warn("");
+		}
+		if (!SpaceType.isPersonal(wikiSpaceSel.getType())) {
+			return DocResponseJson.warn("");
+		}
+		if (!Objects.equals(currentUser.getUserId(), wikiSpaceSel.getCreateUserId())) {
+			if (!DocUserUtil.havePageAuth(WikiAuthType.PAGE_AUTH_MANAGE.getName(), pageId)) {
+				return DocResponseJson.warn("");
+			}
+		}
+		AuthInfo authInfo = authInfoService.getById(authId);
+		if (authInfo == null) {
+			return DocResponseJson.warn("");
+		}
+		UserAuth userAuth = new UserAuth();
+		userAuth.setAuthId(authId);
+		userAuth.setCreateUid(currentUser.getUserId());
+		userAuth.setCreationTime(new Date());
+		userAuth.setDelFlag(0);
+		userAuth.setUserId(userId);
+		userAuth.setAuthCustomSuffix(String.valueOf(pageId));
+		userAuthService.save(userAuth);
+		return DocResponseJson.ok();
+	}
+	
+	@PostMapping("/update")
+	public ResponseJson<Object> update(WikiPageZan wikiPageZan) {
+		DocUserDetails currentUser = DocUserUtil.getCurrentUser();
+		return DocResponseJson.ok();
+	}
+}
+
--- a/zyplayer-doc-wiki/src/main/java/com/zyplayer/doc/wiki/controller/WikiPageCommentController.java
+++ b/zyplayer-doc-wiki/src/main/java/com/zyplayer/doc/wiki/controller/WikiPageCommentController.java
@@ -13,6 +13,7 @@ import com.zyplayer.doc.data.service.manage.WikiPageCommentService;
 import com.zyplayer.doc.data.service.manage.WikiPageService;
 import com.zyplayer.doc.data.service.manage.WikiSpaceService;
 import com.zyplayer.doc.wiki.controller.vo.WikiPageCommentVo;
+import com.zyplayer.doc.wiki.framework.consts.SpaceType;
 import org.dozer.Mapper;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -24,7 +25,6 @@ import javax.annotation.Resource;
 import java.util.Date;
 import java.util.List;
 import java.util.Map;
-import java.util.Objects;
 import java.util.stream.Collectors;

 /**
@@ -54,7 +54,7 @@ public class WikiPageCommentController {
 		WikiPage wikiPageSel = wikiPageService.getById(pageComment.getPageId());
 		WikiSpace wikiSpaceSel = wikiSpaceService.getById(wikiPageSel.getSpaceId());
 		// 私人空间
-		if (Objects.equals(wikiSpaceSel.getType(), 3) && !currentUser.getUserId().equals(wikiSpaceSel.getCreateUserId())) {
+		if (SpaceType.isOthersPrivate(wikiSpaceSel.getType(), currentUser.getUserId(), wikiSpaceSel.getCreateUserId())) {
 			return DocResponseJson.warn("您没有查看该空间的评论权！");
 		}
 		UpdateWrapper<WikiPageComment> wrapper = new UpdateWrapper<>();
@@ -87,7 +87,7 @@ public class WikiPageCommentController {
 		WikiPage wikiPageSel = wikiPageService.getById(pageId);
 		WikiSpace wikiSpaceSel = wikiSpaceService.getById(wikiPageSel.getSpaceId());
 		// 私人空间
-		if (Objects.equals(wikiSpaceSel.getType(), 3) && !currentUser.getUserId().equals(wikiSpaceSel.getCreateUserId())) {
+		if (SpaceType.isOthersPrivate(wikiSpaceSel.getType(), currentUser.getUserId(), wikiSpaceSel.getCreateUserId())) {
 			return DocResponseJson.warn("您没有该空间的评论权！");
 		}
 		if (id != null && id > 0) {
--- a/zyplayer-doc-wiki/src/main/java/com/zyplayer/doc/wiki/controller/WikiPageController.java
+++ b/zyplayer-doc-wiki/src/main/java/com/zyplayer/doc/wiki/controller/WikiPageController.java
@@ -10,6 +10,7 @@ import com.zyplayer.doc.data.repository.manage.entity.*;
 import com.zyplayer.doc.data.service.manage.*;
 import com.zyplayer.doc.wiki.controller.vo.WikiPageContentVo;
 import com.zyplayer.doc.wiki.controller.vo.WikiPageVo;
+import com.zyplayer.doc.wiki.framework.consts.SpaceType;
 import org.apache.commons.lang3.StringUtils;
 import org.dozer.Mapper;
 import org.slf4j.Logger;
@@ -52,15 +53,15 @@ public class WikiPageController {
 		DocUserDetails currentUser = DocUserUtil.getCurrentUser();
 		WikiSpace wikiSpaceSel = wikiSpaceService.getById(wikiPage.getSpaceId());
 		// 私人空间
-		if (Objects.equals(wikiSpaceSel.getType(), 3) && !currentUser.getUserId().equals(wikiSpaceSel.getCreateUserId())) {
+		if (SpaceType.isOthersPrivate(wikiSpaceSel.getType(), currentUser.getUserId(), wikiSpaceSel.getCreateUserId())) {
 			return DocResponseJson.warn("您没有查看该空间的文章列表！");
 		}
 		UpdateWrapper<WikiPage> wrapper = new UpdateWrapper<>();
 		wrapper.eq("del_flag", 0);
 		wrapper.eq("space_id", wikiPage.getSpaceId());
 		wrapper.eq(wikiPage.getParentId() != null, "parent_id", wikiPage.getParentId());
-		List<WikiPage> authList = wikiPageService.list(wrapper);
-		Map<Long, List<WikiPageVo>> listMap = authList.stream().map(val -> mapper.map(val, WikiPageVo.class)).collect(Collectors.groupingBy(WikiPageVo::getParentId));
+		List<WikiPage> wikiPageList = wikiPageService.list(wrapper);
+		Map<Long, List<WikiPageVo>> listMap = wikiPageList.stream().map(val -> mapper.map(val, WikiPageVo.class)).collect(Collectors.groupingBy(WikiPageVo::getParentId));
 		List<WikiPageVo> nodePageList;
 		if (wikiPage.getParentId() == null) {
 			nodePageList = listMap.get(0L);
@@ -77,7 +78,7 @@ public class WikiPageController {
 		WikiPage wikiPageSel = wikiPageService.getById(wikiPage.getId());
 		WikiSpace wikiSpaceSel = wikiSpaceService.getById(wikiPageSel.getSpaceId());
 		// 私人空间
-		if (Objects.equals(wikiSpaceSel.getType(), 3) && !currentUser.getUserId().equals(wikiSpaceSel.getCreateUserId())) {
+		if (SpaceType.isOthersPrivate(wikiSpaceSel.getType(), currentUser.getUserId(), wikiSpaceSel.getCreateUserId())) {
 			return DocResponseJson.warn("您没有查看该空间的文章详情！");
 		}
 		UpdateWrapper<WikiPageContent> wrapper = new UpdateWrapper<>();
@@ -122,7 +123,7 @@ public class WikiPageController {
 			}
 			WikiSpace wikiSpaceSel = wikiSpaceService.getById(wikiPageSel.getSpaceId());
 			// 私人空间不允许调用接口获取文章
-			if (Objects.equals(wikiSpaceSel.getType(), 3) && !currentUser.getUserId().equals(wikiSpaceSel.getCreateUserId())) {
+			if (SpaceType.isOthersPrivate(wikiSpaceSel.getType(), currentUser.getUserId(), wikiSpaceSel.getCreateUserId())) {
 				return DocResponseJson.warn("您没有修改该空间的文章权限！");
 			}
 			wikiPage.setEditType(null);
--- a/zyplayer-doc-wiki/src/main/java/com/zyplayer/doc/wiki/controller/WikiPageFileController.java
+++ b/zyplayer-doc-wiki/src/main/java/com/zyplayer/doc/wiki/controller/WikiPageFileController.java
@@ -11,6 +11,7 @@ import com.zyplayer.doc.data.repository.manage.entity.WikiSpace;
 import com.zyplayer.doc.data.service.manage.WikiPageFileService;
 import com.zyplayer.doc.data.service.manage.WikiPageService;
 import com.zyplayer.doc.data.service.manage.WikiSpaceService;
+import com.zyplayer.doc.wiki.framework.consts.SpaceType;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -19,7 +20,6 @@ import org.springframework.web.bind.annotation.RestController;

 import javax.annotation.Resource;
 import java.util.Date;
-import java.util.Objects;

 /**
 * 文档控制器
@@ -69,7 +69,7 @@ public class WikiPageFileController {
 		WikiPage wikiPageSel = wikiPageService.getById(pageId);
 		WikiSpace wikiSpaceSel = wikiSpaceService.getById(wikiPageSel.getSpaceId());
 		// 私人空间
-		if (Objects.equals(wikiSpaceSel.getType(), 3) && !currentUser.getUserId().equals(wikiSpaceSel.getCreateUserId())) {
+		if (SpaceType.isOthersPrivate(wikiSpaceSel.getType(), currentUser.getUserId(), wikiSpaceSel.getCreateUserId())) {
 			return DocResponseJson.warn("您没有该空间的文件上传权限！");
 		}
 		if (id != null && id > 0) {
--- a/zyplayer-doc-wiki/src/main/java/com/zyplayer/doc/wiki/controller/WikiPageZanController.java
+++ b/zyplayer-doc-wiki/src/main/java/com/zyplayer/doc/wiki/controller/WikiPageZanController.java
@@ -12,6 +12,7 @@ import com.zyplayer.doc.data.repository.manage.entity.WikiSpace;
 import com.zyplayer.doc.data.service.manage.WikiPageService;
 import com.zyplayer.doc.data.service.manage.WikiPageZanService;
 import com.zyplayer.doc.data.service.manage.WikiSpaceService;
+import com.zyplayer.doc.wiki.framework.consts.SpaceType;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -20,7 +21,6 @@ import org.springframework.web.bind.annotation.RestController;

 import javax.annotation.Resource;
 import java.util.List;
-import java.util.Objects;

 /**
 * 文档控制器
@@ -47,7 +47,7 @@ public class WikiPageZanController {
 		WikiPage wikiPageSel = wikiPageService.getById(wikiPageZan.getPageId());
 		WikiSpace wikiSpaceSel = wikiSpaceService.getById(wikiPageSel.getSpaceId());
 		// 私人空间
-		if (Objects.equals(wikiSpaceSel.getType(), 3) && !currentUser.getUserId().equals(wikiSpaceSel.getCreateUserId())) {
+		if (SpaceType.isOthersPrivate(wikiSpaceSel.getType(), currentUser.getUserId(), wikiSpaceSel.getCreateUserId())) {
 			return DocResponseJson.warn("您没有获取该空间的点赞列表权限！");
 		}
 		UpdateWrapper<WikiPageZan> wrapper = new UpdateWrapper<>();
@@ -74,7 +74,7 @@ public class WikiPageZanController {
 		WikiPage wikiPageSel = wikiPageService.getById(pageId);
 		WikiSpace wikiSpaceSel = wikiSpaceService.getById(wikiPageSel.getSpaceId());
 		// 私人空间
-		if (Objects.equals(wikiSpaceSel.getType(), 3) && !currentUser.getUserId().equals(wikiSpaceSel.getCreateUserId())) {
+		if (SpaceType.isOthersPrivate(wikiSpaceSel.getType(), currentUser.getUserId(), wikiSpaceSel.getCreateUserId())) {
 			return DocResponseJson.warn("您没有该空间的点赞权限！");
 		}
 		wikiPageZanService.zanPage(wikiPageZan);
--- a/zyplayer-doc-wiki/src/main/java/com/zyplayer/doc/wiki/controller/WikiSpaceController.java
+++ b/zyplayer-doc-wiki/src/main/java/com/zyplayer/doc/wiki/controller/WikiSpaceController.java
@@ -9,6 +9,7 @@ import com.zyplayer.doc.data.config.security.DocUserDetails;
 import com.zyplayer.doc.data.config.security.DocUserUtil;
 import com.zyplayer.doc.data.repository.manage.entity.WikiSpace;
 import com.zyplayer.doc.data.service.manage.WikiSpaceService;
+import com.zyplayer.doc.wiki.framework.consts.SpaceType;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -55,7 +56,7 @@ public class WikiSpaceController {
 			if (Objects.equals(wikiSpaceSel.getEditType(), 1)) {
 				return DocResponseJson.warn("当前空间不允许编辑！");
 			}
-			if (Objects.equals(wikiSpaceSel.getType(), 3) && !currentUser.getUserId().equals(wikiSpaceSel.getCreateUserId())) {
+			if (SpaceType.isOthersPrivate(wikiSpaceSel.getType(), currentUser.getUserId(), wikiSpaceSel.getCreateUserId())) {
 				return DocResponseJson.warn("您没有该空间的编辑权！");
 			}
 			wikiSpace.setUuid(null);
--- a/zyplayer-doc-wiki/src/main/java/com/zyplayer/doc/wiki/framework/consts/SpaceType.java
+++ b/zyplayer-doc-wiki/src/main/java/com/zyplayer/doc/wiki/framework/consts/SpaceType.java
@@ -0,0 +1,29 @@
+package com.zyplayer.doc.wiki.framework.consts;
+
+import java.util.Objects;
+
+public class SpaceType {
+	public static final Integer publicSpace = 1;
+	public static final Integer personalSpace = 2;
+	public static final Integer privateSpace = 3;
+	
+	public static boolean isPublic(Integer type){
+		return Objects.equals(type, publicSpace);
+	}
+	
+	public static boolean isPersonal(Integer type){
+		return Objects.equals(type, personalSpace);
+	}
+	
+	public static boolean isPrivate(Integer type){
+		return Objects.equals(type, privateSpace);
+	}
+	
+	public static boolean isSelfPrivate(Integer type, Long loginUserId, Long spaceUserId){
+		return Objects.equals(type, privateSpace) && Objects.equals(loginUserId, spaceUserId);
+	}
+	
+	public static boolean isOthersPrivate(Integer type, Long loginUserId, Long spaceUserId){
+		return Objects.equals(type, privateSpace) && !Objects.equals(loginUserId, spaceUserId);
+	}
+}
--- a/zyplayer-doc-wiki/src/main/java/com/zyplayer/doc/wiki/framework/consts/WikiAuthType.java
+++ b/zyplayer-doc-wiki/src/main/java/com/zyplayer/doc/wiki/framework/consts/WikiAuthType.java
@@ -0,0 +1,35 @@
+package com.zyplayer.doc.wiki.framework.consts;
+
+public enum WikiAuthType {
+	CREATE_PAGE(1, "CREATE_PAGE_"),
+	VIEW_PAGE(1, "VIEW_PAGE_"),
+	COMMENT_PAGE(1, "COMMENT_PAGE_"),
+	DELETE_PAGE(1, "DELETE_PAGE_"),
+	PAGE_FILE_UPLOAD(1, "PAGE_FILE_UPLOAD_"),
+	PAGE_FILE_DELETE(1, "PAGE_FILE_DELETE_"),
+	PAGE_AUTH_MANAGE(1, "PAGE_AUTH_MANAGE_"),
+	;
+	private Integer type;
+	private String name;
+	
+	WikiAuthType(Integer type, String name) {
+		this.type = type;
+		this.name = name;
+	}
+	
+	public Integer getType() {
+		return type;
+	}
+	
+	public void setType(Integer type) {
+		this.type = type;
+	}
+	
+	public String getName() {
+		return name;
+	}
+	
+	public void setName(String name) {
+		this.name = name;
+	}
+}