sql执行器开发,增加权限
This commit is contained in:
暮光:城中城
@@ -4,9 +4,9 @@ import cn.hutool.core.date.DateTime;
|
||||
import cn.hutool.core.util.RandomUtil;
|
||||
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
|
||||
import com.baomidou.mybatisplus.core.conditions.update.UpdateWrapper;
|
||||
import com.zyplayer.doc.core.annotation.AuthMan;
|
||||
import com.zyplayer.doc.core.json.DocResponseJson;
|
||||
import com.zyplayer.doc.core.json.ResponseJson;
|
||||
import com.zyplayer.doc.core.annotation.AuthMan;
|
||||
import com.zyplayer.doc.data.config.security.DocUserDetails;
|
||||
import com.zyplayer.doc.data.config.security.DocUserUtil;
|
||||
import com.zyplayer.doc.data.repository.manage.entity.UserInfo;
|
||||
@@ -14,6 +14,7 @@ import com.zyplayer.doc.data.repository.manage.entity.WikiPage;
|
||||
import com.zyplayer.doc.data.repository.manage.entity.WikiPageFile;
|
||||
import com.zyplayer.doc.data.repository.manage.entity.WikiSpace;
|
||||
import com.zyplayer.doc.data.repository.manage.mapper.WikiPageFileMapper;
|
||||
import com.zyplayer.doc.data.repository.support.consts.DocAuthConst;
|
||||
import com.zyplayer.doc.data.service.manage.UserInfoService;
|
||||
import com.zyplayer.doc.data.service.manage.WikiPageFileService;
|
||||
import com.zyplayer.doc.data.service.manage.WikiPageService;
|
||||
@@ -100,7 +101,7 @@ public class WikiCommonController {
|
||||
}
|
||||
// 空间不是自己的,也没有权限
|
||||
if (SpaceType.isOthersPersonal(wikiSpaceSel.getType(), currentUser.getUserId(), wikiSpaceSel.getCreateUserId())) {
|
||||
boolean pageAuth = DocUserUtil.havePageAuth(WikiAuthType.PAGE_FILE_UPLOAD.getName(), pageId);
|
||||
boolean pageAuth = DocUserUtil.haveCustomAuth(WikiAuthType.PAGE_FILE_UPLOAD.getName(), DocAuthConst.WIKI + pageId);
|
||||
if (!pageAuth) {
|
||||
return DocResponseJson.warn("您没有修改该文章附件的权限!");
|
||||
}
|
||||
|
||||
@@ -2,12 +2,13 @@ package com.zyplayer.doc.wiki.controller;
|
||||
|
||||
import com.alibaba.fastjson.JSON;
|
||||
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
|
||||
import com.zyplayer.doc.core.annotation.AuthMan;
|
||||
import com.zyplayer.doc.core.json.DocResponseJson;
|
||||
import com.zyplayer.doc.core.json.ResponseJson;
|
||||
import com.zyplayer.doc.core.annotation.AuthMan;
|
||||
import com.zyplayer.doc.data.config.security.DocUserDetails;
|
||||
import com.zyplayer.doc.data.config.security.DocUserUtil;
|
||||
import com.zyplayer.doc.data.repository.manage.entity.*;
|
||||
import com.zyplayer.doc.data.repository.support.consts.DocAuthConst;
|
||||
import com.zyplayer.doc.data.service.manage.*;
|
||||
import com.zyplayer.doc.wiki.controller.vo.UserPageAuthVo;
|
||||
import com.zyplayer.doc.wiki.framework.consts.SpaceType;
|
||||
@@ -64,7 +65,7 @@ public class WikiPageAuthController {
|
||||
return DocResponseJson.warn("只有个人空间才可以编辑权限");
|
||||
}
|
||||
if (!Objects.equals(currentUser.getUserId(), wikiSpaceSel.getCreateUserId())) {
|
||||
if (!DocUserUtil.havePageAuth(WikiAuthType.PAGE_AUTH_MANAGE.getName(), pageId)) {
|
||||
if (!DocUserUtil.haveCustomAuth(WikiAuthType.PAGE_AUTH_MANAGE.getName(), DocAuthConst.WIKI + pageId)) {
|
||||
return DocResponseJson.warn("您不是创建人或没有权限修改");
|
||||
}
|
||||
}
|
||||
@@ -75,12 +76,10 @@ public class WikiPageAuthController {
|
||||
Map<String, Long> authInfoMap = authInfoList.stream().collect(Collectors.toMap(AuthInfo::getAuthName, AuthInfo::getId));
|
||||
|
||||
// 先删除页面的所有用户的权限
|
||||
UserAuth userAuthDel = new UserAuth();
|
||||
userAuthDel.setDelFlag(1);
|
||||
QueryWrapper<UserAuth> updateWrapper = new QueryWrapper<>();
|
||||
updateWrapper.eq("auth_custom_suffix", pageId);
|
||||
updateWrapper.eq("auth_custom_suffix", DocAuthConst.WIKI + pageId);
|
||||
updateWrapper.eq("del_flag", 0);
|
||||
userAuthService.update(userAuthDel, updateWrapper);
|
||||
userAuthService.remove(updateWrapper);
|
||||
|
||||
List<UserPageAuthVo> authVoList = JSON.parseArray(authList, UserPageAuthVo.class);
|
||||
for (UserPageAuthVo authVo : authVoList) {
|
||||
@@ -130,12 +129,12 @@ public class WikiPageAuthController {
|
||||
WikiPage wikiPageSel = wikiPageService.getById(pageId);
|
||||
WikiSpace wikiSpaceSel = wikiSpaceService.getById(wikiPageSel.getSpaceId());
|
||||
if (!Objects.equals(currentUser.getUserId(), wikiSpaceSel.getCreateUserId())) {
|
||||
if (!DocUserUtil.havePageAuth(WikiAuthType.PAGE_AUTH_MANAGE.getName(), pageId)) {
|
||||
if (!DocUserUtil.haveCustomAuth(WikiAuthType.PAGE_AUTH_MANAGE.getName(), DocAuthConst.WIKI + pageId)) {
|
||||
return DocResponseJson.warn("您没有权限管理该页面的权限");
|
||||
}
|
||||
}
|
||||
QueryWrapper<UserAuth> queryWrapper = new QueryWrapper<>();
|
||||
queryWrapper.eq("auth_custom_suffix", pageId);
|
||||
queryWrapper.eq("auth_custom_suffix", DocAuthConst.WIKI + pageId);
|
||||
queryWrapper.eq("del_flag", 0);
|
||||
List<UserAuth> authList = userAuthService.list(queryWrapper);
|
||||
if (CollectionUtils.isEmpty(authList)) {
|
||||
@@ -172,7 +171,7 @@ public class WikiPageAuthController {
|
||||
|
||||
private UserAuth createUserAuth(Long pageId, Long loginUserId, Long userId, Long authId){
|
||||
UserAuth userAuth = new UserAuth();
|
||||
userAuth.setAuthCustomSuffix(String.valueOf(pageId));
|
||||
userAuth.setAuthCustomSuffix(DocAuthConst.WIKI + pageId);
|
||||
userAuth.setCreationTime(new Date());
|
||||
userAuth.setCreateUid(loginUserId);
|
||||
userAuth.setDelFlag(0);
|
||||
|
||||
@@ -92,7 +92,7 @@ public class WikiPageCommentController {
|
||||
}
|
||||
// 空间不是自己的,也没有权限,感觉评论没必要加权限,先去掉
|
||||
// if (SpaceType.isOthersPersonal(wikiSpaceSel.getType(), currentUser.getUserId(), wikiSpaceSel.getCreateUserId())) {
|
||||
// boolean pageAuth = DocUserUtil.havePageAuth(WikiAuthType.COMMENT_PAGE.getName(), pageId);
|
||||
// boolean pageAuth = DocUserUtil.haveCustomAuth(WikiAuthType.COMMENT_PAGE.getName(), pageId);
|
||||
// if (!pageAuth) {
|
||||
// return DocResponseJson.warn("您没有评论该文章的权限!");
|
||||
// }
|
||||
|
||||
@@ -14,6 +14,7 @@ import com.zyplayer.doc.data.repository.manage.mapper.WikiPageContentMapper;
|
||||
import com.zyplayer.doc.data.repository.manage.mapper.WikiPageMapper;
|
||||
import com.zyplayer.doc.data.repository.manage.param.SearchByEsParam;
|
||||
import com.zyplayer.doc.data.repository.manage.vo.SpaceNewsVo;
|
||||
import com.zyplayer.doc.data.repository.support.consts.DocAuthConst;
|
||||
import com.zyplayer.doc.data.service.elasticsearch.entity.EsWikiPage;
|
||||
import com.zyplayer.doc.data.service.elasticsearch.service.EsWikiPageService;
|
||||
import com.zyplayer.doc.data.service.elasticsearch.support.EsPage;
|
||||
@@ -157,7 +158,7 @@ public class WikiPageController {
|
||||
}
|
||||
// 空间不是自己的,也没有权限
|
||||
if (SpaceType.isOthersPersonal(wikiSpaceSel.getType(), currentUser.getUserId(), wikiSpaceSel.getCreateUserId())) {
|
||||
boolean pageAuth = DocUserUtil.havePageAuth(WikiAuthType.EDIT_PAGE.getName(), id);
|
||||
boolean pageAuth = DocUserUtil.haveCustomAuth(WikiAuthType.EDIT_PAGE.getName(), DocAuthConst.WIKI + id);
|
||||
if (!pageAuth) {
|
||||
return DocResponseJson.warn("您没有修改该文章的权限!");
|
||||
}
|
||||
@@ -186,7 +187,7 @@ public class WikiPageController {
|
||||
}
|
||||
// 空间不是自己的,也没有权限
|
||||
if (SpaceType.isOthersPersonal(wikiSpaceSel.getType(), currentUser.getUserId(), wikiSpaceSel.getCreateUserId())) {
|
||||
boolean pageAuth = DocUserUtil.havePageAuth(WikiAuthType.DELETE_PAGE.getName(), pageId);
|
||||
boolean pageAuth = DocUserUtil.haveCustomAuth(WikiAuthType.DELETE_PAGE.getName(), DocAuthConst.WIKI + pageId);
|
||||
if (!pageAuth) {
|
||||
return DocResponseJson.warn("您没有删除该文章的权限!");
|
||||
}
|
||||
@@ -228,7 +229,7 @@ public class WikiPageController {
|
||||
}
|
||||
// 空间不是自己的,也没有权限
|
||||
if (SpaceType.isOthersPersonal(wikiSpaceSel.getType(), currentUser.getUserId(), wikiSpaceSel.getCreateUserId())) {
|
||||
boolean pageAuth = DocUserUtil.havePageAuth(WikiAuthType.EDIT_PAGE.getName(), pageId);
|
||||
boolean pageAuth = DocUserUtil.haveCustomAuth(WikiAuthType.EDIT_PAGE.getName(), DocAuthConst.WIKI + pageId);
|
||||
if (!pageAuth) {
|
||||
return DocResponseJson.warn("您没有修改该文章的权限!");
|
||||
}
|
||||
|
||||
@@ -1,13 +1,14 @@
|
||||
package com.zyplayer.doc.wiki.controller;
|
||||
|
||||
import com.zyplayer.doc.core.annotation.AuthMan;
|
||||
import com.zyplayer.doc.core.json.DocResponseJson;
|
||||
import com.zyplayer.doc.core.json.ResponseJson;
|
||||
import com.zyplayer.doc.core.annotation.AuthMan;
|
||||
import com.zyplayer.doc.data.config.security.DocUserDetails;
|
||||
import com.zyplayer.doc.data.config.security.DocUserUtil;
|
||||
import com.zyplayer.doc.data.repository.manage.entity.WikiPage;
|
||||
import com.zyplayer.doc.data.repository.manage.entity.WikiPageFile;
|
||||
import com.zyplayer.doc.data.repository.manage.entity.WikiSpace;
|
||||
import com.zyplayer.doc.data.repository.support.consts.DocAuthConst;
|
||||
import com.zyplayer.doc.data.service.manage.WikiPageFileService;
|
||||
import com.zyplayer.doc.data.service.manage.WikiPageService;
|
||||
import com.zyplayer.doc.data.service.manage.WikiSpaceService;
|
||||
@@ -75,7 +76,7 @@ public class WikiPageFileController {
|
||||
}
|
||||
// 空间不是自己的,也没有权限
|
||||
if (SpaceType.isOthersPersonal(wikiSpaceSel.getType(), currentUser.getUserId(), wikiSpaceSel.getCreateUserId())) {
|
||||
boolean pageAuth = DocUserUtil.havePageAuth(WikiAuthType.PAGE_FILE_UPLOAD.getName(), pageId);
|
||||
boolean pageAuth = DocUserUtil.haveCustomAuth(WikiAuthType.PAGE_FILE_UPLOAD.getName(), DocAuthConst.WIKI + pageId);
|
||||
if (!pageAuth) {
|
||||
return DocResponseJson.warn("您没有修改该文章附件的权限!");
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user