🐛 修改文章标签权限判断问题修复

This commit is contained in:
ronger 2022-02-17 16:46:36 +08:00
parent 2214623844
commit 2500be0fc3
4 changed files with 15 additions and 3 deletions

View File

@ -8,6 +8,7 @@ import com.rymcu.forest.entity.Article;
import com.rymcu.forest.entity.Portfolio; import com.rymcu.forest.entity.Portfolio;
import com.rymcu.forest.enumerate.Module; import com.rymcu.forest.enumerate.Module;
import com.rymcu.forest.jwt.def.JwtConstants; import com.rymcu.forest.jwt.def.JwtConstants;
import com.rymcu.forest.mapper.UserMapper;
import com.rymcu.forest.service.ArticleService; import com.rymcu.forest.service.ArticleService;
import com.rymcu.forest.service.PortfolioService; import com.rymcu.forest.service.PortfolioService;
import com.rymcu.forest.util.UserUtils; import com.rymcu.forest.util.UserUtils;
@ -52,6 +53,8 @@ public class AuthorshipAspect {
private ArticleService articleService; private ArticleService articleService;
@Resource @Resource
private PortfolioService portfolioService; private PortfolioService portfolioService;
@Resource
private UserMapper userMapper;
/** /**
* 检查用户修改信息权限 * 检查用户修改信息权限
@ -119,8 +122,15 @@ public class AuthorshipAspect {
TokenUser tokenUser = UserUtils.getTokenUser(authHeader); TokenUser tokenUser = UserUtils.getTokenUser(authHeader);
if (Objects.nonNull(tokenUser)) { if (Objects.nonNull(tokenUser)) {
if (!idAuthor.equals(tokenUser.getIdUser())) { if (!idAuthor.equals(tokenUser.getIdUser())) {
boolean hasPermission = false;
if (Module.ARTICLE_TAG.equals(log.moduleName())) {
// 判断管理员权限
hasPermission = userMapper.hasAdminPermission(tokenUser.getAccount());
}
if (!hasPermission) {
throw new BaseApiException(ErrorCode.ACCESS_DENIED); throw new BaseApiException(ErrorCode.ACCESS_DENIED);
} }
}
} else { } else {
throw new BaseApiException(ErrorCode.ACCESS_DENIED); throw new BaseApiException(ErrorCode.ACCESS_DENIED);
} }

View File

@ -8,5 +8,6 @@ package com.rymcu.forest.enumerate;
*/ */
public enum Module { public enum Module {
ARTICLE, ARTICLE,
PORTFOLIO; PORTFOLIO,
ARTICLE_TAG;
} }

View File

@ -69,6 +69,7 @@ public class UserUtils {
if (user != null) { if (user != null) {
TokenUser tokenUser = new TokenUser(); TokenUser tokenUser = new TokenUser();
BeanCopierUtil.copy(user, tokenUser); BeanCopierUtil.copy(user, tokenUser);
tokenUser.setAccount(user.getEmail());
tokenUser.setToken(token); tokenUser.setToken(token);
tokenUser.setWeights(userMapper.selectRoleWeightsByUser(user.getIdUser())); tokenUser.setWeights(userMapper.selectRoleWeightsByUser(user.getIdUser()));
return tokenUser; return tokenUser;

View File

@ -94,7 +94,7 @@ public class ArticleController {
} }
@PostMapping("/update-tags") @PostMapping("/update-tags")
@AuthorshipInterceptor(moduleName = Module.ARTICLE) @AuthorshipInterceptor(moduleName = Module.ARTICLE_TAG)
public GlobalResult updateTags(@RequestBody Article article) throws BaseApiException, UnsupportedEncodingException { public GlobalResult updateTags(@RequestBody Article article) throws BaseApiException, UnsupportedEncodingException {
Map map = articleService.updateTags(article.getIdArticle(), article.getArticleTags()); Map map = articleService.updateTags(article.getIdArticle(), article.getArticleTags());
return GlobalResultGenerator.genSuccessResult(map); return GlobalResultGenerator.genSuccessResult(map);