🐛 修改文章标签权限判断问题修复
This commit is contained in:
parent
2214623844
commit
2500be0fc3
@ -8,6 +8,7 @@ import com.rymcu.forest.entity.Article;
|
|||||||
import com.rymcu.forest.entity.Portfolio;
|
import com.rymcu.forest.entity.Portfolio;
|
||||||
import com.rymcu.forest.enumerate.Module;
|
import com.rymcu.forest.enumerate.Module;
|
||||||
import com.rymcu.forest.jwt.def.JwtConstants;
|
import com.rymcu.forest.jwt.def.JwtConstants;
|
||||||
|
import com.rymcu.forest.mapper.UserMapper;
|
||||||
import com.rymcu.forest.service.ArticleService;
|
import com.rymcu.forest.service.ArticleService;
|
||||||
import com.rymcu.forest.service.PortfolioService;
|
import com.rymcu.forest.service.PortfolioService;
|
||||||
import com.rymcu.forest.util.UserUtils;
|
import com.rymcu.forest.util.UserUtils;
|
||||||
@ -52,6 +53,8 @@ public class AuthorshipAspect {
|
|||||||
private ArticleService articleService;
|
private ArticleService articleService;
|
||||||
@Resource
|
@Resource
|
||||||
private PortfolioService portfolioService;
|
private PortfolioService portfolioService;
|
||||||
|
@Resource
|
||||||
|
private UserMapper userMapper;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 检查用户修改信息权限
|
* 检查用户修改信息权限
|
||||||
@ -119,7 +122,14 @@ public class AuthorshipAspect {
|
|||||||
TokenUser tokenUser = UserUtils.getTokenUser(authHeader);
|
TokenUser tokenUser = UserUtils.getTokenUser(authHeader);
|
||||||
if (Objects.nonNull(tokenUser)) {
|
if (Objects.nonNull(tokenUser)) {
|
||||||
if (!idAuthor.equals(tokenUser.getIdUser())) {
|
if (!idAuthor.equals(tokenUser.getIdUser())) {
|
||||||
throw new BaseApiException(ErrorCode.ACCESS_DENIED);
|
boolean hasPermission = false;
|
||||||
|
if (Module.ARTICLE_TAG.equals(log.moduleName())) {
|
||||||
|
// 判断管理员权限
|
||||||
|
hasPermission = userMapper.hasAdminPermission(tokenUser.getAccount());
|
||||||
|
}
|
||||||
|
if (!hasPermission) {
|
||||||
|
throw new BaseApiException(ErrorCode.ACCESS_DENIED);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
throw new BaseApiException(ErrorCode.ACCESS_DENIED);
|
throw new BaseApiException(ErrorCode.ACCESS_DENIED);
|
||||||
|
@ -8,5 +8,6 @@ package com.rymcu.forest.enumerate;
|
|||||||
*/
|
*/
|
||||||
public enum Module {
|
public enum Module {
|
||||||
ARTICLE,
|
ARTICLE,
|
||||||
PORTFOLIO;
|
PORTFOLIO,
|
||||||
|
ARTICLE_TAG;
|
||||||
}
|
}
|
||||||
|
@ -69,6 +69,7 @@ public class UserUtils {
|
|||||||
if (user != null) {
|
if (user != null) {
|
||||||
TokenUser tokenUser = new TokenUser();
|
TokenUser tokenUser = new TokenUser();
|
||||||
BeanCopierUtil.copy(user, tokenUser);
|
BeanCopierUtil.copy(user, tokenUser);
|
||||||
|
tokenUser.setAccount(user.getEmail());
|
||||||
tokenUser.setToken(token);
|
tokenUser.setToken(token);
|
||||||
tokenUser.setWeights(userMapper.selectRoleWeightsByUser(user.getIdUser()));
|
tokenUser.setWeights(userMapper.selectRoleWeightsByUser(user.getIdUser()));
|
||||||
return tokenUser;
|
return tokenUser;
|
||||||
|
@ -94,7 +94,7 @@ public class ArticleController {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@PostMapping("/update-tags")
|
@PostMapping("/update-tags")
|
||||||
@AuthorshipInterceptor(moduleName = Module.ARTICLE)
|
@AuthorshipInterceptor(moduleName = Module.ARTICLE_TAG)
|
||||||
public GlobalResult updateTags(@RequestBody Article article) throws BaseApiException, UnsupportedEncodingException {
|
public GlobalResult updateTags(@RequestBody Article article) throws BaseApiException, UnsupportedEncodingException {
|
||||||
Map map = articleService.updateTags(article.getIdArticle(), article.getArticleTags());
|
Map map = articleService.updateTags(article.getIdArticle(), article.getArticleTags());
|
||||||
return GlobalResultGenerator.genSuccessResult(map);
|
return GlobalResultGenerator.genSuccessResult(map);
|
||||||
|
Loading…
Reference in New Issue
Block a user