diff --git a/pom.xml b/pom.xml index 57e38bc..2d6927e 100644 --- a/pom.xml +++ b/pom.xml @@ -163,7 +163,7 @@ org.apache.logging.log4j log4j-to-slf4j - 2.17.0 + 2.17.1 org.apache.logging.log4j @@ -174,7 +174,7 @@ org.apache.logging.log4j log4j-api - 2.17.0 + 2.17.1 org.springframework.boot @@ -294,6 +294,7 @@ org.springframework.boot spring-boot-maven-plugin + 2.3.5.RELEASE forest diff --git a/src/main/java/com/rymcu/forest/core/service/security/AuthorshipAspect.java b/src/main/java/com/rymcu/forest/core/service/security/AuthorshipAspect.java new file mode 100644 index 0000000..b937046 --- /dev/null +++ b/src/main/java/com/rymcu/forest/core/service/security/AuthorshipAspect.java @@ -0,0 +1,178 @@ +package com.rymcu.forest.core.service.security; + +import com.alibaba.fastjson.JSON; +import com.alibaba.fastjson.JSONObject; +import com.rymcu.forest.core.service.security.annotation.AuthorshipInterceptor; +import com.rymcu.forest.dto.TokenUser; +import com.rymcu.forest.entity.Article; +import com.rymcu.forest.entity.Portfolio; +import com.rymcu.forest.enumerate.Module; +import com.rymcu.forest.jwt.def.JwtConstants; +import com.rymcu.forest.service.ArticleService; +import com.rymcu.forest.service.PortfolioService; +import com.rymcu.forest.util.UserUtils; +import com.rymcu.forest.web.api.exception.BaseApiException; +import com.rymcu.forest.web.api.exception.ErrorCode; +import org.apache.commons.lang.StringUtils; +import org.aspectj.lang.JoinPoint; +import org.aspectj.lang.annotation.Aspect; +import org.aspectj.lang.annotation.Before; +import org.aspectj.lang.annotation.Pointcut; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.stereotype.Component; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; +import org.springframework.web.servlet.HandlerMapping; + +import javax.annotation.Resource; +import javax.servlet.http.HttpServletRequest; +import java.lang.reflect.Method; +import java.util.Enumeration; +import java.util.HashMap; +import java.util.Map; +import java.util.Objects; + +/** + * 检查用户修改信息权限 + * + * @author ronger + */ +@Aspect +@Component +public class AuthorshipAspect { + + Logger logger = LoggerFactory.getLogger(AuthorshipAspect.class); + + @Pointcut("@annotation(com.rymcu.forest.core.service.security.annotation.AuthorshipInterceptor)") + public void authorshipPointCut() { + } + + @Resource + private ArticleService articleService; + @Resource + private PortfolioService portfolioService; + + /** + * 检查用户修改信息权限 + * + * @param joinPoint 连接点 + * @return 方法执行结果 + * @throws Throwable 调用出错 + */ + @Before(value = "authorshipPointCut()") + public void doBefore(JoinPoint joinPoint) throws BaseApiException { + logger.info("检查作者身份 start ..."); + String methodName = joinPoint.getSignature().getName(); + Method method = currentMethod(joinPoint, methodName); + AuthorshipInterceptor log = method.getAnnotation(AuthorshipInterceptor.class); + if (Objects.nonNull(log)) { + boolean isArticle = true; + if (Module.PORTFOLIO.equals(log.moduleName())) { + isArticle = false; + } + HttpServletRequest request = ((ServletRequestAttributes) Objects.requireNonNull(RequestContextHolder.getRequestAttributes())).getRequest(); + String idArticle = ""; + Integer idAuthor = 0; + if (isAjax(request)) { + Object[] objects = joinPoint.getArgs(); + JSONObject jsonObject = JSONObject.parseObject(JSON.toJSONString(objects[0])); + if (Objects.nonNull(jsonObject)) { + if (isArticle) { + idArticle = jsonObject.getString("idArticle"); + Article article = articleService.findById(idArticle); + if (Objects.nonNull(article)) { + idAuthor = article.getArticleAuthorId(); + } + } else { + idArticle = jsonObject.getString("idPortfolio"); + Portfolio portfolio = portfolioService.findById(idArticle); + if (Objects.nonNull(portfolio)) { + idAuthor = portfolio.getPortfolioAuthorId(); + } + } + } + } else { + Map params = getParams(request); + if (params.isEmpty()) { + params = (Map) request.getAttribute(HandlerMapping.URI_TEMPLATE_VARIABLES_ATTRIBUTE); + } else { + params.putAll((Map) request.getAttribute(HandlerMapping.URI_TEMPLATE_VARIABLES_ATTRIBUTE)); + } + if (isArticle) { + idArticle = (String) params.get("idArticle"); + Article article = articleService.findById(idArticle); + if (Objects.nonNull(article)) { + idAuthor = article.getArticleAuthorId(); + } + } else { + idArticle = (String) params.get("idPortfolio"); + Portfolio portfolio = portfolioService.findById(idArticle); + if (Objects.nonNull(portfolio)) { + idAuthor = portfolio.getPortfolioAuthorId(); + } + } + } + if (idAuthor > 0) { + String authHeader = request.getHeader(JwtConstants.AUTHORIZATION); + if (StringUtils.isNotBlank(authHeader)) { + TokenUser tokenUser = UserUtils.getTokenUser(authHeader); + if (Objects.nonNull(tokenUser)) { + if (!idAuthor.equals(tokenUser.getIdUser())) { + throw new BaseApiException(ErrorCode.ACCESS_DENIED); + } + } else { + throw new BaseApiException(ErrorCode.ACCESS_DENIED); + } + } + } else { + throw new BaseApiException(ErrorCode.ACCESS_DENIED); + } + } + logger.info("检查作者身份 end ..."); + } + + /** + * 获取当前执行的方法 + * + * @param joinPoint 连接点 + * @param methodName 方法名称 + * @return 方法 + */ + private Method currentMethod(JoinPoint joinPoint, String methodName) { + /** + * 获取目标类的所有方法,找到当前要执行的方法 + */ + Method[] methods = joinPoint.getTarget().getClass().getMethods(); + Method resultMethod = null; + for (Method method : methods) { + if (method.getName().equals(methodName)) { + resultMethod = method; + break; + } + } + return resultMethod; + } + + private Map getParams(HttpServletRequest request) { + Map paramsMap = new HashMap<>(10); + Enumeration paraNames = request.getParameterNames(); + while (paraNames.hasMoreElements()) { + String key = paraNames.nextElement(); + if ("password".equals(key)) { + continue; + } + paramsMap.put(key, request.getParameter(key)); + } + return paramsMap; + } + + private boolean isAjax(HttpServletRequest request) { + String requestedWith = request.getHeader("x-requested-with"); + if (requestedWith != null && "XMLHttpRequest".equalsIgnoreCase(requestedWith)) { + return true; + } + String contentType = request.getContentType(); + return StringUtils.isNotBlank(contentType) && contentType.contains("application/json"); + } +} diff --git a/src/main/java/com/rymcu/forest/core/service/security/annotation/AuthorshipInterceptor.java b/src/main/java/com/rymcu/forest/core/service/security/annotation/AuthorshipInterceptor.java new file mode 100644 index 0000000..efb4bb1 --- /dev/null +++ b/src/main/java/com/rymcu/forest/core/service/security/annotation/AuthorshipInterceptor.java @@ -0,0 +1,21 @@ +package com.rymcu.forest.core.service.security.annotation; + +import com.rymcu.forest.enumerate.Module; + +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +/** + * Created on 2022/1/5 19:46. + * + * @author ronger + * @email ronger-x@outlook.com + */ + +@Target({ElementType.METHOD, ElementType.TYPE}) +@Retention(RetentionPolicy.RUNTIME) +public @interface AuthorshipInterceptor { + Module moduleName(); +} diff --git a/src/main/java/com/rymcu/forest/enumerate/Module.java b/src/main/java/com/rymcu/forest/enumerate/Module.java new file mode 100644 index 0000000..c25fa6e --- /dev/null +++ b/src/main/java/com/rymcu/forest/enumerate/Module.java @@ -0,0 +1,12 @@ +package com.rymcu.forest.enumerate; + +/** + * Created on 2022/1/5 20:05. + * + * @author ronger + * @email ronger-x@outlook.com + */ +public enum Module { + ARTICLE, + PORTFOLIO; +} diff --git a/src/main/java/com/rymcu/forest/jwt/aop/RestAuthTokenInterceptor.java b/src/main/java/com/rymcu/forest/jwt/aop/RestAuthTokenInterceptor.java index 256a0e8..ba42544 100644 --- a/src/main/java/com/rymcu/forest/jwt/aop/RestAuthTokenInterceptor.java +++ b/src/main/java/com/rymcu/forest/jwt/aop/RestAuthTokenInterceptor.java @@ -68,8 +68,8 @@ public class RestAuthTokenInterceptor implements HandlerInterceptor { request.setAttribute(JwtConstants.CURRENT_USER_NAME, model.getUsername()); String uri = request.getRequestURI(); // 判断是否为后台接口或财政划转接口 - String adminApi = "/admin"; - String transactionApi = "/transaction"; + String adminApi = "/admin/"; + String transactionApi = "/transaction/"; if (uri.contains(adminApi) || uri.contains(transactionApi)) { // 判断管理员权限 boolean hasPermission = userMapper.hasAdminPermission(model.getUsername()); diff --git a/src/main/java/com/rymcu/forest/lucene/util/UserIndexUtil.java b/src/main/java/com/rymcu/forest/lucene/util/UserIndexUtil.java index 884aac6..9386324 100644 --- a/src/main/java/com/rymcu/forest/lucene/util/UserIndexUtil.java +++ b/src/main/java/com/rymcu/forest/lucene/util/UserIndexUtil.java @@ -3,6 +3,7 @@ package com.rymcu.forest.lucene.util; import cn.hutool.core.io.FileUtil; import cn.hutool.core.util.StrUtil; import com.rymcu.forest.lucene.model.UserLucene; +import org.apache.commons.lang.StringUtils; import org.apache.lucene.document.Document; import org.apache.lucene.document.Field; import org.apache.lucene.document.StringField; @@ -21,67 +22,76 @@ import java.util.Arrays; */ public class UserIndexUtil { - /** lucene索引保存目录 */ - private static final String PATH = System.getProperty("user.dir") + StrUtil.SLASH + LucenePath.USER_PATH; + /** + * lucene索引保存目录 + */ + private static final String PATH = System.getProperty("user.dir") + StrUtil.SLASH + LucenePath.USER_PATH; - /** 系统运行时索引保存目录 */ - private static final String INDEX_PATH = LucenePath.USER_INCREMENT_INDEX_PATH; + /** + * 系统运行时索引保存目录 + */ + private static final String INDEX_PATH = LucenePath.USER_INCREMENT_INDEX_PATH; - /** 删除所有运行中保存的索引 */ - public static void deleteAllIndex() { - if (FileUtil.exist(INDEX_PATH)) { - FileUtil.del(INDEX_PATH); + /** + * 删除所有运行中保存的索引 + */ + public static void deleteAllIndex() { + if (FileUtil.exist(INDEX_PATH)) { + FileUtil.del(INDEX_PATH); + } } - } - public static void addIndex(UserLucene t) { - creatIndex(t); - } - - public static void updateIndex(UserLucene t) { - deleteIndex(t.getIdUser().toString()); - creatIndex(t); - } - - /** - * 增加或创建单个索引 - * - * @param t - * @throws Exception - */ - private static synchronized void creatIndex(UserLucene t) { - System.out.println("创建单个索引"); - IndexWriter writer; - try { - writer = IndexUtil.getIndexWriter(INDEX_PATH, false); - Document doc = new Document(); - doc.add(new StringField("id", t.getIdUser() + "", Field.Store.YES)); - doc.add(new TextField("nickname", t.getNickname(), Field.Store.YES)); - doc.add(new TextField("signature", t.getSignature(), Field.Store.YES)); - writer.addDocument(doc); - writer.close(); - } catch (IOException e) { - e.printStackTrace(); + public static void addIndex(UserLucene t) { + creatIndex(t); } - } - /** 删除单个索引 */ - public static synchronized void deleteIndex(String id) { - Arrays.stream(FileUtil.ls(PATH)) - .forEach( - each -> { - if (each.isDirectory()) { - IndexWriter writer; - try { - writer = IndexUtil.getIndexWriter(each.getAbsolutePath(), false); - writer.deleteDocuments(new Term("id", id)); - writer.forceMergeDeletes(); // 强制删除 - writer.commit(); - writer.close(); - } catch (IOException e) { - e.printStackTrace(); - } - } - }); - } + public static void updateIndex(UserLucene t) { + deleteIndex(t.getIdUser().toString()); + creatIndex(t); + } + + /** + * 增加或创建单个索引 + * + * @param t + * @throws Exception + */ + private static synchronized void creatIndex(UserLucene t) { + System.out.println("创建单个索引"); + IndexWriter writer; + try { + writer = IndexUtil.getIndexWriter(INDEX_PATH, false); + Document doc = new Document(); + doc.add(new StringField("id", t.getIdUser() + "", Field.Store.YES)); + doc.add(new TextField("nickname", t.getNickname(), Field.Store.YES)); + // 新注册用户无签名 + doc.add(new TextField("signature", StringUtils.isNotBlank(t.getSignature()) ? t.getSignature() : "", Field.Store.YES)); + writer.addDocument(doc); + writer.close(); + } catch (IOException e) { + e.printStackTrace(); + } + } + + /** + * 删除单个索引 + */ + public static synchronized void deleteIndex(String id) { + Arrays.stream(FileUtil.ls(PATH)) + .forEach( + each -> { + if (each.isDirectory()) { + IndexWriter writer; + try { + writer = IndexUtil.getIndexWriter(each.getAbsolutePath(), false); + writer.deleteDocuments(new Term("id", id)); + writer.forceMergeDeletes(); // 强制删除 + writer.commit(); + writer.close(); + } catch (IOException e) { + e.printStackTrace(); + } + } + }); + } } diff --git a/src/main/java/com/rymcu/forest/service/impl/ArticleServiceImpl.java b/src/main/java/com/rymcu/forest/service/impl/ArticleServiceImpl.java index 970bbf6..7113a57 100644 --- a/src/main/java/com/rymcu/forest/service/impl/ArticleServiceImpl.java +++ b/src/main/java/com/rymcu/forest/service/impl/ArticleServiceImpl.java @@ -1,7 +1,6 @@ package com.rymcu.forest.service.impl; import com.rymcu.forest.core.constant.NotificationConstant; -import com.rymcu.forest.core.constant.ProjectConstant; import com.rymcu.forest.core.service.AbstractService; import com.rymcu.forest.dto.*; import com.rymcu.forest.entity.Article; @@ -13,7 +12,10 @@ import com.rymcu.forest.mapper.ArticleMapper; import com.rymcu.forest.service.ArticleService; import com.rymcu.forest.service.TagService; import com.rymcu.forest.service.UserService; -import com.rymcu.forest.util.*; +import com.rymcu.forest.util.Html2TextUtil; +import com.rymcu.forest.util.NotificationUtils; +import com.rymcu.forest.util.UserUtils; +import com.rymcu.forest.util.Utils; import com.rymcu.forest.web.api.exception.BaseApiException; import com.rymcu.forest.web.api.exception.ErrorCode; import lombok.extern.slf4j.Slf4j; @@ -143,10 +145,6 @@ public class ArticleServiceImpl extends AbstractService
implements Arti if (DEFAULT_STATUS.equals(newArticle.getArticleStatus())) { isUpdate = true; } - if (!user.getIdUser().equals(newArticle.getArticleAuthorId())) { - map.put("message", "非法访问!"); - return map; - } newArticle.setArticleTitle(articleTitle); newArticle.setArticleTags(articleTags); newArticle.setArticleStatus(article.getArticleStatus()); @@ -237,19 +235,6 @@ public class ArticleServiceImpl extends AbstractService
implements Arti @Transactional(rollbackFor = Exception.class) public Map delete(Integer id) throws BaseApiException { Map map = new HashMap(1); - // 鉴权 - User user = UserUtils.getCurrentUserByToken(); - if (Objects.isNull(user)) { - throw new BaseApiException(ErrorCode.INVALID_TOKEN); - } - Integer roleWeights = userService.findRoleWeightsByUser(user.getIdUser()); - if (roleWeights > ADMIN_ROLE_WEIGHTS) { - Article article = articleMapper.selectByPrimaryKey(id); - if (!user.getIdUser().equals(article.getArticleAuthorId())) { - map.put("message", "非法访问!"); - return map; - } - } int result; // 判断是否有评论 boolean isHavComment = articleMapper.existsCommentWithPrimaryKey(id); @@ -293,7 +278,7 @@ public class ArticleServiceImpl extends AbstractService
implements Arti throw new BaseApiException(ErrorCode.INVALID_TOKEN); } StringBuilder shareUrl = new StringBuilder(article.getArticlePermalink()); - shareUrl.append("?s=").append(user.getNickname()); + shareUrl.append("?s=").append(user.getAccount()); Map map = new HashMap(1); map.put("shareUrl", shareUrl); return map; diff --git a/src/main/java/com/rymcu/forest/web/api/admin/AdminArticleController.java b/src/main/java/com/rymcu/forest/web/api/admin/AdminArticleController.java new file mode 100644 index 0000000..8d14194 --- /dev/null +++ b/src/main/java/com/rymcu/forest/web/api/admin/AdminArticleController.java @@ -0,0 +1,33 @@ +package com.rymcu.forest.web.api.admin; + +import com.rymcu.forest.core.result.GlobalResult; +import com.rymcu.forest.core.result.GlobalResultGenerator; +import com.rymcu.forest.entity.Article; +import com.rymcu.forest.service.ArticleService; +import org.springframework.web.bind.annotation.PatchMapping; +import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; + +import javax.annotation.Resource; +import java.util.Map; + +/** + * Created on 2022/1/3 10:11. + * + * @author ronger + * @email ronger-x@outlook.com + */ +@RestController +@RequestMapping("/api/v1/admin/article") +public class AdminArticleController { + + @Resource + private ArticleService articleService; + + @PatchMapping("/update-perfect") + public GlobalResult updatePerfect(@RequestBody Article article) { + Map map = articleService.updatePerfect(article.getIdArticle(), article.getArticlePerfect()); + return GlobalResultGenerator.genSuccessResult(map); + } +} diff --git a/src/main/java/com/rymcu/forest/web/api/article/ArticleController.java b/src/main/java/com/rymcu/forest/web/api/article/ArticleController.java index 69a6d98..700cbe8 100644 --- a/src/main/java/com/rymcu/forest/web/api/article/ArticleController.java +++ b/src/main/java/com/rymcu/forest/web/api/article/ArticleController.java @@ -4,11 +4,13 @@ import com.github.pagehelper.PageHelper; import com.github.pagehelper.PageInfo; import com.rymcu.forest.core.result.GlobalResult; import com.rymcu.forest.core.result.GlobalResultGenerator; +import com.rymcu.forest.core.service.security.annotation.AuthorshipInterceptor; import com.rymcu.forest.dto.ArticleDTO; import com.rymcu.forest.dto.CommentDTO; import com.rymcu.forest.entity.Article; import com.rymcu.forest.entity.ArticleThumbsUp; import com.rymcu.forest.entity.Sponsor; +import com.rymcu.forest.enumerate.Module; import com.rymcu.forest.service.ArticleService; import com.rymcu.forest.service.ArticleThumbsUpService; import com.rymcu.forest.service.CommentService; @@ -40,9 +42,9 @@ public class ArticleController { @Resource private SponsorService sponsorService; - @GetMapping("/detail/{id}") - public GlobalResult> detail(@PathVariable Integer id, @RequestParam(defaultValue = "2") Integer type) { - ArticleDTO articleDTO = articleService.findArticleDTOById(id, type); + @GetMapping("/detail/{idArticle}") + public GlobalResult> detail(@PathVariable Integer idArticle, @RequestParam(defaultValue = "2") Integer type) { + ArticleDTO articleDTO = articleService.findArticleDTOById(idArticle, type); Map map = new HashMap<>(1); map.put("article", articleDTO); return GlobalResultGenerator.genSuccessResult(map); @@ -55,20 +57,22 @@ public class ArticleController { } @PutMapping("/post") + @AuthorshipInterceptor(moduleName = Module.ARTICLE) public GlobalResult updateArticle(@RequestBody ArticleDTO article, HttpServletRequest request) throws BaseApiException, UnsupportedEncodingException { Map map = articleService.postArticle(article, request); return GlobalResultGenerator.genSuccessResult(map); } - @DeleteMapping("/delete/{id}") - public GlobalResult delete(@PathVariable Integer id) throws BaseApiException { - Map map = articleService.delete(id); + @DeleteMapping("/delete/{idArticle}") + @AuthorshipInterceptor(moduleName = Module.ARTICLE) + public GlobalResult delete(@PathVariable Integer idArticle) throws BaseApiException { + Map map = articleService.delete(idArticle); return GlobalResultGenerator.genSuccessResult(map); } - @GetMapping("/{id}/comments") - public GlobalResult> commons(@PathVariable Integer id) { - List commentDTOList = commentService.getArticleComments(id); + @GetMapping("/{idArticle}/comments") + public GlobalResult> commons(@PathVariable Integer idArticle) { + List commentDTOList = commentService.getArticleComments(idArticle); Map map = new HashMap<>(1); map.put("comments", commentDTOList); return GlobalResultGenerator.genSuccessResult(map); @@ -83,21 +87,16 @@ public class ArticleController { return GlobalResultGenerator.genSuccessResult(map); } - @GetMapping("/{id}/share") - public GlobalResult share(@PathVariable Integer id) throws BaseApiException { - Map map = articleService.share(id); + @GetMapping("/{idArticle}/share") + public GlobalResult share(@PathVariable Integer idArticle) throws BaseApiException { + Map map = articleService.share(idArticle); return GlobalResultGenerator.genSuccessResult(map); } - @PostMapping("/{id}/update-tags") - public GlobalResult updateTags(@PathVariable Integer id, @RequestBody Article article) throws BaseApiException, UnsupportedEncodingException { - Map map = articleService.updateTags(id, article.getArticleTags()); - return GlobalResultGenerator.genSuccessResult(map); - } - - @PatchMapping("/update-perfect") - public GlobalResult updatePerfect(@RequestBody Article article) { - Map map = articleService.updatePerfect(article.getIdArticle(), article.getArticlePerfect()); + @PostMapping("/update-tags") + @AuthorshipInterceptor(moduleName = Module.ARTICLE) + public GlobalResult updateTags(@RequestBody Article article) throws BaseApiException, UnsupportedEncodingException { + Map map = articleService.updateTags(article.getIdArticle(), article.getArticleTags()); return GlobalResultGenerator.genSuccessResult(map); } diff --git a/src/main/java/com/rymcu/forest/web/api/common/CommonApiController.java b/src/main/java/com/rymcu/forest/web/api/common/CommonApiController.java index 7bd8e3b..6436038 100644 --- a/src/main/java/com/rymcu/forest/web/api/common/CommonApiController.java +++ b/src/main/java/com/rymcu/forest/web/api/common/CommonApiController.java @@ -7,9 +7,11 @@ import com.rymcu.forest.core.result.GlobalResultGenerator; import com.rymcu.forest.core.result.GlobalResultMessage; import com.rymcu.forest.core.service.log.annotation.VisitLogger; import com.rymcu.forest.dto.*; -import com.rymcu.forest.entity.Portfolio; import com.rymcu.forest.entity.User; -import com.rymcu.forest.service.*; +import com.rymcu.forest.service.ArticleService; +import com.rymcu.forest.service.JavaMailService; +import com.rymcu.forest.service.PortfolioService; +import com.rymcu.forest.service.UserService; import com.rymcu.forest.util.UserUtils; import com.rymcu.forest.util.Utils; import org.springframework.web.bind.annotation.*; diff --git a/src/main/java/com/rymcu/forest/web/api/portfolio/PortfolioController.java b/src/main/java/com/rymcu/forest/web/api/portfolio/PortfolioController.java index ffaaf73..bff6c14 100644 --- a/src/main/java/com/rymcu/forest/web/api/portfolio/PortfolioController.java +++ b/src/main/java/com/rymcu/forest/web/api/portfolio/PortfolioController.java @@ -2,9 +2,11 @@ package com.rymcu.forest.web.api.portfolio; import com.rymcu.forest.core.result.GlobalResult; import com.rymcu.forest.core.result.GlobalResultGenerator; +import com.rymcu.forest.core.service.security.annotation.AuthorshipInterceptor; import com.rymcu.forest.dto.PortfolioArticleDTO; import com.rymcu.forest.dto.PortfolioDTO; import com.rymcu.forest.entity.Portfolio; +import com.rymcu.forest.enumerate.Module; import com.rymcu.forest.service.PortfolioService; import com.rymcu.forest.web.api.exception.BaseApiException; import org.springframework.web.bind.annotation.*; @@ -23,9 +25,9 @@ public class PortfolioController { @Resource private PortfolioService portfolioService; - @GetMapping("/detail/{id}") - public GlobalResult detail(@PathVariable Integer id,@RequestParam(defaultValue = "0") Integer type) { - PortfolioDTO portfolio = portfolioService.findPortfolioDTOById(id, type); + @GetMapping("/detail/{idPortfolio}") + public GlobalResult detail(@PathVariable Integer idPortfolio,@RequestParam(defaultValue = "0") Integer type) { + PortfolioDTO portfolio = portfolioService.findPortfolioDTOById(idPortfolio, type); Map map = new HashMap<>(1); map.put("portfolio", portfolio); return GlobalResultGenerator.genSuccessResult(map); @@ -38,36 +40,42 @@ public class PortfolioController { } @PutMapping("/post") + @AuthorshipInterceptor(moduleName = Module.PORTFOLIO) public GlobalResult update(@RequestBody Portfolio portfolio) throws BaseApiException { portfolio = portfolioService.postPortfolio(portfolio); return GlobalResultGenerator.genSuccessResult(portfolio); } - @GetMapping("/{id}/unbind-articles") - public GlobalResult unbindArticles(@RequestParam(defaultValue = "0") Integer page, @RequestParam(defaultValue = "10") Integer rows, @RequestParam(defaultValue = "") String searchText,@PathVariable Integer id) throws BaseApiException { - Map map = portfolioService.findUnbindArticles(page, rows, searchText, id); + @GetMapping("/{idPortfolio}/unbind-articles") + @AuthorshipInterceptor(moduleName = Module.PORTFOLIO) + public GlobalResult unbindArticles(@RequestParam(defaultValue = "0") Integer page, @RequestParam(defaultValue = "10") Integer rows, @RequestParam(defaultValue = "") String searchText,@PathVariable Integer idPortfolio) throws BaseApiException { + Map map = portfolioService.findUnbindArticles(page, rows, searchText, idPortfolio); return GlobalResultGenerator.genSuccessResult(map); } @PostMapping("/bind-article") + @AuthorshipInterceptor(moduleName = Module.PORTFOLIO) public GlobalResult bindArticle(@RequestBody PortfolioArticleDTO portfolioArticle) { Map map = portfolioService.bindArticle(portfolioArticle); return GlobalResultGenerator.genSuccessResult(map); } @PutMapping("/update-article-sort-no") + @AuthorshipInterceptor(moduleName = Module.PORTFOLIO) public GlobalResult updateArticleSortNo(@RequestBody PortfolioArticleDTO portfolioArticle) { Map map = portfolioService.updateArticleSortNo(portfolioArticle); return GlobalResultGenerator.genSuccessResult(map); } @DeleteMapping("/unbind-article") + @AuthorshipInterceptor(moduleName = Module.PORTFOLIO) public GlobalResult unbindArticle(Integer idArticle,Integer idPortfolio) { Map map = portfolioService.unbindArticle(idPortfolio,idArticle); return GlobalResultGenerator.genSuccessResult(map); } @DeleteMapping("/delete") + @AuthorshipInterceptor(moduleName = Module.PORTFOLIO) public GlobalResult delete(Integer idPortfolio) throws BaseApiException { Map map = portfolioService.deletePortfolio(idPortfolio); return GlobalResultGenerator.genSuccessResult(map); diff --git a/src/main/java/mapper/TransactionRecordMapper.xml b/src/main/java/mapper/TransactionRecordMapper.xml index 62df2f2..f0dd586 100644 --- a/src/main/java/mapper/TransactionRecordMapper.xml +++ b/src/main/java/mapper/TransactionRecordMapper.xml @@ -17,8 +17,8 @@