🐛 修复作品集鉴权问题

2021-04-27 21:47:07 +08:00 · 2021-04-27 21:47:07 +08:00 · fe61bf1945
commit fe61bf1945
parent 534ad89633
3 changed files with 14 additions and 3 deletions
--- a/src/main/java/com/rymcu/forest/service/PortfolioService.java
+++ b/src/main/java/com/rymcu/forest/service/PortfolioService.java
@ -76,7 +76,7 @@ public interface PortfolioService extends Service<Portfolio> {
     * @param idPortfolio
     * @return
     */
-    Map deletePortfolio(Integer idPortfolio);
+    Map deletePortfolio(Integer idPortfolio) throws BaseApiException;

    /**
     * 获取作品集列表数据
--- a/src/main/java/com/rymcu/forest/service/impl/PortfolioServiceImpl.java
+++ b/src/main/java/com/rymcu/forest/service/impl/PortfolioServiceImpl.java
@ -4,6 +4,7 @@ import com.github.pagehelper.PageHelper;
 import com.github.pagehelper.PageInfo;
 import com.rymcu.forest.core.service.AbstractService;
 import com.rymcu.forest.dto.*;
+import com.rymcu.forest.entity.Article;
 import com.rymcu.forest.entity.Portfolio;
 import com.rymcu.forest.entity.User;
 import com.rymcu.forest.mapper.PortfolioMapper;
@ -152,11 +153,21 @@ public class PortfolioServiceImpl extends AbstractService<Portfolio> implements
    }

    @Override
-    public Map deletePortfolio(Integer idPortfolio) {
+    public Map deletePortfolio(Integer idPortfolio) throws BaseApiException {
        Map map = new HashMap(1);
        if (idPortfolio == null || idPortfolio.equals(0)) {
            map.put("message", "作品集数据异常");
        }
+        // 鉴权
+        User user = UserUtils.getCurrentUserByToken();
+        Integer roleWeights = userService.findRoleWeightsByUser(user.getIdUser());
+        if (roleWeights > 2) {
+            Portfolio portfolio = portfolioMapper.selectByPrimaryKey(idPortfolio);
+            if (!user.getIdUser().equals(portfolio.getPortfolioAuthorId())) {
+                map.put("message", "非法访问！");
+                return map;
+            }
+        }

        Integer articleNumber = portfolioMapper.selectCountArticleNumber(idPortfolio);
        if (articleNumber > 0) {
--- a/src/main/java/com/rymcu/forest/web/api/portfolio/PortfolioController.java
+++ b/src/main/java/com/rymcu/forest/web/api/portfolio/PortfolioController.java
@ -68,7 +68,7 @@ public class PortfolioController {
    }

    @DeleteMapping("/delete")
-    public GlobalResult delete(Integer idPortfolio){
+    public GlobalResult delete(Integer idPortfolio) throws BaseApiException {
        Map map = portfolioService.deletePortfolio(idPortfolio);
        return GlobalResultGenerator.genSuccessResult(map);
    }