diff --git a/src/main/java/com/rymcu/forest/service/PortfolioService.java b/src/main/java/com/rymcu/forest/service/PortfolioService.java index df8d2e7..db6d67c 100644 --- a/src/main/java/com/rymcu/forest/service/PortfolioService.java +++ b/src/main/java/com/rymcu/forest/service/PortfolioService.java @@ -76,7 +76,7 @@ public interface PortfolioService extends Service { * @param idPortfolio * @return */ - Map deletePortfolio(Integer idPortfolio); + Map deletePortfolio(Integer idPortfolio) throws BaseApiException; /** * 获取作品集列表数据 diff --git a/src/main/java/com/rymcu/forest/service/impl/PortfolioServiceImpl.java b/src/main/java/com/rymcu/forest/service/impl/PortfolioServiceImpl.java index b843722..cbc480c 100644 --- a/src/main/java/com/rymcu/forest/service/impl/PortfolioServiceImpl.java +++ b/src/main/java/com/rymcu/forest/service/impl/PortfolioServiceImpl.java @@ -4,6 +4,7 @@ import com.github.pagehelper.PageHelper; import com.github.pagehelper.PageInfo; import com.rymcu.forest.core.service.AbstractService; import com.rymcu.forest.dto.*; +import com.rymcu.forest.entity.Article; import com.rymcu.forest.entity.Portfolio; import com.rymcu.forest.entity.User; import com.rymcu.forest.mapper.PortfolioMapper; @@ -152,11 +153,21 @@ public class PortfolioServiceImpl extends AbstractService implements } @Override - public Map deletePortfolio(Integer idPortfolio) { + public Map deletePortfolio(Integer idPortfolio) throws BaseApiException { Map map = new HashMap(1); if (idPortfolio == null || idPortfolio.equals(0)) { map.put("message", "作品集数据异常"); } + // 鉴权 + User user = UserUtils.getCurrentUserByToken(); + Integer roleWeights = userService.findRoleWeightsByUser(user.getIdUser()); + if (roleWeights > 2) { + Portfolio portfolio = portfolioMapper.selectByPrimaryKey(idPortfolio); + if (!user.getIdUser().equals(portfolio.getPortfolioAuthorId())) { + map.put("message", "非法访问!"); + return map; + } + } Integer articleNumber = portfolioMapper.selectCountArticleNumber(idPortfolio); if (articleNumber > 0) { diff --git a/src/main/java/com/rymcu/forest/web/api/portfolio/PortfolioController.java b/src/main/java/com/rymcu/forest/web/api/portfolio/PortfolioController.java index 66251cb..ffaaf73 100644 --- a/src/main/java/com/rymcu/forest/web/api/portfolio/PortfolioController.java +++ b/src/main/java/com/rymcu/forest/web/api/portfolio/PortfolioController.java @@ -68,7 +68,7 @@ public class PortfolioController { } @DeleteMapping("/delete") - public GlobalResult delete(Integer idPortfolio){ + public GlobalResult delete(Integer idPortfolio) throws BaseApiException { Map map = portfolioService.deletePortfolio(idPortfolio); return GlobalResultGenerator.genSuccessResult(map); }