故事增加权限响应及校验
Some checks failed
test/timeline-server/pipeline/head There was a failure building this commit
Some checks failed
test/timeline-server/pipeline/head There was a failure building this commit
This commit is contained in:
@@ -37,7 +37,7 @@ public class CommonConstants {
|
|||||||
/**
|
/**
|
||||||
* 仅查看权限
|
* 仅查看权限
|
||||||
*/
|
*/
|
||||||
public static final int STORY_PERMISSION_TYPE_READ = 2;
|
public static final int STORY_PERMISSION_TYPE_READ = 4;
|
||||||
/**
|
/**
|
||||||
* 可编辑权限
|
* 可编辑权限
|
||||||
*/
|
*/
|
||||||
@@ -45,7 +45,7 @@ public class CommonConstants {
|
|||||||
/**
|
/**
|
||||||
* 管理权限
|
* 管理权限
|
||||||
*/
|
*/
|
||||||
public static final int STORY_PERMISSION_TYPE_ADMIN = 4;
|
public static final int STORY_PERMISSION_TYPE_ADMIN = 2;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 好友状态
|
* 好友状态
|
||||||
|
|||||||
@@ -1,6 +1,7 @@
|
|||||||
package com.timeline.story.dao;
|
package com.timeline.story.dao;
|
||||||
|
|
||||||
import com.timeline.story.entity.Story;
|
import com.timeline.story.entity.Story;
|
||||||
|
import com.timeline.story.vo.StoryDetailVo;
|
||||||
import org.apache.ibatis.annotations.Mapper;
|
import org.apache.ibatis.annotations.Mapper;
|
||||||
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
@@ -10,7 +11,7 @@ public interface StoryMapper {
|
|||||||
void insert(Story story);
|
void insert(Story story);
|
||||||
void update(Story story);
|
void update(Story story);
|
||||||
void deleteByInstanceId(String instanceId);
|
void deleteByInstanceId(String instanceId);
|
||||||
Story selectByInstanceId(String instanceId);
|
StoryDetailVo selectByInstanceId(String instanceId, String userId);
|
||||||
List<Story> selectByOwnerId(String ownerId);
|
List<StoryDetailVo> selectByOwnerId(String ownerId);
|
||||||
void touchUpdate(String instanceId, String updateId);
|
void touchUpdate(String instanceId, String updateId);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -3,6 +3,7 @@ package com.timeline.story.entity;
|
|||||||
import com.fasterxml.jackson.annotation.JsonFormat;
|
import com.fasterxml.jackson.annotation.JsonFormat;
|
||||||
import lombok.Data;
|
import lombok.Data;
|
||||||
|
|
||||||
|
import java.time.LocalDate;
|
||||||
import java.time.LocalDateTime;
|
import java.time.LocalDateTime;
|
||||||
|
|
||||||
@Data
|
@Data
|
||||||
@@ -13,7 +14,7 @@ public class Story {
|
|||||||
@JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss")
|
@JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss")
|
||||||
private LocalDateTime createTime;
|
private LocalDateTime createTime;
|
||||||
@JsonFormat(pattern = "yyyy-MM-dd")
|
@JsonFormat(pattern = "yyyy-MM-dd")
|
||||||
private LocalDateTime storyTime;
|
private LocalDate storyTime;
|
||||||
@JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss")
|
@JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss")
|
||||||
private LocalDateTime updateTime;
|
private LocalDateTime updateTime;
|
||||||
private String updateId;
|
private String updateId;
|
||||||
@@ -21,9 +22,4 @@ public class Story {
|
|||||||
private String ownerId;
|
private String ownerId;
|
||||||
private String status;
|
private String status;
|
||||||
private String logo;
|
private String logo;
|
||||||
// 新增字段:创建人名称和修改人名称
|
|
||||||
private String ownerName;
|
|
||||||
private String updateName;
|
|
||||||
// 新增字段:故事项数量
|
|
||||||
private Integer itemCount;
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,6 +1,7 @@
|
|||||||
package com.timeline.story.service;
|
package com.timeline.story.service;
|
||||||
|
|
||||||
import com.timeline.story.entity.Story;
|
import com.timeline.story.entity.Story;
|
||||||
|
import com.timeline.story.vo.StoryDetailVo;
|
||||||
import com.timeline.story.vo.StoryVo;
|
import com.timeline.story.vo.StoryVo;
|
||||||
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
@@ -10,7 +11,7 @@ public interface StoryService {
|
|||||||
void updateStory(StoryVo storyVo, String storyId);
|
void updateStory(StoryVo storyVo, String storyId);
|
||||||
void deleteStory(String storyId);
|
void deleteStory(String storyId);
|
||||||
Story getStoryByInstanceId(String storyId);
|
Story getStoryByInstanceId(String storyId);
|
||||||
List<Story> getStoriesByOwnerId(String ownerId);
|
List<StoryDetailVo> getStoriesByOwnerId(String ownerId);
|
||||||
List<Story> getStories(StoryVo storyVo);
|
List<StoryDetailVo> getStories(StoryVo storyVo);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -138,8 +138,8 @@ public class StoryPermissionServiceImpl implements StoryPermissionService {
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
// 权限类型数字越大权限越高
|
// 权限类型数字越小权限越高
|
||||||
return permission.getPermissionType() >= requiredPermissionType;
|
return permission.getPermissionType() <= requiredPermissionType;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|||||||
@@ -9,12 +9,14 @@ import com.timeline.story.dao.StoryMapper;
|
|||||||
import com.timeline.story.service.StoryPermissionService;
|
import com.timeline.story.service.StoryPermissionService;
|
||||||
import com.timeline.story.service.StoryService;
|
import com.timeline.story.service.StoryService;
|
||||||
import com.timeline.story.service.StoryActivityService;
|
import com.timeline.story.service.StoryActivityService;
|
||||||
|
import com.timeline.story.vo.StoryDetailVo;
|
||||||
import com.timeline.story.vo.StoryPermissionVo;
|
import com.timeline.story.vo.StoryPermissionVo;
|
||||||
import com.timeline.story.vo.StoryVo;
|
import com.timeline.story.vo.StoryVo;
|
||||||
import com.timeline.common.utils.IdUtils;
|
import com.timeline.common.utils.IdUtils;
|
||||||
import com.timeline.common.utils.UserContextUtils;
|
import com.timeline.common.utils.UserContextUtils;
|
||||||
|
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
|
import lombok.val;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.stereotype.Service;
|
import org.springframework.stereotype.Service;
|
||||||
|
|
||||||
@@ -85,10 +87,13 @@ public class StoryServiceImpl implements StoryService {
|
|||||||
public void updateStory(StoryVo storyVo, String storyId) {
|
public void updateStory(StoryVo storyVo, String storyId) {
|
||||||
String currentUserId = getCurrentUserId();
|
String currentUserId = getCurrentUserId();
|
||||||
|
|
||||||
Story story = storyMapper.selectByInstanceId(storyId);
|
Story story = storyMapper.selectByInstanceId(storyId, currentUserId);
|
||||||
if (story == null) {
|
if (story == null) {
|
||||||
throw new CustomException(ResponseEnum.NOT_FOUND);
|
throw new CustomException(ResponseEnum.NOT_FOUND);
|
||||||
}
|
}
|
||||||
|
if (!storyPermissionService.checkUserPermission(storyId, currentUserId, CommonConstants.STORY_PERMISSION_TYPE_WRITE)) {
|
||||||
|
throw new CustomException(ResponseEnum.FORBIDDEN, "无权限修改故事");
|
||||||
|
}
|
||||||
story.setTitle(storyVo.getTitle());
|
story.setTitle(storyVo.getTitle());
|
||||||
story.setDescription(storyVo.getDescription());
|
story.setDescription(storyVo.getDescription());
|
||||||
story.setStatus(storyVo.getStatus());
|
story.setStatus(storyVo.getStatus());
|
||||||
@@ -110,10 +115,13 @@ public class StoryServiceImpl implements StoryService {
|
|||||||
@Override
|
@Override
|
||||||
public void deleteStory(String storyId) {
|
public void deleteStory(String storyId) {
|
||||||
String currentUserId = getCurrentUserId();
|
String currentUserId = getCurrentUserId();
|
||||||
Story story = storyMapper.selectByInstanceId(storyId);
|
Story story = storyMapper.selectByInstanceId(storyId, currentUserId);
|
||||||
if (story == null) {
|
if (story == null) {
|
||||||
throw new CustomException(ResponseEnum.NOT_FOUND);
|
throw new CustomException(ResponseEnum.NOT_FOUND);
|
||||||
}
|
}
|
||||||
|
if (!storyPermissionService.checkUserPermission(storyId, currentUserId, CommonConstants.STORY_PERMISSION_TYPE_ADMIN)) {
|
||||||
|
throw new CustomException(ResponseEnum.FORBIDDEN, "无权限删除故事");
|
||||||
|
}
|
||||||
// delete story
|
// delete story
|
||||||
storyMapper.deleteByInstanceId(storyId);
|
storyMapper.deleteByInstanceId(storyId);
|
||||||
// delete permission
|
// delete permission
|
||||||
@@ -129,7 +137,8 @@ public class StoryServiceImpl implements StoryService {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Story getStoryByInstanceId(String storyId) {
|
public Story getStoryByInstanceId(String storyId) {
|
||||||
Story story = storyMapper.selectByInstanceId(storyId);
|
val userId = getCurrentUserId();
|
||||||
|
Story story = storyMapper.selectByInstanceId(storyId, userId);
|
||||||
if (story == null) {
|
if (story == null) {
|
||||||
throw new CustomException(ResponseEnum.NOT_FOUND);
|
throw new CustomException(ResponseEnum.NOT_FOUND);
|
||||||
}
|
}
|
||||||
@@ -137,7 +146,7 @@ public class StoryServiceImpl implements StoryService {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Story> getStoriesByOwnerId(String ownerId) {
|
public List<StoryDetailVo> getStoriesByOwnerId(String ownerId) {
|
||||||
try {
|
try {
|
||||||
return storyMapper.selectByOwnerId(ownerId);
|
return storyMapper.selectByOwnerId(ownerId);
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
@@ -147,7 +156,7 @@ public class StoryServiceImpl implements StoryService {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Story> getStories(StoryVo storyVo) {
|
public List<StoryDetailVo> getStories(StoryVo storyVo) {
|
||||||
try {
|
try {
|
||||||
String currentUserId = getCurrentUserId();
|
String currentUserId = getCurrentUserId();
|
||||||
return storyMapper.selectByOwnerId(currentUserId);
|
return storyMapper.selectByOwnerId(currentUserId);
|
||||||
|
|||||||
@@ -0,0 +1,16 @@
|
|||||||
|
package com.timeline.story.vo;
|
||||||
|
|
||||||
|
import com.timeline.story.entity.Story;
|
||||||
|
import lombok.Data;
|
||||||
|
import lombok.EqualsAndHashCode;
|
||||||
|
|
||||||
|
@EqualsAndHashCode(callSuper = true)
|
||||||
|
@Data
|
||||||
|
public class StoryDetailVo extends Story {
|
||||||
|
// 新增字段:创建人名称和修改人名称
|
||||||
|
private String ownerName;
|
||||||
|
private String updateName;
|
||||||
|
// 新增字段:故事项数量
|
||||||
|
private Integer itemCount;
|
||||||
|
private Integer permissionType;
|
||||||
|
}
|
||||||
@@ -3,7 +3,7 @@ package com.timeline.story.vo;
|
|||||||
import com.fasterxml.jackson.annotation.JsonFormat;
|
import com.fasterxml.jackson.annotation.JsonFormat;
|
||||||
import lombok.Data;
|
import lombok.Data;
|
||||||
|
|
||||||
import java.time.LocalDateTime;
|
import java.time.LocalDate;
|
||||||
|
|
||||||
@Data
|
@Data
|
||||||
public class StoryVo {
|
public class StoryVo {
|
||||||
@@ -15,5 +15,5 @@ public class StoryVo {
|
|||||||
private String status;
|
private String status;
|
||||||
private String logo;
|
private String logo;
|
||||||
@JsonFormat(pattern = "yyyy-MM-dd")
|
@JsonFormat(pattern = "yyyy-MM-dd")
|
||||||
private LocalDateTime storyTime;
|
private LocalDate storyTime;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -22,8 +22,8 @@ file.service.url=http://localhost:30002/file/
|
|||||||
user.service.url=http://localhost:30003/user/
|
user.service.url=http://localhost:30003/user/
|
||||||
|
|
||||||
spring.servlet.multipart.enabled=true
|
spring.servlet.multipart.enabled=true
|
||||||
spring.servlet.multipart.max-file-size=10MB
|
spring.servlet.multipart.max-file-size=1000MB
|
||||||
spring.servlet.multipart.max-request-size=10MB
|
spring.servlet.multipart.max-request-size=1000MB
|
||||||
|
|
||||||
spring.data.redis.host=127.0.0.1
|
spring.data.redis.host=127.0.0.1
|
||||||
spring.data.redis.port=36379
|
spring.data.redis.port=36379
|
||||||
|
|||||||
@@ -25,17 +25,20 @@
|
|||||||
UPDATE story SET story.is_delete = 1, update_time = NOW() WHERE instance_id = #{instanceId}
|
UPDATE story SET story.is_delete = 1, update_time = NOW() WHERE instance_id = #{instanceId}
|
||||||
</delete>
|
</delete>
|
||||||
|
|
||||||
<select id="selectByInstanceId" resultType="com.timeline.story.entity.Story">
|
<select id="selectByInstanceId" resultType="com.timeline.story.vo.StoryDetailVo">
|
||||||
SELECT
|
SELECT
|
||||||
s.*,
|
s.*,
|
||||||
u1.username as owner_name,
|
u1.username as owner_name,
|
||||||
u2.username as update_name,
|
u2.username as update_name,
|
||||||
|
sp.permission_type as permission_type,
|
||||||
(SELECT COUNT(*) FROM story_item si WHERE si.story_instance_id = s.instance_id AND si.is_delete = 0) as item_count
|
(SELECT COUNT(*) FROM story_item si WHERE si.story_instance_id = s.instance_id AND si.is_delete = 0) as item_count
|
||||||
|
|
||||||
FROM story s
|
FROM story s
|
||||||
|
|
||||||
LEFT JOIN user u1 ON s.owner_id = u1.user_id AND u1.is_deleted = 0
|
LEFT JOIN user u1 ON s.owner_id = u1.user_id AND u1.is_deleted = 0
|
||||||
LEFT JOIN user u2 ON s.update_id = u2.user_id AND u2.is_deleted = 0
|
LEFT JOIN user u2 ON s.update_id = u2.user_id AND u2.is_deleted = 0
|
||||||
|
LEFT JOIN story_permission sp on sp.story_instance_id = s.instance_id and sp.user_id = #{userId}
|
||||||
|
|
||||||
WHERE s.instance_id = #{instanceId}
|
WHERE s.instance_id = #{instanceId}
|
||||||
</select>
|
</select>
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user