故事增加权限响应及校验

2025-12-31 13:34:58 +08:00
parent d77061c46f
commit 323415f33a
10 changed files with 51 additions and 25 deletions
--- a/timeline-component-common/src/main/java/com/timeline/common/constants/CommonConstants.java
+++ b/timeline-component-common/src/main/java/com/timeline/common/constants/CommonConstants.java
@@ -37,7 +37,7 @@ public class CommonConstants {
    /**
     * 仅查看权限
    */
-    public static final int STORY_PERMISSION_TYPE_READ = 2;
+    public static final int STORY_PERMISSION_TYPE_READ = 4;
    /**
     * 可编辑权限
     */
@@ -45,7 +45,7 @@ public class CommonConstants {
    /**
     * 管理权限
     */
-    public static final int STORY_PERMISSION_TYPE_ADMIN = 4;
+    public static final int STORY_PERMISSION_TYPE_ADMIN = 2;

    /**
     * 好友状态
--- a/timeline-story-service/src/main/java/com/timeline/story/dao/StoryMapper.java
+++ b/timeline-story-service/src/main/java/com/timeline/story/dao/StoryMapper.java
@@ -1,6 +1,7 @@
 package com.timeline.story.dao;

 import com.timeline.story.entity.Story;
+import com.timeline.story.vo.StoryDetailVo;
 import org.apache.ibatis.annotations.Mapper;

 import java.util.List;
@@ -10,7 +11,7 @@ public interface StoryMapper {
    void insert(Story story);
    void update(Story story);
    void deleteByInstanceId(String instanceId);
-    Story selectByInstanceId(String instanceId);
-    List<Story> selectByOwnerId(String ownerId);
+    StoryDetailVo selectByInstanceId(String instanceId, String userId);
+    List<StoryDetailVo> selectByOwnerId(String ownerId);
    void touchUpdate(String instanceId, String updateId);    
 }
--- a/timeline-story-service/src/main/java/com/timeline/story/entity/Story.java
+++ b/timeline-story-service/src/main/java/com/timeline/story/entity/Story.java
@@ -3,6 +3,7 @@ package com.timeline.story.entity;
 import com.fasterxml.jackson.annotation.JsonFormat;
 import lombok.Data;

+import java.time.LocalDate;
 import java.time.LocalDateTime;

@Data
@@ -13,7 +14,7 @@ public class Story {
    @JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss")
    private LocalDateTime createTime;
    @JsonFormat(pattern = "yyyy-MM-dd")
-    private LocalDateTime storyTime;
+    private LocalDate storyTime;
    @JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss")
    private LocalDateTime updateTime;
    private String  updateId;
@@ -21,9 +22,4 @@ public class Story {
    private String ownerId;
    private String status;
    private String logo;
-    // 新增字段：创建人名称和修改人名称
-    private String ownerName;
-    private String updateName;
-    // 新增字段：故事项数量
-    private Integer itemCount;
 }
--- a/timeline-story-service/src/main/java/com/timeline/story/service/StoryService.java
+++ b/timeline-story-service/src/main/java/com/timeline/story/service/StoryService.java
@@ -1,6 +1,7 @@
 package com.timeline.story.service;

 import com.timeline.story.entity.Story;
+import com.timeline.story.vo.StoryDetailVo;
 import com.timeline.story.vo.StoryVo;

 import java.util.List;
@@ -10,7 +11,7 @@ public interface StoryService {
    void updateStory(StoryVo storyVo, String storyId);
    void deleteStory(String storyId);
    Story getStoryByInstanceId(String storyId);
-    List<Story> getStoriesByOwnerId(String ownerId);
-    List<Story> getStories(StoryVo storyVo);
+    List<StoryDetailVo> getStoriesByOwnerId(String ownerId);
+    List<StoryDetailVo> getStories(StoryVo storyVo);

 }
--- a/timeline-story-service/src/main/java/com/timeline/story/service/impl/StoryPermissionServiceImpl.java
+++ b/timeline-story-service/src/main/java/com/timeline/story/service/impl/StoryPermissionServiceImpl.java
@@ -138,8 +138,8 @@ public class StoryPermissionServiceImpl implements StoryPermissionService {
            return false;
        }

-        // 权限类型数字越大权限越高
-        return permission.getPermissionType() >= requiredPermissionType;
+        // 权限类型数字越小权限越高
+        return permission.getPermissionType() <= requiredPermissionType;
    }

    @Override
--- a/timeline-story-service/src/main/java/com/timeline/story/service/impl/StoryServiceImpl.java
+++ b/timeline-story-service/src/main/java/com/timeline/story/service/impl/StoryServiceImpl.java
@@ -9,12 +9,14 @@ import com.timeline.story.dao.StoryMapper;
 import com.timeline.story.service.StoryPermissionService;
 import com.timeline.story.service.StoryService;
 import com.timeline.story.service.StoryActivityService;
+import com.timeline.story.vo.StoryDetailVo;
 import com.timeline.story.vo.StoryPermissionVo;
 import com.timeline.story.vo.StoryVo;
 import com.timeline.common.utils.IdUtils;
 import com.timeline.common.utils.UserContextUtils;

 import lombok.extern.slf4j.Slf4j;
+import lombok.val;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;

@@ -85,10 +87,13 @@ public class StoryServiceImpl implements StoryService {
    public void updateStory(StoryVo storyVo, String storyId) {
        String currentUserId = getCurrentUserId();

-        Story story = storyMapper.selectByInstanceId(storyId);
+        Story story = storyMapper.selectByInstanceId(storyId, currentUserId);
        if (story == null) {
            throw new CustomException(ResponseEnum.NOT_FOUND);
        }
+        if (!storyPermissionService.checkUserPermission(storyId, currentUserId, CommonConstants.STORY_PERMISSION_TYPE_WRITE)) {
+            throw new CustomException(ResponseEnum.FORBIDDEN, "无权限修改故事");
+        }
        story.setTitle(storyVo.getTitle());
        story.setDescription(storyVo.getDescription());
        story.setStatus(storyVo.getStatus());
@@ -110,10 +115,13 @@ public class StoryServiceImpl implements StoryService {
    @Override
    public void deleteStory(String storyId) {
        String currentUserId = getCurrentUserId();
-        Story story = storyMapper.selectByInstanceId(storyId);
+        Story story = storyMapper.selectByInstanceId(storyId, currentUserId);
        if (story == null) {
            throw new CustomException(ResponseEnum.NOT_FOUND);
        }
+        if (!storyPermissionService.checkUserPermission(storyId, currentUserId, CommonConstants.STORY_PERMISSION_TYPE_ADMIN)) {
+            throw new CustomException(ResponseEnum.FORBIDDEN, "无权限删除故事");
+        }
        // delete story
        storyMapper.deleteByInstanceId(storyId);
        // delete permission
@@ -129,7 +137,8 @@ public class StoryServiceImpl implements StoryService {

    @Override
    public Story getStoryByInstanceId(String storyId) {
-        Story story = storyMapper.selectByInstanceId(storyId);
+        val userId = getCurrentUserId();
+        Story story = storyMapper.selectByInstanceId(storyId, userId);
        if (story == null) {
            throw new CustomException(ResponseEnum.NOT_FOUND);
        }
@@ -137,7 +146,7 @@ public class StoryServiceImpl implements StoryService {
    }

    @Override
-    public List<Story> getStoriesByOwnerId(String ownerId) {
+    public List<StoryDetailVo> getStoriesByOwnerId(String ownerId) {
        try {
            return storyMapper.selectByOwnerId(ownerId);
        } catch (Exception e) {
@@ -147,7 +156,7 @@ public class StoryServiceImpl implements StoryService {
    }

    @Override
-    public List<Story> getStories(StoryVo storyVo) {
+    public List<StoryDetailVo> getStories(StoryVo storyVo) {
        try {
            String currentUserId = getCurrentUserId();
            return storyMapper.selectByOwnerId(currentUserId);
--- a/timeline-story-service/src/main/java/com/timeline/story/vo/StoryDetailVo.java
+++ b/timeline-story-service/src/main/java/com/timeline/story/vo/StoryDetailVo.java
@@ -0,0 +1,16 @@
+package com.timeline.story.vo;
+
+import com.timeline.story.entity.Story;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+
+@EqualsAndHashCode(callSuper = true)
+@Data
+public class StoryDetailVo extends Story {
+    // 新增字段：创建人名称和修改人名称
+    private String ownerName;
+    private String updateName;
+    // 新增字段：故事项数量
+    private Integer itemCount;
+    private Integer permissionType;
+}
--- a/timeline-story-service/src/main/java/com/timeline/story/vo/StoryVo.java
+++ b/timeline-story-service/src/main/java/com/timeline/story/vo/StoryVo.java
@@ -3,7 +3,7 @@ package com.timeline.story.vo;
 import com.fasterxml.jackson.annotation.JsonFormat;
 import lombok.Data;

-import java.time.LocalDateTime;
+import java.time.LocalDate;

@Data
 public class StoryVo {
@@ -15,5 +15,5 @@ public class StoryVo {
    private String status;
    private String logo;
    @JsonFormat(pattern = "yyyy-MM-dd")
-    private LocalDateTime storyTime;
+    private LocalDate storyTime;
 }
--- a/timeline-story-service/src/main/resources/application.properties
+++ b/timeline-story-service/src/main/resources/application.properties
@@ -22,8 +22,8 @@ file.service.url=http://localhost:30002/file/
 user.service.url=http://localhost:30003/user/

 spring.servlet.multipart.enabled=true
-spring.servlet.multipart.max-file-size=10MB
-spring.servlet.multipart.max-request-size=10MB
+spring.servlet.multipart.max-file-size=1000MB
+spring.servlet.multipart.max-request-size=1000MB

 spring.data.redis.host=127.0.0.1
 spring.data.redis.port=36379
--- a/timeline-story-service/src/main/resources/com/timeline/story/dao/StoryMapper.xml
+++ b/timeline-story-service/src/main/resources/com/timeline/story/dao/StoryMapper.xml
@@ -25,17 +25,20 @@
        UPDATE story SET story.is_delete = 1, update_time = NOW() WHERE instance_id = #{instanceId}
    </delete>

-    <select id="selectByInstanceId" resultType="com.timeline.story.entity.Story">
+    <select id="selectByInstanceId" resultType="com.timeline.story.vo.StoryDetailVo">
        SELECT
            s.*,
            u1.username as owner_name,
            u2.username as update_name,
+            sp.permission_type as permission_type,
        (SELECT COUNT(*) FROM story_item si WHERE si.story_instance_id = s.instance_id AND si.is_delete = 0) as item_count

        FROM story s

    LEFT JOIN user u1 ON s.owner_id = u1.user_id AND u1.is_deleted = 0
    LEFT JOIN user u2 ON s.update_id = u2.user_id AND u2.is_deleted = 0
+    LEFT JOIN story_permission sp on sp.story_instance_id = s.instance_id and sp.user_id = #{userId}
+
        WHERE s.instance_id = #{instanceId}
    </select>