新增了ProjectAuthorize注解，将token数据存储到了request attribute中

2022-12-27 13:18:42 +08:00 · 2022-12-27 13:18:42 +08:00 · 0f836f29f8
parent 8ba644811a
commit 0f836f29f8
6 changed files with 40 additions and 8 deletions
--- a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/annotation/ProjectAuthorize.java
+++ b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/annotation/ProjectAuthorize.java
@ -0,0 +1,14 @@
+package cn.edu.hfut.rmdjzz.projectmanagement.annotation;
+
+import java.lang.annotation.*;
+
+@Documented
+@Retention(RetentionPolicy.RUNTIME)
+@Target(ElementType.METHOD)
+public @interface ProjectAuthorize {
+    /**
+     * 填写逻辑判断式，用p代表项目内权限，g代表全局权限，拥有1级全局权限的人默认拥有所有项目内权限
+     * 如 "p>0 && p<3"，指该接口只有在该项目的权限大于3的人才能执行
+     */
+    String value();
+}
--- a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/controller/AnnouncementController.java
+++ b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/controller/AnnouncementController.java
@ -1,5 +1,6 @@
 package cn.edu.hfut.rmdjzz.projectmanagement.controller;

+import cn.edu.hfut.rmdjzz.projectmanagement.annotation.ProjectAuthorize;
 import cn.edu.hfut.rmdjzz.projectmanagement.entity.Announcement;
 import cn.edu.hfut.rmdjzz.projectmanagement.entity.dto.AnnouncementDTO;
 import cn.edu.hfut.rmdjzz.projectmanagement.exception.BadRequestException;
@ -49,18 +50,21 @@ public class AnnouncementController {
    }

    @SneakyThrows
+    @ProjectAuthorize("a>0 && a<=2")
    @PostMapping
    public ResponseMap createAnnouncement(
-            @RequestHeader(TokenUtils.HEADER_TOKEN) String token,
+//            @RequestHeader(TokenUtils.HEADER_TOKEN) String token,
+            @RequestAttribute Integer staffId,
            @PathVariable Integer projectId,
            @RequestBody Announcement announcement
    ) {
-        Integer accessLevel = projectGroupService.getProjectAccessLevel(token, projectId);
+        /*Integer accessLevel = projectGroupService.getProjectAccessLevel(token, projectId);
        if (accessLevel == 0 || accessLevel > 2) {
            throw new ForbiddenException(ForbiddenException.UNABLE_TO_OPERATE);
-        }
+        }*/
        announcement.setProjectId(projectId);
-        announcement.setAnnouncementPublisherId(TokenUtils.getStaffId(token));
+//        announcement.setAnnouncementPublisherId(TokenUtils.getStaffId(token));
+        announcement.setAnnouncementPublisherId(staffId);
        announcement.setAnnouncementPublishTime(null);
        if (announcementService.save(announcement)) {
            return ResponseMap.ofSuccess();
--- a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/interceptor/TokenInterceptor.java
+++ b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/interceptor/TokenInterceptor.java
@ -49,6 +49,11 @@ public class TokenInterceptor implements HandlerInterceptor {
                    Objects.requireNonNull(TokenUtils.getDuration(token)), TimeUnit.SECONDS
            );
        }
+
+        httpServletRequest.setAttribute(TokenUtils.STAFF_USERNAME, TokenUtils.getUsername(token));
+        httpServletRequest.setAttribute(TokenUtils.STAFF_ID, TokenUtils.getStaffId(token));
+        httpServletRequest.setAttribute(TokenUtils.STAFF_GLOBAL_LEVEL, TokenUtils.getStaffGlobalLevel(token));
+
        httpServletResponse.setHeader(TokenUtils.HEADER_TOKEN, newToken);
        return true;
    }
--- a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/service/impl/TaskServiceImpl.java
+++ b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/service/impl/TaskServiceImpl.java
@ -150,10 +150,11 @@ public class TaskServiceImpl extends ServiceImpl<TaskMapper, Task> implements IT

    @NotNull
    private void addResultProjectProcess(List<StaffProcessDTO> resList, String projectType) {
-        Boolean typeExist = false;
+        boolean typeExist = false;
        for (StaffProcessDTO staffProcessDTO : resList) {
            if (Objects.equals(staffProcessDTO.getTaskType(), projectType)) {
                typeExist = true;
+                break;
            }
        }
        if (!typeExist) {
--- a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/utils/TokenUtils.java
+++ b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/utils/TokenUtils.java
@ -19,9 +19,9 @@ public final class TokenUtils {
    private final static String PV_KEY = "SignedByRMDJZZ";

    public final static String HEADER_TOKEN = "Token";
-    private final static String STAFF_USERNAME = "staffUsername";
-    private final static String STAFF_ID = "staffId";
-    private final static String STAFF_GLOBAL_LEVEL = "staffGlobalLevel";
+    public final static String STAFF_USERNAME = "staffUsername";
+    public final static String STAFF_ID = "staffId";
+    public final static String STAFF_GLOBAL_LEVEL = "staffGlobalLevel";
    private final static String DURATION = "duration";

    public static String getToken(String staffUsername, Integer staffId, Integer staffGlobalLevel, Long duration) {
--- a/src/test/java/cn/edu/hfut/rmdjzz/projectmanagement/UtilTests.java
+++ b/src/test/java/cn/edu/hfut/rmdjzz/projectmanagement/UtilTests.java
@ -1,6 +1,7 @@
 package cn.edu.hfut.rmdjzz.projectmanagement;

 import cn.edu.hfut.rmdjzz.projectmanagement.utils.TimeUtils;
+import lombok.SneakyThrows;
 import org.junit.jupiter.api.Test;

 import java.time.LocalDate;
@ -21,4 +22,11 @@ public class UtilTests {
        LocalTime t = LocalTime.now();
        System.out.println(TimeUtils.validateDateTimeLine(a, b, c));
    }
+
+    @SneakyThrows
+    @Test
+    public void test() {
+        Class<?> returnType = this.getClass().getMethod("timeTest").getReturnType();
+        System.out.println(returnType.equals(void.class));
+    }
 }