From 817746871a1711882cf753324b1072fbe637d153 Mon Sep 17 00:00:00 2001 From: ArgonarioD Date: Sat, 14 Jan 2023 17:05:06 +0800 Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E4=BA=86=E4=B8=80=E4=BA=9B?= =?UTF-8?q?=E6=B3=A8=E9=87=8A=EF=BC=8C=E5=88=A0=E9=99=A4=E4=BA=86=E4=B8=80?= =?UTF-8?q?=E4=BA=9B=E6=97=A0=E6=95=88=E6=B3=A8=E9=87=8A?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../projectmanagement/advice/ExceptionHandlerAdvice.java | 6 ------ .../rmdjzz/projectmanagement/aop/ProjectAuthorizeAOP.java | 4 +++- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/advice/ExceptionHandlerAdvice.java b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/advice/ExceptionHandlerAdvice.java index 45165de..3d65664 100644 --- a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/advice/ExceptionHandlerAdvice.java +++ b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/advice/ExceptionHandlerAdvice.java @@ -25,29 +25,24 @@ public class ExceptionHandlerAdvice { @ExceptionHandler(UnauthorizedException.class) @ResponseStatus(HttpStatus.UNAUTHORIZED) public ResponseMap handleUnauthorizedException(Exception e) { - // log.error(ExceptionUtils.getStackTrace(e)); - // log.error(e.getMessage(), e); return ResponseMap.of(HttpStatus.UNAUTHORIZED.value(), e.getMessage()); } @ExceptionHandler(BadRequestException.class) @ResponseStatus(HttpStatus.BAD_REQUEST) public ResponseMap handleBadRequestException(BadRequestException e) { - // log.error(e.getMessage(), e); return ResponseMap.of(HttpStatus.BAD_REQUEST.value(), e.getMessage()); } @ExceptionHandler(ForbiddenException.class) @ResponseStatus(HttpStatus.FORBIDDEN) public ResponseMap handleForbiddenException(ForbiddenException e) { -// log.error(e.getMessage(), e); return ResponseMap.of(HttpStatus.FORBIDDEN.value(), e.getMessage()); } @ExceptionHandler(BindException.class) @ResponseStatus(HttpStatus.BAD_REQUEST) public ResponseMap handleBindException(BindException e) { -// log.error(e.getMessage(), e); return ResponseMap.of(HttpStatus.BAD_REQUEST.value(), e.getAllErrors().stream() .map(DefaultMessageSourceResolvable::getDefaultMessage) @@ -58,7 +53,6 @@ public class ExceptionHandlerAdvice { @ExceptionHandler(TooManyRequestException.class) @ResponseStatus(HttpStatus.TOO_MANY_REQUESTS) public ResponseMap handleTooManyRequestException(TooManyRequestException e) { -// log.error(e.getMessage(), e); return ResponseMap.of(HttpStatus.TOO_MANY_REQUESTS.value(), e.getMessage()); } } diff --git a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/aop/ProjectAuthorizeAOP.java b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/aop/ProjectAuthorizeAOP.java index ad76574..ae071d6 100644 --- a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/aop/ProjectAuthorizeAOP.java +++ b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/aop/ProjectAuthorizeAOP.java @@ -48,15 +48,17 @@ public class ProjectAuthorizeAOP { Integer projectAccessLevel = null; if (expression.contains("a")) { // 如果涉及到项目权限 Integer staffId = HttpUtils.getAttribute(attributes, TokenUtils.STAFF_ID); + // 获取路径参数中的projectId Map pathVariables = ((Map) (attributes .getAttribute(HandlerMapping.URI_TEMPLATE_VARIABLES_ATTRIBUTE, RequestAttributes.SCOPE_REQUEST))); assert pathVariables != null; Integer projectId = Integer.parseInt(pathVariables.get("projectId")); + // 获取项目权限,并将项目权限和项目记录本身放入RequestAttribute中 projectAccessLevel = projectGroupService.getProjectAccessLevel(staffId, globalAccessLevel, projectId); attributes.setAttribute(TokenUtils.PROJECT_ACCESS_LEVEL, projectAccessLevel, RequestAttributes.SCOPE_REQUEST); attributes.setAttribute(TokenUtils.TARGET_PROJECT, projectService.getById(projectId), RequestAttributes.SCOPE_REQUEST); } - // 解析SpEL表达式 + // 解析SpEL表达式,进行鉴权 ExpressionParser parser = new SpelExpressionParser(); Boolean result = parser.parseExpression(expression) .getValue(new ValidateObject(globalAccessLevel, projectAccessLevel), Boolean.class);