修复了拥有全局最高权限的账号进入未参与的项目时查询错误的问题

master
ArgonarioD 2022-07-13 16:39:40 +08:00
parent 7dbf52d915
commit aa086ea9cd
3 changed files with 12 additions and 5 deletions

View File

@ -6,6 +6,7 @@ import cn.edu.hfut.rmdjzz.projectmanagement.entity.vo.GroupPositionVO;
import cn.edu.hfut.rmdjzz.projectmanagement.exception.BadRequestException; import cn.edu.hfut.rmdjzz.projectmanagement.exception.BadRequestException;
import cn.edu.hfut.rmdjzz.projectmanagement.exception.ForbiddenException; import cn.edu.hfut.rmdjzz.projectmanagement.exception.ForbiddenException;
import cn.edu.hfut.rmdjzz.projectmanagement.service.IProjectGroupService; import cn.edu.hfut.rmdjzz.projectmanagement.service.IProjectGroupService;
import cn.edu.hfut.rmdjzz.projectmanagement.service.IStaffService;
import cn.edu.hfut.rmdjzz.projectmanagement.service.ITaskService; import cn.edu.hfut.rmdjzz.projectmanagement.service.ITaskService;
import cn.edu.hfut.rmdjzz.projectmanagement.utils.TokenUtils; import cn.edu.hfut.rmdjzz.projectmanagement.utils.TokenUtils;
import cn.edu.hfut.rmdjzz.projectmanagement.utils.ValidateUtils; import cn.edu.hfut.rmdjzz.projectmanagement.utils.ValidateUtils;
@ -63,11 +64,14 @@ public class ProjectGroupController {
if (projectGroupService.getProjectAccessLevel(token, projectId) == 0) { if (projectGroupService.getProjectAccessLevel(token, projectId) == 0) {
throw new ForbiddenException(IProjectGroupService.UNABLE_TO_ACCESS_PROJECT); throw new ForbiddenException(IProjectGroupService.UNABLE_TO_ACCESS_PROJECT);
} }
return ResponseMap.ofSuccess(projectGroupService.getOne( ProjectGroup designatedStaff = projectGroupService.getOne(
Wrappers.<ProjectGroup>lambdaQuery() Wrappers.<ProjectGroup>lambdaQuery()
.eq(ProjectGroup::getStaffId, staffId) .eq(ProjectGroup::getStaffId, staffId)
.eq(ProjectGroup::getProjectId, projectId) .eq(ProjectGroup::getProjectId, projectId));
)); if (designatedStaff == null) { //说明是超级管理员
designatedStaff = new ProjectGroup(staffId, projectId, IStaffService.LEVEL_1, 1);
}
return ResponseMap.ofSuccess(designatedStaff);
} }
@Operation(description = "body中只传staffUsername和projectStaffPosition") @Operation(description = "body中只传staffUsername和projectStaffPosition")

View File

@ -16,6 +16,7 @@ import java.util.Map;
public interface IStaffService extends IService<Staff> { public interface IStaffService extends IService<Staff> {
String STAFF_DOES_NOT_EXIST = "用户不存在"; String STAFF_DOES_NOT_EXIST = "用户不存在";
String LEVEL_1 = "超级管理员";
Map<String, Object> login(String requestIpAddress, String username, String password) throws BadRequestException, TokenException, ForbiddenException; Map<String, Object> login(String requestIpAddress, String username, String password) throws BadRequestException, TokenException, ForbiddenException;

View File

@ -7,6 +7,7 @@ import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest; import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.mock.web.MockMultipartFile; import org.springframework.mock.web.MockMultipartFile;
import org.springframework.util.DigestUtils;
import org.springframework.web.multipart.MultipartFile; import org.springframework.web.multipart.MultipartFile;
/** /**
@ -23,7 +24,8 @@ public class ExcelTests {
@Test @Test
public void importTest() { public void importTest() {
MultipartFile excelFile = new MockMultipartFile("账户导入模板.xlsx", MultipartFile excelFile = new MockMultipartFile("账户导入模板.xlsx",
FileUtils.class.getClassLoader().getResourceAsStream("static/public/账户导入模板.xlsx")); FileUtils.class.getClassLoader().getResourceAsStream("/static/public/账户导入模板.xlsx"));
staffService.multiImport("", excelFile); //staffService.multiImport("", excelFile);
System.out.println(DigestUtils.md5DigestAsHex(excelFile.getBytes()));
} }
} }