Merge remote-tracking branch 'origin/master'

src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/controller/AnnouncementController.java

@@ -28,24 +28,23 @@ public class AnnouncementController {
     private IProjectGroupService projectGroupService;
 
     @SneakyThrows
+    @ProjectAuthorize("a != 0")
     @GetMapping
-    public ResponseList<AnnouncementDTO> getAnnouncementList(@RequestHeader(TokenUtils.HEADER_TOKEN) String token, @PathVariable Integer projectId) {
+    public ResponseList<AnnouncementDTO> getAnnouncementList(
-        if (projectGroupService.getProjectAccessLevel(token, projectId) == 0) {
+//            @RequestHeader(TokenUtils.HEADER_TOKEN) String token,
-            throw new ForbiddenException(IProjectGroupService.UNABLE_TO_ACCESS_PROJECT);
+            @PathVariable Integer projectId
-        }
+    ) {
         return ResponseList.ofSuccess(announcementService.getAnnouncementList(projectId));
     }
 
     @SneakyThrows
+    @ProjectAuthorize("a != 0")
     @GetMapping("/{announcementId}")
     public ResponseMap getAnnouncementById(
-            @RequestHeader(TokenUtils.HEADER_TOKEN) String token,
+//            @RequestHeader(TokenUtils.HEADER_TOKEN) String token,
             @PathVariable Integer projectId,
             @PathVariable Long announcementId
     ) {
-        if (projectGroupService.getProjectAccessLevel(token, projectId) == 0) {
-            throw new ForbiddenException(IProjectGroupService.UNABLE_TO_ACCESS_PROJECT);
-        }
         return ResponseMap.ofSuccess(announcementService.getAnnouncementById(projectId, announcementId));
     }
 
@@ -89,13 +88,16 @@ public class AnnouncementController {
     }*/
 
     @SneakyThrows
+    @ProjectAuthorize("a>0 && a<=2")
     @DeleteMapping("/{announcementId}")
     public ResponseMap deleteAnnouncement(
-            @RequestHeader(TokenUtils.HEADER_TOKEN) String token,
+//            @RequestHeader(TokenUtils.HEADER_TOKEN) String token,
+            @RequestAttribute Integer staffId,
+            @RequestAttribute Integer globalAccessLevel,
             @PathVariable Integer projectId,
             @PathVariable Long announcementId
     ) {
-        if (announcementService.deleteAnnouncement(token, projectId, announcementId)) {
+        if (announcementService.deleteAnnouncement(projectId, staffId, globalAccessLevel, announcementId)) {
             return ResponseMap.ofSuccess();
         }
         throw new BadRequestException(BadRequestException.OPERATE_FAILED);

src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/controller/ProjectController.java

@@ -1,9 +1,11 @@
 package cn.edu.hfut.rmdjzz.projectmanagement.controller;
 
+import cn.edu.hfut.rmdjzz.projectmanagement.annotation.ProjectAuthorize;
 import cn.edu.hfut.rmdjzz.projectmanagement.annotation.RateLimit;
 import cn.edu.hfut.rmdjzz.projectmanagement.entity.Project;
 import cn.edu.hfut.rmdjzz.projectmanagement.entity.dto.ProjectDTO;
 import cn.edu.hfut.rmdjzz.projectmanagement.exception.BadRequestException;
+import cn.edu.hfut.rmdjzz.projectmanagement.exception.ForbiddenException;
 import cn.edu.hfut.rmdjzz.projectmanagement.service.IProjectGroupService;
 import cn.edu.hfut.rmdjzz.projectmanagement.service.IProjectService;
 import cn.edu.hfut.rmdjzz.projectmanagement.utils.TokenUtils;
@@ -19,6 +21,9 @@ import org.springframework.web.bind.annotation.*;
 
 import javax.validation.Valid;
 import java.util.Map;
+import java.util.Objects;
+
+import static cn.edu.hfut.rmdjzz.projectmanagement.service.IProjectService.PROJECT_COMPLETED;
 
 /**
  * @author 佘语殊
@@ -38,74 +43,94 @@ public class ProjectController {
     @SneakyThrows
     @GetMapping
     public ResponseList<ProjectDTO> getProjectListOfStaff(
-            @RequestHeader(TokenUtils.HEADER_TOKEN) String token,
+//            @RequestHeader(TokenUtils.HEADER_TOKEN) String token,
+            @RequestAttribute Integer globalAccessLevel,
+            @RequestAttribute Integer staffId,
             @Valid RequestPage page,
             @Parameter(description = "参数列表见Project实体类，时间可以用xxxxStart与xxxxEnd来确定区间"
                     , required = true) @RequestParam("paramMap") Map<String, Object> paramMap
     ) {
-        Page<ProjectDTO> result = projectService.pageMyProjects(token, page, paramMap);
+        if(globalAccessLevel == 1) staffId = null;
+        Page<ProjectDTO> result = projectService.pageMyProjects(staffId, page, paramMap);
         return ResponseList.ofSuccess(result);
     }
 
     @SneakyThrows
+    @ProjectAuthorize("a != 0")
     @GetMapping("/{projectId}")
     public ResponseMap getOneProjectBasicInfo(
-            @RequestHeader(TokenUtils.HEADER_TOKEN) String token,
+//            @RequestHeader(TokenUtils.HEADER_TOKEN) String token,
             @PathVariable("projectId") Integer projectId
     ) {
-        if (projectGroupService.getProjectAccessLevel(token, projectId) == 0) {
-            throw new BadRequestException(BadRequestException.WRONG_PARAMETERS);
-        }
         return ResponseMap.ofSuccess(projectService.getById(projectId));
     }
 
     @Operation(description = "根据Token获取该员工的Project数")
     @SneakyThrows
     @GetMapping("/count")
-    public ResponseMap getProjectNumOfStaff(@RequestHeader(TokenUtils.HEADER_TOKEN) String token) {
+    public ResponseMap getProjectNumOfStaff(
-        return ResponseMap.ofSuccess()
+//            @RequestHeader(TokenUtils.HEADER_TOKEN) String token
-                .put("totalNum", projectService.countMyProjects(token));
+            @RequestAttribute Integer staffId
-    }
-
-    @SneakyThrows
-    @PostMapping("/complete")
-    public ResponseMap completeProject(
-            @RequestHeader(TokenUtils.HEADER_TOKEN) String token,
-            @Parameter(description = "只需要传projectId即可，例：{\"projectId\": 1}")
-            @RequestBody Map<String, Object> map
     ) {
-        Integer targetProjectId = (Integer) map.get("projectId");
+        return ResponseMap.ofSuccess()
-        projectService.setProjectCompleted(token, targetProjectId);
+                .put("totalNum", projectService.countMyProjects(staffId));
+    }
+
+    @SneakyThrows
+    @ProjectAuthorize("a == 1 || g == 1")
+    @PostMapping("/complete/{projectId}")
+    public ResponseMap completeProject(
+//            @RequestHeader(TokenUtils.HEADER_TOKEN) String token,
+            @RequestAttribute Project targetProject,
+            @Parameter(description = "只需要传projectId即可，例：{\"projectId\": 1}")
+            @PathVariable Integer projectId
+    ) {
+        if (targetProject.getCompleted())
+            throw new BadRequestException(PROJECT_COMPLETED);
+        projectService.setProjectCompleted(targetProject);
         return ResponseMap.ofSuccess();
     }
 
     @SneakyThrows
+    @ProjectAuthorize("g != 0 && g <= 2")
     @PostMapping
-    public ResponseMap createProject(@RequestHeader(TokenUtils.HEADER_TOKEN) String token, @RequestBody Project project) {
+    public ResponseMap createProject(
-        projectService.createProject(token, project);
+//            @RequestHeader(TokenUtils.HEADER_TOKEN) String token,
+            @RequestAttribute Integer staffId,
+            @RequestBody Project project
+    ) {
+        projectService.createProject(staffId, project);
         return ResponseMap.ofSuccess();
     }
 
     @SneakyThrows
+    @ProjectAuthorize("a == 1 || g == 1")
     @PutMapping("/{projectId}")
     public ResponseMap updateProject(
-            @RequestHeader(TokenUtils.HEADER_TOKEN) String token,
+//            @RequestHeader(TokenUtils.HEADER_TOKEN) String token,
+            @RequestAttribute Integer staffId,
             @PathVariable Integer projectId,
             @RequestBody Project project
     ) {
         project.setProjectId(projectId);
         if (!projectService.checkOpenStatus(projectId))
             throw new BadRequestException(IProjectService.PROJECT_UNOPENED);
-        projectService.updateProject(token, project);
+        projectService.updateProject(staffId, project);
         return ResponseMap.ofSuccess();
     }
 
     @SneakyThrows
+    @ProjectAuthorize("a != 0")
     @GetMapping("/{projectId}/stats")
     public ResponseMap getProjectProcess(
-            @RequestHeader(TokenUtils.HEADER_TOKEN) String token,
+//            @RequestHeader(TokenUtils.HEADER_TOKEN) String token,
+            @RequestAttribute Integer staffId,
+            @RequestAttribute Integer globalAccessLevel,
             @PathVariable Integer projectId
     ) {
-        return ResponseMap.ofSuccess(projectService.getProjectProcess(token, projectId));
+        if (Objects.equals(projectId, 0)) {
+            throw new BadRequestException(BadRequestException.WRONG_PARAMETERS);
+        }
+        return ResponseMap.ofSuccess(projectService.getProjectProcess(staffId, globalAccessLevel, projectId));
     }
 }

src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/controller/TaskController.java

@@ -1,12 +1,16 @@
 package cn.edu.hfut.rmdjzz.projectmanagement.controller;
 
+import cn.edu.hfut.rmdjzz.projectmanagement.annotation.ProjectAuthorize;
 import cn.edu.hfut.rmdjzz.projectmanagement.annotation.RateLimit;
 import cn.edu.hfut.rmdjzz.projectmanagement.entity.Task;
 import cn.edu.hfut.rmdjzz.projectmanagement.entity.dto.StaffProcessDTO;
 import cn.edu.hfut.rmdjzz.projectmanagement.entity.dto.TaskDTO;
 import cn.edu.hfut.rmdjzz.projectmanagement.exception.BadRequestException;
+import cn.edu.hfut.rmdjzz.projectmanagement.exception.ForbiddenException;
+import cn.edu.hfut.rmdjzz.projectmanagement.service.IProjectGroupService;
 import cn.edu.hfut.rmdjzz.projectmanagement.service.IProjectService;
 import cn.edu.hfut.rmdjzz.projectmanagement.service.ITaskService;
+import cn.edu.hfut.rmdjzz.projectmanagement.service.impl.TaskServiceImpl;
 import cn.edu.hfut.rmdjzz.projectmanagement.utils.TokenUtils;
 import cn.edu.hfut.rmdjzz.projectmanagement.utils.http.ResponseList;
 import cn.edu.hfut.rmdjzz.projectmanagement.utils.http.ResponseMap;
@@ -29,54 +33,68 @@ public class TaskController {
     private IProjectService projectService;
 
     @SneakyThrows
+    @ProjectAuthorize("a != 0")
     @GetMapping("/{fatherId}/subtask")
     public ResponseList<TaskDTO> getSubTaskList(
-            @RequestHeader(TokenUtils.HEADER_TOKEN) String token,
+//            @RequestHeader(TokenUtils.HEADER_TOKEN) String token,
             @PathVariable("projectId") Integer projectId,
             @PathVariable("fatherId") Long fatherId
     ) {
-        List<TaskDTO> result = taskService.listSubtasks(token, projectId, fatherId);
+        List<TaskDTO> result = taskService.listSubtasks(projectId, fatherId);
         return ResponseList.ofSuccess(result);
     }
 
     @SneakyThrows
+    @ProjectAuthorize("a != 0")
     @RateLimit(key = "TaskMine", permitsPerSecond = 40, maxBurstSeconds = 15, timeout = 1200)
     @GetMapping("/mine")
-    public ResponseList<TaskDTO> getMyTasks(@RequestHeader(TokenUtils.HEADER_TOKEN) String token, @PathVariable("projectId") Integer projectId) {
+    public ResponseList<TaskDTO> getMyTasks(
-        List<TaskDTO> result = taskService.listMyTasks(token, projectId);
+//            @RequestHeader(TokenUtils.HEADER_TOKEN) String token,
+            @RequestAttribute Integer staffId,
+            @PathVariable("projectId") Integer projectId
+    ) {
+        List<TaskDTO> result = taskService.listMyTasks(staffId, projectId);
         return ResponseList.ofSuccess(result);
     }
 
     @SneakyThrows
+    @ProjectAuthorize("a != 0")
     @GetMapping("/subtask/exist")
     public ResponseMap existSubTask(
-            @RequestHeader(TokenUtils.HEADER_TOKEN) String token,
+//            @RequestHeader(TokenUtils.HEADER_TOKEN) String token,
             @PathVariable("projectId") Integer projectId,
             @RequestParam("taskId") Long taskId
     ) {
         return ResponseMap.ofSuccess()
-                .put("existSubTask", taskService.existSubTask(token, projectId, taskId));
+                .put("existSubTask", taskService.existSubTask(projectId, taskId));
     }
 
     @SneakyThrows
     @PostMapping
     public ResponseMap createTask(
-            @RequestHeader(TokenUtils.HEADER_TOKEN) String token,
+//            @RequestHeader(TokenUtils.HEADER_TOKEN) String token,
+            @RequestAttribute Integer staffId,
+            @RequestAttribute Integer globalAccessLevel,
+            @RequestAttribute Integer accessLevel,
             @PathVariable("projectId") Integer projectId,
             @RequestBody Task task
     ) {
         if (!projectService.checkOpenStatus(projectId))
             throw new BadRequestException(IProjectService.PROJECT_UNOPENED);
         task.setTaskProjectId(projectId);
-        taskService.insertTask(token, task);
+        taskService.insertTask(staffId, globalAccessLevel, accessLevel, task);
         return ResponseMap.ofSuccess();
     }
 
     @SneakyThrows
+    @ProjectAuthorize("a != 0")
     @RateLimit(key = "TaskModify", permitsPerSecond = 40, maxBurstSeconds = 15, timeout = 1200)
     @PutMapping("/{taskId}")
     public ResponseMap modifyTask(
-            @RequestHeader(TokenUtils.HEADER_TOKEN) String token,
+//            @RequestHeader(TokenUtils.HEADER_TOKEN) String token,
+            @RequestAttribute Integer staffId,
+            @RequestAttribute Integer globalAccessLevel,
+            @RequestAttribute Integer accessLevel,
             @PathVariable("projectId") Integer projectId,
             @PathVariable("taskId") Long taskId,
             @RequestBody Task task
@@ -86,7 +104,7 @@ public class TaskController {
         task.setTaskProjectId(projectId);
         task.setTaskId(taskId);
         task.setDeleted(false);
-        taskService.modifyTask(token, task);
+        taskService.modifyTask(staffId, globalAccessLevel, accessLevel, task);
         return ResponseMap.ofSuccess();
     }
 
@@ -94,46 +112,59 @@ public class TaskController {
     @RateLimit(key = "TaskModify", permitsPerSecond = 40, maxBurstSeconds = 15, timeout = 1200)
     @DeleteMapping("/{taskId}")
     public ResponseMap deleteTaskAndSubTask(
-            @RequestHeader(TokenUtils.HEADER_TOKEN) String token,
+//            @RequestHeader(TokenUtils.HEADER_TOKEN) String token,
+            @RequestAttribute Integer staffId,
+            @RequestAttribute Integer globalAccessLevel,
             @PathVariable("projectId") Integer projectId,
             @PathVariable("taskId") Long taskId
     ) {
         if (!projectService.checkOpenStatus(projectId))
             throw new BadRequestException(IProjectService.PROJECT_UNOPENED);
-        taskService.deleteTaskAndSubTask(token, projectId, taskId);
+        Integer level = taskService.getHolderLevel(staffId, globalAccessLevel, taskId);
+        if (level == 0 || level == 3) {
+            throw new BadRequestException(BadRequestException.WRONG_PARAMETERS);
+        }
+        taskService.deleteTaskAndSubTask(staffId, globalAccessLevel, taskId);
         return ResponseMap.ofSuccess();
     }
 
     @SneakyThrows
+    @ProjectAuthorize("a != 0")
     @RateLimit(key = "TaskTrend", permitsPerSecond = 50, maxBurstSeconds = 15, timeout = 1200)
     @GetMapping("/stats/trend")
     public ResponseMap getTaskTrend(
-            @RequestHeader(TokenUtils.HEADER_TOKEN) String token,
+//            @RequestHeader(TokenUtils.HEADER_TOKEN) String token,
             @PathVariable Integer projectId
     ) {
         if (!projectService.checkOpenStatus(projectId)) {
             throw new BadRequestException(IProjectService.PROJECT_UNOPENED);
         }
-        return ResponseMap.ofSuccess("查询成功", taskService.getProjectTaskTrend(token, projectId));
+        return ResponseMap.ofSuccess("查询成功", taskService.getProjectTaskTrend(projectId));
     }
 
     @SneakyThrows
+    @ProjectAuthorize("a != 0")
     @GetMapping("/stats/group")
     public ResponseMap getTaskNumOfEveryone(
-            @RequestHeader(TokenUtils.HEADER_TOKEN) String token,
+//            @RequestHeader(TokenUtils.HEADER_TOKEN) String token,
             @PathVariable Integer projectId
     ) {
-        return ResponseMap.ofSuccess("查询成功", taskService.getProjectProcessOfEveryone(token, projectId));
+        return ResponseMap.ofSuccess("查询成功", taskService.getProjectProcessOfEveryone(projectId));
     }
 
     @SneakyThrows
-    @GetMapping({"/stats", "/stats/{staffId}"})
+    @ProjectAuthorize("a != 0")
+    @GetMapping({"/stats", "/stats/{targetStaffId}"})
     public ResponseList<StaffProcessDTO> getProjectStatistics(
-            @RequestHeader(TokenUtils.HEADER_TOKEN) String token,
+//            @RequestHeader(TokenUtils.HEADER_TOKEN) String token,
+            @RequestAttribute Integer staffId,
             @PathVariable Integer projectId,
-            @PathVariable(required = false) Integer staffId
+            @PathVariable(required = false) Integer targetStaffId
     ) {
-        return ResponseList.ofSuccess("查询成功", taskService.getProjectStatistics(token, projectId, staffId));
+        if (staffId != null && staffId.equals(targetStaffId)) {
+            throw new ForbiddenException(IProjectGroupService.UNABLE_TO_ACCESS_PROJECT);
+        }
+        return ResponseList.ofSuccess("查询成功", taskService.getProjectStatistics(projectId, targetStaffId));
     }
 
 }

src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/service/IAnnouncementService.java

@@ -18,8 +18,8 @@ public interface IAnnouncementService extends IService<Announcement> {
 
     AnnouncementDTO getAnnouncementById(Integer projectId, Long announcementId);
 
-    Boolean updateAnnouncement(String token, Integer projectId, Announcement announcement) throws ForbiddenException, BadRequestException;
+//    Boolean updateAnnouncement(Integer projectId, Announcement announcement) throws ForbiddenException, BadRequestException;
 
-    Boolean deleteAnnouncement(String token, Integer projectId, Long announcementId) throws ForbiddenException, BadRequestException;
+    Boolean deleteAnnouncement(Integer projectId, Integer staffId, Integer globalAccessLevel, Long announcementId) throws ForbiddenException, BadRequestException;
 
 }

src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/service/IProjectGroupService.java

@@ -33,7 +33,6 @@ public interface IProjectGroupService extends IService<ProjectGroup> {
     /**
      * @return 如果不存在就返回0，否则返回AccessLevel；对于全局权限为1的用户，直接返回1
      */
-    Integer getProjectAccessLevel(String staffId, Integer projectId);
 
     Integer getProjectAccessLevel(Integer staffId, Integer staffGlobalLevel, Integer projectId);
 
@@ -49,7 +48,7 @@ public interface IProjectGroupService extends IService<ProjectGroup> {
      * <p>
      * 返回类似于{@link Integer#compare(int, int)}，推荐使用compareProjectAccessLevel(...)>(或其他逻辑判断符)0，若<则token持有者拥有更高权限
      */
-    Integer compareProjectAccessLevel(Integer projectId, String token, Integer targetId);
+    Integer compareProjectAccessLevel(Integer projectId, Integer staffId, Integer globalAccessLevel, Integer targetId);
 
     Page<ProjectGroupDTO> pageProjectMembers(RequestPage page, Integer projectId);
 

src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/service/IProjectService.java

@@ -20,17 +20,17 @@ public interface IProjectService extends IService<Project> {
     String PROJECT_UNOPENED = "该项目未开放";
     String PROJECT_COMPLETED = "该项目已结项";
 
-    Long countMyProjects(String token);
+    Long countMyProjects(Integer staffId);
 
-    ProjectProcessDTO getProjectProcess(String token, Integer projectId) throws ForbiddenException, BadRequestException;
+    ProjectProcessDTO getProjectProcess(Integer staff, Integer globalAccessLevel, Integer projectId) throws ForbiddenException, BadRequestException;
 
-    Page<ProjectDTO> pageMyProjects(String token, RequestPage page, Map<String, Object> params);
+    Page<ProjectDTO> pageMyProjects(Integer staffId, RequestPage page, Map<String, Object> params);
 
-    Boolean setProjectCompleted(String token, Integer projectId) throws BadRequestException, ForbiddenException;
+    Boolean setProjectCompleted(Project targetProject) throws BadRequestException, ForbiddenException;
 
-    Boolean createProject(String token, Project project) throws BadRequestException, ForbiddenException;
+    Boolean createProject(Integer staffId, Project project) throws BadRequestException, ForbiddenException;
 
     Boolean checkOpenStatus(Integer projectId);
 
-    Boolean updateProject(String token, Project project) throws BadRequestException, ForbiddenException;
+    Boolean updateProject(Integer staffId, Project project) throws BadRequestException, ForbiddenException;
 }

src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/service/ITaskService.java

@@ -16,15 +16,15 @@ import java.util.Map;
  * created at 2022/7/4 14:49
  */
 public interface ITaskService extends IService<Task> {
-    List<TaskDTO> listSubtasks(String token, Integer projectId, Long fatherId) throws BadRequestException, ForbiddenException;
+    List<TaskDTO> listSubtasks(Integer projectId, Long fatherId) throws BadRequestException, ForbiddenException;
 
-    Boolean existSubTask(String token, Integer projectId, Long taskId) throws BadRequestException, ForbiddenException;
+    Boolean existSubTask(Integer projectId, Long taskId) throws BadRequestException, ForbiddenException;
 
-    Boolean deleteTaskAndSubTask(String token, Integer projectId, Long taskId) throws BadRequestException, ForbiddenException;
+    Boolean deleteTaskAndSubTask(Integer staffId, Integer globalAccessLevel, Long taskId) throws BadRequestException, ForbiddenException;
 
-    Boolean closeTaskAndSubTask(String token, Integer projectId, Long taskId) throws BadRequestException;
+//    Boolean closeTaskAndSubTask(String token, Integer projectId, Long taskId) throws BadRequestException;
 
-    List<StaffProcessDTO> getProjectStatistics(String token, Integer projectId, Integer staffId) throws BadRequestException, ForbiddenException;
+    List<StaffProcessDTO> getProjectStatistics(Integer projectId, Integer staffId) throws BadRequestException, ForbiddenException;
 
     /**
      * @return 1:all rights 2:father holder 3:current holder 0:no right
@@ -36,21 +36,21 @@ public interface ITaskService extends IService<Task> {
      *
      * @return 1:all rights 2:father holder 3:current holder 0:no right
      */
-    Integer getHolderLevel(String token, Long taskId);
+//    Integer getHolderLevel(String token, Long taskId);
 
-    List<TaskDTO> listMyTasks(String token, Integer projectId) throws BadRequestException, ForbiddenException;
+    List<TaskDTO> listMyTasks(Integer staffId, Integer projectId) throws BadRequestException, ForbiddenException;
 
     Boolean canBeDone(Long taskId);
 
-    Task insertTask(String token, Task task) throws BadRequestException, ForbiddenException;
+    Task insertTask(Integer staffId, Integer globalAccessLevel, Integer accessLevel, Task task) throws BadRequestException, ForbiddenException;
 
-    Task modifyTask(String token, Task task) throws BadRequestException, ForbiddenException;
+    Task modifyTask(Integer staffId, Integer globalAccessLevel, Integer accessLevel, Task task) throws BadRequestException, ForbiddenException;
 
-    Map<String, List<TaskTrendDTO>> getProjectTaskTrend(String token, Integer projectId) throws ForbiddenException;
+    Map<String, List<TaskTrendDTO>> getProjectTaskTrend(Integer projectId) throws ForbiddenException;
 
     Boolean transferStaffTasks(String token, Integer projectId, Integer transferredStaffId, Map<Long, Integer> transferMap) throws ForbiddenException, BadRequestException;
 
     Boolean transferTasksToSingleStaff(String token, Integer projectId, Integer transferredStaffId, Integer targetStaffId) throws ForbiddenException, BadRequestException;
 
-    Map<String, Long> getProjectProcessOfEveryone(String token, Integer projectId) throws ForbiddenException;
+    Map<String, Long> getProjectProcessOfEveryone(Integer projectId) throws ForbiddenException;
 }

src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/service/impl/AnnouncementServiceImpl.java

@@ -35,34 +35,39 @@ public class AnnouncementServiceImpl extends ServiceImpl<AnnouncementMapper, Ann
         return baseMapper.selectAnnouncementById(projectId, announcementId);
     }
 
-    @Override
+//    @Override
-    public Boolean updateAnnouncement(String token, Integer projectId, Announcement announcement) throws ForbiddenException, BadRequestException {
+//    public Boolean updateAnnouncement(Integer projectId, Announcement announcement) throws ForbiddenException, BadRequestException {
-        Integer accessLevel = projectGroupService.getProjectAccessLevel(token, projectId);
+//        Integer accessLevel = projectGroupService.getProjectAccessLevel(token, projectId);
-        if (accessLevel == 0) {
+//        if (accessLevel == 0) {
-            throw new ForbiddenException(IProjectGroupService.UNABLE_TO_ACCESS_PROJECT);
+//            throw new ForbiddenException(IProjectGroupService.UNABLE_TO_ACCESS_PROJECT);
-        }
+//        }
-        if (accessLevel > 2) {
+//        if (accessLevel > 2) {
-            throw new ForbiddenException(ForbiddenException.UNABLE_TO_OPERATE);
+//            throw new ForbiddenException(ForbiddenException.UNABLE_TO_OPERATE);
-        }
+//        }
-        Announcement rawAnnouncement = baseMapper.selectById(announcement.getAnnouncementId());
+//        Announcement rawAnnouncement = baseMapper.selectById(announcement.getAnnouncementId());
-        if (projectGroupService.compareProjectAccessLevel(projectId, token, rawAnnouncement.getAnnouncementPublisherId()) <= 0) {
+//        if (projectGroupService.compareProjectAccessLevel(projectId, token, rawAnnouncement.getAnnouncementPublisherId()) <= 0) {
-            if (!announcement.checkModification(rawAnnouncement)) {
+//            if (!announcement.checkModification(rawAnnouncement)) {
-                throw new BadRequestException(BadRequestException.WRONG_PARAMETERS);
+//                throw new BadRequestException(BadRequestException.WRONG_PARAMETERS);
-            }
+//            }
-            return updateById(announcement);
+//            return updateById(announcement);
-        }
+//        }
-        throw new ForbiddenException(ForbiddenException.UNABLE_TO_OPERATE);
+//        throw new ForbiddenException(ForbiddenException.UNABLE_TO_OPERATE);
-    }
+//    }
 
     @Override
-    public Boolean deleteAnnouncement(String token, Integer projectId, Long announcementId) throws ForbiddenException, BadRequestException {
+    public Boolean deleteAnnouncement(
-        Integer accessLevel = projectGroupService.getProjectAccessLevel(token, projectId);
+            Integer staffId,
-        if (accessLevel == 0) {
+            Integer globalAccessLevel,
-            throw new ForbiddenException(IProjectGroupService.UNABLE_TO_ACCESS_PROJECT);
+            Integer projectId,
-        }
+            Long announcementId
-        if (accessLevel > 2) {
+    ) throws ForbiddenException, BadRequestException {
-            throw new ForbiddenException(ForbiddenException.UNABLE_TO_OPERATE);
+//        Integer accessLevel = projectGroupService.getProjectAccessLevel(token, projectId);
-        }
+//        if (accessLevel == 0) {
+//            throw new ForbiddenException(IProjectGroupService.UNABLE_TO_ACCESS_PROJECT);
+//        }
+//        if (accessLevel > 2) {
+//            throw new ForbiddenException(ForbiddenException.UNABLE_TO_OPERATE);
+//        }
         Announcement rawAnnouncement = baseMapper.selectOne(Wrappers.<Announcement>lambdaQuery()
                 .select(Announcement::getProjectId, Announcement::getAnnouncementPublisherId)
                 .eq(Announcement::getAnnouncementId, announcementId)
@@ -70,7 +75,7 @@ public class AnnouncementServiceImpl extends ServiceImpl<AnnouncementMapper, Ann
         if (!Objects.equals(projectId, rawAnnouncement.getProjectId())) {
             throw new BadRequestException(BadRequestException.WRONG_PARAMETERS);
         }
-        if (projectGroupService.compareProjectAccessLevel(projectId, token, rawAnnouncement.getAnnouncementPublisherId()) > 0) {
+        if (projectGroupService.compareProjectAccessLevel(projectId, staffId, globalAccessLevel, rawAnnouncement.getAnnouncementPublisherId()) > 0) {
             throw new ForbiddenException(ForbiddenException.UNABLE_TO_OPERATE);
         }
         return removeById(announcementId);

src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/service/impl/ProjectGroupServiceImpl.java

@@ -145,13 +145,6 @@ public class ProjectGroupServiceImpl extends ServiceImpl<ProjectGroupMapper, Pro
         ) == 1;
     }
 
-    @Override
-    public Integer getProjectAccessLevel(String token, Integer projectId) {
-        Integer staffId = TokenUtils.getStaffId(token);
-        Integer staffGlobalLevel = TokenUtils.getStaffGlobalLevel(token);
-        return getProjectAccessLevel(staffId, staffGlobalLevel, projectId);
-    }
-
     @Override
     public Integer getProjectAccessLevel(Integer staffId, Integer staffGlobalLevel, Integer projectId) {
         //对全局权限做特判
@@ -184,8 +177,8 @@ public class ProjectGroupServiceImpl extends ServiceImpl<ProjectGroupMapper, Pro
     }
 
     @Override
-    public Integer compareProjectAccessLevel(Integer projectId, String token, Integer targetId) {
+    public Integer compareProjectAccessLevel(Integer projectId, Integer staffId, Integer globalAccessLevel, Integer targetId) {
-        return Integer.compare(getProjectAccessLevel(token, projectId), getProjectAccessLevelIgnoreGlobalLevel(targetId, projectId));
+        return Integer.compare(getProjectAccessLevel(staffId, globalAccessLevel, projectId), getProjectAccessLevelIgnoreGlobalLevel(targetId, projectId));
     }
 
     @Override

src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/service/impl/ProjectServiceImpl.java

@@ -33,45 +33,44 @@ public class ProjectServiceImpl extends ServiceImpl<ProjectMapper, Project> impl
     private IProjectGroupService projectGroupService;
 
     @Override
-    public Long countMyProjects(String token) {
+    public Long countMyProjects(Integer staffId) {
-        Integer staffId = TokenUtils.getStaffId(token);
         return baseMapper.selectMyProjectCount(staffId);
     }
 
     @Override
-    public ProjectProcessDTO getProjectProcess(String token, Integer projectId) throws ForbiddenException, BadRequestException {
+    public ProjectProcessDTO getProjectProcess(Integer staffId, Integer globalAccessLevel, Integer projectId) throws ForbiddenException, BadRequestException {
-        if (projectGroupService.getProjectAccessLevel(token, projectId) == 0) {
+//        if (projectGroupService.getProjectAccessLevel(staffId, globalAccessLevel, projectId) == 0) {
-            throw new ForbiddenException(IProjectGroupService.UNABLE_TO_ACCESS_PROJECT);
+//            throw new ForbiddenException(IProjectGroupService.UNABLE_TO_ACCESS_PROJECT);
-        }
+//        }
-        if (Objects.equals(projectId, 0)) {
+//        if (Objects.equals(projectId, 0)) {
-            throw new BadRequestException(BadRequestException.WRONG_PARAMETERS);
+//            throw new BadRequestException(BadRequestException.WRONG_PARAMETERS);
-        }
+//        }
         return baseMapper.selectProjectProcess(projectId);
     }
 
     @Override
     public Page<ProjectDTO> pageMyProjects(
-            String token,
+//            String token,
+            Integer staffId,
             RequestPage page,
             Map<String, Object> params
     ) {
-        Integer staffId = TokenUtils.getStaffGlobalLevel(token) == 1 ? null : TokenUtils.getStaffId(token);
+//        Integer staffId = TokenUtils.getStaffGlobalLevel(token) == 1 ? null : TokenUtils.getStaffId(token);
         IPage<ProjectDTO> userPage = baseMapper.selectMyProject(page.getPage(), staffId, WrapperUtils.allEqAndTimeIntervalQueryWrapper(params));
         return (Page<ProjectDTO>) userPage;
     }
 
     @Override
-    public Boolean setProjectCompleted(String token, Integer projectId) throws BadRequestException, ForbiddenException {
+    public Boolean setProjectCompleted(
-        Project project = new Project();
+            Project targetProject
-        project.setProjectId(projectId);
+    ) throws BadRequestException, ForbiddenException
-        Project targetProject = baseMapper.selectById(project.getProjectId());
+    {
-        if (targetProject == null)
+//        Project targetProject = baseMapper.selectById(project.getProjectId());
-            throw new BadRequestException(BadRequestException.WRONG_PARAMETERS);
+//        if (targetProject == null)
-        if (!Objects.equals(TokenUtils.getStaffId(token), targetProject.getProjectCreator())
+//            throw new BadRequestException(BadRequestException.WRONG_PARAMETERS);
-                && !Objects.equals(TokenUtils.getStaffGlobalLevel(token), 1))
+        /*if (!Objects.equals(staffId, targetProject.getProjectCreator())
-            throw new ForbiddenException(ForbiddenException.UNABLE_TO_OPERATE);
+                && !Objects.equals(globalAccessLevel, 1))
-        if (targetProject.getCompleted())
+            throw new ForbiddenException(ForbiddenException.UNABLE_TO_OPERATE);*/
-            throw new BadRequestException(PROJECT_COMPLETED);
         targetProject.setCompleted(true);
         targetProject.setProjectClosedDate(LocalDate.now());
         if (baseMapper.updateById(targetProject) == 1)
@@ -80,15 +79,15 @@ public class ProjectServiceImpl extends ServiceImpl<ProjectMapper, Project> impl
     }
 
     @Override
-    public Boolean createProject(String token, Project project) throws BadRequestException, ForbiddenException {
+    public Boolean createProject(Integer staffId, Project project) throws BadRequestException, ForbiddenException {
-        Integer staffGlobalLevel = TokenUtils.getStaffGlobalLevel(token);
+//        Integer staffGlobalLevel = TokenUtils.getStaffGlobalLevel(token);
-        if (staffGlobalLevel == 0 || staffGlobalLevel > 2) {
+//        if (staffGlobalLevel == 0 || staffGlobalLevel > 2) {
-            throw new ForbiddenException(ForbiddenException.UNABLE_TO_OPERATE);
+//            throw new ForbiddenException(ForbiddenException.UNABLE_TO_OPERATE);
-        }
+//        }
         project.setProjectId(null);
         project.setCompleted(false);
         project.setProjectCreatedTime(null);
-        project.setProjectCreator(TokenUtils.getStaffId(token));
+        project.setProjectCreator(staffId);
         project.setProjectClosedDate(null);
         if (project.getExpectedCompletion() == null) {
             project.setExpectedCompletion((short) 100);
@@ -100,7 +99,7 @@ public class ProjectServiceImpl extends ServiceImpl<ProjectMapper, Project> impl
 
         try {
             if (baseMapper.insert(project) == 1) {
-                return projectGroupService.addCreator(project.getProjectId(), TokenUtils.getStaffId(token));
+                return projectGroupService.addCreator(project.getProjectId(), staffId);
             }
         } catch (Exception e) {
 //            log.error(e.getMessage(), e);
@@ -116,11 +115,11 @@ public class ProjectServiceImpl extends ServiceImpl<ProjectMapper, Project> impl
         return project != null && !project.getCompleted();
     }
 
-    public Boolean updateProject(String token, Project project) throws BadRequestException, ForbiddenException {
+    public Boolean updateProject(Integer staffId, Project project) throws BadRequestException, ForbiddenException {
-        Integer staffId = TokenUtils.getStaffId(token);
+//        Integer staffId = TokenUtils.getStaffId(token);
-        if (!staffId.equals(project.getProjectCreator()) && TokenUtils.getStaffGlobalLevel(token) != 1) {
+//        if (!staffId.equals(project.getProjectCreator()) && TokenUtils.getStaffGlobalLevel(token) != 1) {
-            throw new ForbiddenException(ForbiddenException.UNABLE_TO_OPERATE);
+//            throw new ForbiddenException(ForbiddenException.UNABLE_TO_OPERATE);
-        }
+//        }
         Project rawProject = baseMapper.selectById(project.getProjectId());
         if (Objects.equals(project, rawProject)) {
             return true;

src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/service/impl/TaskServiceImpl.java

@@ -38,10 +38,10 @@ public class TaskServiceImpl extends ServiceImpl<TaskMapper, Task> implements IT
     private IProjectGroupService projectGroupService;
 
     @Override
-    public List<TaskDTO> listSubtasks(String token, Integer projectId, Long fatherId) throws ForbiddenException, BadRequestException {
+    public List<TaskDTO> listSubtasks(Integer projectId, Long fatherId) throws ForbiddenException, BadRequestException {
-        if (projectGroupService.getProjectAccessLevel(token, projectId) == 0) {
+//        if (projectGroupService.getProjectAccessLevel(token, projectId) == 0) {
-            throw new ForbiddenException(IProjectGroupService.UNABLE_TO_ACCESS_PROJECT);
+//            throw new ForbiddenException(IProjectGroupService.UNABLE_TO_ACCESS_PROJECT);
-        }
+//        }
         if (fatherId == null) {
             throw new BadRequestException(BadRequestException.WRONG_PARAMETERS);
         }
@@ -52,23 +52,27 @@ public class TaskServiceImpl extends ServiceImpl<TaskMapper, Task> implements IT
     }
 
     @Override
-    public Boolean existSubTask(String token, Integer projectId, Long taskId) throws ForbiddenException {
+    public Boolean existSubTask(Integer projectId, Long taskId) throws ForbiddenException {
-        if (projectGroupService.getProjectAccessLevel(token, projectId) == 0) {
+//        if (projectGroupService.getProjectAccessLevel(token, projectId) == 0) {
-            throw new ForbiddenException(IProjectGroupService.UNABLE_TO_ACCESS_PROJECT);
+//            throw new ForbiddenException(IProjectGroupService.UNABLE_TO_ACCESS_PROJECT);
-        }
+//        }
         return baseMapper.exists(Wrappers.<Task>lambdaQuery().eq(Task::getTaskFatherId, taskId));
     }
 
     @Transactional(isolation = Isolation.SERIALIZABLE, rollbackFor = Exception.class)
     @Override
-    public Boolean deleteTaskAndSubTask(String token, Integer projectId, Long taskId) throws BadRequestException, ForbiddenException {
+    public Boolean deleteTaskAndSubTask(
-        Integer level = getHolderLevel(token, taskId);
+            Integer staffId,
-        if (projectGroupService.getProjectAccessLevel(token, projectId) == 0) {
+            Integer globalAccessLevel,
-            throw new ForbiddenException(IProjectGroupService.UNABLE_TO_ACCESS_PROJECT);
+            Long taskId
-        }
+    ) throws BadRequestException, ForbiddenException {
-        if (level == 0 || level == 3) {
+//        Integer level = getHolderLevel(staffId, globalAccessLevel, taskId);
-            throw new BadRequestException(BadRequestException.WRONG_PARAMETERS);
+//        if (projectGroupService.getProjectAccessLevel(token, projectId) == 0) {
-        }
+//            throw new ForbiddenException(IProjectGroupService.UNABLE_TO_ACCESS_PROJECT);
+//        }
+//        if (level == 0 || level == 3) {
+//            throw new BadRequestException(BadRequestException.WRONG_PARAMETERS);
+//        }
         try {
             List<Long> res = new ArrayList<>();
             // 添加根任务点Id，获得子节点数目
@@ -81,7 +85,7 @@ public class TaskServiceImpl extends ServiceImpl<TaskMapper, Task> implements IT
                 throw new BadRequestException("删除失败");
             }
             // 每次按照广度优先搜索的方式，按照树形的任务结构向下层寻找
-            for(int depth = 1; depth <= 20; depth++) {
+            for (int depth = 1; depth <= 20; depth++) {
                 // 寻找下一层的所有任务
                 List<Task> list = baseMapper.selectList(
                         Wrappers.<Task>lambdaQuery()
@@ -102,12 +106,11 @@ public class TaskServiceImpl extends ServiceImpl<TaskMapper, Task> implements IT
     }
 
     @Transactional(isolation = Isolation.SERIALIZABLE, rollbackFor = Exception.class)
-    @Override
+    public Boolean closeTaskAndSubTask(Integer staffId, Integer globalAccessLevel, Integer projectId, Long taskId) throws BadRequestException {
-    public Boolean closeTaskAndSubTask(String token, Integer projectId, Long taskId) throws BadRequestException {
+        Integer level = getHolderLevel(staffId, globalAccessLevel, taskId);
-        Integer level = getHolderLevel(token, taskId);
+//        if (projectGroupService.getProjectAccessLevel(token, projectId) == 0) {
-        if (projectGroupService.getProjectAccessLevel(token, projectId) == 0) {
+//            throw new BadRequestException(IProjectGroupService.UNABLE_TO_ACCESS_PROJECT);
-            throw new BadRequestException(IProjectGroupService.UNABLE_TO_ACCESS_PROJECT);
+//        }
-        }
         if (level == 0) {
             throw new BadRequestException(BadRequestException.WRONG_PARAMETERS);
         }
@@ -115,7 +118,7 @@ public class TaskServiceImpl extends ServiceImpl<TaskMapper, Task> implements IT
             List<Long> res = new ArrayList<>();
             // 获得初始的任务Id
             res.add(taskId);
-            for(int depth = 1; depth <= 20; depth++) {
+            for (int depth = 1; depth <= 20; depth++) {
                 // 获得下一层所有任务
                 List<Task> list = baseMapper.selectList(
                         Wrappers.<Task>lambdaQuery()
@@ -143,13 +146,13 @@ public class TaskServiceImpl extends ServiceImpl<TaskMapper, Task> implements IT
     }
 
     @Override
-    public List<StaffProcessDTO> getProjectStatistics(String token, Integer projectId, Integer staffId) throws ForbiddenException {
+    public List<StaffProcessDTO> getProjectStatistics(Integer projectId, Integer staffId) throws ForbiddenException {
-        if (staffId != null && !TokenUtils.getStaffId(token).equals(staffId)) {
+//        if (staffId != null && !TokenUtils.getStaffId(token).equals(staffId)) {
-            throw new ForbiddenException(IProjectGroupService.UNABLE_TO_ACCESS_PROJECT);
+//            throw new ForbiddenException(IProjectGroupService.UNABLE_TO_ACCESS_PROJECT);
-        }
+//        }
-        if (projectGroupService.getProjectAccessLevel(token, projectId) == 0) {
+//        if (projectGroupService.getProjectAccessLevel(token, projectId) == 0) {
-            throw new ForbiddenException(IProjectGroupService.UNABLE_TO_ACCESS_PROJECT);
+//            throw new ForbiddenException(IProjectGroupService.UNABLE_TO_ACCESS_PROJECT);
-        }
+//        }
         List<StaffProcessDTO> resList = baseMapper.selectProjectProcess(projectId, staffId);
         addResultProjectProcess(resList, Task.TYPE_ASSIGNMENT);
         addResultProjectProcess(resList, Task.TYPE_DEFECT);
@@ -204,12 +207,12 @@ public class TaskServiceImpl extends ServiceImpl<TaskMapper, Task> implements IT
         }
     }
 
-    @Override
+//    @Override
-    public Integer getHolderLevel(String token, Long taskId) {
+//    public Integer getHolderLevel(String token, Long taskId) {
-        Integer staffId = TokenUtils.getStaffId(token);
+//        Integer staffId = TokenUtils.getStaffId(token);
-        Integer staffGlobalLevel = TokenUtils.getStaffGlobalLevel(token);
+//        Integer staffGlobalLevel = TokenUtils.getStaffGlobalLevel(token);
-        return getHolderLevel(staffId, staffGlobalLevel, taskId);
+//        return getHolderLevel(staffId, staffGlobalLevel, taskId);
-    }
+//    }
 
     private int lowerBound(List<Task> data, long x) {
         int l = 0, r = data.size() - 1;
@@ -235,11 +238,11 @@ public class TaskServiceImpl extends ServiceImpl<TaskMapper, Task> implements IT
 
 
     @Override
-    public List<TaskDTO> listMyTasks(String token, Integer projectId) throws ForbiddenException {
+    public List<TaskDTO> listMyTasks(Integer staffId, Integer projectId) throws ForbiddenException {
-        Integer staffId = TokenUtils.getStaffId(token);
+//        Integer staffId = TokenUtils.getStaffId(token);
-        if (projectGroupService.getProjectAccessLevel(token, projectId) == 0) {
+//        if (projectGroupService.getProjectAccessLevel(token, projectId) == 0) {
-            throw new ForbiddenException("不可操作的项目");
+//            throw new ForbiddenException("不可操作的项目");
-        }
+//        }
         List<Task> resList = baseMapper.selectList(Wrappers.<Task>lambdaQuery()
                 .select(Task::getTaskId, Task::getTaskFatherId, Task::getTaskHolderId)
                 .eq(Task::getTaskProjectId, projectId)
@@ -293,18 +296,24 @@ public class TaskServiceImpl extends ServiceImpl<TaskMapper, Task> implements IT
     }
 
     @Override
-    public Task insertTask(String token, Task task) throws BadRequestException, ForbiddenException {
+    public Task insertTask(
+            Integer staffId,
+            Integer globalAccessLevel,
+            Integer accessLevel,
+            Task task
+    ) throws BadRequestException, ForbiddenException {
         task.setTaskId(null);
-        Integer userLevel = projectGroupService.getProjectAccessLevel(token, task.getTaskProjectId());
+//        Integer userLevel = projectGroupService.getProjectAccessLevel(token, task.getTaskProjectId());
-        if (userLevel == 0) {
+//        if (userLevel == 0) {
-            throw new ForbiddenException(IProjectGroupService.UNABLE_TO_ACCESS_PROJECT);
+//            throw new ForbiddenException(IProjectGroupService.UNABLE_TO_ACCESS_PROJECT);
-        }
+//        }
         if (!task.checkInsert()) {
             throw new BadRequestException(BadRequestException.WRONG_PARAMETERS);
         }
         try {
             Task father = baseMapper.selectOne(Wrappers.<Task>lambdaQuery().eq(Task::getTaskId, task.getTaskFatherId()));
-            if (!task.checkLegalFather(father) || (getHolderLevel(token, task.getTaskFatherId()) == 0 && userLevel == 3)) {
+            if (!task.checkLegalFather(father)
+                    || (getHolderLevel(staffId, globalAccessLevel, task.getTaskFatherId()) == 0 && accessLevel == 3)) {
                 throw new BadRequestException("无法指定该父级");
             }
             task.setTaskCreatedTime(null);
@@ -327,10 +336,15 @@ public class TaskServiceImpl extends ServiceImpl<TaskMapper, Task> implements IT
     }
 
     @Override
-    public Task modifyTask(String token, Task task) throws BadRequestException, ForbiddenException {
+    public Task modifyTask(
-        Integer userLevel = projectGroupService.getProjectAccessLevel(token, task.getTaskProjectId());
+            Integer staffId,
+            Integer globalAccessLevel,
+            Integer accessLevel,
+            Task task
+    ) throws BadRequestException, ForbiddenException {
+//        Integer userLevel = projectGroupService.getProjectAccessLevel(token, task.getTaskProjectId());
         Task rawTask = baseMapper.selectOne(Wrappers.<Task>lambdaQuery().eq(Task::getTaskId, task.getTaskId()));
-        if (userLevel == 0 || (userLevel == 3 && getHolderLevel(token, task.getTaskId()) == 0)) {
+        if (accessLevel == 0 || (accessLevel == 3 && getHolderLevel(staffId, globalAccessLevel, task.getTaskId()) == 0)) {
             throw new ForbiddenException(ForbiddenException.UNABLE_TO_OPERATE);
         }
         int typeChangeValue = 0;
@@ -353,7 +367,7 @@ public class TaskServiceImpl extends ServiceImpl<TaskMapper, Task> implements IT
                 task.setTaskClosedTime(LocalDateTime.now());
             }
             if (typeChangeValue == 2) {
-                closed = closeTaskAndSubTask(token, task.getTaskProjectId(), task.getTaskId());
+                closed = closeTaskAndSubTask(staffId, globalAccessLevel, task.getTaskProjectId(), task.getTaskId());
             }
             if (Objects.equals(rawTask, task)) {
                 return task;
@@ -370,10 +384,10 @@ public class TaskServiceImpl extends ServiceImpl<TaskMapper, Task> implements IT
 
     // 完成任务数目概况统计
     @Override
-    public Map<String, List<TaskTrendDTO>> getProjectTaskTrend(String token, Integer projectId) throws ForbiddenException {
+    public Map<String, List<TaskTrendDTO>> getProjectTaskTrend(Integer projectId) throws ForbiddenException {
-        if (projectGroupService.getProjectAccessLevel(token, projectId) == 0) {
+//        if (projectGroupService.getProjectAccessLevel(token, projectId) == 0) {
-            throw new ForbiddenException(ForbiddenException.UNABLE_TO_OPERATE);
+//            throw new ForbiddenException(ForbiddenException.UNABLE_TO_OPERATE);
-        }
+//        }
         // 起止日期
         LocalDate endDate = LocalDate.now();
         LocalDate startDate = endDate.plusDays(-14);
@@ -469,16 +483,18 @@ public class TaskServiceImpl extends ServiceImpl<TaskMapper, Task> implements IT
         return taskTrendDTO;
     }
 
+    // FIXME
     @Transactional(isolation = Isolation.SERIALIZABLE, rollbackFor = Exception.class)
     @Override
     public Boolean transferStaffTasks(String token, Integer projectId, Integer transferredStaffId, Map<Long, Integer> transferMap) throws ForbiddenException, BadRequestException {
-        if (projectGroupService.getProjectAccessLevel(token, projectId) == 0
+        if (
-                || projectGroupService.getProjectAccessLevelIgnoreGlobalLevel(transferredStaffId, projectId) == 0) {
+//                projectGroupService.getProjectAccessLevel(token, projectId) == 0 ||
+                 projectGroupService.getProjectAccessLevelIgnoreGlobalLevel(transferredStaffId, projectId) == 0) {
             throw new ForbiddenException(IProjectGroupService.UNABLE_TO_ACCESS_PROJECT);
         }
-        if (projectGroupService.compareProjectAccessLevel(projectId, token, transferredStaffId) > 0) {
+//        if (projectGroupService.compareProjectAccessLevel(projectId, token, transferredStaffId) > 0) {
-            throw new ForbiddenException(ForbiddenException.UNABLE_TO_OPERATE);
+//            throw new ForbiddenException(ForbiddenException.UNABLE_TO_OPERATE);
-        }
+//        }
 
         Map<Long, Task> originTransferTaskMap = SimpleQuery.keyMap(
                 Wrappers.<Task>lambdaQuery()
@@ -523,17 +539,19 @@ public class TaskServiceImpl extends ServiceImpl<TaskMapper, Task> implements IT
     }
 
 
+    // FIXME
     @Transactional(isolation = Isolation.SERIALIZABLE, rollbackFor = Exception.class)
     @Override
     public Boolean transferTasksToSingleStaff(String token, Integer projectId, Integer transferredStaffId, Integer targetStaffId) throws ForbiddenException, BadRequestException {
-        if (projectGroupService.getProjectAccessLevel(token, projectId) == 0
+        if (
-                || projectGroupService.getProjectAccessLevelIgnoreGlobalLevel(transferredStaffId, projectId) == 0
+//                projectGroupService.getProjectAccessLevel(token, projectId) == 0 ||
+                 projectGroupService.getProjectAccessLevelIgnoreGlobalLevel(transferredStaffId, projectId) == 0
                 || projectGroupService.getProjectAccessLevelIgnoreGlobalLevel(targetStaffId, projectId) == 0) {
             throw new ForbiddenException(IProjectGroupService.UNABLE_TO_ACCESS_PROJECT);
         }
-        if (projectGroupService.compareProjectAccessLevel(projectId, token, transferredStaffId) > 0) {
+//        if (projectGroupService.compareProjectAccessLevel(projectId, token, transferredStaffId) > 0) {
-            throw new ForbiddenException(ForbiddenException.UNABLE_TO_OPERATE);
+//            throw new ForbiddenException(ForbiddenException.UNABLE_TO_OPERATE);
-        }
+//        }
         Long transferredTaskCount = baseMapper.selectCount(Wrappers.<Task>lambdaQuery()
                 .eq(Task::getTaskHolderId, transferredStaffId)
                 .and(wrapper -> wrapper
@@ -556,10 +574,10 @@ public class TaskServiceImpl extends ServiceImpl<TaskMapper, Task> implements IT
     }
 
     @Override
-    public Map<String, Long> getProjectProcessOfEveryone(String token, Integer projectId) throws ForbiddenException {
+    public Map<String, Long> getProjectProcessOfEveryone(Integer projectId) throws ForbiddenException {
-        if (projectGroupService.getProjectAccessLevel(token, projectId) == 0) {
+//        if (projectGroupService.getProjectAccessLevel(token, projectId) == 0) {
-            throw new ForbiddenException(IProjectGroupService.UNABLE_TO_ACCESS_PROJECT);
+//            throw new ForbiddenException(IProjectGroupService.UNABLE_TO_ACCESS_PROJECT);
-        }
+//        }
         Map<String, Long> resMap = new HashMap<>();
         List<TaskNumOfEveryoneDTO> resList = baseMapper.selectProjectProcessOfEveryone(projectId);
         for (TaskNumOfEveryoneDTO taskNumOfEveryoneDTO : resList) {

src/test/java/cn/edu/hfut/rmdjzz/projectmanagement/MybatisPlusTests.java

@@ -87,9 +87,9 @@ public class MybatisPlusTests {
 
         Map<String, Object> map = new HashMap<>();
         map.put("completed", true);
-        System.out.println(objectMapper.writeValueAsString(projectService
+//        System.out.println(objectMapper.writeValueAsString(projectService
-                .pageMyProjects("eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkdXJhdGlvbiI6MTgwMDAsInN0YWZmVXNlcm5hbWUiOiJtaWtlIiwiZXhwIjoxNjU3MDkzNTU1LCJpYXQiOjE2NTcwNzU1NTUsInN0YWZmSWQiOjF9.g8l01dnHglt223469Z03i9gqZL8P13Fo7KoaA1pf310",
+//                .pageMyProjects("eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkdXJhdGlvbiI6MTgwMDAsInN0YWZmVXNlcm5hbWUiOiJtaWtlIiwiZXhwIjoxNjU3MDkzNTU1LCJpYXQiOjE2NTcwNzU1NTUsInN0YWZmSWQiOjF9.g8l01dnHglt223469Z03i9gqZL8P13Fo7KoaA1pf310",
-                        page, map)));
+//                        page, map)));
     }
 
     @SneakyThrows