diff --git a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/controller/ProjectGroupController.java b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/controller/ProjectGroupController.java index 84940fb..5d1508a 100644 --- a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/controller/ProjectGroupController.java +++ b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/controller/ProjectGroupController.java @@ -1,10 +1,10 @@ package cn.edu.hfut.rmdjzz.projectmanagement.controller; +import cn.edu.hfut.rmdjzz.projectmanagement.annotation.ProjectAuthorize; import cn.edu.hfut.rmdjzz.projectmanagement.entity.ProjectGroup; import cn.edu.hfut.rmdjzz.projectmanagement.entity.dto.ProjectGroupDTO; import cn.edu.hfut.rmdjzz.projectmanagement.entity.vo.GroupPositionVO; import cn.edu.hfut.rmdjzz.projectmanagement.exception.BadRequestException; -import cn.edu.hfut.rmdjzz.projectmanagement.exception.ForbiddenException; import cn.edu.hfut.rmdjzz.projectmanagement.service.IProjectGroupService; import cn.edu.hfut.rmdjzz.projectmanagement.service.IStaffService; import cn.edu.hfut.rmdjzz.projectmanagement.service.ITaskService; @@ -38,32 +38,41 @@ public class ProjectGroupController { @Operation(description = "传入合法page参数时分页查询,否则拉取整个列表") @SneakyThrows + @ProjectAuthorize("a != 0") @GetMapping public ResponseList getGroupMembers( @PathVariable Integer projectId, - @RequestHeader(TokenUtils.HEADER_TOKEN) String token, + // @RequestHeader(TokenUtils.HEADER_TOKEN) String token, RequestPage page ) { - if (projectGroupService.getProjectAccessLevel(token, projectId) == 0) { - throw new ForbiddenException(IProjectGroupService.UNABLE_TO_ACCESS_PROJECT); - } + // if (projectGroupService.getProjectAccessLevel(token, projectId) == 0) { + // throw new ForbiddenException(IProjectGroupService.UNABLE_TO_ACCESS_PROJECT); + // } + // if (validateUtils.validate(page).isEmpty()) { + // return ResponseList.ofSuccess(projectGroupService.pageProjectMembers(page, projectId)); + // } + //return ResponseList.ofSuccess(projectGroupService.listProjectMembers(projectId)); + ResponseList groupMembers; if (validateUtils.validate(page).isEmpty()) { - return ResponseList.ofSuccess(projectGroupService.pageProjectMembers(page, projectId)); + groupMembers = ResponseList.ofSuccess(projectGroupService.pageProjectMembers(page, projectId)); + } else { + groupMembers = ResponseList.ofSuccess(projectGroupService.listProjectMembers(projectId)); } - return ResponseList.ofSuccess(projectGroupService.listProjectMembers(projectId)); + return groupMembers; } @SneakyThrows + @ProjectAuthorize("a != 0") @GetMapping("/{staffId}") public ResponseMap getDesignatedStaffPosition( - @RequestHeader(TokenUtils.HEADER_TOKEN) String token, + // @RequestHeader(TokenUtils.HEADER_TOKEN) String token, @PathVariable Integer projectId, @PathVariable Integer staffId ) { - if (projectGroupService.getProjectAccessLevel(token, projectId) == 0) { - throw new ForbiddenException(IProjectGroupService.UNABLE_TO_ACCESS_PROJECT); - } + // if (projectGroupService.getProjectAccessLevel(token, projectId) == 0) { + // throw new ForbiddenException(IProjectGroupService.UNABLE_TO_ACCESS_PROJECT); + // } ProjectGroup designatedStaff = projectGroupService.getOne( Wrappers.lambdaQuery() .eq(ProjectGroup::getStaffId, staffId) @@ -78,11 +87,12 @@ public class ProjectGroupController { @SneakyThrows @PostMapping public ResponseMap addGroupMember( - @RequestHeader(TokenUtils.HEADER_TOKEN) String token, + // @RequestHeader(TokenUtils.HEADER_TOKEN) String token, + @RequestAttribute Integer accessLevel, @PathVariable Integer projectId, @RequestBody GroupPositionVO groupPosition ) { - if (projectGroupService.insertNewMember(token, projectId, groupPosition.getStaffUsername(), groupPosition.getProjectStaffPosition())) { + if (projectGroupService.insertNewMember(accessLevel, projectId, groupPosition.getStaffUsername(), groupPosition.getProjectStaffPosition())) { return ResponseMap.ofSuccess(); } throw new BadRequestException(BadRequestException.OPERATE_FAILED); @@ -91,11 +101,12 @@ public class ProjectGroupController { @SneakyThrows @DeleteMapping("/{staffId}") public ResponseMap deleteGroupMember( - @RequestHeader(TokenUtils.HEADER_TOKEN) String token, + // @RequestHeader(TokenUtils.HEADER_TOKEN) String token, + @RequestAttribute Integer accessLevel, @PathVariable Integer projectId, @PathVariable Integer staffId ) { - if (projectGroupService.removeMember(token, projectId, staffId)) { + if (projectGroupService.removeMember(accessLevel, projectId, staffId)) { return ResponseMap.ofSuccess(); } throw new BadRequestException(BadRequestException.OPERATE_FAILED); @@ -105,12 +116,13 @@ public class ProjectGroupController { @SneakyThrows @PutMapping("/{staffId}") public ResponseMap modifyDesignatedStaffPosition( - @RequestHeader(TokenUtils.HEADER_TOKEN) String token, + // @RequestHeader(TokenUtils.HEADER_TOKEN) String token, + @RequestAttribute Integer accessLevel, @PathVariable Integer projectId, @PathVariable Integer staffId, @RequestBody GroupPositionVO groupPosition ) { - if (projectGroupService.updateStaffPositions(token, projectId, staffId, groupPosition.getProjectStaffPosition())) { + if (projectGroupService.updateStaffPositions(accessLevel, projectId, staffId, groupPosition.getProjectStaffPosition())) { return ResponseMap.ofSuccess(); } throw new BadRequestException(BadRequestException.OPERATE_FAILED); @@ -119,10 +131,11 @@ public class ProjectGroupController { @SneakyThrows @GetMapping("/stats") public ResponseMap getGroupPositionsStatistics( - @RequestHeader(TokenUtils.HEADER_TOKEN) String token, + // @RequestHeader(TokenUtils.HEADER_TOKEN) String token, + @RequestAttribute Integer accessLevel, @PathVariable Integer projectId ) { - return ResponseMap.ofSuccess(projectGroupService.collectStatsForGroupPositions(token, projectId)); + return ResponseMap.ofSuccess(projectGroupService.collectStatsForGroupPositions(accessLevel, projectId)); } @Operation(description = "请求体是一个key为taskId,value为staffId的map") diff --git a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/controller/StaffController.java b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/controller/StaffController.java index 47ecd8b..1a87653 100644 --- a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/controller/StaffController.java +++ b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/controller/StaffController.java @@ -52,7 +52,8 @@ public class StaffController { @SneakyThrows @PostMapping(value = "/import") public ResponseMap importStaffs( - @RequestHeader(TokenUtils.HEADER_TOKEN) String token, + // @RequestHeader(TokenUtils.HEADER_TOKEN) String token, + @RequestAttribute Integer staffGlobalLevel, @RequestParam("fileDigest") String digest, @RequestParam("uploadFile") MultipartFile uploadFile ) { @@ -66,7 +67,7 @@ public class StaffController { if (!Objects.equals(DigestUtils.md5DigestAsHex(uploadFile.getBytes()).toLowerCase(), digest.toLowerCase())) { throw new BadRequestException("文件传输错误"); } - Integer successCount = staffService.multiImport(token, uploadFile); + Integer successCount = staffService.multiImport(staffGlobalLevel, uploadFile); return ResponseMap.ofSuccess("成功导入" + successCount + "条数据"); } diff --git a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/service/IProjectGroupService.java b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/service/IProjectGroupService.java index 2fb73bd..3e975db 100644 --- a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/service/IProjectGroupService.java +++ b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/service/IProjectGroupService.java @@ -24,16 +24,16 @@ public interface IProjectGroupService extends IService { Boolean addCreator(Integer projectId, Integer staffId); - Boolean insertNewMember(String token, Integer projectId, String staffUsername, String positions) throws ForbiddenException, BadRequestException; + Boolean insertNewMember(int accessLevel, Integer projectId, String staffUsername, String positions) throws ForbiddenException, BadRequestException; - Boolean removeMember(String token, Integer projectId, Integer targetId) throws ForbiddenException, BadRequestException; + Boolean removeMember(Integer accessLevel, Integer projectId, Integer targetId) throws ForbiddenException, BadRequestException; - Boolean updateStaffPositions(String token, Integer projectId, Integer targetId, String positions) throws ForbiddenException, BadRequestException; + Boolean updateStaffPositions(Integer accessLevel, Integer projectId, Integer targetId, String positions) throws ForbiddenException, BadRequestException; /** * @return 如果不存在就返回0,否则返回AccessLevel;对于全局权限为1的用户,直接返回1 */ - Integer getProjectAccessLevel(String token, Integer projectId); + Integer getProjectAccessLevel(String staffId, Integer projectId); Integer getProjectAccessLevel(Integer staffId, Integer staffGlobalLevel, Integer projectId); @@ -60,6 +60,6 @@ public interface IProjectGroupService extends IService { * * @return <岗位名, 人数> */ - Map collectStatsForGroupPositions(String token, Integer projectId) throws ForbiddenException; + Map collectStatsForGroupPositions(Integer accessLevel, Integer projectId) throws ForbiddenException; } \ No newline at end of file diff --git a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/service/IStaffService.java b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/service/IStaffService.java index 0ae6064..ba5a612 100644 --- a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/service/IStaffService.java +++ b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/service/IStaffService.java @@ -23,5 +23,5 @@ public interface IStaffService extends IService { Boolean logout(String token) throws TokenException; - Integer multiImport(String token, MultipartFile file) throws BadRequestException, ForbiddenException; + Integer multiImport(Integer staffGlobalLevel, MultipartFile file) throws BadRequestException, ForbiddenException; } diff --git a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/service/impl/ProjectGroupServiceImpl.java b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/service/impl/ProjectGroupServiceImpl.java index 24ffd0c..75b610e 100644 --- a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/service/impl/ProjectGroupServiceImpl.java +++ b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/service/impl/ProjectGroupServiceImpl.java @@ -44,11 +44,11 @@ public class ProjectGroupServiceImpl extends ServiceImpllambdaQuery().eq(Staff::getStaffUsername, targetUsername)); @@ -84,8 +84,8 @@ public class ProjectGroupServiceImpl extends ServiceImpl= 0) { + public Boolean removeMember(Integer accessLevel, Integer projectId, Integer targetId) throws ForbiddenException, BadRequestException { + if (accessLevel >= getProjectAccessLevelIgnoreGlobalLevel(targetId, projectId)) { throw new ForbiddenException(ForbiddenException.UNABLE_TO_OPERATE); } Long taskUnfinishedCount = baseMapper.selectUnfinishedTaskCountByStaffId(projectId, targetId); @@ -98,8 +98,8 @@ public class ProjectGroupServiceImpl extends ServiceImpllambdaQuery() .select(ProjectGroup::getProjectStaffPosition, ProjectGroup::getProjectAccessLevel) @@ -199,8 +199,8 @@ public class ProjectGroupServiceImpl extends ServiceImpl collectStatsForGroupPositions(String token, Integer projectId) throws ForbiddenException { - if (getProjectAccessLevel(token, projectId) == 0) { + public Map collectStatsForGroupPositions(Integer accessLevel, Integer projectId) throws ForbiddenException { + if (accessLevel == 0) { throw new ForbiddenException(IProjectGroupService.UNABLE_TO_ACCESS_PROJECT); } Map res = new HashMap<>(); diff --git a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/service/impl/StaffServiceImpl.java b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/service/impl/StaffServiceImpl.java index 4dd2dce..8ba733c 100644 --- a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/service/impl/StaffServiceImpl.java +++ b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/service/impl/StaffServiceImpl.java @@ -120,8 +120,8 @@ public class StaffServiceImpl extends ServiceImpl implements @Transactional(isolation = Isolation.SERIALIZABLE, rollbackFor = Exception.class) @Override - public Integer multiImport(String token, MultipartFile file) throws BadRequestException, ForbiddenException { - if (TokenUtils.getStaffGlobalLevel(token) != 1) { + public Integer multiImport(Integer staffGlobalLevel, MultipartFile file) throws BadRequestException, ForbiddenException { + if (staffGlobalLevel != 1) { throw new ForbiddenException(ForbiddenException.UNABLE_TO_OPERATE); }