rmdjz
/
ProjectManagement_backend
10
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

修正了Task修改的一个漏洞

master
白封羽 2022-07-04 15:22:07 +08:00
parent c7f448ef81
commit e548a2fce0
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/entity/Task.java
View File

@ -1,5 +1,6 @@
package cn.edu.hfut.rmdjzz.projectmanagement.entity; package cn.edu.hfut.rmdjzz.projectmanagement.entity;
import cn.edu.hfut.rmdjzz.projectmanagement.service.IProjectGroupService;
import cn.edu.hfut.rmdjzz.projectmanagement.utils.BeanUtils; import cn.edu.hfut.rmdjzz.projectmanagement.utils.BeanUtils;
import com.baomidou.mybatisplus.annotation.IdType; import com.baomidou.mybatisplus.annotation.IdType;
import com.baomidou.mybatisplus.annotation.TableField; import com.baomidou.mybatisplus.annotation.TableField;
@ -8,6 +9,7 @@ import com.baomidou.mybatisplus.annotation.TableLogic;
import com.baomidou.mybatisplus.extension.handlers.JacksonTypeHandler; import com.baomidou.mybatisplus.extension.handlers.JacksonTypeHandler;
import io.swagger.v3.oas.annotations.media.Schema; import io.swagger.v3.oas.annotations.media.Schema;
import lombok.Data; import lombok.Data;
import org.springframework.beans.factory.annotation.Autowired;
import java.time.LocalDateTime; import java.time.LocalDateTime;
import java.util.Map; import java.util.Map;
@ -19,7 +21,8 @@ import java.util.Objects;
*/ */
@Data @Data
public class Task { public class Task {
@Autowired
private IProjectGroupService projectGroupService;
public static final String ATTACH_DEMAND_SOURCE = "demandSource"; public static final String ATTACH_DEMAND_SOURCE = "demandSource";
public static final String ATTACH_ESTIMATED_MAN_HOURS = "estimatedManHours"; public static final String ATTACH_ESTIMATED_MAN_HOURS = "estimatedManHours";
public static final String ATTACH_SEVERITY = "severity"; public static final String ATTACH_SEVERITY = "severity";
@ -113,6 +116,8 @@ public class Task {
} }
public Boolean checkModification(Task rawTask) { public Boolean checkModification(Task rawTask) {
if (projectGroupService.getProjectAccessLevel(this.getTaskHolderId(), 3, this.getTaskProjectId()) == 0)
return false;
if (rawTask.getTaskStatus().equals(STATUS_COMPLETED) || rawTask.getTaskStatus().equals(STATUS_CLOSED)) if (rawTask.getTaskStatus().equals(STATUS_COMPLETED) || rawTask.getTaskStatus().equals(STATUS_CLOSED))
return false; return false;
if (!rawTask.getTaskStatus().equals(STATUS_WAITING) && this.getTaskStatus().equals(STATUS_WAITING)) if (!rawTask.getTaskStatus().equals(STATUS_WAITING) && this.getTaskStatus().equals(STATUS_WAITING))