From 9289f17d7181910de1ebe5ac62714e54bd0b8a8f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=A3=B7=E5=8F=B6?= <14103883+leaf-phos@user.noreply.gitee.com> Date: Wed, 27 Nov 2024 09:07:03 +0800 Subject: [PATCH] =?UTF-8?q?=E4=B8=B4=E6=97=B6=E6=8F=90=E4=BA=A4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../ss/store/service/StoreValidator.java | 18 ++++++- .../service/impl/StoreValidatorImpl.java | 48 ++++++++++++------- .../service/StoreStaffValidator.java | 6 +++ .../service/impl/StoreStaffValidatorImpl.java | 6 +++ .../controller/app/AppStoreController.java | 18 +++++-- .../staff/StaffStoreController.java | 24 +++++----- 6 files changed, 86 insertions(+), 34 deletions(-) diff --git a/smart-switch-service/src/main/java/com/ruoyi/ss/store/service/StoreValidator.java b/smart-switch-service/src/main/java/com/ruoyi/ss/store/service/StoreValidator.java index 6319cb28..2344d36d 100644 --- a/smart-switch-service/src/main/java/com/ruoyi/ss/store/service/StoreValidator.java +++ b/smart-switch-service/src/main/java/com/ruoyi/ss/store/service/StoreValidator.java @@ -2,7 +2,6 @@ package com.ruoyi.ss.store.service; import com.ruoyi.common.core.domain.ValidateResult; import com.ruoyi.ss.store.domain.Store; -import com.ruoyi.ss.store.domain.StoreBO; import com.ruoyi.ss.store.domain.StoreVo; import java.time.LocalTime; @@ -109,4 +108,21 @@ public interface StoreValidator { * 后校验 */ void afterCheck(StoreVo vo); + + /** + * 校验是否能操作店铺 + * @param store 店铺 + * @param userId 用户 + */ + boolean canOperaStore(StoreVo store, Long userId); + + /** + * 校验是否能操作店铺 + */ + boolean canOperaStore(Long storeId, Long userId); + + /** + * 校验是否能操作所有店铺 + */ + boolean canOperaAllStore(List storeIds, Long userId); } diff --git a/smart-switch-service/src/main/java/com/ruoyi/ss/store/service/impl/StoreValidatorImpl.java b/smart-switch-service/src/main/java/com/ruoyi/ss/store/service/impl/StoreValidatorImpl.java index de29415e..633374a2 100644 --- a/smart-switch-service/src/main/java/com/ruoyi/ss/store/service/impl/StoreValidatorImpl.java +++ b/smart-switch-service/src/main/java/com/ruoyi/ss/store/service/impl/StoreValidatorImpl.java @@ -13,6 +13,7 @@ import com.ruoyi.ss.store.domain.StoreVo; import com.ruoyi.ss.store.domain.enums.StoreStatus; import com.ruoyi.ss.store.service.StoreService; import com.ruoyi.ss.store.service.StoreValidator; +import com.ruoyi.ss.storeStaff.service.StoreStaffValidator; import com.ruoyi.ss.user.service.UserValidator; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; @@ -40,6 +41,9 @@ public class StoreValidatorImpl extends BaseValidator implements StoreValidator @Autowired private UserValidator userValidator; + @Autowired + private StoreStaffValidator storeStaffValidator; + /** * 逻辑删除前校验 * @param ids 店铺id列表 @@ -76,10 +80,6 @@ public class StoreValidatorImpl extends BaseValidator implements StoreValidator return result; } - if (!this.isStoreBelongUser(storeIds, SecurityUtils.getUserId())) { - return error("当前店铺不属于当前用户"); - } - return success(); } @@ -193,16 +193,6 @@ public class StoreValidatorImpl extends BaseValidator implements StoreValidator return error("数据不能为空"); } - List storeIds = list.stream().map(Store::getStoreId).collect(Collectors.toList()); - - if (!this.isExist(storeIds)) { - return error("店铺不存在,请刷新后重试"); - } - - if (!this.isStoreBelongUser(storeIds, SecurityUtils.getUserId())) { - return error("存在店铺不属于当前用户"); - } - return success(); } @@ -271,9 +261,6 @@ public class StoreValidatorImpl extends BaseValidator implements StoreValidator if (userId == null || storeId == null) { return error("参数错误:userId 与 storeId 不允许为空"); } - if (!this.isStoreBelongUser(Collections.singletonList(storeId), userId)) { - return error("当前店铺不属于当前用户"); - } return success(); } @@ -339,6 +326,33 @@ public class StoreValidatorImpl extends BaseValidator implements StoreValidator } + @Override + public boolean canOperaStore(StoreVo store, Long userId) { + return this.isStoreBelongUser(store, userId) || storeStaffValidator.canOperaStore(store, userId); + } + + @Override + public boolean canOperaStore(Long storeId, Long userId) { + StoreVo store = storeService.selectSmStoreById(storeId); + return this.canOperaStore(store, userId); + } + + @Override + public boolean canOperaAllStore(List storeIds, Long userId) { + if (CollectionUtils.isEmptyElement(storeIds)) { + return true; + } + + List storeList = storeService.selectStoreByIds(storeIds); + for (StoreVo store : storeList) { + if (!this.canOperaStore(store, userId)) { + return false; + } + } + + return true; + } + /** * 校验时间是符合规则 diff --git a/smart-switch-service/src/main/java/com/ruoyi/ss/storeStaff/service/StoreStaffValidator.java b/smart-switch-service/src/main/java/com/ruoyi/ss/storeStaff/service/StoreStaffValidator.java index e24f88fe..f4d7aefe 100644 --- a/smart-switch-service/src/main/java/com/ruoyi/ss/storeStaff/service/StoreStaffValidator.java +++ b/smart-switch-service/src/main/java/com/ruoyi/ss/storeStaff/service/StoreStaffValidator.java @@ -1,5 +1,6 @@ package com.ruoyi.ss.storeStaff.service; +import com.ruoyi.ss.store.domain.StoreVo; import com.ruoyi.ss.storeStaff.domain.StoreStaff; import com.ruoyi.ss.storeStaff.domain.StoreStaffVO; @@ -32,4 +33,9 @@ public interface StoreStaffValidator { * @param userId 员工ID */ boolean canOperaStore(Long storeId, Long userId); + + /** + * 是否允许操作店铺 + */ + boolean canOperaStore(StoreVo store, Long userId); } diff --git a/smart-switch-service/src/main/java/com/ruoyi/ss/storeStaff/service/impl/StoreStaffValidatorImpl.java b/smart-switch-service/src/main/java/com/ruoyi/ss/storeStaff/service/impl/StoreStaffValidatorImpl.java index c8ae5b0e..0f8f8451 100644 --- a/smart-switch-service/src/main/java/com/ruoyi/ss/storeStaff/service/impl/StoreStaffValidatorImpl.java +++ b/smart-switch-service/src/main/java/com/ruoyi/ss/storeStaff/service/impl/StoreStaffValidatorImpl.java @@ -6,6 +6,7 @@ import com.ruoyi.ss.device.domain.vo.DeviceVO; import com.ruoyi.ss.device.service.DeviceAssembler; import com.ruoyi.ss.device.service.DeviceService; import com.ruoyi.ss.device.service.DeviceValidator; +import com.ruoyi.ss.store.domain.StoreVo; import com.ruoyi.ss.storeStaff.domain.StoreStaff; import com.ruoyi.ss.storeStaff.domain.StoreStaffQuery; import com.ruoyi.ss.storeStaff.domain.StoreStaffVO; @@ -107,6 +108,11 @@ public class StoreStaffValidatorImpl implements StoreStaffValidator { return storeStaffService.selectCount(query) > 0; } + @Override + public boolean canOperaStore(StoreVo store, Long userId) { + return store != null && this.canOperaStore(store.getStoreId(), userId); + } + private void checkRepeatUser(Long storeId, Long userId, Long employId) { if (storeId == null || userId == null) { return; diff --git a/smart-switch-web/src/main/java/com/ruoyi/web/controller/app/AppStoreController.java b/smart-switch-web/src/main/java/com/ruoyi/web/controller/app/AppStoreController.java index 1c841609..e122990b 100644 --- a/smart-switch-web/src/main/java/com/ruoyi/web/controller/app/AppStoreController.java +++ b/smart-switch-web/src/main/java/com/ruoyi/web/controller/app/AppStoreController.java @@ -9,6 +9,7 @@ import com.ruoyi.common.core.domain.JsonViewProfile; import com.ruoyi.common.core.domain.ValidGroup; import com.ruoyi.common.core.page.TableDataInfo; import com.ruoyi.common.utils.ServiceUtil; +import com.ruoyi.common.utils.collection.CollectionUtils; import com.ruoyi.ss.store.domain.*; import com.ruoyi.ss.store.service.StoreService; import com.ruoyi.ss.store.service.StoreAssembler; @@ -69,8 +70,8 @@ public class AppStoreController extends BaseController { @PutMapping public AjaxResult edit(@RequestBody @Validated(ValidGroup.FrontUpdate.class) StoreBO data) { StoreVo store = storeService.selectSmStoreById(data.getStoreId()); - if (!storeValidator.isStoreBelongUser(store, getUserId())) { - return error("这不是您的店铺,无法修改"); + if (!storeValidator.canOperaStore(store, getUserId())) { + return error("您无权操作该店铺"); } data = data.filterUpdateByApp(); ServiceUtil.assertion(storeValidator.preUpdateByApp(data)); @@ -81,8 +82,8 @@ public class AppStoreController extends BaseController { @PutMapping("/config") public AjaxResult configStore(@RequestBody @Validated(ValidGroup.FrontUpdate.class) StoreBO data) { StoreVo store = storeService.selectSmStoreById(data.getStoreId()); - if (!storeValidator.isStoreBelongUser(store, getUserId())) { - return error("这不是您的店铺,无法修改"); + if (!storeValidator.canOperaStore(store, getUserId())) { + return error("您无权操作该店铺"); } data = data.filterConfigByApp(); return toAjax(storeService.updateSmStore(data)); @@ -97,6 +98,9 @@ public class AppStoreController extends BaseController { @ApiOperation("删除店铺信息") @DeleteMapping("/{storeId}") public AjaxResult delete(@PathVariable Long storeId) { + if (!storeValidator.canOperaStore(storeId, getUserId())) { + return error("您无权操作该店铺"); + } List storeIds = Collections.singletonList(storeId); ServiceUtil.assertion(storeValidator.preLogicDelByApp(storeIds)); return AjaxResult.success(storeService.logicDel(storeIds)); @@ -117,6 +121,9 @@ public class AppStoreController extends BaseController { @ApiOperation("调整店铺排序") @PutMapping("/changeSort") public AjaxResult changeSort(@RequestBody List list) { + if (!storeValidator.canOperaAllStore(CollectionUtils.map(list, Store::getStoreId), getUserId())) { + return error("您无权操作这些店铺"); + } ServiceUtil.assertion(storeValidator.preChangeSortByApp(list)); return AjaxResult.success(storeService.changeSort(list)); } @@ -171,6 +178,9 @@ public class AppStoreController extends BaseController { @PutMapping("/{storeId}/setDefault") public AjaxResult setDefaultStore(@PathVariable Long storeId) { Long userId = getUserId(); + if (!storeValidator.canOperaStore(storeId, userId)) { + return error("您无权操作该店铺"); + } ServiceUtil.assertion(storeValidator.preSetDefaultByApp(userId, storeId)); return success(storeService.setDefault(userId, storeId)); } diff --git a/smart-switch-web/src/main/java/com/ruoyi/web/controller/staff/StaffStoreController.java b/smart-switch-web/src/main/java/com/ruoyi/web/controller/staff/StaffStoreController.java index 85f65481..6dc5a849 100644 --- a/smart-switch-web/src/main/java/com/ruoyi/web/controller/staff/StaffStoreController.java +++ b/smart-switch-web/src/main/java/com/ruoyi/web/controller/staff/StaffStoreController.java @@ -52,17 +52,17 @@ public class StaffStoreController extends BaseController { query.setStoreId(storeId); return success(storeService.selectStaffStoreOne(query)); } - - // TODO 建议还是合在商户的接口中使用 - @ApiOperation("员工申请修改店铺信息") - @PutMapping - public AjaxResult update(@RequestBody @Validated(ValidGroup.FrontUpdate.class) StoreBO data) { - if (!storeStaffValidator.canOperaStore(data.getStoreId(), getUserId())) { - return error("您无权修改该店铺"); - } - data = data.filterUpdateByAppStaff(); - ServiceUtil.assertion(storeValidator.preUpdateByApp(data)); - return toAjax(storeService.updateApply(data)); - } +// +// // TODO 建议还是合在商户的接口中使用 +// @ApiOperation("员工申请修改店铺信息") +// @PutMapping +// public AjaxResult update(@RequestBody @Validated(ValidGroup.FrontUpdate.class) StoreBO data) { +// if (!storeStaffValidator.canOperaStore(data.getStoreId(), getUserId())) { +// return error("您无权修改该店铺"); +// } +// data = data.filterUpdateByAppStaff(); +// ServiceUtil.assertion(storeValidator.preUpdateByApp(data)); +// return toAjax(storeService.updateApply(data)); +// } }