|
|
@@ -11,6 +11,8 @@ import com.backendsys.modules.material.entity.Material;
|
|
|
import com.backendsys.modules.material.entity.MaterialCategory;
|
|
|
import com.backendsys.modules.material.entity.MaterialTag;
|
|
|
import com.backendsys.modules.material.service.MaterialService;
|
|
|
+import com.backendsys.modules.system.dao.SysUserRolePermissionRelationDao;
|
|
|
+import com.backendsys.modules.system.dao.SysUserRoleRelationDao;
|
|
|
import com.backendsys.modules.system.entity.SysUserRole;
|
|
|
import com.backendsys.modules.system.service.SysUserRoleService;
|
|
|
import com.backendsys.modules.upload.service.SysFileService;
|
|
|
@@ -25,6 +27,7 @@ import org.springframework.beans.factory.annotation.Autowired;
|
|
|
import org.springframework.stereotype.Service;
|
|
|
import org.springframework.transaction.annotation.Transactional;
|
|
|
|
|
|
+import java.util.ArrayList;
|
|
|
import java.util.List;
|
|
|
import java.util.Map;
|
|
|
import java.util.Optional;
|
|
|
@@ -48,6 +51,10 @@ public class MaterialServiceImpl implements MaterialService {
|
|
|
private SysFileService sysFileService;
|
|
|
@Autowired
|
|
|
private SysUserRoleService sysUserRoleService;
|
|
|
+ @Autowired
|
|
|
+ private SysUserRoleRelationDao sysUserRoleRelationDao;
|
|
|
+ @Autowired
|
|
|
+ private SysUserRolePermissionRelationDao sysUserRolePermissionRelationDao;
|
|
|
|
|
|
private List<MaterialTag> getMaterialTagByIds(String tag_ids) {
|
|
|
if (StrUtil.isEmpty(tag_ids)) return null;
|
|
|
@@ -100,17 +107,20 @@ public class MaterialServiceImpl implements MaterialService {
|
|
|
List<MaterialTag> materialTagList = getMaterialTagByIds(detail.getTag_ids());
|
|
|
detail.setTag_list(materialTagList);
|
|
|
|
|
|
- // [DB] 查询当前用户角色,如果是素材游客,则不显示图片
|
|
|
- List<SysUserRole> role_list = sysUserRoleService.selectUserRoleByUserId(SecurityUtil.getUserId());
|
|
|
- AtomicReference<Boolean> hasPermission = new AtomicReference<>(false);
|
|
|
- role_list.stream().forEach(role -> {
|
|
|
- if ("MATERIAL_USER".equals(role.getRole_sign()) || "MATERIAL_ADMIN".equals(role.getRole_sign())) {
|
|
|
- hasPermission.set(true);
|
|
|
- }
|
|
|
- });
|
|
|
+ // 权限控制:
|
|
|
+
|
|
|
+ // [DB] 获得当前用户的角色关系(集合)
|
|
|
+ List<Long> userRoleIds = sysUserRoleRelationDao.selectUserRoleIds(SecurityUtil.getUserId());
|
|
|
|
|
|
- // 如果当前用户没有权限,则不显示图片
|
|
|
- if (!hasPermission.get()) {
|
|
|
+ // - ('20.1.5', '20.1', '下载素材', null)
|
|
|
+ List<String> rolePermissionIds = new ArrayList<>();
|
|
|
+ if (userRoleIds.size() > 0) {
|
|
|
+ // [DB] 获得当前用户角色的权限 (集合)
|
|
|
+ rolePermissionIds = sysUserRolePermissionRelationDao.selectUserRolePermissionIdsByRoleIds(userRoleIds);
|
|
|
+ rolePermissionIds = rolePermissionIds.stream().distinct().collect(Collectors.toList());
|
|
|
+ }
|
|
|
+ // 判断是否具备权限
|
|
|
+ if (!rolePermissionIds.contains("20.1.5")) {
|
|
|
detail.setFile_url("Unauthorized");
|
|
|
detail.setPan_baidu_url("Unauthorized");
|
|
|
}
|
