Dev 权限

db/sys_user_info.sql

@@ -52,7 +52,7 @@ CREATE TABLE `sys_user_info` (
 
 
 INSERT INTO sys_user_info(user_id, nickname, email, gender, is_super, audit_status, audit_note, status, avatar, invite_code, create_time) VALUES
-    (1, '超人', 'admin@qq.com', '1', '1', '2', '同意通过备注', '1', null, '12c9dd17-b7f4-4483-a513-fbcc36512d8d', '2023-07-19 10:45:00'),
+    (1, '超人', 'admin@qq.com', '1', '-1', '2', '同意通过备注', '1', null, '12c9dd17-b7f4-4483-a513-fbcc36512d8d', '2023-07-19 10:45:00'),
     (2, 'AI运营', '1111@qq.com', '1', '1', '2', '同意通过备注', '1', null, '12c9dd17-b7f4-4483-a513-fbcc36512d8d', '2023-07-19 10:45:01'),
     (3, '内容运营', '2222@qq.com', '2', '1', '2', '同意通过备注', '1', null, '12c9dd17-b7f4-4483-a513-fbcc36512d8d', '2023-07-19 10:45:02'),
     (4, 'aaa', 'aaa@qq.com', '2', '-1', '1', '', '1', null, '12c9dd17-b7f4-4483-a513-fbcc36512d8d', '2023-07-19 10:45:03'),

db/sys_user_role_permission.sql

@@ -15,13 +15,15 @@ CREATE TABLE `sys_user_role_permission` (
 
 # 此处 id 是非自增字符串类型，在部署测试或正式版后，id 就不变了，如有新增要往后递增
 INSERT INTO sys_user_role_permission(id, parent_id, permission_name, sort) VALUES
-    ('1', -1, '公共管理', 1),
-        ('1.1', '1', '上传文件', null),
-#         ('1.2', '1', '上传文件 (阿里云OSS)', null),
-#         ('1.3', '1', '系统菜单-列表'),
-#             ('1.3.1', '1.3', '系统菜单-创建'),
-#             ('1.3.2', '1.3', '系统菜单-编辑'),
-#             ('1.3.3', '1.3', '系统菜单-删除'),
+    ('1', -1, '文件管理', null),
+        ('1.1', '1', '文件管理', null),
+            ('1.1.1', '1.1', '查看文件 (全部)', null),
+            ('1.1.2', '1.1', '查看文件 (自己)', null),
+            ('1.1.3', '1.1', '上传文件', null),
+            ('1.1.4', '1.1', '编辑文件', null),
+            ('1.1.5', '1.1', '删除文件 (全部)', null),
+            ('1.1.6', '1.1', '删除文件 (自己)', null),
+
     ('2', -1, '创意中心', 2),
 
     ('31', -1, 'AI文案', 3),

db/sys_user_role_permission_relation.sql

@@ -14,11 +14,10 @@ CREATE TABLE `sys_user_role_permission_relation` (
 ) ENGINE=INNODB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8mb4 COMMENT='系统角色权限关系表';
 
 INSERT INTO sys_user_role_permission_relation(role_id, permission_id) VALUES
+
     (1, '1'),
         (1, '1.1'),
-#         (1, '1.2'),
-#         (1, '1.3'),
-#             (1, '1.3.1'), (1, '1.3.2'), (1, '1.3.3'),
+            (1, '1.1.1'), (1, '1.1.2'), (1, '1.1.3'), (1, '1.1.4'), (1, '1.1.5'), (1, '1.1.6'),
 
     (1, '2'),
 
@@ -106,8 +105,6 @@ INSERT INTO sys_user_role_permission_relation(role_id, permission_id) VALUES
         (1, '101'),
 
 
-    (2, '1'),
-        (2, '1.1'),
     (2, '2'),
 
     (2, '3.2.1'),

src/main/java/com/backendsys/modules/upload/controller/SysFileController.java

@@ -1,11 +1,16 @@
 package com.backendsys.modules.upload.controller;
 
+import cn.hutool.core.collection.CollUtil;
+import cn.hutool.core.util.StrUtil;
+import com.backendsys.exception.CustException;
 import com.backendsys.modules.common.aspect.SysLog;
+import com.backendsys.modules.common.config.security.enums.SecurityEnum;
 import com.backendsys.modules.common.config.security.utils.HttpRequestUtil;
 import com.backendsys.modules.common.config.security.utils.SecurityUtil;
 import com.backendsys.modules.common.utils.Result;
 import com.backendsys.modules.upload.entity.SysFile;
 import com.backendsys.modules.upload.service.SysFileService;
+import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -14,11 +19,17 @@ import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
 
+import java.util.List;
+import java.util.stream.Collectors;
+
 @Validated
 @RestController
 @Tag(name = "文件管理")
 public class SysFileController {
 
+    @Autowired
+    private SecurityUtil securityUtil;
+
     @Autowired
     private SysFileService sysFileService;
 
@@ -27,12 +38,14 @@ public class SysFileController {
      * - 缩略图 (?imageView2/1/w/100/h/100/q/60)
      */
     @Operation(summary = "获取文件列表 (全部)")
+    @PreAuthorize("@sr.hasPermission('1.1.1')")
     @GetMapping("/api/upload/getUploadFileAllList")
     public Result getUploadFileAllList(@Validated SysFile sysFile) {
         return Result.success().put("data", sysFileService.selectUploadFileList(sysFile));
     }
 
     @Operation(summary = "获取文件列表 (我的)")
+    @PreAuthorize("@sr.hasPermission('1.1.2')")
     @GetMapping("/api/upload/getUploadFileList")
     public Result getUploadFileList(@Validated SysFile sysFile) {
         sysFile.setUser_id(SecurityUtil.getUserId());
@@ -41,34 +54,66 @@ public class SysFileController {
 
     @SysLog("上传文件 (普通上传)")
     @Operation(summary = "上传文件 (普通上传，单文件上传不超过 100MB)")
-    @PreAuthorize("@sr.hasPermission(1.1)")
+    @PreAuthorize("@sr.hasPermission('1.1.3')")
     @PostMapping("/api/upload/uploadSmall")
     public Result uploadSmall(@RequestParam("file") MultipartFile multipartFile, Long category_id) {
         return Result.success().put("data", sysFileService.uploadSmall(multipartFile, category_id));
     }
 
+    @SysLog("编辑文件 (名称)")
+    @Operation(summary = "编辑文件 (名称)")
+    @PreAuthorize("@sr.hasPermission('1.1.4')")
+    @PutMapping("/api/upload/updateUploadFile")
+    public Result updateUploadFile(@Validated(SysFile.Update.class) @RequestBody SysFile sysFile) {
+        return Result.success().put("data", sysFileService.updateUploadFile(sysFile));
+    }
+
     @SysLog("删除文件")
     @Operation(summary = "删除文件")
-    @PreAuthorize("@sr.hasPermission(1.1)")
+    @PreAuthorize("@sr.hasPermission('1.1.6')")
     @DeleteMapping("/api/upload/removeUploadFile")
     public Result removeUploadFile(@Validated(SysFile.Delete.class) @RequestBody SysFile sysFile) {
-        return Result.success().put("data", sysFileService.removeUploadFile(sysFile));
+
+        // 判断是否存在
+        String object_key = sysFile.getObject_key();
+        SysFile querySysFile = sysFileService.getOne(new LambdaQueryWrapper<SysFile>().eq(SysFile::getObject_key, object_key));
+        if (querySysFile == null) throw new CustException("文件不存在");
+
+        // 权限：
+        // - 删除自己 (需权限) (1.1.6)
+        // - 删除全部 (需要子权限或超级管理员) (1.1.5)
+        Long user_id = querySysFile.getUser_id();
+        if (user_id.equals(SecurityUtil.getUserId()) && !securityUtil.hasPermission("1.1.5")) {
+            throw new CustException(SecurityEnum.NOAUTH);
+        }
+
+        return Result.success().put("data", sysFileService.removeUploadFile(sysFile, querySysFile));
     }
 
     @SysLog("删除文件 (批量)")
     @Operation(summary = "删除文件 (批量)")
-    @PreAuthorize("@sr.hasPermission(1.1)")
+    @PreAuthorize("@sr.hasPermission('1.1.6')")
     @DeleteMapping("/api/upload/removeUploadFileBatch")
     public Result removeUploadFileBatch(@Validated(SysFile.DeleteBatch.class) @RequestBody SysFile sysFile) {
-        return Result.success().put("data", sysFileService.removeUploadFileBatch(sysFile));
-    }
 
-    @SysLog("编辑文件 (名称)")
-    @Operation(summary = "编辑文件 (名称)")
-    @PreAuthorize("@sr.hasPermission(1.1)")
-    @PutMapping("/api/upload/updateUploadFile")
-    public Result updateUploadFile(@Validated(SysFile.Update.class) @RequestBody SysFile sysFile) {
-        return Result.success().put("data", sysFileService.updateUploadFile(sysFile));
+        // 判断是否存在
+        List<String> object_keys = StrUtil.split(sysFile.getObject_keys(), ',', true, true);
+        List<SysFile> querySysFileList = sysFileService.list(new LambdaQueryWrapper<SysFile>().in(SysFile::getObject_key, object_keys));
+        if (querySysFileList != null && querySysFileList.size() != object_keys.size()) {
+            throw new CustException("object_key 一个或多个不存在 (提交:" + object_keys.size() + ", 存在:" + querySysFileList.size() + ")");
+        }
+
+        // 权限：
+        // - 删除自己 (需权限) (1.1.6)
+        // - 删除全部 (需要子权限或超级管理员) (1.1.5)
+        List<Long> userIdList = querySysFileList.stream().map(SysFile::getUser_id).collect(Collectors.toList());
+        if (userIdList.contains(SecurityUtil.getUserId()) && !securityUtil.hasPermission("1.1.5")) {
+            throw new CustException(SecurityEnum.NOAUTH);
+        }
+
+        return Result.success().put("data", sysFileService.removeUploadFileBatch(sysFile, querySysFileList));
     }
 
+
+
 }

src/main/java/com/backendsys/modules/upload/service/SysFileService.java

@@ -2,11 +2,13 @@ package com.backendsys.modules.upload.service;
 
 import com.backendsys.modules.upload.entity.SysFile;
 import com.backendsys.utils.response.PageEntity;
+import com.baomidou.mybatisplus.extension.service.IService;
 import org.springframework.web.multipart.MultipartFile;
 
+import java.util.List;
 import java.util.Map;
 
-public interface SysFileService {
+public interface SysFileService extends IService<SysFile> {
 
     // 获取文件列表
     PageEntity selectUploadFileList(SysFile sysFile);
@@ -15,10 +17,10 @@ public interface SysFileService {
     SysFile uploadSmall(MultipartFile file, Long category_id);
 
     // 删除文件
-    Map<String, Object> removeUploadFile(SysFile sysFile);
+    Map<String, Object> removeUploadFile(SysFile sysFile, SysFile querySysFile);
 
     // 删除文件 (批量)
-    Map<String, Object> removeUploadFileBatch(SysFile sysFile);
+    Map<String, Object> removeUploadFileBatch(SysFile sysFile, List<SysFile> querySysFileList);
 
     // 编辑文件
     Map<String, Object> updateUploadFile(SysFile sysFile);

src/main/java/com/backendsys/modules/upload/service/impl/SysFileServiceImpl.java

@@ -20,6 +20,7 @@ import com.backendsys.utils.response.PageEntity;
 import com.backendsys.utils.response.PageInfoResult;
 import com.backendsys.utils.v2.PageUtils;
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
+import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.util.StringUtils;
@@ -34,7 +35,7 @@ import java.util.concurrent.atomic.AtomicReference;
 import java.util.stream.Collectors;
 
 @Service
-public class SysFileServiceImpl implements SysFileService {
+public class SysFileServiceImpl extends ServiceImpl<SysFileDao, SysFile> implements SysFileService {
 
     @Autowired
     private HttpRequestUtil httpRequestUtil;
@@ -240,19 +241,16 @@ public class SysFileServiceImpl implements SysFileService {
      * 删除文件 (包括缩略图，如果有的话)
      */
     @Override
-    public Map<String, Object> removeUploadFile(SysFile sysFile) {
+    public Map<String, Object> removeUploadFile(SysFile sysFile, SysFile querySysFile) {
 
-        String object_key = sysFile.getObject_key();
+        String object_key = querySysFile.getObject_key();
 
         // [Delete] 删除文件记录
-        SysFile entity = sysFileDao.selectOne(new LambdaQueryWrapper<SysFile>().eq(SysFile::getObject_key, object_key));
-        if (entity != null) {
-            sysFileDao.delete(new LambdaQueryWrapper<SysFile>().eq(SysFile::getObject_key, object_key));
-        }
+        sysFileDao.delete(new LambdaQueryWrapper<SysFile>().eq(SysFile::getObject_key, object_key));
 
         // [异步任务] 创建一个 CompletableFuture 来执行异步任务
         CompletableFuture.runAsync(() -> {
-            deleteObject(entity.getObject_key(), entity.getTarget());
+            deleteObject(querySysFile.getObject_key(), querySysFile.getTarget());
         });
 
         return Map.of("object_key", object_key);
@@ -262,22 +260,17 @@ public class SysFileServiceImpl implements SysFileService {
      * 删除文件 (批量)
      */
     @Override
-    public Map<String, Object> removeUploadFileBatch(SysFile sysFile) {
-
-        List<String> object_keys = StrUtil.split(sysFile.getObject_keys(), ',', true, true);
+    public Map<String, Object> removeUploadFileBatch(SysFile sysFile, List<SysFile> querySysFileList) {
 
         // 判断是否存在
-        List<SysFile> sysFileList = sysFileDao.selectList(new LambdaQueryWrapper<SysFile>().in(SysFile::getObject_key, object_keys));
-        if (sysFileList != null && sysFileList.size() != object_keys.size()) {
-            throw new CustException("object_key 一个或多个不存在 (提交:" + object_keys.size() + ", 存在:" + sysFileList.size() + ")");
-        }
+        List<String> object_keys = StrUtil.split(sysFile.getObject_keys(), ',', true, true);
 
         // [Delete] 批量删除
         sysFileDao.delete(new LambdaQueryWrapper<SysFile>().in(SysFile::getObject_key, object_keys));
 
         // [异步任务] 创建一个 CompletableFuture 来执行异步任务
         CompletableFuture.runAsync(() -> {
-            sysFileList.stream().forEach(entity -> {
+            querySysFileList.stream().forEach(entity -> {
                 deleteObject(entity.getObject_key(), entity.getTarget());
             });
         });