From daf7acb4f107a427e4a83ba1eb26e5e6012cbdaf Mon Sep 17 00:00:00 2001 From: kongzy <kongzy> Date: 星期三, 26 六月 2024 17:04:52 +0800 Subject: [PATCH] update --- exam-system/src/main/java/com/gkhy/exam/system/service/impl/ExQuestionBankServiceImpl.java | 46 ++++++++++++++++++++++++++++++++++++++++------ 1 files changed, 40 insertions(+), 6 deletions(-) diff --git a/exam-system/src/main/java/com/gkhy/exam/system/service/impl/ExQuestionBankServiceImpl.java b/exam-system/src/main/java/com/gkhy/exam/system/service/impl/ExQuestionBankServiceImpl.java index 0a496b8..8b45914 100644 --- a/exam-system/src/main/java/com/gkhy/exam/system/service/impl/ExQuestionBankServiceImpl.java +++ b/exam-system/src/main/java/com/gkhy/exam/system/service/impl/ExQuestionBankServiceImpl.java @@ -33,6 +33,10 @@ @Override public CommonPage selectQuestionBankList(ExQuestionBank questionBank) { + SysUser user= SecurityUtils.getLoginUser().getUser(); + if(!user.getUserType().equals(UserTypeEnum.SYSTEM_USER.getCode())){ + questionBank.setCompanyId(user.getCompanyId()); + } PageUtils.startPage(); List<ExQuestionBank> bankList=baseMapper.selectQuestionBankList(questionBank); return CommonPage.restPage(bankList); @@ -40,11 +44,23 @@ @Override public ExQuestionBank selectQuestionBankById(Long bankId) { - return baseMapper.selectById(bankId); + ExQuestionBank questionBank= baseMapper.selectById(bankId); + if(questionBank.getPrivatize().equals(PrivatizeEnum.PUBLIC.getCode())){ + return questionBank; + } + SysUser currentUser=SecurityUtils.getLoginUser().getUser(); + if(currentUser.getUserType().equals(UserTypeEnum.SYSTEM_USER.getCode())){ + return questionBank; + } + if(!questionBank.getCompanyId().equals(currentUser.getCompanyId())){ + throw new ApiException("无权限查看其它企业题库"); + } + return questionBank; } @Override public int insertQuestionBank(ExQuestionBank questionBank) { + checkUserAllowed(questionBank); if(!checkNameUnique(questionBank)){ throw new ApiException("题库名称已存在"); } @@ -52,10 +68,6 @@ if(user.getUserType().equals(UserTypeEnum.SYSTEM_USER.getCode())){ questionBank.setPrivatize(PrivatizeEnum.PUBLIC.getCode()); }else{ - if(user.getCompanyId()==null){ - throw new ApiException("获取用户公司id为空"); - } - questionBank.setPrivatize(PrivatizeEnum.PRIVATE.getCode()); questionBank.setCompanyId(user.getCompanyId()); } int row =baseMapper.insert(questionBank); @@ -67,6 +79,7 @@ @Override public int updateQuestionBank(ExQuestionBank questionBank) { + checkUserAllowed(questionBank); if(!checkNameUnique(questionBank)){ throw new ApiException("题库名称已存在"); } @@ -77,8 +90,22 @@ return row; } + public void checkUserAllowed(ExQuestionBank questionBank) { + SysUser currentUser= SecurityUtils.getLoginUser().getUser(); + if(currentUser.getUserType().equals(UserTypeEnum.SYSTEM_USER.getCode())){ + return; + } + if(currentUser.getUserType().equals(UserTypeEnum.STUDENT.getCode())){ + throw new ApiException("没有权限操作"); + } + if(!currentUser.getCompanyId().equals(questionBank.getCompanyId())){ + throw new ApiException("没有权限操作其他企业课程"); + } + } + @Override public int deleteQuestionBankById(Long bankId) { + checkUserAllowed(baseMapper.selectById(bankId)); return baseMapper.deleteByBankId(bankId); } @@ -101,6 +128,9 @@ @Override public CommonPage selectQuestionBankListForStudent(ExQuestionBank questionBank) { SysUser user= SecurityUtils.getLoginUser().getUser(); + if(!user.getUserType().equals(UserTypeEnum.STUDENT.getCode())){ + throw new ApiException("非学员用户,无法查看"); + } questionBank.setCompanyId(user.getCompanyId()); questionBank.setStudentId(user.getId()); PageUtils.startPage(); @@ -110,7 +140,11 @@ @Override public ExQuestionBank selectQuestionBankByIdForStudent(Long bankId) { - return baseMapper.selectQuestionBankByIdForStudent(bankId,SecurityUtils.getUserId()); + SysUser user= SecurityUtils.getLoginUser().getUser(); + if(!user.getUserType().equals(UserTypeEnum.STUDENT.getCode())){ + throw new ApiException("非学员用户,无法查看"); + } + return baseMapper.selectQuestionBankByIdForStudent(bankId,user.getId()); } @Override -- Gitblit v1.9.2