From daf7acb4f107a427e4a83ba1eb26e5e6012cbdaf Mon Sep 17 00:00:00 2001
From: kongzy <kongzy>
Date: 星期三, 26 六月 2024 17:04:52 +0800
Subject: [PATCH] update

---
 exam-system/src/main/java/com/gkhy/exam/system/service/impl/ExQuestionBankServiceImpl.java |   46 ++++++++++++++++++++++++++++++++++++++++------
 1 files changed, 40 insertions(+), 6 deletions(-)

diff --git a/exam-system/src/main/java/com/gkhy/exam/system/service/impl/ExQuestionBankServiceImpl.java b/exam-system/src/main/java/com/gkhy/exam/system/service/impl/ExQuestionBankServiceImpl.java
index 0a496b8..8b45914 100644
--- a/exam-system/src/main/java/com/gkhy/exam/system/service/impl/ExQuestionBankServiceImpl.java
+++ b/exam-system/src/main/java/com/gkhy/exam/system/service/impl/ExQuestionBankServiceImpl.java
@@ -33,6 +33,10 @@
 
     @Override
     public CommonPage selectQuestionBankList(ExQuestionBank questionBank) {
+        SysUser user= SecurityUtils.getLoginUser().getUser();
+        if(!user.getUserType().equals(UserTypeEnum.SYSTEM_USER.getCode())){
+            questionBank.setCompanyId(user.getCompanyId());
+        }
         PageUtils.startPage();
         List<ExQuestionBank> bankList=baseMapper.selectQuestionBankList(questionBank);
         return CommonPage.restPage(bankList);
@@ -40,11 +44,23 @@
 
     @Override
     public ExQuestionBank selectQuestionBankById(Long bankId) {
-        return baseMapper.selectById(bankId);
+        ExQuestionBank questionBank= baseMapper.selectById(bankId);
+        if(questionBank.getPrivatize().equals(PrivatizeEnum.PUBLIC.getCode())){
+            return questionBank;
+        }
+        SysUser currentUser=SecurityUtils.getLoginUser().getUser();
+        if(currentUser.getUserType().equals(UserTypeEnum.SYSTEM_USER.getCode())){
+            return questionBank;
+        }
+        if(!questionBank.getCompanyId().equals(currentUser.getCompanyId())){
+            throw new ApiException("无权限查看其它企业题库");
+        }
+        return questionBank;
     }
 
     @Override
     public int insertQuestionBank(ExQuestionBank questionBank) {
+        checkUserAllowed(questionBank);
         if(!checkNameUnique(questionBank)){
             throw new ApiException("题库名称已存在");
         }
@@ -52,10 +68,6 @@
         if(user.getUserType().equals(UserTypeEnum.SYSTEM_USER.getCode())){
             questionBank.setPrivatize(PrivatizeEnum.PUBLIC.getCode());
         }else{
-            if(user.getCompanyId()==null){
-                throw new ApiException("获取用户公司id为空");
-            }
-            questionBank.setPrivatize(PrivatizeEnum.PRIVATE.getCode());
             questionBank.setCompanyId(user.getCompanyId());
         }
         int row =baseMapper.insert(questionBank);
@@ -67,6 +79,7 @@
 
     @Override
     public int updateQuestionBank(ExQuestionBank questionBank) {
+        checkUserAllowed(questionBank);
         if(!checkNameUnique(questionBank)){
             throw new ApiException("题库名称已存在");
         }
@@ -77,8 +90,22 @@
         return row;
     }
 
+    public void checkUserAllowed(ExQuestionBank questionBank) {
+        SysUser currentUser= SecurityUtils.getLoginUser().getUser();
+        if(currentUser.getUserType().equals(UserTypeEnum.SYSTEM_USER.getCode())){
+            return;
+        }
+        if(currentUser.getUserType().equals(UserTypeEnum.STUDENT.getCode())){
+            throw new ApiException("没有权限操作");
+        }
+        if(!currentUser.getCompanyId().equals(questionBank.getCompanyId())){
+            throw new ApiException("没有权限操作其他企业课程");
+        }
+    }
+
     @Override
     public int deleteQuestionBankById(Long bankId) {
+        checkUserAllowed(baseMapper.selectById(bankId));
         return baseMapper.deleteByBankId(bankId);
     }
 
@@ -101,6 +128,9 @@
     @Override
     public CommonPage selectQuestionBankListForStudent(ExQuestionBank questionBank) {
         SysUser user= SecurityUtils.getLoginUser().getUser();
+        if(!user.getUserType().equals(UserTypeEnum.STUDENT.getCode())){
+            throw new ApiException("非学员用户,无法查看");
+        }
         questionBank.setCompanyId(user.getCompanyId());
         questionBank.setStudentId(user.getId());
         PageUtils.startPage();
@@ -110,7 +140,11 @@
 
     @Override
     public ExQuestionBank selectQuestionBankByIdForStudent(Long bankId) {
-        return baseMapper.selectQuestionBankByIdForStudent(bankId,SecurityUtils.getUserId());
+        SysUser user= SecurityUtils.getLoginUser().getUser();
+        if(!user.getUserType().equals(UserTypeEnum.STUDENT.getCode())){
+            throw new ApiException("非学员用户,无法查看");
+        }
+        return baseMapper.selectQuestionBankByIdForStudent(bankId,user.getId());
     }
 
     @Override

--
Gitblit v1.9.2