From daf7acb4f107a427e4a83ba1eb26e5e6012cbdaf Mon Sep 17 00:00:00 2001
From: kongzy <kongzy>
Date: 星期三, 26 六月 2024 17:04:52 +0800
Subject: [PATCH] update
---
exam-system/src/main/java/com/gkhy/exam/system/service/impl/ExQuestionBankServiceImpl.java | 46 ++++++++++++++++++++++++++++++++++++++++------
1 files changed, 40 insertions(+), 6 deletions(-)
diff --git a/exam-system/src/main/java/com/gkhy/exam/system/service/impl/ExQuestionBankServiceImpl.java b/exam-system/src/main/java/com/gkhy/exam/system/service/impl/ExQuestionBankServiceImpl.java
index 0a496b8..8b45914 100644
--- a/exam-system/src/main/java/com/gkhy/exam/system/service/impl/ExQuestionBankServiceImpl.java
+++ b/exam-system/src/main/java/com/gkhy/exam/system/service/impl/ExQuestionBankServiceImpl.java
@@ -33,6 +33,10 @@
@Override
public CommonPage selectQuestionBankList(ExQuestionBank questionBank) {
+ SysUser user= SecurityUtils.getLoginUser().getUser();
+ if(!user.getUserType().equals(UserTypeEnum.SYSTEM_USER.getCode())){
+ questionBank.setCompanyId(user.getCompanyId());
+ }
PageUtils.startPage();
List<ExQuestionBank> bankList=baseMapper.selectQuestionBankList(questionBank);
return CommonPage.restPage(bankList);
@@ -40,11 +44,23 @@
@Override
public ExQuestionBank selectQuestionBankById(Long bankId) {
- return baseMapper.selectById(bankId);
+ ExQuestionBank questionBank= baseMapper.selectById(bankId);
+ if(questionBank.getPrivatize().equals(PrivatizeEnum.PUBLIC.getCode())){
+ return questionBank;
+ }
+ SysUser currentUser=SecurityUtils.getLoginUser().getUser();
+ if(currentUser.getUserType().equals(UserTypeEnum.SYSTEM_USER.getCode())){
+ return questionBank;
+ }
+ if(!questionBank.getCompanyId().equals(currentUser.getCompanyId())){
+ throw new ApiException("无权限查看其它企业题库");
+ }
+ return questionBank;
}
@Override
public int insertQuestionBank(ExQuestionBank questionBank) {
+ checkUserAllowed(questionBank);
if(!checkNameUnique(questionBank)){
throw new ApiException("题库名称已存在");
}
@@ -52,10 +68,6 @@
if(user.getUserType().equals(UserTypeEnum.SYSTEM_USER.getCode())){
questionBank.setPrivatize(PrivatizeEnum.PUBLIC.getCode());
}else{
- if(user.getCompanyId()==null){
- throw new ApiException("获取用户公司id为空");
- }
- questionBank.setPrivatize(PrivatizeEnum.PRIVATE.getCode());
questionBank.setCompanyId(user.getCompanyId());
}
int row =baseMapper.insert(questionBank);
@@ -67,6 +79,7 @@
@Override
public int updateQuestionBank(ExQuestionBank questionBank) {
+ checkUserAllowed(questionBank);
if(!checkNameUnique(questionBank)){
throw new ApiException("题库名称已存在");
}
@@ -77,8 +90,22 @@
return row;
}
+ public void checkUserAllowed(ExQuestionBank questionBank) {
+ SysUser currentUser= SecurityUtils.getLoginUser().getUser();
+ if(currentUser.getUserType().equals(UserTypeEnum.SYSTEM_USER.getCode())){
+ return;
+ }
+ if(currentUser.getUserType().equals(UserTypeEnum.STUDENT.getCode())){
+ throw new ApiException("没有权限操作");
+ }
+ if(!currentUser.getCompanyId().equals(questionBank.getCompanyId())){
+ throw new ApiException("没有权限操作其他企业课程");
+ }
+ }
+
@Override
public int deleteQuestionBankById(Long bankId) {
+ checkUserAllowed(baseMapper.selectById(bankId));
return baseMapper.deleteByBankId(bankId);
}
@@ -101,6 +128,9 @@
@Override
public CommonPage selectQuestionBankListForStudent(ExQuestionBank questionBank) {
SysUser user= SecurityUtils.getLoginUser().getUser();
+ if(!user.getUserType().equals(UserTypeEnum.STUDENT.getCode())){
+ throw new ApiException("非学员用户,无法查看");
+ }
questionBank.setCompanyId(user.getCompanyId());
questionBank.setStudentId(user.getId());
PageUtils.startPage();
@@ -110,7 +140,11 @@
@Override
public ExQuestionBank selectQuestionBankByIdForStudent(Long bankId) {
- return baseMapper.selectQuestionBankByIdForStudent(bankId,SecurityUtils.getUserId());
+ SysUser user= SecurityUtils.getLoginUser().getUser();
+ if(!user.getUserType().equals(UserTypeEnum.STUDENT.getCode())){
+ throw new ApiException("非学员用户,无法查看");
+ }
+ return baseMapper.selectQuestionBankByIdForStudent(bankId,user.getId());
}
@Override
--
Gitblit v1.9.2