From daf7acb4f107a427e4a83ba1eb26e5e6012cbdaf Mon Sep 17 00:00:00 2001
From: kongzy <kongzy>
Date: 星期三, 26 六月 2024 17:04:52 +0800
Subject: [PATCH] update

---
 exam-system/src/main/java/com/gkhy/exam/system/service/impl/ExQuestionServiceImpl.java |   49 ++++++++++++++++++++++++++++++++++++++++++++-----
 1 files changed, 44 insertions(+), 5 deletions(-)

diff --git a/exam-system/src/main/java/com/gkhy/exam/system/service/impl/ExQuestionServiceImpl.java b/exam-system/src/main/java/com/gkhy/exam/system/service/impl/ExQuestionServiceImpl.java
index 7c6cd3e..809eabf 100644
--- a/exam-system/src/main/java/com/gkhy/exam/system/service/impl/ExQuestionServiceImpl.java
+++ b/exam-system/src/main/java/com/gkhy/exam/system/service/impl/ExQuestionServiceImpl.java
@@ -16,8 +16,10 @@
 import com.gkhy.exam.system.domain.ExExamPaper;
 import com.gkhy.exam.system.domain.ExPaperStudent;
 import com.gkhy.exam.system.domain.ExQuestion;
+import com.gkhy.exam.system.domain.ExQuestionBank;
 import com.gkhy.exam.system.mapper.ExExamPaperMapper;
 import com.gkhy.exam.system.mapper.ExPaperStudentMapper;
+import com.gkhy.exam.system.mapper.ExQuestionBankMapper;
 import com.gkhy.exam.system.mapper.ExQuestionMapper;
 import com.gkhy.exam.system.service.ExQuestionService;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -41,11 +43,22 @@
     private ExPaperStudentMapper paperStudentMapper;
     @Autowired
     private ExExamPaperMapper examPaperMapper;
+    @Autowired
+    private ExQuestionBankMapper questionBankMapper;
 
     @Override
     public CommonPage selectQuestionList(ExQuestion question) {
         if(question.getBankId()==null){
             throw new ApiException("题库id不能为空");
+        }
+        ExQuestionBank questionBank=questionBankMapper.selectById(question.getBankId());
+        if(!questionBank.getPrivatize().equals(PrivatizeEnum.PUBLIC.getCode())){
+            SysUser currentUser=SecurityUtils.getLoginUser().getUser();
+            if(!currentUser.getUserType().equals(UserTypeEnum.SYSTEM_USER.getCode())){
+                if(!question.getCompanyId().equals(currentUser.getCompanyId())){
+                    throw new ApiException("无权限查看其它企业题目");
+                }
+            }
         }
         PageUtils.startPage();
         List<ExQuestion> questionList=baseMapper.selectQuestionList(question);
@@ -54,18 +67,29 @@
 
     @Override
     public ExQuestion selectQuestionById(Long questionId) {
-        return baseMapper.selectById(questionId);
+        ExQuestion question= baseMapper.selectById(questionId);
+        if(question.getPrivatize().equals(PrivatizeEnum.PUBLIC.getCode())){
+            return question;
+        }
+        SysUser currentUser=SecurityUtils.getLoginUser().getUser();
+        if(currentUser.getUserType().equals(UserTypeEnum.SYSTEM_USER.getCode())){
+            return question;
+        }
+        if(!question.getCompanyId().equals(currentUser.getCompanyId())){
+            throw new ApiException("无权限查看其它企业题目");
+        }
+        return question;
     }
 
     @Override
     public int insertQuestion(ExQuestion question) {
+        checkUserAllowed(question);
         SysUser user= SecurityUtils.getLoginUser().getUser();
-        if(user.getUserType().equals(UserTypeEnum.SYSTEM_USER.getCode())){
+        //公开的题库新增题目，题目也是公开
+        ExQuestionBank questionBank=questionBankMapper.selectById(question.getBankId());
+        if(user.getUserType().equals(UserTypeEnum.SYSTEM_USER.getCode())||questionBank.getPrivatize().equals(PrivatizeEnum.PUBLIC.getCode())){
             question.setPrivatize(PrivatizeEnum.PUBLIC.getCode());
         }else{
-            if(user.getCompanyId()==null){
-                throw new ApiException("获取用户公司id失败");
-            }
             question.setCompanyId(user.getCompanyId());
             question.setPrivatize(PrivatizeEnum.PRIVATE.getCode());
         }
@@ -80,6 +104,7 @@
     @Override
     public int updateQuestion(ExQuestion question) {
         validData(question);
+        checkUserAllowed(question);
         int row=baseMapper.updateById(question);
         if(row<1){
             throw new ApiException("编辑题目失败");
@@ -108,8 +133,22 @@
         
     }
 
+    public void checkUserAllowed(ExQuestion question) {
+        SysUser currentUser= SecurityUtils.getLoginUser().getUser();
+        if(currentUser.getUserType().equals(UserTypeEnum.SYSTEM_USER.getCode())){
+            return;
+        }
+        if(currentUser.getUserType().equals(UserTypeEnum.STUDENT.getCode())){
+            throw new ApiException("没有权限操作");
+        }
+        if(!currentUser.getCompanyId().equals(question.getCompanyId())){
+            throw new ApiException("没有权限操作其他企业题目");
+        }
+    }
+
     @Override
     public int deleteQuestionById(Long questionId) {
+        checkUserAllowed(baseMapper.selectById(questionId));
         return baseMapper.deleteById(questionId);
     }
 

--
Gitblit v1.9.2