From daf7acb4f107a427e4a83ba1eb26e5e6012cbdaf Mon Sep 17 00:00:00 2001 From: kongzy <kongzy> Date: 星期三, 26 六月 2024 17:04:52 +0800 Subject: [PATCH] update --- exam-system/src/main/java/com/gkhy/exam/system/service/impl/ExStudentServiceImpl.java | 32 ++++++++++++++++++++++++++++---- 1 files changed, 28 insertions(+), 4 deletions(-) diff --git a/exam-system/src/main/java/com/gkhy/exam/system/service/impl/ExStudentServiceImpl.java b/exam-system/src/main/java/com/gkhy/exam/system/service/impl/ExStudentServiceImpl.java index 6b6b60e..67ca293 100644 --- a/exam-system/src/main/java/com/gkhy/exam/system/service/impl/ExStudentServiceImpl.java +++ b/exam-system/src/main/java/com/gkhy/exam/system/service/impl/ExStudentServiceImpl.java @@ -69,15 +69,22 @@ @Override public ExStudent selectStudentById(Long studentId) { - return baseMapper.selectStudentById(studentId); + ExStudent student= baseMapper.selectStudentById(studentId); + SysUser currentUser=SecurityUtils.getLoginUser().getUser(); + if(currentUser.getUserType().equals(UserTypeEnum.SYSTEM_USER.getCode())){ + return student; + } + if(!student.getCompanyId().equals(currentUser.getCompanyId())){ + throw new ApiException("无权限查看其它企业学员"); + } + return student; + } @Override public int insertStudent(ExStudent student) { SysUser currentUser= SecurityUtils.getLoginUser().getUser(); - if(currentUser.getUserType().equals(UserTypeEnum.SYSTEM_USER.getCode())){ - throw new ApiException("系统管理员不能新增学员"); - } + checkUserAllowed(student); if(!checkPhoneUnique(student)){ throw new ApiException("手机号已存在"); } @@ -94,6 +101,7 @@ @Override public int updateStudent(ExStudent student) { + checkUserAllowed(student); if(!checkPhoneUnique(student)){ throw new ApiException("手机号已存在"); } @@ -112,6 +120,7 @@ @Override public int deleteStudentById(Long studentId) { ExStudent existStudent=checkUserDataScope(studentId); + checkUserAllowed(existStudent); int row=baseMapper.deleteByStudentId(studentId); if(row<0){ throw new ApiException("删除学员失败"); @@ -153,6 +162,7 @@ @Override public boolean resetUserPwd(ExStudent student) { ExStudent existStudent=getById(student.getId()); + checkUserAllowed(existStudent); ExStudent su=new ExStudent().setId(student.getId()).setPassword(SecurityUtils.encryptPassword(Base64.decodeStr(student.getPassword()))); su.setUpdateBy(SecurityUtils.getUsername()); delCacheByPhone(existStudent.getPhone()); @@ -170,4 +180,18 @@ } return student; } + + public void checkUserAllowed(ExStudent student) { + SysUser currentUser= SecurityUtils.getLoginUser().getUser(); + if(currentUser.getUserType().equals(UserTypeEnum.SYSTEM_USER.getCode())){ + throw new ApiException("系统管理员没有权限操作"); + } + if(currentUser.getUserType().equals(UserTypeEnum.STUDENT.getCode())){ + throw new ApiException("没有权限操作"); + } + if(!currentUser.getCompanyId().equals(student.getCompanyId())){ + throw new ApiException("没有权限操作其他企业学员"); + } + } + } -- Gitblit v1.9.2