进一步优化数据权限
This commit is contained in:
wanxiaoli
parent
00baa4dea6
commit
e806647a5a
@ -77,13 +77,17 @@ public class EventController {
|
||||
@Log(value = "修改始发事件", module = "事件管理")
|
||||
@PutMapping
|
||||
public boolean update(@RequestBody Event event) {
|
||||
if (event.getEventId() == null || event.getEventId().isBlank()) {
|
||||
throw new RuntimeException("eventId不能为空");
|
||||
}
|
||||
if (event.getScenarioId() != null && !event.getScenarioId().isBlank()) {
|
||||
assertCanWriteByScenarioId(event.getScenarioId());
|
||||
} else if (event.getEventId() != null && !event.getEventId().isBlank()) {
|
||||
} else {
|
||||
Event db = eventService.getById(event.getEventId());
|
||||
if (db != null) {
|
||||
assertCanWriteByScenarioId(db.getScenarioId());
|
||||
if (db == null) {
|
||||
throw new RuntimeException("事件不存在: " + event.getEventId());
|
||||
}
|
||||
assertCanWriteByScenarioId(db.getScenarioId());
|
||||
}
|
||||
event.setModifier(currentUsername());
|
||||
event.setUpdatedAt(LocalDateTime.now());
|
||||
@ -99,21 +103,35 @@ public class EventController {
|
||||
@PostMapping("/batchSave")
|
||||
@Transactional
|
||||
public ResponseEntity<Map<String, Object>> batchSaveOrUpdateEvents(@RequestBody List<Event> events) {
|
||||
if (events == null || events.isEmpty()) {
|
||||
throw new RuntimeException("events不能为空");
|
||||
}
|
||||
String currentUser = currentUsername();
|
||||
LocalDateTime now = LocalDateTime.now();
|
||||
|
||||
List<Event> savedEvents = new ArrayList<>();
|
||||
|
||||
for (Event event : events) {
|
||||
String scenarioId = null;
|
||||
Event db = null;
|
||||
if (event.getScenarioId() != null && !event.getScenarioId().isBlank()) {
|
||||
assertCanWriteByScenarioId(event.getScenarioId());
|
||||
scenarioId = event.getScenarioId();
|
||||
} else if (event.getEventId() != null && !event.getEventId().isBlank()) {
|
||||
Event db = eventService.getById(event.getEventId());
|
||||
if (db != null) {
|
||||
assertCanWriteByScenarioId(db.getScenarioId());
|
||||
db = eventService.getById(event.getEventId());
|
||||
if (db == null) {
|
||||
throw new RuntimeException("事件不存在: " + event.getEventId());
|
||||
}
|
||||
scenarioId = db.getScenarioId();
|
||||
} else {
|
||||
throw new RuntimeException("scenarioId/eventId不能为空");
|
||||
}
|
||||
if (event.getEventId() != null && eventService.getById(event.getEventId()) != null) {
|
||||
assertCanWriteByScenarioId(scenarioId);
|
||||
|
||||
Event exists = db;
|
||||
if (exists == null && event.getEventId() != null && !event.getEventId().isBlank()) {
|
||||
exists = eventService.getById(event.getEventId());
|
||||
}
|
||||
if (event.getEventId() != null && !event.getEventId().isBlank() && exists != null) {
|
||||
// 更新逻辑
|
||||
event.setModifier(currentUser);
|
||||
event.setUpdatedAt(now);
|
||||
@ -147,9 +165,10 @@ public class EventController {
|
||||
@RequestBody Map<String, Object> requestBody
|
||||
) {
|
||||
Event db = eventService.getById(eventId);
|
||||
if (db != null) {
|
||||
assertCanWriteByScenarioId(db.getScenarioId());
|
||||
if (db == null) {
|
||||
throw new RuntimeException("事件不存在: " + eventId);
|
||||
}
|
||||
assertCanWriteByScenarioId(db.getScenarioId());
|
||||
Object attrChanges = requestBody.get("attr_changes");
|
||||
if (attrChanges == null) {
|
||||
return ResponseEntity.badRequest().body(Map.of(
|
||||
@ -207,9 +226,10 @@ public class EventController {
|
||||
@DeleteMapping("/{eventId}")
|
||||
public ResponseEntity<Map<String, Object>> deleteEvent(@PathVariable String eventId) {
|
||||
Event db = eventService.getById(eventId);
|
||||
if (db != null) {
|
||||
assertCanWriteByScenarioId(db.getScenarioId());
|
||||
if (db == null) {
|
||||
throw new RuntimeException("事件不存在: " + eventId);
|
||||
}
|
||||
assertCanWriteByScenarioId(db.getScenarioId());
|
||||
boolean ok = eventService.removeById(eventId);
|
||||
if (ok) {
|
||||
return ResponseEntity.ok(Map.of(
|
||||
@ -421,18 +441,30 @@ public class EventController {
|
||||
}
|
||||
|
||||
private void assertCanReadByScenarioId(String scenarioId) {
|
||||
if (scenarioId == null || scenarioId.isBlank()) return;
|
||||
if (scenarioId == null || scenarioId.isBlank()) {
|
||||
throw new RuntimeException("scenarioId不能为空");
|
||||
}
|
||||
Scenario sc = scenarioService.getById(scenarioId);
|
||||
if (sc == null) return;
|
||||
if (sc.getProjectId() == null || sc.getProjectId().isBlank()) return;
|
||||
if (sc == null) {
|
||||
throw new RuntimeException("情景不存在: " + scenarioId);
|
||||
}
|
||||
if (sc.getProjectId() == null || sc.getProjectId().isBlank()) {
|
||||
throw new RuntimeException("情景projectId为空: " + scenarioId);
|
||||
}
|
||||
projectAccessHelper.assertCanReadProject(sc.getProjectId());
|
||||
}
|
||||
|
||||
private void assertCanWriteByScenarioId(String scenarioId) {
|
||||
if (scenarioId == null || scenarioId.isBlank()) return;
|
||||
if (scenarioId == null || scenarioId.isBlank()) {
|
||||
throw new RuntimeException("scenarioId不能为空");
|
||||
}
|
||||
Scenario sc = scenarioService.getById(scenarioId);
|
||||
if (sc == null) return;
|
||||
if (sc.getProjectId() == null || sc.getProjectId().isBlank()) return;
|
||||
if (sc == null) {
|
||||
throw new RuntimeException("情景不存在: " + scenarioId);
|
||||
}
|
||||
if (sc.getProjectId() == null || sc.getProjectId().isBlank()) {
|
||||
throw new RuntimeException("情景projectId为空: " + scenarioId);
|
||||
}
|
||||
projectAccessHelper.assertCanWriteProject(sc.getProjectId());
|
||||
}
|
||||
|
||||
|
||||
@ -14,6 +14,8 @@ import org.springframework.security.authentication.AnonymousAuthenticationToken;
|
||||
|
||||
import jakarta.annotation.Resource;
|
||||
import java.util.List;
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
import java.time.LocalDateTime;
|
||||
|
||||
@RestController
|
||||
@ -37,9 +39,10 @@ public class ScenarioController {
|
||||
@Log(value = "新增情景", module = "情景管理")
|
||||
@PostMapping
|
||||
public boolean create(@RequestBody Scenario scenario) {
|
||||
if (scenario.getProjectId() != null && !scenario.getProjectId().isBlank()) {
|
||||
projectAccessHelper.assertCanWriteProject(scenario.getProjectId());
|
||||
if (scenario.getProjectId() == null || scenario.getProjectId().isBlank()) {
|
||||
throw new RuntimeException("projectId不能为空");
|
||||
}
|
||||
projectAccessHelper.assertCanWriteProject(scenario.getProjectId());
|
||||
scenario.setModifier(currentUsername());
|
||||
scenario.setCreatedAt(LocalDateTime.now());
|
||||
scenario.setUpdatedAt(LocalDateTime.now());
|
||||
@ -57,9 +60,10 @@ public class ScenarioController {
|
||||
@Log(value = "新增情景并返回", module = "情景管理")
|
||||
@PostMapping("/createAndReturn")
|
||||
public java.util.Map<String, Object> createAndReturn(@RequestBody Scenario scenario) {
|
||||
if (scenario.getProjectId() != null && !scenario.getProjectId().isBlank()) {
|
||||
projectAccessHelper.assertCanWriteProject(scenario.getProjectId());
|
||||
if (scenario.getProjectId() == null || scenario.getProjectId().isBlank()) {
|
||||
throw new RuntimeException("projectId不能为空");
|
||||
}
|
||||
projectAccessHelper.assertCanWriteProject(scenario.getProjectId());
|
||||
scenario.setModifier(currentUsername());
|
||||
scenario.setCreatedAt(LocalDateTime.now());
|
||||
scenario.setUpdatedAt(LocalDateTime.now());
|
||||
@ -81,12 +85,17 @@ public class ScenarioController {
|
||||
@Log(value = "修改情景", module = "情景管理")
|
||||
@PutMapping
|
||||
public boolean update(@RequestBody Scenario scenario) {
|
||||
if (scenario.getScenarioId() != null && !scenario.getScenarioId().isBlank()) {
|
||||
Scenario db = scenarioService.getById(scenario.getScenarioId());
|
||||
if (db != null && db.getProjectId() != null && !db.getProjectId().isBlank()) {
|
||||
projectAccessHelper.assertCanWriteProject(db.getProjectId());
|
||||
}
|
||||
if (scenario.getScenarioId() == null || scenario.getScenarioId().isBlank()) {
|
||||
throw new RuntimeException("scenarioId不能为空");
|
||||
}
|
||||
Scenario db = scenarioService.getById(scenario.getScenarioId());
|
||||
if (db == null) {
|
||||
throw new RuntimeException("情景不存在: " + scenario.getScenarioId());
|
||||
}
|
||||
if (db.getProjectId() == null || db.getProjectId().isBlank()) {
|
||||
throw new RuntimeException("情景projectId为空: " + scenario.getScenarioId());
|
||||
}
|
||||
projectAccessHelper.assertCanWriteProject(db.getProjectId());
|
||||
scenario.setModifier(currentUsername());
|
||||
scenario.setUpdatedAt(LocalDateTime.now());
|
||||
return scenarioService.updateById(scenario);
|
||||
@ -103,9 +112,13 @@ public class ScenarioController {
|
||||
@DeleteMapping("/{id}")
|
||||
public boolean delete(@PathVariable String id) {
|
||||
Scenario db = scenarioService.getById(id);
|
||||
if (db != null && db.getProjectId() != null && !db.getProjectId().isBlank()) {
|
||||
projectAccessHelper.assertCanWriteProject(db.getProjectId());
|
||||
if (db == null) {
|
||||
throw new RuntimeException("情景不存在: " + id);
|
||||
}
|
||||
if (db.getProjectId() == null || db.getProjectId().isBlank()) {
|
||||
throw new RuntimeException("情景projectId为空: " + id);
|
||||
}
|
||||
projectAccessHelper.assertCanWriteProject(db.getProjectId());
|
||||
return scenarioService.removeById(id);
|
||||
}
|
||||
|
||||
@ -119,13 +132,27 @@ public class ScenarioController {
|
||||
@Log(value = "批量删除情景", module = "情景管理")
|
||||
@DeleteMapping
|
||||
public boolean deleteBatch(@RequestBody List<String> ids) {
|
||||
if (ids != null && !ids.isEmpty()) {
|
||||
List<Scenario> list = scenarioService.list(new QueryWrapper<Scenario>().in("scenario_id", ids));
|
||||
for (Scenario sc : list) {
|
||||
if (sc.getProjectId() != null && !sc.getProjectId().isBlank()) {
|
||||
projectAccessHelper.assertCanWriteProject(sc.getProjectId());
|
||||
}
|
||||
if (ids == null || ids.isEmpty()) {
|
||||
throw new RuntimeException("ids不能为空");
|
||||
}
|
||||
List<Scenario> list = scenarioService.list(new QueryWrapper<Scenario>().in("scenario_id", ids));
|
||||
Set<String> found = new HashSet<>();
|
||||
for (Scenario sc : list) {
|
||||
if (sc.getScenarioId() != null) found.add(sc.getScenarioId());
|
||||
}
|
||||
for (String id : ids) {
|
||||
if (id == null || id.isBlank()) {
|
||||
throw new RuntimeException("ids包含空值");
|
||||
}
|
||||
if (!found.contains(id)) {
|
||||
throw new RuntimeException("情景不存在: " + id);
|
||||
}
|
||||
}
|
||||
for (Scenario sc : list) {
|
||||
if (sc.getProjectId() == null || sc.getProjectId().isBlank()) {
|
||||
throw new RuntimeException("情景projectId为空: " + sc.getScenarioId());
|
||||
}
|
||||
projectAccessHelper.assertCanWriteProject(sc.getProjectId());
|
||||
}
|
||||
return scenarioService.removeByIds(ids);
|
||||
}
|
||||
@ -142,9 +169,13 @@ public class ScenarioController {
|
||||
@GetMapping("/{id}")
|
||||
public Scenario getById(@PathVariable String id) {
|
||||
Scenario sc = scenarioService.getById(id);
|
||||
if (sc != null && sc.getProjectId() != null && !sc.getProjectId().isBlank()) {
|
||||
projectAccessHelper.assertCanReadProject(sc.getProjectId());
|
||||
if (sc == null) {
|
||||
throw new RuntimeException("情景不存在: " + id);
|
||||
}
|
||||
if (sc.getProjectId() == null || sc.getProjectId().isBlank()) {
|
||||
throw new RuntimeException("情景projectId为空: " + id);
|
||||
}
|
||||
projectAccessHelper.assertCanReadProject(sc.getProjectId());
|
||||
return sc;
|
||||
}
|
||||
|
||||
@ -163,9 +194,10 @@ public class ScenarioController {
|
||||
@RequestParam(required = false) String name,
|
||||
@RequestParam(defaultValue = "1") long pageNum,
|
||||
@RequestParam(defaultValue = "20") long pageSize) {
|
||||
if (projectId != null && !projectId.isBlank()) {
|
||||
projectAccessHelper.assertCanReadProject(projectId);
|
||||
if (projectId == null || projectId.isBlank()) {
|
||||
throw new RuntimeException("projectId不能为空");
|
||||
}
|
||||
projectAccessHelper.assertCanReadProject(projectId);
|
||||
QueryWrapper<Scenario> qw = new QueryWrapper<Scenario>().eq("project_id", projectId).orderByDesc("created_at");
|
||||
if (name != null && !name.isEmpty()) {
|
||||
qw.like("name", name);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user