ThbTech/JavaProjectRepo
0
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

进一步优化数据权限

Browse Source
This commit is contained in:
wanxiaoli 2026-05-09 18:19:11 +08:00
parent 00baa4dea6
commit e806647a5a
2 changed files with 103 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
business-css/src/main/java/com/yfd/business/css/controller/EventController.java
View File

@ -77,13 +77,17 @@ public class EventController {
@Log(value = "修改始发事件", module = "事件管理") @Log(value = "修改始发事件", module = "事件管理")
@PutMapping @PutMapping
public boolean update(@RequestBody Event event) { public boolean update(@RequestBody Event event) {
if (event.getEventId() == null || event.getEventId().isBlank()) {
throw new RuntimeException("eventId不能为空");
}
if (event.getScenarioId() != null && !event.getScenarioId().isBlank()) { if (event.getScenarioId() != null && !event.getScenarioId().isBlank()) {
assertCanWriteByScenarioId(event.getScenarioId()); assertCanWriteByScenarioId(event.getScenarioId());
} else if (event.getEventId() != null && !event.getEventId().isBlank()) { } else {
Event db = eventService.getById(event.getEventId()); Event db = eventService.getById(event.getEventId());
if (db != null) { if (db == null) {
assertCanWriteByScenarioId(db.getScenarioId()); throw new RuntimeException("事件不存在: " + event.getEventId());
} }
assertCanWriteByScenarioId(db.getScenarioId());
} }
event.setModifier(currentUsername()); event.setModifier(currentUsername());
event.setUpdatedAt(LocalDateTime.now()); event.setUpdatedAt(LocalDateTime.now());
@ -99,21 +103,35 @@ public class EventController {
@PostMapping("/batchSave") @PostMapping("/batchSave")
@Transactional @Transactional
public ResponseEntity<Map<String, Object>> batchSaveOrUpdateEvents(@RequestBody List<Event> events) { public ResponseEntity<Map<String, Object>> batchSaveOrUpdateEvents(@RequestBody List<Event> events) {
if (events == null || events.isEmpty()) {
throw new RuntimeException("events不能为空");
}
String currentUser = currentUsername(); String currentUser = currentUsername();
LocalDateTime now = LocalDateTime.now(); LocalDateTime now = LocalDateTime.now();
List<Event> savedEvents = new ArrayList<>(); List<Event> savedEvents = new ArrayList<>();
for (Event event : events) { for (Event event : events) {
String scenarioId = null;
Event db = null;
if (event.getScenarioId() != null && !event.getScenarioId().isBlank()) { if (event.getScenarioId() != null && !event.getScenarioId().isBlank()) {
assertCanWriteByScenarioId(event.getScenarioId()); scenarioId = event.getScenarioId();
} else if (event.getEventId() != null && !event.getEventId().isBlank()) { } else if (event.getEventId() != null && !event.getEventId().isBlank()) {
Event db = eventService.getById(event.getEventId()); db = eventService.getById(event.getEventId());
if (db != null) { if (db == null) {
assertCanWriteByScenarioId(db.getScenarioId()); throw new RuntimeException("事件不存在: " + event.getEventId());
} }
scenarioId = db.getScenarioId();
} else {
throw new RuntimeException("scenarioId/eventId不能为空");
} }
if (event.getEventId() != null && eventService.getById(event.getEventId()) != null) { assertCanWriteByScenarioId(scenarioId);
Event exists = db;
if (exists == null && event.getEventId() != null && !event.getEventId().isBlank()) {
exists = eventService.getById(event.getEventId());
}
if (event.getEventId() != null && !event.getEventId().isBlank() && exists != null) {
// 更新逻辑 // 更新逻辑
event.setModifier(currentUser); event.setModifier(currentUser);
event.setUpdatedAt(now); event.setUpdatedAt(now);
@ -147,9 +165,10 @@ public class EventController {
@RequestBody Map<String, Object> requestBody @RequestBody Map<String, Object> requestBody
) { ) {
Event db = eventService.getById(eventId); Event db = eventService.getById(eventId);
if (db != null) { if (db == null) {
assertCanWriteByScenarioId(db.getScenarioId()); throw new RuntimeException("事件不存在: " + eventId);
} }
assertCanWriteByScenarioId(db.getScenarioId());
Object attrChanges = requestBody.get("attr_changes"); Object attrChanges = requestBody.get("attr_changes");
if (attrChanges == null) { if (attrChanges == null) {
return ResponseEntity.badRequest().body(Map.of( return ResponseEntity.badRequest().body(Map.of(
@ -207,9 +226,10 @@ public class EventController {
@DeleteMapping("/{eventId}") @DeleteMapping("/{eventId}")
public ResponseEntity<Map<String, Object>> deleteEvent(@PathVariable String eventId) { public ResponseEntity<Map<String, Object>> deleteEvent(@PathVariable String eventId) {
Event db = eventService.getById(eventId); Event db = eventService.getById(eventId);
if (db != null) { if (db == null) {
assertCanWriteByScenarioId(db.getScenarioId()); throw new RuntimeException("事件不存在: " + eventId);
} }
assertCanWriteByScenarioId(db.getScenarioId());
boolean ok = eventService.removeById(eventId); boolean ok = eventService.removeById(eventId);
if (ok) { if (ok) {
return ResponseEntity.ok(Map.of( return ResponseEntity.ok(Map.of(
@ -421,18 +441,30 @@ public class EventController {
} }
private void assertCanReadByScenarioId(String scenarioId) { private void assertCanReadByScenarioId(String scenarioId) {
if (scenarioId == null || scenarioId.isBlank()) return; if (scenarioId == null || scenarioId.isBlank()) {
throw new RuntimeException("scenarioId不能为空");
}
Scenario sc = scenarioService.getById(scenarioId); Scenario sc = scenarioService.getById(scenarioId);
if (sc == null) return; if (sc == null) {
if (sc.getProjectId() == null || sc.getProjectId().isBlank()) return; throw new RuntimeException("情景不存在: " + scenarioId);
}
if (sc.getProjectId() == null || sc.getProjectId().isBlank()) {
throw new RuntimeException("情景projectId为空: " + scenarioId);
}
projectAccessHelper.assertCanReadProject(sc.getProjectId()); projectAccessHelper.assertCanReadProject(sc.getProjectId());
} }
private void assertCanWriteByScenarioId(String scenarioId) { private void assertCanWriteByScenarioId(String scenarioId) {
if (scenarioId == null || scenarioId.isBlank()) return; if (scenarioId == null || scenarioId.isBlank()) {
throw new RuntimeException("scenarioId不能为空");
}
Scenario sc = scenarioService.getById(scenarioId); Scenario sc = scenarioService.getById(scenarioId);
if (sc == null) return; if (sc == null) {
if (sc.getProjectId() == null || sc.getProjectId().isBlank()) return; throw new RuntimeException("情景不存在: " + scenarioId);
}
if (sc.getProjectId() == null || sc.getProjectId().isBlank()) {
throw new RuntimeException("情景projectId为空: " + scenarioId);
}
projectAccessHelper.assertCanWriteProject(sc.getProjectId()); projectAccessHelper.assertCanWriteProject(sc.getProjectId());
} }

68
business-css/src/main/java/com/yfd/business/css/controller/ScenarioController.java
View File

@ -14,6 +14,8 @@ import org.springframework.security.authentication.AnonymousAuthenticationToken;
import jakarta.annotation.Resource; import jakarta.annotation.Resource;
import java.util.List; import java.util.List;
import java.util.HashSet;
import java.util.Set;
import java.time.LocalDateTime; import java.time.LocalDateTime;
@RestController @RestController
@ -37,9 +39,10 @@ public class ScenarioController {
@Log(value = "新增情景", module = "情景管理") @Log(value = "新增情景", module = "情景管理")
@PostMapping @PostMapping
public boolean create(@RequestBody Scenario scenario) { public boolean create(@RequestBody Scenario scenario) {
if (scenario.getProjectId() != null && !scenario.getProjectId().isBlank()) { if (scenario.getProjectId() == null || scenario.getProjectId().isBlank()) {
projectAccessHelper.assertCanWriteProject(scenario.getProjectId()); throw new RuntimeException("projectId不能为空");
} }
projectAccessHelper.assertCanWriteProject(scenario.getProjectId());
scenario.setModifier(currentUsername()); scenario.setModifier(currentUsername());
scenario.setCreatedAt(LocalDateTime.now()); scenario.setCreatedAt(LocalDateTime.now());
scenario.setUpdatedAt(LocalDateTime.now()); scenario.setUpdatedAt(LocalDateTime.now());
@ -57,9 +60,10 @@ public class ScenarioController {
@Log(value = "新增情景并返回", module = "情景管理") @Log(value = "新增情景并返回", module = "情景管理")
@PostMapping("/createAndReturn") @PostMapping("/createAndReturn")
public java.util.Map<String, Object> createAndReturn(@RequestBody Scenario scenario) { public java.util.Map<String, Object> createAndReturn(@RequestBody Scenario scenario) {
if (scenario.getProjectId() != null && !scenario.getProjectId().isBlank()) { if (scenario.getProjectId() == null || scenario.getProjectId().isBlank()) {
projectAccessHelper.assertCanWriteProject(scenario.getProjectId()); throw new RuntimeException("projectId不能为空");
} }
projectAccessHelper.assertCanWriteProject(scenario.getProjectId());
scenario.setModifier(currentUsername()); scenario.setModifier(currentUsername());
scenario.setCreatedAt(LocalDateTime.now()); scenario.setCreatedAt(LocalDateTime.now());
scenario.setUpdatedAt(LocalDateTime.now()); scenario.setUpdatedAt(LocalDateTime.now());
@ -81,12 +85,17 @@ public class ScenarioController {
@Log(value = "修改情景", module = "情景管理") @Log(value = "修改情景", module = "情景管理")
@PutMapping @PutMapping
public boolean update(@RequestBody Scenario scenario) { public boolean update(@RequestBody Scenario scenario) {
if (scenario.getScenarioId() != null && !scenario.getScenarioId().isBlank()) { if (scenario.getScenarioId() == null || scenario.getScenarioId().isBlank()) {
throw new RuntimeException("scenarioId不能为空");
}
Scenario db = scenarioService.getById(scenario.getScenarioId()); Scenario db = scenarioService.getById(scenario.getScenarioId());
if (db != null && db.getProjectId() != null && !db.getProjectId().isBlank()) { if (db == null) {
throw new RuntimeException("情景不存在: " + scenario.getScenarioId());
}
if (db.getProjectId() == null || db.getProjectId().isBlank()) {
throw new RuntimeException("情景projectId为空: " + scenario.getScenarioId());
}
projectAccessHelper.assertCanWriteProject(db.getProjectId()); projectAccessHelper.assertCanWriteProject(db.getProjectId());
}
}
scenario.setModifier(currentUsername()); scenario.setModifier(currentUsername());
scenario.setUpdatedAt(LocalDateTime.now()); scenario.setUpdatedAt(LocalDateTime.now());
return scenarioService.updateById(scenario); return scenarioService.updateById(scenario);
@ -103,9 +112,13 @@ public class ScenarioController {
@DeleteMapping("/{id}") @DeleteMapping("/{id}")
public boolean delete(@PathVariable String id) { public boolean delete(@PathVariable String id) {
Scenario db = scenarioService.getById(id); Scenario db = scenarioService.getById(id);
if (db != null && db.getProjectId() != null && !db.getProjectId().isBlank()) { if (db == null) {
projectAccessHelper.assertCanWriteProject(db.getProjectId()); throw new RuntimeException("情景不存在: " + id);
} }
if (db.getProjectId() == null || db.getProjectId().isBlank()) {
throw new RuntimeException("情景projectId为空: " + id);
}
projectAccessHelper.assertCanWriteProject(db.getProjectId());
return scenarioService.removeById(id); return scenarioService.removeById(id);
} }
@ -119,14 +132,28 @@ public class ScenarioController {
@Log(value = "批量删除情景", module = "情景管理") @Log(value = "批量删除情景", module = "情景管理")
@DeleteMapping @DeleteMapping
public boolean deleteBatch(@RequestBody List<String> ids) { public boolean deleteBatch(@RequestBody List<String> ids) {
if (ids != null && !ids.isEmpty()) { if (ids == null || ids.isEmpty()) {
throw new RuntimeException("ids不能为空");
}
List<Scenario> list = scenarioService.list(new QueryWrapper<Scenario>().in("scenario_id", ids)); List<Scenario> list = scenarioService.list(new QueryWrapper<Scenario>().in("scenario_id", ids));
Set<String> found = new HashSet<>();
for (Scenario sc : list) { for (Scenario sc : list) {
if (sc.getProjectId() != null && !sc.getProjectId().isBlank()) { if (sc.getScenarioId() != null) found.add(sc.getScenarioId());
}
for (String id : ids) {
if (id == null || id.isBlank()) {
throw new RuntimeException("ids包含空值");
}
if (!found.contains(id)) {
throw new RuntimeException("情景不存在: " + id);
}
}
for (Scenario sc : list) {
if (sc.getProjectId() == null || sc.getProjectId().isBlank()) {
throw new RuntimeException("情景projectId为空: " + sc.getScenarioId());
}
projectAccessHelper.assertCanWriteProject(sc.getProjectId()); projectAccessHelper.assertCanWriteProject(sc.getProjectId());
} }
}
}
return scenarioService.removeByIds(ids); return scenarioService.removeByIds(ids);
} }
@ -142,9 +169,13 @@ public class ScenarioController {
@GetMapping("/{id}") @GetMapping("/{id}")
public Scenario getById(@PathVariable String id) { public Scenario getById(@PathVariable String id) {
Scenario sc = scenarioService.getById(id); Scenario sc = scenarioService.getById(id);
if (sc != null && sc.getProjectId() != null && !sc.getProjectId().isBlank()) { if (sc == null) {
projectAccessHelper.assertCanReadProject(sc.getProjectId()); throw new RuntimeException("情景不存在: " + id);
} }
if (sc.getProjectId() == null || sc.getProjectId().isBlank()) {
throw new RuntimeException("情景projectId为空: " + id);
}
projectAccessHelper.assertCanReadProject(sc.getProjectId());
return sc; return sc;
} }
@ -163,9 +194,10 @@ public class ScenarioController {
@RequestParam(required = false) String name, @RequestParam(required = false) String name,
@RequestParam(defaultValue = "1") long pageNum, @RequestParam(defaultValue = "1") long pageNum,
@RequestParam(defaultValue = "20") long pageSize) { @RequestParam(defaultValue = "20") long pageSize) {
if (projectId != null && !projectId.isBlank()) { if (projectId == null || projectId.isBlank()) {
projectAccessHelper.assertCanReadProject(projectId); throw new RuntimeException("projectId不能为空");
} }
projectAccessHelper.assertCanReadProject(projectId);
QueryWrapper<Scenario> qw = new QueryWrapper<Scenario>().eq("project_id", projectId).orderByDesc("created_at"); QueryWrapper<Scenario> qw = new QueryWrapper<Scenario>().eq("project_id", projectId).orderByDesc("created_at");
if (name != null && !name.isEmpty()) { if (name != null && !name.isEmpty()) {
qw.like("name", name); qw.like("name", name);