Domů Procházet Nápověda
Přihlásit se
wuye
/
MicroCommunity
Sledovat 2
Oblíbit 0
Rozštěpit 0
Soubory Úkoly 0 Pull Requesty 0 Wiki
Procházet zdrojové kódy

优化 物业和 商户查询加入权限控制 防止 数据安装

java110 před 4 roky
rodič
51023cf414
revize
a826bdb442
3 změnil soubory, kde provedl 47 přidání a 22 odebrání
Rozdělené zobrazení Ukázat statistiku rozdílových dat
  1. 4 2
      service-api/src/main/java/com/java110/api/listener/system/CmdListener.java
  2. 31 19
      service-store/src/main/java/com/java110/store/cmd/property/ListPropertyCmd.java
  3. 12 1
      service-store/src/main/java/com/java110/store/cmd/store/ListStoresCmd.java

+ 4 - 2
service-api/src/main/java/com/java110/api/listener/system/CmdListener.java
Zobrazit soubor 

@@ -50,10 +50,12 @@ public class CmdListener extends AbstractServiceApiListener {
 
         for (String key : context.getRequestCurrentHeaders().keySet()) {
 
             header.add(key, reqHeader.get(key));
 
         }
 
-        if (reqHeader.containsKey(CommonConstant.USER_ID) && !reqJson.containsKey("userId")) {
 
+        if (reqHeader.containsKey(CommonConstant.USER_ID)
 
+                && (!reqJson.containsKey("userId") || StringUtil.isEmpty(reqJson.getString("userId")))) {
 
             reqJson.put("userId", reqHeader.get(CommonConstant.USER_ID));
 
         }
 
-        if (reqHeader.containsKey(CommonConstant.STORE_ID) && !reqJson.containsKey("storeId")) {
 
+        if (reqHeader.containsKey(CommonConstant.STORE_ID)
 
+                && (!reqJson.containsKey("storeId") || StringUtil.isEmpty(reqJson.getString("storeId")))) {
 
             reqJson.put("storeId", reqHeader.get(CommonConstant.STORE_ID));
 
         }
 
         HttpEntity<String> httpEntity = new HttpEntity<String>(reqJson.toJSONString(), header);

+ 31 - 19
service-store/src/main/java/com/java110/store/cmd/property/ListPropertyCmd.java
Zobrazit soubor 

@@ -20,18 +20,20 @@ import com.java110.core.annotation.Java110Cmd;
 
 import com.java110.core.context.ICmdDataFlowContext;
 
 import com.java110.core.event.cmd.AbstractServiceCmdListener;
 
 import com.java110.core.event.cmd.CmdEvent;
 
+import com.java110.dto.store.StoreDto;
 
 import com.java110.intf.store.IStoreV1InnerServiceSMO;
 
 import com.java110.utils.exception.CmdException;
 
+import com.java110.utils.util.Assert;
 
 import com.java110.utils.util.BeanConvertUtil;
 
 import com.java110.vo.ResultVo;
 
-import org.springframework.beans.factory.annotation.Autowired;
 
-import com.java110.dto.store.StoreDto;
 
-import java.util.List;
 
-import java.util.ArrayList;
 
-import org.springframework.http.ResponseEntity;
 
-import org.springframework.http.HttpStatus;
 
 import org.slf4j.Logger;
 
 import org.slf4j.LoggerFactory;
 
+import org.springframework.beans.factory.annotation.Autowired;
 
+import org.springframework.http.HttpStatus;
 
+import org.springframework.http.ResponseEntity;
 
+
 
+import java.util.ArrayList;
 
+import java.util.List;
 
 
 
 /**
 
@@ -47,35 +49,45 @@ import org.slf4j.LoggerFactory;
 
 @Java110Cmd(serviceCode = "property.listProperty")
 
 public class ListPropertyCmd extends AbstractServiceCmdListener {
 
 
-  private static Logger logger = LoggerFactory.getLogger(ListPropertyCmd.class);
 
+    private static Logger logger = LoggerFactory.getLogger(ListPropertyCmd.class);
 
     @Autowired
 
     private IStoreV1InnerServiceSMO storeV1InnerServiceSMOImpl;
 
 
     @Override
 
     public void validate(CmdEvent event, ICmdDataFlowContext cmdDataFlowContext, JSONObject reqJson) {
 
         super.validatePageInfo(reqJson);
 
+
 
+        StoreDto storeDto = new StoreDto();
 
+        storeDto.setStoreId(reqJson.getString("storeId"));
 
+        List<StoreDto> storeDtos = storeV1InnerServiceSMOImpl.queryStores(storeDto);
 
+
 
+        Assert.listOnlyOne(storeDtos, "非法操作");
 
+
 
+        if (StoreDto.STORE_TYPE_ADMIN.equals(storeDtos.get(0).getStoreTypeCd())) {
 
+            reqJson.remove("storeId");
 
+        }
 
     }
 
 
     @Override
 
     public void doCmd(CmdEvent event, ICmdDataFlowContext cmdDataFlowContext, JSONObject reqJson) throws CmdException {
 
 
-           StoreDto storeDto = BeanConvertUtil.covertBean(reqJson, StoreDto.class);
 
-           storeDto.setStoreTypeCd(StoreDto.STORE_TYPE_PROPERTY);
 
+        StoreDto storeDto = BeanConvertUtil.covertBean(reqJson, StoreDto.class);
 
+        storeDto.setStoreTypeCd(StoreDto.STORE_TYPE_PROPERTY);
 
 
-           int count = storeV1InnerServiceSMOImpl.queryStoresCount(storeDto);
 
+        int count = storeV1InnerServiceSMOImpl.queryStoresCount(storeDto);
 
 
-           List<StoreDto> storeDtos = null;
 
+        List<StoreDto> storeDtos = null;
 
 
-           if (count > 0) {
 
-               storeDtos = storeV1InnerServiceSMOImpl.queryStores(storeDto);
 
-           } else {
 
-               storeDtos = new ArrayList<>();
 
-           }
 
+        if (count > 0) {
 
+            storeDtos = storeV1InnerServiceSMOImpl.queryStores(storeDto);
 
+        } else {
 
+            storeDtos = new ArrayList<>();
 
+        }
 
 
-           ResultVo resultVo = new ResultVo((int) Math.ceil((double) count / (double) reqJson.getInteger("row")), count, storeDtos);
 
+        ResultVo resultVo = new ResultVo((int) Math.ceil((double) count / (double) reqJson.getInteger("row")), count, storeDtos);
 
 
-           ResponseEntity<String> responseEntity = new ResponseEntity<String>(resultVo.toString(), HttpStatus.OK);
 
+        ResponseEntity<String> responseEntity = new ResponseEntity<String>(resultVo.toString(), HttpStatus.OK);
 
 
-           cmdDataFlowContext.setResponseEntity(responseEntity);
 
+        cmdDataFlowContext.setResponseEntity(responseEntity);
 
     }
 
 }

+ 12 - 1
service-store/src/main/java/com/java110/store/cmd/store/ListStoresCmd.java
Zobrazit soubor 

@@ -10,6 +10,7 @@ import com.java110.dto.store.StoreDto;
 
 import com.java110.intf.store.IStoreAttrV1InnerServiceSMO;
 
 import com.java110.intf.store.IStoreV1InnerServiceSMO;
 
 import com.java110.utils.exception.CmdException;
 
+import com.java110.utils.util.Assert;
 
 import com.java110.utils.util.BeanConvertUtil;
 
 import com.java110.vo.api.store.ApiStoreDataVo;
 
 import org.springframework.beans.factory.annotation.Autowired;
 
@@ -29,6 +30,16 @@ public class ListStoresCmd extends AbstractServiceCmdListener {
 
     @Override
 
     public void validate(CmdEvent event, ICmdDataFlowContext cmdDataFlowContext, JSONObject reqJson) {
 
         super.validatePageInfo(reqJson);
 
+        StoreDto storeDto = new StoreDto();
 
+        storeDto.setStoreId(reqJson.getString("storeId"));
 
+        List<StoreDto> storeDtos = storeV1InnerServiceSMOImpl.queryStores(storeDto);
 
+
 
+        Assert.listOnlyOne(storeDtos, "非法操作");
 
+
 
+        //只有运营可以看所有 商户信息
 
+        if (StoreDto.STORE_TYPE_ADMIN.equals(storeDtos.get(0).getStoreTypeCd())) {
 
+            reqJson.remove("storeId");
 
+        }
 
     }
 
 
     @Override
 
@@ -55,7 +66,7 @@ public class ListStoresCmd extends AbstractServiceCmdListener {
 
             List<StoreAttrDto> storeAttrs = new ArrayList<StoreAttrDto>();
 
             for (StoreAttrDto tmpStoreAttrDto : storeAttrDtos) {
 
 
-                if(storeDataVo.getStoreId().equals(tmpStoreAttrDto.getStoreId())){
 
+                if (storeDataVo.getStoreId().equals(tmpStoreAttrDto.getStoreId())) {
 
                     storeAttrs.add(tmpStoreAttrDto);
 
                 }