渠道配置查询编辑只能操作当前渠道采用注解形式可复用

e4685308 · suntao · 739cd248 · e4685308 · e4685308 · e4685308
Commit e4685308 authored Aug 07, 2019 by suntao
3 changed files
--- a/src/main/java/cn/quantgroup/cashloanflowboss/api/channel/controller/ChannelConfController.java
+++ b/src/main/java/cn/quantgroup/cashloanflowboss/api/channel/controller/ChannelConfController.java
@@ -49,6 +49,7 @@ public class ChannelConfController {
    }


+    @CheckChannelRole(isObjParam = true ,paramClazz = ChannelConfVo.class)
    @PostMapping("/cfg/info")
    public Result editChannelConfInfo(@RequestBody @Valid ChannelConfVo channelConfVo) {
        return Result.buildSuccess(channelConfService.editChannelConfInfo(channelConfVo));

--- a/src/main/java/cn/quantgroup/cashloanflowboss/core/annotation/CheckChannelRole.java
+++ b/src/main/java/cn/quantgroup/cashloanflowboss/core/annotation/CheckChannelRole.java
@@ -15,4 +15,6 @@ import static java.lang.annotation.RetentionPolicy.RUNTIME;
 @Target({METHOD})
 @Retention(RUNTIME)
 public @interface CheckChannelRole {
+    boolean isObjParam() default false;
+    Class paramClazz() default Object.class;
 }
--- a/src/main/java/cn/quantgroup/cashloanflowboss/core/aspect/RoleLoadAspect.java
+++ b/src/main/java/cn/quantgroup/cashloanflowboss/core/aspect/RoleLoadAspect.java
 package cn.quantgroup.cashloanflowboss.core.aspect;

+import cn.quantgroup.cashloanflowboss.api.channel.model.ChannelConfVo;
 import cn.quantgroup.cashloanflowboss.api.channel.util.ChannelConfUtil;
 import cn.quantgroup.cashloanflowboss.api.user.model.UserSessionInfo;
 import cn.quantgroup.cashloanflowboss.api.user.service.UserSessionService;
@@ -21,6 +22,7 @@ import org.springframework.core.Ordered;
 import org.springframework.core.annotation.Order;
 import org.springframework.stereotype.Component;

+import java.lang.reflect.Field;
 import java.lang.reflect.Method;

 /**
@@ -63,23 +65,43 @@ public class RoleLoadAspect {
        // 如果是渠道用户登陆，参数中channelId 不是登陆用户channelId，返回 拒绝请求
        CheckChannelRole checkChannelRole = method.getAnnotation(CheckChannelRole.class);
        if (checkChannelRole != null  && ChannelConfUtil.channelRoleName.equals(userSessionInfo.getRoleInfo().getRoleName())) {
+            Integer requestChannelId = -1;
+            if (!checkChannelRole.isObjParam()) {
                String[] paramNames = ((CodeSignature)pjp.getSignature()).getParameterNames();
                for (int i = 0; i < paramNames.length; i++) {
+                    // 是简单类型，多个参数 直接参数channelId
                    if (ChannelConfUtil.channelIdParamName.equals(paramNames[i])) {
+                        // 找到channelId是第几个参数 i
                        Object requestChannelIdObj = args[i];
                        if (requestChannelIdObj == null) {
                            log.info("[CheckChannelRole]无channelId数据");
                            return Result.buildFial(ApplicationStatus.ARGUMENT_VALID_EXCEPTION);
                        }
-                    final Integer channelIdInteger = Integer.valueOf(String.valueOf(requestChannelIdObj));
-                    if (channelIdInteger != channelIdInSession.intValue()) {
+                        requestChannelId = Integer.valueOf(String.valueOf(requestChannelIdObj));
+                        if (requestChannelId != channelIdInSession.intValue()) {
                            log.info("[CheckChannelRole]渠道用户，登陆channelId与查询channelId不是同一个");
                            return Result.buildFial(ApplicationStatus.INVALID_AUTHORITY);
                        }
                    }
                }
+            } else {
+                Class paramClazz = checkChannelRole.paramClazz();
+                if (paramClazz == ChannelConfVo.class) {
+                    ChannelConfVo confVo = (ChannelConfVo) args[0];
+                    final Long channelIdTemp = confVo.getBasicInfo().getChannelId();
+                    if (channelIdTemp == null) {
+                        log.info("[CheckChannelRole]无channelId数据");
+                        return Result.buildFial(ApplicationStatus.ARGUMENT_VALID_EXCEPTION);
                    }
-
+                    requestChannelId = channelIdTemp.intValue();
+                }
+            }
+            if (requestChannelId != channelIdInSession.intValue()) {
+                log.info("[CheckChannelRole]渠道用户，登陆channelId与查询channelId不是同一个");
+                return Result.buildFial(ApplicationStatus.INVALID_AUTHORITY);
+            }
+        }
+        // ======================================== CheckChannelRole end ==========================================

        try {
            return pjp.proceed(args);