преди 10 месеца · bf309096b7
--- a/src/main/java/com/nokia/config/web/WebLoginInterceptor.java
+++ b/src/main/java/com/nokia/config/web/WebLoginInterceptor.java
@@ -47,8 +47,9 @@ public class WebLoginInterceptor implements HandlerInterceptor {
 
				                 return unauthorized(response);
			
 
				             }
			
 
				         }
			
 
				-        // 没有权限返回403
			
 
				-        if (session.getAttribute("role") == null) {
			
 
				+        String requestUri = request.getRequestURI();
			
 
				+        // 没有权限返回403，添加公告不检查
			
 
				+        if (session.getAttribute("role") == null && !"/api/web/notice/add".equals(requestUri)) {
			
 
				             response.setCharacterEncoding("UTF-8");
			
 
				             response.setContentType("application/json; charset=utf-8");
			
 
				             byte[] bytes = JSON.toJSONString(R.error().code(403).message("权限不足")).getBytes();
			
--- a/src/main/java/com/nokia/service/AclService.java
+++ b/src/main/java/com/nokia/service/AclService.java
@@ -188,21 +188,27 @@ public class AclService {
 
				      * 将用户信息保存到session
			
 
				      */
			
 
				     private void saveSession(HttpSession session, User userEntity, TokenVo tokenEntity) {
			
 
				+        // web发布公告需要检查权限记录操作日志，保存用户信息到session
			
 
				         if (!("permission".equals(tokenEntity.getSystem()) || "web".equals(tokenEntity.getSystem()))) {
			
 
				             return;
			
 
				         }
			
 
				-        QueryWrapper<UserRoleCity> wrapper = new QueryWrapper<>();
			
 
				-        Map<String, Object> map = new HashMap<>();
			
 
				-        map.put("user_id", userEntity.getUserId());
			
 
				-        map.put("role_id", -1);
			
 
				-        wrapper.allEq(map);
			
 
				-        UserRoleCity userRoleCity = userRoleCityDao.selectOne(wrapper);
			
 
				-        if (userRoleCity == null) {
			
 
				-            throw new BizException("没有权限");
			
 
				+        // 权限管理页面检查是否有管理权限
			
 
				+        if ("permission".equals(tokenEntity.getSystem())) {
			
 
				+            QueryWrapper<UserRoleCity> wrapper = new QueryWrapper<>();
			
 
				+            Map<String, Object> map = new HashMap<>();
			
 
				+            map.put("user_id", userEntity.getUserId());
			
 
				+            map.put("role_id", -1);
			
 
				+            wrapper.allEq(map);
			
 
				+            UserRoleCity userRoleCity = userRoleCityDao.selectOne(wrapper);
			
 
				+            if (userRoleCity == null) {
			
 
				+                throw new BizException("没有权限");
			
 
				+            }
			
 
				+            log.debug("role: {}", JSON.toJSONString(userRoleCity));
			
 
				+            // 将权限保存到session
			
 
				+            session.setAttribute("role", userRoleCity);
			
 
				         }
			
 
				-        log.debug("role: {}", JSON.toJSONString(userRoleCity));
			
 
				+        // 保存用户信息到session
			
 
				         session.setAttribute("userinfo", userEntity);
			
 
				-        session.setAttribute("role", userRoleCity);
			
 
				         session.setMaxInactiveInterval(timeoutSeconds);
			
 
				     }
			
 
				 
			
@@ -297,7 +303,7 @@ public class AclService {
 
				                 webVo.setUserName(userEntity.getUserName());
			
 
				                 webVo.setNotices(notices);
			
 
				                 webVo.setFunctions(functions);
			
 
				-                // 查询是否有管理公告权限
			
 
				+                // 查询是否有发布公告权限
			
 
				                 boolean hasNotice = userDao.hasRole(-2, userEntity.getUserId());
			
 
				                 webVo.setHasNotice(hasNotice);
			
 
				                 return R.ok().data(webVo);
			
--- a/src/main/java/com/nokia/service/NoticeService.java
+++ b/src/main/java/com/nokia/service/NoticeService.java
@@ -4,8 +4,9 @@ import com.baomidou.mybatisplus.core.metadata.OrderItem;
 
				 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
			
 
				 import com.nokia.common.R;
			
 
				 import com.nokia.dao.NoticeDao;
			
 
				+import com.nokia.dao.UserDao;
			
 
				 import com.nokia.pojo.Notice;
			
 
				-import com.nokia.pojo.UserRoleCity;
			
 
				+import com.nokia.pojo.User;
			
 
				 import com.nokia.vo.AddNoticeDto;
			
 
				 import org.springframework.stereotype.Service;
			
 
				 import org.springframework.transaction.annotation.Transactional;
			
@@ -18,10 +19,12 @@ import java.util.List;
 
				 public class NoticeService {
			
 
				     private final NoticeDao noticeDao;
			
 
				     private final OperationLogService operationLogService;
			
 
				+    private final UserDao userDao;
			
 
				 
			
 
				-    public NoticeService(NoticeDao noticeDao, OperationLogService operationLogService) {
			
 
				+    public NoticeService(NoticeDao noticeDao, OperationLogService operationLogService, UserDao userDao) {
			
 
				         this.noticeDao = noticeDao;
			
 
				         this.operationLogService = operationLogService;
			
 
				+        this.userDao = userDao;
			
 
				     }
			
 
				 
			
 
				     public List<Notice> list() {
			
@@ -33,8 +36,10 @@ public class NoticeService {
 
				 
			
 
				     @Transactional(rollbackFor = Exception.class)
			
 
				     public R<Object> add(AddNoticeDto dto, HttpSession session) {
			
 
				-        UserRoleCity role = (UserRoleCity) session.getAttribute("role");
			
 
				-        if (role.getCityId() != -1) {
			
 
				+        User userinfo = (User) session.getAttribute("userinfo");
			
 
				+        // 查询是否有发布公告权限
			
 
				+        boolean hasNotice = userDao.hasRole(-2, userinfo.getUserId());
			
 
				+        if (!hasNotice) {
			
 
				             return R.error("没有操作权限");
			
 
				         }
			
 
				         Notice notice = new Notice();