From 5b76920e5b08687d42311e5a856e189bb0e37136 Mon Sep 17 00:00:00 2001 From: wxz Date: Fri, 24 Sep 2021 16:26:17 +0800 Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E8=B0=83=E6=9F=A5=E9=97=AE?= =?UTF-8?q?=E5=8D=B7=E8=AE=BF=E9=97=AE=E8=AF=A6=E6=83=85/=E6=8F=90?= =?UTF-8?q?=E4=BA=A4=E9=97=AE=E5=8D=B7=E7=BB=93=E6=9E=9C=E7=9A=84=E6=9D=83?= =?UTF-8?q?=E9=99=90=E6=A0=A1=E9=AA=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../api/web/controller/UserProjectController.java | 10 +++++++++- .../web/controller/UserProjectResultController.java | 12 +++++++++++- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/tduck-api/src/main/java/com/tduck/cloud/api/web/controller/UserProjectController.java b/tduck-api/src/main/java/com/tduck/cloud/api/web/controller/UserProjectController.java index 03e4365..8893a27 100644 --- a/tduck-api/src/main/java/com/tduck/cloud/api/web/controller/UserProjectController.java +++ b/tduck-api/src/main/java/com/tduck/cloud/api/web/controller/UserProjectController.java @@ -253,7 +253,15 @@ public class UserProjectController { * @param key */ @GetMapping("/user/project/details/{key}") - public Result queryProjectDetails(@PathVariable @NotBlank String key) { + public Result queryProjectDetails(@PathVariable @NotBlank String key, + @RequestParam(value = "access_key", required = true) String accessKey, + @RequestHeader(value = "userId", required = true) String userId) { + // 先校验有没有访问该问卷的权限 + String accessKeyFromCache = (String) redisUtils.get(String.format("epmet:questionnaire:accesskey:%s:%s", userId, key)); + if (StringUtils.isBlank(accessKeyFromCache) || !accessKeyFromCache.equals(accessKey)) { + throw new RuntimeException("您没有访问权限"); + } + UserProjectEntity project = projectService.getByKey(key); List projectItemList = projectItemService.listByProjectKey(key); UserProjectThemeVo themeVo = userProjectThemeService.getUserProjectDetails(key); diff --git a/tduck-api/src/main/java/com/tduck/cloud/api/web/controller/UserProjectResultController.java b/tduck-api/src/main/java/com/tduck/cloud/api/web/controller/UserProjectResultController.java index 9adfc2a..297fd2e 100644 --- a/tduck-api/src/main/java/com/tduck/cloud/api/web/controller/UserProjectResultController.java +++ b/tduck-api/src/main/java/com/tduck/cloud/api/web/controller/UserProjectResultController.java @@ -27,6 +27,7 @@ import com.tduck.cloud.project.vo.ExportProjectResultVO; import com.tduck.cloud.wx.mp.service.WxMpUserMsgService; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; +import org.apache.commons.lang3.StringUtils; import org.springframework.web.bind.annotation.*; import javax.servlet.ServletOutputStream; @@ -75,12 +76,21 @@ public class UserProjectResultController { * * @param entity * @param request + * @param accessKey 访问key,当前用户是否允许填写问卷 * @return */ @NoRepeatSubmit @PostMapping("/create") - public Result createProjectResult(@RequestBody UserProjectResultEntity entity, @RequestAttribute String userId, HttpServletRequest request) { + public Result createProjectResult(@RequestBody UserProjectResultEntity entity, @RequestAttribute String userId, HttpServletRequest request, + @RequestParam(value = "access_key", required = true) String accessKey) { ValidatorUtils.validateEntity(entity); + + // 先校验有没有访问该问卷的权限 + String accessKeyFromCache = (String) redisUtils.get(String.format("epmet:questionnaire:accesskey:%s:%s", userId, entity.getProjectKey())); + if (StringUtils.isBlank(accessKeyFromCache) || !accessKeyFromCache.equals(accessKey)) { + throw new RuntimeException("您没有访问权限"); + } + entity.setUserId(userId); entity.setSubmitRequestIp(HttpUtils.getIpAddr(request)); Result userProjectSettingStatus = userProjectSettingService.getUserProjectSettingStatus(entity.getProjectKey(), entity.getSubmitRequestIp(), entity.getWxOpenId());