diff --git a/src/main/java/cn/teammodel/model/dto/DeleteNodeDto.java b/src/main/java/cn/teammodel/model/dto/DeleteNodeDto.java index e78301c..bba209c 100644 --- a/src/main/java/cn/teammodel/model/dto/DeleteNodeDto.java +++ b/src/main/java/cn/teammodel/model/dto/DeleteNodeDto.java @@ -9,7 +9,6 @@ import lombok.Data; @Data public class DeleteNodeDto { // 检索需要,但是有 bug - String schoolId; String periodId; // todo: 判断空 String id; diff --git a/src/main/java/cn/teammodel/model/dto/GetEvaluateTreeDto.java b/src/main/java/cn/teammodel/model/dto/GetEvaluateTreeDto.java index 133e6dc..98855e2 100644 --- a/src/main/java/cn/teammodel/model/dto/GetEvaluateTreeDto.java +++ b/src/main/java/cn/teammodel/model/dto/GetEvaluateTreeDto.java @@ -8,7 +8,5 @@ import lombok.Data; */ @Data public class GetEvaluateTreeDto { - // todo: 校验非空 - String schoolId; String periodId; } diff --git a/src/main/java/cn/teammodel/model/dto/InsertNodeDto.java b/src/main/java/cn/teammodel/model/dto/InsertNodeDto.java index 98d3ece..16fe3b5 100644 --- a/src/main/java/cn/teammodel/model/dto/InsertNodeDto.java +++ b/src/main/java/cn/teammodel/model/dto/InsertNodeDto.java @@ -10,7 +10,6 @@ import lombok.Data; @Data public class InsertNodeDto { // 检索需要,但是有 bug - String schoolId; String periodId; @ApiModelProperty(value = "父亲节点,不传则为根节点") String pid; diff --git a/src/main/java/cn/teammodel/model/dto/UpdateNodeDto.java b/src/main/java/cn/teammodel/model/dto/UpdateNodeDto.java index 084a540..2b2d2e2 100644 --- a/src/main/java/cn/teammodel/model/dto/UpdateNodeDto.java +++ b/src/main/java/cn/teammodel/model/dto/UpdateNodeDto.java @@ -9,7 +9,6 @@ import lombok.Data; @Data public class UpdateNodeDto { // 检索需要,但是有 bug - String schoolId; String periodId; String id; String name; diff --git a/src/main/java/cn/teammodel/model/entity/User.java b/src/main/java/cn/teammodel/model/entity/User.java index 7aee302..f06e7d9 100644 --- a/src/main/java/cn/teammodel/model/entity/User.java +++ b/src/main/java/cn/teammodel/model/entity/User.java @@ -14,10 +14,20 @@ import java.util.Set; public class User { private String id; private String name; + /** + * 学校 id + */ + private String schoolId; private String picture; private String standard; + /** + * 用户身份 + */ private String scope; private String website; + /** + * 区级 id + */ private String area; private Set roles; private Set permissions; diff --git a/src/main/java/cn/teammodel/security/SecurityConfiguration.java b/src/main/java/cn/teammodel/security/SecurityConfiguration.java index 016e298..85baba2 100644 --- a/src/main/java/cn/teammodel/security/SecurityConfiguration.java +++ b/src/main/java/cn/teammodel/security/SecurityConfiguration.java @@ -12,8 +12,12 @@ import org.springframework.security.oauth2.server.resource.authentication.JwtAut import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter; import org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter; import org.springframework.security.web.SecurityFilterChain; +import org.springframework.web.cors.CorsConfiguration; +import org.springframework.web.cors.CorsConfigurationSource; +import org.springframework.web.cors.UrlBasedCorsConfigurationSource; import javax.annotation.Resource; +import java.util.Arrays; @Configuration @EnableWebSecurity @@ -70,4 +74,20 @@ public class SecurityConfiguration { jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(grantedAuthoritiesConverter); return jwtAuthenticationConverter; } + + /** + * 跨域配置 + */ + @Bean + public CorsConfigurationSource corsConfigurationSource() { + CorsConfiguration configuration = new CorsConfiguration(); + configuration.setAllowedOrigins(Arrays.asList("*")); // 允许所有来源 + configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS")); // 允许的方法 + configuration.setAllowedHeaders(Arrays.asList("*")); // 允许所有请求头 + configuration.setMaxAge(3600L); // 预检请求的有效期,单位秒 + + UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); + source.registerCorsConfiguration("/**", configuration); + return source; + } } diff --git a/src/main/java/cn/teammodel/security/filter/AuthInnerTokenFilter.java b/src/main/java/cn/teammodel/security/filter/AuthInnerTokenFilter.java index d2489bd..58c8875 100644 --- a/src/main/java/cn/teammodel/security/filter/AuthInnerTokenFilter.java +++ b/src/main/java/cn/teammodel/security/filter/AuthInnerTokenFilter.java @@ -32,7 +32,7 @@ public class AuthInnerTokenFilter extends OncePerRequestFilter { JwtTokenUtil jwtTokenUtil; @Override - protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { + protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { SecurityContext context = SecurityContextHolder.getContext(); Authentication authentication = context.getAuthentication(); // 进入此过滤器说明 OIDC 认证成功,则验证 authToken diff --git a/src/main/java/cn/teammodel/security/utils/JwtTokenUtil.java b/src/main/java/cn/teammodel/security/utils/JwtTokenUtil.java index 4b89101..027388d 100644 --- a/src/main/java/cn/teammodel/security/utils/JwtTokenUtil.java +++ b/src/main/java/cn/teammodel/security/utils/JwtTokenUtil.java @@ -139,6 +139,7 @@ public class JwtTokenUtil { String id = claims.getSubject(); user.setId(id); user.setName(claims.get("name") == null ? null : claims.get("name", String.class)); + user.setSchoolId(claims.get("azp") == null ? null : claims.get("azp", String.class)); user.setPicture(claims.get("picture") == null ? null : claims.get("picture", String.class)); user.setStandard(claims.get("standard") == null ? null : claims.get("standard", String.class)); user.setScope(claims.get("scope") == null ? null : claims.get("scope", String.class)); diff --git a/src/main/java/cn/teammodel/service/impl/EvaluationServiceImpl.java b/src/main/java/cn/teammodel/service/impl/EvaluationServiceImpl.java index dfa21bc..b6e946e 100644 --- a/src/main/java/cn/teammodel/service/impl/EvaluationServiceImpl.java +++ b/src/main/java/cn/teammodel/service/impl/EvaluationServiceImpl.java @@ -11,6 +11,8 @@ import cn.teammodel.model.dto.InsertNodeDto; import cn.teammodel.model.dto.UpdateNodeDto; import cn.teammodel.model.entity.Evaluation; import cn.teammodel.model.entity.EvaluationTreeNode; +import cn.teammodel.model.entity.User; +import cn.teammodel.security.utils.SecurityUtils; import cn.teammodel.service.EvaluationService; import com.azure.spring.data.cosmos.core.CosmosTemplate; import org.apache.commons.lang3.ObjectUtils; @@ -33,13 +35,27 @@ public class EvaluationServiceImpl implements EvaluationService { @Resource private EvaluationRepository evaluationRepository; - @Override - public Evaluation getTree(GetEvaluateTreeDto getEvaluateTreeDto) { - String schoolId = getEvaluateTreeDto.getSchoolId(); - String periodId = getEvaluateTreeDto.getPeriodId(); + /** + * 通用的获取 evaluation 的方法: 判断参数,判断数据是否为空
+ * 从 token 中获取 schoolId + */ + private Evaluation findEvaluation(String periodId) { periodId = StringUtils.isEmpty(periodId) ? "default" : periodId; + User loginUser = SecurityUtils.getLoginUser(); + String schoolId = loginUser.getSchoolId(); + // 拿到要新增节点的原始数据 Evaluation evaluation = evaluationRepository.findBySchoolIdAndPeriodId(schoolId, periodId, PK.PK_EVALUATION); + if (evaluation == null) { + throw new ServiceException(ErrorCode.PARAMS_ERROR.getCode(), "学校评价数据不存在"); + } + return evaluation; + } + + @Override + public Evaluation getTree(GetEvaluateTreeDto getEvaluateTreeDto) { + Evaluation evaluation = findEvaluation(getEvaluateTreeDto.getPeriodId()); + return this.buildTree(evaluation); } @@ -83,7 +99,7 @@ public class EvaluationServiceImpl implements EvaluationService { @Override public Evaluation insertNode(InsertNodeDto insertNodeDto) { - Evaluation evaluation = findEvaluation(insertNodeDto.getSchoolId(), insertNodeDto.getPeriodId()); + Evaluation evaluation = findEvaluation(insertNodeDto.getPeriodId()); List originNodes = evaluation.getNodes(); // 拷贝数据到新节点 @@ -109,7 +125,7 @@ public class EvaluationServiceImpl implements EvaluationService { public Evaluation updateNode(UpdateNodeDto updateNodeDto) { String updateNodeId = updateNodeDto.getId(); - Evaluation evaluation = findEvaluation(updateNodeDto.getSchoolId(), updateNodeDto.getPeriodId()); + Evaluation evaluation = findEvaluation(updateNodeDto.getPeriodId()); List originNodes = evaluation.getNodes(); // 每个节点都有 id, 直接校验是否合法 EvaluationTreeNode updateNode = originNodes.stream() @@ -129,7 +145,7 @@ public class EvaluationServiceImpl implements EvaluationService { @Override public Evaluation deleteNode(DeleteNodeDto deleteNodeDto) { // 删除指定节点,可能是(一级,二级,三级),设计一个通用的 - Evaluation evaluation = findEvaluation(deleteNodeDto.getSchoolId(), deleteNodeDto.getPeriodId()); + Evaluation evaluation = findEvaluation(deleteNodeDto.getPeriodId()); List nodes = evaluation.getNodes(); List nodesToDelete = new ArrayList<>(); @@ -162,20 +178,6 @@ public class EvaluationServiceImpl implements EvaluationService { } - /** - * 通用的获取 evaluation 的方法: 判断参数,判断数据是否为空 - */ - private Evaluation findEvaluation(String schoolId,String periodId) { - periodId = StringUtils.isEmpty(periodId) ? "default" : periodId; - - // 拿到要新增节点的原始数据 - Evaluation evaluation = evaluationRepository.findBySchoolIdAndPeriodId(schoolId, periodId, PK.PK_EVALUATION); - if (evaluation == null) { - throw new ServiceException(ErrorCode.PARAMS_ERROR.getCode(), "学校评价数据不存在"); - } - return evaluation; - } - /** * 递归的构建父亲节点的孩子,以及孩子的孩子 (理论支持无极树,但应该考虑是否增加递归深度) */