fix: 从 token 中拿到 schoolId 而不是传递参数

src/main/java/cn/teammodel/model/dto/DeleteNodeDto.java

@@ -9,7 +9,6 @@ import lombok.Data;
 @Data
 public class DeleteNodeDto {
     // 检索需要,但是有 bug
-    String schoolId;
     String periodId;
     // todo: 判断空
     String id;

src/main/java/cn/teammodel/model/dto/GetEvaluateTreeDto.java

@@ -8,7 +8,5 @@ import lombok.Data;
  */
 @Data
 public class GetEvaluateTreeDto {
-    // todo: 校验非空
-    String schoolId;
     String periodId;
 }

src/main/java/cn/teammodel/model/dto/InsertNodeDto.java

@@ -10,7 +10,6 @@ import lombok.Data;
 @Data
 public class InsertNodeDto {
     // 检索需要,但是有 bug
-    String schoolId;
     String periodId;
     @ApiModelProperty(value = "父亲节点,不传则为根节点")
     String pid;

src/main/java/cn/teammodel/model/dto/UpdateNodeDto.java

@@ -9,7 +9,6 @@ import lombok.Data;
 @Data
 public class UpdateNodeDto {
     // 检索需要,但是有 bug
-    String schoolId;
     String periodId;
     String id;
     String name;

src/main/java/cn/teammodel/model/entity/User.java

@@ -14,10 +14,20 @@ import java.util.Set;
 public class User {
     private String id;
     private String name;
+    /**
+    * 学校 id
+    */
+    private String schoolId;
     private String picture;
     private String standard;
+    /**
+    * 用户身份
+    */
     private String scope;
     private String website;
+    /**
+    * 区级 id
+    */
     private String area;
     private Set<String> roles;
     private Set<String> permissions;

src/main/java/cn/teammodel/security/SecurityConfiguration.java

@@ -12,8 +12,12 @@ import org.springframework.security.oauth2.server.resource.authentication.JwtAut
 import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;
 import org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
 import javax.annotation.Resource;
+import java.util.Arrays;
 
 @Configuration
 @EnableWebSecurity
@@ -70,4 +74,20 @@ public class SecurityConfiguration {
         jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(grantedAuthoritiesConverter);
         return jwtAuthenticationConverter;
     }
+
+    /**
+    * 跨域配置
+    */
+    @Bean
+    public CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration configuration = new CorsConfiguration();
+        configuration.setAllowedOrigins(Arrays.asList("*")); // 允许所有来源
+        configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS")); // 允许的方法
+        configuration.setAllowedHeaders(Arrays.asList("*")); // 允许所有请求头
+        configuration.setMaxAge(3600L); // 预检请求的有效期，单位秒
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", configuration);
+        return source;
+    }
 }

src/main/java/cn/teammodel/security/filter/AuthInnerTokenFilter.java

@@ -32,7 +32,7 @@ public class AuthInnerTokenFilter extends OncePerRequestFilter {
     JwtTokenUtil jwtTokenUtil;
 
     @Override
-    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,  FilterChain filterChain) throws ServletException, IOException {
         SecurityContext context = SecurityContextHolder.getContext();
         Authentication authentication = context.getAuthentication();
         // 进入此过滤器说明 OIDC 认证成功，则验证 authToken

src/main/java/cn/teammodel/security/utils/JwtTokenUtil.java

@@ -139,6 +139,7 @@ public class JwtTokenUtil {
         String id = claims.getSubject();
         user.setId(id);
         user.setName(claims.get("name") == null ? null : claims.get("name", String.class));
+        user.setSchoolId(claims.get("azp") == null ? null : claims.get("azp", String.class));
         user.setPicture(claims.get("picture") == null ? null : claims.get("picture", String.class));
         user.setStandard(claims.get("standard") == null ? null : claims.get("standard", String.class));
         user.setScope(claims.get("scope") == null ? null : claims.get("scope", String.class));

src/main/java/cn/teammodel/service/impl/EvaluationServiceImpl.java

@@ -11,6 +11,8 @@ import cn.teammodel.model.dto.InsertNodeDto;
 import cn.teammodel.model.dto.UpdateNodeDto;
 import cn.teammodel.model.entity.Evaluation;
 import cn.teammodel.model.entity.EvaluationTreeNode;
+import cn.teammodel.model.entity.User;
+import cn.teammodel.security.utils.SecurityUtils;
 import cn.teammodel.service.EvaluationService;
 import com.azure.spring.data.cosmos.core.CosmosTemplate;
 import org.apache.commons.lang3.ObjectUtils;
@@ -33,13 +35,27 @@ public class EvaluationServiceImpl implements EvaluationService {
     @Resource
     private EvaluationRepository evaluationRepository;
 
-    @Override
+    /**
-    public Evaluation getTree(GetEvaluateTreeDto getEvaluateTreeDto) {
+     * 通用的获取 evaluation 的方法: 判断参数,判断数据是否为空 <br/>
-        String schoolId = getEvaluateTreeDto.getSchoolId();
+     * 从 token 中获取 schoolId
-        String periodId = getEvaluateTreeDto.getPeriodId();
+     */
+    private Evaluation findEvaluation(String periodId) {
         periodId = StringUtils.isEmpty(periodId) ? "default" : periodId;
+        User loginUser = SecurityUtils.getLoginUser();
+        String schoolId = loginUser.getSchoolId();
 
+        // 拿到要新增节点的原始数据
         Evaluation evaluation = evaluationRepository.findBySchoolIdAndPeriodId(schoolId, periodId, PK.PK_EVALUATION);
+        if (evaluation == null) {
+            throw new ServiceException(ErrorCode.PARAMS_ERROR.getCode(), "学校评价数据不存在");
+        }
+        return evaluation;
+    }
+
+    @Override
+    public Evaluation getTree(GetEvaluateTreeDto getEvaluateTreeDto) {
+        Evaluation evaluation = findEvaluation(getEvaluateTreeDto.getPeriodId());
+
         return this.buildTree(evaluation);
     }
 
@@ -83,7 +99,7 @@ public class EvaluationServiceImpl implements EvaluationService {
 
     @Override
     public Evaluation insertNode(InsertNodeDto insertNodeDto) {
-        Evaluation evaluation = findEvaluation(insertNodeDto.getSchoolId(), insertNodeDto.getPeriodId());
+        Evaluation evaluation = findEvaluation(insertNodeDto.getPeriodId());
 
         List<EvaluationTreeNode> originNodes = evaluation.getNodes();
         // 拷贝数据到新节点
@@ -109,7 +125,7 @@ public class EvaluationServiceImpl implements EvaluationService {
     public Evaluation updateNode(UpdateNodeDto updateNodeDto) {
         String updateNodeId = updateNodeDto.getId();
 
-        Evaluation evaluation = findEvaluation(updateNodeDto.getSchoolId(), updateNodeDto.getPeriodId());
+        Evaluation evaluation = findEvaluation(updateNodeDto.getPeriodId());
         List<EvaluationTreeNode> originNodes = evaluation.getNodes();
         // 每个节点都有 id, 直接校验是否合法
         EvaluationTreeNode updateNode = originNodes.stream()
@@ -129,7 +145,7 @@ public class EvaluationServiceImpl implements EvaluationService {
     @Override
     public Evaluation deleteNode(DeleteNodeDto deleteNodeDto) {
         // 删除指定节点,可能是(一级,二级,三级),设计一个通用的
-        Evaluation evaluation = findEvaluation(deleteNodeDto.getSchoolId(), deleteNodeDto.getPeriodId());
+        Evaluation evaluation = findEvaluation(deleteNodeDto.getPeriodId());
         List<EvaluationTreeNode> nodes = evaluation.getNodes();
         List<EvaluationTreeNode> nodesToDelete = new ArrayList<>();
 
@@ -162,20 +178,6 @@ public class EvaluationServiceImpl implements EvaluationService {
 
     }
 
-    /**
-    * 通用的获取 evaluation 的方法: 判断参数,判断数据是否为空
-    */
-    private Evaluation findEvaluation(String schoolId,String periodId) {
-        periodId = StringUtils.isEmpty(periodId) ? "default" : periodId;
-
-        // 拿到要新增节点的原始数据
-        Evaluation evaluation = evaluationRepository.findBySchoolIdAndPeriodId(schoolId, periodId, PK.PK_EVALUATION);
-        if (evaluation == null) {
-            throw new ServiceException(ErrorCode.PARAMS_ERROR.getCode(), "学校评价数据不存在");
-        }
-        return evaluation;
-    }
-
     /**
      * 递归的构建父亲节点的孩子,以及孩子的孩子 (理论支持无极树,但应该考虑是否增加递归深度)
      */