fix: 从 token 中拿到 schoolId 而不是传递参数

11111
winter 1 year ago
parent 68f5303a4c
commit 148c31b323

@ -9,7 +9,6 @@ import lombok.Data;
@Data
public class DeleteNodeDto {
// 检索需要,但是有 bug
String schoolId;
String periodId;
// todo: 判断空
String id;

@ -8,7 +8,5 @@ import lombok.Data;
*/
@Data
public class GetEvaluateTreeDto {
// todo: 校验非空
String schoolId;
String periodId;
}

@ -10,7 +10,6 @@ import lombok.Data;
@Data
public class InsertNodeDto {
// 检索需要,但是有 bug
String schoolId;
String periodId;
@ApiModelProperty(value = "父亲节点,不传则为根节点")
String pid;

@ -9,7 +9,6 @@ import lombok.Data;
@Data
public class UpdateNodeDto {
// 检索需要,但是有 bug
String schoolId;
String periodId;
String id;
String name;

@ -14,10 +14,20 @@ import java.util.Set;
public class User {
private String id;
private String name;
/**
* id
*/
private String schoolId;
private String picture;
private String standard;
/**
*
*/
private String scope;
private String website;
/**
* id
*/
private String area;
private Set<String> roles;
private Set<String> permissions;

@ -12,8 +12,12 @@ import org.springframework.security.oauth2.server.resource.authentication.JwtAut
import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;
import org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import javax.annotation.Resource;
import java.util.Arrays;
@Configuration
@EnableWebSecurity
@ -70,4 +74,20 @@ public class SecurityConfiguration {
jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(grantedAuthoritiesConverter);
return jwtAuthenticationConverter;
}
/**
*
*/
@Bean
public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("*")); // 允许所有来源
configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS")); // 允许的方法
configuration.setAllowedHeaders(Arrays.asList("*")); // 允许所有请求头
configuration.setMaxAge(3600L); // 预检请求的有效期,单位秒
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
}

@ -32,7 +32,7 @@ public class AuthInnerTokenFilter extends OncePerRequestFilter {
JwtTokenUtil jwtTokenUtil;
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
SecurityContext context = SecurityContextHolder.getContext();
Authentication authentication = context.getAuthentication();
// 进入此过滤器说明 OIDC 认证成功,则验证 authToken

@ -139,6 +139,7 @@ public class JwtTokenUtil {
String id = claims.getSubject();
user.setId(id);
user.setName(claims.get("name") == null ? null : claims.get("name", String.class));
user.setSchoolId(claims.get("azp") == null ? null : claims.get("azp", String.class));
user.setPicture(claims.get("picture") == null ? null : claims.get("picture", String.class));
user.setStandard(claims.get("standard") == null ? null : claims.get("standard", String.class));
user.setScope(claims.get("scope") == null ? null : claims.get("scope", String.class));

@ -11,6 +11,8 @@ import cn.teammodel.model.dto.InsertNodeDto;
import cn.teammodel.model.dto.UpdateNodeDto;
import cn.teammodel.model.entity.Evaluation;
import cn.teammodel.model.entity.EvaluationTreeNode;
import cn.teammodel.model.entity.User;
import cn.teammodel.security.utils.SecurityUtils;
import cn.teammodel.service.EvaluationService;
import com.azure.spring.data.cosmos.core.CosmosTemplate;
import org.apache.commons.lang3.ObjectUtils;
@ -33,13 +35,27 @@ public class EvaluationServiceImpl implements EvaluationService {
@Resource
private EvaluationRepository evaluationRepository;
@Override
public Evaluation getTree(GetEvaluateTreeDto getEvaluateTreeDto) {
String schoolId = getEvaluateTreeDto.getSchoolId();
String periodId = getEvaluateTreeDto.getPeriodId();
/**
* evaluation : , <br/>
* token schoolId
*/
private Evaluation findEvaluation(String periodId) {
periodId = StringUtils.isEmpty(periodId) ? "default" : periodId;
User loginUser = SecurityUtils.getLoginUser();
String schoolId = loginUser.getSchoolId();
// 拿到要新增节点的原始数据
Evaluation evaluation = evaluationRepository.findBySchoolIdAndPeriodId(schoolId, periodId, PK.PK_EVALUATION);
if (evaluation == null) {
throw new ServiceException(ErrorCode.PARAMS_ERROR.getCode(), "学校评价数据不存在");
}
return evaluation;
}
@Override
public Evaluation getTree(GetEvaluateTreeDto getEvaluateTreeDto) {
Evaluation evaluation = findEvaluation(getEvaluateTreeDto.getPeriodId());
return this.buildTree(evaluation);
}
@ -83,7 +99,7 @@ public class EvaluationServiceImpl implements EvaluationService {
@Override
public Evaluation insertNode(InsertNodeDto insertNodeDto) {
Evaluation evaluation = findEvaluation(insertNodeDto.getSchoolId(), insertNodeDto.getPeriodId());
Evaluation evaluation = findEvaluation(insertNodeDto.getPeriodId());
List<EvaluationTreeNode> originNodes = evaluation.getNodes();
// 拷贝数据到新节点
@ -109,7 +125,7 @@ public class EvaluationServiceImpl implements EvaluationService {
public Evaluation updateNode(UpdateNodeDto updateNodeDto) {
String updateNodeId = updateNodeDto.getId();
Evaluation evaluation = findEvaluation(updateNodeDto.getSchoolId(), updateNodeDto.getPeriodId());
Evaluation evaluation = findEvaluation(updateNodeDto.getPeriodId());
List<EvaluationTreeNode> originNodes = evaluation.getNodes();
// 每个节点都有 id, 直接校验是否合法
EvaluationTreeNode updateNode = originNodes.stream()
@ -129,7 +145,7 @@ public class EvaluationServiceImpl implements EvaluationService {
@Override
public Evaluation deleteNode(DeleteNodeDto deleteNodeDto) {
// 删除指定节点,可能是(一级,二级,三级),设计一个通用的
Evaluation evaluation = findEvaluation(deleteNodeDto.getSchoolId(), deleteNodeDto.getPeriodId());
Evaluation evaluation = findEvaluation(deleteNodeDto.getPeriodId());
List<EvaluationTreeNode> nodes = evaluation.getNodes();
List<EvaluationTreeNode> nodesToDelete = new ArrayList<>();
@ -162,20 +178,6 @@ public class EvaluationServiceImpl implements EvaluationService {
}
/**
* evaluation : ,
*/
private Evaluation findEvaluation(String schoolId,String periodId) {
periodId = StringUtils.isEmpty(periodId) ? "default" : periodId;
// 拿到要新增节点的原始数据
Evaluation evaluation = evaluationRepository.findBySchoolIdAndPeriodId(schoolId, periodId, PK.PK_EVALUATION);
if (evaluation == null) {
throw new ServiceException(ErrorCode.PARAMS_ERROR.getCode(), "学校评价数据不存在");
}
return evaluation;
}
/**
* , (,)
*/

Loading…
Cancel
Save