权限处理

4cf43b1c · kangxiaoshan · 0587e349 · 4cf43b1c · 4cf43b1c
Commit 4cf43b1c authored Oct 16, 2019 by kangxiaoshan
Showing with 13 additions and 5 deletions

ContractServiceImpl.java src/main/java/common/service/impl/ContractServiceImpl.java +10 -4

AuthorizationInterceptor.java ...n/java/security/interceptor/AuthorizationInterceptor.java +3 -1

No files found.
--- a/src/main/java/common/service/impl/ContractServiceImpl.java
+++ b/src/main/java/common/service/impl/ContractServiceImpl.java
@@ -9,6 +9,7 @@ import common.service.UserService;
 import dic.ContractStatusEnum;
 import dic.ContractTypeEnum;
 import dic.RoleEnum;
+import net.sf.json.JSONArray;
 import org.joda.time.DateTime;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
@@ -101,7 +102,6 @@ public class ContractServiceImpl implements ContractService {
    @Autowired
    ContractRelationRepository contractRelationRepository;
    @Autowired
    FlowChangeRepository flowChangeRepository;
@@ -114,10 +114,12 @@ public class ContractServiceImpl implements ContractService {
    @Autowired
    SalesRepository salesRepository;
    @Autowired
    PackageBaseRepository packageBaseRepository;
+    @Autowired
+    AuthRepository authRepository;
    @Override
    public Map<String, Object> checkAccount(String email, String platfrom) {
@@ -1078,10 +1080,13 @@ public class ContractServiceImpl implements ContractService {
        List<String> ids = new ArrayList<>(idsDic.keySet());
+        Auth auth = authRepository.findByUser(loginAccount.getId());
        if(RoleEnum.FINANCE.getKey().equals(loginAccount.getRole())){
            //财务  按签约主体查看
-            List bodyids =  Arrays.asList(loginAccount.getAuthExtend().split(","));
+//            List bodyids =  Arrays.asList(loginAccount.getAuthExtend().split(","));
+            List bodyids =  JSONArray.fromObject(auth.getAuthExtend());
            if (!StringUtils.isEmpty(contractId)) {
                if (ids != null && ids.size() > 0) {
@@ -1094,7 +1099,8 @@ public class ContractServiceImpl implements ContractService {
        }else if(RoleEnum.SALSEMAN.getKey().equals(loginAccount.getRole())){
            //销售 按签约合同人查看
-            List salseid =  Arrays.asList(loginAccount.getAuthExtend().split(","));
+//            List salseid =  Arrays.asList(loginAccount.getAuthExtend().split(","));
+            List salseid =  JSONArray.fromObject(auth.getAuthExtend());
            if (!StringUtils.isEmpty(contractId)) {

--- a/src/main/java/security/interceptor/AuthorizationInterceptor.java
+++ b/src/main/java/security/interceptor/AuthorizationInterceptor.java
@@ -37,6 +37,7 @@ public class AuthorizationInterceptor extends HandlerInterceptorAdapter {
    //鉴权信息的无用前缀，默认为空
    private String httpHeaderPrefix = "";
    public void setHttpHeaderName(String httpHeaderName) {
        this.httpHeaderName = httpHeaderName;
    }
@@ -76,10 +77,11 @@ public class AuthorizationInterceptor extends HandlerInterceptorAdapter {
            boolean loginStatus = redisLoginStatusManager.getLoginStatusByKey(token);
            if (!StringUtil.isEmpty(key)) {
-                User one = userRepository.findOne(Long.parseLong(key));
                User sessionAct = (User) request.getSession().getAttribute(Constant.CURRENT_ACCOUNT);
+                // 可这里查出权限
                if (sessionAct == null) {
+                    User one = userRepository.findOne(Long.parseLong(key));
                    request.getSession().setAttribute(Constant.CURRENT_ACCOUNT,one);
                }
                return true;