diff --git a/src/main/java/xyz/playedu/api/checks/AdminPermissionCheck.java b/src/main/java/xyz/playedu/api/checks/AdminPermissionCheck.java index 3662cae..8fc1536 100644 --- a/src/main/java/xyz/playedu/api/checks/AdminPermissionCheck.java +++ b/src/main/java/xyz/playedu/api/checks/AdminPermissionCheck.java @@ -104,29 +104,6 @@ public class AdminPermissionCheck implements ApplicationRunner { } }, }); - // 资源 - put( - "资源", - new AdminPermission[] { - new AdminPermission() { - { - setSort(0); - setName("删除"); - setSlug( - BPermissionConstant - .RESOURCE_DESTROY); - } - }, - new AdminPermission() { - { - setSort(10); - setName("编辑"); - setSlug( - BPermissionConstant - .RESOURCE_UPDATE); - } - }, - }); // 学员 put( "学员", diff --git a/src/main/java/xyz/playedu/api/checks/UpgradeCheck.java b/src/main/java/xyz/playedu/api/checks/UpgradeCheck.java new file mode 100644 index 0000000..5eec804 --- /dev/null +++ b/src/main/java/xyz/playedu/api/checks/UpgradeCheck.java @@ -0,0 +1,64 @@ +/* + * Copyright (C) 2023 杭州白书科技有限公司 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package xyz.playedu.api.checks; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.ApplicationArguments; +import org.springframework.boot.ApplicationRunner; +import org.springframework.core.annotation.Order; +import org.springframework.stereotype.Component; + +import xyz.playedu.api.domain.AppConfig; +import xyz.playedu.api.service.AdminPermissionService; +import xyz.playedu.api.service.AppConfigService; + +import java.util.ArrayList; + +@Order(10000) +@Component +public class UpgradeCheck implements ApplicationRunner { + + @Autowired private AppConfigService appConfigService; + + @Autowired private AdminPermissionService permissionService; + + @Override + public void run(ApplicationArguments args) throws Exception { + upgrade_v1_beta7(); + } + + private void upgrade_v1_beta7() { + appConfigService.update( + new AppConfig() { + { + setIsPrivate(1); + } + }, + appConfigService.query().getWrapper().eq("key_name", "minio.secret_key")); + + permissionService.remove( + permissionService + .query() + .getWrapper() + .in( + "slug", + new ArrayList<>() { + { + add("resource-destroy"); + } + })); + } +} diff --git a/src/main/java/xyz/playedu/api/constant/BPermissionConstant.java b/src/main/java/xyz/playedu/api/constant/BPermissionConstant.java index c70af39..96a0918 100644 --- a/src/main/java/xyz/playedu/api/constant/BPermissionConstant.java +++ b/src/main/java/xyz/playedu/api/constant/BPermissionConstant.java @@ -15,11 +15,6 @@ */ package xyz.playedu.api.constant; -/** - * @Author 杭州白书科技有限公司 - * - * @create 2023/2/21 14:57 - */ public class BPermissionConstant { public static final String TYPE_ACTION = "action"; @@ -47,8 +42,6 @@ public class BPermissionConstant { public static final String COURSE_USER_DESTROY = "course-user-destroy"; public static final String RESOURCE_CATEGORY = "resource-category"; - public static final String RESOURCE_DESTROY = "resource-destroy"; - public static final String RESOURCE_UPDATE = "resource-update"; public static final String SYSTEM_CONFIG = "system-config"; diff --git a/src/main/java/xyz/playedu/api/controller/backend/ResourceController.java b/src/main/java/xyz/playedu/api/controller/backend/ResourceController.java index 3234486..98385b1 100644 --- a/src/main/java/xyz/playedu/api/controller/backend/ResourceController.java +++ b/src/main/java/xyz/playedu/api/controller/backend/ResourceController.java @@ -25,13 +25,12 @@ import org.springframework.web.bind.annotation.*; import xyz.playedu.api.BCtx; import xyz.playedu.api.bus.BackendBus; -import xyz.playedu.api.constant.BPermissionConstant; import xyz.playedu.api.constant.BackendConstant; import xyz.playedu.api.domain.AdminUser; import xyz.playedu.api.domain.Resource; import xyz.playedu.api.domain.ResourceVideo; import xyz.playedu.api.exception.NotFoundException; -import xyz.playedu.api.middleware.BackendPermissionMiddleware; +import xyz.playedu.api.exception.ServiceException; import xyz.playedu.api.request.backend.ResourceDestroyMultiRequest; import xyz.playedu.api.request.backend.ResourceUpdateRequest; import xyz.playedu.api.service.AdminUserService; @@ -113,11 +112,18 @@ public class ResourceController { return JsonResponse.data(data); } - @BackendPermissionMiddleware(slug = BPermissionConstant.RESOURCE_DESTROY) @DeleteMapping("/{id}") @Transactional + @SneakyThrows public JsonResponse destroy(@PathVariable(name = "id") Integer id) throws NotFoundException { Resource resource = resourceService.findOrFail(id); + + if (!backendBus.isSuperAdmin()) { + if (!resource.getAdminId().equals(BCtx.getId())) { + throw new ServiceException("无权限"); + } + } + // 删除文件 minioService.removeByPath(resource.getPath()); // 如果是视频资源文件则删除对应的时长关联记录 @@ -129,33 +135,68 @@ public class ResourceController { return JsonResponse.success(); } - @BackendPermissionMiddleware(slug = BPermissionConstant.RESOURCE_DESTROY) @PostMapping("/destroy-multi") - @Transactional + @SneakyThrows public JsonResponse multiDestroy(@RequestBody ResourceDestroyMultiRequest req) { if (req.getIds() == null || req.getIds().size() == 0) { return JsonResponse.error("请选择需要删除的资源"); } + List resources = resourceService.chunks(req.getIds()); if (resources == null || resources.size() == 0) { return JsonResponse.success(); } + for (Resource resourceItem : resources) { + // 权限校验 + if (!backendBus.isSuperAdmin()) { + if (!resourceItem.getAdminId().equals(BCtx.getId())) { + throw new ServiceException("无权限"); + } + } + + // 删除资源源文件 minioService.removeByPath(resourceItem.getPath()); + // 如果是视频资源的话还需要删除视频的关联资源,如: 封面截图 if (BackendConstant.RESOURCE_TYPE_VIDEO.equals(resourceItem.getType())) { resourceVideoService.removeByRid(resourceItem.getId()); } + // 删除数据库的记录 resourceService.removeById(resourceItem.getId()); } return JsonResponse.success(); } + @GetMapping("/{id}") + @SneakyThrows + public JsonResponse edit(@PathVariable(name = "id") Integer id) { + Resource resource = resourceService.findOrFail(id); + + if (!backendBus.isSuperAdmin()) { + if (!resource.getAdminId().equals(BCtx.getId())) { + throw new ServiceException("无权限"); + } + } + + HashMap data = new HashMap<>(); + data.put("resources", resource); + data.put("category_ids", resourceService.categoryIds(id)); + return JsonResponse.data(data); + } + @PutMapping("/{id}") @SneakyThrows public JsonResponse update( @RequestBody @Validated ResourceUpdateRequest req, @PathVariable(name = "id") Integer id) { Resource resource = resourceService.findOrFail(id); + + if (!backendBus.isSuperAdmin()) { + if (!resource.getAdminId().equals(BCtx.getId())) { + throw new ServiceException("无权限"); + } + } + resourceService.updateNameAndCategoryId( resource.getId(), req.getName(), req.getCategoryId()); return JsonResponse.success(); diff --git a/src/main/java/xyz/playedu/api/service/ResourceService.java b/src/main/java/xyz/playedu/api/service/ResourceService.java index 9bb4dd1..a4f42b3 100644 --- a/src/main/java/xyz/playedu/api/service/ResourceService.java +++ b/src/main/java/xyz/playedu/api/service/ResourceService.java @@ -55,4 +55,6 @@ public interface ResourceService extends IService { Integer duration(Integer id); void updateNameAndCategoryId(Integer id, String name, Integer categoryId); + + List categoryIds(Integer resourceId); } diff --git a/src/main/java/xyz/playedu/api/service/impl/ResourceServiceImpl.java b/src/main/java/xyz/playedu/api/service/impl/ResourceServiceImpl.java index 944258b..b55d85b 100644 --- a/src/main/java/xyz/playedu/api/service/impl/ResourceServiceImpl.java +++ b/src/main/java/xyz/playedu/api/service/impl/ResourceServiceImpl.java @@ -172,4 +172,13 @@ public class ResourceServiceImpl extends ServiceImpl } }); } + + @Override + public List categoryIds(Integer resourceId) { + return relationService + .list(relationService.query().getWrapper().eq("rid", resourceId)) + .stream() + .map(ResourceCategoryRelation::getCid) + .toList(); + } }