资源删除、编辑不需要权限

src/main/java/xyz/playedu/api/checks/AdminPermissionCheck.java

@@ -104,29 +104,6 @@ public class AdminPermissionCheck implements ApplicationRunner {
                                                     }
                                                 },
                                             });
-                                    // 资源
-                                    put(
-                                            "资源",
-                                            new AdminPermission[] {
-                                                new AdminPermission() {
-                                                    {
-                                                        setSort(0);
-                                                        setName("删除");
-                                                        setSlug(
-                                                                BPermissionConstant
-                                                                        .RESOURCE_DESTROY);
-                                                    }
-                                                },
-                                                new AdminPermission() {
-                                                    {
-                                                        setSort(10);
-                                                        setName("编辑");
-                                                        setSlug(
-                                                                BPermissionConstant
-                                                                        .RESOURCE_UPDATE);
-                                                    }
-                                                },
-                                            });
                                     // 学员
                                     put(
                                             "学员",

src/main/java/xyz/playedu/api/checks/UpgradeCheck.java

@@ -0,0 +1,64 @@
+/*
+ * Copyright (C) 2023 杭州白书科技有限公司
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package xyz.playedu.api.checks;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.ApplicationArguments;
+import org.springframework.boot.ApplicationRunner;
+import org.springframework.core.annotation.Order;
+import org.springframework.stereotype.Component;
+
+import xyz.playedu.api.domain.AppConfig;
+import xyz.playedu.api.service.AdminPermissionService;
+import xyz.playedu.api.service.AppConfigService;
+
+import java.util.ArrayList;
+
+@Order(10000)
+@Component
+public class UpgradeCheck implements ApplicationRunner {
+
+    @Autowired private AppConfigService appConfigService;
+
+    @Autowired private AdminPermissionService permissionService;
+
+    @Override
+    public void run(ApplicationArguments args) throws Exception {
+        upgrade_v1_beta7();
+    }
+
+    private void upgrade_v1_beta7() {
+        appConfigService.update(
+                new AppConfig() {
+                    {
+                        setIsPrivate(1);
+                    }
+                },
+                appConfigService.query().getWrapper().eq("key_name", "minio.secret_key"));
+
+        permissionService.remove(
+                permissionService
+                        .query()
+                        .getWrapper()
+                        .in(
+                                "slug",
+                                new ArrayList<>() {
+                                    {
+                                        add("resource-destroy");
+                                    }
+                                }));
+    }
+}

src/main/java/xyz/playedu/api/constant/BPermissionConstant.java

@@ -15,11 +15,6 @@
  */
 package xyz.playedu.api.constant;
 
-/**
- * @Author 杭州白书科技有限公司
- *
- * @create 2023/2/21 14:57
- */
 public class BPermissionConstant {
 
     public static final String TYPE_ACTION = "action";
@@ -47,8 +42,6 @@ public class BPermissionConstant {
     public static final String COURSE_USER_DESTROY = "course-user-destroy";
 
     public static final String RESOURCE_CATEGORY = "resource-category";
-    public static final String RESOURCE_DESTROY = "resource-destroy";
-    public static final String RESOURCE_UPDATE = "resource-update";
 
     public static final String SYSTEM_CONFIG = "system-config";
 

src/main/java/xyz/playedu/api/controller/backend/ResourceController.java

@@ -25,13 +25,12 @@ import org.springframework.web.bind.annotation.*;
 
 import xyz.playedu.api.BCtx;
 import xyz.playedu.api.bus.BackendBus;
-import xyz.playedu.api.constant.BPermissionConstant;
 import xyz.playedu.api.constant.BackendConstant;
 import xyz.playedu.api.domain.AdminUser;
 import xyz.playedu.api.domain.Resource;
 import xyz.playedu.api.domain.ResourceVideo;
 import xyz.playedu.api.exception.NotFoundException;
-import xyz.playedu.api.middleware.BackendPermissionMiddleware;
+import xyz.playedu.api.exception.ServiceException;
 import xyz.playedu.api.request.backend.ResourceDestroyMultiRequest;
 import xyz.playedu.api.request.backend.ResourceUpdateRequest;
 import xyz.playedu.api.service.AdminUserService;
@@ -113,11 +112,18 @@ public class ResourceController {
         return JsonResponse.data(data);
     }
 
-    @BackendPermissionMiddleware(slug = BPermissionConstant.RESOURCE_DESTROY)
     @DeleteMapping("/{id}")
     @Transactional
+    @SneakyThrows
     public JsonResponse destroy(@PathVariable(name = "id") Integer id) throws NotFoundException {
         Resource resource = resourceService.findOrFail(id);
+
+        if (!backendBus.isSuperAdmin()) {
+            if (!resource.getAdminId().equals(BCtx.getId())) {
+                throw new ServiceException("无权限");
+            }
+        }
+
         // 删除文件
         minioService.removeByPath(resource.getPath());
         // 如果是视频资源文件则删除对应的时长关联记录
@@ -129,33 +135,68 @@ public class ResourceController {
         return JsonResponse.success();
     }
 
-    @BackendPermissionMiddleware(slug = BPermissionConstant.RESOURCE_DESTROY)
     @PostMapping("/destroy-multi")
-    @Transactional
+    @SneakyThrows
     public JsonResponse multiDestroy(@RequestBody ResourceDestroyMultiRequest req) {
         if (req.getIds() == null || req.getIds().size() == 0) {
             return JsonResponse.error("请选择需要删除的资源");
         }
+
         List<Resource> resources = resourceService.chunks(req.getIds());
         if (resources == null || resources.size() == 0) {
             return JsonResponse.success();
         }
+
         for (Resource resourceItem : resources) {
+            // 权限校验
+            if (!backendBus.isSuperAdmin()) {
+                if (!resourceItem.getAdminId().equals(BCtx.getId())) {
+                    throw new ServiceException("无权限");
+                }
+            }
+
+            // 删除资源源文件
             minioService.removeByPath(resourceItem.getPath());
+            // 如果是视频资源的话还需要删除视频的关联资源，如: 封面截图
             if (BackendConstant.RESOURCE_TYPE_VIDEO.equals(resourceItem.getType())) {
                 resourceVideoService.removeByRid(resourceItem.getId());
             }
+            // 删除数据库的记录
             resourceService.removeById(resourceItem.getId());
         }
         return JsonResponse.success();
     }
 
+    @GetMapping("/{id}")
+    @SneakyThrows
+    public JsonResponse edit(@PathVariable(name = "id") Integer id) {
+        Resource resource = resourceService.findOrFail(id);
+
+        if (!backendBus.isSuperAdmin()) {
+            if (!resource.getAdminId().equals(BCtx.getId())) {
+                throw new ServiceException("无权限");
+            }
+        }
+
+        HashMap<String, Object> data = new HashMap<>();
+        data.put("resources", resource);
+        data.put("category_ids", resourceService.categoryIds(id));
+        return JsonResponse.data(data);
+    }
+
     @PutMapping("/{id}")
     @SneakyThrows
     public JsonResponse update(
             @RequestBody @Validated ResourceUpdateRequest req,
             @PathVariable(name = "id") Integer id) {
         Resource resource = resourceService.findOrFail(id);
+
+        if (!backendBus.isSuperAdmin()) {
+            if (!resource.getAdminId().equals(BCtx.getId())) {
+                throw new ServiceException("无权限");
+            }
+        }
+
         resourceService.updateNameAndCategoryId(
                 resource.getId(), req.getName(), req.getCategoryId());
         return JsonResponse.success();

src/main/java/xyz/playedu/api/service/ResourceService.java

@@ -55,4 +55,6 @@ public interface ResourceService extends IService<Resource> {
     Integer duration(Integer id);
 
     void updateNameAndCategoryId(Integer id, String name, Integer categoryId);
+
+    List<Integer> categoryIds(Integer resourceId);
 }

src/main/java/xyz/playedu/api/service/impl/ResourceServiceImpl.java

@@ -172,4 +172,13 @@ public class ResourceServiceImpl extends ServiceImpl<ResourceMapper, Resource>
                     }
                 });
     }
+
+    @Override
+    public List<Integer> categoryIds(Integer resourceId) {
+        return relationService
+                .list(relationService.query().getWrapper().eq("rid", resourceId))
+                .stream()
+                .map(ResourceCategoryRelation::getCid)
+                .toList();
+    }
 }