!29 improved Broken Access Control check of goods
Merge pull request !29 from OceansDeep/feature/pg
This commit is contained in:
OceansDeep
Gitee
commit
f7fc9a1299
@ -2,6 +2,7 @@ package cn.lili.modules.goods.serviceimpl;
|
|||||||
|
|
||||||
import cn.hutool.core.date.DateTime;
|
import cn.hutool.core.date.DateTime;
|
||||||
import cn.hutool.core.date.DateUtil;
|
import cn.hutool.core.date.DateUtil;
|
||||||
|
import cn.hutool.core.text.CharSequenceUtil;
|
||||||
import cn.hutool.core.util.NumberUtil;
|
import cn.hutool.core.util.NumberUtil;
|
||||||
import cn.hutool.json.JSONUtil;
|
import cn.hutool.json.JSONUtil;
|
||||||
import cn.lili.cache.Cache;
|
import cn.lili.cache.Cache;
|
||||||
@ -264,8 +265,9 @@ public class GoodsServiceImpl extends ServiceImpl<GoodsMapper, Goods> implements
|
|||||||
if (goodsAuthEnum != null) {
|
if (goodsAuthEnum != null) {
|
||||||
queryWrapper.eq(Goods::getIsAuth, goodsAuthEnum.name());
|
queryWrapper.eq(Goods::getIsAuth, goodsAuthEnum.name());
|
||||||
}
|
}
|
||||||
queryWrapper.eq(StringUtils.equals(UserContext.getCurrentUser().getRole().name(), UserEnums.STORE.name()),
|
AuthUser currentUser = Objects.requireNonNull(UserContext.getCurrentUser());
|
||||||
Goods::getStoreId, UserContext.getCurrentUser().getStoreId());
|
queryWrapper.eq(CharSequenceUtil.equals(currentUser.getRole().name(), UserEnums.STORE.name()),
|
||||||
|
Goods::getStoreId, currentUser.getStoreId());
|
||||||
|
|
||||||
return this.count(queryWrapper);
|
return this.count(queryWrapper);
|
||||||
}
|
}
|
||||||
@ -282,25 +284,21 @@ public class GoodsServiceImpl extends ServiceImpl<GoodsMapper, Goods> implements
|
|||||||
public Boolean updateGoodsMarketAble(List<String> goodsIds, GoodsStatusEnum goodsStatusEnum, String underReason) {
|
public Boolean updateGoodsMarketAble(List<String> goodsIds, GoodsStatusEnum goodsStatusEnum, String underReason) {
|
||||||
boolean result;
|
boolean result;
|
||||||
|
|
||||||
AuthUser currentUser = UserContext.getCurrentUser();
|
|
||||||
if (currentUser == null || (currentUser.getRole().equals(UserEnums.STORE) && currentUser.getStoreId() == null)) {
|
|
||||||
throw new ServiceException(ResultCode.USER_AUTHORITY_ERROR);
|
|
||||||
}
|
|
||||||
|
|
||||||
//如果商品为空,直接返回
|
//如果商品为空,直接返回
|
||||||
if (goodsIds == null || goodsIds.isEmpty()) {
|
if (goodsIds == null || goodsIds.isEmpty()) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
LambdaUpdateWrapper<Goods> updateWrapper = Wrappers.lambdaUpdate();
|
LambdaUpdateWrapper<Goods> updateWrapper = this.getUpdateWrapperByStoreAuthority();
|
||||||
updateWrapper.set(Goods::getMarketEnable, goodsStatusEnum.name());
|
updateWrapper.set(Goods::getMarketEnable, goodsStatusEnum.name());
|
||||||
updateWrapper.set(Goods::getUnderMessage, underReason);
|
updateWrapper.set(Goods::getUnderMessage, underReason);
|
||||||
updateWrapper.eq(Goods::getStoreId, currentUser.getStoreId());
|
|
||||||
updateWrapper.in(Goods::getId, goodsIds);
|
updateWrapper.in(Goods::getId, goodsIds);
|
||||||
result = this.update(updateWrapper);
|
result = this.update(updateWrapper);
|
||||||
|
|
||||||
//修改规格商品
|
//修改规格商品
|
||||||
List<Goods> goodsList = this.list(new LambdaQueryWrapper<Goods>().in(Goods::getId, goodsIds).eq(Goods::getStoreId, currentUser.getStoreId()));
|
LambdaQueryWrapper<Goods> queryWrapper = this.getQueryWrapperByStoreAuthority();
|
||||||
|
queryWrapper.in(Goods::getId, goodsIds);
|
||||||
|
List<Goods> goodsList = this.list(queryWrapper);
|
||||||
for (Goods goods : goodsList) {
|
for (Goods goods : goodsList) {
|
||||||
goodsSkuService.updateGoodsSkuStatus(goods);
|
goodsSkuService.updateGoodsSkuStatus(goods);
|
||||||
}
|
}
|
||||||
@ -310,20 +308,16 @@ public class GoodsServiceImpl extends ServiceImpl<GoodsMapper, Goods> implements
|
|||||||
@Override
|
@Override
|
||||||
public Boolean deleteGoods(List<String> goodsIds) {
|
public Boolean deleteGoods(List<String> goodsIds) {
|
||||||
|
|
||||||
AuthUser currentUser = UserContext.getCurrentUser();
|
LambdaUpdateWrapper<Goods> updateWrapper = this.getUpdateWrapperByStoreAuthority();
|
||||||
if (currentUser == null || (currentUser.getRole().equals(UserEnums.STORE) && currentUser.getStoreId() == null)) {
|
|
||||||
throw new ServiceException(ResultCode.USER_AUTHORITY_ERROR);
|
|
||||||
}
|
|
||||||
|
|
||||||
LambdaUpdateWrapper<Goods> updateWrapper = Wrappers.lambdaUpdate();
|
|
||||||
updateWrapper.set(Goods::getMarketEnable, GoodsStatusEnum.DOWN.name());
|
updateWrapper.set(Goods::getMarketEnable, GoodsStatusEnum.DOWN.name());
|
||||||
updateWrapper.set(Goods::getDeleteFlag, true);
|
updateWrapper.set(Goods::getDeleteFlag, true);
|
||||||
updateWrapper.eq(Goods::getStoreId, currentUser.getStoreId());
|
|
||||||
updateWrapper.in(Goods::getId, goodsIds);
|
updateWrapper.in(Goods::getId, goodsIds);
|
||||||
this.update(updateWrapper);
|
this.update(updateWrapper);
|
||||||
|
|
||||||
//修改规格商品
|
//修改规格商品
|
||||||
List<Goods> goodsList = this.list(new LambdaQueryWrapper<Goods>().in(Goods::getId, goodsIds).eq(Goods::getStoreId, currentUser.getStoreId()));
|
LambdaQueryWrapper<Goods> queryWrapper = this.getQueryWrapperByStoreAuthority();
|
||||||
|
queryWrapper.in(Goods::getId, goodsIds);
|
||||||
|
List<Goods> goodsList = this.list(queryWrapper);
|
||||||
for (Goods goods : goodsList) {
|
for (Goods goods : goodsList) {
|
||||||
//修改SKU状态
|
//修改SKU状态
|
||||||
goodsSkuService.updateGoodsSkuStatus(goods);
|
goodsSkuService.updateGoodsSkuStatus(goods);
|
||||||
@ -339,16 +333,13 @@ public class GoodsServiceImpl extends ServiceImpl<GoodsMapper, Goods> implements
|
|||||||
@Override
|
@Override
|
||||||
public Boolean freight(List<String> goodsIds, String templateId) {
|
public Boolean freight(List<String> goodsIds, String templateId) {
|
||||||
|
|
||||||
AuthUser currentUser = UserContext.getCurrentUser();
|
AuthUser authUser = this.checkStoreAuthority();
|
||||||
if (currentUser == null || (currentUser.getRole().equals(UserEnums.STORE) && currentUser.getStoreId() == null)) {
|
|
||||||
throw new ServiceException(ResultCode.USER_AUTHORITY_ERROR);
|
|
||||||
}
|
|
||||||
|
|
||||||
FreightTemplate freightTemplate = freightTemplateService.getById(templateId);
|
FreightTemplate freightTemplate = freightTemplateService.getById(templateId);
|
||||||
if (freightTemplate == null) {
|
if (freightTemplate == null) {
|
||||||
throw new ServiceException(ResultCode.FREIGHT_TEMPLATE_NOT_EXIST);
|
throw new ServiceException(ResultCode.FREIGHT_TEMPLATE_NOT_EXIST);
|
||||||
}
|
}
|
||||||
if (!freightTemplate.getStoreId().equals(currentUser.getStoreId())) {
|
if (authUser != null && !freightTemplate.getStoreId().equals(authUser.getStoreId())) {
|
||||||
throw new ServiceException(ResultCode.USER_AUTHORITY_ERROR);
|
throw new ServiceException(ResultCode.USER_AUTHORITY_ERROR);
|
||||||
}
|
}
|
||||||
LambdaUpdateWrapper<Goods> lambdaUpdateWrapper = Wrappers.lambdaUpdate();
|
LambdaUpdateWrapper<Goods> lambdaUpdateWrapper = Wrappers.lambdaUpdate();
|
||||||
@ -472,4 +463,47 @@ public class GoodsServiceImpl extends ServiceImpl<GoodsMapper, Goods> implements
|
|||||||
return goods;
|
return goods;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 检查当前登录的店铺
|
||||||
|
*
|
||||||
|
* @return 当前登录的店铺
|
||||||
|
*/
|
||||||
|
private AuthUser checkStoreAuthority() {
|
||||||
|
AuthUser currentUser = UserContext.getCurrentUser();
|
||||||
|
if (currentUser == null || (currentUser.getRole().equals(UserEnums.STORE) && currentUser.getStoreId() == null)) {
|
||||||
|
throw new ServiceException(ResultCode.USER_AUTHORITY_ERROR);
|
||||||
|
} else if (currentUser.getRole().equals(UserEnums.STORE) && currentUser.getStoreId() != null) {
|
||||||
|
return currentUser;
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 获取UpdateWrapper(检查用户越权)
|
||||||
|
*
|
||||||
|
* @return updateWrapper
|
||||||
|
*/
|
||||||
|
private LambdaUpdateWrapper<Goods> getUpdateWrapperByStoreAuthority() {
|
||||||
|
LambdaUpdateWrapper<Goods> updateWrapper = new LambdaUpdateWrapper<>();
|
||||||
|
AuthUser authUser = this.checkStoreAuthority();
|
||||||
|
if (authUser != null) {
|
||||||
|
updateWrapper.eq(Goods::getStoreId, authUser.getStoreId());
|
||||||
|
}
|
||||||
|
return updateWrapper;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 获取QueryWrapper(检查用户越权)
|
||||||
|
*
|
||||||
|
* @return queryWrapper
|
||||||
|
*/
|
||||||
|
private LambdaQueryWrapper<Goods> getQueryWrapperByStoreAuthority() {
|
||||||
|
LambdaQueryWrapper<Goods> queryWrapper = new LambdaQueryWrapper<>();
|
||||||
|
AuthUser authUser = this.checkStoreAuthority();
|
||||||
|
if (authUser != null) {
|
||||||
|
queryWrapper.eq(Goods::getStoreId, authUser.getStoreId());
|
||||||
|
}
|
||||||
|
return queryWrapper;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
@ -199,7 +199,6 @@ public class EsGoodsIndexServiceImpl extends BaseElasticsearchService implements
|
|||||||
resultMap.put(KEY_FAIL, 0);
|
resultMap.put(KEY_FAIL, 0);
|
||||||
resultMap.put(KEY_PROCESSED, 0);
|
resultMap.put(KEY_PROCESSED, 0);
|
||||||
cache.put(CachePrefix.INIT_INDEX_PROCESS.getPrefix() + "", resultMap);
|
cache.put(CachePrefix.INIT_INDEX_PROCESS.getPrefix() + "", resultMap);
|
||||||
cache.put(CachePrefix.INIT_INDEX_FLAG.getPrefix(), true);
|
|
||||||
if (!goodsIndexList.isEmpty()) {
|
if (!goodsIndexList.isEmpty()) {
|
||||||
goodsIndexRepository.deleteAll();
|
goodsIndexRepository.deleteAll();
|
||||||
for (EsGoodsIndex goodsIndex : goodsIndexList) {
|
for (EsGoodsIndex goodsIndex : goodsIndexList) {
|
||||||
|
|||||||
@ -80,9 +80,15 @@ public class ElasticsearchController {
|
|||||||
public ResultMessage<String> init() {
|
public ResultMessage<String> init() {
|
||||||
|
|
||||||
Boolean flag = (Boolean) cache.get(CachePrefix.INIT_INDEX_FLAG.getPrefix());
|
Boolean flag = (Boolean) cache.get(CachePrefix.INIT_INDEX_FLAG.getPrefix());
|
||||||
|
if (flag == null) {
|
||||||
|
cache.put(CachePrefix.INIT_INDEX_FLAG.getPrefix(), false);
|
||||||
|
}
|
||||||
if (Boolean.TRUE.equals(flag)) {
|
if (Boolean.TRUE.equals(flag)) {
|
||||||
return ResultUtil.error(100000, "当前有任务在执行");
|
return ResultUtil.error(100000, "当前有任务在执行");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
cache.put(CachePrefix.INIT_INDEX_PROCESS.getPrefix(), null);
|
||||||
|
cache.put(CachePrefix.INIT_INDEX_FLAG.getPrefix(), true);
|
||||||
ThreadUtil.execAsync(() -> {
|
ThreadUtil.execAsync(() -> {
|
||||||
//查询商品信息
|
//查询商品信息
|
||||||
LambdaQueryWrapper<GoodsSku> queryWrapper = new LambdaQueryWrapper<>();
|
LambdaQueryWrapper<GoodsSku> queryWrapper = new LambdaQueryWrapper<>();
|
||||||
@ -129,9 +135,13 @@ public class ElasticsearchController {
|
|||||||
|
|
||||||
@GetMapping("/progress")
|
@GetMapping("/progress")
|
||||||
public ResultMessage<Map<String, Integer>> getProgress() {
|
public ResultMessage<Map<String, Integer>> getProgress() {
|
||||||
|
try {
|
||||||
Map<String, Integer> map = (Map<String, Integer>) cache.get(CachePrefix.INIT_INDEX_PROCESS.getPrefix());
|
Map<String, Integer> map = (Map<String, Integer>) cache.get(CachePrefix.INIT_INDEX_PROCESS.getPrefix());
|
||||||
Boolean flag = (Boolean) cache.get(CachePrefix.INIT_INDEX_FLAG.getPrefix());
|
Boolean flag = (Boolean) cache.get(CachePrefix.INIT_INDEX_FLAG.getPrefix());
|
||||||
map.put("flag", Boolean.TRUE.equals(flag) ? 1 : 0);
|
map.put("flag", Boolean.TRUE.equals(flag) ? 1 : 0);
|
||||||
return ResultUtil.data(map);
|
return ResultUtil.data(map);
|
||||||
|
} catch (Exception e) {
|
||||||
|
return ResultUtil.data(null);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user