diff --git a/src/main/java/com/gunshi/project/hsz/controller/MentencePlanController.java b/src/main/java/com/gunshi/project/hsz/controller/MentencePlanController.java index f97cafa..7b30693 100644 --- a/src/main/java/com/gunshi/project/hsz/controller/MentencePlanController.java +++ b/src/main/java/com/gunshi/project/hsz/controller/MentencePlanController.java @@ -62,7 +62,15 @@ public class MentencePlanController extends AbstractCommonFileController { @Operation(summary = "修改") @PostMapping("/update") - public R update(@Validated(Update.class) @RequestBody MentencePlan dto) { + public R update(@Validated(Update.class) @RequestBody MentencePlan dto,HttpServletRequest request) { + SessionUser sessionUser = checkLogin(request); + if(sessionUser == null){ + throw new IllegalArgumentException("未登录"); + } + Long userId = sessionUser.getUserId(); + if(!userId.equals(dto.getCreateId())){ + throw new IllegalArgumentException("对不起,您没有编辑的权限"); + } boolean flag = mentencePlanService.update(dto); if (flag) { fileService.saveFile(dto.getFiles(), getGroupId(), dto.getId().toString()); @@ -72,13 +80,22 @@ public class MentencePlanController extends AbstractCommonFileController { @Operation(summary = "删除") @GetMapping("/del/{id}") - public R del(@Schema(name = "id") @PathVariable("id") Serializable id) { + public R del(@Schema(name = "id") @PathVariable("id") Serializable id,HttpServletRequest request) { + LambdaQueryWrapper queryWrapper = new LambdaQueryWrapper<>(); queryWrapper.eq(MentencePlan::getId, id); MentencePlan one = mentencePlanService.getOne(queryWrapper); if(Objects.isNull(one)){ throw new RuntimeException("该计划不存在"); } + SessionUser sessionUser = checkLogin(request); + if(sessionUser == null){ + throw new IllegalArgumentException("未登录"); + } + Long userId = sessionUser.getUserId(); + if(!userId.equals(one.getCreateId())){ + throw new IllegalArgumentException("对不起,您没有编辑的权限"); + } LambdaQueryWrapper queryWrapperDetail = new LambdaQueryWrapper<>(); queryWrapperDetail.eq(MentencePlanDetail::getMentencePlanId, id); //先删细节 @@ -92,7 +109,15 @@ public class MentencePlanController extends AbstractCommonFileController { @Operation(summary = "审批") @PostMapping("/approving") - public R approve(@Validated @RequestBody MentencePlan dto){ + public R approve(@Validated @RequestBody MentencePlan dto,HttpServletRequest request){ + SessionUser sessionUser = checkLogin(request); + if(sessionUser == null){ + throw new IllegalArgumentException("未登录"); + } + Long userId = sessionUser.getUserId(); + if(!userId.toString().equals(dto.getApprovePersonId())){ + throw new IllegalArgumentException("对不起,您没有审批的权限"); + } LambdaQueryWrapper queryWrapper = new LambdaQueryWrapper<>(); queryWrapper.eq(MentencePlan::getId, dto.getId()); MentencePlan one = mentencePlanService.getOne(queryWrapper); diff --git a/src/main/java/com/gunshi/project/hsz/service/MentencePlanService.java b/src/main/java/com/gunshi/project/hsz/service/MentencePlanService.java index 1a37bc6..7f6b862 100644 --- a/src/main/java/com/gunshi/project/hsz/service/MentencePlanService.java +++ b/src/main/java/com/gunshi/project/hsz/service/MentencePlanService.java @@ -97,6 +97,7 @@ public class MentencePlanService extends ServiceImpl mentencePlanPage = baseMapper.selectPage(pageSo.getPageSo().toPage(), queryWrapper); List records = mentencePlanPage.getRecords(); for (MentencePlan record : records) {