feat: 开发中...
This commit is contained in:
@@ -10,12 +10,6 @@ group = 'cn.hamster3.application.blog'
|
||||
version = '0.0.1-SNAPSHOT'
|
||||
sourceCompatibility = '17'
|
||||
|
||||
configurations {
|
||||
compileOnly {
|
||||
extendsFrom annotationProcessor
|
||||
}
|
||||
}
|
||||
|
||||
repositories {
|
||||
maven {
|
||||
url "https://maven.airgame.net/maven-public"
|
||||
@@ -32,10 +26,6 @@ dependencies {
|
||||
implementation 'org.mapstruct:mapstruct:1.5.3.Final'
|
||||
annotationProcessor 'org.mapstruct:mapstruct-processor:1.5.3.Final'
|
||||
|
||||
// https://mvnrepository.com/artifact/com.github.therapi/therapi-runtime-javadoc
|
||||
implementation 'com.github.therapi:therapi-runtime-javadoc:0.15.0'
|
||||
annotationProcessor 'com.github.therapi:therapi-runtime-javadoc:0.15.0'
|
||||
|
||||
// https://mvnrepository.com/artifact/org.jetbrains/annotations
|
||||
compileOnly 'org.jetbrains:annotations:24.0.0'
|
||||
|
||||
|
||||
@@ -22,7 +22,8 @@ public class AuthenticationFilter extends OncePerRequestFilter {
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void doFilterInternal(@NotNull HttpServletRequest request, @NotNull HttpServletResponse response, @NotNull FilterChain filterChain) throws ServletException, IOException {
|
||||
protected void doFilterInternal(@NotNull HttpServletRequest request, @NotNull HttpServletResponse response,
|
||||
@NotNull FilterChain filterChain) throws ServletException, IOException {
|
||||
HttpSession session = request.getSession(false);
|
||||
if (session == null) {
|
||||
filterChain.doFilter(request, response);
|
||||
|
||||
@@ -15,9 +15,9 @@ public class SecurityConfig {
|
||||
return http.authorizeHttpRequests(request -> request
|
||||
.requestMatchers(HttpMethod.GET, "/", "/index", "/index.html").permitAll()
|
||||
.requestMatchers(HttpMethod.GET, "/favicon.ico", "/assets/**").permitAll()
|
||||
.requestMatchers(HttpMethod.GET, "/register", "/login").permitAll()
|
||||
.requestMatchers(HttpMethod.GET, "/api/v1/**").permitAll()
|
||||
.requestMatchers(HttpMethod.GET, "/swagger-ui/**", "v3/api-docs/**").permitAll()
|
||||
.requestMatchers(HttpMethod.POST, "/api/v1/user/").anonymous()
|
||||
.requestMatchers(HttpMethod.POST, "/api/v1/user/", "/api/v1/user/login").anonymous()
|
||||
.anyRequest().authenticated())
|
||||
.cors().and()
|
||||
.csrf().disable()
|
||||
|
||||
@@ -41,7 +41,7 @@ public class UserController {
|
||||
}
|
||||
|
||||
@GetMapping("/current")
|
||||
@Operation(summary = "查询当前用户")
|
||||
@Operation(summary = "查询当前登录用户信息")
|
||||
public ResponseVO<UserInfoResponseVO> getCurrentUserInfo() {
|
||||
return userService.getCurrentUserInfo();
|
||||
}
|
||||
@@ -63,7 +63,7 @@ public class UserController {
|
||||
}
|
||||
|
||||
@GetMapping("/{userID}/")
|
||||
@Operation(summary = "查询用户")
|
||||
@Operation(summary = "查询指定用户信息")
|
||||
public ResponseVO<UserInfoResponseVO> getUserInfo(@Parameter(description = "用户ID") @PathVariable UUID userID) {
|
||||
return userService.getUserInfo(userID);
|
||||
}
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
package cn.hamster3.application.blog.service.impl;
|
||||
|
||||
import cn.hamster3.application.blog.config.security.BlogUser;
|
||||
import cn.hamster3.application.blog.constant.UserRole;
|
||||
import cn.hamster3.application.blog.entity.BlogEntity;
|
||||
import cn.hamster3.application.blog.entity.mapper.BlogMapper;
|
||||
import cn.hamster3.application.blog.entity.repo.BlogRepository;
|
||||
@@ -60,11 +59,15 @@ public class BlogService implements IBlogService {
|
||||
if (blogEntity == null) {
|
||||
return ResponseVO.failed("该博文不存在!");
|
||||
}
|
||||
if (user.getRole() == UserRole.GUEST) {
|
||||
return ResponseVO.failed("你没有这个权限!");
|
||||
}
|
||||
if (user.getRole() != UserRole.ADMIN) {
|
||||
if (!blogEntity.getCreator().getId().equals(user.getId())) {
|
||||
switch (user.getRole()) {
|
||||
case ADMIN -> {
|
||||
}
|
||||
case AUTHOR -> {
|
||||
if (!blogEntity.getCreator().getId().equals(user.getId())) {
|
||||
return ResponseVO.failed("你没有这个权限!");
|
||||
}
|
||||
}
|
||||
default -> {
|
||||
return ResponseVO.failed("你没有这个权限!");
|
||||
}
|
||||
}
|
||||
@@ -85,16 +88,16 @@ public class BlogService implements IBlogService {
|
||||
return ResponseVO.unauthorized();
|
||||
}
|
||||
switch (user.getRole()) {
|
||||
case AUTHOR -> {
|
||||
if (!blogRepo.existsByIdAndCreator_Id(blogID, user.getId())) {
|
||||
return ResponseVO.failed("该博文不存在或不属于你!");
|
||||
}
|
||||
}
|
||||
case ADMIN -> {
|
||||
if (!blogRepo.existsById(blogID)) {
|
||||
return ResponseVO.failed("该博文不存在!");
|
||||
}
|
||||
}
|
||||
case AUTHOR -> {
|
||||
if (!blogRepo.existsByIdAndCreator_Id(blogID, user.getId())) {
|
||||
return ResponseVO.failed("该博文不存在或不属于你!");
|
||||
}
|
||||
}
|
||||
default -> {
|
||||
return ResponseVO.failed("你没有这个权限!");
|
||||
}
|
||||
@@ -103,4 +106,5 @@ public class BlogService implements IBlogService {
|
||||
blogRepo.deleteById(blogID);
|
||||
return ResponseVO.success();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -73,11 +73,6 @@ public class UserService implements IUserService {
|
||||
log.info("prepare to save userinfo: {}", entity);
|
||||
UserEntity save = userRepo.save(entity);
|
||||
|
||||
Authentication authenticate = authenticationManager.authenticate(
|
||||
new UsernamePasswordAuthenticationToken(requireVO.getEmail(), requireVO.getPassword())
|
||||
);
|
||||
HttpSession session = request.getSession();
|
||||
session.setAttribute("Authentication", authenticate);
|
||||
return ResponseVO.success("注册成功!", userMapper.entityToInfoVO(save));
|
||||
}
|
||||
|
||||
@@ -153,8 +148,7 @@ public class UserService implements IUserService {
|
||||
|
||||
@Override
|
||||
public @NotNull ResponseVO<PageableVO<UserInfoResponseVO>> getAllUserInfo(@NotNull Pageable pageable) {
|
||||
return PageableVO.success(
|
||||
userRepo.findAll(pageable).map(o -> userMapper.entityToInfoVO(o)));
|
||||
return PageableVO.success(userRepo.findAll(pageable).map(o -> userMapper.entityToInfoVO(o)));
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -166,15 +160,15 @@ public class UserService implements IUserService {
|
||||
|
||||
@Override
|
||||
public @NotNull ResponseVO<PageableVO<BlogInfoResponseVO>> getUserBlogList(@NotNull UUID userID, @NotNull Pageable pageable) {
|
||||
return PageableVO.success(
|
||||
blogRepo.findByCreator_IdOrderByCreateTimeDesc(userID, pageable)
|
||||
.map(o -> blogMapper.entityToInfoVO(o)));
|
||||
return PageableVO.success(blogRepo.findByCreator_IdOrderByCreateTimeDesc(userID, pageable)
|
||||
.map(o -> blogMapper.entityToInfoVO(o))
|
||||
);
|
||||
}
|
||||
|
||||
@Override
|
||||
public @NotNull ResponseVO<PageableVO<AttachInfoResponseVO>> getUserAttachList(@NotNull UUID userID, @NotNull Pageable pageable) {
|
||||
return PageableVO.success(
|
||||
attachRepo.findByCreator_IdOrderByCreateTimeDesc(userID, pageable)
|
||||
.map(o -> attachMapper.entityToInfoVO(o)));
|
||||
return PageableVO.success(attachRepo.findByCreator_IdOrderByCreateTimeDesc(userID, pageable)
|
||||
.map(o -> attachMapper.entityToInfoVO(o))
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user