add: 登录态校验

ccbd3cff · “zcwang” · af62510b · ccbd3cff · ccbd3cff · ccbd3cff
Commit ccbd3cff authored Dec 07, 2022 by “zcwang”
8 changed files
--- a/yanxuan-qc-change-system-biz/src/main/java/com/netease/mail/yanxuan/change/biz/biz/ChangeFlowBiz.java
+++ b/yanxuan-qc-change-system-biz/src/main/java/com/netease/mail/yanxuan/change/biz/biz/ChangeFlowBiz.java
@@ -373,12 +373,11 @@ public class ChangeFlowBiz {
        ChangeRecord changeRecord = this.getFlowInfo(flowId);
        // 检查工单节点
        this.checkNode(changeRecord.getFlowNode(), Collections.singletonList(changeFlowSubmitReq.getCurrentNodeId()));
-        // todo:检验操作权限
        String uid = RequestLocalBean.getUid();
        String changeCommander = changeRecord.getChangeCommander();
-        /*if (!uid.equals(changeCommander)) {
+        if (!uid.equals(changeCommander)) {
            throw ExceptionFactory.createBiz(ResponseCode.NO_AUTH, ResponseCode.NO_AUTH.getMsg());
-        }*/
+        }
        // 获取工单详情
        FlowDataDTO flowDataDTO = flowService.flowDetail(flowId.toString());
        if (flowDataDTO == null) {
@@ -556,11 +555,10 @@ public class ChangeFlowBiz {
        // 检查工单节点
        this.checkNode(changeRecord.getFlowNode(), Collections.singletonList(ChangeFlowEnum.CHANGE_FLOW_SUBMIT.getNodeId()));
        String uid = RequestLocalBean.getUid();
-        // todo:检查审核人
        String changeCommander = changeRecord.getChangeCommander();
-        /*if (!uid.equals(changeCommander)) {
+        if (!uid.equals(changeCommander)) {
            throw ExceptionFactory.createBiz(ResponseCode.NO_AUTH, ResponseCode.NO_AUTH.getMsg());
-        }*/
+        }
        // 获取工单详情
        FlowDataDTO flowDataDTO = flowService.flowDetail(flowId.toString());
        if (flowDataDTO == null) {
@@ -852,12 +850,11 @@ public class ChangeFlowBiz {
        List<String> nodeList = Arrays.asList(ChangeFlowEnum.CHANGE_FLOW_SUBMIT.getNodeId(),
            ChangeFlowEnum.CHANGE_FLOW_CONFIRM.getNodeId());
        this.checkNode(changeRecord.getFlowNode(), nodeList);
-        // todo:检验操作权限
        String uid = RequestLocalBean.getUid();
        String changeCommander = changeRecord.getChangeCommander();
-        /*if (!uid.equals(changeCommander)) {
+        if (!uid.equals(changeCommander)) {
            throw ExceptionFactory.createBiz(ResponseCode.NO_AUTH, ResponseCode.NO_AUTH.getMsg());
-        }*/
+        }
        // 工单审核人转交
        String deliverUser = req.getDeliverUser();
        UserBaseDTO userBaseDTO = new UserBaseDTO();

--- a/yanxuan-qc-change-system-biz/src/main/java/com/netease/mail/yanxuan/change/biz/service/impl/change/AdminChangeConfigServiceImpl.java
+++ b/yanxuan-qc-change-system-biz/src/main/java/com/netease/mail/yanxuan/change/biz/service/impl/change/AdminChangeConfigServiceImpl.java
@@ -4,12 +4,12 @@ import com.alibaba.fastjson.JSONObject;
 import com.netease.mail.yanxuan.change.biz.meta.exception.ExceptionFactory;
 import com.netease.mail.yanxuan.change.biz.service.change.ChangeConfigService;
 import com.netease.mail.yanxuan.change.biz.service.change.ChangeExecConfigService;
-import com.netease.mail.yanxuan.change.common.bean.AdminUserHolder;
 import com.netease.mail.yanxuan.change.common.bean.AjaxResult;
 import com.github.pagehelper.PageHelper;
 import com.github.pagehelper.PageInfo;
 import com.netease.mail.yanxuan.change.biz.service.change.AdminChangeConfigService;
 import com.netease.mail.yanxuan.change.biz.service.change.ChangeTypeService;
+import com.netease.mail.yanxuan.change.common.bean.RequestLocalBean;
 import com.netease.mail.yanxuan.change.common.bean.ResponseCode;
 import com.netease.mail.yanxuan.change.common.bean.ResponseCodeEnum;
 import com.netease.mail.yanxuan.change.common.enums.ChangeSubjectEnum;
@@ -212,7 +212,7 @@ public class AdminChangeConfigServiceImpl implements AdminChangeConfigService {
            throw ExceptionFactory.createBiz(ResponseCode.PARAMETER_DEFICIENCY);
            //如果是执行人就从head里面把邮箱装载
        }else if (changeConfigReq.getChangeCommanderType() == 1){
-            changeConfigReq.setChangeCommander(AdminUserHolder.getUserName());
+            changeConfigReq.setChangeCommander(RequestLocalBean.getUid());
        }
        changeConfig.setChangeCommanderType(changeConfigReq.getChangeCommanderType());
        if (changeConfigReq.getChangeCommander() == null){

--- a/yanxuan-qc-change-system-biz/src/main/java/com/netease/mail/yanxuan/change/biz/service/impl/change/ChangeExecConfigServiceImpl.java
+++ b/yanxuan-qc-change-system-biz/src/main/java/com/netease/mail/yanxuan/change/biz/service/impl/change/ChangeExecConfigServiceImpl.java
 package com.netease.mail.yanxuan.change.biz.service.impl.change;

 import com.netease.mail.yanxuan.change.biz.service.change.ChangeExecConfigService;
-import com.netease.mail.yanxuan.change.common.bean.AdminUserHolder;
+import com.netease.mail.yanxuan.change.common.bean.RequestLocalBean;
 import com.netease.mail.yanxuan.change.dal.entity.ChangeExecConfig;
 import com.netease.mail.yanxuan.change.dal.mapper.ChangeExecConfigMapper;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -30,7 +30,7 @@ public class ChangeExecConfigServiceImpl implements ChangeExecConfigService {
        for (ChangeExecConfig changeExecConfig : changeExecConfigs){
            //如果变更行动方案是变更发起人的话就填充登入人信息
            if(changeExecConfig.getChangeExecUserType() == 1){
-                changeExecConfig.setChangeExecUser(AdminUserHolder.getUserName());
+                changeExecConfig.setChangeExecUser(RequestLocalBean.getUid());
            }
            //在修改的时候实际上删除在新增需要屏蔽掉ID
            if (changeExecConfig.getId() != null){

--- a/yanxuan-qc-change-system-common/src/main/java/com/netease/mail/yanxuan/change/common/bean/AdminUserHolder.java
+++ b/yanxuan-qc-change-system-common/src/main/java/com/netease/mail/yanxuan/change/common/bean/AdminUserHolder.java
-/**
- * @(#)UserHolder.java, 2020/12/9.
- * <p/>
- * Copyright 2020 Netease, Inc. All rights reserved.
- * NETEASE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
- */
-package com.netease.mail.yanxuan.change.common.bean;
-
-import org.springframework.stereotype.Component;
-
-/**
- * B端管理系统用户信息
- *
- * @author: 莫闲
- * @date: 2020-12-09 13:19
- **/
-@Component
-public class AdminUserHolder {
-
-    // 当前登录用户名线程绑定
-    private static ThreadLocal<String> userThreadLocal = new ThreadLocal<>();
-
-    public static void clear() {
-        userThreadLocal.remove();
-    }
-
-    /**
-     * 获取用户名
-     *
-     * @return 用户名，null-未登录
-     */
-    public static String getUserName() {
-        return userThreadLocal.get();
-    }
-
-    public static void setUserName(String userName) {
-        userThreadLocal.set(userName);
-    }
-}
--- a/yanxuan-qc-change-system-web/src/main/java/com/netease/mail/yanxuan/change/web/config/AdminUserLoginInterceptor.java
+++ b/yanxuan-qc-change-system-web/src/main/java/com/netease/mail/yanxuan/change/web/config/AdminUserLoginInterceptor.java
-package com.netease.mail.yanxuan.change.web.config;
-
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.stereotype.Component;
-import org.springframework.web.servlet.HandlerInterceptor;
-import org.springframework.web.servlet.ModelAndView;
-
-import com.netease.mail.yanxuan.change.common.bean.AdminUserHolder;
-
-import lombok.extern.slf4j.Slf4j;
-
-@Slf4j
-@Component
-public class AdminUserLoginInterceptor implements HandlerInterceptor {
-
-    @Override
-    public boolean preHandle(HttpServletRequest request,
-                             HttpServletResponse response, Object handler) throws Exception {
-        Map<String, String> headerMap = new HashMap<>();
-        Enumeration<String> enumeration = request.getHeaderNames();
-        while (enumeration.hasMoreElements()) {
-            String name	= enumeration.nextElement();
-            String value = request.getHeader(name);
-            headerMap.put(name, value);
-        }
-        log.info("adminUserLoginInterceptor headerMap ={}", headerMap);
-        String uid = request.getHeader("uid");
-        log.info("adminUserLoginInterceptor uid ={}", uid);
-        if(uid == null){
-            uid = "grp.gyhtest1001@corp.netease.com";
-        }
-        AdminUserHolder.setUserName(uid);
-        return true;
-    }
-
-    @Override
-    public void postHandle(HttpServletRequest request,
-                           HttpServletResponse response, Object handler, ModelAndView modelAndView)
-            throws Exception {
-    }
-
-    @Override
-    public void afterCompletion(HttpServletRequest request,
-                                HttpServletResponse response, Object handler, Exception ex)
-            throws Exception {
-        AdminUserHolder.clear();
-    }
-}
\ No newline at end of file
--- a/yanxuan-qc-change-system-web/src/main/java/com/netease/mail/yanxuan/change/web/config/LoginInterceptor.java
+++ b/yanxuan-qc-change-system-web/src/main/java/com/netease/mail/yanxuan/change/web/config/LoginInterceptor.java
@@ -15,7 +15,6 @@ import org.springframework.web.servlet.HandlerInterceptor;
 import org.springframework.web.servlet.ModelAndView;

 import com.alibaba.fastjson.JSON;
-import com.netease.mail.yanxuan.change.common.bean.AdminUserHolder;
 import com.netease.mail.yanxuan.change.common.bean.AjaxResult;
 import com.netease.mail.yanxuan.change.common.bean.RequestLocalBean;
 import com.netease.mail.yanxuan.change.common.bean.ResponseCodeEnum;

--- a/yanxuan-qc-change-system-web/src/main/java/com/netease/mail/yanxuan/change/web/config/WebMvcConfig.java
+++ b/yanxuan-qc-change-system-web/src/main/java/com/netease/mail/yanxuan/change/web/config/WebMvcConfig.java
@@ -13,9 +13,6 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 public class WebMvcConfig implements WebMvcConfigurer {

    @Autowired
-    private AdminUserLoginInterceptor userLoginInterceptor;
-
-    @Autowired
    private UserInterceptor userInterceptor;

    /**
@@ -25,8 +22,6 @@ public class WebMvcConfig implements WebMvcConfigurer {
     */
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
-        registry.addInterceptor(userLoginInterceptor).addPathPatterns("/**").excludePathPatterns("/i/health")
-            .excludePathPatterns("/change/flow/getOperator", "/test/createToDo","/test/progressTodo","/test/submit");
        registry.addInterceptor(userInterceptor).addPathPatterns("/**").excludePathPatterns("/i/health")
            .excludePathPatterns("/change/flow/getOperator", "/test/createToDo","/test/progressTodo","/test/submit");
    }

--- a/yanxuan-qc-change-system-web/src/main/java/com/netease/mail/yanxuan/change/web/controller/TestController.java
+++ b/yanxuan-qc-change-system-web/src/main/java/com/netease/mail/yanxuan/change/web/controller/TestController.java
@@ -18,7 +18,6 @@ import com.netease.mail.yanxuan.change.biz.meta.exception.ExceptionFactory;
 import com.netease.mail.yanxuan.change.biz.service.ChangeFlowService;
 import com.netease.mail.yanxuan.change.biz.service.rpc.TodoService;
 import com.netease.mail.yanxuan.change.biz.task.AutoSubmit;
-import com.netease.mail.yanxuan.change.common.bean.AdminUserHolder;
 import com.netease.mail.yanxuan.change.common.bean.AjaxResult;
 import com.netease.mail.yanxuan.change.common.bean.RequestLocalBean;
 import com.netease.mail.yanxuan.change.common.bean.ResponseCode;