diff --git a/austin-web/src/main/java/com/java3y/austin/web/controller/SendController.java b/austin-web/src/main/java/com/java3y/austin/web/controller/SendController.java index c8a8a7e..875905e 100644 --- a/austin-web/src/main/java/com/java3y/austin/web/controller/SendController.java +++ b/austin-web/src/main/java/com/java3y/austin/web/controller/SendController.java @@ -1,14 +1,22 @@ package com.java3y.austin.web.controller; +import com.java3y.austin.common.enums.RespStatusEnum; import com.java3y.austin.service.api.domain.BatchSendRequest; import com.java3y.austin.service.api.domain.SendRequest; import com.java3y.austin.service.api.domain.SendResponse; import com.java3y.austin.service.api.service.RecallService; import com.java3y.austin.service.api.service.SendService; import com.java3y.austin.web.annotation.AustinAspect; +import com.java3y.austin.web.exception.CommonException; +import com.java3y.austin.web.interceptor.TokenInterceptor; +import com.java3y.austin.web.service.MessageTemplateService; + import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; + +import java.util.Collections; + import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; @@ -29,6 +37,9 @@ public class SendController { @Autowired private RecallService recallService; + @Autowired + private MessageTemplateService messageTemplateService; + /** * 单个文案下发相同的人 @@ -39,6 +50,9 @@ public class SendController { @ApiOperation(value = "下发接口", notes = "多渠道多类型下发消息,目前支持邮件和短信,类型支持:验证码、通知类、营销类。") @PostMapping("/send") public SendResponse send(@RequestBody SendRequest sendRequest) { + if(!messageTemplateService.hasPermission(Collections.singleton(sendRequest.getMessageTemplateId()), TokenInterceptor.CREAT_THREAD_LOCAL.get())) { + throw new CommonException(RespStatusEnum.CLIENT_BAD_PARAMETERS.getCode(), RespStatusEnum.CLIENT_BAD_PARAMETERS.getMsg()); + } return sendService.send(sendRequest); } @@ -51,6 +65,9 @@ public class SendController { @ApiOperation(value = "batch下发接口", notes = "多渠道多类型下发消息,目前支持邮件和短信,类型支持:验证码、通知类、营销类。") @PostMapping("/batchSend") public SendResponse batchSend(@RequestBody BatchSendRequest batchSendRequest) { + if(!messageTemplateService.hasPermission(Collections.singleton(batchSendRequest.getMessageTemplateId()), TokenInterceptor.CREAT_THREAD_LOCAL.get())) { + throw new CommonException(RespStatusEnum.CLIENT_BAD_PARAMETERS.getCode(), RespStatusEnum.CLIENT_BAD_PARAMETERS.getMsg()); + } return sendService.batchSend(batchSendRequest); } @@ -63,6 +80,9 @@ public class SendController { @ApiOperation(value = "撤回消息接口", notes = "优先根据messageId撤回消息,如果messageId不存在则根据模板id撤回") @PostMapping("/recall") public SendResponse recall(@RequestBody SendRequest sendRequest) { + if(!messageTemplateService.hasPermission(Collections.singleton(sendRequest.getMessageTemplateId()), TokenInterceptor.CREAT_THREAD_LOCAL.get())) { + throw new CommonException(RespStatusEnum.CLIENT_BAD_PARAMETERS.getCode(), RespStatusEnum.CLIENT_BAD_PARAMETERS.getMsg()); + } return recallService.recall(sendRequest); } } diff --git a/austin-web/src/main/java/com/java3y/austin/web/interceptor/TokenInterceptor.java b/austin-web/src/main/java/com/java3y/austin/web/interceptor/TokenInterceptor.java index 857e3b4..4d155d4 100644 --- a/austin-web/src/main/java/com/java3y/austin/web/interceptor/TokenInterceptor.java +++ b/austin-web/src/main/java/com/java3y/austin/web/interceptor/TokenInterceptor.java @@ -19,6 +19,8 @@ import javax.servlet.http.HttpServletResponse; @Component public class TokenInterceptor implements HandlerInterceptor { + public static final ThreadLocal CREAT_THREAD_LOCAL = new ThreadLocal<>(); + @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { if ("OPTIONS".equalsIgnoreCase(request.getMethod())) { @@ -41,6 +43,7 @@ public class TokenInterceptor implements HandlerInterceptor { String subject = claims.getSubject(); String creator = StringUtils.defaultIfEmpty(JSON.parseObject(subject).getString("creator"), JSON.parseObject(subject).getString("userId")); + CREAT_THREAD_LOCAL.set(creator); request.setAttribute("creator", creator); log.info("request {} with creator {} ", request.getRequestURI(), creator); return true; @@ -48,5 +51,6 @@ public class TokenInterceptor implements HandlerInterceptor { @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { + CREAT_THREAD_LOCAL.remove(); } } diff --git a/austin-web/src/main/java/com/java3y/austin/web/service/MessageTemplateService.java b/austin-web/src/main/java/com/java3y/austin/web/service/MessageTemplateService.java index 7a80666..8046f23 100644 --- a/austin-web/src/main/java/com/java3y/austin/web/service/MessageTemplateService.java +++ b/austin-web/src/main/java/com/java3y/austin/web/service/MessageTemplateService.java @@ -4,8 +4,10 @@ package com.java3y.austin.web.service; import com.java3y.austin.common.vo.BasicResultVO; import com.java3y.austin.support.domain.MessageTemplate; import com.java3y.austin.web.vo.MessageTemplateParam; + import org.springframework.data.domain.Page; +import java.util.Collection; import java.util.List; /** @@ -80,4 +82,5 @@ public interface MessageTemplateService { */ BasicResultVO stopCronTask(Long id); + Boolean hasPermission(Collection ids, String creator); } diff --git a/austin-web/src/main/java/com/java3y/austin/web/service/impl/MessageTemplateServiceImpl.java b/austin-web/src/main/java/com/java3y/austin/web/service/impl/MessageTemplateServiceImpl.java index d7c33f2..9a443a0 100644 --- a/austin-web/src/main/java/com/java3y/austin/web/service/impl/MessageTemplateServiceImpl.java +++ b/austin-web/src/main/java/com/java3y/austin/web/service/impl/MessageTemplateServiceImpl.java @@ -17,6 +17,10 @@ import com.java3y.austin.support.dao.MessageTemplateDao; import com.java3y.austin.support.domain.MessageTemplate; import com.java3y.austin.web.service.MessageTemplateService; import com.java3y.austin.web.vo.MessageTemplateParam; + +import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.lang3.StringUtils; +import org.hibernate.mapping.Collection; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.data.domain.Page; import org.springframework.data.domain.PageRequest; @@ -27,6 +31,9 @@ import javax.persistence.criteria.Predicate; import java.util.ArrayList; import java.util.List; import java.util.Objects; +import java.util.Set; +import java.util.stream.Collector; +import java.util.stream.Collectors; /** * 消息模板管理 Service @@ -195,5 +202,15 @@ public class MessageTemplateServiceImpl implements MessageTemplateService { } } - + @Override + public Boolean hasPermission(Collection ids, String creator) { + if(CollectionUtils.isEmpty(ids)) { + return true; + } + Set filteredIds = ids.stream().filter(obj -> obj != null).collect(Collectors.toSet()); + if(CollectionUtils.isEmpty(filteredIds)) { + return true; + } + return messageTemplateDao.findAllById(ids).stream().allMatch(messageTemplate -> StringUtils.equalsIgnoreCase(messageTemplate.getCreator(), creator)); + } } diff --git a/austin-web/src/main/java/com/java3y/austin/web/utils/LoginUtils.java b/austin-web/src/main/java/com/java3y/austin/web/utils/LoginUtils.java index 2cf9f90..58caa56 100644 --- a/austin-web/src/main/java/com/java3y/austin/web/utils/LoginUtils.java +++ b/austin-web/src/main/java/com/java3y/austin/web/utils/LoginUtils.java @@ -56,7 +56,7 @@ public class LoginUtils { } } } catch (Exception e) { - log.error("LoginUtils#needLogin fail:{}", Throwables.getStackTraceAsString(e)); + log.debug("LoginUtils#needLogin fail:{}", Throwables.getStackTraceAsString(e)); } return false; }