add send template permision

2 years ago · 63c7d280c1
parent ddb9354a19
commit 63c7d280c1
5 changed files with 46 additions and 2 deletions
--- a/austin-web/src/main/java/com/java3y/austin/web/controller/SendController.java
+++ b/austin-web/src/main/java/com/java3y/austin/web/controller/SendController.java
@ -1,14 +1,22 @@
 package com.java3y.austin.web.controller;


+import com.java3y.austin.common.enums.RespStatusEnum;
 import com.java3y.austin.service.api.domain.BatchSendRequest;
 import com.java3y.austin.service.api.domain.SendRequest;
 import com.java3y.austin.service.api.domain.SendResponse;
 import com.java3y.austin.service.api.service.RecallService;
 import com.java3y.austin.service.api.service.SendService;
 import com.java3y.austin.web.annotation.AustinAspect;
+import com.java3y.austin.web.exception.CommonException;
+import com.java3y.austin.web.interceptor.TokenInterceptor;
+import com.java3y.austin.web.service.MessageTemplateService;
+
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
+
+import java.util.Collections;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
@ -29,6 +37,9 @@ public class SendController {
    @Autowired
    private RecallService recallService;

+    @Autowired
+    private MessageTemplateService messageTemplateService;
+

    /**
     * 单个文案下发相同的人
@ -39,6 +50,9 @@ public class SendController {
    @ApiOperation(value = "下发接口", notes = "多渠道多类型下发消息，目前支持邮件和短信，类型支持：验证码、通知类、营销类。")
    @PostMapping("/send")
    public SendResponse send(@RequestBody SendRequest sendRequest) {
+        if(!messageTemplateService.hasPermission(Collections.singleton(sendRequest.getMessageTemplateId()), TokenInterceptor.CREAT_THREAD_LOCAL.get())) {
+            throw new CommonException(RespStatusEnum.CLIENT_BAD_PARAMETERS.getCode(), RespStatusEnum.CLIENT_BAD_PARAMETERS.getMsg());
+        }
        return sendService.send(sendRequest);
    }

@ -51,6 +65,9 @@ public class SendController {
    @ApiOperation(value = "batch下发接口", notes = "多渠道多类型下发消息，目前支持邮件和短信，类型支持：验证码、通知类、营销类。")
    @PostMapping("/batchSend")
    public SendResponse batchSend(@RequestBody BatchSendRequest batchSendRequest) {
+        if(!messageTemplateService.hasPermission(Collections.singleton(batchSendRequest.getMessageTemplateId()), TokenInterceptor.CREAT_THREAD_LOCAL.get())) {
+            throw new CommonException(RespStatusEnum.CLIENT_BAD_PARAMETERS.getCode(), RespStatusEnum.CLIENT_BAD_PARAMETERS.getMsg());
+        }
        return sendService.batchSend(batchSendRequest);
    }

@ -63,6 +80,9 @@ public class SendController {
    @ApiOperation(value = "撤回消息接口", notes = "优先根据messageId撤回消息，如果messageId不存在则根据模板id撤回")
    @PostMapping("/recall")
    public SendResponse recall(@RequestBody SendRequest sendRequest) {
+        if(!messageTemplateService.hasPermission(Collections.singleton(sendRequest.getMessageTemplateId()), TokenInterceptor.CREAT_THREAD_LOCAL.get())) {
+            throw new CommonException(RespStatusEnum.CLIENT_BAD_PARAMETERS.getCode(), RespStatusEnum.CLIENT_BAD_PARAMETERS.getMsg());
+        }
        return recallService.recall(sendRequest);
    }
 }
--- a/austin-web/src/main/java/com/java3y/austin/web/interceptor/TokenInterceptor.java
+++ b/austin-web/src/main/java/com/java3y/austin/web/interceptor/TokenInterceptor.java
@ -19,6 +19,8 @@ import javax.servlet.http.HttpServletResponse;
@Component
 public class TokenInterceptor implements HandlerInterceptor {

+    public static final ThreadLocal<String> CREAT_THREAD_LOCAL = new ThreadLocal<>();
+
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
@ -41,6 +43,7 @@ public class TokenInterceptor implements HandlerInterceptor {
        String subject = claims.getSubject();
        String creator = StringUtils.defaultIfEmpty(JSON.parseObject(subject).getString("creator"), JSON.parseObject(subject).getString("userId"));

+        CREAT_THREAD_LOCAL.set(creator);
        request.setAttribute("creator", creator);
        log.info("request {} with creator {} ", request.getRequestURI(), creator);
        return true;
@ -48,5 +51,6 @@ public class TokenInterceptor implements HandlerInterceptor {

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
+        CREAT_THREAD_LOCAL.remove();
    }
 }
--- a/austin-web/src/main/java/com/java3y/austin/web/service/MessageTemplateService.java
+++ b/austin-web/src/main/java/com/java3y/austin/web/service/MessageTemplateService.java
@ -4,8 +4,10 @@ package com.java3y.austin.web.service;
 import com.java3y.austin.common.vo.BasicResultVO;
 import com.java3y.austin.support.domain.MessageTemplate;
 import com.java3y.austin.web.vo.MessageTemplateParam;
+
 import org.springframework.data.domain.Page;

+import java.util.Collection;
 import java.util.List;

 /**
@ -80,4 +82,5 @@ public interface MessageTemplateService {
     */
    BasicResultVO stopCronTask(Long id);

+    Boolean hasPermission(Collection<Long> ids, String creator);
 }
--- a/austin-web/src/main/java/com/java3y/austin/web/service/impl/MessageTemplateServiceImpl.java
+++ b/austin-web/src/main/java/com/java3y/austin/web/service/impl/MessageTemplateServiceImpl.java
@ -17,6 +17,10 @@ import com.java3y.austin.support.dao.MessageTemplateDao;
 import com.java3y.austin.support.domain.MessageTemplate;
 import com.java3y.austin.web.service.MessageTemplateService;
 import com.java3y.austin.web.vo.MessageTemplateParam;
+
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.hibernate.mapping.Collection;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.PageRequest;
@ -27,6 +31,9 @@ import javax.persistence.criteria.Predicate;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Objects;
+import java.util.Set;
+import java.util.stream.Collector;
+import java.util.stream.Collectors;

 /**
 * 消息模板管理 Service
@ -195,5 +202,15 @@ public class MessageTemplateServiceImpl implements MessageTemplateService {
        }
    }

-
+    @Override
+    public Boolean hasPermission(Collection<Long> ids, String creator) {
+        if(CollectionUtils.isEmpty(ids)) {
+            return true;
+        }
+        Set<Long> filteredIds = ids.stream().filter(obj -> obj != null).collect(Collectors.toSet());
+        if(CollectionUtils.isEmpty(filteredIds)) {
+            return true;
+        }
+        return messageTemplateDao.findAllById(ids).stream().allMatch(messageTemplate ->  StringUtils.equalsIgnoreCase(messageTemplate.getCreator(), creator));
+    }
 }
--- a/austin-web/src/main/java/com/java3y/austin/web/utils/LoginUtils.java
+++ b/austin-web/src/main/java/com/java3y/austin/web/utils/LoginUtils.java
@ -56,7 +56,7 @@ public class LoginUtils {
                }
            }
        } catch (Exception e) {
-            log.error("LoginUtils#needLogin fail:{}", Throwables.getStackTraceAsString(e));
+            log.debug("LoginUtils#needLogin fail:{}", Throwables.getStackTraceAsString(e));
        }
        return false;
    }