msb_52843
/
dalong_mall
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix

Browse Source
master
eason.qian 7 years ago
parent 575f0b7725
commit 63f6832d5e
2 changed files with 12 additions and 9 deletions
Show Stats Download Patch File Download Diff File

10
src/main/java/au/com/royalpay/payment/manage/merchants/core/impls/ClientManagerImpl.java
Unescape View File

@ -83,6 +83,7 @@ import java.net.URL;
import java.util.*; import java.util.*;
import java.util.List; import java.util.List;
import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import java.util.zip.ZipEntry; import java.util.zip.ZipEntry;
import java.util.zip.ZipOutputStream; import java.util.zip.ZipOutputStream;
@ -278,14 +279,11 @@ public class ClientManagerImpl implements ClientManager, ManagerTodoNoticeProvid
private void checkClientOrg(JSONObject manager, JSONObject client) { private void checkClientOrg(JSONObject manager, JSONObject client) {
if (manager.getInteger("org_id")!=null){ if (manager.getInteger("org_id")!=null){
JSONObject org = orgMapper.findOne(client.getIntValue("org_id")); List<JSONObject> orgs = orgMapper.listOrgAndChild(manager.getIntValue("org_id"));
if (org.getInteger("parent_org_id")!=null){ List<Integer> orgIds = orgs.stream().map(org->org.getIntValue("org_id")).collect(Collectors.toList());
if (org.getIntValue("org_id")!=manager.getIntValue("org_id")){ if (!orgIds.contains(client.getIntValue("org_id"))){
throw new ForbiddenException("The org of client is not belong to you"); throw new ForbiddenException("The org of client is not belong to you");
} }
}else {
checkOrgPermission(manager, client);
}
} }
} }

7
src/main/java/au/com/royalpay/payment/manage/signin/core/impls/ManagerAccountServiceImpl.java
Unescape View File

@ -15,6 +15,7 @@ import org.springframework.stereotype.Service;
import javax.annotation.Resource; import javax.annotation.Resource;
import java.util.List; import java.util.List;
import java.util.stream.Collectors;
/** /**
* Created by yixian on 2016-07-06. * Created by yixian on 2016-07-06.
@ -78,9 +79,13 @@ public class ManagerAccountServiceImpl implements ManagerAccountsService {
} }
JSONObject obj = manager.accountJson(false); JSONObject obj = manager.accountJson(false);
if (!ManagerRole.ADMIN.hasRole(loginManager.getIntValue("role"))) { if (!ManagerRole.ADMIN.hasRole(loginManager.getIntValue("role"))) {
if (managerFromDb.getIntValue("org_id") != loginManager.getIntValue("org_id")) { if (loginManager.getInteger("org_id")!=null){
List<JSONObject> orgs = orgMapper.listOrgAndChild(loginManager.getIntValue("org_id"));
List<Integer> orgIds = orgs.stream().map(org->org.getIntValue("org_id")).collect(Collectors.toList());
if (!orgIds.contains(managerFromDb.getIntValue("org_id"))){
throw new BadRequestException("You cannot modify accounts belong to other organizations"); throw new BadRequestException("You cannot modify accounts belong to other organizations");
} }
}
if (manager.isAdmin() || manager.isFinacial() || manager.isOperator() || manager.isServant() || manager.isSitemanager() || manager.isDeveloper()) { if (manager.isAdmin() || manager.isFinacial() || manager.isOperator() || manager.isServant() || manager.isSitemanager() || manager.isDeveloper()) {
throw new BadRequestException("Invalid Role"); throw new BadRequestException("Invalid Role");
} }

Write Preview
Loading…
Cancel
Save