diff --git a/src/main/java/au/com/royalpay/payment/manage/management/sysconfig/core/PermissionPartnerManager.java b/src/main/java/au/com/royalpay/payment/manage/management/sysconfig/core/PermissionPartnerManager.java index cb297c8fb..55eb45029 100644 --- a/src/main/java/au/com/royalpay/payment/manage/management/sysconfig/core/PermissionPartnerManager.java +++ b/src/main/java/au/com/royalpay/payment/manage/management/sysconfig/core/PermissionPartnerManager.java @@ -30,4 +30,6 @@ public interface PermissionPartnerManager { void authorizeRole(ManagerRole role, List functions); List listUserFunctions(int role); + + JSONObject getPartnerFuncById(String funcId); } diff --git a/src/main/java/au/com/royalpay/payment/manage/management/sysconfig/core/impls/PermissionPartnerManagerImpl.java b/src/main/java/au/com/royalpay/payment/manage/management/sysconfig/core/impls/PermissionPartnerManagerImpl.java index ddaed6e45..617536c3f 100644 --- a/src/main/java/au/com/royalpay/payment/manage/management/sysconfig/core/impls/PermissionPartnerManagerImpl.java +++ b/src/main/java/au/com/royalpay/payment/manage/management/sysconfig/core/impls/PermissionPartnerManagerImpl.java @@ -218,4 +218,9 @@ public class PermissionPartnerManagerImpl implements PermissionPartnerManager { return permissionPartnerFunctionMapper.listByRoleMask(role); } + @Override + public JSONObject getPartnerFuncById(String funcId) { + return permissionPartnerFunctionMapper.find(funcId); + } + } diff --git a/src/main/java/au/com/royalpay/payment/manage/permission/manager/ManagerUserInterceptor.java b/src/main/java/au/com/royalpay/payment/manage/permission/manager/ManagerUserInterceptor.java index 4933f67cb..73bf94afc 100644 --- a/src/main/java/au/com/royalpay/payment/manage/permission/manager/ManagerUserInterceptor.java +++ b/src/main/java/au/com/royalpay/payment/manage/permission/manager/ManagerUserInterceptor.java @@ -1,12 +1,13 @@ package au.com.royalpay.payment.manage.permission.manager; +import au.com.royalpay.payment.manage.management.sysconfig.core.PartnerPermissionManager; import au.com.royalpay.payment.manage.management.sysconfig.core.PermissionManager; import au.com.royalpay.payment.manage.signin.core.SignInStatusManager; import au.com.royalpay.payment.tools.CommonConsts; import au.com.royalpay.payment.tools.exceptions.ForbiddenException; import au.com.royalpay.payment.tools.http.HttpUtils; - import au.com.royalpay.payment.tools.permission.enums.PartnerRole; + import com.alibaba.fastjson.JSONArray; import com.alibaba.fastjson.JSONObject; @@ -33,6 +34,8 @@ public class ManagerUserInterceptor extends HandlerInterceptorAdapter implements private SignInStatusManager signInStatusManager; @Resource private PermissionManager permissionManager; + @Resource + private PartnerPermissionManager partnerPermissionManager; @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { @@ -101,11 +104,13 @@ public class ManagerUserInterceptor extends HandlerInterceptorAdapter implements } } -// JSONObject func = permissionManager.getPartnerFuncById(funcId); -// JSONArray arr = loginUser.getJSONArray("available_module_ids"); -// if (arr == null || !arr.contains(func.getString("module_id"))) { -// throw new ForbiddenException("error.permission.nopermission"); -// } + JSONObject func = partnerPermissionManager.getPartnerFuncById(funcId); + if(func!=null && StringUtils.isNotEmpty(func.getString("module_id"))){ + JSONArray arr = loginUser.getJSONArray("available_module_ids"); + if (arr == null || !arr.contains(func.getString("module_id"))) { + throw new ForbiddenException("error.permission.nopermission"); + } + } request.setAttribute(CommonConsts.PARTNER_STATUS, loginUser); }