add permission check

src/main/java/au/com/royalpay/payment/manage/management/sysconfig/core/PartnerPermissionManager.java

@@ -30,4 +30,6 @@ public interface PartnerPermissionManager {
     void authorizeRole(ManagerRole role, List<String> functions);
 
     List<JSONObject> listUserFunctions(int role);
+
+    JSONObject getPartnerFuncById(String funcId);
 }

src/main/java/au/com/royalpay/payment/manage/management/sysconfig/core/impls/PartnerPermissionManagerImpl.java

@@ -216,4 +216,9 @@ public class PartnerPermissionManagerImpl implements PartnerPermissionManager {
         return permissionPartnerFunctionMapper.listByRoleMask(role);
     }
 
+    @Override
+    public JSONObject getPartnerFuncById(String funcId) {
+        return permissionPartnerFunctionMapper.find(funcId);
+    }
+
 }

src/main/java/au/com/royalpay/payment/manage/permission/manager/ManagerUserInterceptor.java

@@ -1,12 +1,13 @@
 package au.com.royalpay.payment.manage.permission.manager;
 
+import au.com.royalpay.payment.manage.management.sysconfig.core.PartnerPermissionManager;
 import au.com.royalpay.payment.manage.management.sysconfig.core.PermissionManager;
 import au.com.royalpay.payment.manage.signin.core.SignInStatusManager;
 import au.com.royalpay.payment.tools.CommonConsts;
 import au.com.royalpay.payment.tools.exceptions.ForbiddenException;
 import au.com.royalpay.payment.tools.http.HttpUtils;
-
 import au.com.royalpay.payment.tools.permission.enums.PartnerRole;
+
 import com.alibaba.fastjson.JSONArray;
 import com.alibaba.fastjson.JSONObject;
 
@@ -33,6 +34,8 @@ public class ManagerUserInterceptor extends HandlerInterceptorAdapter implements
     private SignInStatusManager signInStatusManager;
     @Resource
     private PermissionManager permissionManager;
+    @Resource
+    private PartnerPermissionManager partnerPermissionManager;
 
     @Override
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
@@ -101,11 +104,13 @@ public class ManagerUserInterceptor extends HandlerInterceptorAdapter implements
             }
         }
 
-//        JSONObject func = permissionManager.getPartnerFuncById(funcId);
-//        JSONArray arr = loginUser.getJSONArray("available_module_ids");
-//        if (arr == null || !arr.contains(func.getString("module_id"))) {
-//            throw new ForbiddenException("error.permission.nopermission");
-//        }
+        JSONObject func = partnerPermissionManager.getPartnerFuncById(funcId);
+        if(func!=null && StringUtils.isNotEmpty(func.getString("module_id"))){
+            JSONArray arr = loginUser.getJSONArray("available_module_ids");
+            if (arr == null || !arr.contains(func.getString("module_id"))) {
+                throw new ForbiddenException("error.permission.nopermission");
+            }
+        }
         request.setAttribute(CommonConsts.PARTNER_STATUS, loginUser);
     }