eason.qian 7 years ago
parent bf1770d552
commit fc63e8428b

@ -214,7 +214,7 @@ public class ClientManagerImpl implements ClientManager, ManagerTodoNoticeProvid
if (client == null) { if (client == null) {
throw new InvalidShortIdException(); throw new InvalidShortIdException();
} }
checkOrgPermission(manager, client); checkClientOrg(manager, client);
client.put("show_all_permission", true); client.put("show_all_permission", true);
int role = manager != null ? manager.getIntValue("role") : 0; int role = manager != null ? manager.getIntValue("role") : 0;
if (manager != null) { if (manager != null) {
@ -274,6 +274,19 @@ public class ClientManagerImpl implements ClientManager, ManagerTodoNoticeProvid
return client; return client;
} }
private void checkClientOrg(JSONObject manager, JSONObject client) {
if (manager.getInteger("org_id")!=null){
JSONObject org = orgMapper.findOne(client.getIntValue("org_id"));
if (org.getInteger("parent_org_id")!=null){
if (org.getIntValue("parent_org_id")!=manager.getIntValue("org_id")){
throw new ForbiddenException("The org of client is not belong to you");
}
}else {
checkOrgPermission(manager, client);
}
}
}
@Override @Override
public JSONObject getClientDetailById(int clientId) { public JSONObject getClientDetailById(int clientId) {
JSONObject client = getClientInfo(clientId); JSONObject client = getClientInfo(clientId);
@ -1388,7 +1401,7 @@ public class ClientManagerImpl implements ClientManager, ManagerTodoNoticeProvid
if (client == null) { if (client == null) {
throw new InvalidShortIdException(); throw new InvalidShortIdException();
} }
checkOrgPermission(manager, client); checkClientOrg(manager,client);
JSONObject params = new JSONObject(); JSONObject params = new JSONObject();
params.put("client_id", client.getIntValue("client_id")); params.put("client_id", client.getIntValue("client_id"));
params.put("is_valid", "1"); params.put("is_valid", "1");

Loading…
Cancel
Save