auth

common/src/main/java/com/koobietech/eas/common/utils/SecurityManager.java

@@ -53,6 +53,16 @@ public class SecurityManager {
         return isStudent;
     }
 
+    public static String getStudentNumber() {
+        UserDetailPojo principal = getPrincipal();
+        if (Objects.nonNull(principal)) {
+            if ( isStudentUser() ) {
+                return principal.getStudentNumber();
+            }
+        }
+        return "";
+    }
+
     /**
      * 取学员登录ID
      * @return
@@ -76,6 +86,18 @@ public class SecurityManager {
         return Objects.nonNull(principal);
     }
 
+    /**
+     * 是否登录
+     * @return
+     */
+    public static UserType getUserType() {
+        UserDetailPojo principal = getPrincipal();
+        if ( Objects.nonNull(principal) ) {
+            return principal.getUserType();
+        }
+        return null;
+    }
+
     public static Authentication getAuthentication() {
         try {
         return SecurityContextHolder.getContext().getAuthentication();

controller/src/main/java/com/koobietech/eas/controller/EasArcTlsAttendanceController.java

@@ -4,6 +4,7 @@ import com.github.pagehelper.PageHelper;
 import com.koobietech.eas.common.result.JsonPageResult;
 import com.koobietech.eas.common.result.JsonResult;
 import com.koobietech.eas.common.result.PageDataResult;
+import com.koobietech.eas.common.utils.SecurityManager;
 import com.koobietech.eas.dao.dto.AttendanceDto;
 import com.koobietech.eas.mbg.model.EasArcTlsAttendance;
 import com.koobietech.eas.service.EasArcTlsAttendanceService;
@@ -29,6 +30,11 @@ public class EasArcTlsAttendanceController {
     public JsonPageResult queryAttendance(@RequestBody AttendanceDto dto,
                                          @RequestParam Integer pageNum, @RequestParam Integer pageSize) {
         PageHelper.startPage(pageNum, pageSize);
+
+        if ( SecurityManager.isStudentUser() ) {
+            dto.setStudentId(SecurityManager.getLoginSid().intValue());
+        }
+
         PageDataResult res =  easArcTlsAttendanceService.queryAttendance(dto);
         return JsonPageResult.data(res);
     }
@@ -36,6 +42,11 @@ public class EasArcTlsAttendanceController {
     @PostMapping("/getStudentList")
     @Operation(summary = "获取学生列表", description = "签到的时候会根据课表ID来获取学生列表（scheduleId）")
     public JsonResult getStudentList(@RequestBody AttendanceDto dto) {
+
+        if ( SecurityManager.isStudentUser() ) {
+            dto.setStudentId(SecurityManager.getLoginSid().intValue());
+        }
+
         return JsonResult.data(easArcTlsAttendanceService.getStudentList(dto));
     }
 

controller/src/main/java/com/koobietech/eas/controller/EasArcTlsFileDownloadController.java

@@ -1,6 +1,7 @@
 package com.koobietech.eas.controller;
 
 import com.koobietech.eas.common.result.JsonResult;
+import com.koobietech.eas.common.utils.SecurityManager;
 import com.koobietech.eas.mbg.model.EasArcArchives;
 import com.koobietech.eas.service.EasArcArchivesService;
 import com.koobietech.eas.service.EasArchiveFileDownloadService;
@@ -30,6 +31,13 @@ public class EasArcTlsFileDownloadController {
     @Operation(summary = "获取下载token", description = "前端传入archiveId，后端返回下载token")
     public JsonResult getFile(@RequestParam String archiveNumber) {
 
+        if ( SecurityManager.isStudentUser() ) {
+            if ( ! easArchiveFileDownloadService.
+                    validateArchiveNumberByUser(archiveNumber,  SecurityManager.getStudentNumber() ) ) {
+                return JsonResult.fail("非法访问");
+            }
+        }
+
         String archiveToken = easArchiveFileDownloadService.getArchiveToken(archiveNumber);
 
         return JsonResult.data(archiveToken);
@@ -46,6 +54,9 @@ public class EasArcTlsFileDownloadController {
     @PostMapping("/getArchives")
     @Operation(summary = "获取档案", description = "获取档案")
     public JsonResult getArchives(@RequestBody EasArcArchives easArcArchives){
+        if ( SecurityManager.isStudentUser() ) {
+            easArcArchives.setStudentNumber(SecurityManager.getStudentNumber() );
+        }
         List<EasArcArchives> res = easArcArchivesService.getArchives(easArcArchives);
         return JsonResult.data(res);
     }

controller/src/main/java/com/koobietech/eas/controller/EasArcTlsScoresController.java

@@ -4,6 +4,7 @@ import com.github.pagehelper.PageHelper;
 import com.koobietech.eas.common.result.JsonPageResult;
 import com.koobietech.eas.common.result.JsonResult;
 import com.koobietech.eas.common.result.PageDataResult;
+import com.koobietech.eas.common.utils.SecurityManager;
 import com.koobietech.eas.dao.dto.ScoresDto;
 import com.koobietech.eas.mbg.model.EasArcTlsScores;
 import com.koobietech.eas.service.EasArcTlsScoresService;
@@ -82,6 +83,11 @@ public class EasArcTlsScoresController {
     public JsonPageResult queryStudentScores(@RequestBody ScoresDto scoresDto,
                                                @RequestParam Integer pageNum,@RequestParam Integer pageSize){
         PageHelper.startPage(pageNum,pageSize);
+
+        if ( SecurityManager.isStudentUser() ) {
+            scoresDto.setStudentId(SecurityManager.getLoginSid().intValue());
+        }
+
         PageDataResult pageDataResult = easArcTlsScoresService.queryStudentScores(scoresDto);
         return JsonPageResult.data(pageDataResult);
     }

controller/src/main/java/com/koobietech/eas/controller/EasEduScheduleController.java

@@ -4,6 +4,7 @@ import com.github.pagehelper.PageHelper;
 import com.koobietech.eas.common.result.JsonPageResult;
 import com.koobietech.eas.common.result.JsonResult;
 import com.koobietech.eas.common.result.PageDataResult;
+import com.koobietech.eas.common.utils.SecurityManager;
 import com.koobietech.eas.dao.dto.ConflictDto;
 import com.koobietech.eas.dao.dto.ScheduleDto;
 import com.koobietech.eas.dao.pojo.SchedulePojo;
@@ -67,6 +68,12 @@ public class EasEduScheduleController {
     @PostMapping("/querySchedule")
     @Operation(summary = "查询课程表", description = "根据参数查询课程表信息")
     public JsonResult querySchedule(@RequestBody(required = false) ScheduleDto schedule) {
+
+        if ( SecurityManager.isStudentUser() ) {
+            // 如果是学生用户，则只查询自己的课程表
+            schedule.setStudentId(SecurityManager.getLoginSid().intValue());
+        }
+
         List<SchedulePojo> ret = easEduScheduleService.querySchedule(schedule);
         return JsonResult.data(ret);
     }

controller/src/main/java/com/koobietech/eas/controller/EasSysStuProfileController.java

@@ -5,6 +5,7 @@ import com.github.pagehelper.PageHelper;
 import com.koobietech.eas.common.result.JsonPageResult;
 import com.koobietech.eas.common.result.JsonResult;
 import com.koobietech.eas.common.result.PageDataResult;
+import com.koobietech.eas.common.utils.SecurityManager;
 import com.koobietech.eas.dao.dto.ArchivesDto;
 import com.koobietech.eas.dao.dto.EasArcTlsStudentsDto;
 import com.koobietech.eas.mbg.model.EasArcArchives;
@@ -130,6 +131,10 @@ public class EasSysStuProfileController {
     @GetMapping("/getStudentByKeyword")
     @Operation(summary = "查询所有学员信息", description = "查询所有学员信息根据关键词")
     public JsonResult getStudentByKeyword(@RequestParam(value = "", required = true) String keyword){
+        //限制学员搜索功能
+        if ( SecurityManager.isStudentUser() ) {
+            keyword = SecurityManager.getLoginUserName();
+        }
         List<EasSysStudent> res = easStuProfileService.getStudentByKeyword(keyword);
         return JsonResult.data(res);
     }

dao/src/main/java/com/koobietech/eas/dao/pojo/UserDetailPojo.java

@@ -10,6 +10,7 @@ import java.util.List;
 @Data
 public class UserDetailPojo {
     private Long id;
+    private String studentNumber;
     private String username;
     private String phone;
     private String email;

dao/src/main/resources/com/koobietech/eas/dao/mapper/AdminLoginMapper.xml

@@ -64,6 +64,7 @@
         <result column="student_name" property="username"/>
         <result column="phone" property="phone"/>
         <result column="email" property="email"/>
+        <result column="student_number" property="studentNumber"/>
     </resultMap>
 
     <select id="getUserPermissionsById" resultMap="permissionResultMap">
@@ -99,7 +100,7 @@
     </select>
 
     <select id="getUserDetailById" resultMap="userDetailResultMap">
-        SELECT id, username, phone, email
+        SELECT id, username, phone, email, '' AS student_number
         FROM eas_sys_userinfo
         WHERE id = #{adminId}
     </select>
@@ -109,7 +110,8 @@
             id,
             student_name,
             phone,
-            email
+            email,
+            student_number
         FROM
             eas_sys_student
         WHERE

service/src/main/java/com/koobietech/eas/service/EasArchiveFileDownloadService.java

@@ -10,4 +10,6 @@ public interface EasArchiveFileDownloadService {
     String getFilePathByToken(String archiveToken);
 
     boolean downloadFileByToken(String archiveToken, HttpServletResponse response);
+
+    boolean validateArchiveNumberByUser(String archiveNumber, String studentNumber);
 }

service/src/main/java/com/koobietech/eas/service/impl/EasArchiveFileDownloadServiceImpl.java

@@ -118,6 +118,16 @@ public class EasArchiveFileDownloadServiceImpl implements EasArchiveFileDownload
         return true;
     }
 
+    @Override
+    public boolean validateArchiveNumberByUser(String archiveNumber, String studentNumber) {
+        EasArcArchivesExample easArcArchivesExample = new EasArcArchivesExample();
+        EasArcArchivesExample.Criteria criteria = easArcArchivesExample.createCriteria();
+        criteria.andArchiveNumberEqualTo(archiveNumber);
+        criteria.andStudentNumberEqualTo(studentNumber);
+        long l = archivesMapper.countByExample(easArcArchivesExample);
+        return l >= 1;
+    }
+
     private String getFileExtension(String filePath) {
         // 获取文件后缀名逻辑，请根据实际情况实现
         if (filePath == null || filePath.isEmpty()) {