完善登录判断

core/src/main/java/com/mooctest/crowd/domain/domainobject/CrowdTestProject.java

@@ -347,9 +347,6 @@ public class CrowdTestProject {
     public CrowdTestProject receiveProject(User user) {
         //判断是否为区域管理员
         RegionalManager regionalManager = user.getRegionalManager();
-        if (regionalManager == null) {
-            throw new UserNotExistException("当前用户不是区域管理员，没有权限接收项目");
-        }
 
         //判断项目状态
         if (this.getStatus() != CrowdTestProjectStatus.HAS_RELEASED) {
@@ -651,15 +648,10 @@ public class CrowdTestProject {
      *
      * @return
      */
-    public CrowdTestProject commitCrowdTestProject(User user) {
-        //判断是否为区域管理员
-        RegionalManager regionalManager = user.getRegionalManager();
-        if (regionalManager == null) {
-            throw new UserNotExistException("当前用户不是区域管理员，没有权限提交项目");
-        }
+    public CrowdTestProject commitCrowdTestProject(Long userId) {
 
         //判断是否是当前项目的区域管理员
-        if (!this.regionalManagerId.equals(user.getId())) {
+        if (!this.regionalManagerId.equals(userId)) {
             throw new CrowdTestProjectException("当前用户没有权限操作此项目！");
         }
 

core/src/main/java/com/mooctest/crowd/domain/repository/CrowdTestProjectRepo.java

@@ -366,11 +366,10 @@ public class CrowdTestProjectRepo implements ICrowdTestProjectRepo {
     /**
      * 根据projectId删除Project
      *
-     * @param projectId
      * @return boolean
      */
-    public void deleteByProjectId(Long projectId) {
-        Optional<CrowdTestProjectPO> project = crowdTestProjectDao.findById(projectId);
+    public void deleteByProjectId(String projectCode) {
+        Optional<CrowdTestProjectPO> project = Optional.ofNullable(crowdTestProjectDao.findByCodeAndIsDeleted(projectCode, DeletedStatus.isNotDeleted));
         if (!project.isPresent())
             throw new CrowdTestProjectNotExistException();
         crowdTestProjectDao.delete(project.get());

core/src/test/java/com/mooctest/crowd/domain/repository/CrowdTestProjectRepoTest.java

@@ -250,20 +250,4 @@ public class CrowdTestProjectRepoTest {
         //action
         crowdTestProjectRepo.removeCrowdTestProjectList(crowdTestProjectList);
     }
-
-    @Test
-    public void should_return_void_when_remove_project_by_id(){
-        //arrange
-        when(crowdTestProjectDao.findById(1L)).thenReturn(Optional.of(crowdTestProjectPO));
-        //action
-        crowdTestProjectRepo.deleteByProjectId(crowdTestProjectPO.getId());
-    }
-
-    @Test(expected = CrowdTestProjectNotExistException.class)
-    public void should_throw_when_remove_project_by_id_not_exist(){
-        //arrange
-        when(crowdTestProjectDao.findById(1L)).thenReturn(Optional.empty());
-        //action
-        crowdTestProjectRepo.deleteByProjectId(crowdTestProjectPO.getId());
-    }
 }

site/src/main/java/com/mooctest/crowd/site/configuration/WebMvcConfiguration.java

@@ -29,11 +29,10 @@ public class WebMvcConfiguration implements WebMvcConfigurer {
     public void addInterceptors(InterceptorRegistry registry) {
         registry.addInterceptor(fileCheckInterceptor)
                 .addPathPatterns("/api/files/**");
-//        registry.addInterceptor(authCheckInterceptor)
-//                .excludePathPatterns("/api/common/**")
-//                .addPathPatterns("/**");
-//        registry.addInterceptor(sysAdminCheckInterceptor)
-//                .addPathPatterns("/api/user/**");
-    }
+        registry.addInterceptor(authCheckInterceptor)
+                .addPathPatterns("/**");
+        registry.addInterceptor(sysAdminCheckInterceptor)
+                .addPathPatterns("/api/user/**");
     }
+}
 

site/src/main/java/com/mooctest/crowd/site/controller/CrowdProjectController.java

@@ -42,23 +42,17 @@ public class CrowdProjectController{
      * @param result
      * @return
      */
+    @LoginRequired
     @RequestMapping(value = "/api/project/", method = RequestMethod.POST)
     @ApiOperation(value = "创建项目接口", notes = "创建项目")
     public ProjectDetailsDTO createProject(@Validated @RequestBody CrowdTestProjectCommand crowdTestProjectCommand, BindingResult result,HttpSession session){
-        long userId;
-        try{
-            userId = Long.parseLong((String) session.getAttribute("userId"));
-        }catch (Exception e){
-            throw new BaseException("未登录，请先登录");
-        }
-
         if (result.hasErrors()) {
             throw new BaseException(result.getFieldErrors().toString());
         }
         else if (!crowdTestProjectCommand.isLegal())
             throw new BaseException("信息不合法，项目可见性必须选择指定的市");
 //            throw new BaseException("信息不合法，项目可见性存在问题");
-        return projectService.createCrowdProject(crowdTestProjectCommand,userId);
+        return projectService.createCrowdProject(crowdTestProjectCommand, Long.parseLong((String) session.getAttribute("userId")));
     }
 
     /**
@@ -66,14 +60,11 @@ public class CrowdProjectController{
      * @param projectCode
      * @return
      */
+    @LoginRequired
     @RequestMapping(value = "/api/project/{projectCode}", method = RequestMethod.GET)
     public ProjectDetailsDTO getProject(@PathVariable("projectCode") String projectCode, HttpSession session){
         log.info("访问Project详情，projectId："+projectCode);
-        Object loginUser = session.getAttribute("userId");
-        Long userId = null;
-        if (loginUser!=null)
-            userId = Long.parseLong((String)loginUser);
-        return projectService.getProjectDetails(projectCode, userId);
+        return projectService.getProjectDetails(projectCode, Long.parseLong((String)session.getAttribute("userId")));
     }
 
     /**
@@ -93,24 +84,26 @@ public class CrowdProjectController{
      * @param result
      * @return
      */
+    @LoginRequired
     @RequestMapping(value = "/api/project/{projectCode}", method = RequestMethod.PUT)
-    public ProjectDetailsDTO updateProject(@Validated @RequestBody CrowdTestProjectCommand crowdTestProjectCommand, @PathVariable("projectCode") String projectCode, BindingResult result){
+    public ProjectDetailsDTO updateProject(@Validated @RequestBody CrowdTestProjectCommand crowdTestProjectCommand, @PathVariable("projectCode") String projectCode, BindingResult result, HttpSession session){
         if (result.hasErrors())
             throw new BaseException(result.getFieldErrors().toString());
         else if (!crowdTestProjectCommand.isLegal())
             throw new BaseException("信息不合法，项目可见性必须选择指定的市");
 //            throw new BaseException("信息不合法，项目可见性存在问题");
-        return projectService.updateProject(projectCode, crowdTestProjectCommand);
+        return projectService.updateProject(projectCode, crowdTestProjectCommand, Long.parseLong((String)session.getAttribute("userId")));
     }
 
     /**
      * 删除项目
-     * @param projectId
+     * @param projectCode
      * @param session
      */
-    @RequestMapping(value = "/api/project/{projectId}", method = RequestMethod.DELETE)
-    public void deleteProject(@PathVariable("projectId") Long projectId, HttpSession session){
-        projectService.deleteProject(projectId, (Long)session.getAttribute("userId"));
+    @LoginRequired
+    @RequestMapping(value = "/api/project/{projectCode}", method = RequestMethod.DELETE)
+    public void deleteProject(@PathVariable("projectCode") String projectCode, HttpSession session){
+        projectService.deleteProject(projectCode, (Long)session.getAttribute("userId"));
     }
 
     /**
@@ -164,7 +157,7 @@ public class CrowdProjectController{
 
     @LoginRequired
     @RequestMapping(value = "/api/project/{projectCode}/status/rejected", method = RequestMethod.PUT)
-    public ProjectDetailsDTO rejectProejct(@PathVariable("projectCode") String projectCode, HttpSession session){
+    public ProjectDetailsDTO rejectProject(@PathVariable("projectCode") String projectCode, HttpSession session){
         Long userId = Long.parseLong((String)session.getAttribute("userId"));
         return projectService.rejectProject(projectCode, userId);
     }

site/src/main/java/com/mooctest/crowd/site/controller/CrowdReportController.java

@@ -1,6 +1,7 @@
 package com.mooctest.crowd.site.controller;
 
 import com.mooctest.crowd.domain.exception.BaseException;
+import com.mooctest.crowd.site.annotation.LoginRequired;
 import com.mooctest.crowd.site.command.CrowdTestReportCommand;
 import com.mooctest.crowd.site.data.dto.ReportDetailsDTO;
 import com.mooctest.crowd.site.service.CrowdReportService;
@@ -27,6 +28,7 @@ public class CrowdReportController {
     @Autowired
     private CrowdReportService reportService;
 
+    @LoginRequired
     @RequestMapping(value = "/project/{projectCode}/task/{taskCode}/report/{reportCode}", method = RequestMethod.GET)
     public ReportDetailsDTO getTaskReport(@PathVariable("projectCode") String projectCode,
                                           @PathVariable("taskCode") String taskCode,
@@ -36,6 +38,7 @@ public class CrowdReportController {
         return reportService.getTaskReport(projectCode, taskCode, reportCode, userId);
     }
 
+    @LoginRequired
     @RequestMapping(value = "/project/{projectCode}/task/{taskCode}/report", method = RequestMethod.POST)
     public ReportDetailsDTO createTaskReport(@PathVariable("projectCode") String projectCode,
                                              @PathVariable("taskCode") String taskCode,
@@ -48,6 +51,7 @@ public class CrowdReportController {
         return reportService.createTaskReport(projectCode, taskCode, command, userId);
     }
 
+    @LoginRequired
     @RequestMapping(value = "/project/{projectCode}/task/{taskCode}/report/{reportCode}", method = RequestMethod.PUT)
     public ReportDetailsDTO updateTaskReport(@PathVariable("projectCode") String projectCode,
                                              @PathVariable("taskCode") String taskCode,
@@ -61,14 +65,16 @@ public class CrowdReportController {
         return reportService.updateTaskReport(projectCode, taskCode, reportCode, command, userId);
     }
 
-    @RequestMapping(value = "/project/{projectCode}/task/{taskCode}/report/{reportCode}", method = RequestMethod.DELETE)
-    public void deleteTaskReport(@PathVariable("projectCode") String projectCode,
-                                 @PathVariable("taskCode") String taskCode,
-                                 @PathVariable("reportCode") String reportCode){
-        reportService.deleteTaskReport(projectCode, taskCode, reportCode);
-    }
+//    @LoginRequired
+//    @RequestMapping(value = "/project/{projectCode}/task/{taskCode}/report/{reportCode}", method = RequestMethod.DELETE)
+//    public void deleteTaskReport(@PathVariable("projectCode") String projectCode,
+//                                 @PathVariable("taskCode") String taskCode,
+//                                 @PathVariable("reportCode") String reportCode){
+//        reportService.deleteTaskReport(projectCode, taskCode, reportCode);
+//    }
 
 
+    @LoginRequired
     @RequestMapping(value = "/project/{projectCode}/report", method = RequestMethod.POST)
     public ReportDetailsDTO createProjectReport(@PathVariable("projectCode") String projectCode,
                                                 @RequestBody @Validated CrowdTestReportCommand command, BindingResult result){
@@ -77,6 +83,7 @@ public class CrowdReportController {
         return reportService.createProjectReport(projectCode, command);
     }
 
+    @LoginRequired
     @RequestMapping(value = "/project/{projectCode}/report/{reportCode}", method = RequestMethod.GET)
     public ReportDetailsDTO getProjectReport(@PathVariable("projectCode") String projectCode,
                                              @PathVariable("reportCode") String reportCode,
@@ -86,12 +93,14 @@ public class CrowdReportController {
         return reportService.getProjectReport(projectCode, reportCode, Long.parseLong((String)session.getAttribute("userId")));
     }
 
+    @LoginRequired
     @RequestMapping(value = "/project/{projectCode}/report/{reportCode}", method = RequestMethod.DELETE)
     public boolean deleteProjectReport(@PathVariable("reportCode")String reportCode){
         return true;
     }
 
 
+    @LoginRequired
     @RequestMapping(value = "/project/{projectCode}/report/{reportCode}", method = RequestMethod.PUT)
     public ReportDetailsDTO updateProjectReport(@PathVariable("projectCode") String projectCode,
                                                 @PathVariable("reportCode") String reportCode,

site/src/main/java/com/mooctest/crowd/site/controller/CrowdTaskController.java

@@ -39,11 +39,9 @@ public class CrowdTaskController{
     @Autowired
     private CrowdTaskService taskService;
 
+    @LoginRequired
     @RequestMapping(value = "/project/{projectCode}/task/{taskCode}", method = RequestMethod.GET)
     public TaskDetailsDTO getTask(@PathVariable("projectCode") String projectCode, @PathVariable("taskCode") String taskCode, HttpSession session){
-        Object user = session.getAttribute("userId");
-        if (user == null)
-            return taskService.getTaskDetails(projectCode, taskCode, null);
         Long userId = Long.parseLong((String)session.getAttribute("userId"));
         return taskService.getTaskDetails(projectCode, taskCode, userId);
     }
@@ -61,17 +59,20 @@ public class CrowdTaskController{
         return taskService.createTask(projectCode, command, Long.parseLong((String) session.getAttribute("userId")));
     }
 
+    @LoginRequired
     @RequestMapping(value = "/project/{projectCode}/task/{taskCode}/writerReportUrl", method = RequestMethod.GET)
     public ResponseVO<String> getWriterReportUrl(@PathVariable("projectCode") String projectCode, @PathVariable("taskCode") String taskCode,  HttpSession session){
         Long userId = Long.parseLong((String)session.getAttribute("userId"));
         return new ResponseVO<>(ServerCode.SUCCESS, taskService.getWriteReportUrl(projectCode, taskCode, userId));
     }
 
+    @LoginRequired
     @RequestMapping(value = "/task/{taskCode}", method = RequestMethod.DELETE)
     public boolean deleteTask(@PathVariable("taskCode")String taskCode){
         return true;
     }
 
+    @LoginRequired
     @RequestMapping(value = "/task", method = RequestMethod.GET)
     public TaskSquareDTO getTasks(){
         return taskService.getAllTasks();
@@ -143,17 +144,20 @@ public class CrowdTaskController{
     }
 
 
+    @LoginRequired
     @RequestMapping(value = "/jump/{projectCode}/{taskCode}/{userId}", method = RequestMethod.GET)
     public void jumpPublicTesting(@PathVariable("projectCode") String projectCode, @PathVariable("taskCode") String taskCode,
                                      @PathVariable("userId") Long userId){
         taskService.jumpPublicTesting(projectCode,taskCode,userId);
     }
 
+    @LoginRequired
     @RequestMapping(value = "/project/{projectCode}/task/{taskCode}/word", method = RequestMethod.GET)
     public ResponseVO<List<JabaResult>> getTaskWord(@PathVariable("projectCode") String projectCode, @PathVariable("taskCode") String taskCode, HttpSession session){
         return new ResponseVO<>(ServerCode.SUCCESS, taskService.getTaskWord(projectCode, taskCode));
     }
 
+    @LoginRequired
     @RequestMapping(value = "/project/{projectCode}/task/{taskCode}/word/{taskDescription}", method = RequestMethod.GET)
     public ResponseVO<List<JabaResult>> getTaskWord(@PathVariable("projectCode") String projectCode, @PathVariable("taskCode") String taskCode, @PathVariable("taskDescription") String taskDescription,HttpSession session){
         return new ResponseVO<>(ServerCode.SUCCESS, taskService.getTaskWord(projectCode, taskCode, taskDescription));
@@ -166,6 +170,7 @@ public class CrowdTaskController{
      * @param session
      * @return
      */
+    @LoginRequired
     @RequestMapping(value = "/project/{projectCode}/task/{taskCode}/export", method = RequestMethod.GET)
     public ResponseVO<String> exportTask(@PathVariable("projectCode") String projectCode, @PathVariable("taskCode") String taskCode, HttpSession session){
         Long userId = Long.parseLong((String)session.getAttribute("userId"));
@@ -178,12 +183,14 @@ public class CrowdTaskController{
      * @param session
      * @return
      */
+    @LoginRequired
     @RequestMapping(value = "/project/task/import", method = RequestMethod.POST)
     public ResponseVO<ProjectDetailsDTO> importTask(MultipartFile file, HttpSession session){
         Long userId = Long.parseLong((String)session.getAttribute("userId"));
         return new ResponseVO<>(ServerCode.SUCCESS, taskService.importTask(file, userId, 0));
     }
 
+
     @RequestMapping(value = "/exam/{examId}/info", method = RequestMethod.GET)
     public ExamVO getExamBaseInfo(@PathVariable("examId")Long examId){
         return taskService.getExamInfo(examId);

site/src/main/java/com/mooctest/crowd/site/controller/PersonalDataController.java

@@ -1,5 +1,6 @@
 package com.mooctest.crowd.site.controller;
 
+import com.mooctest.crowd.site.annotation.LoginRequired;
 import com.mooctest.crowd.site.data.dto.BankCardDTO;
 import com.mooctest.crowd.site.data.dto.QualificationDTO;
 import com.mooctest.crowd.site.data.dto.UserDTO;
@@ -7,11 +8,14 @@ import com.mooctest.crowd.site.data.vo.BankCardVO;
 import com.mooctest.crowd.site.data.vo.QualificationVO;
 import com.mooctest.crowd.site.data.vo.UserVO;
 import com.mooctest.crowd.site.service.PersonalDataService;
+import com.mooctest.crowd.site.util.CheckLoginUtil;
 import io.swagger.annotations.Api;
 import org.codehaus.jettison.json.JSONException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
 
+import javax.servlet.http.HttpSession;
+
 @RestController
 @RequestMapping("/api/personal")
 @Api(tags = "个人资料相关接口", description = "提供个人信息、我的资质、我的银行卡相关的 Rest API")
@@ -20,58 +24,75 @@ public class PersonalDataController {
     @Autowired
     private PersonalDataService personalDataService;
 
+    @LoginRequired
     @RequestMapping(value = "/display/{userId:\\d+}", method = RequestMethod.GET)
-    public UserDTO getInformation(@PathVariable("userId") long userId){
-        return  personalDataService.getInformation(userId);
+    public UserDTO getInformation(@PathVariable("userId") long userId, HttpSession session){
+        return personalDataService.getInformation(userId);
     }
 
+    @LoginRequired
     @RequestMapping(value = "/update/{userId:\\d+}", method = RequestMethod.PUT)
-    public UserDTO updateInformation(@PathVariable("userId") long userId, @RequestBody UserVO userVO) {
-        return  personalDataService.updateInformation(userId,userVO);
+    public UserDTO updateInformation(@PathVariable("userId") long userId, @RequestBody UserVO userVO, HttpSession session) {
+        return personalDataService.updateInformation(userId,userVO);
     }
 
+    @LoginRequired
     @RequestMapping(value = "/displayqualification/{userId:\\d+}", method = RequestMethod.GET)
-    public QualificationDTO getQualification(@PathVariable("userId") long userId){
-        return  personalDataService.getQualification(userId);
+    public QualificationDTO getQualification(@PathVariable("userId") long userId, HttpSession session){
+        CheckLoginUtil.checkIsSameId(userId, session);
+        return personalDataService.getQualification(userId);
     }
 
+    @LoginRequired
     @RequestMapping(value = "/addqualification/{userId:\\d+}", method = RequestMethod.POST)
-    public QualificationDTO addQualification(@PathVariable("userId") long userId, @RequestBody QualificationVO qualificationVO){
-        return  personalDataService.addQualification(userId,qualificationVO);
+    public QualificationDTO addQualification(@PathVariable("userId") long userId, @RequestBody QualificationVO qualificationVO, HttpSession session){
+        CheckLoginUtil.checkIsSameId(userId, session);
+        return personalDataService.addQualification(userId,qualificationVO);
     }
 
+    @LoginRequired
     @RequestMapping(value = "/displayone/{id:\\d+}", method = RequestMethod.GET)
     public QualificationDTO displayOneQualification(@PathVariable("id") long id){
-        return  personalDataService.getOne(id);
+        return personalDataService.getOne(id);
     }
 
+    @LoginRequired
     @RequestMapping(value = "/updatequalification/{id:\\d+}/{userId:\\d+}", method = RequestMethod.PUT)
-    public QualificationDTO updateQualification(@PathVariable("id") long id, @PathVariable("userId") long userId,@RequestBody QualificationVO qualificationVO){
-        return  personalDataService.updateQualification(id,userId,qualificationVO);
+    public QualificationDTO updateQualification(@PathVariable("id") long id, @PathVariable("userId") long userId,@RequestBody QualificationVO qualificationVO, HttpSession session){
+        CheckLoginUtil.checkIsSameId(userId, session);
+        return personalDataService.updateQualification(id,userId,qualificationVO);
     }
 
+    @LoginRequired
     @RequestMapping(value = "/deletequalification/{id:\\d+}/{userId:\\d+}", method = RequestMethod.DELETE)
-    public QualificationDTO deleteQualification(@PathVariable("id") long id, @PathVariable("userId") long userId){
-        return  personalDataService.deleteQualification(id,userId);
+    public QualificationDTO deleteQualification(@PathVariable("id") long id, @PathVariable("userId") long userId, HttpSession session){
+        CheckLoginUtil.checkIsSameId(userId, session);
+        return personalDataService.deleteQualification(id,userId);
     }
 
+    @LoginRequired
     @RequestMapping(value = "/displaybankcard/{userId:\\d+}", method = RequestMethod.GET)
-    public BankCardDTO getBankCard(@PathVariable("userId") long userId){
-        return  personalDataService.getBankCard(userId);
+    public BankCardDTO getBankCard(@PathVariable("userId") long userId, HttpSession session){
+        CheckLoginUtil.checkIsSameId(userId, session);
+        return personalDataService.getBankCard(userId);
     }
 
+    @LoginRequired
     @RequestMapping(value = "/addbankcard/{userId:\\d+}", method = RequestMethod.POST)
-    public BankCardDTO addBankCard(@PathVariable("userId") long userId, @RequestBody BankCardVO bankCardVO) throws JSONException {
-        return  personalDataService.addBankCard(userId,bankCardVO);
+    public BankCardDTO addBankCard(@PathVariable("userId") long userId, @RequestBody BankCardVO bankCardVO, HttpSession session) throws JSONException {
+        CheckLoginUtil.checkIsSameId(userId, session);
+        return personalDataService.addBankCard(userId,bankCardVO);
     }
 
+    @LoginRequired
     @RequestMapping(value = "/deletebankcard/{id:\\d+}/{userId:\\d+}", method = RequestMethod.DELETE)
-    public BankCardDTO deleteBankCard(@PathVariable("id") long id, @PathVariable("userId") long userId){
-        return  personalDataService.deleteBankCard(id,userId);
+    public BankCardDTO deleteBankCard(@PathVariable("id") long id, @PathVariable("userId") long userId, HttpSession session){
+        CheckLoginUtil.checkIsSameId(userId, session);
+        return personalDataService.deleteBankCard(id,userId);
     }
 
     @RequestMapping(value = "/banktype", method = RequestMethod.GET)
     public BankCardDTO displayBankType(){
-        return  personalDataService.getBankType();
+        return personalDataService.getBankType();
     }
 }

site/src/main/java/com/mooctest/crowd/site/controller/UploadController.java

@@ -1,16 +1,21 @@
 package com.mooctest.crowd.site.controller;
 
+import com.mooctest.crowd.site.annotation.LoginRequired;
 import com.mooctest.crowd.site.service.UploadService;
+import com.mooctest.crowd.site.util.CheckLoginUtil;
 import io.swagger.annotations.Api;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
 
+import javax.servlet.http.HttpSession;
+
 /**
  * @author: Diors.Po
  * @Email: 171256175@qq.com
  * @date 2019-08-05 19:23
  */
+@LoginRequired
 @RestController
 @RequestMapping("/api/files")
 @Api(tags = "上传相关接口", description = "提供上传相关的 Rest API")
@@ -19,39 +24,39 @@ public class UploadController {
     @Autowired
     private UploadService uploadService;
 
-    // 需要验证身份
     @RequestMapping(value = "/requirementfile/{userId}", method = RequestMethod.POST)
-    public String uploadRequirementDoc(MultipartFile file, @PathVariable("userId") Long userId, @RequestParam(value = "uploadType", defaultValue = "0") String uploadType){
+    public String uploadRequirementDoc(MultipartFile file, @PathVariable("userId") Long userId, @RequestParam(value = "uploadType", defaultValue = "0") String uploadType, HttpSession session){
+        CheckLoginUtil.checkIsSameId(userId, session);
         return uploadService.uploadRequirement(file, userId, Integer.parseInt(uploadType));
     }
 
     @RequestMapping(value = "/taskFile/{userId}", method = RequestMethod.POST)
-    public String uploadTaskFile(MultipartFile file, @PathVariable("userId") Long userId, @RequestParam(value = "uploadType", defaultValue = "0") String uploadType){
+    public String uploadTaskFile(MultipartFile file, @PathVariable("userId") Long userId, @RequestParam(value = "uploadType", defaultValue = "0") String uploadType, HttpSession session){
+        CheckLoginUtil.checkIsSameId(userId, session);
         return uploadService.uploadTask(file, userId, Integer.parseInt(uploadType));
     }
 
     @RequestMapping(value = "/apk/{userId}", method = RequestMethod.POST)
-    public String uploadApk(MultipartFile file, @PathVariable("userId") Long userId, @RequestParam(value = "uploadType", defaultValue = "0") String uploadType){
+    public String uploadApk(MultipartFile file, @PathVariable("userId") Long userId, @RequestParam(value = "uploadType", defaultValue = "0") String uploadType, HttpSession session){
+        CheckLoginUtil.checkIsSameId(userId, session);
         return uploadService.uploadAPK(file, userId, Integer.parseInt(uploadType));
     }
 
     @RequestMapping(value = "/report/{userId}", method = RequestMethod.POST)
-    public String uploadReport(MultipartFile file, @PathVariable("userId") Long userId, @RequestParam(value = "uploadType", defaultValue = "0") String uploadType){
+    public String uploadReport(MultipartFile file, @PathVariable("userId") Long userId, @RequestParam(value = "uploadType", defaultValue = "0") String uploadType, HttpSession session){
+        CheckLoginUtil.checkIsSameId(userId, session);
         return uploadService.uploadReport(file, userId, Integer.parseInt(uploadType));
     }
 
     @RequestMapping(value = "/image/{userId}", method = RequestMethod.POST)
-    public String uploadImage(MultipartFile file, @PathVariable("userId") Long userId, @RequestParam(value = "uploadType", defaultValue = "0") String uploadType){
+    public String uploadImage(MultipartFile file, @PathVariable("userId") Long userId, @RequestParam(value = "uploadType", defaultValue = "0") String uploadType, HttpSession session){
+        CheckLoginUtil.checkIsSameId(userId, session);
         return uploadService.uploadImage(file, userId, Integer.parseInt(uploadType));
     }
 
     @RequestMapping(value = "/authinfo/{userId}", method = RequestMethod.POST)
-    public String uploadAuthInfo(MultipartFile file, @PathVariable("userId") Long userId, @RequestParam(value = "uploadType", defaultValue = "0") String uploadType){
+    public String uploadAuthInfo(MultipartFile file, @PathVariable("userId") Long userId, @RequestParam(value = "uploadType", defaultValue = "0") String uploadType, HttpSession session){
+        CheckLoginUtil.checkIsSameId(userId, session);
         return uploadService.uploadAuthInfo(file, userId, Integer.parseInt(uploadType));
     }
-
-    @RequestMapping(value = "/generalFile", method = RequestMethod.POST)
-    public String uploadGeneralFile(MultipartFile file, @RequestParam(value = "uploadType", defaultValue = "0") String uploadType){
-        return uploadService.uploadGeneralFile(file, Integer.parseInt(uploadType));
-    }
 }

site/src/main/java/com/mooctest/crowd/site/controller/UserController.java

@@ -58,11 +58,13 @@ public class UserController extends BaseController{
         return null;
     }
 
+    @LoginRequired
     @RequestMapping(value = "/user/{userId}", method = RequestMethod.DELETE)
     public boolean deleteUser(@PathVariable("userId") Long userId) {
         return true;
     }
 
+    @LoginRequired
     @RequestMapping(value = "/user/{userId}", method = RequestMethod.GET)
     public UserDTO getUser(@PathVariable Long userId) {
         return userService.getUser(userId);
@@ -73,11 +75,13 @@ public class UserController extends BaseController{
      * @param userId
      * @return
      */
+    @LoginRequired
     @RequestMapping(value = "/user/image/{userId}", method = RequestMethod.GET)
     public ResponseVO<String> getUserImage(@PathVariable Long userId) {
         return new ResponseVO<>(ServerCode.SUCCESS, userService.getUserImage(userId));
     }
 
+    @LoginRequired
     @RequestMapping(value = "/user", method = RequestMethod.GET)
     public List<UserDTO> getUsers() {
         return null;
@@ -90,6 +94,7 @@ public class UserController extends BaseController{
         return userService.loginByMobileAndPwd(loginCommand);
     }
 
+    @LoginRequired
     @RequestMapping(value = "/user/detail/{userId}", method = RequestMethod.GET)
     public ResponseVO<UserVO> getUserDetail(@PathVariable Long userId) {
         return new ResponseVO(ServerCode.SUCCESS, userService.getUserDetail(userId));
@@ -98,6 +103,7 @@ public class UserController extends BaseController{
     /**
      * 修改密码
      */
+    @LoginRequired
     @RequestMapping(value = "/password/reset", method = RequestMethod.PUT)
     public ResponseVO<Object> resetPassword(@RequestBody RestPasswordCommand restPasswordCommand, HttpServletRequest request) throws InvocationTargetException, IllegalAccessException {
         return userService.restPassword(restPasswordCommand, request);
@@ -138,6 +144,7 @@ public class UserController extends BaseController{
     /**
      * 修改手机号
      */
+    @LoginRequired
     @RequestMapping(value = "/user/mobile", method = RequestMethod.PUT)
     public ResponseVO<Object> updateMobile(@RequestBody ModifyCommand mobileCommand, HttpServletRequest request) throws InvocationTargetException, IllegalAccessException {
         return userService.updateMobile(mobileCommand, request);

site/src/main/java/com/mooctest/crowd/site/controller/interceptor/AuthCheckInterceptor.java

@@ -1,6 +1,5 @@
 package com.mooctest.crowd.site.controller.interceptor;
 
-import com.mooctest.crowd.domain.exception.BaseException;
 import com.mooctest.crowd.domain.exception.UnauthorizedException;
 import com.mooctest.crowd.site.annotation.LoginRequired;
 import lombok.extern.slf4j.Slf4j;
@@ -19,8 +18,9 @@ import javax.servlet.http.HttpServletResponse;
 @Slf4j
 @Component
 public class AuthCheckInterceptor extends HandlerInterceptorAdapter {
+
     @Override
-    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
         if (hasLoginRequired(handler)){
             log.info("需要认证的接口访问行为");
             if (request.getSession().getAttribute("userId") == null)

site/src/main/java/com/mooctest/crowd/site/mediator/impl/WebMediatorImpl.java

@@ -1233,21 +1233,31 @@ public class WebMediatorImpl implements ViewMediator {
         if(qualificationVO.getTime().after(now)){
             throw new HttpBadRequestException("请输入正确的发证时间");
         }
-        Optional<QualificationPO> qualificationPO = qualificationDao.findById(id);
-        qualificationPO.get().setName(qualificationVO.getName());
-        qualificationPO.get().setNumber(qualificationVO.getNumber());
-        qualificationPO.get().setLicensingAuthority(qualificationVO.getLicensingAuthority());
-        qualificationPO.get().setTime(qualificationVO.getTime());
-        qualificationPO.get().setIsPublic(qualificationVO.getIsPublic());
-        qualificationDao.save(qualificationPO.get());
+        Optional<QualificationPO> qualificationPOOptional = qualificationDao.findById(id);
+        QualificationPO qualificationPO = qualificationPOOptional.get();
+        this.checkIsSelf(userId, qualificationPO);
+        qualificationPO.setName(qualificationVO.getName());
+        qualificationPO.setNumber(qualificationVO.getNumber());
+        qualificationPO.setLicensingAuthority(qualificationVO.getLicensingAuthority());
+        qualificationPO.setTime(qualificationVO.getTime());
+        qualificationPO.setIsPublic(qualificationVO.getIsPublic());
+        qualificationDao.save(qualificationPO);
         return this.getQualification(userId);
     }
 
+    private void checkIsSelf(long userId, QualificationPO qualificationPO) {
+        if(!qualificationPO.getUserId().equals(userId)){
+            throw new BaseException("当前用户无权限操作！");
+        }
+    }
+
     @Override
     public QualificationDTO deleteQualification(long id, long userId) {
-        Optional<QualificationPO> qualificationPO = qualificationDao.findById(id);
-        qualificationPO.get().setIsDeleted(1);
-        qualificationDao.save(qualificationPO.get());
+        Optional<QualificationPO> qualificationPOOptional = qualificationDao.findById(id);
+        QualificationPO qualificationPO = qualificationPOOptional.get();
+        this.checkIsSelf(userId, qualificationPO);
+        qualificationPO.setIsDeleted(1);
+        qualificationDao.save(qualificationPO);
         return this.getQualification(userId);
     }
 
@@ -1530,7 +1540,7 @@ public class WebMediatorImpl implements ViewMediator {
         }
 
         // 任务时间截止，对于区域管理员可以有导出和fork功能
-        if(task.getStatus() == CrowdTestTaskStatus.HAS_TIME_OUT){
+        if(task.getStatus() == CrowdTestTaskStatus.HAS_TIME_OUT || task.getStatus() == CrowdTestTaskStatus.HAS_FINISHED){
             if (user.getRoleList().stream().anyMatch(role -> role.getName().equals(RoleType.SYSTEM_ADMIN.getName()))
                     || (user.getRegionalManager() != null && user.getId().equals(project.getRegionalManagerId()))) {
                 // 不管何时都可以导出任务

site/src/main/java/com/mooctest/crowd/site/service/CrowdProjectService.java

@@ -31,9 +31,9 @@ public interface CrowdProjectService {
 
     ProjectDetailsDTO createCrowdProject(CrowdTestProjectCommand command,long userId);
 
-    ProjectDetailsDTO updateProject(String projectCode, CrowdTestProjectCommand crowdTestProjectCommand);
+    ProjectDetailsDTO updateProject(String projectCode, CrowdTestProjectCommand crowdTestProjectCommand, Long userId);
 
-    void deleteProject(Long projectId, Long userId);
+    void deleteProject(String projectCode, Long userId);
 
     ProjectDetailsDTO generateProjectWithData(GenerateProjectCommand command);
 

site/src/main/java/com/mooctest/crowd/site/service/impl/CrowdProjectServiceImpl.java

@@ -7,10 +7,8 @@ import com.mooctest.crowd.domain.dao.TestTypeDao;
 import com.mooctest.crowd.domain.dao.UserTaskCountDao;
 import com.mooctest.crowd.domain.domainobject.*;
 import com.mooctest.crowd.domain.domainobject.enums.DistributeType;
-import com.mooctest.crowd.domain.exception.BadRequestException;
-import com.mooctest.crowd.domain.exception.BaseException;
-import com.mooctest.crowd.domain.exception.Excel2ProjectException;
-import com.mooctest.crowd.domain.exception.HaveNotPartAuthException;
+import com.mooctest.crowd.domain.domainobject.enums.RoleType;
+import com.mooctest.crowd.domain.exception.*;
 import com.mooctest.crowd.domain.factory.CrowdTestProjectFactory;
 import com.mooctest.crowd.domain.model.UserTaskCountPO;
 import com.mooctest.crowd.domain.repository.CommonRepo;
@@ -23,7 +21,6 @@ import com.mooctest.crowd.site.configuration.DataCache;
 import com.mooctest.crowd.site.data.ColumnFilter;
 import com.mooctest.crowd.site.data.dto.ProjectDetailsDTO;
 import com.mooctest.crowd.site.data.enums.ProjectType;
-import com.mooctest.crowd.domain.domainobject.enums.RoleType;
 import com.mooctest.crowd.site.data.vo.CrowdProjectVO;
 import com.mooctest.crowd.site.data.vo.CrowdTestProjectVO;
 import com.mooctest.crowd.site.data.vo.RegionalManagerVO;
@@ -202,8 +199,9 @@ public class CrowdProjectServiceImpl implements CrowdProjectService {
     }
 
     @Override
-    public ProjectDetailsDTO updateProject(String projectCode, CrowdTestProjectCommand crowdTestProjectCommand) {
+    public ProjectDetailsDTO updateProject(String projectCode, CrowdTestProjectCommand crowdTestProjectCommand, Long userId) {
         CrowdTestProject project = projectRepo.getByProjectCodeJustInfo(projectCode);
+        this.checkProjectOfPublisher(userId, project);
         if (project.getStatus() == CrowdTestProjectStatus.HAS_FINISHED)
             throw new BaseException("结项项目禁止修改！");
         if (!project.getUserId().equals(crowdTestProjectCommand.getUserId()))
@@ -217,12 +215,18 @@ public class CrowdProjectServiceImpl implements CrowdProjectService {
         return getProjectDetails(projectCode, crowdTestProjectCommand.getUserId());
     }
 
+    private void checkProjectOfPublisher(Long userId, CrowdTestProject project) {
+        if(!project.getUserId().equals(userId)){
+            throw new BaseException("您不是此项目的发起者，不可对此项目进行操作！");
+        }
+    }
+
     @Override
-    public void deleteProject(Long projectId, Long userId) {
+    public void deleteProject(String projectCode, Long userId) {
+        CrowdTestProject project = projectRepo.getByProjectCodeJustInfo(projectCode);
+        this.checkProjectOfPublisher(userId, project);
         //todo 后面需要加入是否有权限进行删除
-        if (!projectRepo.getByID(projectId).getUserId().equals(userId))
-            throw new BaseException("没有权限");
-        projectRepo.deleteByProjectId(projectId);
+        projectRepo.deleteByProjectId(projectCode);
     }
 
     @Override
@@ -374,14 +378,23 @@ public class CrowdProjectServiceImpl implements CrowdProjectService {
     public ProjectDetailsDTO receiveProject(String projectCode, Long userId) {
         CrowdTestProject project = projectRepo.getByProjectCodeJustInfo(projectCode);
         User user = userRepo.getInfoAndRolesAndRegionalMangerByID(userId);
+        this.checkIsRegionalManager(user);
         project.receiveProject(user);
         projectRepo.saveCrowdTestProject(project);
         return getProjectDetails(projectCode, userId);
     }
 
+    private void checkIsRegionalManager(User user) {
+        if (user.getRegionalManager() == null) {
+            throw new UserNotExistException("当前用户不是区域管理员，没有权限操作项目");
+        }
+    }
+
     @Override
     public ProjectDetailsDTO rejectProject(String projectCode, Long userId) {
         CrowdTestProject project = projectRepo.getByProjectCodeJustInfo(projectCode);
+        User user = userRepo.getInfoAndRolesAndRegionalMangerByID(userId);
+        this.checkIsRegionalManager(user);
         project.reject(userId);
         projectRepo.saveCrowdTestProject(project);
         return getProjectDetails(projectCode, userId);
@@ -390,7 +403,9 @@ public class CrowdProjectServiceImpl implements CrowdProjectService {
     @Override
     public ProjectDetailsDTO commitProject(String projectCode, Long userId) {
         CrowdTestProject project = projectRepo.getByProjectCode(projectCode);
-        project.commitCrowdTestProject(userRepo.getInfoAndRolesAndRegionalMangerByID(userId));
+        User user = userRepo.getInfoAndRolesAndRegionalMangerByID(userId);
+        this.checkIsRegionalManager(user);
+        project.commitCrowdTestProject(userId);
         projectRepo.saveCrowdTestProject(project);
         return getProjectDetails(projectCode, userId);
     }
@@ -398,7 +413,9 @@ public class CrowdProjectServiceImpl implements CrowdProjectService {
     @Override
     public ProjectDetailsDTO confirmFinished(String projectCode, Long userId) {
         CrowdTestProject project = projectRepo.getByProjectCode(projectCode);
-
+        if(!userId.equals(project.getUserId())){
+            throw new BaseException("当前用户不是此项目的发起者，无权限结束此项目！");
+        }
         // 更新项目下测评机构或者测试人员的接包次数
         List<CrowdTestTask> crowdTestTasks = project.getCrowdTestTaskList();
         for(CrowdTestTask crowdTestTask : crowdTestTasks) {

site/src/main/java/com/mooctest/crowd/site/service/impl/CrowdTaskServiceImpl.java

@@ -7,7 +7,10 @@ import com.mooctest.crowd.domain.dao.*;
 import com.mooctest.crowd.domain.domainobject.*;
 import com.mooctest.crowd.domain.domainobject.enums.DistributeType;
 import com.mooctest.crowd.domain.domainobject.enums.RoleType;
-import com.mooctest.crowd.domain.exception.*;
+import com.mooctest.crowd.domain.exception.BaseException;
+import com.mooctest.crowd.domain.exception.CrowdTestTaskNotExistException;
+import com.mooctest.crowd.domain.exception.ExportTaskFileNotExistException;
+import com.mooctest.crowd.domain.exception.FileIsEmptyException;
 import com.mooctest.crowd.domain.model.ApplicationTypePO;
 import com.mooctest.crowd.domain.model.EndPointPO;
 import com.mooctest.crowd.domain.model.FieldPO;
@@ -266,6 +269,7 @@ public class CrowdTaskServiceImpl implements CrowdTaskService {
     public TaskDetailsDTO updateTask(String projectCode, String taskCode, CrowdTestTaskCommand command, Long userId) {
         CrowdTestProject project = projectRepo.getByProjectCodeAndTaskCode(projectCode, taskCode);
         CrowdTestTask task = this.getTaskByProjectAndTaskCode(project, taskCode);
+        this.checkIsProjectOfReceiver(userId, project);
         if (task.getStatus() == CrowdTestTaskStatus.HAS_FINISHED)
             throw new BaseException("禁止修改已结束的任务！");
         CrowdTestTask updateTask = command.toCrowdTask(projectCode);
@@ -311,6 +315,12 @@ public class CrowdTaskServiceImpl implements CrowdTaskService {
         return getTaskDetails(projectCode, taskCode, userId);
     }
 
+    private void checkIsProjectOfReceiver(Long userId, CrowdTestProject project) {
+        if(!userId.equals(project.getRegionalManagerId())){
+            throw new BaseException("此用户无操作任务的权限！");
+        }
+    }
+
     private String createTaskToCrowdService(String name, String desc, int collaborativeType, String threePageUrl) {
         MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
         params.add("name", name);
@@ -440,8 +450,7 @@ public class CrowdTaskServiceImpl implements CrowdTaskService {
     @Override
     public TaskDetailsDTO confirmFinish(String projectCode, String taskCode, Long userId) {
         CrowdTestProject project = projectRepo.getByProjectCodeAndTaskCode(projectCode, taskCode);
-        if (!project.getRegionalManagerId().equals(userId))
-            throw new UnauthorizedException("无权限对此任务进行此操作");
+        this.checkIsProjectOfReceiver(userId, project);
         CrowdTestTask task = project.getTask(taskCode);
         task.confirmFinish();
         projectRepo.saveCrowdTestProject(project);
@@ -451,8 +460,7 @@ public class CrowdTaskServiceImpl implements CrowdTaskService {
     @Override
     public TaskDetailsDTO addToken(String projectCode, String taskCode, Long userId, String token) {
         CrowdTestProject project = projectRepo.getByProjectCodeAndTaskCode(projectCode, taskCode);
-        if (!project.getRegionalManagerId().equals(userId))
-            throw new UnauthorizedException("无权限对此任务进行此操作");
+        this.checkIsProjectOfReceiver(userId, project);
         CrowdTestTask task = project.getTask(taskCode);
         task.addToken(token);
         projectRepo.saveCrowdTestProject(project);
@@ -473,8 +481,9 @@ public class CrowdTaskServiceImpl implements CrowdTaskService {
     @Override
     public String exportTask(String projectCode, String taskCode, Long userId) {
         // 获取项目和任务的详细信息，特定任务的信息
-        ProjectDetailsDTO projectDetailsDTO = viewMediator.renderProjectDetails(projectRepo.getByProjectCodeAndTaskCode(projectCode, taskCode), userId);
-
+        CrowdTestProject project = projectRepo.getByProjectCodeAndTaskCode(projectCode, taskCode);
+        ProjectDetailsDTO projectDetailsDTO = viewMediator.renderProjectDetails(project, userId);
+//        this.checkIsProjectOfReceiver(userId, project);
         // 文件夹路径
         String fileDirectoryPath = fileSaveRootPath + UploadType.EXPORT_TASK_FILE;
         File fileDirectory = new File(fileDirectoryPath);
@@ -567,7 +576,10 @@ public class CrowdTaskServiceImpl implements CrowdTaskService {
 
         // 将对象VO转成CrowdTestProject
         CrowdTestProject crowdTestProject = projectDetailsDTO.getProjectDetails().toCrowdTestProject();
-        User user = userRepo.getByIDJustInfo(userId);
+        User user = userRepo.getInfoAndRolesAndRegionalMangerByID(userId);
+        if(user.getRegionalManager() == null){
+            throw new BaseException("此用户不是与区管理员，无此操作权限！");
+        }
 
         // 为项目信息赋予导入的默认值
         setProjectDefaultValueToPrivateCloud(crowdTestProject, user);

site/src/main/java/com/mooctest/crowd/site/service/impl/PersonalDataServiceImpl.java

@@ -72,4 +72,5 @@ public class PersonalDataServiceImpl implements PersonalDataService {
     public BankCardDTO getBankType() {
         return viewMediator.getBankType();
     }
+
 }

site/src/main/java/com/mooctest/crowd/site/util/CheckLoginUtil.java

@@ -0,0 +1,22 @@
+package com.mooctest.crowd.site.util;
+
+import com.mooctest.crowd.domain.exception.BaseException;
+
+import javax.servlet.http.HttpSession;
+
+/**
+ * @author guochao
+ * @date 2021-06-01 15:52
+ */
+public class CheckLoginUtil {
+
+	public static void checkIsSameId(Long userId, HttpSession session) {
+		try {
+			if(!userId.equals(Long.parseLong((String) session.getAttribute("userId")))) {
+				throw new BaseException("非本人操作，请登录正确账号！");
+			}
+		}catch (NumberFormatException e){
+			throw new BaseException("请登录之后操作！");
+		}
+	}
+}

site/src/main/resources/application.yml

@@ -131,7 +131,7 @@ user:
 #    path: /var/www/
 feature:
   client:
-    oss: false
+    oss: true
   task:
     import: true  #任务导入
     recommend: false #任务推荐