hot-fix 课程权限控制

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/dao/OperationCourseDao.java

@@ -15,5 +15,5 @@ import java.util.List;
 public interface OperationCourseDao extends PagingAndSortingRepository<OperationCourse, Long>, JpaSpecificationExecutor<OperationCourse> {
     List<OperationCourse> findAllByUserId(Long userId);
 
-    List<OperationCourse> findAllByUserIdAndOperationAndIsDeleted(Long userId, String operation, int isDeleted);
+    List<OperationCourse> findAllByUserIdAndOperationNotAndIsDeleted(Long userId, String operation, int isDeleted);
 }

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/service/ThemeService.java

@@ -58,7 +58,9 @@ public interface ThemeService {
     List<ThemeDetail> getPlatformThemeDetails();
     List<ThemeDetail> getCourseByParticipant(Long participantId);
     Page<ParticipantCourse> getCourseByParticipant(Long userId, Map<String, String> extraCondition, String keyword, Pageable pageable);
-    Page<OperationCourse> getOperationCourseList(Pageable pageable, Long userId, Long ownerId, String operation, Map<String, String> extraCondition, String keyword);
+    Page<OperationCourse> getCustomizeCourseList(Pageable pageable, Long userId, Long ownerId, String operation, Map<String, String> extraCondition, String keyword);
+    Page<OperationCourse> getAuthorizedCourseList(Pageable pageable, Long userId, Long ownerId, String operation, Map<String, String> extraCondition, String keyword);
+
     List<OperationCourse> getOperationCourseList(Long userId, String operation);
     boolean isUserJoinCourse(Long courseId, Long participantId);
     Page<ThemeDetail> getPlatformThemeDetails(Map<String, String> extraCondition, Map<String, String> excludeCondition, Pageable pageable, String keyword);

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/service/impl/ThemeServiceImpl.java

@@ -272,14 +272,21 @@ public class ThemeServiceImpl implements ThemeService {
     }
 
     @Override
-    public Page<OperationCourse> getOperationCourseList(Pageable pageable, Long userId, Long ownerId, String operation, Map<String, String> extraCondition, String keyword) {
+    public Page<OperationCourse> getCustomizeCourseList(Pageable pageable, Long userId, Long ownerId, String operation, Map<String, String> extraCondition, String keyword) {
         Specifications<OperationCourse> where = Specifications.where(this.getWhereClause(OperationCourse.class, userId, ownerId, operation, extraCondition, keyword));
         return operationCourseDao.findAll(where, pageable);
     }
 
+
+    @Override
+    public Page<OperationCourse> getAuthorizedCourseList(Pageable pageable, Long userId, Long ownerId, String operation, Map<String, String> extraCondition, String keyword) {
+        Specifications<OperationCourse> where = Specifications.where(this.getOperationWhereClause(OperationCourse.class, userId, ownerId, operation, extraCondition, keyword));
+        return operationCourseDao.findAll(where, pageable);
+    }
+
     @Override
     public List<OperationCourse> getOperationCourseList(Long userId, String operation) {
-        return operationCourseDao.findAllByUserIdAndOperationAndIsDeleted(userId, operation, 0);
+        return operationCourseDao.findAllByUserIdAndOperationNotAndIsDeleted(userId, operation, 0);
     }
 
     private  <T> Specification<T> getWhereClause(Class<T> model, Long userId, Long ownerId, String operation, Map<String, String> extraCondition, String keyword) {
@@ -324,6 +331,48 @@ public class ThemeServiceImpl implements ThemeService {
         };
     }
 
+    private  <T> Specification<T> getOperationWhereClause(Class<T> model, Long userId, Long ownerId, String operation, Map<String, String> extraCondition, String keyword) {
+        return (root, query, builder) -> {
+            Predicate predicate = builder.conjunction();
+            try {
+                model.getDeclaredField("isDeleted");
+                predicate.getExpressions().add(
+                        builder.equal(root.<Long>get("isDeleted"), 0)
+                );
+            } catch (NoSuchFieldException e) {
+                //do nothing
+            }
+            if (userId != null) {
+                predicate.getExpressions().add(
+                        builder.equal(root.<Long>get("userId"), userId)
+                );
+            }
+            if (ownerId != null) {
+                predicate.getExpressions().add(
+                        builder.equal(root.<Long>get("ownerId"), ownerId)
+                );
+            }
+            if (operation != null) {
+                predicate.getExpressions().add(
+                        builder.notEqual(root.<Long>get("operation"), operation)
+                );
+            }
+            if (extraCondition != null){
+                for(String key:extraCondition.keySet()) {
+                    predicate.getExpressions().add(
+                            builder.equal(root.get(key), extraCondition.get(key))
+                    );
+                }
+            }
+            if (keyword != null) {
+                predicate.getExpressions().add(
+                        builder.like(root.get("title"), "%" + StringUtils.trim(keyword) + "%")
+                );
+            }
+            return predicate;
+        };
+    }
+
     public boolean isUserJoinCourse(Long courseId, Long participantId) {
         return participantCourseDao.findByIdAndParticipantId(courseId, participantId)!=null;
     }

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/web/data/ThemeDetailVO.java

@@ -28,5 +28,6 @@ public class ThemeDetailVO {
     private int visibility;
     private int released;
     private int isDeleted;
+    private boolean canEdit;
     List<EntityVO> entityVOList;
 }

mooctest-site-server/src/main/java/cn/iselab/mooctest/site/web/logic/impl/ThemeLogicImpl.java

@@ -341,7 +341,7 @@ public class ThemeLogicImpl implements ThemeLogic {
     @Override
     public Page<ThemeDetailVO> getAuthorisedCourses(Pageable pageable, Map<String, String> extraCondition, String keyword) {
         Long userId = (Long) SecurityUtils.getSubject().getSession().getAttribute("userId");
-        Page<OperationCourse> operationCourseList = themeService.getOperationCourseList(pageable, userId, null, "*", extraCondition, keyword);
+        Page<OperationCourse> operationCourseList = themeService.getAuthorizedCourseList(pageable, userId, null, "view", extraCondition, keyword);
         return operationCourseList.map(operationCourse -> {
             ThemeDetail convert = Converter.convert(ThemeDetail.class, operationCourse);
             return themeVOWrapper.wrapperThemeDetail(convert);
@@ -353,7 +353,7 @@ public class ThemeLogicImpl implements ThemeLogic {
     public Long[] getAuthorisedResourceList(String keyword) {
         Long userId = (Long) SecurityUtils.getSubject().getSession().getAttribute("userId");
         // 获取所有已授权的课程
-        List<OperationCourse> operationCourseList = themeService.getOperationCourseList(userId, "*");
+        List<OperationCourse> operationCourseList = themeService.getOperationCourseList(userId, "view");
         // 获取包含关键字的课程章节对应的已授权课程
         List<List<ThemeEntityRelations>> relationsLists = operationCourseList.stream().map(operationCourse -> themeService.getThemeEntityRelations(operationCourse.getId())).collect(Collectors.toList());
         Set<Long> themeIdSet = new HashSet<>();
@@ -385,7 +385,7 @@ public class ThemeLogicImpl implements ThemeLogic {
     @Override
     public Page<ThemeDetailVO> getCustomizeCourses(Pageable pageable, String keyword) {
         Long userId = (Long) SecurityUtils.getSubject().getSession().getAttribute("userId");
-        Page<OperationCourse> operationCourseList = themeService.getOperationCourseList(pageable, userId, userId, "*", null, keyword);
+        Page<OperationCourse> operationCourseList = themeService.getCustomizeCourseList(pageable, userId, userId, "*", null, keyword);
         return operationCourseList.map(operationCourse -> {
             ThemeDetail convert = Converter.convert(ThemeDetail.class, operationCourse);
             return themeVOWrapper.wrapperThemeDetail(convert);
@@ -494,6 +494,7 @@ public class ThemeLogicImpl implements ThemeLogic {
                 throw new HttpForbiddenException(String.format("User Cannot Access This Course, UserId: %s", userId));
             }
         }
+
         //根据id查询，然后过滤存map
         List<ThemeEntityRelations> themeEntityRelations = themeService.getThemeEntityRelations(id);
         Theme theme = new Theme();
@@ -511,6 +512,13 @@ public class ThemeLogicImpl implements ThemeLogic {
             }
         }
         CourseVO courseVO = themeVOWrapper.wrapTheme2CourseVO(theme, themeEntityRelations);
+        User2Theme user2Theme = user2ThemeService.findByUserIdAndThemeId(userId, id);
+        // 判断是否有权限编辑课程
+        if(!user2Theme.getOperation().equals("*")){
+            courseVO.getThemeDetailVO().setCanEdit(false);
+        }else{
+            courseVO.getThemeDetailVO().setCanEdit(true);
+        }
 
         // 获取课程中的实体数量
         List<ThemeEntityRelations> entityRelationsList = themeService.getThemeEntityRelations(id);