Merge pull request #4 from xiweicheng/blog-opened

Blog opened
xiweicheng · Jun 28, 2017 · e713943 · e713943
2 parents d064846 + ae3682d
commit e713943
Show file tree

Hide file tree

Showing 12 changed files with 138 additions and 118 deletions.
diff --git a/src/main/java/com/lhjz/portal/controller/FileController.java b/src/main/java/com/lhjz/portal/controller/FileController.java
@@ -112,6 +112,9 @@ public RespBody update(HttpServletRequest request,
  if (file.getStatus() == Status.Bultin) {
  return RespBody.failed("内置文件，不能修改！");
  }
+ if (!hasAuth(file)) {
+ return RespBody.failed("没有该文件的编辑权限！");
+ }
 
  String oldName = file.getName();
 
@@ -122,6 +125,10 @@ public RespBody update(HttpServletRequest request,
 
  return RespBody.succeed(fileRepository.save(file));
  }
+
+ private boolean hasAuth(com.lhjz.portal.entity.File file) {
+ return isSuperOrCreator(file.getUsername());
+ }
 
  @RequestMapping(value = "delete", method = RequestMethod.POST)
  @ResponseBody
@@ -133,6 +140,9 @@ public RespBody delete(HttpServletRequest request,
  if (file.getStatus() == Status.Bultin) {
  return RespBody.failed("内置文件，不能删除！");
  }
+ if (!hasAuth(file)) {
+ return RespBody.failed("没有该文件的删除权限！");
+ }
 
  fileRepository.delete(id);
 

diff --git a/src/main/java/com/lhjz/portal/controller/UserController.java b/src/main/java/com/lhjz/portal/controller/UserController.java
@@ -294,6 +294,10 @@ public RespBody update(
  logger.error("更新用户不存在! ID: {}", userForm.getUsername());
  return RespBody.failed("更新用户不存在!");
  }
+
+ if (Boolean.TRUE.equals(user.getLocked()) && !isSuper()) {
+ return RespBody.failed("用户信息被锁定,不能修改!");
+ }
 
  if (StringUtil.isNotEmpty(userForm.getPassword())) {
 
@@ -393,6 +397,10 @@ public RespBody update2(HttpServletRequest request,
  logger.error("更新用户不存在! ID: {}", userForm.getUsername());
  return RespBody.failed("更新用户不存在!");
  }
+
+ if (Boolean.TRUE.equals(user.getLocked()) && !isSuper()) {
+ return RespBody.failed("用户信息被锁定,不能修改!");
+ }
 
  if (StringUtil.isNotEmpty(userForm.getPassword())) {
 

diff --git a/src/main/java/com/lhjz/portal/entity/security/User.java b/src/main/java/com/lhjz/portal/entity/security/User.java
@@ -84,6 +84,8 @@ public class User implements java.io.Serializable, Comparable<User> {
 
  @Temporal(TemporalType.TIMESTAMP)
  private Date resetPwdDate;
+
+ private Boolean locked;
 
  @Version
  private long version;

diff --git a/src/main/resources/static/page/index.html b/src/main/resources/static/page/index.html
@@ -15,7 +15,7 @@
 <body aurelia-app="main">
  <!-- <script src="//cdnjs.cloudflare.com/ajax/libs/emojify.js/1.1.0/js/emojify.min.js"></script> -->
  <script src="//cdn.bootcss.com/emojify.js/1.1.0/js/emojify.min.js"></script>
- <script src="scripts/vendor-bundle-c3652bf3fe.6de7b022.1537510.js" data-main="aurelia-bootstrapper"></script>
+ <script src="scripts/vendor-bundle-0429d44398.efed4710.1555882.js" data-main="aurelia-bootstrapper"></script>
 </body>
 
 </html>
diff --git a/src/main/resources/static/page/scripts/app-bundle-5c5b8255c4.js b/src/main/resources/static/page/scripts/app-bundle-5c5b8255c4.js
diff --git a/src/main/resources/static/page/scripts/app-bundle-9f083fc379.js b/src/main/resources/static/page/scripts/app-bundle-9f083fc379.js
diff --git a/src/main/resources/static/page/scripts/deps-bundle-1609bcdf51.js b/src/main/resources/static/page/scripts/deps-bundle-1609bcdf51.js
diff --git a/src/main/resources/static/page/scripts/deps-bundle-da08b91bf0.js b/src/main/resources/static/page/scripts/deps-bundle-da08b91bf0.js
diff --git a/src/main/resources/static/page/scripts/vendor-bundle-0429d44398.efed4710.1555882.js b/src/main/resources/static/page/scripts/vendor-bundle-0429d44398.efed4710.1555882.js
diff --git a/src/main/resources/static/page/scripts/vendor-bundle-0429d44398.js b/src/main/resources/static/page/scripts/vendor-bundle-0429d44398.js
diff --git a/src/main/resources/static/page/scripts/vendor-bundle-c3652bf3fe.6de7b022.1537510.js b/src/main/resources/static/page/scripts/vendor-bundle-c3652bf3fe.6de7b022.1537510.js
diff --git a/src/main/resources/static/page/scripts/vendor-bundle-c3652bf3fe.js b/src/main/resources/static/page/scripts/vendor-bundle-c3652bf3fe.js