修改管理员页面权限校验

src/main/java/com/ai/da/service/impl/ConvenientInquiryServiceImpl.java

@@ -77,9 +77,17 @@ public class ConvenientInquiryServiceImpl extends ServiceImpl<QuestionnaireMappe
     private String userBucket;
 
     private static final List<Long> ADMIN_IDS = Arrays.asList(4L, 6L, 31L, 73L, 83L, 87L);
-    private static final List<Long> ADMIN_IDS_READ_ONLY = Arrays.asList(12592L, 12201L);
+    private static final List<Long> ADMIN_IDS_READ_ONLY = Arrays.asList(12592L, 23534L, 23705L);
 
     public IPage<TrialOrder> getTrial(QueryUserConditionsVO queryUserConditionsVO) {
+        Long accountId = UserContext.getUserHolder().getId();
+        Account account = accountService.getById(accountId);
+        // 允许查看数据的用户id
+        if (!ADMIN_IDS.contains(account.getId())
+                && !ADMIN_IDS_READ_ONLY.contains(account.getId())
+        ) {
+            throw new BusinessException("have.no.permission", ResultEnum.PROMPT.getCode());
+        }
         log.info("getTrial parameter : {},page:{}, size:{}", queryUserConditionsVO, queryUserConditionsVO.getPage(), queryUserConditionsVO.getSize());
         /* 添加按条件查询试用用户 */
         // 按用户邮箱/用户名/用户id查指定用户
@@ -170,6 +178,14 @@ public class ConvenientInquiryServiceImpl extends ServiceImpl<QuestionnaireMappe
 
 
     public QuestionnaireFeedbackVO getQuestionnaireInfo() {
+        Long accountId = UserContext.getUserHolder().getId();
+        Account account = accountService.getById(accountId);
+        // 允许查看数据的用户id
+        if (!ADMIN_IDS.contains(account.getId())
+                && !ADMIN_IDS_READ_ONLY.contains(account.getId())
+        ) {
+            throw new BusinessException("have.no.permission", ResultEnum.PROMPT.getCode());
+        }
         String title = "AiDA_3.0 Feedback Survey--06/2024";
         List<Questionnaire> questionnaires = queryByTitle(title);
         List<Integer> ageValue = new ArrayList<>(Collections.nCopies(4, 0));
@@ -269,6 +285,14 @@ public class ConvenientInquiryServiceImpl extends ServiceImpl<QuestionnaireMappe
     }
 
     public List<QuestionnaireVO> getAllQuestionnaire() {
+        Long accountId = UserContext.getUserHolder().getId();
+        Account account = accountService.getById(accountId);
+        // 允许查看数据的用户id
+        if (!ADMIN_IDS.contains(account.getId())
+                && !ADMIN_IDS_READ_ONLY.contains(account.getId())
+        ) {
+            throw new BusinessException("have.no.permission", ResultEnum.PROMPT.getCode());
+        }
         String title = "AiDA_3.0 Feedback Survey--06/2024";
         List<Questionnaire> questionnaires = queryByTitle(title);
         ArrayList<QuestionnaireVO> questionnaireVOS = new ArrayList<>();
@@ -286,6 +310,14 @@ public class ConvenientInquiryServiceImpl extends ServiceImpl<QuestionnaireMappe
      * 近期新增用户
      */
     public IPage<Account> recentNewUser(QueryUserConditionsVO queryUserConditionsVO) {
+        Long accountId = UserContext.getUserHolder().getId();
+        Account account = accountService.getById(accountId);
+        // 允许查看数据的用户id
+        if (!ADMIN_IDS.contains(account.getId())
+                && !ADMIN_IDS_READ_ONLY.contains(account.getId())
+        ) {
+            throw new BusinessException("have.no.permission", ResultEnum.PROMPT.getCode());
+        }
         log.info("recentActiveUser parameter : {}, page:{}, size:{}", queryUserConditionsVO, queryUserConditionsVO.getPage(), queryUserConditionsVO.getSize());
         if (StringUtil.isNullOrEmpty(queryUserConditionsVO.getStartTime()) && StringUtil.isNullOrEmpty(queryUserConditionsVO.getEndTime())) {
             return null;
@@ -308,6 +340,14 @@ public class ConvenientInquiryServiceImpl extends ServiceImpl<QuestionnaireMappe
 
     // 图表数据
     public Map<String, Object> recentNewUserChart(String startTime, String endTime, Integer userType) {
+        Long accountId = UserContext.getUserHolder().getId();
+        Account account = accountService.getById(accountId);
+        // 允许查看数据的用户id
+        if (!ADMIN_IDS.contains(account.getId())
+                && !ADMIN_IDS_READ_ONLY.contains(account.getId())
+        ) {
+            throw new BusinessException("have.no.permission", ResultEnum.PROMPT.getCode());
+        }
         log.info("recentNewUserChart startTime : {},endTime : {},userType:{}", startTime, endTime, userType);
         if (StringUtil.isNullOrEmpty(startTime) && StringUtil.isNullOrEmpty(endTime)) {
             return null;
@@ -336,6 +376,14 @@ public class ConvenientInquiryServiceImpl extends ServiceImpl<QuestionnaireMappe
 
     // 近期活跃用户
     public IPage<Account> recentActiveUser(QueryUserConditionsVO queryUserConditionsVO) {
+        Long accountId = UserContext.getUserHolder().getId();
+        Account account = accountService.getById(accountId);
+        // 允许查看数据的用户id
+        if (!ADMIN_IDS.contains(account.getId())
+                && !ADMIN_IDS_READ_ONLY.contains(account.getId())
+        ) {
+            throw new BusinessException("have.no.permission", ResultEnum.PROMPT.getCode());
+        }
         log.info("recentActiveUser parameter : {}, page:{}, size:{}", queryUserConditionsVO, queryUserConditionsVO.getPage(), queryUserConditionsVO.getSize());
         if (!StringUtil.isNullOrEmpty(queryUserConditionsVO.getStartTime()) && StringUtil.isNullOrEmpty(queryUserConditionsVO.getEndTime())) {
             DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss");
@@ -347,6 +395,14 @@ public class ConvenientInquiryServiceImpl extends ServiceImpl<QuestionnaireMappe
 
     // 图表数据
     public int recentActiveUserChart(String startTime, String endTime) {
+        Long accountId = UserContext.getUserHolder().getId();
+        Account account = accountService.getById(accountId);
+        // 允许查看数据的用户id
+        if (!ADMIN_IDS.contains(account.getId())
+                && !ADMIN_IDS_READ_ONLY.contains(account.getId())
+        ) {
+            throw new BusinessException("have.no.permission", ResultEnum.PROMPT.getCode());
+        }
         if (!StringUtil.isNullOrEmpty(startTime) && StringUtil.isNullOrEmpty(endTime)) {
             DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss");
             endTime = LocalDateTime.now().format(formatter);
@@ -356,6 +412,14 @@ public class ConvenientInquiryServiceImpl extends ServiceImpl<QuestionnaireMappe
     }
 
     public Map<String, List<Object>> getActiveUserFunc(String startTime, String endTime, List<Long> ids) {
+        Long accountId = UserContext.getUserHolder().getId();
+        Account account = accountService.getById(accountId);
+        // 允许查看数据的用户id
+        if (!ADMIN_IDS.contains(account.getId())
+                && !ADMIN_IDS_READ_ONLY.contains(account.getId())
+        ) {
+            throw new BusinessException("have.no.permission", ResultEnum.PROMPT.getCode());
+        }
 
         log.info("getActiveUserFunc ==> startTime:{}, endTime:{}, accountList:{}", startTime, endTime, ids);
         // 必须指定时间区间
@@ -411,7 +475,14 @@ public class ConvenientInquiryServiceImpl extends ServiceImpl<QuestionnaireMappe
 
     // 试用用户到正式用户的转化率
     public Map<String, Object> conversionRate(String startTime, String endTime) {
-
+        Long accountId = UserContext.getUserHolder().getId();
+        Account account = accountService.getById(accountId);
+        // 允许查看数据的用户id
+        if (!ADMIN_IDS.contains(account.getId())
+                && !ADMIN_IDS_READ_ONLY.contains(account.getId())
+        ) {
+            throw new BusinessException("have.no.permission", ResultEnum.PROMPT.getCode());
+        }
         QueryWrapper<TrialOrder> queryWrapper = new QueryWrapper<>();
         if (!StringUtils.isNullOrEmpty(startTime)){
             queryWrapper.gt("create_time", startTime);
@@ -452,6 +523,14 @@ public class ConvenientInquiryServiceImpl extends ServiceImpl<QuestionnaireMappe
 
     // 试用用户地区统计
     public Map<String, List<Object>> trialUserCountry(String startTime, String endTime) {
+        Long accountId = UserContext.getUserHolder().getId();
+        Account account = accountService.getById(accountId);
+        // 允许查看数据的用户id
+        if (!ADMIN_IDS.contains(account.getId())
+                && !ADMIN_IDS_READ_ONLY.contains(account.getId())
+        ) {
+            throw new BusinessException("have.no.permission", ResultEnum.PROMPT.getCode());
+        }
         QueryWrapper<TrialOrder> queryWrapper = new QueryWrapper<>();
         if (!StringUtils.isNullOrEmpty(startTime)){
             queryWrapper.gt("create_time", startTime);
@@ -609,6 +688,14 @@ public class ConvenientInquiryServiceImpl extends ServiceImpl<QuestionnaireMappe
 
     // 按条件查询用户信息
     public IPage<Account> getUserInfo(QueryUserConditionsVO queryUserConditionsVO) {
+        Long accountId = UserContext.getUserHolder().getId();
+        Account account = accountService.getById(accountId);
+        // 允许查看数据的用户id
+        if (!ADMIN_IDS.contains(account.getId())
+                && !ADMIN_IDS_READ_ONLY.contains(account.getId())
+        ) {
+            throw new BusinessException("have.no.permission", ResultEnum.PROMPT.getCode());
+        }
         log.info("getUserInfo parameter : {},page:{}, size:{}", queryUserConditionsVO, queryUserConditionsVO.getPage(), queryUserConditionsVO.getSize());
         // 按用户邮箱/用户名/用户id查指定用户
         QueryWrapper<Account> queryWrapper = new QueryWrapper<>();
@@ -663,15 +750,23 @@ public class ConvenientInquiryServiceImpl extends ServiceImpl<QuestionnaireMappe
     public List<Map<String, Object>> getAllUserIdList() {
         Long accountId = UserContext.getUserHolder().getId();
         Account account = accountMapper.selectById(accountId);
-
+        // 允许查看数据的用户id
-        QueryWrapper<Account> queryWrapper = new QueryWrapper<>();
+        if (Objects.nonNull(account.getSystemUser())
-        queryWrapper.select("id as value, user_name as label");
+                && (account.getSystemUser().equals(5)
-        if ((account.getSystemUser().equals(7) || account.getSystemUser().equals(5))
+                || account.getSystemUser().equals(7)
-                && !StringUtil.isNullOrEmpty(account.getOrganizationName())) {
+                || ADMIN_IDS.contains(account.getId())
-            queryWrapper.lambda().eq(Account::getOrganizationName, account.getOrganizationName());
+                || ADMIN_IDS_READ_ONLY.contains(account.getId())
+        )){
+            QueryWrapper<Account> queryWrapper = new QueryWrapper<>();
+            queryWrapper.select("id as value, user_name as label");
+            if ((account.getSystemUser().equals(7) || account.getSystemUser().equals(5))
+                    && !StringUtil.isNullOrEmpty(account.getOrganizationName())) {
+                queryWrapper.lambda().eq(Account::getOrganizationName, account.getOrganizationName());
+            }
+            return accountMapper.selectMaps(queryWrapper);
+        } else  {
+            throw new BusinessException("have.no.permission", ResultEnum.PROMPT.getCode());
         }
-
-        return accountMapper.selectMaps(queryWrapper);
 //        return maps.stream().map(map -> (Long)map.get("id")).collect(Collectors.toList());
     }
 
@@ -680,6 +775,14 @@ public class ConvenientInquiryServiceImpl extends ServiceImpl<QuestionnaireMappe
      * 允许按日期，支付方式，支付金额，商品种类，交易状态，付款人的国家或城市查询，需要分页查询
      */
     public PageBaseResponse<PaymentInfoVO> queryTransactionRecords(QueryPaymentInfoDTO queryPaymentInfoDTO) {
+        Long accountId = UserContext.getUserHolder().getId();
+        Account account = accountService.getById(accountId);
+        // 允许查看数据的用户id
+        if (!ADMIN_IDS.contains(account.getId())
+                && !ADMIN_IDS_READ_ONLY.contains(account.getId())
+        ) {
+            throw new BusinessException("have.no.permission", ResultEnum.PROMPT.getCode());
+        }
         Integer size = queryPaymentInfoDTO.getSize();
         int offset = (queryPaymentInfoDTO.getPage() - 1) * size;
         String order = "DESC";
@@ -715,6 +818,14 @@ public class ConvenientInquiryServiceImpl extends ServiceImpl<QuestionnaireMappe
     }
 
     public Map<String, List<String>> getCities(){
+        Long accountId = UserContext.getUserHolder().getId();
+        Account account = accountService.getById(accountId);
+        // 允许查看数据的用户id
+        if (!ADMIN_IDS.contains(account.getId())
+                && !ADMIN_IDS_READ_ONLY.contains(account.getId())
+        ) {
+            throw new BusinessException("have.no.permission", ResultEnum.PROMPT.getCode());
+        }
         List<Map<String, String>> cities = paymentInfoMapper.getCities();
         List<Map<String, String>> countries = paymentInfoMapper.getCountries();
         List<String> cityCollect = cities.stream()
@@ -733,6 +844,14 @@ public class ConvenientInquiryServiceImpl extends ServiceImpl<QuestionnaireMappe
     public String exportTransactionRecords(QueryPaymentInfoDTO queryPaymentInfoDTO, HttpServletResponse response){
 //        QueryPaymentInfoDTO queryPaymentInfoDTO = JSONObject.parseObject(params, QueryPaymentInfoDTO.class);
 
+        Long accountId = UserContext.getUserHolder().getId();
+        Account account = accountService.getById(accountId);
+        // 允许查看数据的用户id
+        if (!ADMIN_IDS.contains(account.getId())
+                && !ADMIN_IDS_READ_ONLY.contains(account.getId())
+        ) {
+            throw new BusinessException("have.no.permission", ResultEnum.PROMPT.getCode());
+        }
         // 查询数据总量
         Long total = paymentInfoMapper.queryPaymentInfoCount(queryPaymentInfoDTO.getPlatform(), queryPaymentInfoDTO.getPayerTotal(),
                 queryPaymentInfoDTO.getType(), queryPaymentInfoDTO.getStatus(),
@@ -957,6 +1076,12 @@ public class ConvenientInquiryServiceImpl extends ServiceImpl<QuestionnaireMappe
     @Resource
     private OrganizationMapper organizationMapper;
     public void addOrganization(String name, String type){
+        Long accountId = UserContext.getUserHolder().getId();
+        Account account = accountService.getById(accountId);
+        // 允许查看数据的用户id
+        if (!ADMIN_IDS.contains(account.getId())) {
+            throw new BusinessException("have.no.permission", ResultEnum.PROMPT.getCode());
+        }
         Organization organization = new Organization();
         organization.setName(name);
         organization.setType(type);