<dev>

1.修改设置权限时,对时间进行权限设置

<dev>
1.修改设置权限时,对时间进行权限设置
6dd1f28c · 李欣峰 · 33b95c00 · 6dd1f28c · 6dd1f28c · 6dd1f28c
Commit 6dd1f28c authored Oct 12, 2021 by 李欣峰
6 changed files
--- a/api-service-project/api-service-application/src/main/java/com/zorkdata/apiservice/application/application/ApiApplication.java
+++ b/api-service-project/api-service-application/src/main/java/com/zorkdata/apiservice/application/application/ApiApplication.java
@@ -196,7 +196,7 @@ public interface ApiApplication {
     * @param username
     * @return
     */
-    InvokeResult executeApi(String apiName, Map<String, String> inParam, String username);
+    InvokeResult executeApi(String apiName, Map<String, String> inParam, String username, Integer userid);
    /**
     * 获取所有系统用户列表

--- a/api-service-project/api-service-application/src/main/java/com/zorkdata/apiservice/application/impl/ApiServiceApplicationImpl.java
+++ b/api-service-project/api-service-application/src/main/java/com/zorkdata/apiservice/application/impl/ApiServiceApplicationImpl.java
@@ -96,7 +96,7 @@ public class ApiServiceApplicationImpl implements ApiApplication {
    public static final String QUERY_VARIABLE = "queryVariable";
    private static final String NULL = "null";
    private static final Integer TWO = 2;
-    private static final String SLASH  = "/";
+    private static final String SLASH = "/";
    private static final String ANDTWO = "&";
@@ -232,7 +232,7 @@ public class ApiServiceApplicationImpl implements ApiApplication {
    public Api addApi(ApiDTO apiDTO, String username, Integer userid) {
        String name = apiDTO.getName();
        String querySql = apiDTO.getQuerySql();
-        if(org.springframework.util.StringUtils.hasLength(querySql)){
+        if (org.springframework.util.StringUtils.hasLength(querySql)) {
            apiDTO.setQuerySql(formatQuerySql(querySql));
        }
        Integer count = 0;
@@ -241,14 +241,14 @@ public class ApiServiceApplicationImpl implements ApiApplication {
            //count=0代表名称不存在,可进行新增
            if (count.equals(0)) {
                apiDTO.setSourceWay("create");
-                apiDTO.setPath("http://" +gateWayAddress + "/v1/dataService/api/executeApi/" + apiDTO.getName());
+                apiDTO.setPath("http://" + gateWayAddress + "/v1/dataService/api/executeApi/" + apiDTO.getName());
                apiRepository.save(ApiAssembler.toApi(apiDTO, username, userid));
            } else {
                if (apiDTO.getId().equals(0)) {
                    throw new RuntimeException("保存Api接口失败!,名称已存在");
                } else {
                    apiDTO.setSourceWay("create");
-                    apiDTO.setPath("http://" +gateWayAddress + "/v1/dataService/api/executeApi/" + apiDTO.getName());
+                    apiDTO.setPath("http://" + gateWayAddress + "/v1/dataService/api/executeApi/" + apiDTO.getName());
                    apiRepository.save(ApiAssembler.toApi(apiDTO, username, userid));
                }
            }
@@ -458,7 +458,7 @@ public class ApiServiceApplicationImpl implements ApiApplication {
                    ApiViewDTO apiViewDTO = new ApiViewDTO();
                    apiViewDTO.setId(item.getId());
                    apiViewDTO.setName(item.getName());
-                    apiViewDTO.setPath("http://" +gateWayAddress + "/v1/dataService/api/executeApi/" + item.getName());
+                    apiViewDTO.setPath("http://" + gateWayAddress + "/v1/dataService/api/executeApi/" + item.getName());
                    apiViewDTO.setDescription(item.getDescription());
                    apiViewDTO.setApiAuthDTOList(ApiAuthAssembler.toApiAuthDTOList(item.getApiAuthList()));
                    String datasourceStr = item.getDatasource();
@@ -753,7 +753,7 @@ public class ApiServiceApplicationImpl implements ApiApplication {
    public InvokeResult getApiLimit() {
        InvokeResult invokeResult;
        try {
-            List<Map<String,Integer>> limitAndName = apiRepository.findLimitAndName();
+            List<Map<String, Integer>> limitAndName = apiRepository.findLimitAndName();
            invokeResult = InvokeResult.success();
            invokeResult.setData(limitAndName);
        } catch (Exception e) {
@@ -765,11 +765,35 @@ public class ApiServiceApplicationImpl implements ApiApplication {
    }
    @Override
-    public InvokeResult executeApi(String apiName, Map<String, String> inParam, String username) {
+    public InvokeResult executeApi(String apiName, Map<String, String> inParam, String username, Integer userid) {
        //开始时间
        Long startTime = System.currentTimeMillis();
        InvokeResult invokeResult = null;
        Api api = apiRepository.findByName(apiName);
+        //获取api的id,根据apiId去查询该id的Api给哪些用户授权了,对其进行限制
+        Integer apiId = api.getId();
+        String createdBy = api.getCreatedBy();
+        //1.判断是不是创建者,如果是创建者,直接跳过,可以直接调用,不受权限控制
+        if (!username.equals(createdBy)) {
+            Map<Date, Date> startTimeAndendTime = apiAuthRepository.findApiAuthByApiId(apiId, userid);
+            Date start = startTimeAndendTime.get("start_time");
+            Date end = startTimeAndendTime.get("end_time");
+            //2.判断有无设置权限,size=0说明根本没有设置权限,可以调用
+            if (startTimeAndendTime.size() > 0) {
+                //3.判断开始结束时间是否为null,如果为null,说明选择了对时间不进行限制操作
+                if (null != start && null != end) {
+                    Date nowDate = new Date();
+                    int i1 = nowDate.compareTo(start);
+                    int i2 = end.compareTo(nowDate);
+                    //4.比较时间,符合 start > nowdate > end,不符合的话直接返回,权限不足
+                    if (i1 != 1 || i2 != 1) {
+                        invokeResult = InvokeResult.fail();
+                        invokeResult.setMessage("权限不足!");
+                        return invokeResult;
+                    }
+                }
+            }
+        }
        //0未发布 , 1发布
        Integer status = apiRepository.findStatusByName(apiName);
        if (1 != status) {
@@ -1447,7 +1471,7 @@ public class ApiServiceApplicationImpl implements ApiApplication {
        return bodyParams;
    }
-    private String formatQuerySql(String querySql){
+    private String formatQuerySql(String querySql) {
        return querySql.replace("$ { ", "${").replace(" }", "}");
    }
 }
--- a/api-service-project/api-service-domain/src/main/java/com/zorkdata/apiservice/domain/repository/ApiAuthRepository.java
+++ b/api-service-project/api-service-domain/src/main/java/com/zorkdata/apiservice/domain/repository/ApiAuthRepository.java
 package com.zorkdata.apiservice.domain.repository;
 import com.zorkdata.apiservice.domain.domain.ApiAuth;
+import com.zorkdata.apiservice.domain.dto.ApiAuthDTO;
+import io.swagger.models.auth.In;
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.data.jpa.repository.JpaSpecificationExecutor;
 import org.springframework.data.jpa.repository.Query;
+import java.util.Date;
 import java.util.List;
+import java.util.Map;
 /**
 * @title: ApiServiceAuthRepository
@@ -15,6 +19,7 @@ import java.util.List;
 public interface ApiAuthRepository extends JpaRepository<ApiAuth, Integer>, JpaSpecificationExecutor<ApiAuth> {
    /**
     * 非空判断,查询该id是否存在
+     *
     * @param userId
     * @param apiId
     * @return
@@ -50,4 +55,12 @@ public interface ApiAuthRepository extends JpaRepository<ApiAuth, Integer>, JpaS
    @Query(value = "select user_id from api_auth where api_id= ?1", nativeQuery = true)
    List<Integer> findByApiId(Integer apiId);
+    /**
+     * 根据apiId,查询对应的apiAuth信息
+     *
+     * @param apiId
+     * @return
+     */
+    @Query(value = "select start_time , end_time from api_auth where api_id= ?1 and user_id = ?2", nativeQuery = true)
+    Map<Date, Date> findApiAuthByApiId(Integer apiId , Integer userid);
 }
--- a/api-service-project/api-service-facade/src/main/java/com/zorkdata/apiservice/facade/facade/ApiFacade.java
+++ b/api-service-project/api-service-facade/src/main/java/com/zorkdata/apiservice/facade/facade/ApiFacade.java
@@ -195,7 +195,7 @@ public interface ApiFacade {
     * @param username
     * @return
     */
-    InvokeResult<Void> executeApi(String apiName, Map<String, String> inParam, String username);
+    InvokeResult<Void> executeApi(String apiName, Map<String, String> inParam, String username, Integer userid);
    /**
     * 获取Mysql数据类型

--- a/api-service-project/api-service-facade/src/main/java/com/zorkdata/apiservice/facade/impl/ApiServicueFacadeImpl.java
+++ b/api-service-project/api-service-facade/src/main/java/com/zorkdata/apiservice/facade/impl/ApiServicueFacadeImpl.java
@@ -225,10 +225,10 @@ public class ApiServicueFacadeImpl implements ApiFacade {
    }
    @Override
-    public InvokeResult executeApi(String apiName, Map<String, String> inParam, String username) {
+    public InvokeResult executeApi(String apiName, Map<String, String> inParam, String username, Integer userid) {
        InvokeResult invokeResult;
        try {
-            InvokeResult apiResult = apiApplication.executeApi(apiName, inParam, username);
+            InvokeResult apiResult = apiApplication.executeApi(apiName, inParam, username, userid);
            return apiResult;
        } catch (Exception e) {
            log.error("执行Api失败", e);

--- a/api-service-project/api-service-web/src/main/java/com/zorkdata/apiservice/controller/ApiServicueController.java
+++ b/api-service-project/api-service-web/src/main/java/com/zorkdata/apiservice/controller/ApiServicueController.java
@@ -281,29 +281,10 @@ public class ApiServicueController extends BaseController {
                                   @RequestBody(required = false) Map<String, String> inParam) {
        BkUser user = super.getUser();
        String username = user.getUsername();
-        return apiFacade.executeApi(apiName, inParam, username);
+        Integer userid = super.getUserId();
+        return apiFacade.executeApi(apiName, inParam, username, userid);
    }
    @Inner(value = false)
    @PutMapping("/csPut/{id}")