测试多个DTO传值

gic-store-service/src/main/java/com/gic/store/service/outer/impl/StoreOpenApiServiceImpl.java

@@ -36,10 +36,7 @@ import org.apache.logging.log4j.Logger;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-import java.util.Map;
+import java.util.*;
 import java.util.stream.Collectors;
 
 @Service("storeOpenApiService")
@@ -70,6 +67,8 @@ public class StoreOpenApiServiceImpl implements StoreOpenApiService {
     private StoreDictApiService storeDictApiService;
     @Autowired
     private AuthorizeService authorizeService;
+    @Autowired
+    private StoreWidgetApiService storeWidgetApiService;
 
     @Override
     public ServiceResponse<String> getApiFieldJson(Integer enterpriseId, Integer regionId) {
@@ -109,6 +108,9 @@ public class StoreOpenApiServiceImpl implements StoreOpenApiService {
         if (regionId == null) {
             return ServiceResponse.failure(ErrorCode.PARAMETER_ERROR.getCode(), "门店域不能为空");
         }
+        if (!hasAuth(appId, enterpriseId, storeCode, regionId)) {
+            return ServiceResponse.failure(ErrorCode.PARAMETER_ERROR.getCode(), "没有门店权限");
+        }
         StoreDTO store = storeService.getStoreByRegionIdAndStoreCode(enterpriseId, regionId, storeCode);
         if (store == null) {
             return ServiceResponse.failure(ErrorCode.PARAMETER_ERROR.getCode(), "门店code或者域数据错误，无此门店");
@@ -375,6 +377,9 @@ public class StoreOpenApiServiceImpl implements StoreOpenApiService {
         if (store == null) {
             return ServiceResponse.failure(ErrorCode.PARAMETER_ERROR.getCode(), "门店code或者域数据错误，无此门店");
         }
+        if (!hasAuth(appId, enterpriseId, storeCode, regionId)) {
+            return ServiceResponse.failure(ErrorCode.PARAMETER_ERROR.getCode(), "没有门店权限");
+        }
         if (StringUtils.isBlank(clerkCode)) {
             return ServiceResponse.failure(ErrorCode.PARAMETER_ERROR.getCode(), "导购code不能为空");
         }
@@ -409,6 +414,9 @@ public class StoreOpenApiServiceImpl implements StoreOpenApiService {
         }
         Integer storeInfoId = store.getStoreInfoId();
 
+        if (!hasAuth(appId, enterpriseId, clerkInfo.getStoreCode(), clerkInfo.getRegionId())) {
+            return ServiceResponse.failure(ErrorCode.PARAMETER_ERROR.getCode(), "没有门店权限");
+        }
         if (StringUtils.isBlank(clerkInfo.getClerkCode())) {
             return ServiceResponse.failure(ErrorCode.PARAMETER_ERROR.getCode(), "导购code不能为空");
         }
@@ -456,6 +464,9 @@ public class StoreOpenApiServiceImpl implements StoreOpenApiService {
         }
         Integer storeInfoId = store.getStoreInfoId();
 
+        if (!hasAuth(appId, enterpriseId, clerkInfo.getStoreCode(), clerkInfo.getRegionId())) {
+            return ServiceResponse.failure(ErrorCode.PARAMETER_ERROR.getCode(), "没有门店权限");
+        }
         if (StringUtils.isBlank(clerkInfo.getClerkCode())) {
             return ServiceResponse.failure(ErrorCode.PARAMETER_ERROR.getCode(), "导购code不能为空");
         }
@@ -506,6 +517,9 @@ public class StoreOpenApiServiceImpl implements StoreOpenApiService {
         if (regionId == null) {
             return ServiceResponse.failure(ErrorCode.PARAMETER_ERROR.getCode(), "门店域不能为空");
         }
+        if (!hasAuth(appId, enterpriseId, storeCode, regionId)) {
+            return ServiceResponse.failure(ErrorCode.PARAMETER_ERROR.getCode(), "没有门店权限");
+        }
         StringBuilder storeIds = new StringBuilder();
         if (StringUtils.isBlank(storeCode)) {
             //查询域下所有的门店:q
@@ -542,4 +556,53 @@ public class StoreOpenApiServiceImpl implements StoreOpenApiService {
         }
         return ServiceResponse.failure(clerkResult.getCode(), clerkResult.getMessage());
     }
+
+    /**
+     * 验证权限门店相关权限
+     * @param appId
+     * @param enterpriseId
+     * @param storeCode 门店code
+     * @param regionId 门店域ID
+     * @return
+     */
+    private boolean hasAuth(String appId, Integer enterpriseId, String storeCode, Integer regionId) {
+        Map<String, Object> storeMap = new HashMap<>(16);
+        Map<String, Object> regionMap = new HashMap<>(16);
+        ServiceResponse<ApplicationResourceDTO> res = authorizeService
+                .findResourceByEnterpriseIdAndAppId(Long.valueOf(enterpriseId), appId);
+        if (res.isSuccess()) {
+            ApplicationResourceDTO resourceDTO = res.getResult();
+            if (resourceDTO != null) {
+                Long storeResourceId = resourceDTO.getStoreResource();
+                //查询门店资源组所有的门店权限
+                ServiceResponse<Page<StoreDTO>> storeResult = storeWidgetApiService
+                        .listStoreByStoreWidgetId(enterpriseId, storeResourceId.intValue(), 0, Integer.MAX_VALUE);
+                if (storeResult.isSuccess()) {
+                    Page<StoreDTO> page = storeResult.getResult();
+                    List<StoreDTO> list = page.getResult();
+                    if (CollectionUtils.isNotEmpty(list)) {
+                        for (StoreDTO storeDTO : list) {
+                            storeMap.put(storeDTO.getStoreCode(), 1);
+                            regionMap.put(storeDTO.getRegionId().toString(), 1);
+                        }
+                    }
+                } else {
+                    LOGGER.info("对外API权限校验结果-门店资源获取:{}", JSON.toJSONString(storeResult));
+                }
+            }
+        } else {
+            LOGGER.info("对外API权限校验结果:{}", JSON.toJSONString(res));
+        }
+        if (StringUtils.isNotBlank(storeCode)) {
+            if (storeMap.containsKey(storeCode)) {
+                return true;
+            }
+        }
+        if (regionId != null) {
+            if (regionMap.containsKey(storeCode)) {
+                return true;
+            }
+        }
+        return false;
+    }
 }