Example 26 with UserRolesVo
use of top.hcode.hoj.pojo.vo.UserRolesVo in project HOJ by HimitZH.
the class TrainingController method getTrainingAccess.
/**
* @param tid
* @param request
* @MethodName getTrainingAccess
* @Description 私有权限的训练需要获取当前用户是否有进入训练的权限
* @Return
* @Since 2021/11/20
*/
@RequiresAuthentication
@GetMapping("/get-training-access")
public CommonResult getTrainingAccess(@RequestParam(value = "tid") Long tid, HttpServletRequest request) {
// 获取当前登录的用户
HttpSession session = request.getSession();
UserRolesVo userRolesVo = (UserRolesVo) session.getAttribute("userInfo");
QueryWrapper<TrainingRegister> queryWrapper = new QueryWrapper<>();
queryWrapper.eq("tid", tid).eq("uid", userRolesVo.getUid());
TrainingRegister trainingRegister = trainingRegisterService.getOne(queryWrapper, false);
boolean access = false;
if (trainingRegister != null) {
access = true;
Training training = trainingService.getById(tid);
if (training == null || !training.getStatus()) {
return CommonResult.errorResponse("对不起,该训练不存在!");
}
}
HashMap<String, Object> result = new HashMap<>();
result.put("access", access);
return CommonResult.successResponse(result);
}
Also used :
Training(top.hcode.hoj.pojo.entity.training.Training)
TrainingRegister(top.hcode.hoj.pojo.entity.training.TrainingRegister)
QueryWrapper(com.baomidou.mybatisplus.core.conditions.query.QueryWrapper)
HashMap(java.util.HashMap)
HttpSession(javax.servlet.http.HttpSession)
UserRolesVo(top.hcode.hoj.pojo.vo.UserRolesVo)
RequiresAuthentication(org.apache.shiro.authz.annotation.RequiresAuthentication)
Example 27 with UserRolesVo
use of top.hcode.hoj.pojo.vo.UserRolesVo in project HOJ by HimitZH.
the class TrainingServiceImpl method getAdminTrainingDto.
@Override
public CommonResult getAdminTrainingDto(Long tid, HttpServletRequest request) {
// 获取本场训练的信息
Training training = trainingMapper.selectById(tid);
if (training == null) {
// 查询不存在
return CommonResult.errorResponse("查询失败:该训练不存在,请检查参数tid是否准确!");
}
// 获取当前登录的用户
HttpSession session = request.getSession();
UserRolesVo userRolesVo = (UserRolesVo) session.getAttribute("userInfo");
// 是否为超级管理员
boolean isRoot = SecurityUtils.getSubject().hasRole("root");
// 只有超级管理员和训练拥有者才能操作
if (!isRoot && !userRolesVo.getUsername().equals(training.getAuthor())) {
return CommonResult.errorResponse("对不起,你无权限操作!", CommonResult.STATUS_FORBIDDEN);
}
TrainingDto trainingDto = new TrainingDto();
trainingDto.setTraining(training);
QueryWrapper<MappingTrainingCategory> queryWrapper = new QueryWrapper<>();
queryWrapper.eq("tid", tid);
MappingTrainingCategory mappingTrainingCategory = mappingTrainingCategoryMapper.selectOne(queryWrapper);
TrainingCategory trainingCategory = null;
if (mappingTrainingCategory != null) {
trainingCategory = trainingCategoryService.getById(mappingTrainingCategory.getCid());
}
trainingDto.setTrainingCategory(trainingCategory);
return CommonResult.successResponse(trainingDto, "查询成功!");
}
Also used :
Training(top.hcode.hoj.pojo.entity.training.Training)
TrainingDto(top.hcode.hoj.pojo.dto.TrainingDto)
QueryWrapper(com.baomidou.mybatisplus.core.conditions.query.QueryWrapper)
HttpSession(javax.servlet.http.HttpSession)
UserRolesVo(top.hcode.hoj.pojo.vo.UserRolesVo)
TrainingCategory(top.hcode.hoj.pojo.entity.training.TrainingCategory)
MappingTrainingCategory(top.hcode.hoj.pojo.entity.training.MappingTrainingCategory)
MappingTrainingCategory(top.hcode.hoj.pojo.entity.training.MappingTrainingCategory)
Example 28 with UserRolesVo
use of top.hcode.hoj.pojo.vo.UserRolesVo in project HOJ by HimitZH.
the class AdminAccountController method login.
@PostMapping("/login")
public CommonResult login(@Validated @RequestBody LoginDto loginDto, HttpServletResponse response, HttpServletRequest request) {
UserRolesVo userRoles = userRoleDao.getUserRoles(null, loginDto.getUsername());
Assert.notNull(userRoles, "用户名不存在");
if (!userRoles.getPassword().equals(SecureUtil.md5(loginDto.getPassword()))) {
return CommonResult.errorResponse("密码不正确");
}
if (userRoles.getStatus() != 0) {
return CommonResult.errorResponse("该账户已被封禁,请联系管理员进行处理!");
}
// 查询用户角色
List<String> rolesList = new LinkedList<>();
userRoles.getRoles().stream().forEach(role -> rolesList.add(role.getRole()));
if (rolesList.contains("admin") || rolesList.contains("root") || rolesList.contains("problem_admin")) {
// 超级管理员或管理员、题目管理员
String jwt = jwtUtils.generateToken(userRoles.getUid());
// 放到信息头部
response.setHeader("Authorization", jwt);
response.setHeader("Access-Control-Expose-Headers", "Authorization");
// 会话记录
sessionService.save(new Session().setUid(userRoles.getUid()).setIp(IpUtils.getUserIpAddr(request)).setUserAgent(request.getHeader("User-Agent")));
// 异步检查是否异地登录
sessionService.checkRemoteLogin(userRoles.getUid());
return CommonResult.successResponse(MapUtil.builder().put("uid", userRoles.getUid()).put("username", userRoles.getUsername()).put("nickname", userRoles.getNickname()).put("avatar", userRoles.getAvatar()).put("email", userRoles.getEmail()).put("number", userRoles.getNumber()).put("school", userRoles.getSchool()).put("course", userRoles.getCourse()).put("signature", userRoles.getSignature()).put("realname", userRoles.getRealname()).put("roleList", rolesList).map(), "登录成功!");
} else {
return CommonResult.errorResponse("该账号并非管理员账号,无权登录!", CommonResult.STATUS_ACCESS_DENIED);
}
}
Also used :
UserRolesVo(top.hcode.hoj.pojo.vo.UserRolesVo)
LinkedList(java.util.LinkedList)
Session(top.hcode.hoj.pojo.entity.user.Session)
Example 29 with UserRolesVo
use of top.hcode.hoj.pojo.vo.UserRolesVo in project HOJ by HimitZH.
the class AdminContestController method importContestRemoteOJProblem.
@GetMapping("/import-remote-oj-problem")
@RequiresAuthentication
@RequiresRoles(value = { "root", "admin", "problem_admin" }, logical = Logical.OR)
@Transactional(rollbackFor = Exception.class)
public CommonResult importContestRemoteOJProblem(@RequestParam("name") String name, @RequestParam("problemId") String problemId, @RequestParam("cid") Long cid, @RequestParam("displayId") String displayId, HttpServletRequest request) {
QueryWrapper<Problem> queryWrapper = new QueryWrapper<>();
queryWrapper.eq("problem_id", name.toUpperCase() + "-" + problemId);
Problem problem = problemService.getOne(queryWrapper, false);
// 如果该题目不存在,需要先导入
if (problem == null) {
HttpSession session = request.getSession();
UserRolesVo userRolesVo = (UserRolesVo) session.getAttribute("userInfo");
try {
ProblemStrategy.RemoteProblemInfo otherOJProblemInfo = problemService.getOtherOJProblemInfo(name.toUpperCase(), problemId, userRolesVo.getUsername());
if (otherOJProblemInfo != null) {
problem = problemService.adminAddOtherOJProblem(otherOJProblemInfo, name);
if (problem == null) {
return CommonResult.errorResponse("导入新题目失败!请重新尝试!");
}
} else {
return CommonResult.errorResponse("导入新题目失败!原因:可能是与该OJ链接超时或题号格式错误!");
}
} catch (Exception e) {
return CommonResult.errorResponse(e.getMessage());
}
}
QueryWrapper<ContestProblem> contestProblemQueryWrapper = new QueryWrapper<>();
Problem finalProblem = problem;
contestProblemQueryWrapper.eq("cid", cid).and(wrapper -> wrapper.eq("pid", finalProblem.getId()).or().eq("display_id", displayId));
ContestProblem contestProblem = contestProblemService.getOne(contestProblemQueryWrapper, false);
if (contestProblem != null) {
return CommonResult.errorResponse("添加失败,该题目已添加或者题目的比赛展示ID已存在!", CommonResult.STATUS_FAIL);
}
// 比赛中题目显示默认为原标题
String displayName = problem.getTitle();
// 修改成比赛题目
boolean updateProblem = problemService.saveOrUpdate(problem.setAuth(3));
boolean result = contestProblemService.saveOrUpdate(new ContestProblem().setCid(cid).setPid(problem.getId()).setDisplayTitle(displayName).setDisplayId(displayId));
if (result && updateProblem) {
// 添加成功
return CommonResult.successResponse(null, "添加成功!");
} else {
return CommonResult.errorResponse("添加失败", CommonResult.STATUS_FAIL);
}
}
Also used :
QueryWrapper(com.baomidou.mybatisplus.core.conditions.query.QueryWrapper)
HttpSession(javax.servlet.http.HttpSession)
UserRolesVo(top.hcode.hoj.pojo.vo.UserRolesVo)
Problem(top.hcode.hoj.pojo.entity.problem.Problem)
ContestProblem(top.hcode.hoj.pojo.entity.contest.ContestProblem)
ProblemStrategy(top.hcode.hoj.crawler.problem.ProblemStrategy)
ContestProblem(top.hcode.hoj.pojo.entity.contest.ContestProblem)
RequiresAuthentication(org.apache.shiro.authz.annotation.RequiresAuthentication)
RequiresRoles(org.apache.shiro.authz.annotation.RequiresRoles)
Transactional(org.springframework.transaction.annotation.Transactional)
Example 30 with UserRolesVo
use of top.hcode.hoj.pojo.vo.UserRolesVo in project HOJ by HimitZH.
the class AdminContestController method changeContestVisible.
@PutMapping("/change-contest-visible")
@RequiresAuthentication
@RequiresRoles(value = { "root", "admin", "problem_admin" }, logical = Logical.OR)
public CommonResult changeContestVisible(@RequestParam(value = "cid", required = true) Long cid, @RequestParam(value = "uid", required = true) String uid, @RequestParam(value = "visible", required = true) Boolean visible, HttpServletRequest request) {
// 获取当前登录的用户
HttpSession session = request.getSession();
UserRolesVo userRolesVo = (UserRolesVo) session.getAttribute("userInfo");
// 是否为超级管理员
boolean isRoot = SecurityUtils.getSubject().hasRole("root");
// 只有超级管理员和比赛拥有者才能操作
if (!isRoot && !userRolesVo.getUid().equals(uid)) {
return CommonResult.errorResponse("对不起,你无权限操作!", CommonResult.STATUS_FORBIDDEN);
}
boolean result = contestService.saveOrUpdate(new Contest().setId(cid).setVisible(visible));
if (result) {
// 添加成功
return CommonResult.successResponse(null, "修改成功!");
} else {
return CommonResult.errorResponse("修改失败", CommonResult.STATUS_FAIL);
}
}
Also used :
HttpSession(javax.servlet.http.HttpSession)
UserRolesVo(top.hcode.hoj.pojo.vo.UserRolesVo)
Contest(top.hcode.hoj.pojo.entity.contest.Contest)
RequiresAuthentication(org.apache.shiro.authz.annotation.RequiresAuthentication)
RequiresRoles(org.apache.shiro.authz.annotation.RequiresRoles)
Aggregations
UserRolesVo (top.hcode.hoj.pojo.vo.UserRolesVo)184
Session (org.apache.shiro.session.Session)114
StatusForbiddenException (top.hcode.hoj.common.exception.StatusForbiddenException)97
StatusFailException (top.hcode.hoj.common.exception.StatusFailException)78
QueryWrapper (com.baomidou.mybatisplus.core.conditions.query.QueryWrapper)73
HttpSession (javax.servlet.http.HttpSession)65
Group (top.hcode.hoj.pojo.entity.group.Group)64
StatusNotFoundException (top.hcode.hoj.common.exception.StatusNotFoundException)63
RequiresAuthentication (org.apache.shiro.authz.annotation.RequiresAuthentication)53
Contest (top.hcode.hoj.pojo.entity.contest.Contest)38
Transactional (org.springframework.transaction.annotation.Transactional)37
Problem (top.hcode.hoj.pojo.entity.problem.Problem)36
UpdateWrapper (com.baomidou.mybatisplus.core.conditions.update.UpdateWrapper)35
RequiresRoles (org.apache.shiro.authz.annotation.RequiresRoles)21
ContestProblem (top.hcode.hoj.pojo.entity.contest.ContestProblem)16
Discussion (top.hcode.hoj.pojo.entity.discussion.Discussion)15
MultipartFile (org.springframework.web.multipart.MultipartFile)13
Judge (top.hcode.hoj.pojo.entity.judge.Judge)13
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)12
JSONObject (cn.hutool.json.JSONObject)11
