Home Explore Help
Register Sign In
lihao16
/
elevator-Admin
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

fix:二级等保【高危】接口权限越权

lihao16 1 month ago
parent
2d8d0e45d4
commit
10fe5f7874
3 changed files with 15 additions and 2 deletions
Split View Show Diff Stats
  1. 3 0
      elevator-admin/src/main/java/com/inspur/idm/media/controller/EleCompanyController.java
  2. 3 0
      elevator-admin/src/main/java/com/inspur/idm/media/controller/rescue/RescueInfoController.java
  3. 9 2
      elevator-admin/src/main/java/com/inspur/idm/media/service/rescue/RescueInfoServiceImpl.java

+ 3 - 0
elevator-admin/src/main/java/com/inspur/idm/media/controller/EleCompanyController.java
View File 

@@ -86,6 +86,9 @@ public class EleCompanyController {
 
                 query.setDateEnd(StringUtils.substringAfterLast(query.getRegistrationDate(), ","));
 
             }
 
         }
 
+        if (!MyUserUtil.isSuperAdmin()) {
 
+            query.setCompanyId(MyUserUtil.getCompanyId());
 
+        }
 
         Page<EleCompanyVO> page = eleCompanyService.getEleCompanyList(query);
 
         return new BasePageListObj<>(page.getResult(), page.getTotal());
 
     }

+ 3 - 0
elevator-admin/src/main/java/com/inspur/idm/media/controller/rescue/RescueInfoController.java
View File 

@@ -198,6 +198,9 @@ public class RescueInfoController {
 
         RescueVideo play = new RescueVideo();
 
         play.setRescueId(rescueId);
 
         final RescueInfoVO rescueInfoVO = rescueInfoService.getRescueInfoById(rescueId);
 
+        if (rescueInfoVO == null) {
 
+            return new BaseObj<>(null);
 
+        }
 
         final String elevatorId = rescueInfoVO.getElevatorId();
 
         ElevatorInfoVO elevatorInfoVO = elevatorInfoService.getElevatorInfoById(elevatorId);
 
         play.setElevatorId(elevatorId);

+ 9 - 2
elevator-admin/src/main/java/com/inspur/idm/media/service/rescue/RescueInfoServiceImpl.java
View File 

@@ -140,7 +140,14 @@ public class RescueInfoServiceImpl implements RescueInfoService {
 
 
     @Override
 
     public RescueInfoVO getRescueInfoById(String rescueId) {
 
-        RescueInfo po = rescueInfoDao.selectById(rescueId);
 
+        String limitUser = null;
 
+        final String currentUserId = UserUtils.getCurrentUserId();
 
+        if (MyUserUtil.isSuperAdmin(currentUserId)) {
 
+            //超级管理员 拥有所有数据权限
 
+        }else{
 
+            limitUser = currentUserId;
 
+        }
 
+        RescueInfo po = rescueInfoDao.selectInfoById(rescueId,limitUser);
 
         if (po == null) {
 
             return null;
 
         }
 
@@ -638,7 +645,7 @@ public class RescueInfoServiceImpl implements RescueInfoService {
 
         }
 
         String prefix = configService.getPubConfigValue(CommConstant.SRS_WEBRTC_PREFIX);
 
         return prefix + CommConstant.STREAM_APP + "/" +
 
-                eleDeviceInfoVO.getCamera1No() + "_" + eleDeviceInfoVO.getCamera1Channel();
 
+                cameraId + "_" + cameraNo;
 
     }
 
 
     @Override