diff --git a/pom.xml b/pom.xml
index 72967ae..a1990ea 100644
--- a/pom.xml
+++ b/pom.xml
@@ -10,7 +10,7 @@
top.yunshu
shw_server
- 1.7.8-RELEASE
+ 1.7.9-RELEASE
shw_server
Student HomeWork Management System
diff --git a/src/main/java/top/yunshu/shw/server/controller/teacher/TeacherController.java b/src/main/java/top/yunshu/shw/server/controller/teacher/TeacherController.java
index 0200125..6970fa0 100644
--- a/src/main/java/top/yunshu/shw/server/controller/teacher/TeacherController.java
+++ b/src/main/java/top/yunshu/shw/server/controller/teacher/TeacherController.java
@@ -207,14 +207,30 @@ public ResponseEntity addWork(@ApiIgnore LoginUser loginUser,
* @param enabled 开启状态
* @return ResponseEntity
*/
- @SuppressWarnings("unused")
@ApiOperation("更新作业启用状态")
- @PatchMapping("/work/{workId}/{enabled}")
+ @PatchMapping("/work/enabled/{workId}/{enabled}")
public ResponseEntity updateWorkEnabled(@ApiIgnore LoginUser loginUser,
@ApiParam(value = "作业ID", required = true) @PathVariable String workId,
@ApiParam(value = "开启状态", required = true) @PathVariable String enabled) {
logger.debug("up work , work id: " + workId + " enabled: " + enabled);
- workService.changeEnabledWord(workId, Boolean.parseBoolean(enabled));
+ workService.changeWorkEnabledStatus(loginUser.getNo(), workId, Boolean.parseBoolean(enabled));
+ return ResponseEntity.noContent().build();
+ }
+
+ /**
+ * 更新作业名称
+ *
+ * @param workId 作业ID
+ * @param workName 新名称
+ * @return ResponseEntity
+ */
+ @ApiOperation("更新作业名称")
+ @PatchMapping("/work/name/{workId}/{workName}")
+ public ResponseEntity updateWorkName(@ApiIgnore LoginUser loginUser,
+ @ApiParam(value = "作业ID", required = true) @PathVariable String workId,
+ @ApiParam(value = "作业名", required = true) @PathVariable String workName) {
+ logger.debug("up work , work id: " + workId + " name: " + workName);
+ workService.changeWorkName(loginUser.getNo(), workId, workName);
return ResponseEntity.noContent().build();
}
diff --git a/src/main/java/top/yunshu/shw/server/service/work/WorkService.java b/src/main/java/top/yunshu/shw/server/service/work/WorkService.java
index 173badc..9ae11fc 100644
--- a/src/main/java/top/yunshu/shw/server/service/work/WorkService.java
+++ b/src/main/java/top/yunshu/shw/server/service/work/WorkService.java
@@ -65,10 +65,20 @@ public interface WorkService {
/**
* 更改作业开启状态
*
- * @param workId 作业ID
- * @param enabled 是否开启
+ * @param teacherNumber 教师ID
+ * @param workId 作业ID
+ * @param enabled 是否开启
+ */
+ void changeWorkEnabledStatus(String teacherNumber, String workId, boolean enabled);
+
+ /**
+ * 更改作业名称
+ *
+ * @param teacherNumber 教师ID
+ * @param workId 作业ID
+ * @param workName 新作业名
*/
- void changeEnabledWord(String workId, boolean enabled);
+ void changeWorkName(String teacherNumber, String workId, String workName);
/**
* 删除作业
diff --git a/src/main/java/top/yunshu/shw/server/service/work/impl/WorkServiceImpl.java b/src/main/java/top/yunshu/shw/server/service/work/impl/WorkServiceImpl.java
index 37c51a6..f6beeba 100644
--- a/src/main/java/top/yunshu/shw/server/service/work/impl/WorkServiceImpl.java
+++ b/src/main/java/top/yunshu/shw/server/service/work/impl/WorkServiceImpl.java
@@ -19,6 +19,7 @@
import top.yunshu.shw.server.entity.Upload;
import top.yunshu.shw.server.entity.Work;
import top.yunshu.shw.server.exception.NoSuchFiledValueException;
+import top.yunshu.shw.server.exception.PermissionsException;
import top.yunshu.shw.server.model.WorkDetailsModel;
import top.yunshu.shw.server.model.WorkModel;
import top.yunshu.shw.server.service.work.WorkService;
@@ -135,12 +136,27 @@ public Work createWork(String workName, String groupId, String format, boolean e
@CacheEvict(cacheNames = "work", allEntries = true)
})
@Override
- public void changeEnabledWord(String workId, boolean enabled) {
+ public void changeWorkEnabledStatus(String teacherNumber, String workId, boolean enabled) {
Work work = workDao.findById(workId).orElseThrow(() -> new NoSuchFiledValueException("作业ID: " + workId + "不存在", HttpStatus.NOT_FOUND));
+ checkTeacherWorkModifyPermission(teacherNumber, work);
work.setEnabled(enabled);
workDao.save(work);
}
+ @Caching(evict = {
+ @CacheEvict(cacheNames = "studentDoneWork", allEntries = true),
+ @CacheEvict(cacheNames = "studentUndoneWork", allEntries = true),
+ @CacheEvict(cacheNames = "work", key = "'regex:'+#teacherNumber+'*'"),
+ @CacheEvict(cacheNames = "workDetail", key = "'regex:'+#workId+'*'")
+ })
+ @Override
+ public void changeWorkName(String teacherNumber, String workId, String workName) {
+ Work work = workDao.findById(workId).orElseThrow(() -> new NoSuchFiledValueException("作业ID: " + workId + "不存在", HttpStatus.NOT_FOUND));
+ checkTeacherWorkModifyPermission(teacherNumber, work);
+ work.setWorkName(workName);
+ workDao.save(work);
+ }
+
@Caching(evict = {
@CacheEvict(cacheNames = "studentDoneWork", allEntries = true),
@CacheEvict(cacheNames = "studentUndoneWork", allEntries = true),
@@ -210,4 +226,21 @@ private Page getWorkModels(Pageable pageable, List workList) {
return new PageImpl<>(modelMapper.map(works, new TypeToken>() {
}.getType()), pageable, workList.size());
}
+
+ /**
+ * 检查教师修改作业权限(横向越权检查)
+ *
+ * @param teacherNumber 教师ID
+ * @param work 作业
+ */
+ private void checkTeacherWorkModifyPermission(String teacherNumber, Work work) {
+ String teacherNumberInDao = groupDao.findById(work.getGroupId()).orElseThrow(() -> {
+ logger.error("group id: " + work.getGroupId() + " not found and work id is: " + work.getId());
+ return new NoSuchFiledValueException("该作业所属群ID: " + work.getGroupId() + "没有找到", HttpStatus.NOT_FOUND);
+ }).getTeacherNumber();
+ if (!teacherNumberInDao.equals(teacherNumber)) {
+ logger.warn("Horizontal override permission log: " + teacherNumber);
+ throw new PermissionsException("没有找到");
+ }
+ }
}