From 0582451a991a4e0477dd77c3c017f35d2bd6761a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9B=B9=E9=B9=8F=E9=A3=9E?= <rakor2010@gmail.com>
Date: Fri, 29 May 2026 09:15:50 +0800
Subject: [PATCH] =?UTF-8?q?refactor(permission):=20=E4=BC=98=E5=8C=96?=
 =?UTF-8?q?=E6=96=87=E4=BB=B6=E6=9D=83=E9=99=90=E6=A0=A1=E9=AA=8C=E5=8F=8A?=
 =?UTF-8?q?=E9=94=81=E5=AE=9A=E9=80=BB=E8=BE=91?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 修改权限校验函数为返回布尔值，简化调用和异常处理逻辑
- 对无权限操作使用统一异常提示，明确提示无权限原因
- 在获取文件详情时添加锁定用户信息及编辑权限标记
- 避免锁定文件时重复提示锁定用户，区分当前用户和锁定用户
- 在文件视图对象中新增可编辑权限字段 canWrite，用于前端权限显示
- 统一权限校验逻辑，支持读写权限细粒度判断，提升代码清晰性和维护性
---
 .../service/QmsFileControllerService.java     | 34 +++++++++++--------
 .../nflg/wms/common/pojo/vo/QmsFileVO.java    |  5 +++
 2 files changed, 24 insertions(+), 15 deletions(-)

diff --git a/nflg-qms-admin/src/main/java/com/nflg/qms/admin/service/QmsFileControllerService.java b/nflg-qms-admin/src/main/java/com/nflg/qms/admin/service/QmsFileControllerService.java
index 6a6dbf3b..eefcebc3 100644
--- a/nflg-qms-admin/src/main/java/com/nflg/qms/admin/service/QmsFileControllerService.java
+++ b/nflg-qms-admin/src/main/java/com/nflg/qms/admin/service/QmsFileControllerService.java
@@ -120,7 +120,7 @@ public class QmsFileControllerService {
 
         // 校验权限
         Long userId = UserUtil.getUserId();
-        checkFilePermission(request.getId(), userId, true);
+        VUtil.trueThrowBusinessError(!checkFilePermission(request.getId(), userId)).throwMessage("无权限修改此文件");
 
         String operator = UserUtil.getUserName();
         LocalDateTime now = LocalDateTime.now();
@@ -154,7 +154,7 @@ public class QmsFileControllerService {
 
         // 校验权限
         Long userId = UserUtil.getUserId();
-        checkFilePermission(id, userId, true);
+        VUtil.trueThrowBusinessError(!checkFilePermission(id, userId)).throwMessage("无权限");
 
         // 删除文件
         fileService.removeById(id);
@@ -222,9 +222,15 @@ public class QmsFileControllerService {
 
         // 校验权限
         Long userId = UserUtil.getUserId();
-        checkFilePermission(id, userId, false);
-
+        boolean permission = checkFilePermission(id, userId);
         QmsFileVO vo = BeanUtil.copyProperties(file, QmsFileVO.class);
+        String key = StrUtil.format(LOCK_KEY, id);
+        Long lockedUserId = redisTemplate.opsForValue().get(key);
+        if (Objects.nonNull(lockedUserId)) {
+            permission = Objects.equals(lockedUserId, userId);
+            vo.setCurrentLockUserName(userService.getById(lockedUserId).getUserName());
+        }
+        vo.setCanWrite(permission);
 
         // 获取分类名称
         QmsFileCategory category = categoryService.getById(file.getCategoryId());
@@ -563,9 +569,9 @@ public class QmsFileControllerService {
 
     /**
      * 校验文件权限
-     * @param needWrite 是否需要写权限
+     * @return 是否有写入权限
      */
-    private void checkFilePermission(Long fileId, Long userId, boolean needWrite) {
+    private boolean checkFilePermission(Long fileId, Long userId) {
         QmsFile file = fileService.getById(fileId);
         if (file == null) {
             throw new NflgException(STATE.BusinessError, "文件不存在");
@@ -573,7 +579,7 @@ public class QmsFileControllerService {
 
         // 文件创建者有权限
         if (Objects.equals(file.getCreateUserId(), userId)) {
-            return;
+            return true;
         }
 
         // 检查是否是文件组员
@@ -585,9 +591,7 @@ public class QmsFileControllerService {
 
         if (member != null) {
             // 有权限：只读(1) 或 读写(2)
-            if (!needWrite || member.getPermissionType() >= 2) {
-                return;
-            }
+            return member.getPermissionType() == 2;
         }
 
         // 检查是否是分类组员
@@ -598,9 +602,7 @@ public class QmsFileControllerService {
                 .one();
 
         if (categoryMember != null) {
-            if (!needWrite || categoryMember.getPermissionType() >= 2) {
-                return;
-            }
+            return categoryMember.getPermissionType() == 2;
         }
 
         throw new NflgException(STATE.BusinessError, "无权限操作此文件");
@@ -647,8 +649,10 @@ public class QmsFileControllerService {
         if (Boolean.FALSE.equals(result)) {
             Long lockedUserId = redisTemplate.opsForValue().get(key);
             if (lockedUserId != null) {
-                User lockedUser = userService.getById(lockedUserId);
-                VUtil.trueThrowBusinessError(true).throwMessage("文件已被用户【" + lockedUser.getUserName() + "】锁定");
+                if (!Objects.equals(lockedUserId, currentUserId)) {
+                    User lockedUser = userService.getById(lockedUserId);
+                    VUtil.trueThrowBusinessError(true).throwMessage("文件已被用户【" + lockedUser.getUserName() + "】锁定");
+                }
             }
             // key 在两次 Redis 操作间隙恰好过期，仍属于锁定失败，需兜底报错
             VUtil.trueThrowBusinessError(true).throwMessage("文件已被锁定");
diff --git a/nflg-wms-common/src/main/java/com/nflg/wms/common/pojo/vo/QmsFileVO.java b/nflg-wms-common/src/main/java/com/nflg/wms/common/pojo/vo/QmsFileVO.java
index 20509cd8..49968f29 100644
--- a/nflg-wms-common/src/main/java/com/nflg/wms/common/pojo/vo/QmsFileVO.java
+++ b/nflg-wms-common/src/main/java/com/nflg/wms/common/pojo/vo/QmsFileVO.java
@@ -88,6 +88,11 @@ public class QmsFileVO {
      */
     private List<QmsFileMemberVO> members;
 
+    /**
+     * 是否可以编辑
+     */
+    private boolean canWrite;
+
     /**
      * 当前锁定用户名称
      */