From d406b52d6a82f46670b4c5fed2ab1f6102e3bca0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9A=AE=E5=85=89=EF=BC=9A=E5=9F=8E=E4=B8=AD=E5=9F=8E?=
 <806783409@qq.com>
Date: Sun, 21 Apr 2019 23:37:56 +0800
Subject: [PATCH] =?UTF-8?q?wiki=E5=9B=BE=E7=89=87=E6=9D=83=E9=99=90?=
 =?UTF-8?q?=E5=88=A4=E6=96=AD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../doc/data/config/security/DocUserUtil.java  |  8 +++++---
 .../config/security/WebSecurityConfig.java     |  2 ++
 .../wiki/controller/WikiCommonController.java  | 18 ++++++++++++++++++
 3 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/zyplayer-doc-data/src/main/java/com/zyplayer/doc/data/config/security/DocUserUtil.java b/zyplayer-doc-data/src/main/java/com/zyplayer/doc/data/config/security/DocUserUtil.java
index 26a5c652..29def8ad 100644
--- a/zyplayer-doc-data/src/main/java/com/zyplayer/doc/data/config/security/DocUserUtil.java
+++ b/zyplayer-doc-data/src/main/java/com/zyplayer/doc/data/config/security/DocUserUtil.java
@@ -14,10 +14,12 @@ public class DocUserUtil {
 	 */
 	public static DocUserDetails getCurrentUser() {
 		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-		Object principal = null;
 		if (authentication != null) {
-			principal = authentication.getPrincipal();
+			Object principal = authentication.getPrincipal();
+			if (principal instanceof DocUserDetails) {
+				return (DocUserDetails) principal;
+			}
 		}
-		return (DocUserDetails) principal;
+		return null;
 	}
 }
diff --git a/zyplayer-doc-manage/src/main/java/com/zyplayer/doc/manage/framework/config/security/WebSecurityConfig.java b/zyplayer-doc-manage/src/main/java/com/zyplayer/doc/manage/framework/config/security/WebSecurityConfig.java
index f93bd5be..a7a5c1c1 100644
--- a/zyplayer-doc-manage/src/main/java/com/zyplayer/doc/manage/framework/config/security/WebSecurityConfig.java
+++ b/zyplayer-doc-manage/src/main/java/com/zyplayer/doc/manage/framework/config/security/WebSecurityConfig.java
@@ -50,6 +50,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 			// 开放接口的静态文件和接口
 			"/open-doc.html", "/webjars/open-doc/**", "/swagger-mg-ui/open-doc/**",
 			"/open-wiki.html", "/webjars/doc-wiki/**", "/zyplayer-doc-wiki/open-api/**",
+			// 文件访问接口，开放文档需要能使用，在接口里面做权限判断
+			"/zyplayer-doc-wiki/common/file",
 			// http代理请求接口，有白名单限制，也不怕随便请求到内网资源了
 			"/swagger-mg-ui/http/**",
 			// 静态资源
diff --git a/zyplayer-doc-wiki/src/main/java/com/zyplayer/doc/wiki/controller/WikiCommonController.java b/zyplayer-doc-wiki/src/main/java/com/zyplayer/doc/wiki/controller/WikiCommonController.java
index 8703bd55..aafddbe0 100644
--- a/zyplayer-doc-wiki/src/main/java/com/zyplayer/doc/wiki/controller/WikiCommonController.java
+++ b/zyplayer-doc-wiki/src/main/java/com/zyplayer/doc/wiki/controller/WikiCommonController.java
@@ -7,8 +7,12 @@ import com.zyplayer.doc.core.json.DocResponseJson;
 import com.zyplayer.doc.core.json.ResponseJson;
 import com.zyplayer.doc.data.config.security.DocUserDetails;
 import com.zyplayer.doc.data.config.security.DocUserUtil;
+import com.zyplayer.doc.data.repository.manage.entity.WikiPage;
 import com.zyplayer.doc.data.repository.manage.entity.WikiPageFile;
+import com.zyplayer.doc.data.repository.manage.entity.WikiSpace;
 import com.zyplayer.doc.data.service.manage.WikiPageFileService;
+import com.zyplayer.doc.data.service.manage.WikiPageService;
+import com.zyplayer.doc.data.service.manage.WikiSpaceService;
 import com.zyplayer.doc.wiki.framework.consts.Const;
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
@@ -45,6 +49,10 @@ public class WikiCommonController {
 	
 	@Resource
 	WikiPageFileService wikiPageFileService;
+	@Resource
+	WikiPageService wikiPageService;
+	@Resource
+	WikiSpaceService wikiSpaceService;
 	
 	@PostMapping("/wangEditor/upload")
 	public Map<String, Object> wangEditorUpload(WikiPageFile wikiPageFile, @RequestParam("files") MultipartFile file) {
@@ -100,6 +108,16 @@ public class WikiCommonController {
 		if (pageFile == null) {
 			return DocResponseJson.warn("未找到指定文件");
 		}
+		// 未登录访问文件，需要判断是否是开放空间的文件
+		Long pageId = Optional.ofNullable(pageFile.getPageId()).orElse(0L);
+		DocUserDetails currentUser = DocUserUtil.getCurrentUser();
+		if (pageId > 0 && currentUser == null) {
+			WikiPage wikiPage = wikiPageService.getById(pageId);
+			WikiSpace wikiSpace = wikiSpaceService.getById(wikiPage.getSpaceId());
+			if (wikiSpace.getOpenDoc() == 0) {
+				return DocResponseJson.warn("登陆后才可访问此文件");
+			}
+		}
 		try {
 			String fileName = Optional.ofNullable(pageFile.getFileName()).orElse("");
 			File file = new File(pageFile.getFileUrl());