Merge branch 'fixbug' into 'master'

FIX:fix bug

修复打分边界值的问题，数据签名的问题

See merge request !29

 package com.xkl.authorization.aspect;
 
+import com.xkl.domain.XklApiKeyEntity;
+import com.xkl.repository.XklApiKeyRespository;
 import com.xkl.repository.XklInterKeyRespository;
 import com.xkl.security.SecurityTool;
 import com.xkl.tools.UtilTools;
@@ -32,7 +34,7 @@ import java.util.Map;
 @CommonsLog
 public class SignAspect {
     @Autowired
-    private XklInterKeyRespository xklInterKeyRespository;
+    private XklApiKeyRespository xklApiKeyRespository;
 
     /**
      * 由接口传过来的type获取xkl_inter_key表中的key
@@ -41,7 +43,13 @@ public class SignAspect {
      */
     private String getKeyByType(int type){
         long id = (long)type;
-        return (xklInterKeyRespository.findOne(id) == null)?"":xklInterKeyRespository.findOne(id).getKey();
+        XklApiKeyEntity xklApiKey = xklApiKeyRespository.findOne(id);
+        if(xklApiKey != null){
+            if(xklApiKey.getStatus()==1 && (xklApiKey.getAccessStatus()==2||xklApiKey.getAccessStatus()==3)){
+                return xklApiKey.getApiKey();
+            }
+        }
+        return null;
     }
     /**
      * 定义切点，定位到@Sign注解的地方

@@ -5,9 +5,8 @@ package com.xkl.config;
  */
 public enum ResultStatus {
     SUCCESS(100, "成功/Success"),
-    SIGN_ERROR(-100, "签名错误或者客户端时间有误"),
-    SIGN_NO_ACCESS(-101, "签名未授权"),
-    SIGN_NO_ACTIVE(-102, "签名未激活"),
+    SIGN_ERROR(-100, "签名错误、未授权或者客户端时间有误"),
+    SIGN_NO_ACTIVE(-101, "数据共享签名未激活"),
 
     USER_REGISTER(1000,"用户注册成功"),
     USER_LOGOUT(1001,"退出登录成功"),

@@ -2,12 +2,14 @@ package com.xkl.controller;
 
 import com.wordnik.swagger.annotations.ApiOperation;
 import com.xkl.authorization.annotation.LogAnnotation;
+import com.xkl.authorization.annotation.Sign;
 import com.xkl.config.Constants;
 import com.xkl.domain.*;
 import com.xkl.model.ReportDetailModel;
 import com.xkl.model.ReportModel;
 import com.xkl.model.ResultModel;
 import com.xkl.repository.*;
+import com.xkl.security.AntiXSS;
 import com.xkl.service.IScoreService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
@@ -43,22 +45,19 @@ public class DataShareController {
     private IScoreService scoreService;
 
     @LogAnnotation
-    //@AntiXSS
-    //@Sign
+    @AntiXSS
+    @Sign
     @RequestMapping(value = "/list", method = RequestMethod.GET)
     @ApiOperation(value = "体检报告列表共享接口")
     public ResponseEntity<ResultModel> getReportList(HttpServletRequest request,
                                                      @RequestParam String sign, @RequestParam long t, @RequestParam int type) {
-        //if (!(boolean) request.getAttribute("signAspect"))
-            //return new ResponseEntity<>(ResultModel.error(SIGN_ERROR), HttpStatus.OK);
+        if (!(boolean) request.getAttribute("signAspect"))
+            return new ResponseEntity<>(ResultModel.error(SIGN_ERROR), HttpStatus.OK);
         XklApiKeyEntity xklApiKey = xklApiKeyRespository.findOne((long)type);
         List<XklAmpReportEntity> xklAmpReportResult = new ArrayList<>();
         if(xklApiKey.getActiveStatus()!=1){
             return new ResponseEntity<>(ResultModel.error(SIGN_NO_ACTIVE), HttpStatus.OK);
         }
-        if(xklApiKey.getAccessStatus()!=3){
-            return new ResponseEntity<>(ResultModel.error(SIGN_NO_ACCESS), HttpStatus.OK);
-        }
 
         long companyId = xklApiKey.getCompanyId();
         XklCompanyEntity xklCompany = xklCompanyRespository.findOne(companyId);
@@ -87,23 +86,20 @@ public class DataShareController {
     }
 
     @LogAnnotation
-    //@AntiXSS
-    //@Sign
+    @AntiXSS
+    @Sign
     @RequestMapping(value = "/detail", method = RequestMethod.GET)
     @ApiOperation(value = "体检报告详情共享接口")
     public ResponseEntity<ResultModel> getReportDetail(HttpServletRequest request, @RequestParam long report_id,
                                                        @RequestParam String sign, @RequestParam long t, @RequestParam int type) {
-        //if (!(boolean) request.getAttribute("signAspect"))
-        //    return new ResponseEntity<>(ResultModel.error(SIGN_ERROR), HttpStatus.OK);
+        if (!(boolean) request.getAttribute("signAspect"))
+            return new ResponseEntity<>(ResultModel.error(SIGN_ERROR), HttpStatus.OK);
         XklAmpReportEntity report = xklAmpReportRespository.findOne(report_id);
 
         XklApiKeyEntity xklApiKey = xklApiKeyRespository.findOne((long)type);
         if(xklApiKey.getActiveStatus()!=1){
             return new ResponseEntity<>(ResultModel.error(SIGN_NO_ACTIVE), HttpStatus.OK);
         }
-        if(xklApiKey.getAccessStatus()!=3){
-            return new ResponseEntity<>(ResultModel.error(SIGN_NO_ACCESS), HttpStatus.OK);
-        }
 
         long companyId = xklApiKey.getCompanyId();
         XklCompanyEntity company = xklCompanyRespository.findOne(companyId);

@@ -78,11 +78,11 @@ public class XklAmpReportMetaScoreStandardEntity {
      */
     public double getScore(double score){
         double result = 0;
-        if(score>=interval1Min && score<interval1Max)
+        if(score>=interval1Min && score<=interval1Max)
             result = interval1Score;
-        else if(score>=interval2Min && score<interval2Max)
+        else if(score>=interval2Min && score<=interval2Max)
             result = interval2Score;
-        else if(score>=interval3Min && score<interval3Max)
+        else if(score>=interval3Min && score<=interval3Max)
             result = interval3Score;
         else if(score>=interval4Min && score<=interval4Max)
             result = interval4Score;

@@ -22,14 +22,14 @@ public class XklApiKeyEntity {
     private long companyId;
     @Basic
     @Column(name = "access_status")
-    private byte accessStatus;
+    private byte accessStatus;//状态，2/3为可用
     @Basic
     @Column(name = "active_status")
-    private byte activeStatus;
+    private byte activeStatus;//数据共享接口开关，1为激活
     @Basic
     @Column(name = "remark")
     private String remark;
     @Basic
     @Column(name = "status")
-    private byte status;
+    private byte status;//是否删除标记，0为删除，1为有效
 }