Authored by fangyeqing

FIX:fix bug

package com.xkl.authorization.aspect;
import com.xkl.domain.XklApiKeyEntity;
import com.xkl.repository.XklApiKeyRespository;
import com.xkl.repository.XklInterKeyRespository;
import com.xkl.security.SecurityTool;
import com.xkl.tools.UtilTools;
... ... @@ -32,7 +34,7 @@ import java.util.Map;
@CommonsLog
public class SignAspect {
@Autowired
private XklInterKeyRespository xklInterKeyRespository;
private XklApiKeyRespository xklApiKeyRespository;
/**
* 由接口传过来的type获取xkl_inter_key表中的key
... ... @@ -41,7 +43,13 @@ public class SignAspect {
*/
private String getKeyByType(int type){
long id = (long)type;
return (xklInterKeyRespository.findOne(id) == null)?"":xklInterKeyRespository.findOne(id).getKey();
XklApiKeyEntity xklApiKey = xklApiKeyRespository.findOne(id);
if(xklApiKey != null){
if(xklApiKey.getStatus()==1 && (xklApiKey.getAccessStatus()==2||xklApiKey.getAccessStatus()==3)){
return xklApiKey.getApiKey();
}
}
return null;
}
/**
* 定义切点,定位到@Sign注解的地方
... ...
... ... @@ -5,9 +5,8 @@ package com.xkl.config;
*/
public enum ResultStatus {
SUCCESS(100, "成功/Success"),
SIGN_ERROR(-100, "签名错误或者客户端时间有误"),
SIGN_NO_ACCESS(-101, "签名未授权"),
SIGN_NO_ACTIVE(-102, "签名未激活"),
SIGN_ERROR(-100, "签名错误、未授权或者客户端时间有误"),
SIGN_NO_ACTIVE(-101, "数据共享签名未激活"),
USER_REGISTER(1000,"用户注册成功"),
USER_LOGOUT(1001,"退出登录成功"),
... ...
... ... @@ -2,12 +2,14 @@ package com.xkl.controller;
import com.wordnik.swagger.annotations.ApiOperation;
import com.xkl.authorization.annotation.LogAnnotation;
import com.xkl.authorization.annotation.Sign;
import com.xkl.config.Constants;
import com.xkl.domain.*;
import com.xkl.model.ReportDetailModel;
import com.xkl.model.ReportModel;
import com.xkl.model.ResultModel;
import com.xkl.repository.*;
import com.xkl.security.AntiXSS;
import com.xkl.service.IScoreService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
... ... @@ -43,22 +45,19 @@ public class DataShareController {
private IScoreService scoreService;
@LogAnnotation
//@AntiXSS
//@Sign
@AntiXSS
@Sign
@RequestMapping(value = "/list", method = RequestMethod.GET)
@ApiOperation(value = "体检报告列表共享接口")
public ResponseEntity<ResultModel> getReportList(HttpServletRequest request,
@RequestParam String sign, @RequestParam long t, @RequestParam int type) {
//if (!(boolean) request.getAttribute("signAspect"))
//return new ResponseEntity<>(ResultModel.error(SIGN_ERROR), HttpStatus.OK);
if (!(boolean) request.getAttribute("signAspect"))
return new ResponseEntity<>(ResultModel.error(SIGN_ERROR), HttpStatus.OK);
XklApiKeyEntity xklApiKey = xklApiKeyRespository.findOne((long)type);
List<XklAmpReportEntity> xklAmpReportResult = new ArrayList<>();
if(xklApiKey.getActiveStatus()!=1){
return new ResponseEntity<>(ResultModel.error(SIGN_NO_ACTIVE), HttpStatus.OK);
}
if(xklApiKey.getAccessStatus()!=3){
return new ResponseEntity<>(ResultModel.error(SIGN_NO_ACCESS), HttpStatus.OK);
}
long companyId = xklApiKey.getCompanyId();
XklCompanyEntity xklCompany = xklCompanyRespository.findOne(companyId);
... ... @@ -87,23 +86,20 @@ public class DataShareController {
}
@LogAnnotation
//@AntiXSS
//@Sign
@AntiXSS
@Sign
@RequestMapping(value = "/detail", method = RequestMethod.GET)
@ApiOperation(value = "体检报告详情共享接口")
public ResponseEntity<ResultModel> getReportDetail(HttpServletRequest request, @RequestParam long report_id,
@RequestParam String sign, @RequestParam long t, @RequestParam int type) {
//if (!(boolean) request.getAttribute("signAspect"))
// return new ResponseEntity<>(ResultModel.error(SIGN_ERROR), HttpStatus.OK);
if (!(boolean) request.getAttribute("signAspect"))
return new ResponseEntity<>(ResultModel.error(SIGN_ERROR), HttpStatus.OK);
XklAmpReportEntity report = xklAmpReportRespository.findOne(report_id);
XklApiKeyEntity xklApiKey = xklApiKeyRespository.findOne((long)type);
if(xklApiKey.getActiveStatus()!=1){
return new ResponseEntity<>(ResultModel.error(SIGN_NO_ACTIVE), HttpStatus.OK);
}
if(xklApiKey.getAccessStatus()!=3){
return new ResponseEntity<>(ResultModel.error(SIGN_NO_ACCESS), HttpStatus.OK);
}
long companyId = xklApiKey.getCompanyId();
XklCompanyEntity company = xklCompanyRespository.findOne(companyId);
... ...
... ... @@ -78,11 +78,11 @@ public class XklAmpReportMetaScoreStandardEntity {
*/
public double getScore(double score){
double result = 0;
if(score>=interval1Min && score<interval1Max)
if(score>=interval1Min && score<=interval1Max)
result = interval1Score;
else if(score>=interval2Min && score<interval2Max)
else if(score>=interval2Min && score<=interval2Max)
result = interval2Score;
else if(score>=interval3Min && score<interval3Max)
else if(score>=interval3Min && score<=interval3Max)
result = interval3Score;
else if(score>=interval4Min && score<=interval4Max)
result = interval4Score;
... ...
... ... @@ -22,14 +22,14 @@ public class XklApiKeyEntity {
private long companyId;
@Basic
@Column(name = "access_status")
private byte accessStatus;
private byte accessStatus;//状态,2/3为可用
@Basic
@Column(name = "active_status")
private byte activeStatus;
private byte activeStatus;//数据共享接口开关,1为激活
@Basic
@Column(name = "remark")
private String remark;
@Basic
@Column(name = "status")
private byte status;
private byte status;//是否删除标记,0为删除,1为有效
}
... ...