'commit'

2 years ago · 200314d7b0
parent cabfc108f7
commit 200314d7b0
2 changed files with 27 additions and 1 deletions
--- a/src/main/java/com/dsideal/QingLong/LoginPerson/Controller/LoginPersonController.java
+++ b/src/main/java/com/dsideal/QingLong/LoginPerson/Controller/LoginPersonController.java
@ -16,12 +16,14 @@ import com.jfinal.kit.Kv;
 import com.jfinal.kit.PathKit;
 import com.jfinal.kit.PropKit;
 import com.jfinal.kit.StrKit;
+import com.jfinal.plugin.activerecord.Db;
 import com.jfinal.plugin.activerecord.Page;
 import com.jfinal.plugin.activerecord.Record;

 import javax.servlet.http.HttpServletResponse;
 import java.io.File;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 import java.util.UUID;

@ -31,7 +33,6 @@ public class LoginPersonController extends Controller {
    LoginPersonModel model = new LoginPersonModel();


-
    /**
     * 验证登录
     *
@ -162,6 +163,20 @@ public class LoginPersonController extends Controller {
        //去掉限制
        RedisKit.Del(PassWordKey);
        RedisKit.Del(checkCodeKey);
+
+        //检查当前人员是不是存在合理角色
+        int identity_id = Integer.parseInt(loginMap.get("identity_id").toString());
+        String person_id = loginMap.get("person_id").toString();
+        if (identity_id == 5 || identity_id == 6) {
+            List<Record> list = model.getPersonDuty(person_id);
+            if (list.size() == 0) {
+                resultJson.put("success", false);
+                resultJson.put("msg", "没有后台管理权限！");
+                renderJson(resultJson);
+                return;
+            }
+        }
+
        //防止用户攻击修改Cookie
        Map<String, Object> _map = new HashMap<>();
        _map.put("identity_id", loginMap.get("identity_id"));
--- a/src/main/java/com/dsideal/QingLong/LoginPerson/Model/LoginPersonModel.java
+++ b/src/main/java/com/dsideal/QingLong/LoginPerson/Model/LoginPersonModel.java
@ -274,4 +274,15 @@ public class LoginPersonModel {
        String sql = "update t_sys_loginperson set telephone=?,email=? where person_id=?";
        Db.update(sql, telephone, email, person_id);
    }
+
+    /**
+     * 功能：指定人员有哪些角色信息
+     * @param person_id
+     * @return
+     */
+    public List<Record> getPersonDuty(String person_id) {
+        String sql = "select * from t_person_duty_charge where person_id=?";
+        List<Record> list = Db.find(sql, person_id);
+        return list;
+    }
 }