4 years ago · 769687f579
--- a/src/main/java/com/macro/mall/tiny/common/util/MyFileUtils.java
+++ b/src/main/java/com/macro/mall/tiny/common/util/MyFileUtils.java
@@ -115,7 +115,7 @@ public class MyFileUtils {
 
				     public static List<BFile> getSonFiles(String basePath, FilenameFilter filter, boolean auth) {
			
 
				         if (StringUtils.isBlank(basePath)) return Lists.newArrayList();
			
 
				         File oriDic = new File(basePath);
			
 
				-        if (!oriDic.exists() || oriDic.isFile() || (!auth && oriDic.getName().startsWith(String.valueOf(UploadConfig.AUTH_STR)))) {
			
 
				+        if (!oriDic.exists() || oriDic.isFile() || (!auth && basePath.contains(String.valueOf(UploadConfig.AUTH_STR)))) {
			
 
				             return Lists.newArrayList();
			
 
				         }
			
 
				         if (oriDic.exists() && oriDic.isDirectory()) {
			
@@ -186,7 +186,7 @@ public class MyFileUtils {
 
				         if (StringUtils.isBlank(path)) return Lists.newArrayList();
			
 
				         boolean access = AuthUtil.checkAccess(userDetails, AuthUtil.ACCESS);
			
 
				         File oriDic = new File(path);
			
 
				-        if (!oriDic.exists() || oriDic.isFile() || (!access && oriDic.getName().startsWith(String.valueOf(UploadConfig.AUTH_STR)))) {
			
 
				+        if (!oriDic.exists() || oriDic.isFile() || (!access && path.contains(String.valueOf(UploadConfig.AUTH_STR)))) {
			
 
				             return Lists.newArrayList();
			
 
				         }
			
 
				         File[] subFiles = oriDic.listFiles((dir, name) -> access || !name.startsWith(String.valueOf(UploadConfig.AUTH_STR)));
			
--- a/src/main/java/com/macro/mall/tiny/modules/business/controller/FileController.java
+++ b/src/main/java/com/macro/mall/tiny/modules/business/controller/FileController.java
@@ -142,8 +142,8 @@ public class FileController {
 
				     public void downLoad(HttpServletResponse response, @RequestParam @PathParam(value = "path") String path) throws Exception {
			
 
				         AdminUserDetails userDetails = (AdminUserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
			
 
				         boolean access = AuthUtil.checkAccess(userDetails, AuthUtil.ACCESS);
			
 
				+        if (path.contains(String.valueOf(UploadConfig.AUTH_STR))&&!access) return;
			
 
				         File file = new File(path);
			
 
				-        if (file.getName().startsWith(String.valueOf(UploadConfig.AUTH_STR))&&!access) return;
			
 
				         if (file.exists()) { //判断文件父目录是否存在
			
 
				             String fileName = file.getName();
			
 
				             response.setContentType("application/form-data");
			
@@ -180,7 +180,7 @@ public class FileController {
 
				             for (String path : fileDownloadParam.getFileList()) {
			
 
				                 Path file = Paths.get(path);
			
 
				                 String fileName = file.getFileName().toString();
			
 
				-                if (fileName.startsWith(String.valueOf(UploadConfig.AUTH_STR)) && !access) {
			
 
				+                if (path.contains(String.valueOf(UploadConfig.AUTH_STR)) && !access) {
			
 
				                     continue;
			
 
				                 }
			
 
				                 if (Files.isDirectory(file)) {