Browse Source

权限修正

jiashun 4 years ago
parent
commit
769687f579

+ 2 - 2
src/main/java/com/macro/mall/tiny/common/util/MyFileUtils.java

@@ -115,7 +115,7 @@ public class MyFileUtils {
     public static List<BFile> getSonFiles(String basePath, FilenameFilter filter, boolean auth) {
         if (StringUtils.isBlank(basePath)) return Lists.newArrayList();
         File oriDic = new File(basePath);
-        if (!oriDic.exists() || oriDic.isFile() || (!auth && oriDic.getName().startsWith(String.valueOf(UploadConfig.AUTH_STR)))) {
+        if (!oriDic.exists() || oriDic.isFile() || (!auth && basePath.contains(String.valueOf(UploadConfig.AUTH_STR)))) {
             return Lists.newArrayList();
         }
         if (oriDic.exists() && oriDic.isDirectory()) {
@@ -186,7 +186,7 @@ public class MyFileUtils {
         if (StringUtils.isBlank(path)) return Lists.newArrayList();
         boolean access = AuthUtil.checkAccess(userDetails, AuthUtil.ACCESS);
         File oriDic = new File(path);
-        if (!oriDic.exists() || oriDic.isFile() || (!access && oriDic.getName().startsWith(String.valueOf(UploadConfig.AUTH_STR)))) {
+        if (!oriDic.exists() || oriDic.isFile() || (!access && path.contains(String.valueOf(UploadConfig.AUTH_STR)))) {
             return Lists.newArrayList();
         }
         File[] subFiles = oriDic.listFiles((dir, name) -> access || !name.startsWith(String.valueOf(UploadConfig.AUTH_STR)));

+ 2 - 2
src/main/java/com/macro/mall/tiny/modules/business/controller/FileController.java

@@ -142,8 +142,8 @@ public class FileController {
     public void downLoad(HttpServletResponse response, @RequestParam @PathParam(value = "path") String path) throws Exception {
         AdminUserDetails userDetails = (AdminUserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
         boolean access = AuthUtil.checkAccess(userDetails, AuthUtil.ACCESS);
+        if (path.contains(String.valueOf(UploadConfig.AUTH_STR))&&!access) return;
         File file = new File(path);
-        if (file.getName().startsWith(String.valueOf(UploadConfig.AUTH_STR))&&!access) return;
         if (file.exists()) { //判断文件父目录是否存在
             String fileName = file.getName();
             response.setContentType("application/form-data");
@@ -180,7 +180,7 @@ public class FileController {
             for (String path : fileDownloadParam.getFileList()) {
                 Path file = Paths.get(path);
                 String fileName = file.getFileName().toString();
-                if (fileName.startsWith(String.valueOf(UploadConfig.AUTH_STR)) && !access) {
+                if (path.contains(String.valueOf(UploadConfig.AUTH_STR)) && !access) {
                     continue;
                 }
                 if (Files.isDirectory(file)) {