附件上传权限修改

739be6d1 · o2sword · b2bdd6ef · 739be6d1 · 739be6d1 · 739be6d1
3 changed file
--- a/o2server/x_processplatform_assemble_surface/src/main/java/com/x/processplatform/assemble/surface/jaxrs/attachment/ActionUploadWithUrl.java
+++ b/o2server/x_processplatform_assemble_surface/src/main/java/com/x/processplatform/assemble/surface/jaxrs/attachment/ActionUploadWithUrl.java
@@ -56,9 +56,6 @@ class ActionUploadWithUrl extends BaseAction {
 			if (StringUtils.isEmpty(wi.getSite())) {
 				throw new ExceptionEntityFieldEmpty(Attachment.class, wi.getSite());
 			}
-			if (!business.readableWithWorkOrWorkCompleted(effectivePerson, wi.getWorkId())) {
-				throw new ExceptionAccessDenied(effectivePerson, wi.getWorkId());
-			}
 			String person = effectivePerson.getDistinguishedName();
 			if (StringUtils.isNotEmpty(wi.getPerson()) && business.canManageApplication(effectivePerson, null)) {
 				Person p = business.organization().person().getObject(wi.getPerson());
@@ -89,6 +86,9 @@ class ActionUploadWithUrl extends BaseAction {
 			if (attachment == null) {
 				throw new ExceptionEntityNotExist(wi.getWorkId());
 			}
+			if (!business.editable(effectivePerson, attachment.getJob())) {
+				throw new ExceptionAccessDenied(effectivePerson, wi.getWorkId());
+			}
 			byte[] bytes = CipherConnectionAction.getBinary(false, wi.getFileUrl());
 			if (bytes == null || bytes.length == 0) {
 				throw new IllegalStateException("can not down file from url.");

--- a/o2server/x_processplatform_assemble_surface/src/main/java/com/x/processplatform/assemble/surface/jaxrs/attachment/ActionUploadWithWorkCompleted.java
+++ b/o2server/x_processplatform_assemble_surface/src/main/java/com/x/processplatform/assemble/surface/jaxrs/attachment/ActionUploadWithWorkCompleted.java
@@ -51,10 +51,7 @@ class ActionUploadWithWorkCompleted extends BaseAction {
 			if (ends.isEmpty()) {
 				throw new ExceptionEndNotExist(process.getId());
 			}
-			if ((effectivePerson.isNotManager())
-					&& (!business.organization().person().hasRole(effectivePerson,
-							OrganizationDefinition.ProcessPlatformManager, OrganizationDefinition.Manager))
-					&& effectivePerson.isNotPerson(application.getControllerList())) {
+			if (!business.canManageApplicationOrProcess(effectivePerson, application, process)) {
 				throw new ExceptionAccessDenied(effectivePerson);
 			}
 			if (StringUtils.isEmpty(fileName)) {

--- a/o2server/x_processplatform_assemble_surface/src/main/java/com/x/processplatform/assemble/surface/jaxrs/attachment/ActionUploadWorkInfo.java
+++ b/o2server/x_processplatform_assemble_surface/src/main/java/com/x/processplatform/assemble/surface/jaxrs/attachment/ActionUploadWorkInfo.java
@@ -75,7 +75,7 @@ class ActionUploadWorkInfo extends BaseAction {
 					workHtml = "<html><head></head><body>" + workHtml + "</body></html>";
 				}
 			}
-			String id = saveHtml(workId, flag, workHtml, effectivePerson.getDistinguishedName(), title,
+			String id = saveHtml(flag, workHtml, effectivePerson.getDistinguishedName(), title,
 					wi.getPageWidth(), business);
 			Wo wo = new Wo();
 			wo.setId(id);
@@ -87,7 +87,7 @@ class ActionUploadWorkInfo extends BaseAction {
 	public static class Wo extends WoId {
 	}

-	private String saveHtml(String workId, String flag, String workHtml, String person, String title, Float pageWidth,
+	private String saveHtml(String flag, String workHtml, String person, String title, Float pageWidth,
 			Business business) {
 		try {
 			String name = "";