From 739be6d1b9b353022d2fc81fe5afdf7fc675a27c Mon Sep 17 00:00:00 2001
From: o2sword <171715986@qq.com>
Date: Tue, 16 Aug 2022 14:19:19 +0800
Subject: [PATCH] =?UTF-8?q?=E9=99=84=E4=BB=B6=E4=B8=8A=E4=BC=A0=E6=9D=83?=
 =?UTF-8?q?=E9=99=90=E4=BF=AE=E6=94=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../surface/jaxrs/attachment/ActionUploadWithUrl.java       | 6 +++---
 .../jaxrs/attachment/ActionUploadWithWorkCompleted.java     | 5 +----
 .../surface/jaxrs/attachment/ActionUploadWorkInfo.java      | 4 ++--
 3 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/o2server/x_processplatform_assemble_surface/src/main/java/com/x/processplatform/assemble/surface/jaxrs/attachment/ActionUploadWithUrl.java b/o2server/x_processplatform_assemble_surface/src/main/java/com/x/processplatform/assemble/surface/jaxrs/attachment/ActionUploadWithUrl.java
index 29e6ffeece..98371181ec 100644
--- a/o2server/x_processplatform_assemble_surface/src/main/java/com/x/processplatform/assemble/surface/jaxrs/attachment/ActionUploadWithUrl.java
+++ b/o2server/x_processplatform_assemble_surface/src/main/java/com/x/processplatform/assemble/surface/jaxrs/attachment/ActionUploadWithUrl.java
@@ -56,9 +56,6 @@ class ActionUploadWithUrl extends BaseAction {
 			if (StringUtils.isEmpty(wi.getSite())) {
 				throw new ExceptionEntityFieldEmpty(Attachment.class, wi.getSite());
 			}
-			if (!business.readableWithWorkOrWorkCompleted(effectivePerson, wi.getWorkId())) {
-				throw new ExceptionAccessDenied(effectivePerson, wi.getWorkId());
-			}
 			String person = effectivePerson.getDistinguishedName();
 			if (StringUtils.isNotEmpty(wi.getPerson()) && business.canManageApplication(effectivePerson, null)) {
 				Person p = business.organization().person().getObject(wi.getPerson());
@@ -89,6 +86,9 @@ class ActionUploadWithUrl extends BaseAction {
 			if (attachment == null) {
 				throw new ExceptionEntityNotExist(wi.getWorkId());
 			}
+			if (!business.editable(effectivePerson, attachment.getJob())) {
+				throw new ExceptionAccessDenied(effectivePerson, wi.getWorkId());
+			}
 			byte[] bytes = CipherConnectionAction.getBinary(false, wi.getFileUrl());
 			if (bytes == null || bytes.length == 0) {
 				throw new IllegalStateException("can not down file from url.");
diff --git a/o2server/x_processplatform_assemble_surface/src/main/java/com/x/processplatform/assemble/surface/jaxrs/attachment/ActionUploadWithWorkCompleted.java b/o2server/x_processplatform_assemble_surface/src/main/java/com/x/processplatform/assemble/surface/jaxrs/attachment/ActionUploadWithWorkCompleted.java
index dc45d6514a..38a03e3b41 100644
--- a/o2server/x_processplatform_assemble_surface/src/main/java/com/x/processplatform/assemble/surface/jaxrs/attachment/ActionUploadWithWorkCompleted.java
+++ b/o2server/x_processplatform_assemble_surface/src/main/java/com/x/processplatform/assemble/surface/jaxrs/attachment/ActionUploadWithWorkCompleted.java
@@ -51,10 +51,7 @@ class ActionUploadWithWorkCompleted extends BaseAction {
 			if (ends.isEmpty()) {
 				throw new ExceptionEndNotExist(process.getId());
 			}
-			if ((effectivePerson.isNotManager())
-					&& (!business.organization().person().hasRole(effectivePerson,
-							OrganizationDefinition.ProcessPlatformManager, OrganizationDefinition.Manager))
-					&& effectivePerson.isNotPerson(application.getControllerList())) {
+			if (!business.canManageApplicationOrProcess(effectivePerson, application, process)) {
 				throw new ExceptionAccessDenied(effectivePerson);
 			}
 			if (StringUtils.isEmpty(fileName)) {
diff --git a/o2server/x_processplatform_assemble_surface/src/main/java/com/x/processplatform/assemble/surface/jaxrs/attachment/ActionUploadWorkInfo.java b/o2server/x_processplatform_assemble_surface/src/main/java/com/x/processplatform/assemble/surface/jaxrs/attachment/ActionUploadWorkInfo.java
index 3a0b954380..3c3492f92b 100644
--- a/o2server/x_processplatform_assemble_surface/src/main/java/com/x/processplatform/assemble/surface/jaxrs/attachment/ActionUploadWorkInfo.java
+++ b/o2server/x_processplatform_assemble_surface/src/main/java/com/x/processplatform/assemble/surface/jaxrs/attachment/ActionUploadWorkInfo.java
@@ -75,7 +75,7 @@ class ActionUploadWorkInfo extends BaseAction {
 					workHtml = "<html><head></head><body>" + workHtml + "</body></html>";
 				}
 			}
-			String id = saveHtml(workId, flag, workHtml, effectivePerson.getDistinguishedName(), title,
+			String id = saveHtml(flag, workHtml, effectivePerson.getDistinguishedName(), title,
 					wi.getPageWidth(), business);
 			Wo wo = new Wo();
 			wo.setId(id);
@@ -87,7 +87,7 @@ class ActionUploadWorkInfo extends BaseAction {
 	public static class Wo extends WoId {
 	}
 
-	private String saveHtml(String workId, String flag, String workHtml, String person, String title, Float pageWidth,
+	private String saveHtml(String flag, String workHtml, String person, String title, Float pageWidth,
 			Business business) {
 		try {
 			String name = "";
-- 
GitLab