diff --git a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/document/ActionQueryViewDocument.java b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/document/ActionQueryViewDocument.java index feed05dcfbe098f8061950228db9d5e45446f42a..fbdd05edb772f66e1017cf591dafec2fd74ae33e 100644 --- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/document/ActionQueryViewDocument.java +++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/document/ActionQueryViewDocument.java @@ -6,8 +6,12 @@ import java.util.Optional; import javax.servlet.http.HttpServletRequest; +import com.x.base.core.container.EntityManagerContainer; +import com.x.base.core.container.factory.EntityManagerContainerFactory; import com.x.base.core.project.cache.Cache; import com.x.base.core.project.cache.CacheManager; +import com.x.base.core.project.exception.ExceptionAccessDenied; +import com.x.cms.assemble.control.Business; import org.apache.commons.lang3.StringUtils; import com.x.base.core.entity.JpaObject; @@ -40,7 +44,6 @@ public class ActionQueryViewDocument extends BaseAction { ActionResult result = new ActionResult<>(); Boolean isManager = false; Boolean check = true; - Boolean isAnonymous = effectivePerson.isAnonymous(); String personName = effectivePerson.getDistinguishedName(); Long viewCount = 0L; @@ -63,7 +66,7 @@ public class ActionQueryViewDocument extends BaseAction { } } - Cache.CacheKey cacheKey = new Cache.CacheKey( this.getClass(), id, isAnonymous, isManager, effectivePerson.getDistinguishedName() ); + Cache.CacheKey cacheKey = new Cache.CacheKey( this.getClass(), id, effectivePerson.getDistinguishedName() ); Optional optional = CacheManager.get(cacheCategory, cacheKey ); if (optional.isPresent()) { @@ -105,7 +108,7 @@ public class ActionQueryViewDocument extends BaseAction { * @param isManager 当前用户是否是系统管理或者CMS管理员 * @return */ - private ActionResult getDocumentQueryResult( String id, HttpServletRequest request, EffectivePerson effectivePerson, Boolean isManager ) { + private ActionResult getDocumentQueryResult( String id, HttpServletRequest request, EffectivePerson effectivePerson, Boolean isManager ) throws Exception { ActionResult result = new ActionResult<>(); Wo wo = new Wo(); WoDocument woOutDocument = null; @@ -121,6 +124,10 @@ public class ActionQueryViewDocument extends BaseAction { List groupNames = null; Boolean isAnonymous = effectivePerson.isAnonymous(); String personName = effectivePerson.getDistinguishedName(); + Business business = null; + try (EntityManagerContainer emc = EntityManagerContainerFactory.instance().create()) { + business = new Business(emc); + } if( !isAnonymous ) { try { @@ -150,6 +157,12 @@ public class ActionQueryViewDocument extends BaseAction { } } + check = this.hasReadPermission(business, document, null, null, effectivePerson, null); + + if(!check){ + throw new ExceptionAccessDenied(effectivePerson, document); + } + if (check) { try { appInfo = appInfoServiceAdv.get( document.getAppId() );