用户权限判断，默认继承目录权限

data/src/main/java/com/sdm/data/service/impl/FileUserPermissionServiceImpl.java

@@ -3,9 +3,12 @@ package com.sdm.data.service.impl;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
 import com.sdm.common.entity.enums.FilePermissionEnum;
 import com.sdm.data.dao.FileUserPermissionMapper;
+import com.sdm.data.model.entity.FileMetadataInfo;
 import com.sdm.data.model.entity.FileUserPermission;
 import com.sdm.data.service.IFileMetadataInfoService;
 import com.sdm.data.service.IFileUserPermissionService;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.ObjectUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
@@ -17,6 +20,7 @@ import org.springframework.stereotype.Service;
  * @author author
  * @since 2025-09-05
  */
+@Slf4j
 @Service
 public class FileUserPermissionServiceImpl extends ServiceImpl<FileUserPermissionMapper, FileUserPermission> implements IFileUserPermissionService {
     @Autowired
@@ -24,21 +28,41 @@ public class FileUserPermissionServiceImpl extends ServiceImpl<FileUserPermissio
 
     @Override
     public boolean hasFilePermission(Long fileId, Long userId, FilePermissionEnum permission) {
-        return true;
-        /*FileMetadataInfo fileMetadataInfo = fileMetadataInfoService.getById(fileId);
-        if(ObjectUtils.isNull(fileMetadataInfo)){
+        // 边界：无效 fileId
+        if (fileId == null || fileId <= 0) {
             return false;
         }
 
-        FileUserPermission fileUserPermission = this.lambdaQuery().eq(FileUserPermission::getTFilemetaId, fileId).eq(FileUserPermission::getUserid, userId).one();
-        if(ObjectUtils.isNull(fileUserPermission)){
+        FileMetadataInfo fileMetadataInfo = fileMetadataInfoService.getById(fileId);
+        if (ObjectUtils.isEmpty(fileMetadataInfo)) {
+            log.warn("文件不存在，fileId: {}", fileId);
             return false;
         }
 
-        byte fileUserPermissionByte = fileUserPermission.getPermission();
-        if((fileUserPermissionByte & permission.getValue()) == permission.getValue()){
-            return true;
+        // 查询当前文件的权限
+        FileUserPermission fileUserPermission = this.lambdaQuery()
+                .eq(FileUserPermission::getTFilemetaId, fileId)
+                .eq(FileUserPermission::getUserId, userId)
+                .one();
+
+        if (fileUserPermission != null) {
+            byte perm = fileUserPermission.getPermission();
+            // 如果当前权限包含所需权限，直接允许
+            if ((perm & permission.getValue()) == permission.getValue()) {
+                return true;
+            }
+            // 否则：根据策略决定是否继续继承
+            // 通常：显式授权（即使不足）即终止继承（安全策略）
+            // return false; // 常见做法：有记录就不继承
         }
-        return hasFilePermission(fileMetadataInfo.getParentId(), userId, permission);*/
+
+        // 当前无显式权限，尝试继承父目录
+        Long parentId = fileMetadataInfo.getParentId();
+        if (parentId == null || parentId.equals(fileId) || parentId <= 0) {
+            // 防止循环引用或无效父ID
+            return false;
+        }
+
+        return hasFilePermission(parentId, userId, permission);
     }
 }

data/src/main/java/com/sdm/data/service/impl/MinioFileIDataFileServiceImpl.java

@@ -32,10 +32,7 @@ import com.sdm.common.log.CoreLogger;
 import com.sdm.common.utils.*;
 import com.sdm.common.utils.excel.ExcelUtil;
 import com.sdm.data.model.bo.ApprovalFileDataContentsModel;
-import com.sdm.data.model.entity.FileMetadataExtension;
-import com.sdm.data.model.entity.FileMetadataInfo;
-import com.sdm.data.model.entity.FileStorage;
-import com.sdm.data.model.entity.FileUserPermission;
+import com.sdm.data.model.entity.*;
 import com.sdm.data.model.req.*;
 import com.sdm.data.model.resp.KKFileViewURLFromMinioResp;
 import com.sdm.data.service.*;
@@ -698,13 +695,19 @@ public class MinioFileIDataFileServiceImpl implements IDataFileService {
      * @param directoryId 目录ID
      */
     private void createDirectoryPermission(Long directoryId) {
-        if (StringUtils.hasText(ThreadLocalContext.getCommonHeader().getJobNumber())) {
-            FileUserPermission permission = new FileUserPermission();
-            permission.setTFilemetaId(directoryId);
-            permission.setPermission(FilePermissionEnum.ALL.getValue());
-            permission.setUserId(ThreadLocalContext.getUserId());
-            fileUserPermissionService.save(permission);
-        }
+        FileUserPermission permission = new FileUserPermission();
+        permission.setTFilemetaId(directoryId);
+        permission.setPermission(FilePermissionEnum.ALL.getValue());
+        permission.setUserId(ThreadLocalContext.getUserId());
+        fileUserPermissionService.save(permission);
+    }
+
+    /**
+     * 删除文件夹权限
+     * @param directoryId
+     */
+    private void deleteDirectoryPermission(Long directoryId) {
+        fileUserPermissionService.lambdaUpdate().eq(FileUserPermission::getTFilemetaId, directoryId).remove();
     }
 
     /**
@@ -721,6 +724,15 @@ public class MinioFileIDataFileServiceImpl implements IDataFileService {
         fileUserPermissionService.save(permission);
     }
 
+    /**
+     * 删除文件权限
+     * @param fileId
+     * @return
+     */
+    private void deleteFilePermission(Long fileId) {
+        fileUserPermissionService.lambdaUpdate().eq(FileUserPermission::getTFilemetaId, fileId).remove();
+    }
+
     private Optional<FileMetadataInfo> getFileMetadataInfoByObjectKey(String minioObjectKey) {
         if (!StringUtils.hasText(minioObjectKey)) {
             return Optional.empty();
@@ -784,17 +796,25 @@ public class MinioFileIDataFileServiceImpl implements IDataFileService {
             if(ObjectUtils.isNotEmpty(deleteFileIdList)){
                 fileMetadataInfoService.removeByIds(deleteFileIdList);
                 fileMetadataExtensionService.lambdaUpdate().in(FileMetadataExtension::getTFilemetaId, deleteFileIdList).remove();
+                fileStorageService.lambdaUpdate().in(FileStorage::getFileId, deleteFileIdList).remove();
                 fileUserPermissionService.lambdaUpdate().in(FileUserPermission::getTFilemetaId, deleteFileIdList).remove();
+                fileSimulationMappingService.lambdaUpdate().in(FileSimulationMapping::getFileId, deleteFileIdList).remove();
             }
 
             fileStorageService.lambdaUpdate().eq(FileStorage::getDirId, deleteDirId).remove();
+            //删除文件夹权限
+            deleteDirectoryPermission(deleteDirId);
+
+
             // minio文件系统批量删除文件
             minioService.deleteDirectoryRecursively(dirMinioObjectKey);
             log.info("删除目录文件元数据和Minio文件成功: " + dirMinioObjectKey);
 
+
+
             // 子文件夹一并删除
             List<FileMetadataInfo> childDirs = fileMetadataInfoService.lambdaQuery()
-                    .eq(FileMetadataInfo::getParentId, deleteDirMetadataInfo.getId())
+                    .eq(FileMetadataInfo::getParentId, deleteDirId)
                     .eq(FileMetadataInfo::getDataType, DataTypeEnum.DIRECTORY.getValue())
                     .list();
             if (CollectionUtils.isNotEmpty(childDirs)) {
@@ -1036,7 +1056,10 @@ public class MinioFileIDataFileServiceImpl implements IDataFileService {
             if (ObjectUtils.isEmpty(oldFile)) {
                 return SdmResponse.failed("文件不存在");
             }
-
+            boolean hasDeletePermission = fileUserPermissionService.hasFilePermission(fileId, ThreadLocalContext.getUserId(), FilePermissionEnum.WRITE);
+            if (!hasDeletePermission){
+                return SdmResponse.failed("没有修改权限");
+            }
             String newName = req.getNewName();
             oldObjectKey = oldFile.getObjectKey();
             newObjectKey = oldObjectKey.substring(0, oldObjectKey.lastIndexOf("/") + 1) + newName;