Merge branch 'cpq-dev' of wangfan/adweb3-server into master

jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/adweb/site/controller/AdwebSiteManageController.java

@@ -10,6 +10,7 @@ import jakarta.annotation.Resource;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.lang.StringUtils;
+import org.apache.shiro.SecurityUtils;
 import org.jeecg.common.api.vo.Result;
 import org.jeecg.common.aspect.annotation.AutoLog;
 import org.jeecg.common.system.base.controller.JeecgController;
@@ -20,6 +21,7 @@ import org.jeecg.modules.adweb.site.dto.WordPressConfig;
 import org.jeecg.modules.adweb.site.dto.result.SiteBasicInfo;
 import org.jeecg.modules.adweb.site.entity.AdwebSite;
 import org.jeecg.modules.adweb.site.service.IAdwebSiteService;
+import org.jeecg.modules.adweb.site.service.ISiteUserPermissionService;
 import org.jeecg.modules.adweb.site.service.SiteManageService;
 import org.jeecg.modules.adweb.system.service.SysAdwebApi;
 import org.jeecg.modules.system.entity.SysUser;
@@ -59,6 +61,9 @@ public class AdwebSiteManageController extends JeecgController<AdwebSite, IAdweb
     @Resource
     private ISysUserTenantService sysUserTenantService;
 
+    @Resource
+    private ISiteUserPermissionService siteUserPermissionService;
+
     /**
      * 查询wordpress站点配置
      *
@@ -67,6 +72,11 @@ public class AdwebSiteManageController extends JeecgController<AdwebSite, IAdweb
      */
     @PostMapping(value = "/queryWordPressConfig")
     public Result<?> queryWordPressConfig(@RequestBody WordPressConfig wordPressConfig) {
+        // 嵌入站点访问之前先验证是否具有访问权限
+        if (!validateSiteCode(wordPressConfig.getSiteCode())) {
+            return Result.noauth("您没有权限访问该站点");
+        }
+
         WordPressConfig config = this.adwebSiteManageService.queryWordPressConfig(wordPressConfig.getSiteCode());
         return Result.OK(config);
     }
@@ -156,4 +166,36 @@ public class AdwebSiteManageController extends JeecgController<AdwebSite, IAdweb
 
         return update ? Result.OK("设置成功") : Result.error("设置失败");
     }
+
+    private Boolean validateSiteCode(String code) {
+        LoginUser sysUser = (LoginUser) SecurityUtils.getSubject().getPrincipal();
+
+        if (sysAdwebApi == null) {
+            throw new IllegalStateException("sysAdwebApi is not initialized");
+        }
+
+        if (sysAdwebApi.isAdmin()) {
+            return true;
+        } else if (sysAdwebApi.isChannelAdmin()) {
+            List<String> channelGroupUids = sysAdwebApi.getChannelGroupUids();
+            if (channelGroupUids == null || channelGroupUids.isEmpty()) {
+                return false;
+            }
+
+            List<String> codeList = siteUserPermissionService.getSiteCodeListByUids(channelGroupUids);
+            if (codeList == null) {
+                return false;
+            }
+
+            return codeList.contains(code);
+        } else {
+            List<String> codeList = siteUserPermissionService.getSiteCodeList(sysUser.getId());
+            if (codeList == null) {
+                return false;
+            }
+
+            return codeList.contains(code);
+        }
+
+    }
 }

jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/adweb/site/dto/result/SiteBasicInfo.java

@@ -50,4 +50,6 @@ public class SiteBasicInfo {
     private Integer compensateDay;
 
     private int percentage;
+
+    private int siteStatus;
 }

jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/adweb/site/service/SiteManageService.java

@@ -103,6 +103,7 @@ public class SiteManageService {
         }
 
 
+        siteBasicInfo.setSiteStatus(siteStatus);
         siteBasicInfo.setPercentage(siteStatus * 100 / 6);
 
         // 获取绑定的套餐信息