Merge branch 'master' of http://git.izouma.com/xiongzhu/raex_back into dev-mata-ldz

src/main/java/com/izouma/nineth/web/AirDropController.java

@@ -32,11 +32,13 @@ public class AirDropController extends BaseController {
 
     //@PreAuthorize("hasRole('ADMIN')")
     @PostMapping("/all")
+    @PreAuthorize("hasAnyRole('ADMIN', 'SAAS')")
     public Page<AirDrop> all(@RequestBody PageQuery pageQuery) {
         return airDropService.all(pageQuery);
     }
 
     @GetMapping("/get/{id}")
+    @PreAuthorize("hasAnyRole('ADMIN', 'SAAS')")
     public AirDrop get(@PathVariable Long id) {
         return airDropRepo.findById(id).orElseThrow(new BusinessException("无记录"));
     }
@@ -47,6 +49,7 @@ public class AirDropController extends BaseController {
     }
 
     @GetMapping("/excel")
+    @PreAuthorize("hasAnyRole('ADMIN', 'SAAS')")
     @ResponseBody
     public void excel(HttpServletResponse response, PageQuery pageQuery) throws IOException {
         List<AirDrop> data = all(pageQuery).getContent();

src/main/java/com/izouma/nineth/web/AssetController.java

@@ -104,6 +104,10 @@ public class AssetController extends BaseController {
     @JsonView(Asset.View.Basic.class)
     public Asset get(@PathVariable Long id) {
         Asset asset = assetRepo.findById(id).orElseThrow(new BusinessException("无记录"));
+        if (!asset.isPublicShow() && (SecurityUtils.getAuthenticatedUser() == null
+                || !asset.getUserId().equals(SecurityUtils.getAuthenticatedUser().getId()))) {
+            throw new BusinessException("无记录");
+        }
         if (asset.getType().equals(CollectionType.DOMAIN)) {
             String domainName = asset.getName().substring(9);
             DomainOrder domainOrder = domainOrderRepo
@@ -168,7 +172,7 @@ public class AssetController extends BaseController {
     @ApiOperation("转赠(无gas费)")
     public GiftOrder giftWithoutGasFee(@RequestParam Long assetId, @RequestParam Long toUserId, @RequestParam String tradeCode) {
         return giftOrderService.giftWithoutGasFee(SecurityUtils.getAuthenticatedUser()
-                .getId(), assetId, toUserId, tradeCode);
+                                                               .getId(), assetId, toUserId, tradeCode);
     }
 
     @GetMapping("/tokenHistory")
@@ -233,7 +237,7 @@ public class AssetController extends BaseController {
     @PostMapping("/metaDestroy")
     public void metaDestroy(@RequestBody MetaDestroyParam metaDestroyParam) {
         assetService.metaDestroyWithoutTradeCode(metaDestroyParam, SecurityUtils.getAuthenticatedUser()
-                .getId(), OperationSource.META);
+                                                                                .getId(), OperationSource.META);
     }
 
     @ApiOperation("开盲盒")
@@ -259,7 +263,7 @@ public class AssetController extends BaseController {
             return 0;
         }
         return assetService.getRoyalties(asset.getMinterId(), asset.getRoyalties(), SecurityUtils.getAuthenticatedUser()
-                .getId());
+                                                                                                 .getId());
     }
 
     @PostMapping("/getServicecharge")
@@ -269,7 +273,7 @@ public class AssetController extends BaseController {
             return assetService.getDomainServiceCharge(SecurityUtils.getAuthenticatedUser().getId());
         }
         return assetService.getServicecharge(asset.getServiceCharge(), SecurityUtils.getAuthenticatedUser()
-                .getId());
+                                                                                    .getId());
     }
 
     @GetMapping("/hcChain")
@@ -314,7 +318,8 @@ public class AssetController extends BaseController {
 
     @GetMapping("/getId/{name}")
     public MetaRestResult<Long> getId(@PathVariable String name) {
-        Asset asset = assetRepo.findByNameAndStatusAndCategoryAndDel("RID元宇宙域名 ".concat(name).concat(".nft"), AssetStatus.NORMAL,"元域名",false);
+        Asset asset = assetRepo.findByNameAndStatusAndCategoryAndDel("RID元宇宙域名 ".concat(name)
+                                                                                     .concat(".nft"), AssetStatus.NORMAL, "元域名", false);
         if (Objects.isNull(asset)) {
             return MetaRestResult.returnError("该域名不存在");
         }