update mathcad

3xxx · Jul 30, 2021 · f15d7cc · f15d7cc
1 parent eb1c593
commit f15d7cc
Show file tree

Hide file tree

Showing 14 changed files with 8,434 additions and 41 deletions.
diff --git a/controllers/AccountController.go b/controllers/AccountController.go
@@ -425,7 +425,8 @@ func (c *AccountController) ValidEmail() {
 
 // Logout 退出登录
 func (c *AccountController) Logout() {
-	c.SetMember(models.Member{})
+	beego.Info("logout")
+	c.SetMember(models.Member{MemberId: 0})
 
 	c.SetSecureCookie(conf.GetAppKey(), "login", "", -3600)
 

diff --git a/controllers/BaseController.go b/controllers/BaseController.go
@@ -89,6 +89,7 @@ func (c *MindocBaseController) isUserLoggedIn() bool {
 func (c *MindocBaseController) SetMember(member models.Member) {
 
 	if member.MemberId <= 0 {
+		beego.Info(member.MemberId)
 		c.DelSession(conf.LoginSessionName)
 		c.DelSession("uid")
 		c.DestroySession()

diff --git a/controllers/attachment.go b/controllers/attachment.go
@@ -15,6 +15,7 @@ import (
 	"net/url"
 	"os"
 	"path"
+	"regexp"
 	"strconv"
 	"strings"
 	"time"
@@ -1471,10 +1472,19 @@ func (c *AttachController) DownloadAttachment() {
 		beego.Error(err)
 		utils.FileLogs.Error(c.Ctx.Input.IP() + " 查询成果路径 " + err.Error())
 	}
+
 	fileext := path.Ext(attachment.FileName)
-	switch fileext {
-	case ".mcdx", ".mctx", ".xmcd", ".mcd":
+	matched, err := regexp.MatchString("\\.*[m|M][c|C][d|D]", fileext)
+	if err != nil {
+		beego.Error(err)
+	}
+	// beego.Info(matched)
+	if matched {
+		c.Data["json"] = map[string]interface{}{"info": "ERROR", "data": "不能下载mcd文件!"}
+		c.ServeJSON()
 		return
+	}
+	switch fileext {
 	case ".JPG", ".jpg", ".png", ".PNG", ".bmp", ".BMP":
 		// c.Ctx.Output.Download(fileurl + "/" + attachment.FileName)
 		http.ServeFile(c.Ctx.ResponseWriter, c.Ctx.Request, fileurl+"/"+attachment.FileName)
@@ -1583,7 +1593,7 @@ func (c *AttachController) Attachment() {
 	if err != nil {
 		beego.Error(err)
 	}
-	beego.Info(filePath)
+	// beego.Info(filePath)
 	//attachment/standard/SL/SLZ 5077-2016水工建筑物荷载设计规范.pdf
 	if strings.Contains(filePath, "?") { //hotqinsessionid=
 		filePathtemp := strings.Split(filePath, "?")
@@ -1594,7 +1604,14 @@ func (c *AttachController) Attachment() {
 	array := strings.Split(filepath1, "/")
 	// beego.Info(array[1])
 	// beego.Info(fileext)
-	if fileext == ".mcdx" || fileext == ".mctx" || fileext == ".xmcd" || fileext == ".mcd" {
+	matched, err := regexp.MatchString("\\.*[m|M][c|C][d|D]", fileext)
+	if err != nil {
+		beego.Error(err)
+	}
+	// beego.Info(matched)
+	if matched {
+		c.Data["json"] = map[string]interface{}{"info": "ERROR", "data": "不能下载mcd文件!"}
+		c.ServeJSON()
 		return
 	}
 	if array[1] == "standard" || (array[1] == "mathcad" && fileext == ".pdf") {
@@ -1683,6 +1700,7 @@ func (c *AttachController) Attachment() {
 	//这里缺少权限设置！！！！！！！！！！！
 	default:
 		if e.Enforce(useridstring, projurls+"/", c.Ctx.Request.Method, fileext) || isadmin || isme {
+			beego.Info(e.Enforce(useridstring, projurls+"/", c.Ctx.Request.Method, fileext))
 			http.ServeFile(c.Ctx.ResponseWriter, c.Ctx.Request, filePath) //这样写下载的文件名称不对
 			// beego.Info(isadmin)
 			// c.Redirect(url+"/"+attachment.FileName, 302)
@@ -1726,6 +1744,19 @@ func (c *AttachController) GetCarousel() {
 	if err != nil {
 		beego.Error(err)
 	}
+
+	fileext := path.Ext(filePath)
+	matched, err := regexp.MatchString("\\.*[m|M][c|C][d|D]", fileext)
+	if err != nil {
+		beego.Error(err)
+	}
+	// beego.Info(matched)
+	if matched {
+		c.Data["json"] = map[string]interface{}{"info": "ERROR", "data": "不能下载mcd文件!"}
+		c.ServeJSON()
+		return
+	}
+
 	http.ServeFile(c.Ctx.ResponseWriter, c.Ctx.Request, filePath)
 }
 
@@ -2018,12 +2049,25 @@ func (c *AttachController) WxPdf() {
 				beego.Error(err)
 			}
 			fileext := path.Ext(attachment.FileName)
+			matched, err := regexp.MatchString("\\.*[m|M][c|C][d|D]", fileext)
+			if err != nil {
+				beego.Error(err)
+			}
+			if matched {
+				c.Data["json"] = map[string]interface{}{"info": "ERROR", "data": "不能下载mcd文件!"}
+				c.ServeJSON()
+				return
+			}
+
 			if e.Enforce(useridstring, projurl, c.Ctx.Request.Method, fileext) {
 				c.Ctx.Output.Download(fileurl + "/" + attachment.FileName)
+			} else {
+				c.Data["json"] = map[string]interface{}{"info": "ERROR", "data": "权限不够！"}
+				c.ServeJSON()
 			}
 		}
 	} else {
-		c.Data["json"] = "未查到openID"
+		c.Data["json"] = map[string]interface{}{"info": "ERROR", "data": "未查到openID"}
 		c.ServeJSON()
 	}
 }
@@ -2049,6 +2093,17 @@ func (c *AttachController) GetWxPdf() {
 	if err != nil {
 		beego.Error(err)
 	}
+	fileext := path.Ext(attachment.FileName)
+	matched, err := regexp.MatchString("\\.*[m|M][c|C][d|D]", fileext)
+	if err != nil {
+		beego.Error(err)
+	}
+	// beego.Info(matched)
+	if matched {
+		c.Data["json"] = map[string]interface{}{"info": "ERROR", "data": "不能下载mcd文件!"}
+		c.ServeJSON()
+		return
+	}
 
 	product, err := models.GetProd(attachment.ProductId)
 	if err != nil {
@@ -2073,15 +2128,103 @@ func (c *AttachController) GetWxPdf() {
 // @Failure 400 Invalid page supplied
 // @Failure 404 pdf not found
 // @router /getwxmathpdf [get]
-// 下载mathcad pdf计算书，不用权限判断
+// 下载mathcad pdf计算书
 func (c *AttachController) GetWxMathPdf() {
-
+	// 加权限判断
+	openID := c.GetSession("openID")
+	if openID != nil {
+		_, err := models.GetUserByOpenID(openID.(string))
+		if err != nil {
+			beego.Error(err)
+			c.Data["json"] = map[string]interface{}{"info": "ERROR", "data": "获取用户名错误!"}
+			c.ServeJSON()
+			return
+		}
+	} else {
+		c.Data["json"] = map[string]interface{}{"info": "ERROR", "data": "用户未登录"}
+		c.ServeJSON()
+		return
+	}
 	pdflink := c.Input().Get("pdflink")
 	beego.Info(pdflink)
+	fileext := path.Ext(pdflink)
+	matched, err := regexp.MatchString("\\.*[m|M][c|C][d|D]", fileext)
+	if err != nil {
+		beego.Error(err)
+	}
+	if matched {
+		c.Data["json"] = map[string]interface{}{"info": "ERROR", "data": "不能下载mcd文件!"}
+		c.ServeJSON()
+		return
+	}
 	pdflink = strings.Replace(pdflink, "/attachment", "attachment", -1)
 	c.Ctx.Output.Download(pdflink)
 }
 
+// @Title dowload wx math temp pdf
+// @Description get wx math temp pdf by id
+// @Param id path string true "The url of pdf"
+// @Success 200 {object} models.GetAttachbyId
+// @Failure 400 Invalid page supplied
+// @Failure 404 pdf not found
+// @router /getwxtemppdf/:id [get]
+// 下载mathcad pdf计算书，不用权限判断
+func (c *AttachController) GetWxTempPdf() {
+	// 加权限判断
+	openID := c.GetSession("openID")
+	if openID != nil {
+		// beego.Info(openID.(string))
+		_, err := models.GetUserByOpenID(openID.(string))
+		if err != nil {
+			beego.Error(err)
+			c.Data["json"] = map[string]interface{}{"info": "ERROR", "data": "获取用户名错误!"}
+			c.ServeJSON()
+			return
+		}
+	} else {
+		c.Data["json"] = map[string]interface{}{"info": "ERROR", "data": "用户未登录"}
+		c.ServeJSON()
+		return
+	}
+
+	id := c.Ctx.Input.Param(":id")
+	var usertempleid uint
+	if id != "" {
+		//id转成uint为
+		idint, err := strconv.Atoi(id)
+		if err != nil {
+			beego.Error(err)
+		}
+		usertempleid = uint(idint)
+	}
+
+	usertemple, err := models.GetMathTemple(usertempleid)
+	if err != nil {
+		beego.Error(err)
+	}
+	// beego.Info(usertemple)
+	// 去除文件名
+	filepath := path.Dir(usertemple.TempPath)
+	// 文件名
+	filename := usertemple.TempTitle //path.Base(usertemple.TempPath)
+	// 文件后缀
+	filesuffix := path.Ext(filename)
+	filenameOnly := strings.TrimSuffix(filename, filesuffix) //只留下文件名，无后缀
+	// fileext := path.Ext(pdflink)
+	// matched, err := regexp.MatchString("\\.*[m|M][c|C][d|D]", fileext)
+	// if err != nil {
+	// 	beego.Error(err)
+	// }
+	// if matched {
+	// 	c.Data["json"] = map[string]interface{}{"info": "ERROR", "data": "不能下载mcd文件!"}
+	// 	c.ServeJSON()
+	// 	return
+	// }
+	pdflink := filepath + "/" + filenameOnly + ".pdf"
+	// beego.Info(pdflink)
+	c.Ctx.Output.Download(pdflink)
+}
+
 //编码转换
 // l3, err3 := url.Parse(c.Ctx.Request.RequestURI[1:])
 // 	if err3 != nil {

diff --git a/controllers/blue_share_controller.go b/controllers/blue_share_controller.go
@@ -20,8 +20,9 @@ import (
 	"io/ioutil"
 	// "net/url"
 	"os"
-	// "path"
+	"path"
 	"path/filepath"
+	"regexp"
 	"strconv"
 	"strings"
 	"time"
@@ -467,6 +468,18 @@ func (c *ShareController) Download() {
 	}
 	//这里只下载第一个文件哦！！
 	if len(attachments) > 0 {
+		fileext := path.Ext(attachments[0].FileName)
+		matched, err := regexp.MatchString("\\.*[m|M][c|C][d|D]", fileext)
+		if err != nil {
+			beego.Error(err)
+		}
+		// beego.Info(matched)
+		if matched {
+			c.Data["json"] = map[string]interface{}{"info": "ERROR", "data": "不能下载mcd文件!"}
+			c.ServeJSON()
+			return
+		}
+
 		c.Ctx.Output.Download(fileurl + "/" + attachments[0].FileName)
 	} else {
 		c.Data["json"] = map[string]interface{}{"code": err, "msg": "", "data": product}
@@ -686,8 +699,19 @@ func (c *ShareController) DownloadZip() {
 			}
 			attachments, err := models.GetAttachments(bridge.ProductId)
 			for _, v := range attachments {
+				fileext := path.Ext(v.FileName)
+				matched, err := regexp.MatchString("\\.*[m|M][c|C][d|D]", fileext)
+				if err != nil {
+					beego.Error(err)
+				}
+				if matched {
+					c.Data["json"] = map[string]interface{}{"info": "ERROR", "data": "不能下载mcd文件!"}
+					c.ServeJSON()
+					return
+				}
+
 				// pathLink = DiskDirectory + "/" + v.FileName
-				_, err := CopyFile("./temp/engineercms/"+v.FileName, DiskDirectory+"/"+v.FileName)
+				_, err = CopyFile("./temp/engineercms/"+v.FileName, DiskDirectory+"/"+v.FileName)
 				//targetfile,sourcefile
 				if err != nil {
 					// fmt.Println(err.Error())

diff --git a/controllers/froala.go b/controllers/froala.go
@@ -360,6 +360,12 @@ func UploadImg(w http.ResponseWriter, r *http.Request) {
 
 //添加文章里的图片上传
 func (c *FroalaController) UploadImg() {
+	// 登录
+	_, _, _, _, islogin := checkprodRole(c.Ctx)
+	if !islogin {
+		c.Data["json"] = map[string]interface{}{"state": "ERROR", "data": "用户未登录！"}
+		c.ServeJSON()
+	}
 	//解析表单
 	pid := c.Input().Get("pid")
 	// beego.Info(pid)

diff --git a/controllers/login.go b/controllers/login.go
@@ -312,6 +312,7 @@ func (c *LoginController) Logout() {
 	if v != nil {
 		//删除指定的session
 		c.DelSession("uname")
+		c.DelSession("uid") //删除mindoc的用户登录信息
 		//销毁全部的session
 		// c.DestroySession()
 	}

diff --git a/controllers/onlyoffice.go b/controllers/onlyoffice.go
@@ -1652,14 +1652,27 @@ func (c *OnlyController) DownloadDoc() {
 		beego.Info(filePath)
 	}
 	filename := filepath.Base(filePath)
+
+	fileext := path.Ext(filename)
+	matched, err := regexp.MatchString("\\.*[m|M][c|C][d|D]", fileext)
+	if err != nil {
+		beego.Error(err)
+	}
+	// beego.Info(matched)
+	if matched {
+		c.Data["json"] = map[string]interface{}{"info": "ERROR", "data": "不能下载mcd文件!"}
+		c.ServeJSON()
+		return
+	}
+
 	downloadfile, err = models.GetOnlyAttachbyName(filename)
 	if err != nil {
 		beego.Error(err)
 	}
 
 	//1.管理员或者没有设置权限的文档直接可以下载。
 	police := e.GetFilteredPolicy(1, "/onlyoffice/"+strconv.FormatInt(downloadfile.Id, 10))
-	beego.Info(police)
+	// beego.Info(police)
 	if isadmin || len(police) == 0 {
 		// c.Ctx.Output.Download(filePath) //这个能保证下载文件名称正确
 		http.ServeFile(c.Ctx.ResponseWriter, c.Ctx.Request, filePath)
@@ -1668,7 +1681,7 @@ func (c *OnlyController) DownloadDoc() {
 
 	//2.取得用户权限
 	police = e.GetFilteredPolicy(0, strconv.FormatInt(uid, 10), "/onlyoffice/"+strconv.FormatInt(downloadfile.Id, 10))
-	beego.Info(police)
+	// beego.Info(police)
 	for _, v2 := range police {
 		beego.Info(v2)
 		v2int, err := strconv.ParseInt(v2[2], 10, 64)
@@ -1685,14 +1698,14 @@ func (c *OnlyController) DownloadDoc() {
 
 	//3.取得用户角色——取得角色的权限
 	userroles := e.GetRolesForUser(strconv.FormatInt(uid, 10))
-	beego.Info(userroles)
+	// beego.Info(userroles)
 	// userrole := make([]Userrole, 0)
 	// var canidown bool
 	for _, v1 := range userroles {
 		police := e.GetFilteredPolicy(0, v1, "/onlyoffice/"+strconv.FormatInt(downloadfile.Id, 10))
-		beego.Info(police)
+		// beego.Info(police)
 		for _, v2 := range police {
-			beego.Info(v2)
+			// beego.Info(v2)
 			v2int, err := strconv.ParseInt(v2[2], 10, 64)
 			if err != nil {
 				beego.Error(err)
@@ -1818,6 +1831,19 @@ func (c *OnlyController) Download() {
 		c.ServeJSON()
 		return
 	}
+
+	fileext := path.Ext(attachments[0].FileName)
+	matched, err := regexp.MatchString("\\.*[m|M][c|C][d|D]", fileext)
+	if err != nil {
+		beego.Error(err)
+	}
+	// beego.Info(matched)
+	if matched {
+		c.Data["json"] = map[string]interface{}{"info": "ERROR", "data": "不能下载mcd文件!"}
+		c.ServeJSON()
+		return
+	}
+
 	filePath := "attachment/onlyoffice/" + attachments[0].FileName
 	//管理员或者没有设置权限的文档直接可以下载。
 	police := e.GetFilteredPolicy(1, "/onlyoffice/"+docid)