权限验证

src/main/java/cn/efunbox/audio/controller/AudioController.java

@@ -407,7 +407,27 @@ public class AudioController {
     @RequestMapping(value = "/{id}", method = RequestMethod.GET)
     public void detail(HttpServletRequest request, HttpServletResponse response, @PathVariable(name = "id") Long id){
 
+        Device device = deviceService.GetOne(id);
+        if(device==null){
+            HttpUtil.responseApiCode(request, response, ApiCode.PARAMETER_ERROR);
+            return;
+        }
+        //搜素设备所属渠道具有哪些资源组的权限
+        Long idChannel = device.getIdChannel();
+        List<Rights> rightsList = rightsService.SearchByIdChannel(idChannel, 0, 0).getContent();
+        if(rightsList==null || rightsList.size()<1){
+            HttpUtil.responseApiCode(request, response, ApiCode.ACCESS_DENIED);
+            return;
+        }
+
+        List<Long> idGroups = new ArrayList<>();
+        rightsList.stream().forEach(rights -> idGroups.add(rights.getIdGroup()));
+
         Audio audio = audioService.getAudioInfo(id);
+        if (Objects.isNull(audio) || !idGroups.contains(audio.getIdGroup())) {
+            HttpUtil.responseApiCode(request, response, ApiCode.ACCESS_DENIED);
+            return;
+        }
         HttpUtil.responseOkData(request, response, audio);
         return;
     }