content-service 中使用 UserRoleInterceptor 来判断访问相应 url 的用户是否具有对应的角色

content/content-service/src/main/java/cn/reghao/tnb/content/app/exam/web/ExamRoleInterceptor.java → content/content-service/src/main/java/cn/reghao/tnb/content/app/config/web/UserRoleInterceptor.java

@@ -1,4 +1,4 @@
-package cn.reghao.tnb.content.app.exam.web;
+package cn.reghao.tnb.content.app.config.web;
 
 import cn.reghao.jutil.web.WebResult;
 import cn.reghao.tnb.common.auth.AccountRole;
@@ -15,14 +15,14 @@ import java.io.IOException;
 import java.io.PrintWriter;
 
 /**
- * 只放行拥有 ROLE_EXAM_ADMIN 或 ROLE_EXAM_USER 角色的请求
+ * 根据 url 前缀检测用户是否拥有相应 ROLE
  *
  * @author reghao
  * @date 2025-07-18 09:18:16
  */
 @Slf4j
 @Component
-public class ExamRoleInterceptor implements HandlerInterceptor {
+public class UserRoleInterceptor implements HandlerInterceptor {
     @Override
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
             throws Exception {
@@ -39,16 +39,20 @@ public class ExamRoleInterceptor implements HandlerInterceptor {
                 }
             }
 
-            if (uri.startsWith("/api/content/exam/eval")) {
-                if (!UserContext.getUserRoles().contains(AccountRole.examUser.getValue())) {
-                    String msg = "Current user not ExamUser";
-                    writeResponse(response, msg);
-                    return false;
-                }
+            if (uri.startsWith("/api/content/exam/eval")
+                    && !UserContext.getUserRoles().contains(AccountRole.examUser.getValue())) {
+                String msg = "Current user not ExamUser";
+                writeResponse(response, msg);
+                return false;
             }
         }
 
-        //log.info("{} {}", uri, method);
+        if (uri.startsWith("/api/content/disk")
+                && !UserContext.getUserRoles().contains(AccountRole.disk.getValue())) {
+            String msg = "current user not grant ROLE_DISK";
+            writeResponse(response, msg);
+            return false;
+        }
         return true;
     }
 

content/content-service/src/main/java/cn/reghao/tnb/content/app/config/web/WebConfig.java

@@ -1,6 +1,5 @@
 package cn.reghao.tnb.content.app.config.web;
 
-import cn.reghao.tnb.content.app.exam.web.ExamRoleInterceptor;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -15,15 +14,15 @@ import javax.servlet.Filter;
  */
 @Configuration
 public class WebConfig implements WebMvcConfigurer {
-    private final ExamRoleInterceptor examRoleInterceptor;
+    private final UserRoleInterceptor userRoleInterceptor;
 
-    public WebConfig(ExamRoleInterceptor examRoleInterceptor) {
-        this.examRoleInterceptor = examRoleInterceptor;
+    public WebConfig(UserRoleInterceptor userRoleInterceptor) {
+        this.userRoleInterceptor = userRoleInterceptor;
     }
 
     @Override
     public void addInterceptors(InterceptorRegistry registry) {
-        registry.addInterceptor(examRoleInterceptor);
+        registry.addInterceptor(userRoleInterceptor);
     }
 
     @Bean