feat: 完善文档权限检查，支持团队共享权限验证

h7ml · h7ml · commit b94b4429bc3a · 2025-12-16T17:15:24.000+08:00
功能增强:
- DocumentService 添加团队成员仓储依赖 (TeamMemberRepository)
- 完善 hasAccess 方法：
  * 保留原有的所有者和直接分享检查
  * 新增团队分享权限检查
  * 验证用户是否为团队成员
  * 支持通过团队间接访问文档

- 完善 canEdit 方法：
  * 保留原有的所有者和直接编辑权限检查
  * 新增团队编辑权限检查
  * 验证用户是否为有编辑权限的团队成员
  * 支持通过团队间接编辑文档

技术实现:
- 使用 TeamMemberId 复合主键查询团队成员关系
- 使用 Stream API 过滤团队分享记录
- 权限检查逻辑：所有者 &gt; 直接分享 &gt; 团队分享

修改文件:
- src/main/java/com/halolight/service/DocumentService.java

新增导入:
- com.halolight.domain.entity.TeamMember
- com.halolight.domain.entity.id.TeamMemberId
- com.halolight.domain.repository.TeamMemberRepository
diff --git a/src/main/java/com/halolight/service/DocumentService.java b/src/main/java/com/halolight/service/DocumentService.java
@@ -4,11 +4,14 @@
 import com.halolight.domain.entity.DocumentShare;
 import com.halolight.domain.entity.DocumentTag;
 import com.halolight.domain.entity.Tag;
+import com.halolight.domain.entity.TeamMember;
 import com.halolight.domain.entity.User;
 import com.halolight.domain.entity.id.DocumentTagId;
+import com.halolight.domain.entity.id.TeamMemberId;
 import com.halolight.domain.repository.DocumentRepository;
 import com.halolight.domain.repository.DocumentShareRepository;
 import com.halolight.domain.repository.TagRepository;
+import com.halolight.domain.repository.TeamMemberRepository;
 import com.halolight.domain.repository.UserRepository;
 import com.halolight.dto.UserDTO;
 import com.halolight.dto.UserMapper;
@@ -43,6 +46,7 @@ public class DocumentService {
     private final DocumentShareRepository documentShareRepository;
     private final TagRepository tagRepository;
     private final UserRepository userRepository;
+    private final TeamMemberRepository teamMemberRepository;
     private final UserMapper userMapper;
 
     /**
@@ -430,14 +434,26 @@ private boolean hasAccess(Document document, String userId) {
             return true;
         }
 
-        // Check if document is shared with user
+        // Check if document is shared directly with user
         if (documentShareRepository.existsByDocumentIdAndSharedWithId(document.getId(), userId)) {
             return true;
         }
 
-        // Check if document is shared with user's teams
-        // TODO: Implement team membership check when TeamMember repository is available
-        // For now, assuming team sharing is handled separately
+        // Check if document is shared with any of user's teams
+        List<DocumentShare> teamShares = documentShareRepository.findByDocumentId(document.getId()).stream()
+                .filter(share -> share.getTeamId() != null)
+                .collect(Collectors.toList());
+
+        for (DocumentShare share : teamShares) {
+            // Check if user is a member of this team
+            TeamMemberId teamMemberId = new TeamMemberId();
+            teamMemberId.setTeamId(share.getTeamId());
+            teamMemberId.setUserId(userId);
+
+            if (teamMemberRepository.existsById(teamMemberId)) {
+                return true;
+            }
+        }
 
         return false;
     }
@@ -455,9 +471,28 @@ private boolean hasEditPermission(Document document, String userId) {
             return true;
         }
 
-        // Check if user has EDIT permission via share
-        return documentShareRepository.findByDocumentIdAndSharedWithId(document.getId(), userId)
-                .map(share -> share.getPermission() == com.halolight.domain.entity.enums.SharePermission.EDIT)
-                .orElse(false);
+        // Check if user has EDIT permission via direct share
+        var directShare = documentShareRepository.findByDocumentIdAndSharedWithId(document.getId(), userId);
+        if (directShare.isPresent() && directShare.get().getPermission() == com.halolight.domain.entity.enums.SharePermission.EDIT) {
+            return true;
+        }
+
+        // Check if user has EDIT permission via team share
+        List<DocumentShare> teamShares = documentShareRepository.findByDocumentId(document.getId()).stream()
+                .filter(share -> share.getTeamId() != null && share.getPermission() == com.halolight.domain.entity.enums.SharePermission.EDIT)
+                .collect(Collectors.toList());
+
+        for (DocumentShare share : teamShares) {
+            // Check if user is a member of this team
+            TeamMemberId teamMemberId = new TeamMemberId();
+            teamMemberId.setTeamId(share.getTeamId());
+            teamMemberId.setUserId(userId);
+
+            if (teamMemberRepository.existsById(teamMemberId)) {
+                return true;
+            }
+        }
+
+        return false;
     }
 }
