fix: allow admin team invite by country

This commit is contained in:
zhx 2026-06-27 18:25:45 +08:00
parent 2ef0ac87d5
commit 541493692c
4 changed files with 40 additions and 14 deletions

View File

@ -68,9 +68,11 @@ public class BdAgentInviteExe {
teamInviteGuard.assertInviteeIsNotAdminUnlessSelf(cmd.requiredReqUserId(),
cmd.getInviteUserId());
// 权限不足
boolean adminInvite = teamInviteGuard.isAdminInviter(cmd.requiredReqUserId());
// 管理员按国家管辖发起邀请普通用户仍必须是BD.
ResponseAssert.isTrue(CommonErrorCode.INSUFFICIENT_PERMISSION,
businessDevelopmentBaseInfoService.checkBD(cmd.requiredReqUserId()));
adminInvite || businessDevelopmentBaseInfoService.checkBD(cmd.requiredReqUserId()));
// APP管理员发起邀请时只能邀请同国家用户普通BD继续沿用原有区域和余额规则.
boolean adminCountryChecked = teamInviteGuard.assertSameCountryWhenAdminInviter(

View File

@ -53,9 +53,11 @@ public class BdLeaderInviteBdExe {
public void execute(DbLeaderInviteBdCmd cmd) {
// 权限不足
boolean adminInvite = teamInviteGuard.isAdminInviter(cmd.requiredReqUserId());
// 管理员按国家管辖发起邀请普通用户仍必须是BDLeader.
ResponseAssert.isTrue(CommonErrorCode.INSUFFICIENT_PERMISSION,
roomBdLeadService.checkBdLeader(cmd.requiredReqUserId()));
adminInvite || roomBdLeadService.checkBdLeader(cmd.requiredReqUserId()));
// 权限不足
ResponseAssert.isFalse(TeamErrorCode.USER_IS_ALREADY_A_BDLEADER,
@ -68,13 +70,15 @@ public class BdLeaderInviteBdExe {
cmd.getInviteUserId());
// 只有APP管理员发起邀请时才强制同国家非管理员保留原邀请规则.
teamInviteGuard.assertSameCountryWhenAdminInviter(cmd.requiredReqUserId(),
boolean adminCountryChecked = teamInviteGuard.assertSameCountryWhenAdminInviter(cmd.requiredReqUserId(),
cmd.getInviteUserId());
// 权限不足
BusinessDevelopmentBaseInfo bd = getDevelopmentBaseInfoServiceByUserId(cmd);
ResponseAssert.isFalse(CommonErrorCode.INSUFFICIENT_PERMISSION, Objects.nonNull(bd)
&& Objects.nonNull(bd.getBdLeadUserId()));
if (!adminCountryChecked) {
ResponseAssert.isFalse(CommonErrorCode.INSUFFICIENT_PERMISSION, Objects.nonNull(bd)
&& Objects.nonNull(bd.getBdLeadUserId()));
}
// 消息已发送
ResponseAssert.isFalse(TeamErrorCode.MESSAGE_PROCESSED,
@ -111,9 +115,11 @@ public class BdLeaderInviteBdExe {
public void executeBdleader(DbLeaderInviteBdCmd cmd) {
// 权限不足
boolean adminInvite = teamInviteGuard.isAdminInviter(cmd.requiredReqUserId());
// 管理员按国家管辖发起邀请普通用户仍必须是BDLeader.
ResponseAssert.isTrue(CommonErrorCode.INSUFFICIENT_PERMISSION,
roomBdLeadService.checkBdLeader(cmd.requiredReqUserId()));
adminInvite || roomBdLeadService.checkBdLeader(cmd.requiredReqUserId()));
// 权限不足
ResponseAssert.isFalse(TeamErrorCode.USER_IS_ALREADY_A_BDLEADER,
@ -123,11 +129,13 @@ public class BdLeaderInviteBdExe {
cmd.getInviteUserId());
// 只有APP管理员发起邀请时才强制同国家非管理员保留原邀请规则.
teamInviteGuard.assertSameCountryWhenAdminInviter(cmd.requiredReqUserId(),
boolean adminCountryChecked = teamInviteGuard.assertSameCountryWhenAdminInviter(cmd.requiredReqUserId(),
cmd.getInviteUserId());
List<Long> bdUserIds = businessDevelopmentBaseInfoService.listBdUserIdsByLeaderId(cmd.requiredReqUserId());
ResponseAssert.isFalse(CommonErrorCode.INSUFFICIENT_PERMISSION, bdUserIds.contains(cmd.getInviteUserId()));
if (!adminCountryChecked) {
List<Long> bdUserIds = businessDevelopmentBaseInfoService.listBdUserIdsByLeaderId(cmd.requiredReqUserId());
ResponseAssert.isFalse(CommonErrorCode.INSUFFICIENT_PERMISSION, bdUserIds.contains(cmd.getInviteUserId()));
}
// 消息已发送
ResponseAssert.isFalse(TeamErrorCode.MESSAGE_PROCESSED,

View File

@ -40,9 +40,12 @@ public class TeamInviteGuard {
}
public boolean assertSameCountryWhenAdminInviter(Long reqUserId, Long inviteUserId) {
if (!isAdminInviteScope(reqUserId, inviteUserId)) {
if (!isAdminInviter(reqUserId)) {
return false;
}
if (Objects.equals(reqUserId, inviteUserId)) {
return true;
}
UserProfile reqUser = userProfileGateway.getByUserId(reqUserId);
UserProfile inviteUser = userProfileGateway.getByUserId(inviteUserId);
ResponseAssert.notNull(UserErrorCode.USER_INFO_NOT_FOUND, reqUser);
@ -51,8 +54,12 @@ public class TeamInviteGuard {
return true;
}
public boolean isAdminInviter(Long reqUserId) {
return administratorService.existsAdmin(reqUserId);
}
public boolean isAdminInviteScope(Long reqUserId, Long inviteUserId) {
return !Objects.equals(reqUserId, inviteUserId) && administratorService.existsAdmin(reqUserId);
return !Objects.equals(reqUserId, inviteUserId) && isAdminInviter(reqUserId);
}
private boolean isSameCountry(UserProfile reqUser, UserProfile inviteUser) {

View File

@ -2,6 +2,7 @@ package com.red.circle.other.app.command.team;
import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.mockito.Mockito.never;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
@ -54,6 +55,14 @@ class TeamInviteGuardTest {
assertDoesNotThrow(() -> teamInviteGuard.assertSameCountryWhenAdminInviter(1L, 2L));
}
@Test
void shouldUseAdminInvitePathWhenAdminInviteSelf() {
when(administratorService.existsAdmin(1L)).thenReturn(true);
assertTrue(teamInviteGuard.assertSameCountryWhenAdminInviter(1L, 1L));
verify(userProfileGateway, never()).getByUserId(1L);
}
@Test
void shouldBlockDifferentCountryForAdminInviter() {
when(administratorService.existsAdmin(1L)).thenReturn(true);