From e76085124ea73b379bb469407612b30e0efaaf61 Mon Sep 17 00:00:00 2001 From: fengshuonan Date: Wed, 21 Jun 2023 00:50:43 +0800 Subject: [PATCH] =?UTF-8?q?=E3=80=907.6.0=E3=80=91=E3=80=90sys=E3=80=91?= =?UTF-8?q?=E3=80=90permission=E3=80=91=E4=BB=8E=E6=96=B0=E6=95=B4?= =?UTF-8?q?=E7=90=86auth=E6=9D=83=E9=99=90=E6=A0=A1=E9=AA=8C=E9=80=BB?= =?UTF-8?q?=E8=BE=91?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../api/pojo/resource/ResourceUrlParam.java | 7 ++ .../service/PermissionCheckServiceImpl.java | 52 +++++++++---- .../login/service/UserPermissionService.java | 74 +++++++++++++++++++ .../modular/menu/service/SysMenuService.java | 8 ++ .../menu/service/impl/SysMenuServiceImpl.java | 15 ++++ 5 files changed, 143 insertions(+), 13 deletions(-) rename kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/permission/PermissionServiceImpl.java => kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/login/service/PermissionCheckServiceImpl.java (58%) create mode 100644 kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/login/service/UserPermissionService.java diff --git a/kernel-d-scanner/scanner-api/src/main/java/cn/stylefeng/roses/kernel/scanner/api/pojo/resource/ResourceUrlParam.java b/kernel-d-scanner/scanner-api/src/main/java/cn/stylefeng/roses/kernel/scanner/api/pojo/resource/ResourceUrlParam.java index c9228cb01..deb7025a2 100644 --- a/kernel-d-scanner/scanner-api/src/main/java/cn/stylefeng/roses/kernel/scanner/api/pojo/resource/ResourceUrlParam.java +++ b/kernel-d-scanner/scanner-api/src/main/java/cn/stylefeng/roses/kernel/scanner/api/pojo/resource/ResourceUrlParam.java @@ -40,4 +40,11 @@ public class ResourceUrlParam extends BaseRequest { private String url; + public ResourceUrlParam() { + } + + public ResourceUrlParam(String url) { + this.url = url; + } + } diff --git a/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/permission/PermissionServiceImpl.java b/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/login/service/PermissionCheckServiceImpl.java similarity index 58% rename from kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/permission/PermissionServiceImpl.java rename to kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/login/service/PermissionCheckServiceImpl.java index 2443fd45d..0467ebfba 100644 --- a/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/permission/PermissionServiceImpl.java +++ b/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/login/service/PermissionCheckServiceImpl.java @@ -22,19 +22,22 @@ * 5.在修改包名,模块名称,项目代码等时,请注明软件出处 https://gitee.com/stylefeng/guns * 6.若您的项目无法满足以上几点,可申请商业授权 */ -package cn.stylefeng.roses.kernel.auth.permission; +package cn.stylefeng.roses.kernel.sys.modular.login.service; +import cn.hutool.core.util.ObjectUtil; import cn.hutool.core.util.StrUtil; import cn.stylefeng.roses.kernel.auth.api.PermissionServiceApi; import cn.stylefeng.roses.kernel.auth.api.SessionManagerApi; import cn.stylefeng.roses.kernel.auth.api.exception.AuthException; import cn.stylefeng.roses.kernel.auth.api.exception.enums.AuthExceptionEnum; import cn.stylefeng.roses.kernel.auth.api.pojo.login.LoginUser; +import cn.stylefeng.roses.kernel.scanner.api.pojo.resource.ResourceDefinition; +import cn.stylefeng.roses.kernel.scanner.api.pojo.resource.ResourceUrlParam; +import cn.stylefeng.roses.kernel.sys.api.ResourceServiceApi; import org.springframework.stereotype.Service; import javax.annotation.Resource; -import java.util.HashSet; -import java.util.Set; +import java.util.List; import static cn.stylefeng.roses.kernel.auth.api.exception.enums.AuthExceptionEnum.AUTH_EXPIRED_ERROR; import static cn.stylefeng.roses.kernel.auth.api.exception.enums.AuthExceptionEnum.PERMISSION_RES_VALIDATE_ERROR; @@ -46,11 +49,17 @@ import static cn.stylefeng.roses.kernel.auth.api.exception.enums.AuthExceptionEn * @since 2020/10/22 15:49 */ @Service -public class PermissionServiceImpl implements PermissionServiceApi { +public class PermissionCheckServiceImpl implements PermissionServiceApi { @Resource private SessionManagerApi sessionManagerApi; + @Resource + private ResourceServiceApi resourceServiceApi; + + @Resource + private UserPermissionService userPermissionService; + @Override public void checkPermission(String token, String requestUrl) { @@ -60,19 +69,36 @@ public class PermissionServiceImpl implements PermissionServiceApi { } // 2. 获取token对应的用户信息 - LoginUser session = sessionManagerApi.getSession(token); - if (session == null) { + LoginUser loginUser = sessionManagerApi.getSession(token); + if (loginUser == null) { throw new AuthException(AUTH_EXPIRED_ERROR); } - // 3. 验证用户有没有当前url的权限 todo 校验方法重写 - Set resourceUrls = new HashSet<>(); - if (resourceUrls == null || resourceUrls.size() == 0) { - throw new AuthException(PERMISSION_RES_VALIDATE_ERROR); + // 3. 获取url对应的资源信息 + ResourceDefinition resourceDefinition = resourceServiceApi.getResourceByUrl(new ResourceUrlParam(requestUrl)); + + // 4. 如果资源找不到,则直接返回错误 + if (resourceDefinition == null) { + throw new AuthException(AuthExceptionEnum.CANT_REQUEST_UN_OPEN_API, requestUrl); + } + + // 5. 如果当前接口资源不需要权限校验,则直接返回成功 + if (!resourceDefinition.getRequiredPermissionFlag()) { + return; + } + + // 获取当前资源需要的权限编码 + String permissionCode = resourceDefinition.getPermissionCode(); + if (ObjectUtil.isEmpty(permissionCode)) { + return; + } + + // 判断当前用户是否有该权限编码,如果有该权限编码,则返回成功 + List userPermissionCodeList = userPermissionService.getUserPermissionCodeList(loginUser); + if (ObjectUtil.isNotEmpty(userPermissionCodeList) && userPermissionCodeList.contains(permissionCode)) { + return; } else { - if (!resourceUrls.contains(requestUrl)) { - throw new AuthException(PERMISSION_RES_VALIDATE_ERROR); - } + throw new AuthException(PERMISSION_RES_VALIDATE_ERROR); } } diff --git a/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/login/service/UserPermissionService.java b/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/login/service/UserPermissionService.java new file mode 100644 index 000000000..513586b82 --- /dev/null +++ b/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/login/service/UserPermissionService.java @@ -0,0 +1,74 @@ +package cn.stylefeng.roses.kernel.sys.modular.login.service; + +import cn.hutool.core.util.ObjectUtil; +import cn.stylefeng.roses.kernel.auth.api.pojo.login.LoginUser; +import cn.stylefeng.roses.kernel.sys.api.SysUserRoleServiceApi; +import cn.stylefeng.roses.kernel.sys.modular.menu.service.SysMenuOptionsService; +import cn.stylefeng.roses.kernel.sys.modular.menu.service.SysMenuService; +import cn.stylefeng.roses.kernel.sys.modular.role.service.SysRoleMenuOptionsService; +import cn.stylefeng.roses.kernel.sys.modular.role.service.SysRoleMenuService; +import org.springframework.stereotype.Service; + +import javax.annotation.Resource; +import java.util.ArrayList; +import java.util.List; + +/** + * 用户权限信息获取的综合业务 + * + * @author fengshuonan + * @since 2023/6/21 0:47 + */ +@Service +public class UserPermissionService { + + @Resource + private SysUserRoleServiceApi sysUserRoleServiceApi; + + @Resource + private SysRoleMenuService sysRoleMenuService; + + @Resource + private SysRoleMenuOptionsService sysRoleMenuOptionsService; + + @Resource + private SysMenuService sysMenuService; + + @Resource + private SysMenuOptionsService sysMenuOptionsService; + + /** + * 填充用户的权限编码集合 + * + * @author fengshuonan + * @since 2023/6/19 12:38 + */ + public List getUserPermissionCodeList(LoginUser loginUser) { + + Long userId = loginUser.getUserId(); + + // 获取用户的角色集合 + List roleIdList = sysUserRoleServiceApi.getUserRoleIdList(userId); + + if (ObjectUtil.isEmpty(roleIdList)) { + return new ArrayList<>(); + } + + // 获取角色对应的菜单id和菜单功能id + List menuIdList = sysRoleMenuService.getRoleBindMenuIdList(roleIdList); + List menuOptionsIdList = sysRoleMenuOptionsService.getRoleBindMenuOptionsIdList(roleIdList); + + List permissionCodeList = new ArrayList<>(); + + // 获取菜单对应的菜单编码集合 + List userMenuCodeList = sysMenuService.getMenuCodeList(menuIdList); + permissionCodeList.addAll(userMenuCodeList); + + // 获取功能对应的功能编码集合 + List optionsCodeList = sysMenuOptionsService.getOptionsCodeList(menuOptionsIdList); + permissionCodeList.addAll(optionsCodeList); + + return permissionCodeList; + } + +} diff --git a/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/menu/service/SysMenuService.java b/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/menu/service/SysMenuService.java index 44b717a62..fdf7318a5 100644 --- a/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/menu/service/SysMenuService.java +++ b/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/menu/service/SysMenuService.java @@ -114,4 +114,12 @@ public interface SysMenuService extends IService { */ List getIndexMenuInfoList(List menuIdList); + /** + * 通过菜单id,获取菜单的编码集合 + * + * @author fengshuonan + * @since 2023/6/21 0:44 + */ + List getMenuCodeList(List menuIdList); + } \ No newline at end of file diff --git a/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/menu/service/impl/SysMenuServiceImpl.java b/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/menu/service/impl/SysMenuServiceImpl.java index 05be85e5c..ff91f99f6 100644 --- a/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/menu/service/impl/SysMenuServiceImpl.java +++ b/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/menu/service/impl/SysMenuServiceImpl.java @@ -199,6 +199,21 @@ public class SysMenuServiceImpl extends ServiceImpl impl return this.list(sysMenuLambdaQueryWrapper); } + @Override + public List getMenuCodeList(List menuIdList) { + + if (ObjectUtil.isEmpty(menuIdList)) { + return new ArrayList<>(); + } + + LambdaQueryWrapper sysMenuLambdaQueryWrapper = new LambdaQueryWrapper<>(); + sysMenuLambdaQueryWrapper.in(SysMenu::getMenuId, menuIdList); + sysMenuLambdaQueryWrapper.select(SysMenu::getMenuCode); + List sysMenuList = this.list(sysMenuLambdaQueryWrapper); + + return sysMenuList.stream().map(SysMenu::getMenuCode).collect(Collectors.toList()); + } + @Override public List getAppMenuGroupDetail(SysMenuRequest sysMenuRequest) {