【7.6.0】【sys】【permission】从新整理auth权限校验逻辑

kernel-d-scanner/scanner-api/src/main/java/cn/stylefeng/roses/kernel/scanner/api/pojo/resource/ResourceUrlParam.java

@@ -40,4 +40,11 @@ public class ResourceUrlParam extends BaseRequest {
 
     private String url;
 
+    public ResourceUrlParam() {
+    }
+
+    public ResourceUrlParam(String url) {
+        this.url = url;
+    }
+    
 }

kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/login/service/PermissionCheckServiceImpl.java

@@ -22,19 +22,22 @@
  * 5.在修改包名，模块名称，项目代码等时，请注明软件出处 https://gitee.com/stylefeng/guns
  * 6.若您的项目无法满足以上几点，可申请商业授权
  */
-package cn.stylefeng.roses.kernel.auth.permission;
+package cn.stylefeng.roses.kernel.sys.modular.login.service;
 
+import cn.hutool.core.util.ObjectUtil;
 import cn.hutool.core.util.StrUtil;
 import cn.stylefeng.roses.kernel.auth.api.PermissionServiceApi;
 import cn.stylefeng.roses.kernel.auth.api.SessionManagerApi;
 import cn.stylefeng.roses.kernel.auth.api.exception.AuthException;
 import cn.stylefeng.roses.kernel.auth.api.exception.enums.AuthExceptionEnum;
 import cn.stylefeng.roses.kernel.auth.api.pojo.login.LoginUser;
+import cn.stylefeng.roses.kernel.scanner.api.pojo.resource.ResourceDefinition;
+import cn.stylefeng.roses.kernel.scanner.api.pojo.resource.ResourceUrlParam;
+import cn.stylefeng.roses.kernel.sys.api.ResourceServiceApi;
 import org.springframework.stereotype.Service;
 
 import javax.annotation.Resource;
-import java.util.HashSet;
+import java.util.List;
-import java.util.Set;
 
 import static cn.stylefeng.roses.kernel.auth.api.exception.enums.AuthExceptionEnum.AUTH_EXPIRED_ERROR;
 import static cn.stylefeng.roses.kernel.auth.api.exception.enums.AuthExceptionEnum.PERMISSION_RES_VALIDATE_ERROR;
@@ -46,11 +49,17 @@ import static cn.stylefeng.roses.kernel.auth.api.exception.enums.AuthExceptionEn
  * @since 2020/10/22 15:49
  */
 @Service
-public class PermissionServiceImpl implements PermissionServiceApi {
+public class PermissionCheckServiceImpl implements PermissionServiceApi {
 
     @Resource
     private SessionManagerApi sessionManagerApi;
 
+    @Resource
+    private ResourceServiceApi resourceServiceApi;
+
+    @Resource
+    private UserPermissionService userPermissionService;
+
     @Override
     public void checkPermission(String token, String requestUrl) {
 
@@ -60,19 +69,36 @@ public class PermissionServiceImpl implements PermissionServiceApi {
         }
 
         // 2. 获取token对应的用户信息
-        LoginUser session = sessionManagerApi.getSession(token);
+        LoginUser loginUser = sessionManagerApi.getSession(token);
-        if (session == null) {
+        if (loginUser == null) {
             throw new AuthException(AUTH_EXPIRED_ERROR);
         }
 
-        // 3. 验证用户有没有当前url的权限 todo 校验方法重写
+        // 3. 获取url对应的资源信息
-        Set<String> resourceUrls = new HashSet<>();
+        ResourceDefinition resourceDefinition = resourceServiceApi.getResourceByUrl(new ResourceUrlParam(requestUrl));
-        if (resourceUrls == null || resourceUrls.size() == 0) {
+
-            throw new AuthException(PERMISSION_RES_VALIDATE_ERROR);
+        // 4. 如果资源找不到，则直接返回错误
+        if (resourceDefinition == null) {
+            throw new AuthException(AuthExceptionEnum.CANT_REQUEST_UN_OPEN_API, requestUrl);
+        }
+
+        // 5. 如果当前接口资源不需要权限校验，则直接返回成功
+        if (!resourceDefinition.getRequiredPermissionFlag()) {
+            return;
+        }
+
+        // 获取当前资源需要的权限编码
+        String permissionCode = resourceDefinition.getPermissionCode();
+        if (ObjectUtil.isEmpty(permissionCode)) {
+            return;
+        }
+
+        // 判断当前用户是否有该权限编码，如果有该权限编码，则返回成功
+        List<String> userPermissionCodeList = userPermissionService.getUserPermissionCodeList(loginUser);
+        if (ObjectUtil.isNotEmpty(userPermissionCodeList) && userPermissionCodeList.contains(permissionCode)) {
+            return;
         } else {
-            if (!resourceUrls.contains(requestUrl)) {
+            throw new AuthException(PERMISSION_RES_VALIDATE_ERROR);
-                throw new AuthException(PERMISSION_RES_VALIDATE_ERROR);
-            }
         }
     }
 

kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/login/service/UserPermissionService.java

@@ -0,0 +1,74 @@
+package cn.stylefeng.roses.kernel.sys.modular.login.service;
+
+import cn.hutool.core.util.ObjectUtil;
+import cn.stylefeng.roses.kernel.auth.api.pojo.login.LoginUser;
+import cn.stylefeng.roses.kernel.sys.api.SysUserRoleServiceApi;
+import cn.stylefeng.roses.kernel.sys.modular.menu.service.SysMenuOptionsService;
+import cn.stylefeng.roses.kernel.sys.modular.menu.service.SysMenuService;
+import cn.stylefeng.roses.kernel.sys.modular.role.service.SysRoleMenuOptionsService;
+import cn.stylefeng.roses.kernel.sys.modular.role.service.SysRoleMenuService;
+import org.springframework.stereotype.Service;
+
+import javax.annotation.Resource;
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * 用户权限信息获取的综合业务
+ *
+ * @author fengshuonan
+ * @since 2023/6/21 0:47
+ */
+@Service
+public class UserPermissionService {
+
+    @Resource
+    private SysUserRoleServiceApi sysUserRoleServiceApi;
+
+    @Resource
+    private SysRoleMenuService sysRoleMenuService;
+
+    @Resource
+    private SysRoleMenuOptionsService sysRoleMenuOptionsService;
+
+    @Resource
+    private SysMenuService sysMenuService;
+
+    @Resource
+    private SysMenuOptionsService sysMenuOptionsService;
+
+    /**
+     * 填充用户的权限编码集合
+     *
+     * @author fengshuonan
+     * @since 2023/6/19 12:38
+     */
+    public List<String> getUserPermissionCodeList(LoginUser loginUser) {
+
+        Long userId = loginUser.getUserId();
+
+        // 获取用户的角色集合
+        List<Long> roleIdList = sysUserRoleServiceApi.getUserRoleIdList(userId);
+
+        if (ObjectUtil.isEmpty(roleIdList)) {
+            return new ArrayList<>();
+        }
+
+        // 获取角色对应的菜单id和菜单功能id
+        List<Long> menuIdList = sysRoleMenuService.getRoleBindMenuIdList(roleIdList);
+        List<Long> menuOptionsIdList = sysRoleMenuOptionsService.getRoleBindMenuOptionsIdList(roleIdList);
+
+        List<String> permissionCodeList = new ArrayList<>();
+
+        // 获取菜单对应的菜单编码集合
+        List<String> userMenuCodeList = sysMenuService.getMenuCodeList(menuIdList);
+        permissionCodeList.addAll(userMenuCodeList);
+
+        // 获取功能对应的功能编码集合
+        List<String> optionsCodeList = sysMenuOptionsService.getOptionsCodeList(menuOptionsIdList);
+        permissionCodeList.addAll(optionsCodeList);
+
+        return permissionCodeList;
+    }
+
+}

kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/menu/service/SysMenuService.java

@@ -114,4 +114,12 @@ public interface SysMenuService extends IService<SysMenu> {
      */
     List<SysMenu> getIndexMenuInfoList(List<Long> menuIdList);
 
+    /**
+     * 通过菜单id，获取菜单的编码集合
+     *
+     * @author fengshuonan
+     * @since 2023/6/21 0:44
+     */
+    List<String> getMenuCodeList(List<Long> menuIdList);
+
 }

kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/menu/service/impl/SysMenuServiceImpl.java

@@ -199,6 +199,21 @@ public class SysMenuServiceImpl extends ServiceImpl<SysMenuMapper, SysMenu> impl
         return this.list(sysMenuLambdaQueryWrapper);
     }
 
+    @Override
+    public List<String> getMenuCodeList(List<Long> menuIdList) {
+
+        if (ObjectUtil.isEmpty(menuIdList)) {
+            return new ArrayList<>();
+        }
+
+        LambdaQueryWrapper<SysMenu> sysMenuLambdaQueryWrapper = new LambdaQueryWrapper<>();
+        sysMenuLambdaQueryWrapper.in(SysMenu::getMenuId, menuIdList);
+        sysMenuLambdaQueryWrapper.select(SysMenu::getMenuCode);
+        List<SysMenu> sysMenuList = this.list(sysMenuLambdaQueryWrapper);
+
+        return sysMenuList.stream().map(SysMenu::getMenuCode).collect(Collectors.toList());
+    }
+
     @Override
     public List<AppGroupDetail> getAppMenuGroupDetail(SysMenuRequest sysMenuRequest) {