mirror of https://gitee.com/stylefeng/roses
【7.6.0】【sys】【permission】从新整理auth权限校验逻辑
fengshuonan
parent
2c730efc26
commit
e76085124e
|
|
@ -40,4 +40,11 @@ public class ResourceUrlParam extends BaseRequest {
|
|||
|
||||
private String url;
|
||||
|
||||
public ResourceUrlParam() {
|
||||
}
|
||||
|
||||
public ResourceUrlParam(String url) {
|
||||
this.url = url;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -22,19 +22,22 @@
|
|||
* 5.在修改包名,模块名称,项目代码等时,请注明软件出处 https://gitee.com/stylefeng/guns
|
||||
* 6.若您的项目无法满足以上几点,可申请商业授权
|
||||
*/
|
||||
package cn.stylefeng.roses.kernel.auth.permission;
|
||||
package cn.stylefeng.roses.kernel.sys.modular.login.service;
|
||||
|
||||
import cn.hutool.core.util.ObjectUtil;
|
||||
import cn.hutool.core.util.StrUtil;
|
||||
import cn.stylefeng.roses.kernel.auth.api.PermissionServiceApi;
|
||||
import cn.stylefeng.roses.kernel.auth.api.SessionManagerApi;
|
||||
import cn.stylefeng.roses.kernel.auth.api.exception.AuthException;
|
||||
import cn.stylefeng.roses.kernel.auth.api.exception.enums.AuthExceptionEnum;
|
||||
import cn.stylefeng.roses.kernel.auth.api.pojo.login.LoginUser;
|
||||
import cn.stylefeng.roses.kernel.scanner.api.pojo.resource.ResourceDefinition;
|
||||
import cn.stylefeng.roses.kernel.scanner.api.pojo.resource.ResourceUrlParam;
|
||||
import cn.stylefeng.roses.kernel.sys.api.ResourceServiceApi;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import javax.annotation.Resource;
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
import java.util.List;
|
||||
|
||||
import static cn.stylefeng.roses.kernel.auth.api.exception.enums.AuthExceptionEnum.AUTH_EXPIRED_ERROR;
|
||||
import static cn.stylefeng.roses.kernel.auth.api.exception.enums.AuthExceptionEnum.PERMISSION_RES_VALIDATE_ERROR;
|
||||
|
|
@ -46,11 +49,17 @@ import static cn.stylefeng.roses.kernel.auth.api.exception.enums.AuthExceptionEn
|
|||
* @since 2020/10/22 15:49
|
||||
*/
|
||||
@Service
|
||||
public class PermissionServiceImpl implements PermissionServiceApi {
|
||||
public class PermissionCheckServiceImpl implements PermissionServiceApi {
|
||||
|
||||
@Resource
|
||||
private SessionManagerApi sessionManagerApi;
|
||||
|
||||
@Resource
|
||||
private ResourceServiceApi resourceServiceApi;
|
||||
|
||||
@Resource
|
||||
private UserPermissionService userPermissionService;
|
||||
|
||||
@Override
|
||||
public void checkPermission(String token, String requestUrl) {
|
||||
|
||||
|
|
@ -60,19 +69,36 @@ public class PermissionServiceImpl implements PermissionServiceApi {
|
|||
}
|
||||
|
||||
// 2. 获取token对应的用户信息
|
||||
LoginUser session = sessionManagerApi.getSession(token);
|
||||
if (session == null) {
|
||||
LoginUser loginUser = sessionManagerApi.getSession(token);
|
||||
if (loginUser == null) {
|
||||
throw new AuthException(AUTH_EXPIRED_ERROR);
|
||||
}
|
||||
|
||||
// 3. 验证用户有没有当前url的权限 todo 校验方法重写
|
||||
Set<String> resourceUrls = new HashSet<>();
|
||||
if (resourceUrls == null || resourceUrls.size() == 0) {
|
||||
throw new AuthException(PERMISSION_RES_VALIDATE_ERROR);
|
||||
// 3. 获取url对应的资源信息
|
||||
ResourceDefinition resourceDefinition = resourceServiceApi.getResourceByUrl(new ResourceUrlParam(requestUrl));
|
||||
|
||||
// 4. 如果资源找不到,则直接返回错误
|
||||
if (resourceDefinition == null) {
|
||||
throw new AuthException(AuthExceptionEnum.CANT_REQUEST_UN_OPEN_API, requestUrl);
|
||||
}
|
||||
|
||||
// 5. 如果当前接口资源不需要权限校验,则直接返回成功
|
||||
if (!resourceDefinition.getRequiredPermissionFlag()) {
|
||||
return;
|
||||
}
|
||||
|
||||
// 获取当前资源需要的权限编码
|
||||
String permissionCode = resourceDefinition.getPermissionCode();
|
||||
if (ObjectUtil.isEmpty(permissionCode)) {
|
||||
return;
|
||||
}
|
||||
|
||||
// 判断当前用户是否有该权限编码,如果有该权限编码,则返回成功
|
||||
List<String> userPermissionCodeList = userPermissionService.getUserPermissionCodeList(loginUser);
|
||||
if (ObjectUtil.isNotEmpty(userPermissionCodeList) && userPermissionCodeList.contains(permissionCode)) {
|
||||
return;
|
||||
} else {
|
||||
if (!resourceUrls.contains(requestUrl)) {
|
||||
throw new AuthException(PERMISSION_RES_VALIDATE_ERROR);
|
||||
}
|
||||
throw new AuthException(PERMISSION_RES_VALIDATE_ERROR);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -0,0 +1,74 @@
|
|||
package cn.stylefeng.roses.kernel.sys.modular.login.service;
|
||||
|
||||
import cn.hutool.core.util.ObjectUtil;
|
||||
import cn.stylefeng.roses.kernel.auth.api.pojo.login.LoginUser;
|
||||
import cn.stylefeng.roses.kernel.sys.api.SysUserRoleServiceApi;
|
||||
import cn.stylefeng.roses.kernel.sys.modular.menu.service.SysMenuOptionsService;
|
||||
import cn.stylefeng.roses.kernel.sys.modular.menu.service.SysMenuService;
|
||||
import cn.stylefeng.roses.kernel.sys.modular.role.service.SysRoleMenuOptionsService;
|
||||
import cn.stylefeng.roses.kernel.sys.modular.role.service.SysRoleMenuService;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import javax.annotation.Resource;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* 用户权限信息获取的综合业务
|
||||
*
|
||||
* @author fengshuonan
|
||||
* @since 2023/6/21 0:47
|
||||
*/
|
||||
@Service
|
||||
public class UserPermissionService {
|
||||
|
||||
@Resource
|
||||
private SysUserRoleServiceApi sysUserRoleServiceApi;
|
||||
|
||||
@Resource
|
||||
private SysRoleMenuService sysRoleMenuService;
|
||||
|
||||
@Resource
|
||||
private SysRoleMenuOptionsService sysRoleMenuOptionsService;
|
||||
|
||||
@Resource
|
||||
private SysMenuService sysMenuService;
|
||||
|
||||
@Resource
|
||||
private SysMenuOptionsService sysMenuOptionsService;
|
||||
|
||||
/**
|
||||
* 填充用户的权限编码集合
|
||||
*
|
||||
* @author fengshuonan
|
||||
* @since 2023/6/19 12:38
|
||||
*/
|
||||
public List<String> getUserPermissionCodeList(LoginUser loginUser) {
|
||||
|
||||
Long userId = loginUser.getUserId();
|
||||
|
||||
// 获取用户的角色集合
|
||||
List<Long> roleIdList = sysUserRoleServiceApi.getUserRoleIdList(userId);
|
||||
|
||||
if (ObjectUtil.isEmpty(roleIdList)) {
|
||||
return new ArrayList<>();
|
||||
}
|
||||
|
||||
// 获取角色对应的菜单id和菜单功能id
|
||||
List<Long> menuIdList = sysRoleMenuService.getRoleBindMenuIdList(roleIdList);
|
||||
List<Long> menuOptionsIdList = sysRoleMenuOptionsService.getRoleBindMenuOptionsIdList(roleIdList);
|
||||
|
||||
List<String> permissionCodeList = new ArrayList<>();
|
||||
|
||||
// 获取菜单对应的菜单编码集合
|
||||
List<String> userMenuCodeList = sysMenuService.getMenuCodeList(menuIdList);
|
||||
permissionCodeList.addAll(userMenuCodeList);
|
||||
|
||||
// 获取功能对应的功能编码集合
|
||||
List<String> optionsCodeList = sysMenuOptionsService.getOptionsCodeList(menuOptionsIdList);
|
||||
permissionCodeList.addAll(optionsCodeList);
|
||||
|
||||
return permissionCodeList;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -114,4 +114,12 @@ public interface SysMenuService extends IService<SysMenu> {
|
|||
*/
|
||||
List<SysMenu> getIndexMenuInfoList(List<Long> menuIdList);
|
||||
|
||||
/**
|
||||
* 通过菜单id,获取菜单的编码集合
|
||||
*
|
||||
* @author fengshuonan
|
||||
* @since 2023/6/21 0:44
|
||||
*/
|
||||
List<String> getMenuCodeList(List<Long> menuIdList);
|
||||
|
||||
}
|
||||
|
|
@ -199,6 +199,21 @@ public class SysMenuServiceImpl extends ServiceImpl<SysMenuMapper, SysMenu> impl
|
|||
return this.list(sysMenuLambdaQueryWrapper);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<String> getMenuCodeList(List<Long> menuIdList) {
|
||||
|
||||
if (ObjectUtil.isEmpty(menuIdList)) {
|
||||
return new ArrayList<>();
|
||||
}
|
||||
|
||||
LambdaQueryWrapper<SysMenu> sysMenuLambdaQueryWrapper = new LambdaQueryWrapper<>();
|
||||
sysMenuLambdaQueryWrapper.in(SysMenu::getMenuId, menuIdList);
|
||||
sysMenuLambdaQueryWrapper.select(SysMenu::getMenuCode);
|
||||
List<SysMenu> sysMenuList = this.list(sysMenuLambdaQueryWrapper);
|
||||
|
||||
return sysMenuList.stream().map(SysMenu::getMenuCode).collect(Collectors.toList());
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<AppGroupDetail> getAppMenuGroupDetail(SysMenuRequest sysMenuRequest) {
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue