From fa26d674695d507afc70b70b49e41f5a804baee9 Mon Sep 17 00:00:00 2001 From: ZhengJie <201507802@qq.com> Date: Thu, 7 May 2020 19:04:46 +0800 Subject: [PATCH] =?UTF-8?q?[=E4=BB=A3=E7=A0=81=E5=AE=8C=E5=96=84](v2.5):?= =?UTF-8?q?=20v2.5=20beta=20=E6=95=B0=E6=8D=AE=E6=9D=83=E9=99=90=E4=BD=BF?= =?UTF-8?q?=E5=8D=87=E7=BA=A7=EF=BC=8C=E7=8E=B0=E5=8F=AF=E9=80=9A=E8=BF=87?= =?UTF-8?q?=E6=B3=A8=E8=A7=A3[@DataPermission]=E6=8E=A7=E5=88=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit DataPermission 类中有详细说明和使用示例 SecurityUtils 中加入获取当前用户的数据权限的方法 2.5 Beta 详情:https://www.ydyno.com/archives/1225.html --- .../java/me/zhengjie/utils/QueryHelp.java | 17 ++- .../java/me/zhengjie/utils/SecurityUtils.java | 14 ++- .../zhengjie/{aop/log => annotation}/Log.java | 2 +- .../java/me/zhengjie/aspect/LogAspect.java | 2 +- .../java/me/zhengjie/rest/LogController.java | 2 +- .../zhengjie/service/impl/LogServiceImpl.java | 2 +- .../java/me/zhengjie/config/DataScope.java | 104 ------------------ .../modules/mnt/rest/AppController.java | 2 +- .../modules/mnt/rest/DatabaseController.java | 2 +- .../modules/mnt/rest/DeployController.java | 2 +- .../mnt/rest/DeployHistoryController.java | 2 +- .../mnt/rest/ServerDeployController.java | 2 +- .../quartz/rest/QuartzJobController.java | 2 +- .../rest/AuthorizationController.java | 2 +- .../security/rest/OnlineController.java | 2 +- .../service/UserDetailsServiceImpl.java | 3 + .../security/service/dto/JwtUserDto.java | 6 +- .../zhengjie/modules/system/domain/Role.java | 3 +- .../modules/system/rest/DeptController.java | 6 +- .../modules/system/rest/DictController.java | 2 +- .../system/rest/DictDetailController.java | 2 +- .../modules/system/rest/JobController.java | 2 +- .../modules/system/rest/MenuController.java | 2 +- .../system/rest/MonitorController.java | 1 - .../modules/system/rest/RoleController.java | 2 +- .../modules/system/rest/UserController.java | 35 +++--- .../modules/system/service/DataService.java | 43 ++++++++ .../system/service/dto/DeptQueryCriteria.java | 7 +- .../system/service/dto/UserQueryCriteria.java | 3 +- .../system/service/impl/RoleServiceImpl.java | 20 ++++ .../template/generator/admin/Controller.ftl | 2 +- .../me/zhengjie/rest/AliPayController.java | 2 +- .../me/zhengjie/rest/EmailController.java | 2 +- .../zhengjie/rest/LocalStorageController.java | 2 +- .../me/zhengjie/rest/PictureController.java | 2 +- .../me/zhengjie/rest/QiniuController.java | 2 +- 36 files changed, 143 insertions(+), 165 deletions(-) rename eladmin-logging/src/main/java/me/zhengjie/{aop/log => annotation}/Log.java (96%) delete mode 100644 eladmin-system/src/main/java/me/zhengjie/config/DataScope.java create mode 100644 eladmin-system/src/main/java/me/zhengjie/modules/system/service/DataService.java diff --git a/eladmin-common/src/main/java/me/zhengjie/utils/QueryHelp.java b/eladmin-common/src/main/java/me/zhengjie/utils/QueryHelp.java index 6ae81a7c..17f83f35 100644 --- a/eladmin-common/src/main/java/me/zhengjie/utils/QueryHelp.java +++ b/eladmin-common/src/main/java/me/zhengjie/utils/QueryHelp.java @@ -16,8 +16,10 @@ package me.zhengjie.utils; import cn.hutool.core.collection.CollUtil; +import cn.hutool.core.collection.CollectionUtil; import cn.hutool.core.util.ObjectUtil; import lombok.extern.slf4j.Slf4j; +import me.zhengjie.annotation.DataPermission; import me.zhengjie.annotation.Query; import javax.persistence.criteria.*; import java.lang.reflect.Field; @@ -33,10 +35,23 @@ public class QueryHelp { public static Predicate getPredicate(Root root, Q query, CriteriaBuilder cb) { List list = new ArrayList<>(); - if(query == null){ return cb.and(list.toArray(new Predicate[0])); } + // 数据权限验证 + DataPermission permission = query.getClass().getAnnotation(DataPermission.class); + if(permission != null){ + // 获取数据权限 + List dataScopes = SecurityUtils.getCurrentUserDataScope(); + if(CollectionUtil.isNotEmpty(dataScopes)){ + if(StringUtils.isNotBlank(permission.joinName()) && StringUtils.isNotBlank(permission.fieldName())) { + Join join = root.join(permission.joinName(), JoinType.LEFT); + list.add(getExpression(permission.fieldName(),join, root).in(dataScopes)); + } else if (StringUtils.isBlank(permission.joinName()) && StringUtils.isNotBlank(permission.fieldName())) { + list.add(getExpression(permission.fieldName(),null, root).in(dataScopes)); + } + } + } try { List fields = getAllFields(query.getClass(), new ArrayList<>()); for (Field field : fields) { diff --git a/eladmin-common/src/main/java/me/zhengjie/utils/SecurityUtils.java b/eladmin-common/src/main/java/me/zhengjie/utils/SecurityUtils.java index 2c27a445..fe39dcd0 100644 --- a/eladmin-common/src/main/java/me/zhengjie/utils/SecurityUtils.java +++ b/eladmin-common/src/main/java/me/zhengjie/utils/SecurityUtils.java @@ -15,7 +15,9 @@ */ package me.zhengjie.utils; +import cn.hutool.json.JSONArray; import cn.hutool.json.JSONObject; +import cn.hutool.json.JSONUtil; import lombok.extern.slf4j.Slf4j; import me.zhengjie.exception.BadRequestException; import org.springframework.http.HttpStatus; @@ -23,6 +25,7 @@ import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; +import java.util.List; /** * 获取当前登录的用户 @@ -65,11 +68,20 @@ public class SecurityUtils { /** * 获取系统用户ID - * * @return 系统用户ID */ public static Long getCurrentUserId() { UserDetails userDetails = getCurrentUser(); return new JSONObject(new JSONObject(userDetails).get("user")).get("id", Long.class); } + + /** + * 获取当前用户的数据权限 + * @return / + */ + public static List getCurrentUserDataScope(){ + UserDetails userDetails = getCurrentUser(); + JSONArray array = JSONUtil.parseArray(new JSONObject(userDetails).get("dataScopes")); + return JSONUtil.toList(array,Long.class); + } } diff --git a/eladmin-logging/src/main/java/me/zhengjie/aop/log/Log.java b/eladmin-logging/src/main/java/me/zhengjie/annotation/Log.java similarity index 96% rename from eladmin-logging/src/main/java/me/zhengjie/aop/log/Log.java rename to eladmin-logging/src/main/java/me/zhengjie/annotation/Log.java index cda0a800..1aa33a56 100644 --- a/eladmin-logging/src/main/java/me/zhengjie/aop/log/Log.java +++ b/eladmin-logging/src/main/java/me/zhengjie/annotation/Log.java @@ -13,7 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package me.zhengjie.aop.log; +package me.zhengjie.annotation; import java.lang.annotation.ElementType; import java.lang.annotation.Retention; diff --git a/eladmin-logging/src/main/java/me/zhengjie/aspect/LogAspect.java b/eladmin-logging/src/main/java/me/zhengjie/aspect/LogAspect.java index a50a855f..53e4532b 100644 --- a/eladmin-logging/src/main/java/me/zhengjie/aspect/LogAspect.java +++ b/eladmin-logging/src/main/java/me/zhengjie/aspect/LogAspect.java @@ -51,7 +51,7 @@ public class LogAspect { /** * 配置切入点 */ - @Pointcut("@annotation(me.zhengjie.aop.log.Log)") + @Pointcut("@annotation(me.zhengjie.annotation.Log)") public void logPointcut() { // 该方法无方法体,主要为了让同类中其他方法使用此切入点 } diff --git a/eladmin-logging/src/main/java/me/zhengjie/rest/LogController.java b/eladmin-logging/src/main/java/me/zhengjie/rest/LogController.java index f65678e3..c5f22f41 100644 --- a/eladmin-logging/src/main/java/me/zhengjie/rest/LogController.java +++ b/eladmin-logging/src/main/java/me/zhengjie/rest/LogController.java @@ -18,7 +18,7 @@ package me.zhengjie.rest; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import lombok.RequiredArgsConstructor; -import me.zhengjie.aop.log.Log; +import me.zhengjie.annotation.Log; import me.zhengjie.service.LogService; import me.zhengjie.service.dto.LogQueryCriteria; import me.zhengjie.utils.SecurityUtils; diff --git a/eladmin-logging/src/main/java/me/zhengjie/service/impl/LogServiceImpl.java b/eladmin-logging/src/main/java/me/zhengjie/service/impl/LogServiceImpl.java index 68af1f10..dda2b235 100644 --- a/eladmin-logging/src/main/java/me/zhengjie/service/impl/LogServiceImpl.java +++ b/eladmin-logging/src/main/java/me/zhengjie/service/impl/LogServiceImpl.java @@ -81,7 +81,7 @@ public class LogServiceImpl implements LogService { MethodSignature signature = (MethodSignature) joinPoint.getSignature(); Method method = signature.getMethod(); - me.zhengjie.aop.log.Log aopLog = method.getAnnotation(me.zhengjie.aop.log.Log.class); + me.zhengjie.annotation.Log aopLog = method.getAnnotation(me.zhengjie.annotation.Log.class); // 方法路径 String methodName = joinPoint.getTarget().getClass().getName()+"."+signature.getName()+"()"; diff --git a/eladmin-system/src/main/java/me/zhengjie/config/DataScope.java b/eladmin-system/src/main/java/me/zhengjie/config/DataScope.java deleted file mode 100644 index 80965b6b..00000000 --- a/eladmin-system/src/main/java/me/zhengjie/config/DataScope.java +++ /dev/null @@ -1,104 +0,0 @@ -/* - * Copyright 2019-2020 Zheng Jie - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package me.zhengjie.config; - -import me.zhengjie.modules.system.domain.Dept; -import me.zhengjie.modules.system.service.DeptService; -import me.zhengjie.modules.system.service.RoleService; -import me.zhengjie.modules.system.service.UserService; -import me.zhengjie.modules.system.service.dto.RoleSmallDto; -import me.zhengjie.modules.system.service.dto.UserDto; -import me.zhengjie.utils.SecurityUtils; -import org.springframework.stereotype.Component; -import java.util.ArrayList; -import java.util.HashSet; -import java.util.List; -import java.util.Set; - -/** - * 数据权限配置 - * @author Zheng Jie - * @date 2019-4-1 - */ -@Component -public class DataScope { - - private final String[] scopeType = {"全部","本级","自定义"}; - - private final UserService userService; - - private final RoleService roleService; - - private final DeptService deptService; - - public DataScope(UserService userService, RoleService roleService, DeptService deptService) { - this.userService = userService; - this.roleService = roleService; - this.deptService = deptService; - } - - public Set getDeptIds() { - - UserDto user = userService.findByName(SecurityUtils.getCurrentUsername()); - - // 用于存储部门id - Set deptIds = new HashSet<>(); - - // 查询用户角色 - List roleSet = roleService.findByUsersId(user.getId()); - - for (RoleSmallDto role : roleSet) { - - if (scopeType[0].equals(role.getDataScope())) { - return new HashSet<>() ; - } - - // 存储本级的数据权限 - if (scopeType[1].equals(role.getDataScope())) { - deptIds.add(user.getDept().getId()); - } - - // 存储自定义的数据权限 - if (scopeType[2].equals(role.getDataScope())) { - Set depts = deptService.findByRoleIds(role.getId()); - for (Dept dept : depts) { - deptIds.add(dept.getId()); - List deptChildren = deptService.findByPid(dept.getId()); - if (deptChildren != null && deptChildren.size() != 0) { - deptIds.addAll(getDeptChildren(deptChildren)); - } - } - } - } - return deptIds; - } - - - public List getDeptChildren(List deptList) { - List list = new ArrayList<>(); - deptList.forEach(dept -> { - if (dept!=null && dept.getEnabled()){ - List depts = deptService.findByPid(dept.getId()); - if(deptList.size() != 0){ - list.addAll(getDeptChildren(depts)); - } - list.add(dept.getId()); - } - } - ); - return list; - } -} diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/mnt/rest/AppController.java b/eladmin-system/src/main/java/me/zhengjie/modules/mnt/rest/AppController.java index ffd95e8b..2b410943 100644 --- a/eladmin-system/src/main/java/me/zhengjie/modules/mnt/rest/AppController.java +++ b/eladmin-system/src/main/java/me/zhengjie/modules/mnt/rest/AppController.java @@ -18,7 +18,7 @@ package me.zhengjie.modules.mnt.rest; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import lombok.RequiredArgsConstructor; -import me.zhengjie.aop.log.Log; +import me.zhengjie.annotation.Log; import me.zhengjie.modules.mnt.domain.App; import me.zhengjie.modules.mnt.service.AppService; import me.zhengjie.modules.mnt.service.dto.AppQueryCriteria; diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/mnt/rest/DatabaseController.java b/eladmin-system/src/main/java/me/zhengjie/modules/mnt/rest/DatabaseController.java index d508fb0d..f2ff0a19 100644 --- a/eladmin-system/src/main/java/me/zhengjie/modules/mnt/rest/DatabaseController.java +++ b/eladmin-system/src/main/java/me/zhengjie/modules/mnt/rest/DatabaseController.java @@ -18,7 +18,7 @@ package me.zhengjie.modules.mnt.rest; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import lombok.RequiredArgsConstructor; -import me.zhengjie.aop.log.Log; +import me.zhengjie.annotation.Log; import me.zhengjie.exception.BadRequestException; import me.zhengjie.modules.mnt.domain.Database; import me.zhengjie.modules.mnt.service.DatabaseService; diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/mnt/rest/DeployController.java b/eladmin-system/src/main/java/me/zhengjie/modules/mnt/rest/DeployController.java index 2d8fb8d8..31a0cb48 100644 --- a/eladmin-system/src/main/java/me/zhengjie/modules/mnt/rest/DeployController.java +++ b/eladmin-system/src/main/java/me/zhengjie/modules/mnt/rest/DeployController.java @@ -18,7 +18,7 @@ package me.zhengjie.modules.mnt.rest; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import lombok.RequiredArgsConstructor; -import me.zhengjie.aop.log.Log; +import me.zhengjie.annotation.Log; import me.zhengjie.modules.mnt.domain.Deploy; import me.zhengjie.modules.mnt.domain.DeployHistory; import me.zhengjie.modules.mnt.service.DeployService; diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/mnt/rest/DeployHistoryController.java b/eladmin-system/src/main/java/me/zhengjie/modules/mnt/rest/DeployHistoryController.java index a9111c22..c59680c1 100644 --- a/eladmin-system/src/main/java/me/zhengjie/modules/mnt/rest/DeployHistoryController.java +++ b/eladmin-system/src/main/java/me/zhengjie/modules/mnt/rest/DeployHistoryController.java @@ -18,7 +18,7 @@ package me.zhengjie.modules.mnt.rest; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import lombok.RequiredArgsConstructor; -import me.zhengjie.aop.log.Log; +import me.zhengjie.annotation.Log; import me.zhengjie.modules.mnt.service.DeployHistoryService; import me.zhengjie.modules.mnt.service.dto.DeployHistoryQueryCriteria; import org.springframework.data.domain.Pageable; diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/mnt/rest/ServerDeployController.java b/eladmin-system/src/main/java/me/zhengjie/modules/mnt/rest/ServerDeployController.java index 8c561bb7..08bd5c2c 100644 --- a/eladmin-system/src/main/java/me/zhengjie/modules/mnt/rest/ServerDeployController.java +++ b/eladmin-system/src/main/java/me/zhengjie/modules/mnt/rest/ServerDeployController.java @@ -18,7 +18,7 @@ package me.zhengjie.modules.mnt.rest; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import lombok.RequiredArgsConstructor; -import me.zhengjie.aop.log.Log; +import me.zhengjie.annotation.Log; import me.zhengjie.modules.mnt.domain.ServerDeploy; import me.zhengjie.modules.mnt.service.ServerDeployService; import me.zhengjie.modules.mnt.service.dto.ServerDeployQueryCriteria; diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/quartz/rest/QuartzJobController.java b/eladmin-system/src/main/java/me/zhengjie/modules/quartz/rest/QuartzJobController.java index 5ede702b..003b5fa3 100644 --- a/eladmin-system/src/main/java/me/zhengjie/modules/quartz/rest/QuartzJobController.java +++ b/eladmin-system/src/main/java/me/zhengjie/modules/quartz/rest/QuartzJobController.java @@ -19,7 +19,7 @@ import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; -import me.zhengjie.aop.log.Log; +import me.zhengjie.annotation.Log; import me.zhengjie.exception.BadRequestException; import me.zhengjie.modules.quartz.domain.QuartzJob; import me.zhengjie.modules.quartz.service.QuartzJobService; diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/security/rest/AuthorizationController.java b/eladmin-system/src/main/java/me/zhengjie/modules/security/rest/AuthorizationController.java index e89658c6..03cfb275 100644 --- a/eladmin-system/src/main/java/me/zhengjie/modules/security/rest/AuthorizationController.java +++ b/eladmin-system/src/main/java/me/zhengjie/modules/security/rest/AuthorizationController.java @@ -24,7 +24,7 @@ import io.swagger.annotations.ApiOperation; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import me.zhengjie.annotation.AnonymousAccess; -import me.zhengjie.aop.log.Log; +import me.zhengjie.annotation.Log; import me.zhengjie.exception.BadRequestException; import me.zhengjie.modules.security.config.SecurityProperties; import me.zhengjie.modules.security.security.TokenProvider; diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/security/rest/OnlineController.java b/eladmin-system/src/main/java/me/zhengjie/modules/security/rest/OnlineController.java index 564ab363..4ea9e8f2 100644 --- a/eladmin-system/src/main/java/me/zhengjie/modules/security/rest/OnlineController.java +++ b/eladmin-system/src/main/java/me/zhengjie/modules/security/rest/OnlineController.java @@ -18,7 +18,7 @@ package me.zhengjie.modules.security.rest; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import lombok.RequiredArgsConstructor; -import me.zhengjie.aop.log.Log; +import me.zhengjie.annotation.Log; import me.zhengjie.modules.security.service.OnlineUserService; import me.zhengjie.utils.EncryptUtils; import org.springframework.data.domain.Pageable; diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/security/service/UserDetailsServiceImpl.java b/eladmin-system/src/main/java/me/zhengjie/modules/security/service/UserDetailsServiceImpl.java index fffbd25d..9aaf753e 100644 --- a/eladmin-system/src/main/java/me/zhengjie/modules/security/service/UserDetailsServiceImpl.java +++ b/eladmin-system/src/main/java/me/zhengjie/modules/security/service/UserDetailsServiceImpl.java @@ -19,6 +19,7 @@ import lombok.RequiredArgsConstructor; import me.zhengjie.exception.BadRequestException; import me.zhengjie.exception.EntityNotFoundException; import me.zhengjie.modules.security.service.dto.JwtUserDto; +import me.zhengjie.modules.system.service.DataService; import me.zhengjie.modules.system.service.RoleService; import me.zhengjie.modules.system.service.UserService; import me.zhengjie.modules.system.service.dto.UserDto; @@ -39,6 +40,7 @@ public class UserDetailsServiceImpl implements UserDetailsService { private final UserService userService; private final RoleService roleService; + private final DataService dataService; @Override public JwtUserDto loadUserByUsername(String username) { @@ -57,6 +59,7 @@ public class UserDetailsServiceImpl implements UserDetailsService { } return new JwtUserDto( user, + dataService.getDeptIds(user), roleService.mapToGrantedAuthorities(user) ); } diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/security/service/dto/JwtUserDto.java b/eladmin-system/src/main/java/me/zhengjie/modules/security/service/dto/JwtUserDto.java index e3fd827c..0a59a5dc 100644 --- a/eladmin-system/src/main/java/me/zhengjie/modules/security/service/dto/JwtUserDto.java +++ b/eladmin-system/src/main/java/me/zhengjie/modules/security/service/dto/JwtUserDto.java @@ -33,10 +33,12 @@ import java.util.stream.Collectors; @AllArgsConstructor public class JwtUserDto implements UserDetails { - private UserDto user; + private final UserDto user; + + private final List dataScopes; @JsonIgnore - private List authorities; + private final List authorities; public Set getRoles() { return authorities.stream().map(GrantedAuthority::getAuthority).collect(Collectors.toSet()); diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/system/domain/Role.java b/eladmin-system/src/main/java/me/zhengjie/modules/system/domain/Role.java index 4ef298c6..47d495c4 100644 --- a/eladmin-system/src/main/java/me/zhengjie/modules/system/domain/Role.java +++ b/eladmin-system/src/main/java/me/zhengjie/modules/system/domain/Role.java @@ -20,6 +20,7 @@ import io.swagger.annotations.ApiModelProperty; import lombok.Getter; import lombok.Setter; import me.zhengjie.base.BaseEntity; +import me.zhengjie.utils.enums.DataScopeEnum; import org.hibernate.annotations.CreationTimestamp; import javax.persistence.*; import javax.validation.constraints.NotBlank; @@ -71,7 +72,7 @@ public class Role extends BaseEntity implements Serializable { private String name; @ApiModelProperty(value = "数据权限,全部 、 本级 、 自定义") - private String dataScope = "本级"; + private String dataScope = DataScopeEnum.THIS_LEVEL.getValue(); @Column(name = "level") @ApiModelProperty(value = "级别,数值越小,级别越大") diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/DeptController.java b/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/DeptController.java index 26ff1081..a447fe32 100644 --- a/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/DeptController.java +++ b/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/DeptController.java @@ -19,8 +19,7 @@ import cn.hutool.core.collection.CollectionUtil; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import lombok.RequiredArgsConstructor; -import me.zhengjie.aop.log.Log; -import me.zhengjie.config.DataScope; +import me.zhengjie.annotation.Log; import me.zhengjie.exception.BadRequestException; import me.zhengjie.modules.system.domain.Dept; import me.zhengjie.modules.system.service.DeptService; @@ -49,7 +48,6 @@ import java.util.Set; public class DeptController { private final DeptService deptService; - private final DataScope dataScope; private static final String ENTITY_NAME = "dept"; @Log("导出部门数据") @@ -65,8 +63,6 @@ public class DeptController { @GetMapping @PreAuthorize("@el.check('user:list','dept:list')") public ResponseEntity getDepts(DeptQueryCriteria criteria){ - // 数据权限 - criteria.setIds(dataScope.getDeptIds()); List deptDtos = deptService.queryAll(criteria); return new ResponseEntity<>(deptService.buildTree(deptDtos),HttpStatus.OK); } diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/DictController.java b/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/DictController.java index 831162a5..af8f87c4 100644 --- a/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/DictController.java +++ b/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/DictController.java @@ -18,7 +18,7 @@ package me.zhengjie.modules.system.rest; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import lombok.RequiredArgsConstructor; -import me.zhengjie.aop.log.Log; +import me.zhengjie.annotation.Log; import me.zhengjie.exception.BadRequestException; import me.zhengjie.modules.system.domain.Dict; import me.zhengjie.modules.system.service.DictService; diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/DictDetailController.java b/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/DictDetailController.java index 606b0b47..948eb708 100644 --- a/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/DictDetailController.java +++ b/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/DictDetailController.java @@ -18,7 +18,7 @@ package me.zhengjie.modules.system.rest; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import lombok.RequiredArgsConstructor; -import me.zhengjie.aop.log.Log; +import me.zhengjie.annotation.Log; import me.zhengjie.exception.BadRequestException; import me.zhengjie.modules.system.domain.DictDetail; import me.zhengjie.modules.system.service.DictDetailService; diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/JobController.java b/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/JobController.java index 8f009d24..0d1539ee 100644 --- a/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/JobController.java +++ b/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/JobController.java @@ -18,7 +18,7 @@ package me.zhengjie.modules.system.rest; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import lombok.RequiredArgsConstructor; -import me.zhengjie.aop.log.Log; +import me.zhengjie.annotation.Log; import me.zhengjie.exception.BadRequestException; import me.zhengjie.modules.system.domain.Job; import me.zhengjie.modules.system.service.JobService; diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/MenuController.java b/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/MenuController.java index 7dd4e002..f24d80ce 100644 --- a/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/MenuController.java +++ b/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/MenuController.java @@ -18,7 +18,7 @@ package me.zhengjie.modules.system.rest; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import lombok.RequiredArgsConstructor; -import me.zhengjie.aop.log.Log; +import me.zhengjie.annotation.Log; import me.zhengjie.modules.system.domain.Menu; import me.zhengjie.exception.BadRequestException; import me.zhengjie.modules.system.service.MenuService; diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/MonitorController.java b/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/MonitorController.java index baf28732..1d3b4390 100644 --- a/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/MonitorController.java +++ b/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/MonitorController.java @@ -18,7 +18,6 @@ package me.zhengjie.modules.system.rest; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import lombok.RequiredArgsConstructor; -import me.zhengjie.aop.log.Log; import me.zhengjie.modules.system.service.MonitorService; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/RoleController.java b/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/RoleController.java index 6ed00489..2fb8db6f 100644 --- a/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/RoleController.java +++ b/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/RoleController.java @@ -19,7 +19,7 @@ import cn.hutool.core.lang.Dict; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import lombok.RequiredArgsConstructor; -import me.zhengjie.aop.log.Log; +import me.zhengjie.annotation.Log; import me.zhengjie.modules.system.domain.Role; import me.zhengjie.exception.BadRequestException; import me.zhengjie.modules.system.service.RoleService; diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/UserController.java b/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/UserController.java index d3a5bf6e..5cbb8983 100644 --- a/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/UserController.java +++ b/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/UserController.java @@ -15,13 +15,14 @@ */ package me.zhengjie.modules.system.rest; +import cn.hutool.core.collection.CollectionUtil; import cn.hutool.crypto.asymmetric.KeyType; import cn.hutool.crypto.asymmetric.RSA; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import lombok.RequiredArgsConstructor; -import me.zhengjie.aop.log.Log; -import me.zhengjie.config.DataScope; +import me.zhengjie.annotation.Log; +import me.zhengjie.modules.system.service.DataService; import me.zhengjie.modules.system.domain.User; import me.zhengjie.exception.BadRequestException; import me.zhengjie.modules.system.domain.vo.UserPassVo; @@ -64,7 +65,7 @@ public class UserController { private String privateKey; private final PasswordEncoder passwordEncoder; private final UserService userService; - private final DataScope dataScope; + private final DataService dataService; private final DeptService deptService; private final RoleService roleService; private final VerifyService verificationCodeService; @@ -82,33 +83,25 @@ public class UserController { @GetMapping @PreAuthorize("@el.check('user:list')") public ResponseEntity getUsers(UserQueryCriteria criteria, Pageable pageable){ - Set deptSet = new HashSet<>(); - Set result = new HashSet<>(); if (!ObjectUtils.isEmpty(criteria.getDeptId())) { - deptSet.add(criteria.getDeptId()); - deptSet.addAll(dataScope.getDeptChildren(deptService.findByPid(criteria.getDeptId()))); + criteria.getDeptIds().add(criteria.getDeptId()); + criteria.getDeptIds().addAll(dataService.getDeptChildren(deptService.findByPid(criteria.getDeptId()))); } // 数据权限 - Set deptIds = dataScope.getDeptIds(); - // 查询条件不为空并且数据权限不为空则取交集 - if (!CollectionUtils.isEmpty(deptIds) && !CollectionUtils.isEmpty(deptSet)){ + List dataScopes = dataService.getDeptIds(userService.findById(SecurityUtils.getCurrentUserId())); + // criteria.getDeptIds() 不为空并且数据权限不为空则取交集 + if (!CollectionUtils.isEmpty(criteria.getDeptIds()) && !CollectionUtils.isEmpty(dataScopes)){ // 取交集 - result.addAll(deptSet); - result.retainAll(deptIds); - // 若无交集,则代表无数据权限 - criteria.setDeptIds(result); - if(result.size() == 0){ - return new ResponseEntity<>(PageUtil.toPage(null,0),HttpStatus.OK); - } else { + criteria.getDeptIds().retainAll(dataScopes); + if(!CollectionUtil.isEmpty(criteria.getDeptIds())){ return new ResponseEntity<>(userService.queryAll(criteria,pageable),HttpStatus.OK); } - // 否则取并集 } else { - result.addAll(deptSet); - result.addAll(deptIds); - criteria.setDeptIds(result); + // 否则取并集 + criteria.getDeptIds().addAll(dataScopes); return new ResponseEntity<>(userService.queryAll(criteria,pageable),HttpStatus.OK); } + return new ResponseEntity<>(PageUtil.toPage(null,0),HttpStatus.OK); } @Log("新增用户") diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/system/service/DataService.java b/eladmin-system/src/main/java/me/zhengjie/modules/system/service/DataService.java new file mode 100644 index 00000000..9aa87fc7 --- /dev/null +++ b/eladmin-system/src/main/java/me/zhengjie/modules/system/service/DataService.java @@ -0,0 +1,43 @@ +/* + * Copyright 2019-2020 Zheng Jie + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package me.zhengjie.modules.system.service; + +import me.zhengjie.modules.system.domain.Dept; +import me.zhengjie.modules.system.service.dto.UserDto; + +import java.util.List; + +/** + * 数据权限服务类 + * @author Zheng Jie + * @date 2020-05-07 + */ +public interface DataService { + + /** + * 获取数据权限 + * @param user / + * @return / + */ + List getDeptIds(UserDto user); + + /** + * 递归获取子级部门 + * @param deptList / + * @return / + */ + List getDeptChildren(List deptList); +} diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/system/service/dto/DeptQueryCriteria.java b/eladmin-system/src/main/java/me/zhengjie/modules/system/service/dto/DeptQueryCriteria.java index acdcec27..1dceaec6 100644 --- a/eladmin-system/src/main/java/me/zhengjie/modules/system/service/dto/DeptQueryCriteria.java +++ b/eladmin-system/src/main/java/me/zhengjie/modules/system/service/dto/DeptQueryCriteria.java @@ -16,22 +16,19 @@ package me.zhengjie.modules.system.service.dto; import lombok.Data; +import me.zhengjie.annotation.DataPermission; import me.zhengjie.annotation.Query; - import java.sql.Timestamp; import java.util.List; -import java.util.Set; /** * @author Zheng Jie * @date 2019-03-25 */ @Data +@DataPermission(fieldName = "id") public class DeptQueryCriteria{ - @Query(type = Query.Type.IN, propName="id") - private Set ids; - @Query(type = Query.Type.INNER_LIKE) private String name; diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/system/service/dto/UserQueryCriteria.java b/eladmin-system/src/main/java/me/zhengjie/modules/system/service/dto/UserQueryCriteria.java index 5809545c..ad8e7755 100644 --- a/eladmin-system/src/main/java/me/zhengjie/modules/system/service/dto/UserQueryCriteria.java +++ b/eladmin-system/src/main/java/me/zhengjie/modules/system/service/dto/UserQueryCriteria.java @@ -19,6 +19,7 @@ import lombok.Data; import me.zhengjie.annotation.Query; import java.io.Serializable; import java.sql.Timestamp; +import java.util.HashSet; import java.util.List; import java.util.Set; @@ -33,7 +34,7 @@ public class UserQueryCriteria implements Serializable { private Long id; @Query(propName = "id", type = Query.Type.IN, joinName = "dept") - private Set deptIds; + private Set deptIds = new HashSet<>(); @Query(blurry = "email,username,nickName") private String blurry; diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/system/service/impl/RoleServiceImpl.java b/eladmin-system/src/main/java/me/zhengjie/modules/system/service/impl/RoleServiceImpl.java index fe97ff0a..a32b58c4 100644 --- a/eladmin-system/src/main/java/me/zhengjie/modules/system/service/impl/RoleServiceImpl.java +++ b/eladmin-system/src/main/java/me/zhengjie/modules/system/service/impl/RoleServiceImpl.java @@ -15,10 +15,13 @@ */ package me.zhengjie.modules.system.service.impl; +import cn.hutool.core.collection.CollectionUtil; import lombok.RequiredArgsConstructor; +import me.zhengjie.modules.system.domain.Dept; import me.zhengjie.modules.system.domain.Menu; import me.zhengjie.modules.system.domain.Role; import me.zhengjie.exception.EntityExistException; +import me.zhengjie.modules.system.repository.DeptRepository; import me.zhengjie.modules.system.repository.RoleRepository; import me.zhengjie.modules.system.service.RoleService; import me.zhengjie.modules.system.service.dto.RoleDto; @@ -28,6 +31,7 @@ import me.zhengjie.modules.system.service.dto.UserDto; import me.zhengjie.modules.system.service.mapper.RoleMapper; import me.zhengjie.modules.system.service.mapper.RoleSmallMapper; import me.zhengjie.utils.*; +import me.zhengjie.utils.enums.DataScopeEnum; import org.springframework.cache.annotation.CacheConfig; import org.springframework.cache.annotation.CacheEvict; import org.springframework.cache.annotation.Cacheable; @@ -56,6 +60,7 @@ public class RoleServiceImpl implements RoleService { private final RoleRepository roleRepository; private final RoleMapper roleMapper; private final RoleSmallMapper roleSmallMapper; + private final DeptRepository deptRepository; @Override @Cacheable @@ -91,6 +96,7 @@ public class RoleServiceImpl implements RoleService { if(roleRepository.findByName(resources.getName()) != null){ throw new EntityExistException(Role.class,"username",resources.getName()); } + checkDataScope(resources); return roleMapper.toDto(roleRepository.save(resources)); } @@ -106,6 +112,7 @@ public class RoleServiceImpl implements RoleService { if(role1 != null && !role1.getId().equals(role.getId())){ throw new EntityExistException(Role.class,"username",resources.getName()); } + checkDataScope(resources); role.setName(resources.getName()); role.setDescription(resources.getDescription()); role.setDataScope(resources.getDataScope()); @@ -114,6 +121,19 @@ public class RoleServiceImpl implements RoleService { roleRepository.save(role); } + private void checkDataScope(Role resources){ + if(CollectionUtil.isNotEmpty(resources.getDepts()) && resources.getDepts().size() == 1){ + for (Dept dept : resources.getDepts()) { + dept = deptRepository.findById(dept.getId()).orElseGet(Dept::new); + if(dept.getPid() == 0 || dept.getPid() == null){ + resources.setDepts(null); + resources.setDataScope(DataScopeEnum.ALL.getValue()); + } + } + } + + } + @Override @CacheEvict(allEntries = true) public void updateMenu(Role resources, RoleDto roleDTO) { diff --git a/eladmin-system/src/main/resources/template/generator/admin/Controller.ftl b/eladmin-system/src/main/resources/template/generator/admin/Controller.ftl index 237ad73d..f9d8fae6 100644 --- a/eladmin-system/src/main/resources/template/generator/admin/Controller.ftl +++ b/eladmin-system/src/main/resources/template/generator/admin/Controller.ftl @@ -15,7 +15,7 @@ */ package ${package}.rest; -import me.zhengjie.aop.log.Log; +import me.zhengjie.annotation.Log; import ${package}.domain.${className}; import ${package}.service.${className}Service; import ${package}.service.dto.${className}QueryCriteria; diff --git a/eladmin-tools/src/main/java/me/zhengjie/rest/AliPayController.java b/eladmin-tools/src/main/java/me/zhengjie/rest/AliPayController.java index 0a8bfda4..87b353ca 100644 --- a/eladmin-tools/src/main/java/me/zhengjie/rest/AliPayController.java +++ b/eladmin-tools/src/main/java/me/zhengjie/rest/AliPayController.java @@ -20,7 +20,7 @@ import io.swagger.annotations.ApiOperation; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import me.zhengjie.annotation.AnonymousAccess; -import me.zhengjie.aop.log.Log; +import me.zhengjie.annotation.Log; import me.zhengjie.domain.vo.TradeVo; import me.zhengjie.domain.AlipayConfig; import me.zhengjie.utils.AliPayStatusEnum; diff --git a/eladmin-tools/src/main/java/me/zhengjie/rest/EmailController.java b/eladmin-tools/src/main/java/me/zhengjie/rest/EmailController.java index f580e5c6..64ac1343 100644 --- a/eladmin-tools/src/main/java/me/zhengjie/rest/EmailController.java +++ b/eladmin-tools/src/main/java/me/zhengjie/rest/EmailController.java @@ -18,7 +18,7 @@ package me.zhengjie.rest; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import lombok.RequiredArgsConstructor; -import me.zhengjie.aop.log.Log; +import me.zhengjie.annotation.Log; import me.zhengjie.domain.vo.EmailVo; import me.zhengjie.domain.EmailConfig; import me.zhengjie.service.EmailService; diff --git a/eladmin-tools/src/main/java/me/zhengjie/rest/LocalStorageController.java b/eladmin-tools/src/main/java/me/zhengjie/rest/LocalStorageController.java index 8938772b..3fc8ed1f 100644 --- a/eladmin-tools/src/main/java/me/zhengjie/rest/LocalStorageController.java +++ b/eladmin-tools/src/main/java/me/zhengjie/rest/LocalStorageController.java @@ -16,7 +16,7 @@ package me.zhengjie.rest; import lombok.RequiredArgsConstructor; -import me.zhengjie.aop.log.Log; +import me.zhengjie.annotation.Log; import me.zhengjie.domain.LocalStorage; import me.zhengjie.service.LocalStorageService; import me.zhengjie.service.dto.LocalStorageQueryCriteria; diff --git a/eladmin-tools/src/main/java/me/zhengjie/rest/PictureController.java b/eladmin-tools/src/main/java/me/zhengjie/rest/PictureController.java index 6614391c..d80a1a82 100644 --- a/eladmin-tools/src/main/java/me/zhengjie/rest/PictureController.java +++ b/eladmin-tools/src/main/java/me/zhengjie/rest/PictureController.java @@ -18,7 +18,7 @@ package me.zhengjie.rest; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import lombok.RequiredArgsConstructor; -import me.zhengjie.aop.log.Log; +import me.zhengjie.annotation.Log; import me.zhengjie.domain.Picture; import me.zhengjie.service.PictureService; import me.zhengjie.service.dto.PictureQueryCriteria; diff --git a/eladmin-tools/src/main/java/me/zhengjie/rest/QiniuController.java b/eladmin-tools/src/main/java/me/zhengjie/rest/QiniuController.java index 5c234ea6..a3eb0cac 100644 --- a/eladmin-tools/src/main/java/me/zhengjie/rest/QiniuController.java +++ b/eladmin-tools/src/main/java/me/zhengjie/rest/QiniuController.java @@ -19,7 +19,7 @@ import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; -import me.zhengjie.aop.log.Log; +import me.zhengjie.annotation.Log; import me.zhengjie.domain.QiniuConfig; import me.zhengjie.domain.QiniuContent; import me.zhengjie.service.dto.QiniuQueryCriteria;