feat：增加权限校验

2024-08-07 19:02:54 +08:00
parent 1ee4b4af30
commit 0f5cdb49c0
12 changed files with 285 additions and 17 deletions
--- a/springboot-role/src/main/java/com/tiesheng/role/config/HasAuthorityAspect.java
+++ b/springboot-role/src/main/java/com/tiesheng/role/config/HasAuthorityAspect.java
@@ -0,0 +1,72 @@
+package com.tiesheng.role.config;
+
+import cn.hutool.core.collection.CollUtil;
+import cn.hutool.core.util.StrUtil;
+import com.tiesheng.annotation.role.RoleAuthority;
+import com.tiesheng.role.mapper.CoreRoleUserMapper;
+import com.tiesheng.role.pojos.dao.CoreRoleAuthority;
+import com.tiesheng.util.ServletKit;
+import com.tiesheng.util.config.TsTokenConfig;
+import com.tiesheng.util.exception.ApiException;
+import com.tiesheng.util.pojos.TokenBean;
+import com.tiesheng.util.service.TsCacheService;
+import org.aspectj.lang.JoinPoint;
+import org.aspectj.lang.annotation.Aspect;
+import org.aspectj.lang.annotation.Before;
+import org.aspectj.lang.reflect.MethodSignature;
+import org.springframework.stereotype.Component;
+
+import javax.annotation.Resource;
+import javax.servlet.http.HttpServletRequest;
+import java.util.List;
+import java.util.stream.Collectors;
+
+@Aspect
+@Component
+public class HasAuthorityAspect {
+
+    public static final String CACHE_HAS_AUTHORITY = "CACHE:HAS_AUTHORITY:{}";
+
+    @Resource
+    CoreRoleUserMapper coreRoleUserMapper;
+    @Resource
+    TsTokenConfig tsTokenConfig;
+
+
+    /**
+     * 获取
+     */
+    @Before("@annotation(com.tiesheng.annotation.role.RoleAuthority)")
+    public void before(JoinPoint joinPoint) {
+        MethodSignature signature = (MethodSignature) joinPoint.getSignature();
+
+        RoleAuthority classAnnotation = joinPoint.getTarget().getClass().getAnnotation(RoleAuthority.class);
+        RoleAuthority annotation = signature.getMethod().getAnnotation(RoleAuthority.class);
+        if (classAnnotation == null || annotation == null) {
+            return;
+        }
+
+        HttpServletRequest request = ServletKit.getRequest();
+        TokenBean tokenBean = tsTokenConfig.validToken(request, true);
+
+        String authority = StrUtil.join("_", classAnnotation.group(),
+                classAnnotation.value(), annotation.value());
+
+        String cacheKey = StrUtil.format(CACHE_HAS_AUTHORITY, tokenBean.getId());
+        List<String> authorityList = StrUtil.split(TsCacheService.of().get(cacheKey), ";")
+                .stream().filter(StrUtil::isNotEmpty).collect(Collectors.toList());
+
+        if (CollUtil.isEmpty(authorityList)) {
+            List<CoreRoleAuthority> list = coreRoleUserMapper.getOwnerAuthorityLeafList(tokenBean.getId(),
+                    tokenBean.getRoleId());
+            authorityList = list.stream().map(CoreRoleAuthority::getNo).collect(Collectors.toList());
+            if (CollUtil.isNotEmpty(authorityList)) {
+                TsCacheService.of().put(cacheKey, StrUtil.join(";", authorityList));
+            }
+        }
+        if (!CollUtil.contains(authorityList, authority)) {
+            throw new ApiException(403, "您无权访问");
+        }
+    }
+
+}
--- a/springboot-role/src/main/java/com/tiesheng/role/controller/RoleController.java
+++ b/springboot-role/src/main/java/com/tiesheng/role/controller/RoleController.java
@@ -4,6 +4,7 @@ import cn.hutool.core.collection.CollUtil;
 import cn.hutool.core.util.StrUtil;
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
+import com.tiesheng.annotation.role.RoleAuthority;
 import com.tiesheng.role.pojos.dao.*;
 import com.tiesheng.role.pojos.dto.GroupRxUpdateDTO;
 import com.tiesheng.role.pojos.dto.MenuListDTO;
@@ -29,6 +30,7 @@ import java.util.stream.Collectors;

@RestController
@RequestMapping("/role")
+@RoleAuthority(value = "role", group = "role")
 public class RoleController {

    @Resource
@@ -41,6 +43,7 @@ public class RoleController {
     * @return
     */
    @GetMapping("/group/list")
+    @RoleAuthority(value = "groupList")
    public ApiResp<List<CoreRoleGroup>> groupList(@Valid GroupTypeDTO dto) {
        return ApiResp.respOK(coreRoleService.list(
                new QueryWrapper<CoreRoleGroup>()
@@ -58,6 +61,7 @@ public class RoleController {
     * @return
     */
    @PostMapping("/group/update")
+    @RoleAuthority(value = "groupUpdate")
    public ApiResp<String> groupUpdate(@RequestBody CoreRoleGroup roleGroup) {

        if (StrUtil.isNotEmpty(roleGroup.getId())) {
@@ -76,6 +80,7 @@ public class RoleController {
     * @return
     */
    @PostMapping("/group/deleted")
+    @RoleAuthority(value = "groupDeleted")
    public ApiResp<String> groupDeleted(@RequestBody @Valid IdDTO dto) {

        CoreRoleGroup byId = coreRoleService.getById(dto.getId());
@@ -117,6 +122,7 @@ public class RoleController {
     * @return
     */
    @PostMapping("/group/rx/update")
+    @RoleAuthority(value = "groupRxUpdate")
    public ApiResp<String> groupRxUpdate(@RequestBody @Valid GroupRxUpdateDTO dto) {
        coreRoleService.updateGroupRx(dto);
        return ApiResp.respOK("");
@@ -129,6 +135,7 @@ public class RoleController {
     * @return
     */
    @GetMapping("/user/page")
+    @RoleAuthority(value = "userPage")
    public ApiResp<List<RoleUserPageVO>> userPage(PageDTO dto) {

        QueryWrapper<CoreRoleUser> queryWrapper = new QueryWrapper<>();
@@ -149,6 +156,7 @@ public class RoleController {
     * @return
     */
    @PostMapping("/user/update")
+    @RoleAuthority(value = "userUpdate")
    public ApiResp<String> userUpdate(@RequestBody CoreRoleUser roleUser) {
        if (StrUtil.isNotEmpty(roleUser.getId())) {
            coreRoleService.getUserMapper().updateById(roleUser);
@@ -165,6 +173,7 @@ public class RoleController {
     * @return
     */
    @PostMapping("/user/deleted")
+    @RoleAuthority(value = "userDeleted")
    public ApiResp<String> userDeleted(@RequestBody @Valid IdDTO dto) {
        CoreRoleUser coreRoleUser = new CoreRoleUser();
        coreRoleUser.setId(dto.getId());
@@ -180,6 +189,7 @@ public class RoleController {
     * @return
     */
    @GetMapping("/server/list")
+    @RoleAuthority(value = "serverList")
    public ApiResp<List<CoreRoleServer>> list() {
        return ApiResp.respOK(coreRoleService.getServerMapper().selectList(new QueryWrapper<CoreRoleServer>()
                .eq(CoreRoleServer.IS_DELETED, 0)
@@ -195,6 +205,7 @@ public class RoleController {
     * @return
     */
    @PostMapping("/server/update")
+    @RoleAuthority(value = "serverUpdate")
    public ApiResp<String> update(@RequestBody CoreRoleServer coreService) {
        if (StrUtil.isNotEmpty(coreService.getId())) {
            coreRoleService.getServerMapper().updateById(coreService);
@@ -232,6 +243,7 @@ public class RoleController {
     * @return
     */
    @PostMapping("/authority/update")
+    @RoleAuthority(value = "authorityUpdate")
    public ApiResp<String> menuUpdate(@RequestBody CoreRoleAuthority serviceMenu) {
        serviceMenu.setParent(StrUtil.emptyToDefault(serviceMenu.getParent(), null));
        if (StrUtil.isEmpty(serviceMenu.getId())) {
--- a/springboot-role/src/main/java/com/tiesheng/role/mapper/CoreRoleAuthorityMapper.java
+++ b/springboot-role/src/main/java/com/tiesheng/role/mapper/CoreRoleAuthorityMapper.java
@@ -3,5 +3,16 @@ package com.tiesheng.role.mapper;
 import com.baomidou.mybatisplus.core.mapper.BaseMapper;
 import com.tiesheng.role.pojos.dao.CoreRoleAuthority;

+import java.util.List;
+
 public interface CoreRoleAuthorityMapper extends BaseMapper<CoreRoleAuthority> {
-}
+
+
+    /**
+     * 批量插入数据
+     *
+     * @param coreRoleAuthorities
+     */
+    void batchInsert(List<CoreRoleAuthority> coreRoleAuthorities);
+
+}
--- a/springboot-role/src/main/java/com/tiesheng/role/service/CoreRoleService.java
+++ b/springboot-role/src/main/java/com/tiesheng/role/service/CoreRoleService.java
@@ -1,9 +1,11 @@
 package com.tiesheng.role.service;

+import cn.hutool.core.annotation.AnnotationUtil;
 import cn.hutool.core.bean.BeanUtil;
 import cn.hutool.core.collection.CollUtil;
 import cn.hutool.core.util.StrUtil;
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
+import com.tiesheng.annotation.role.RoleAuthority;
 import com.tiesheng.role.mapper.*;
 import com.tiesheng.role.pojos.dao.CoreRoleAuthority;
 import com.tiesheng.role.pojos.dao.CoreRoleGroup;
@@ -11,11 +13,17 @@ import com.tiesheng.role.pojos.dao.CoreRoleGroupRx;
 import com.tiesheng.role.pojos.dto.GroupRxUpdateDTO;
 import com.tiesheng.role.pojos.dto.OwnerMenuDTO;
 import com.tiesheng.role.pojos.vo.ServiceMenuVO;
+import com.tiesheng.util.config.GlobalConfig;
 import com.tiesheng.util.service.TsServiceBase;
+import org.springframework.aop.support.AopUtils;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.ApplicationListener;
+import org.springframework.context.event.ContextRefreshedEvent;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;

 import javax.annotation.Resource;
+import java.lang.reflect.Method;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
@@ -23,20 +31,19 @@ import java.util.Objects;
 import java.util.stream.Collectors;

@Service
-public class CoreRoleService extends TsServiceBase<CoreRoleGroupMapper, CoreRoleGroup> {
-
+public class CoreRoleService extends TsServiceBase<CoreRoleGroupMapper, CoreRoleGroup>
+        implements ApplicationListener<ContextRefreshedEvent> {

    @Resource
    CoreRoleUserMapper coreRoleUserMapper;
-
    @Resource
    CoreRoleGroupRxMapper coreRoleGroupRxMapper;
-
    @Resource
    CoreRoleAuthorityMapper coreRoleAuthorityMapper;
-
    @Resource
    CoreRoleServerMapper coreRoleServerMapper;
+    @Resource
+    GlobalConfig globalConfig;

    public CoreRoleServerMapper getServerMapper() {
        return coreRoleServerMapper;
@@ -155,4 +162,96 @@ public class CoreRoleService extends TsServiceBase<CoreRoleGroupMapper, CoreRole
                .collect(Collectors.toList()), null);
    }

+
+    @Override
+    public void onApplicationEvent(ContextRefreshedEvent event) {
+        ApplicationContext applicationContext = event.getApplicationContext();
+        Map<String, Object> beansOfType = applicationContext.getBeansWithAnnotation(RoleAuthority.class);
+        for (Map.Entry<String, Object> entry : beansOfType.entrySet()) {
+
+            Class<?> targetClass = AopUtils.getTargetClass(entry.getValue());
+            RoleAuthority menu = targetClass.getAnnotation(RoleAuthority.class);
+
+            List<RoleAuthority> points = new ArrayList<>();
+            Method[] methods = targetClass.getDeclaredMethods();
+            for (Method method : methods) {
+                RoleAuthority methodAuthority = AnnotationUtil.getAnnotation(method, RoleAuthority.class);
+                if (methodAuthority != null) {
+                    points.add(methodAuthority);
+                }
+            }
+            addOrUpdateAuthority(menu, points);
+        }
+    }
+
+
+    /**
+     * 添加权限
+     *
+     * @param menu
+     * @param points
+     */
+    private void addOrUpdateAuthority(RoleAuthority menu, List<RoleAuthority> points) {
+        if (menu.group().length == 0 || CollUtil.isEmpty(points)) {
+            return;
+        }
+
+        List<CoreRoleAuthority> list = new ArrayList<>();
+
+        // 分组
+        CoreRoleAuthority groupAuthority = new CoreRoleAuthority();
+        groupAuthority.setLevel(0);
+        for (String group : menu.group()) {
+
+            String parentId = groupAuthority.getParent();
+            int level = groupAuthority.getLevel() + 1;
+            String no = group;
+            if (StrUtil.isNotEmpty(groupAuthority.getNo())) {
+                no = StrUtil.join("_", groupAuthority.getNo(), group);
+            }
+
+            groupAuthority = new CoreRoleAuthority();
+            groupAuthority.setNo(no);
+            groupAuthority.setName(group);
+            groupAuthority.setService(globalConfig.getService());
+            groupAuthority.setType("group");
+            groupAuthority.setLevel(level);
+            groupAuthority.setPlatform(menu.platform());
+            groupAuthority.setParent(parentId);
+            groupAuthority.setId(StrUtil.join("_", groupAuthority.getService(), groupAuthority.getNo()));
+            list.add(groupAuthority);
+        }
+
+
+        // 菜单
+        CoreRoleAuthority menuAuthority = new CoreRoleAuthority();
+        menuAuthority.setNo(StrUtil.join("_", menu.group(), menu.value()));
+        menuAuthority.setName(menu.value());
+        menuAuthority.setService(globalConfig.getService());
+        menuAuthority.setType("menu");
+        menuAuthority.setLevel(groupAuthority.getLevel() + 1);
+        menuAuthority.setParent(groupAuthority.getId());
+        menuAuthority.setPlatform(menu.platform());
+        menuAuthority.setId(StrUtil.join("_", menuAuthority.getService(), menuAuthority.getNo()));
+        list.add(menuAuthority);
+
+        // 功能点
+        for (RoleAuthority authority : points) {
+            CoreRoleAuthority point = new CoreRoleAuthority();
+            point.setNo(StrUtil.join("_", menuAuthority.getNo(), authority.value()));
+            point.setName(authority.value());
+            point.setService(globalConfig.getService());
+            point.setType("point");
+            point.setLevel(menuAuthority.getLevel() + 1);
+            point.setParent(menuAuthority.getId());
+            point.setPlatform(StrUtil.emptyToDefault(authority.platform(), menu.platform()));
+            point.setId(StrUtil.join("_", point.getService(), point.getNo()));
+            list.add(point);
+        }
+
+        coreRoleAuthorityMapper.batchInsert(list);
+
+    }
+
+
 }