新增1.0.2快照版本,只保留菜单、数据权限
This commit is contained in:
parent
54511f219e
commit
96e8ee0119
8
pom.xml
8
pom.xml
@ -23,7 +23,7 @@
|
||||
<spring-jdbc.version>5.1.4.RELEASE</spring-jdbc.version>
|
||||
<mysql.version>8.0.16</mysql.version>
|
||||
<druid.version>1.1.9</druid.version>
|
||||
<cm-cloud.version>1.0.1-SNAPSHOT</cm-cloud.version>
|
||||
<cm-cloud.version>1.0.2-SNAPSHOT</cm-cloud.version>
|
||||
</properties>
|
||||
|
||||
<dependencies>
|
||||
@ -101,7 +101,7 @@
|
||||
<dependency>
|
||||
<groupId>com.cm</groupId>
|
||||
<artifactId>cloud-common-websocket</artifactId>
|
||||
<version>1.0.1-SNAPSHOT</version>
|
||||
<version>${cm-cloud.version}</version>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
@ -113,7 +113,7 @@
|
||||
<dependency>
|
||||
<groupId>com.cm</groupId>
|
||||
<artifactId>cloud-common-dingding</artifactId>
|
||||
<version>1.0.1-SNAPSHOT</version>
|
||||
<version>${cm-cloud.version}</version>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
@ -147,7 +147,7 @@
|
||||
<dependency>
|
||||
<groupId>com.cm</groupId>
|
||||
<artifactId>cloud-central-control-client</artifactId>
|
||||
<version>1.0.1-SNAPSHOT</version>
|
||||
<version>${cm-cloud.version}</version>
|
||||
</dependency>
|
||||
|
||||
</dependencies>
|
||||
|
||||
@ -1,38 +1,24 @@
|
||||
package com.cm.serviceusercenter.service;
|
||||
|
||||
import com.alibaba.fastjson.JSONObject;
|
||||
import com.cm.common.enums.RoleDataAuthorityEnum;
|
||||
import com.cm.common.exception.SaveException;
|
||||
import com.cm.common.exception.SearchException;
|
||||
import com.cm.common.exception.UpdateException;
|
||||
import com.cm.common.plugin.pojo.vos.authority.AuthorityUserVO;
|
||||
import com.cm.common.plugin.service.authority.IAuthorityService;
|
||||
import com.cm.common.pojo.bos.*;
|
||||
import com.cm.common.utils.DateUtil;
|
||||
import com.cm.common.utils.RequestUtil;
|
||||
import com.cm.common.utils.UUIDUtil;
|
||||
import com.cm.serviceusercenter.exception.UserAuthenticationException;
|
||||
import com.cm.serviceusercenter.pojo.dtos.DepartmentUserDTO;
|
||||
import com.cm.serviceusercenter.pojo.dtos.role.RoleDataAuthorityDTO;
|
||||
import com.cm.serviceusercenter.pojo.pos.UserPO;
|
||||
import com.cm.serviceusercenter.service.logger.ILoginLoggerService;
|
||||
import com.cm.serviceusercenter.service.system.department.IDepartmentService;
|
||||
import com.cm.serviceusercenter.service.system.group.IGroupService;
|
||||
import com.cm.serviceusercenter.service.system.position.IPositionService;
|
||||
import com.cm.serviceusercenter.service.system.role.IRoleService;
|
||||
import com.cm.serviceusercenter.service.system.user.IUserService;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.security.authentication.InternalAuthenticationServiceException;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import java.util.*;
|
||||
|
||||
/**
|
||||
@ -94,8 +80,6 @@ public class UserDetailServiceImpl implements UserDetailsService {
|
||||
LOG.debug("设置相关添加权限");
|
||||
Set<GrantedAuthority> grantedAuthorities = new LinkedHashSet<>();
|
||||
if (USERNAME_ADMIN.equals(username)) {
|
||||
grantedAuthorities.add(new RoleGrantedAuthority(rolePrefix + "ALL"));
|
||||
grantedAuthorities.add(new RoleGrantedAuthority(roleGroupPrefix + "ALL"));
|
||||
userBO = createUserBO(userPO, grantedAuthorities);
|
||||
} else {
|
||||
LOG.debug("设置部门状态");
|
||||
@ -112,10 +96,10 @@ public class UserDetailServiceImpl implements UserDetailsService {
|
||||
List<RoleBO> roleBOs = roleService.listRoleBOByUser(params);
|
||||
roleService.setGroupRoles(groupBOs, roleBOs);
|
||||
roleService.removalDuplicateRole(roleBOs);
|
||||
grantedAuthorities.addAll(loadRoleAuthority(roleBOs));
|
||||
// roleService.setRoleMenus(roleBOs);
|
||||
if (grantedAuthorities.isEmpty()) {
|
||||
throw new UserAuthenticationException(username + "用户无任何权限");
|
||||
// grantedAuthorities.addAll(loadRoleAuthority(roleBOs));
|
||||
roleService.setRoleMenus(roleBOs);
|
||||
if (roleBOs.isEmpty()) {
|
||||
throw new UserAuthenticationException(username + "用户无任何角色权限");
|
||||
}
|
||||
userBO = createUserBO(userPO, grantedAuthorities);
|
||||
userBO.setRoles(roleBOs);
|
||||
@ -151,6 +135,7 @@ public class UserDetailServiceImpl implements UserDetailsService {
|
||||
* @param roleBOs
|
||||
* @return
|
||||
*/
|
||||
@Deprecated
|
||||
private List<GrantedAuthority> loadRoleAuthority(List<RoleBO> roleBOs) {
|
||||
List<GrantedAuthority> grantedAuthorities = new ArrayList<>();
|
||||
if (null != roleBOs && !roleBOs.isEmpty()) {
|
||||
|
||||
@ -1,22 +1,15 @@
|
||||
package com.cm.serviceusercenter.service.rbac.impl;
|
||||
|
||||
import com.cm.common.config.properties.AccessControl;
|
||||
import com.cm.common.pojo.bos.PermissionBO;
|
||||
import com.cm.common.pojo.bos.RoleGrantedAuthority;
|
||||
import com.cm.common.pojo.bos.RoleMenuBO;
|
||||
import com.cm.serviceusercenter.service.rbac.IRbacService;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.stereotype.Component;
|
||||
import org.springframework.util.AntPathMatcher;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
import java.util.Objects;
|
||||
|
||||
/**
|
||||
@ -32,218 +25,13 @@ import java.util.Objects;
|
||||
@Component("userRbacService")
|
||||
public class UserRbacServiceImpl implements IRbacService {
|
||||
|
||||
private static final Logger LOG = LoggerFactory.getLogger(UserRbacServiceImpl.class);
|
||||
/**
|
||||
* 根路径
|
||||
*/
|
||||
private static final String ANT_PATH_BASE = "/";
|
||||
@Autowired
|
||||
private AccessControl accessControl;
|
||||
|
||||
@Override
|
||||
public boolean hasPermission(HttpServletRequest request, Authentication authentication) {
|
||||
boolean hasPermission = false;
|
||||
Object principal = authentication.getPrincipal();
|
||||
if (Objects.isNull(principal) || StringUtils.equals("anonymousUser", principal.toString())) {
|
||||
return false;
|
||||
}
|
||||
String requestURI = request.getRequestURI();
|
||||
Collection<? extends GrantedAuthority> grantedAuthorities = authentication.getAuthorities();
|
||||
AntPathMatcher antPathMatcher = new AntPathMatcher();
|
||||
String contextPath = request.getContextPath();
|
||||
for (GrantedAuthority grantedAuthority : grantedAuthorities) {
|
||||
// 权限类型错误,认证失败
|
||||
if (!(grantedAuthority instanceof RoleGrantedAuthority)) {
|
||||
return false;
|
||||
}
|
||||
RoleGrantedAuthority roleGrantedAuthority = (RoleGrantedAuthority) grantedAuthority;
|
||||
if (StringUtils.contains(roleGrantedAuthority.getAuthority(), "_ALL")) {
|
||||
LOG.debug("权限校验URI:{},当前用户为最高管理员,有所有权限", requestURI);
|
||||
hasPermission = true;
|
||||
break;
|
||||
}
|
||||
// 放行权限
|
||||
if (hasPassPermission(contextPath, requestURI, roleGrantedAuthority, antPathMatcher)) {
|
||||
LOG.debug("权限校验URI:{},有新增权限", requestURI);
|
||||
hasPermission = true;
|
||||
break;
|
||||
}
|
||||
// 新增权限
|
||||
if (hasSavePermission(contextPath, requestURI, roleGrantedAuthority, antPathMatcher)) {
|
||||
LOG.debug("权限校验URI:{},有新增权限", requestURI);
|
||||
hasPermission = true;
|
||||
break;
|
||||
}
|
||||
// 删除权限
|
||||
if (hasDeletePermission(contextPath, requestURI, roleGrantedAuthority, antPathMatcher)) {
|
||||
LOG.debug("权限校验URI:{},有删除权限", requestURI);
|
||||
hasPermission = true;
|
||||
break;
|
||||
}
|
||||
// 修改权限
|
||||
if (hasUpdatePermission(contextPath, requestURI, roleGrantedAuthority, antPathMatcher)) {
|
||||
LOG.debug("权限校验URI:{},有修改权限", requestURI);
|
||||
hasPermission = true;
|
||||
break;
|
||||
}
|
||||
// 查询权限
|
||||
if (hasQueryPermission(contextPath, requestURI, roleGrantedAuthority, antPathMatcher)) {
|
||||
LOG.debug("权限校验URI:{},有查询权限", requestURI);
|
||||
hasPermission = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
return hasPermission;
|
||||
}
|
||||
|
||||
/**
|
||||
* 放行权限
|
||||
*
|
||||
* @param uri
|
||||
* @param roleGrantedAuthority
|
||||
* @param antPathMatcher
|
||||
* @return
|
||||
*/
|
||||
private boolean hasPassPermission(String contextPath, String uri, RoleGrantedAuthority roleGrantedAuthority, AntPathMatcher antPathMatcher) {
|
||||
if ((contextPath + ANT_PATH_BASE).equals(uri)) {
|
||||
return true;
|
||||
}
|
||||
List<String> passPaths = accessControl.getPassPaths();
|
||||
for (String passPath : passPaths) {
|
||||
if (antPathMatcher.match(contextPath + passPath, uri)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* 接口的新增权限
|
||||
*
|
||||
* @param uri
|
||||
* @param roleGrantedAuthority
|
||||
* @param antPathMatcher
|
||||
* @return
|
||||
*/
|
||||
private boolean hasSavePermission(String contextPath, String uri, RoleGrantedAuthority roleGrantedAuthority, AntPathMatcher antPathMatcher) {
|
||||
// 匹配接口权限
|
||||
for (PermissionBO permissionBO : roleGrantedAuthority.getPermissionInsert()) {
|
||||
if (antPathMatcher.match(permissionBO.getPermissionUrl(), uri)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
List<String> savePaths = accessControl.getSavePaths();
|
||||
// 匹配接口
|
||||
for (RoleMenuBO roleMenuBO : roleGrantedAuthority.getSaveMenu()) {
|
||||
for (String savePath : savePaths) {
|
||||
if (!StringUtils.isBlank(roleMenuBO.getApiPrefix()) && antPathMatcher.match(contextPath + roleMenuBO.getApiPrefix() + savePath, uri)) {
|
||||
return true;
|
||||
}
|
||||
if (!StringUtils.isBlank(roleMenuBO.getResourcePrefix()) && antPathMatcher.match(contextPath + roleMenuBO.getResourcePrefix() + savePath, uri)) {
|
||||
return true;
|
||||
}
|
||||
if (!StringUtils.isBlank(roleMenuBO.getRoutePrefix()) && antPathMatcher.match(contextPath + roleMenuBO.getRoutePrefix() + savePath, uri)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* 接口的删除权限
|
||||
*
|
||||
* @param uri
|
||||
* @param roleGrantedAuthority
|
||||
* @param antPathMatcher
|
||||
* @return
|
||||
*/
|
||||
private boolean hasDeletePermission(String contextPath, String uri, RoleGrantedAuthority roleGrantedAuthority, AntPathMatcher antPathMatcher) {
|
||||
// 匹配接口权限
|
||||
for (PermissionBO permissionBO : roleGrantedAuthority.getPermissionDelete()) {
|
||||
if (antPathMatcher.match(permissionBO.getPermissionUrl(), uri)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
List<String> deletePaths = accessControl.getDeletePaths();
|
||||
// 匹配接口
|
||||
for (RoleMenuBO roleMenuBO : roleGrantedAuthority.getDeleteMenu()) {
|
||||
for (String deletePath : deletePaths) {
|
||||
if (!StringUtils.isBlank(roleMenuBO.getApiPrefix()) && antPathMatcher.match(contextPath + roleMenuBO.getApiPrefix() + deletePath, uri)) {
|
||||
return true;
|
||||
}
|
||||
if (!StringUtils.isBlank(roleMenuBO.getResourcePrefix()) && antPathMatcher.match(contextPath + roleMenuBO.getResourcePrefix() + deletePath, uri)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* 接口的修改权限
|
||||
*
|
||||
* @param uri
|
||||
* @param roleGrantedAuthority
|
||||
* @param antPathMatcher
|
||||
* @return
|
||||
*/
|
||||
private boolean hasUpdatePermission(String contextPath, String uri, RoleGrantedAuthority roleGrantedAuthority, AntPathMatcher antPathMatcher) {
|
||||
// 匹配接口权限
|
||||
for (PermissionBO permissionBO : roleGrantedAuthority.getPermissionUpdate()) {
|
||||
if (antPathMatcher.match(permissionBO.getPermissionUrl(), uri)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
List<String> updatePaths = accessControl.getUpdatePaths();
|
||||
// 匹配接口
|
||||
for (RoleMenuBO roleMenuBO : roleGrantedAuthority.getUpdateMenu()) {
|
||||
for (String updatePath : updatePaths) {
|
||||
if (!StringUtils.isBlank(roleMenuBO.getApiPrefix()) && antPathMatcher.match(contextPath + roleMenuBO.getApiPrefix() + updatePath, uri)) {
|
||||
return true;
|
||||
}
|
||||
if (!StringUtils.isBlank(roleMenuBO.getResourcePrefix()) && antPathMatcher.match(contextPath + roleMenuBO.getResourcePrefix() + updatePath, uri)) {
|
||||
return true;
|
||||
}
|
||||
if (!StringUtils.isBlank(roleMenuBO.getRoutePrefix()) && antPathMatcher.match(contextPath + roleMenuBO.getRoutePrefix() + updatePath, uri)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* 接口的查询权限
|
||||
*
|
||||
* @param uri
|
||||
* @param roleGrantedAuthority
|
||||
* @param antPathMatcher
|
||||
* @return
|
||||
*/
|
||||
private boolean hasQueryPermission(String contextPath, String uri, RoleGrantedAuthority roleGrantedAuthority, AntPathMatcher antPathMatcher) {
|
||||
// 匹配接口权限
|
||||
for (PermissionBO permissionBO : roleGrantedAuthority.getPermissionQuery()) {
|
||||
if (antPathMatcher.match(permissionBO.getPermissionUrl(), uri)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
List<String> queryPaths = accessControl.getQueryPaths();
|
||||
// 匹配接口
|
||||
for (RoleMenuBO roleMenuBO : roleGrantedAuthority.getQueryMenu()) {
|
||||
for (String queryPath : queryPaths) {
|
||||
if (!StringUtils.isBlank(roleMenuBO.getApiPrefix()) && antPathMatcher.match(contextPath + roleMenuBO.getApiPrefix() + queryPath, uri)) {
|
||||
return true;
|
||||
}
|
||||
if (!StringUtils.isBlank(roleMenuBO.getResourcePrefix()) && antPathMatcher.match(contextPath + roleMenuBO.getResourcePrefix() + queryPath, uri)) {
|
||||
return true;
|
||||
}
|
||||
if (!StringUtils.isBlank(roleMenuBO.getRoutePrefix()) && antPathMatcher.match(contextPath + roleMenuBO.getRoutePrefix() + queryPath, uri)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
return false;
|
||||
return true;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user