权限拦截

This commit is contained in:
张嘉豪 2026-04-16 14:12:20 +08:00
parent f37cfc0c7b
commit 16075acd60
5 changed files with 84 additions and 22 deletions

View File

@ -12,11 +12,11 @@ public enum AuthorizationClassEnum {
ENGINE_VIEW("1", "发动机数据"),
ENGINE_EDIT("2", "发动机数据"),
ENGINE_APPROVAL("1", "发动机数据流程"),
ENGINE_APPROVAL("1", "发动机数据审批流程"),
REPORT_VIEW("1", "对标报告"),
REPORT_EDIT("2", "对标报告"),
REPORT_APPROVAL("1", "对标报告流程"),
REPORT_APPROVAL("1", "对标报告审批流程"),
BASIC_DATA_VIEW("1", "基础管理模块"),
BASIC_DATA_EDIT("2", "基础管理模块"),

View File

@ -35,7 +35,6 @@ public class AuthorizationInterceptor implements HandlerInterceptor {
PATH_PERMISSION_MAP.put("/custom/parameter/maintenanceParameters", AuthorizationClassEnum.TEMPLATE_EDIT);
// 模板管理相关 - 对应审批管理权限
PATH_PERMISSION_MAP.put("/custom/approval/startApproval", AuthorizationClassEnum.TEMPLATE_EDIT);
// 模板审批流程查看
PATH_PERMISSION_MAP.put("/custom/approval/getApprovalList", AuthorizationClassEnum.TEMPLATE_APPROVAL);
@ -47,13 +46,15 @@ public class AuthorizationInterceptor implements HandlerInterceptor {
PATH_PERMISSION_MAP.put("/custom/engineParamDetailPojo/updateParamValue", AuthorizationClassEnum.ENGINE_EDIT);
// 发动机数据相关 - 对应发动机数据权限
PATH_PERMISSION_MAP.put("/custom/activiti", AuthorizationClassEnum.ENGINE_EDIT);
// 发动机审批流程查看
PATH_PERMISSION_MAP.put("/custom/activiti/showEngReview", AuthorizationClassEnum.ENGINE_APPROVAL);
// 对标报告相关
PATH_PERMISSION_MAP.put("/custom/benchmark", AuthorizationClassEnum.REPORT_EDIT);
PATH_PERMISSION_MAP.put("/custom/benchmark/insertReport", AuthorizationClassEnum.REPORT_EDIT);
PATH_PERMISSION_MAP.put("/custom/benchmark/startReportApproval", AuthorizationClassEnum.REPORT_EDIT);
PATH_PERMISSION_MAP.put("/custom/benchmark/getReportAndTodoByCondition", AuthorizationClassEnum.REPORT_VIEW);
PATH_PERMISSION_MAP.put("/custom/benchmark/getApprovalList", AuthorizationClassEnum.REPORT_APPROVAL);
// 基础管理模块相关
PATH_PERMISSION_MAP.put("/custom/responsible/import", AuthorizationClassEnum.BASIC_DATA_EDIT);
PATH_PERMISSION_MAP.put("/custom/responsible/saveResponsiblePerson", AuthorizationClassEnum.BASIC_DATA_EDIT);
@ -66,16 +67,16 @@ public class AuthorizationInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
// String servletPath = request.getServletPath();
// String userId = runtimeAppContextService.getCurrentUserId();
// if (userId == null || userId.isEmpty()) {
// throw new CommonException("用户未登录或登录已过期");
// }
// AuthorizationClassEnum requiredPermission = findRequiredPermission(servletPath);
// if (requiredPermission == null) {
// return true;
// }
// authService.checkUserAuthorization(userId, requiredPermission);
String servletPath = request.getServletPath();
String userId = runtimeAppContextService.getCurrentUserId();
if (userId == null || userId.isEmpty()) {
throw new CommonException("用户未登录或登录已过期");
}
AuthorizationClassEnum requiredPermission = findRequiredPermission(servletPath);
if (requiredPermission == null) {
return true;
}
authService.checkUserAuthorization(userId, requiredPermission);
return true;
}

View File

@ -2,9 +2,16 @@ package com.xdap.self_development.service;
import com.xdap.self_development.domain.enums.AuthorizationClassEnum;
import java.util.List;
public interface AuthService {
/**
* 验证用户是否有操作权限
*/
void checkUserAuthorization(String userId, AuthorizationClassEnum classEnum);
/**
* 验证用户是否有某个操作权限
*/
void checkUserHasPermission(String userId, String permission);
}

View File

@ -1,5 +1,6 @@
package com.xdap.self_development.service.impl;
import com.alibaba.excel.util.StringUtils;
import com.xdap.self_development.domain.enums.AuthorizationClassEnum;
import com.xdap.self_development.domain.view.MenuParamView;
import com.xdap.self_development.exception.CommonException;
@ -9,7 +10,6 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
@Service
@ -29,12 +29,53 @@ public class AuthServiceImpl implements AuthService {
}
// 过滤检查是否有相关权限
List<MenuParamView> collected = menuParamViews.stream()
.filter(menuParamView ->
Objects.equals(menuParamView.getPermissionPath(), classEnum.getPermissionPath())
&& Objects.equals(menuParamView.getParameterPer(), classEnum.getPermissionPer()))
.filter(view -> StringUtils.isNotBlank(view.getPermissionPath()))
.filter(view -> {
String permissionPath = view.getPermissionPath();
String[] pathSegments = permissionPath.split("/");
if (pathSegments.length == 0) {
return false;
}
String firstPath = pathSegments[0];
String viewPer = view.getParameterPer();
String requirePer = classEnum.getPermissionPer();
String requirePath = classEnum.getPermissionPath();
return firstPath.endsWith(requirePath)
&& viewPer.compareTo(requirePer) >= 0;
})
.collect(Collectors.toList());
if (collected.isEmpty()) {
throw new CommonException("您没有" + classEnum.getPermissionPath() + "的操作权限");
}
}
@Override
public void checkUserHasPermission(String userId, String permission) {
List<MenuParamView> menuParamViews = modelRoleService.selectPersByUser(userId);
// 过滤检查是否为管理员
List<MenuParamView> isAdmin = menuParamViews.stream().filter(item ->
item.getIsAdmin() != null && item.getIsAdmin() == 1)
.collect(Collectors.toList());
if (!isAdmin.isEmpty()) {
return;
}
// 过滤检查是否有相关权限
List<MenuParamView> collected = menuParamViews.stream()
.filter(view -> StringUtils.isNotBlank(view.getPermissionPath()))
.filter(view -> {
String permissionPath = view.getPermissionPath();
String[] pathSegments = permissionPath.split("/");
if (pathSegments.length == 0) {
return false;
}
String firstPath = pathSegments[0];
return firstPath.endsWith(permission);
})
.collect(Collectors.toList());
if (collected.isEmpty()) {
throw new CommonException("您没有" + permission + "的操作权限");
}
}
}

View File

@ -16,6 +16,7 @@ import com.xdap.self_development.controller.request.DataEntryEngineModelExcel;
import com.xdap.self_development.controller.request.DataEntryEngineModelPageRequest;
import com.xdap.self_development.domain.dto.DataEntryEngineModelDto;
import com.xdap.self_development.domain.dto.PageResultDTO;
import com.xdap.self_development.domain.enums.AuthorizationClassEnum;
import com.xdap.self_development.domain.enums.DistributeStatusEnum;
import com.xdap.self_development.domain.enums.ParamValueVersionEnum;
import com.xdap.self_development.domain.pojo.*;
@ -51,8 +52,8 @@ import java.util.stream.Collectors;
@Slf4j
@Service
public class DataEntryEngineModelServiceImpl implements DataEntryEngineModelService {
@Resource
private AuthService authService;
@Resource
private BusinessDatabase bd;
@Resource
@ -102,6 +103,13 @@ public class DataEntryEngineModelServiceImpl implements DataEntryEngineModelServ
List<DataEntryEngineModelDto> dataEntryEngineModelDtos = new ArrayList<>();
PageResultDTO<DataEntryEngineModelDto> tPageResultDTO = new PageResultDTO<>();
if (!Objects.isNull(request)) {
if (Objects.equals(request.getYcOrOth(), "玉柴")) {
authService.checkUserHasPermission(request.getLoginUserId(), "玉柴"+ AuthorizationClassEnum.ENGINE_VIEW.getPermissionPath());
} else if (Objects.equals(request.getYcOrOth(), "竞品")) {
authService.checkUserHasPermission(request.getLoginUserId(), "竞品"+ AuthorizationClassEnum.ENGINE_VIEW.getPermissionPath());
} else {
throw new CommonException("无效的查询条件");
}
page = request.getPage();
size = request.getSize();
String department = request.getDepartment();
@ -402,6 +410,11 @@ public class DataEntryEngineModelServiceImpl implements DataEntryEngineModelServ
boolean othFlag = false;
for (MenuParamView item : menuParamViews) {
if (item.getIsAdmin() != null && item.getIsAdmin() == 1) {
othFlag = true;
ycFlag = true;
break;
}
if (item.getPermissionPath().startsWith("竞品发动机数据") && !item.getPermissionPath().equals("竞品发动机数据审批流程")) {
othFlag = true;
continue;