权限管理修正

This commit is contained in:
张嘉豪 2026-04-03 20:54:34 +08:00
parent 18da2f2bc9
commit a1f4d8745f

View File

@ -1,22 +1,132 @@
package com.xdap.self_development.intercept; package com.xdap.self_development.intercept;
import com.xdap.runtime.service.RuntimeAppContextService;
import com.xdap.self_development.domain.enums.AuthorizationClassEnum;
import com.xdap.self_development.exception.CommonException;
import com.xdap.self_development.service.AuthService;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.HandlerInterceptor;
import javax.security.auth.message.config.AuthConfig;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import java.util.HashMap;
import java.util.Map;
@Component @Component
public class AuthorizationInterceptor implements HandlerInterceptor { public class AuthorizationInterceptor implements HandlerInterceptor {
@Autowired @Autowired
private AuthConfig authConfig; private AuthService authService;
@Autowired
private RuntimeAppContextService runtimeAppContextService;
// 请求路径与权限枚举的映射关系
private static final Map<String, AuthorizationClassEnum> PATH_PERMISSION_MAP = new HashMap<>();
static {
// 模板管理相关 - 对应参数模板管理权限
PATH_PERMISSION_MAP.put("/custom/template", AuthorizationClassEnum.TEMPLATE_EDIT);
PATH_PERMISSION_MAP.put("/custom/parameter", AuthorizationClassEnum.TEMPLATE_EDIT);
PATH_PERMISSION_MAP.put("/custom/commonParameter", AuthorizationClassEnum.TEMPLATE_EDIT);
PATH_PERMISSION_MAP.put("/custom/chartCommonParameter", AuthorizationClassEnum.TEMPLATE_EDIT);
PATH_PERMISSION_MAP.put("/custom/analysisCommonParameter", AuthorizationClassEnum.TEMPLATE_EDIT);
// 玉柴发动机数据相关
PATH_PERMISSION_MAP.put("/custom/dataEntry", AuthorizationClassEnum.YC_ENGINE_EDIT);
PATH_PERMISSION_MAP.put("/custom/engineParamDetail", AuthorizationClassEnum.YC_ENGINE_EDIT);
PATH_PERMISSION_MAP.put("/custom/dataEntryEngineModel", AuthorizationClassEnum.YC_ENGINE_EDIT);
// 竞品发动机数据相关
PATH_PERMISSION_MAP.put("/custom/tcDataQuery", AuthorizationClassEnum.OTH_ENGINE_EDIT);
// 对标报告相关
PATH_PERMISSION_MAP.put("/custom/benchmark", AuthorizationClassEnum.REPORT_EDIT);
// 基础管理模块相关
PATH_PERMISSION_MAP.put("/custom/activiti", AuthorizationClassEnum.BASIC_DATA_EDIT);
PATH_PERMISSION_MAP.put("/custom/responsiblePerson", AuthorizationClassEnum.BASIC_DATA_EDIT);
PATH_PERMISSION_MAP.put("/custom/filledPerson", AuthorizationClassEnum.BASIC_DATA_EDIT);
PATH_PERMISSION_MAP.put("/custom/deptResponsible", AuthorizationClassEnum.BASIC_DATA_EDIT);
PATH_PERMISSION_MAP.put("/custom/todoTask", AuthorizationClassEnum.BASIC_DATA_EDIT);
PATH_PERMISSION_MAP.put("/custom/ycTaskResult", AuthorizationClassEnum.BASIC_DATA_EDIT);
// 权限管理相关
PATH_PERMISSION_MAP.put("/custom/permission", AuthorizationClassEnum.AUTH_EDIT);
PATH_PERMISSION_MAP.put("/custom/role", AuthorizationClassEnum.AUTH_EDIT);
PATH_PERMISSION_MAP.put("/custom/userRole", AuthorizationClassEnum.AUTH_EDIT);
}
@Override @Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
// 如果不是方法调用直接放行
if (!(handler instanceof HandlerMethod)) {
return true;
}
// 获取请求路径
String servletPath = request.getServletPath();
// 获取当前用户 ID
String userId = getCurrentUserId();
// 如果无法获取用户 ID说明未登录或 token 无效抛出异常
if (userId == null || userId.isEmpty()) {
throw new CommonException("用户未登录或登录已过期");
}
// 根据路径查找对应的权限
AuthorizationClassEnum requiredPermission = findRequiredPermission(servletPath);
// 如果没有找到匹配的权限配置可以选择放行或拒绝这里选择放行避免影响未配置的接口
if (requiredPermission == null) {
// 可以记录日志用于后续完善权限配置
return true;
}
// 调用 authService 进行权限验证
authService.checkUserAuthorization(userId, requiredPermission);
return true; return true;
} }
/**
* 获取当前用户 ID
*/
private String getCurrentUserId() {
try {
return runtimeAppContextService.getCurrentUserId();
} catch (Exception e) {
return null;
}
}
/**
* 根据请求路径查找所需的权限
* 支持精确匹配和前缀匹配
*/
private AuthorizationClassEnum findRequiredPermission(String path) {
// 1. 首先尝试精确匹配
if (PATH_PERMISSION_MAP.containsKey(path)) {
return PATH_PERMISSION_MAP.get(path);
}
// 2. 尝试前缀匹配处理 /custom/template/xxx 这种情况
for (Map.Entry<String, AuthorizationClassEnum> entry : PATH_PERMISSION_MAP.entrySet()) {
String prefix = entry.getKey();
if (path.startsWith(prefix + "/") || path.equals(prefix)) {
return entry.getValue();
}
}
// 3. 特殊路径处理去掉末尾的斜杠后再匹配
if (path.endsWith("/")) {
String normalizedPath = path.substring(0, path.length() - 1);
return findRequiredPermission(normalizedPath);
}
return null;
}
} }