权限管理修正
This commit is contained in:
parent
18da2f2bc9
commit
a1f4d8745f
@ -1,22 +1,132 @@
|
|||||||
package com.xdap.self_development.intercept;
|
package com.xdap.self_development.intercept;
|
||||||
|
|
||||||
|
import com.xdap.runtime.service.RuntimeAppContextService;
|
||||||
|
import com.xdap.self_development.domain.enums.AuthorizationClassEnum;
|
||||||
|
import com.xdap.self_development.exception.CommonException;
|
||||||
|
import com.xdap.self_development.service.AuthService;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.stereotype.Component;
|
import org.springframework.stereotype.Component;
|
||||||
|
import org.springframework.web.method.HandlerMethod;
|
||||||
import org.springframework.web.servlet.HandlerInterceptor;
|
import org.springframework.web.servlet.HandlerInterceptor;
|
||||||
|
|
||||||
import javax.security.auth.message.config.AuthConfig;
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
import java.util.HashMap;
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
@Component
|
@Component
|
||||||
public class AuthorizationInterceptor implements HandlerInterceptor {
|
public class AuthorizationInterceptor implements HandlerInterceptor {
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
private AuthConfig authConfig;
|
private AuthService authService;
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
private RuntimeAppContextService runtimeAppContextService;
|
||||||
|
|
||||||
|
// 请求路径与权限枚举的映射关系
|
||||||
|
private static final Map<String, AuthorizationClassEnum> PATH_PERMISSION_MAP = new HashMap<>();
|
||||||
|
|
||||||
|
static {
|
||||||
|
// 模板管理相关 - 对应参数模板管理权限
|
||||||
|
PATH_PERMISSION_MAP.put("/custom/template", AuthorizationClassEnum.TEMPLATE_EDIT);
|
||||||
|
PATH_PERMISSION_MAP.put("/custom/parameter", AuthorizationClassEnum.TEMPLATE_EDIT);
|
||||||
|
PATH_PERMISSION_MAP.put("/custom/commonParameter", AuthorizationClassEnum.TEMPLATE_EDIT);
|
||||||
|
PATH_PERMISSION_MAP.put("/custom/chartCommonParameter", AuthorizationClassEnum.TEMPLATE_EDIT);
|
||||||
|
PATH_PERMISSION_MAP.put("/custom/analysisCommonParameter", AuthorizationClassEnum.TEMPLATE_EDIT);
|
||||||
|
|
||||||
|
// 玉柴发动机数据相关
|
||||||
|
PATH_PERMISSION_MAP.put("/custom/dataEntry", AuthorizationClassEnum.YC_ENGINE_EDIT);
|
||||||
|
PATH_PERMISSION_MAP.put("/custom/engineParamDetail", AuthorizationClassEnum.YC_ENGINE_EDIT);
|
||||||
|
PATH_PERMISSION_MAP.put("/custom/dataEntryEngineModel", AuthorizationClassEnum.YC_ENGINE_EDIT);
|
||||||
|
|
||||||
|
// 竞品发动机数据相关
|
||||||
|
PATH_PERMISSION_MAP.put("/custom/tcDataQuery", AuthorizationClassEnum.OTH_ENGINE_EDIT);
|
||||||
|
|
||||||
|
// 对标报告相关
|
||||||
|
PATH_PERMISSION_MAP.put("/custom/benchmark", AuthorizationClassEnum.REPORT_EDIT);
|
||||||
|
|
||||||
|
// 基础管理模块相关
|
||||||
|
PATH_PERMISSION_MAP.put("/custom/activiti", AuthorizationClassEnum.BASIC_DATA_EDIT);
|
||||||
|
PATH_PERMISSION_MAP.put("/custom/responsiblePerson", AuthorizationClassEnum.BASIC_DATA_EDIT);
|
||||||
|
PATH_PERMISSION_MAP.put("/custom/filledPerson", AuthorizationClassEnum.BASIC_DATA_EDIT);
|
||||||
|
PATH_PERMISSION_MAP.put("/custom/deptResponsible", AuthorizationClassEnum.BASIC_DATA_EDIT);
|
||||||
|
PATH_PERMISSION_MAP.put("/custom/todoTask", AuthorizationClassEnum.BASIC_DATA_EDIT);
|
||||||
|
PATH_PERMISSION_MAP.put("/custom/ycTaskResult", AuthorizationClassEnum.BASIC_DATA_EDIT);
|
||||||
|
|
||||||
|
// 权限管理相关
|
||||||
|
PATH_PERMISSION_MAP.put("/custom/permission", AuthorizationClassEnum.AUTH_EDIT);
|
||||||
|
PATH_PERMISSION_MAP.put("/custom/role", AuthorizationClassEnum.AUTH_EDIT);
|
||||||
|
PATH_PERMISSION_MAP.put("/custom/userRole", AuthorizationClassEnum.AUTH_EDIT);
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
|
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
|
||||||
|
// 如果不是方法调用,直接放行
|
||||||
|
if (!(handler instanceof HandlerMethod)) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
// 获取请求路径
|
||||||
|
String servletPath = request.getServletPath();
|
||||||
|
|
||||||
|
// 获取当前用户 ID
|
||||||
|
String userId = getCurrentUserId();
|
||||||
|
|
||||||
|
// 如果无法获取用户 ID,说明未登录或 token 无效,抛出异常
|
||||||
|
if (userId == null || userId.isEmpty()) {
|
||||||
|
throw new CommonException("用户未登录或登录已过期");
|
||||||
|
}
|
||||||
|
|
||||||
|
// 根据路径查找对应的权限
|
||||||
|
AuthorizationClassEnum requiredPermission = findRequiredPermission(servletPath);
|
||||||
|
|
||||||
|
// 如果没有找到匹配的权限配置,可以选择放行或拒绝(这里选择放行,避免影响未配置的接口)
|
||||||
|
if (requiredPermission == null) {
|
||||||
|
// 可以记录日志用于后续完善权限配置
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
// 调用 authService 进行权限验证
|
||||||
|
authService.checkUserAuthorization(userId, requiredPermission);
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
/**
|
||||||
|
* 获取当前用户 ID
|
||||||
|
*/
|
||||||
|
private String getCurrentUserId() {
|
||||||
|
try {
|
||||||
|
return runtimeAppContextService.getCurrentUserId();
|
||||||
|
} catch (Exception e) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 根据请求路径查找所需的权限
|
||||||
|
* 支持精确匹配和前缀匹配
|
||||||
|
*/
|
||||||
|
private AuthorizationClassEnum findRequiredPermission(String path) {
|
||||||
|
// 1. 首先尝试精确匹配
|
||||||
|
if (PATH_PERMISSION_MAP.containsKey(path)) {
|
||||||
|
return PATH_PERMISSION_MAP.get(path);
|
||||||
|
}
|
||||||
|
|
||||||
|
// 2. 尝试前缀匹配(处理 /custom/template/xxx 这种情况)
|
||||||
|
for (Map.Entry<String, AuthorizationClassEnum> entry : PATH_PERMISSION_MAP.entrySet()) {
|
||||||
|
String prefix = entry.getKey();
|
||||||
|
if (path.startsWith(prefix + "/") || path.equals(prefix)) {
|
||||||
|
return entry.getValue();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// 3. 特殊路径处理:去掉末尾的斜杠后再匹配
|
||||||
|
if (path.endsWith("/")) {
|
||||||
|
String normalizedPath = path.substring(0, path.length() - 1);
|
||||||
|
return findRequiredPermission(normalizedPath);
|
||||||
|
}
|
||||||
|
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user