权限管理修正2.0,待验证拦截器是否可用,待验证获取用户是否准确,待验证是否全部接口都需要加权限
This commit is contained in:
parent
a1f4d8745f
commit
f37cfc0c7b
@ -15,7 +15,6 @@ public class AuthorizationWebConfig implements WebMvcConfigurer {
|
|||||||
@Override
|
@Override
|
||||||
public void addInterceptors(InterceptorRegistry registry) {
|
public void addInterceptors(InterceptorRegistry registry) {
|
||||||
registry.addInterceptor(authorizationInterceptor)
|
registry.addInterceptor(authorizationInterceptor)
|
||||||
.addPathPatterns("/api/**")
|
.addPathPatterns("/custom/**");
|
||||||
.excludePathPatterns("/api/login", "/api/public/**");
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -6,15 +6,25 @@ import lombok.Getter;
|
|||||||
@Getter
|
@Getter
|
||||||
@AllArgsConstructor
|
@AllArgsConstructor
|
||||||
public enum AuthorizationClassEnum {
|
public enum AuthorizationClassEnum {
|
||||||
TEMPLATE_EDIT(0, "参数模板管理"),
|
TEMPLATE_VIEW("1", "参数模板管理"),
|
||||||
YC_ENGINE_EDIT(1, "玉柴发动机数据"),
|
TEMPLATE_EDIT("2", "参数模板管理"),
|
||||||
OTH_ENGINE_EDIT(2, "竞品发动机数据"),
|
TEMPLATE_APPROVAL("1", "参数模板流程"),
|
||||||
REPORT_EDIT(3, "对标报告"),
|
|
||||||
BASIC_DATA_EDIT(4, "基础管理模块"),
|
ENGINE_VIEW("1", "发动机数据"),
|
||||||
AUTH_EDIT(5, "权限");
|
ENGINE_EDIT("2", "发动机数据"),
|
||||||
|
ENGINE_APPROVAL("1", "发动机数据流程"),
|
||||||
|
|
||||||
|
REPORT_VIEW("1", "对标报告"),
|
||||||
|
REPORT_EDIT("2", "对标报告"),
|
||||||
|
REPORT_APPROVAL("1", "对标报告流程"),
|
||||||
|
|
||||||
|
BASIC_DATA_VIEW("1", "基础管理模块"),
|
||||||
|
BASIC_DATA_EDIT("2", "基础管理模块"),
|
||||||
|
|
||||||
|
AUTH_EDIT("1", "权限");
|
||||||
|
|
||||||
|
|
||||||
private final Integer code;
|
private final String permissionPer;
|
||||||
|
|
||||||
private final String permissionPath;
|
private final String permissionPath;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -84,6 +84,7 @@ public class ParameterPojo extends MpaasBasePojo {
|
|||||||
* 标明参数值是否为数值
|
* 标明参数值是否为数值
|
||||||
*/
|
*/
|
||||||
@ExcelProperty("参数值类型")
|
@ExcelProperty("参数值类型")
|
||||||
|
@ColumnWidth(15)
|
||||||
private String isNumber;
|
private String isNumber;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@ -28,92 +28,68 @@ public class AuthorizationInterceptor implements HandlerInterceptor {
|
|||||||
|
|
||||||
static {
|
static {
|
||||||
// 模板管理相关 - 对应参数模板管理权限
|
// 模板管理相关 - 对应参数模板管理权限
|
||||||
PATH_PERMISSION_MAP.put("/custom/template", AuthorizationClassEnum.TEMPLATE_EDIT);
|
PATH_PERMISSION_MAP.put("/custom/template/deleteTemplate", AuthorizationClassEnum.TEMPLATE_EDIT);
|
||||||
PATH_PERMISSION_MAP.put("/custom/parameter", AuthorizationClassEnum.TEMPLATE_EDIT);
|
PATH_PERMISSION_MAP.put("/custom/template/insertTemplate", AuthorizationClassEnum.TEMPLATE_EDIT);
|
||||||
PATH_PERMISSION_MAP.put("/custom/commonParameter", AuthorizationClassEnum.TEMPLATE_EDIT);
|
PATH_PERMISSION_MAP.put("/custom/template/import", AuthorizationClassEnum.TEMPLATE_EDIT);
|
||||||
PATH_PERMISSION_MAP.put("/custom/chartCommonParameter", AuthorizationClassEnum.TEMPLATE_EDIT);
|
PATH_PERMISSION_MAP.put("/custom/template/updateTemplate", AuthorizationClassEnum.TEMPLATE_EDIT);
|
||||||
PATH_PERMISSION_MAP.put("/custom/analysisCommonParameter", AuthorizationClassEnum.TEMPLATE_EDIT);
|
PATH_PERMISSION_MAP.put("/custom/parameter/maintenanceParameters", AuthorizationClassEnum.TEMPLATE_EDIT);
|
||||||
|
// 模板管理相关 - 对应审批管理权限
|
||||||
|
PATH_PERMISSION_MAP.put("/custom/approval/startApproval", AuthorizationClassEnum.TEMPLATE_EDIT);
|
||||||
|
|
||||||
// 玉柴发动机数据相关
|
// 模板审批流程查看
|
||||||
PATH_PERMISSION_MAP.put("/custom/dataEntry", AuthorizationClassEnum.YC_ENGINE_EDIT);
|
PATH_PERMISSION_MAP.put("/custom/approval/getApprovalList", AuthorizationClassEnum.TEMPLATE_APPROVAL);
|
||||||
PATH_PERMISSION_MAP.put("/custom/engineParamDetail", AuthorizationClassEnum.YC_ENGINE_EDIT);
|
|
||||||
PATH_PERMISSION_MAP.put("/custom/dataEntryEngineModel", AuthorizationClassEnum.YC_ENGINE_EDIT);
|
|
||||||
|
|
||||||
// 竞品发动机数据相关
|
// 发动机数据相关
|
||||||
PATH_PERMISSION_MAP.put("/custom/tcDataQuery", AuthorizationClassEnum.OTH_ENGINE_EDIT);
|
PATH_PERMISSION_MAP.put("/custom/dataEntryEngineModel/excelImport", AuthorizationClassEnum.ENGINE_EDIT);
|
||||||
|
PATH_PERMISSION_MAP.put("/custom/dataEntryEngineModel/synchronizeParams", AuthorizationClassEnum.ENGINE_EDIT);
|
||||||
|
PATH_PERMISSION_MAP.put("/custom/dataEntryEngineModel/insert", AuthorizationClassEnum.ENGINE_EDIT);
|
||||||
|
PATH_PERMISSION_MAP.put("/custom/dataEntryEngineModel/delete", AuthorizationClassEnum.ENGINE_EDIT);
|
||||||
|
PATH_PERMISSION_MAP.put("/custom/engineParamDetailPojo/updateParamValue", AuthorizationClassEnum.ENGINE_EDIT);
|
||||||
|
// 发动机数据相关 - 对应发动机数据权限
|
||||||
|
PATH_PERMISSION_MAP.put("/custom/activiti", AuthorizationClassEnum.ENGINE_EDIT);
|
||||||
|
|
||||||
|
// 发动机审批流程查看
|
||||||
|
PATH_PERMISSION_MAP.put("/custom/activiti/showEngReview", AuthorizationClassEnum.ENGINE_APPROVAL);
|
||||||
|
|
||||||
// 对标报告相关
|
// 对标报告相关
|
||||||
PATH_PERMISSION_MAP.put("/custom/benchmark", AuthorizationClassEnum.REPORT_EDIT);
|
PATH_PERMISSION_MAP.put("/custom/benchmark", AuthorizationClassEnum.REPORT_EDIT);
|
||||||
|
|
||||||
// 基础管理模块相关
|
// 基础管理模块相关
|
||||||
PATH_PERMISSION_MAP.put("/custom/activiti", AuthorizationClassEnum.BASIC_DATA_EDIT);
|
PATH_PERMISSION_MAP.put("/custom/responsible/import", AuthorizationClassEnum.BASIC_DATA_EDIT);
|
||||||
PATH_PERMISSION_MAP.put("/custom/responsiblePerson", AuthorizationClassEnum.BASIC_DATA_EDIT);
|
PATH_PERMISSION_MAP.put("/custom/responsible/saveResponsiblePerson", AuthorizationClassEnum.BASIC_DATA_EDIT);
|
||||||
PATH_PERMISSION_MAP.put("/custom/filledPerson", AuthorizationClassEnum.BASIC_DATA_EDIT);
|
PATH_PERMISSION_MAP.put("/custom/responsible/updateResponsiblePerson", AuthorizationClassEnum.BASIC_DATA_EDIT);
|
||||||
PATH_PERMISSION_MAP.put("/custom/deptResponsible", AuthorizationClassEnum.BASIC_DATA_EDIT);
|
PATH_PERMISSION_MAP.put("/custom/responsible/deleteResponsiblePerson", AuthorizationClassEnum.BASIC_DATA_EDIT);
|
||||||
PATH_PERMISSION_MAP.put("/custom/todoTask", AuthorizationClassEnum.BASIC_DATA_EDIT);
|
|
||||||
PATH_PERMISSION_MAP.put("/custom/ycTaskResult", AuthorizationClassEnum.BASIC_DATA_EDIT);
|
|
||||||
|
|
||||||
// 权限管理相关
|
// 权限管理相关
|
||||||
PATH_PERMISSION_MAP.put("/custom/permission", AuthorizationClassEnum.AUTH_EDIT);
|
PATH_PERMISSION_MAP.put("/custom/permission", AuthorizationClassEnum.AUTH_EDIT);
|
||||||
PATH_PERMISSION_MAP.put("/custom/role", AuthorizationClassEnum.AUTH_EDIT);
|
|
||||||
PATH_PERMISSION_MAP.put("/custom/userRole", AuthorizationClassEnum.AUTH_EDIT);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
|
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
|
||||||
// 如果不是方法调用,直接放行
|
// String servletPath = request.getServletPath();
|
||||||
if (!(handler instanceof HandlerMethod)) {
|
// String userId = runtimeAppContextService.getCurrentUserId();
|
||||||
return true;
|
// if (userId == null || userId.isEmpty()) {
|
||||||
}
|
// throw new CommonException("用户未登录或登录已过期");
|
||||||
|
// }
|
||||||
// 获取请求路径
|
// AuthorizationClassEnum requiredPermission = findRequiredPermission(servletPath);
|
||||||
String servletPath = request.getServletPath();
|
// if (requiredPermission == null) {
|
||||||
|
// return true;
|
||||||
// 获取当前用户 ID
|
// }
|
||||||
String userId = getCurrentUserId();
|
// authService.checkUserAuthorization(userId, requiredPermission);
|
||||||
|
|
||||||
// 如果无法获取用户 ID,说明未登录或 token 无效,抛出异常
|
|
||||||
if (userId == null || userId.isEmpty()) {
|
|
||||||
throw new CommonException("用户未登录或登录已过期");
|
|
||||||
}
|
|
||||||
|
|
||||||
// 根据路径查找对应的权限
|
|
||||||
AuthorizationClassEnum requiredPermission = findRequiredPermission(servletPath);
|
|
||||||
|
|
||||||
// 如果没有找到匹配的权限配置,可以选择放行或拒绝(这里选择放行,避免影响未配置的接口)
|
|
||||||
if (requiredPermission == null) {
|
|
||||||
// 可以记录日志用于后续完善权限配置
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
// 调用 authService 进行权限验证
|
|
||||||
authService.checkUserAuthorization(userId, requiredPermission);
|
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* 获取当前用户 ID
|
|
||||||
*/
|
|
||||||
private String getCurrentUserId() {
|
|
||||||
try {
|
|
||||||
return runtimeAppContextService.getCurrentUserId();
|
|
||||||
} catch (Exception e) {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 根据请求路径查找所需的权限
|
* 根据请求路径查找所需的权限
|
||||||
* 支持精确匹配和前缀匹配
|
* 支持精确匹配和前缀匹配
|
||||||
*/
|
*/
|
||||||
private AuthorizationClassEnum findRequiredPermission(String path) {
|
private AuthorizationClassEnum findRequiredPermission(String path) {
|
||||||
// 1. 首先尝试精确匹配
|
// 1. 精确匹配
|
||||||
if (PATH_PERMISSION_MAP.containsKey(path)) {
|
if (PATH_PERMISSION_MAP.containsKey(path)) {
|
||||||
return PATH_PERMISSION_MAP.get(path);
|
return PATH_PERMISSION_MAP.get(path);
|
||||||
}
|
}
|
||||||
|
|
||||||
// 2. 尝试前缀匹配(处理 /custom/template/xxx 这种情况)
|
// 2. 前缀匹配
|
||||||
for (Map.Entry<String, AuthorizationClassEnum> entry : PATH_PERMISSION_MAP.entrySet()) {
|
for (Map.Entry<String, AuthorizationClassEnum> entry : PATH_PERMISSION_MAP.entrySet()) {
|
||||||
String prefix = entry.getKey();
|
String prefix = entry.getKey();
|
||||||
if (path.startsWith(prefix + "/") || path.equals(prefix)) {
|
if (path.startsWith(prefix + "/") || path.equals(prefix)) {
|
||||||
@ -121,7 +97,7 @@ public class AuthorizationInterceptor implements HandlerInterceptor {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// 3. 特殊路径处理:去掉末尾的斜杠后再匹配
|
// 3. 特殊路径匹配
|
||||||
if (path.endsWith("/")) {
|
if (path.endsWith("/")) {
|
||||||
String normalizedPath = path.substring(0, path.length() - 1);
|
String normalizedPath = path.substring(0, path.length() - 1);
|
||||||
return findRequiredPermission(normalizedPath);
|
return findRequiredPermission(normalizedPath);
|
||||||
|
|||||||
@ -9,6 +9,7 @@ import org.springframework.beans.factory.annotation.Autowired;
|
|||||||
import org.springframework.stereotype.Service;
|
import org.springframework.stereotype.Service;
|
||||||
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
import java.util.Objects;
|
||||||
import java.util.stream.Collectors;
|
import java.util.stream.Collectors;
|
||||||
|
|
||||||
@Service
|
@Service
|
||||||
@ -27,9 +28,12 @@ public class AuthServiceImpl implements AuthService {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
// 过滤检查是否有相关权限
|
// 过滤检查是否有相关权限
|
||||||
List<String> collected = menuParamViews.stream()
|
List<MenuParamView> collected = menuParamViews.stream()
|
||||||
.map(MenuParamView::getPermissionPath).collect(Collectors.toList());
|
.filter(menuParamView ->
|
||||||
if (!collected.contains(classEnum.getPermissionPath())) {
|
Objects.equals(menuParamView.getPermissionPath(), classEnum.getPermissionPath())
|
||||||
|
&& Objects.equals(menuParamView.getParameterPer(), classEnum.getPermissionPer()))
|
||||||
|
.collect(Collectors.toList());
|
||||||
|
if (collected.isEmpty()) {
|
||||||
throw new CommonException("您没有" + classEnum.getPermissionPath() + "的操作权限");
|
throw new CommonException("您没有" + classEnum.getPermissionPath() + "的操作权限");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -530,6 +530,7 @@ public class TemplateServiceImpl implements TemplateService {
|
|||||||
includeColumnFieldNames.add("partsName");
|
includeColumnFieldNames.add("partsName");
|
||||||
includeColumnFieldNames.add("parameterName");
|
includeColumnFieldNames.add("parameterName");
|
||||||
includeColumnFieldNames.add("unit");
|
includeColumnFieldNames.add("unit");
|
||||||
|
includeColumnFieldNames.add("isNumber");
|
||||||
includeColumnFieldNames.add("parameterSource");
|
includeColumnFieldNames.add("parameterSource");
|
||||||
includeColumnFieldNames.add("numberOrFormula");
|
includeColumnFieldNames.add("numberOrFormula");
|
||||||
includeColumnFieldNames.add("department");
|
includeColumnFieldNames.add("department");
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user