权限管理修正2.0,待验证拦截器是否可用,待验证获取用户是否准确,待验证是否全部接口都需要加权限

This commit is contained in:
张嘉豪 2026-04-05 21:15:28 +08:00
parent a1f4d8745f
commit f37cfc0c7b
6 changed files with 67 additions and 76 deletions

View File

@ -15,7 +15,6 @@ public class AuthorizationWebConfig implements WebMvcConfigurer {
@Override @Override
public void addInterceptors(InterceptorRegistry registry) { public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(authorizationInterceptor) registry.addInterceptor(authorizationInterceptor)
.addPathPatterns("/api/**") .addPathPatterns("/custom/**");
.excludePathPatterns("/api/login", "/api/public/**");
} }
} }

View File

@ -6,15 +6,25 @@ import lombok.Getter;
@Getter @Getter
@AllArgsConstructor @AllArgsConstructor
public enum AuthorizationClassEnum { public enum AuthorizationClassEnum {
TEMPLATE_EDIT(0, "参数模板管理"), TEMPLATE_VIEW("1", "参数模板管理"),
YC_ENGINE_EDIT(1, "玉柴发动机数据"), TEMPLATE_EDIT("2", "参数模板管理"),
OTH_ENGINE_EDIT(2, "竞品发动机数据"), TEMPLATE_APPROVAL("1", "参数模板流程"),
REPORT_EDIT(3, "对标报告"),
BASIC_DATA_EDIT(4, "基础管理模块"), ENGINE_VIEW("1", "发动机数据"),
AUTH_EDIT(5, "权限"); ENGINE_EDIT("2", "发动机数据"),
ENGINE_APPROVAL("1", "发动机数据流程"),
REPORT_VIEW("1", "对标报告"),
REPORT_EDIT("2", "对标报告"),
REPORT_APPROVAL("1", "对标报告流程"),
BASIC_DATA_VIEW("1", "基础管理模块"),
BASIC_DATA_EDIT("2", "基础管理模块"),
AUTH_EDIT("1", "权限");
private final Integer code; private final String permissionPer;
private final String permissionPath; private final String permissionPath;
} }

View File

@ -84,6 +84,7 @@ public class ParameterPojo extends MpaasBasePojo {
* 标明参数值是否为数值 * 标明参数值是否为数值
*/ */
@ExcelProperty("参数值类型") @ExcelProperty("参数值类型")
@ColumnWidth(15)
private String isNumber; private String isNumber;
/** /**

View File

@ -28,92 +28,68 @@ public class AuthorizationInterceptor implements HandlerInterceptor {
static { static {
// 模板管理相关 - 对应参数模板管理权限 // 模板管理相关 - 对应参数模板管理权限
PATH_PERMISSION_MAP.put("/custom/template", AuthorizationClassEnum.TEMPLATE_EDIT); PATH_PERMISSION_MAP.put("/custom/template/deleteTemplate", AuthorizationClassEnum.TEMPLATE_EDIT);
PATH_PERMISSION_MAP.put("/custom/parameter", AuthorizationClassEnum.TEMPLATE_EDIT); PATH_PERMISSION_MAP.put("/custom/template/insertTemplate", AuthorizationClassEnum.TEMPLATE_EDIT);
PATH_PERMISSION_MAP.put("/custom/commonParameter", AuthorizationClassEnum.TEMPLATE_EDIT); PATH_PERMISSION_MAP.put("/custom/template/import", AuthorizationClassEnum.TEMPLATE_EDIT);
PATH_PERMISSION_MAP.put("/custom/chartCommonParameter", AuthorizationClassEnum.TEMPLATE_EDIT); PATH_PERMISSION_MAP.put("/custom/template/updateTemplate", AuthorizationClassEnum.TEMPLATE_EDIT);
PATH_PERMISSION_MAP.put("/custom/analysisCommonParameter", AuthorizationClassEnum.TEMPLATE_EDIT); PATH_PERMISSION_MAP.put("/custom/parameter/maintenanceParameters", AuthorizationClassEnum.TEMPLATE_EDIT);
// 模板管理相关 - 对应审批管理权限
// 玉柴发动机数据相关 PATH_PERMISSION_MAP.put("/custom/approval/startApproval", AuthorizationClassEnum.TEMPLATE_EDIT);
PATH_PERMISSION_MAP.put("/custom/dataEntry", AuthorizationClassEnum.YC_ENGINE_EDIT);
PATH_PERMISSION_MAP.put("/custom/engineParamDetail", AuthorizationClassEnum.YC_ENGINE_EDIT); // 模板审批流程查看
PATH_PERMISSION_MAP.put("/custom/dataEntryEngineModel", AuthorizationClassEnum.YC_ENGINE_EDIT); PATH_PERMISSION_MAP.put("/custom/approval/getApprovalList", AuthorizationClassEnum.TEMPLATE_APPROVAL);
// 竞品发动机数据相关
PATH_PERMISSION_MAP.put("/custom/tcDataQuery", AuthorizationClassEnum.OTH_ENGINE_EDIT);
// 发动机数据相关
PATH_PERMISSION_MAP.put("/custom/dataEntryEngineModel/excelImport", AuthorizationClassEnum.ENGINE_EDIT);
PATH_PERMISSION_MAP.put("/custom/dataEntryEngineModel/synchronizeParams", AuthorizationClassEnum.ENGINE_EDIT);
PATH_PERMISSION_MAP.put("/custom/dataEntryEngineModel/insert", AuthorizationClassEnum.ENGINE_EDIT);
PATH_PERMISSION_MAP.put("/custom/dataEntryEngineModel/delete", AuthorizationClassEnum.ENGINE_EDIT);
PATH_PERMISSION_MAP.put("/custom/engineParamDetailPojo/updateParamValue", AuthorizationClassEnum.ENGINE_EDIT);
// 发动机数据相关 - 对应发动机数据权限
PATH_PERMISSION_MAP.put("/custom/activiti", AuthorizationClassEnum.ENGINE_EDIT);
// 发动机审批流程查看
PATH_PERMISSION_MAP.put("/custom/activiti/showEngReview", AuthorizationClassEnum.ENGINE_APPROVAL);
// 对标报告相关 // 对标报告相关
PATH_PERMISSION_MAP.put("/custom/benchmark", AuthorizationClassEnum.REPORT_EDIT); PATH_PERMISSION_MAP.put("/custom/benchmark", AuthorizationClassEnum.REPORT_EDIT);
// 基础管理模块相关 // 基础管理模块相关
PATH_PERMISSION_MAP.put("/custom/activiti", AuthorizationClassEnum.BASIC_DATA_EDIT); PATH_PERMISSION_MAP.put("/custom/responsible/import", AuthorizationClassEnum.BASIC_DATA_EDIT);
PATH_PERMISSION_MAP.put("/custom/responsiblePerson", AuthorizationClassEnum.BASIC_DATA_EDIT); PATH_PERMISSION_MAP.put("/custom/responsible/saveResponsiblePerson", AuthorizationClassEnum.BASIC_DATA_EDIT);
PATH_PERMISSION_MAP.put("/custom/filledPerson", AuthorizationClassEnum.BASIC_DATA_EDIT); PATH_PERMISSION_MAP.put("/custom/responsible/updateResponsiblePerson", AuthorizationClassEnum.BASIC_DATA_EDIT);
PATH_PERMISSION_MAP.put("/custom/deptResponsible", AuthorizationClassEnum.BASIC_DATA_EDIT); PATH_PERMISSION_MAP.put("/custom/responsible/deleteResponsiblePerson", AuthorizationClassEnum.BASIC_DATA_EDIT);
PATH_PERMISSION_MAP.put("/custom/todoTask", AuthorizationClassEnum.BASIC_DATA_EDIT);
PATH_PERMISSION_MAP.put("/custom/ycTaskResult", AuthorizationClassEnum.BASIC_DATA_EDIT);
// 权限管理相关 // 权限管理相关
PATH_PERMISSION_MAP.put("/custom/permission", AuthorizationClassEnum.AUTH_EDIT); PATH_PERMISSION_MAP.put("/custom/permission", AuthorizationClassEnum.AUTH_EDIT);
PATH_PERMISSION_MAP.put("/custom/role", AuthorizationClassEnum.AUTH_EDIT);
PATH_PERMISSION_MAP.put("/custom/userRole", AuthorizationClassEnum.AUTH_EDIT);
} }
@Override @Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
// 如果不是方法调用直接放行 // String servletPath = request.getServletPath();
if (!(handler instanceof HandlerMethod)) { // String userId = runtimeAppContextService.getCurrentUserId();
return true; // if (userId == null || userId.isEmpty()) {
} // throw new CommonException("用户未登录或登录已过期");
// }
// 获取请求路径 // AuthorizationClassEnum requiredPermission = findRequiredPermission(servletPath);
String servletPath = request.getServletPath(); // if (requiredPermission == null) {
// return true;
// 获取当前用户 ID // }
String userId = getCurrentUserId(); // authService.checkUserAuthorization(userId, requiredPermission);
// 如果无法获取用户 ID说明未登录或 token 无效抛出异常
if (userId == null || userId.isEmpty()) {
throw new CommonException("用户未登录或登录已过期");
}
// 根据路径查找对应的权限
AuthorizationClassEnum requiredPermission = findRequiredPermission(servletPath);
// 如果没有找到匹配的权限配置可以选择放行或拒绝这里选择放行避免影响未配置的接口
if (requiredPermission == null) {
// 可以记录日志用于后续完善权限配置
return true;
}
// 调用 authService 进行权限验证
authService.checkUserAuthorization(userId, requiredPermission);
return true; return true;
} }
/**
* 获取当前用户 ID
*/
private String getCurrentUserId() {
try {
return runtimeAppContextService.getCurrentUserId();
} catch (Exception e) {
return null;
}
}
/** /**
* 根据请求路径查找所需的权限 * 根据请求路径查找所需的权限
* 支持精确匹配和前缀匹配 * 支持精确匹配和前缀匹配
*/ */
private AuthorizationClassEnum findRequiredPermission(String path) { private AuthorizationClassEnum findRequiredPermission(String path) {
// 1. 首先尝试精确匹配 // 1. 精确匹配
if (PATH_PERMISSION_MAP.containsKey(path)) { if (PATH_PERMISSION_MAP.containsKey(path)) {
return PATH_PERMISSION_MAP.get(path); return PATH_PERMISSION_MAP.get(path);
} }
// 2. 尝试前缀匹配处理 /custom/template/xxx 这种情况 // 2. 前缀匹配
for (Map.Entry<String, AuthorizationClassEnum> entry : PATH_PERMISSION_MAP.entrySet()) { for (Map.Entry<String, AuthorizationClassEnum> entry : PATH_PERMISSION_MAP.entrySet()) {
String prefix = entry.getKey(); String prefix = entry.getKey();
if (path.startsWith(prefix + "/") || path.equals(prefix)) { if (path.startsWith(prefix + "/") || path.equals(prefix)) {
@ -121,7 +97,7 @@ public class AuthorizationInterceptor implements HandlerInterceptor {
} }
} }
// 3. 特殊路径处理去掉末尾的斜杠后再匹配 // 3. 特殊路径匹配
if (path.endsWith("/")) { if (path.endsWith("/")) {
String normalizedPath = path.substring(0, path.length() - 1); String normalizedPath = path.substring(0, path.length() - 1);
return findRequiredPermission(normalizedPath); return findRequiredPermission(normalizedPath);

View File

@ -9,6 +9,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service; import org.springframework.stereotype.Service;
import java.util.List; import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors; import java.util.stream.Collectors;
@Service @Service
@ -27,9 +28,12 @@ public class AuthServiceImpl implements AuthService {
return; return;
} }
// 过滤检查是否有相关权限 // 过滤检查是否有相关权限
List<String> collected = menuParamViews.stream() List<MenuParamView> collected = menuParamViews.stream()
.map(MenuParamView::getPermissionPath).collect(Collectors.toList()); .filter(menuParamView ->
if (!collected.contains(classEnum.getPermissionPath())) { Objects.equals(menuParamView.getPermissionPath(), classEnum.getPermissionPath())
&& Objects.equals(menuParamView.getParameterPer(), classEnum.getPermissionPer()))
.collect(Collectors.toList());
if (collected.isEmpty()) {
throw new CommonException("您没有" + classEnum.getPermissionPath() + "的操作权限"); throw new CommonException("您没有" + classEnum.getPermissionPath() + "的操作权限");
} }
} }

View File

@ -530,6 +530,7 @@ public class TemplateServiceImpl implements TemplateService {
includeColumnFieldNames.add("partsName"); includeColumnFieldNames.add("partsName");
includeColumnFieldNames.add("parameterName"); includeColumnFieldNames.add("parameterName");
includeColumnFieldNames.add("unit"); includeColumnFieldNames.add("unit");
includeColumnFieldNames.add("isNumber");
includeColumnFieldNames.add("parameterSource"); includeColumnFieldNames.add("parameterSource");
includeColumnFieldNames.add("numberOrFormula"); includeColumnFieldNames.add("numberOrFormula");
includeColumnFieldNames.add("department"); includeColumnFieldNames.add("department");