权限管理修正2.0,待验证拦截器是否可用,待验证获取用户是否准确,待验证是否全部接口都需要加权限
This commit is contained in:
parent
a1f4d8745f
commit
f37cfc0c7b
@ -15,7 +15,6 @@ public class AuthorizationWebConfig implements WebMvcConfigurer {
|
||||
@Override
|
||||
public void addInterceptors(InterceptorRegistry registry) {
|
||||
registry.addInterceptor(authorizationInterceptor)
|
||||
.addPathPatterns("/api/**")
|
||||
.excludePathPatterns("/api/login", "/api/public/**");
|
||||
.addPathPatterns("/custom/**");
|
||||
}
|
||||
}
|
||||
@ -6,15 +6,25 @@ import lombok.Getter;
|
||||
@Getter
|
||||
@AllArgsConstructor
|
||||
public enum AuthorizationClassEnum {
|
||||
TEMPLATE_EDIT(0, "参数模板管理"),
|
||||
YC_ENGINE_EDIT(1, "玉柴发动机数据"),
|
||||
OTH_ENGINE_EDIT(2, "竞品发动机数据"),
|
||||
REPORT_EDIT(3, "对标报告"),
|
||||
BASIC_DATA_EDIT(4, "基础管理模块"),
|
||||
AUTH_EDIT(5, "权限");
|
||||
TEMPLATE_VIEW("1", "参数模板管理"),
|
||||
TEMPLATE_EDIT("2", "参数模板管理"),
|
||||
TEMPLATE_APPROVAL("1", "参数模板流程"),
|
||||
|
||||
ENGINE_VIEW("1", "发动机数据"),
|
||||
ENGINE_EDIT("2", "发动机数据"),
|
||||
ENGINE_APPROVAL("1", "发动机数据流程"),
|
||||
|
||||
REPORT_VIEW("1", "对标报告"),
|
||||
REPORT_EDIT("2", "对标报告"),
|
||||
REPORT_APPROVAL("1", "对标报告流程"),
|
||||
|
||||
BASIC_DATA_VIEW("1", "基础管理模块"),
|
||||
BASIC_DATA_EDIT("2", "基础管理模块"),
|
||||
|
||||
AUTH_EDIT("1", "权限");
|
||||
|
||||
|
||||
private final Integer code;
|
||||
private final String permissionPer;
|
||||
|
||||
private final String permissionPath;
|
||||
}
|
||||
|
||||
@ -84,6 +84,7 @@ public class ParameterPojo extends MpaasBasePojo {
|
||||
* 标明参数值是否为数值
|
||||
*/
|
||||
@ExcelProperty("参数值类型")
|
||||
@ColumnWidth(15)
|
||||
private String isNumber;
|
||||
|
||||
/**
|
||||
|
||||
@ -28,92 +28,68 @@ public class AuthorizationInterceptor implements HandlerInterceptor {
|
||||
|
||||
static {
|
||||
// 模板管理相关 - 对应参数模板管理权限
|
||||
PATH_PERMISSION_MAP.put("/custom/template", AuthorizationClassEnum.TEMPLATE_EDIT);
|
||||
PATH_PERMISSION_MAP.put("/custom/parameter", AuthorizationClassEnum.TEMPLATE_EDIT);
|
||||
PATH_PERMISSION_MAP.put("/custom/commonParameter", AuthorizationClassEnum.TEMPLATE_EDIT);
|
||||
PATH_PERMISSION_MAP.put("/custom/chartCommonParameter", AuthorizationClassEnum.TEMPLATE_EDIT);
|
||||
PATH_PERMISSION_MAP.put("/custom/analysisCommonParameter", AuthorizationClassEnum.TEMPLATE_EDIT);
|
||||
PATH_PERMISSION_MAP.put("/custom/template/deleteTemplate", AuthorizationClassEnum.TEMPLATE_EDIT);
|
||||
PATH_PERMISSION_MAP.put("/custom/template/insertTemplate", AuthorizationClassEnum.TEMPLATE_EDIT);
|
||||
PATH_PERMISSION_MAP.put("/custom/template/import", AuthorizationClassEnum.TEMPLATE_EDIT);
|
||||
PATH_PERMISSION_MAP.put("/custom/template/updateTemplate", AuthorizationClassEnum.TEMPLATE_EDIT);
|
||||
PATH_PERMISSION_MAP.put("/custom/parameter/maintenanceParameters", AuthorizationClassEnum.TEMPLATE_EDIT);
|
||||
// 模板管理相关 - 对应审批管理权限
|
||||
PATH_PERMISSION_MAP.put("/custom/approval/startApproval", AuthorizationClassEnum.TEMPLATE_EDIT);
|
||||
|
||||
// 玉柴发动机数据相关
|
||||
PATH_PERMISSION_MAP.put("/custom/dataEntry", AuthorizationClassEnum.YC_ENGINE_EDIT);
|
||||
PATH_PERMISSION_MAP.put("/custom/engineParamDetail", AuthorizationClassEnum.YC_ENGINE_EDIT);
|
||||
PATH_PERMISSION_MAP.put("/custom/dataEntryEngineModel", AuthorizationClassEnum.YC_ENGINE_EDIT);
|
||||
// 模板审批流程查看
|
||||
PATH_PERMISSION_MAP.put("/custom/approval/getApprovalList", AuthorizationClassEnum.TEMPLATE_APPROVAL);
|
||||
|
||||
// 竞品发动机数据相关
|
||||
PATH_PERMISSION_MAP.put("/custom/tcDataQuery", AuthorizationClassEnum.OTH_ENGINE_EDIT);
|
||||
// 发动机数据相关
|
||||
PATH_PERMISSION_MAP.put("/custom/dataEntryEngineModel/excelImport", AuthorizationClassEnum.ENGINE_EDIT);
|
||||
PATH_PERMISSION_MAP.put("/custom/dataEntryEngineModel/synchronizeParams", AuthorizationClassEnum.ENGINE_EDIT);
|
||||
PATH_PERMISSION_MAP.put("/custom/dataEntryEngineModel/insert", AuthorizationClassEnum.ENGINE_EDIT);
|
||||
PATH_PERMISSION_MAP.put("/custom/dataEntryEngineModel/delete", AuthorizationClassEnum.ENGINE_EDIT);
|
||||
PATH_PERMISSION_MAP.put("/custom/engineParamDetailPojo/updateParamValue", AuthorizationClassEnum.ENGINE_EDIT);
|
||||
// 发动机数据相关 - 对应发动机数据权限
|
||||
PATH_PERMISSION_MAP.put("/custom/activiti", AuthorizationClassEnum.ENGINE_EDIT);
|
||||
|
||||
// 发动机审批流程查看
|
||||
PATH_PERMISSION_MAP.put("/custom/activiti/showEngReview", AuthorizationClassEnum.ENGINE_APPROVAL);
|
||||
|
||||
// 对标报告相关
|
||||
PATH_PERMISSION_MAP.put("/custom/benchmark", AuthorizationClassEnum.REPORT_EDIT);
|
||||
|
||||
// 基础管理模块相关
|
||||
PATH_PERMISSION_MAP.put("/custom/activiti", AuthorizationClassEnum.BASIC_DATA_EDIT);
|
||||
PATH_PERMISSION_MAP.put("/custom/responsiblePerson", AuthorizationClassEnum.BASIC_DATA_EDIT);
|
||||
PATH_PERMISSION_MAP.put("/custom/filledPerson", AuthorizationClassEnum.BASIC_DATA_EDIT);
|
||||
PATH_PERMISSION_MAP.put("/custom/deptResponsible", AuthorizationClassEnum.BASIC_DATA_EDIT);
|
||||
PATH_PERMISSION_MAP.put("/custom/todoTask", AuthorizationClassEnum.BASIC_DATA_EDIT);
|
||||
PATH_PERMISSION_MAP.put("/custom/ycTaskResult", AuthorizationClassEnum.BASIC_DATA_EDIT);
|
||||
PATH_PERMISSION_MAP.put("/custom/responsible/import", AuthorizationClassEnum.BASIC_DATA_EDIT);
|
||||
PATH_PERMISSION_MAP.put("/custom/responsible/saveResponsiblePerson", AuthorizationClassEnum.BASIC_DATA_EDIT);
|
||||
PATH_PERMISSION_MAP.put("/custom/responsible/updateResponsiblePerson", AuthorizationClassEnum.BASIC_DATA_EDIT);
|
||||
PATH_PERMISSION_MAP.put("/custom/responsible/deleteResponsiblePerson", AuthorizationClassEnum.BASIC_DATA_EDIT);
|
||||
|
||||
// 权限管理相关
|
||||
PATH_PERMISSION_MAP.put("/custom/permission", AuthorizationClassEnum.AUTH_EDIT);
|
||||
PATH_PERMISSION_MAP.put("/custom/role", AuthorizationClassEnum.AUTH_EDIT);
|
||||
PATH_PERMISSION_MAP.put("/custom/userRole", AuthorizationClassEnum.AUTH_EDIT);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
|
||||
// 如果不是方法调用,直接放行
|
||||
if (!(handler instanceof HandlerMethod)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
// 获取请求路径
|
||||
String servletPath = request.getServletPath();
|
||||
|
||||
// 获取当前用户 ID
|
||||
String userId = getCurrentUserId();
|
||||
|
||||
// 如果无法获取用户 ID,说明未登录或 token 无效,抛出异常
|
||||
if (userId == null || userId.isEmpty()) {
|
||||
throw new CommonException("用户未登录或登录已过期");
|
||||
}
|
||||
|
||||
// 根据路径查找对应的权限
|
||||
AuthorizationClassEnum requiredPermission = findRequiredPermission(servletPath);
|
||||
|
||||
// 如果没有找到匹配的权限配置,可以选择放行或拒绝(这里选择放行,避免影响未配置的接口)
|
||||
if (requiredPermission == null) {
|
||||
// 可以记录日志用于后续完善权限配置
|
||||
return true;
|
||||
}
|
||||
|
||||
// 调用 authService 进行权限验证
|
||||
authService.checkUserAuthorization(userId, requiredPermission);
|
||||
|
||||
// String servletPath = request.getServletPath();
|
||||
// String userId = runtimeAppContextService.getCurrentUserId();
|
||||
// if (userId == null || userId.isEmpty()) {
|
||||
// throw new CommonException("用户未登录或登录已过期");
|
||||
// }
|
||||
// AuthorizationClassEnum requiredPermission = findRequiredPermission(servletPath);
|
||||
// if (requiredPermission == null) {
|
||||
// return true;
|
||||
// }
|
||||
// authService.checkUserAuthorization(userId, requiredPermission);
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取当前用户 ID
|
||||
*/
|
||||
private String getCurrentUserId() {
|
||||
try {
|
||||
return runtimeAppContextService.getCurrentUserId();
|
||||
} catch (Exception e) {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* 根据请求路径查找所需的权限
|
||||
* 支持精确匹配和前缀匹配
|
||||
*/
|
||||
private AuthorizationClassEnum findRequiredPermission(String path) {
|
||||
// 1. 首先尝试精确匹配
|
||||
// 1. 精确匹配
|
||||
if (PATH_PERMISSION_MAP.containsKey(path)) {
|
||||
return PATH_PERMISSION_MAP.get(path);
|
||||
}
|
||||
|
||||
// 2. 尝试前缀匹配(处理 /custom/template/xxx 这种情况)
|
||||
// 2. 前缀匹配
|
||||
for (Map.Entry<String, AuthorizationClassEnum> entry : PATH_PERMISSION_MAP.entrySet()) {
|
||||
String prefix = entry.getKey();
|
||||
if (path.startsWith(prefix + "/") || path.equals(prefix)) {
|
||||
@ -121,7 +97,7 @@ public class AuthorizationInterceptor implements HandlerInterceptor {
|
||||
}
|
||||
}
|
||||
|
||||
// 3. 特殊路径处理:去掉末尾的斜杠后再匹配
|
||||
// 3. 特殊路径匹配
|
||||
if (path.endsWith("/")) {
|
||||
String normalizedPath = path.substring(0, path.length() - 1);
|
||||
return findRequiredPermission(normalizedPath);
|
||||
|
||||
@ -9,6 +9,7 @@ import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Objects;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
@Service
|
||||
@ -27,9 +28,12 @@ public class AuthServiceImpl implements AuthService {
|
||||
return;
|
||||
}
|
||||
// 过滤检查是否有相关权限
|
||||
List<String> collected = menuParamViews.stream()
|
||||
.map(MenuParamView::getPermissionPath).collect(Collectors.toList());
|
||||
if (!collected.contains(classEnum.getPermissionPath())) {
|
||||
List<MenuParamView> collected = menuParamViews.stream()
|
||||
.filter(menuParamView ->
|
||||
Objects.equals(menuParamView.getPermissionPath(), classEnum.getPermissionPath())
|
||||
&& Objects.equals(menuParamView.getParameterPer(), classEnum.getPermissionPer()))
|
||||
.collect(Collectors.toList());
|
||||
if (collected.isEmpty()) {
|
||||
throw new CommonException("您没有" + classEnum.getPermissionPath() + "的操作权限");
|
||||
}
|
||||
}
|
||||
|
||||
@ -530,6 +530,7 @@ public class TemplateServiceImpl implements TemplateService {
|
||||
includeColumnFieldNames.add("partsName");
|
||||
includeColumnFieldNames.add("parameterName");
|
||||
includeColumnFieldNames.add("unit");
|
||||
includeColumnFieldNames.add("isNumber");
|
||||
includeColumnFieldNames.add("parameterSource");
|
||||
includeColumnFieldNames.add("numberOrFormula");
|
||||
includeColumnFieldNames.add("department");
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user