From c017e8ff2ca030d83f9d1fc7a931e05a7d0d9d32 Mon Sep 17 00:00:00 2001 From: wangxianzhang Date: Tue, 27 Sep 2022 14:37:07 +0800 Subject: [PATCH 1/9] =?UTF-8?q?=E8=BF=90=E8=90=A5=E7=AB=AF-=E5=90=8E?= =?UTF-8?q?=E7=AB=AF=E6=8E=A5=E5=8F=A3=E6=9D=83=E9=99=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../controller/SysDictTypeController.java | 2 + .../annotation/OperRequiredPermission.java | 33 +++++++++++ .../aspect/OperRequiredPermissionAspect.java | 56 +++++++++++++++++++ .../dto/form/HasOperPermissionFormDTO.java | 22 ++++++++ .../commons/tools/dto/result/OperResouce.java | 13 +++++ .../CommonOperAccessOpenFeignClient.java | 36 ++++++++++++ ...mmonOperAccessOpenFeignClientFallback.java | 27 +++++++++ ...rAccessOpenFeignClientFallbackFactory.java | 19 +++++++ .../epmet/commons/tools/redis/RedisKeys.java | 9 +++ .../dto/form/HasOperPermissionFormDTO.java | 22 ++++++++ .../com/epmet/dto/result/OperResouce.java | 13 +++++ .../feign/OperAccessOpenFeignClient.java | 10 ++++ .../OperAccessOpenFeignClientFallback.java | 6 ++ .../epmet/controller/OperMenuController.java | 32 ++++++++++- .../main/java/com/epmet/dao/OperMenuDao.java | 3 + .../java/com/epmet/redis/OperMenuRedis.java | 24 ++++++++ .../com/epmet/service/OperMenuService.java | 2 + .../service/impl/OperMenuServiceImpl.java | 30 ++++++++++ .../src/main/resources/mapper/OperMenuDao.xml | 11 ++++ 19 files changed, 369 insertions(+), 1 deletion(-) create mode 100644 epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/annotation/OperRequiredPermission.java create mode 100644 epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/aspect/OperRequiredPermissionAspect.java create mode 100644 epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/dto/form/HasOperPermissionFormDTO.java create mode 100644 epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/dto/result/OperResouce.java create mode 100644 epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/CommonOperAccessOpenFeignClient.java create mode 100644 epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/fallback/CommonOperAccessOpenFeignClientFallback.java create mode 100644 epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/fallback/CommonOperAccessOpenFeignClientFallbackFactory.java create mode 100644 epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/dto/form/HasOperPermissionFormDTO.java create mode 100644 epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/dto/result/OperResouce.java diff --git a/epmet-admin/epmet-admin-server/src/main/java/com/epmet/controller/SysDictTypeController.java b/epmet-admin/epmet-admin-server/src/main/java/com/epmet/controller/SysDictTypeController.java index 0f81215fe5..a8e1c75fb6 100644 --- a/epmet-admin/epmet-admin-server/src/main/java/com/epmet/controller/SysDictTypeController.java +++ b/epmet-admin/epmet-admin-server/src/main/java/com/epmet/controller/SysDictTypeController.java @@ -8,6 +8,7 @@ package com.epmet.controller; +import com.epmet.commons.tools.annotation.OperRequiredPermission; import com.epmet.commons.tools.page.PageData; import com.epmet.commons.tools.utils.Result; import com.epmet.commons.tools.validator.AssertUtils; @@ -59,6 +60,7 @@ public class SysDictTypeController { return new Result(); } + @OperRequiredPermission @PutMapping public Result update(@RequestBody SysDictTypeDTO dto){ //效验数据 diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/annotation/OperRequiredPermission.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/annotation/OperRequiredPermission.java new file mode 100644 index 0000000000..c526223053 --- /dev/null +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/annotation/OperRequiredPermission.java @@ -0,0 +1,33 @@ +/** + * Copyright 2018 人人开源 http://www.renren.io + *

+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + *

+ * http://www.apache.org/licenses/LICENSE-2.0 + *

+ * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ + +package com.epmet.commons.tools.annotation; + +import com.epmet.commons.tools.enums.RequirePermissionEnum; + +import java.lang.annotation.*; + +/** + * 运营端-权限注解 + * @Author wxz + * @Description + * @Date 2022/09/27 16:17 + **/ +@Target(ElementType.METHOD) +@Retention(RetentionPolicy.RUNTIME) +@Documented +public @interface OperRequiredPermission { +} diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/aspect/OperRequiredPermissionAspect.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/aspect/OperRequiredPermissionAspect.java new file mode 100644 index 0000000000..21de15630a --- /dev/null +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/aspect/OperRequiredPermissionAspect.java @@ -0,0 +1,56 @@ +package com.epmet.commons.tools.aspect; + +import com.epmet.commons.tools.dto.form.HasOperPermissionFormDTO; +import com.epmet.commons.tools.exception.EpmetErrorCode; +import com.epmet.commons.tools.exception.EpmetException; +import com.epmet.commons.tools.feign.CommonOperAccessOpenFeignClient; +import com.epmet.commons.tools.utils.Result; +import org.aspectj.lang.JoinPoint; +import org.aspectj.lang.annotation.Aspect; +import org.aspectj.lang.annotation.Before; +import org.aspectj.lang.reflect.MethodSignature; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.core.annotation.Order; +import org.springframework.stereotype.Component; +import org.springframework.web.context.request.RequestAttributes; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import javax.servlet.http.HttpServletRequest; + +@Aspect +@Component +@Order(30) +public class OperRequiredPermissionAspect { + + @Autowired + private CommonOperAccessOpenFeignClient operAccessOpenFeignClient; + + @Before("@annotation(com.epmet.commons.tools.annotation.OperRequiredPermission)") + public void proceed(JoinPoint pjp) throws Throwable { +// MethodSignature signature = (MethodSignature) pjp.getSignature(); + HttpServletRequest request = getRequest(); + + String url = request.getRequestURI().toString(); + String method = request.getMethod(); + + HasOperPermissionFormDTO form = new HasOperPermissionFormDTO(); + form.setUri(url); + form.setMethod(method); + Result result = operAccessOpenFeignClient.hasOperPermission(form); + if (result == null || !result.success()) { + throw new EpmetException(EpmetErrorCode.EPMET_COMMON_OPERATION_FAIL.getCode(), "资源未授权", "资源未授权"); + } + } + + /** + * 获取Request对象 + * + * @return + */ + private HttpServletRequest getRequest() { + RequestAttributes ra = RequestContextHolder.getRequestAttributes(); + ServletRequestAttributes sra = (ServletRequestAttributes) ra; + return sra.getRequest(); + } +} diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/dto/form/HasOperPermissionFormDTO.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/dto/form/HasOperPermissionFormDTO.java new file mode 100644 index 0000000000..f2ab024566 --- /dev/null +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/dto/form/HasOperPermissionFormDTO.java @@ -0,0 +1,22 @@ +package com.epmet.commons.tools.dto.form; + +import lombok.Data; + +import javax.validation.constraints.NotBlank; + +@Data +public class HasOperPermissionFormDTO { + + /** + * uri + */ + @NotBlank(message = "uri不能为空") + private String uri; + + /** + * http方法 + */ + @NotBlank(message = "请求http方法不能为空") + private String method; + +} diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/dto/result/OperResouce.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/dto/result/OperResouce.java new file mode 100644 index 0000000000..632f013746 --- /dev/null +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/dto/result/OperResouce.java @@ -0,0 +1,13 @@ +package com.epmet.commons.tools.dto.result; + +import lombok.Data; + +@Data +public class OperResouce { + + private String userId; + private String resourceUrl; + private String ResourceMethod; + + +} diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/CommonOperAccessOpenFeignClient.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/CommonOperAccessOpenFeignClient.java new file mode 100644 index 0000000000..374a26aff5 --- /dev/null +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/CommonOperAccessOpenFeignClient.java @@ -0,0 +1,36 @@ +package com.epmet.commons.tools.feign; + +import com.epmet.commons.tools.constant.ServiceConstant; +import com.epmet.commons.tools.dto.form.HasOperPermissionFormDTO; +import com.epmet.commons.tools.feign.fallback.CommonOperAccessOpenFeignClientFallbackFactory; +import com.epmet.commons.tools.utils.Result; +import org.springframework.cloud.openfeign.FeignClient; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestBody; + +/** + * @Description 运营端权限模块 + * @Author yinzuomei + * @Date 2020/5/21 15:17 本服务对外开放的API,其他服务通过引用此client调用该服务 + */ +// , url = "http://localhost:8093" +@FeignClient(name = ServiceConstant.OPER_ACCESS_SERVER, fallbackFactory = CommonOperAccessOpenFeignClientFallbackFactory.class) +public interface CommonOperAccessOpenFeignClient { + /** + * @param + * @return com.epmet.commons.tools.utils.Result + * @Author yinzuomei + * @Description 清空运营人员权限信息、菜单信息 + * @Date 2020/5/21 17:08 + **/ + @GetMapping("/oper/access/menu/clearoperuseraccess") + Result clearOperUserAccess(); + + /** + * 是否有该接口的权限 + * @return + */ + @PostMapping("/oper/access/menu/hasPermission") + Result hasOperPermission(@RequestBody HasOperPermissionFormDTO form); +} diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/fallback/CommonOperAccessOpenFeignClientFallback.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/fallback/CommonOperAccessOpenFeignClientFallback.java new file mode 100644 index 0000000000..d6ce167496 --- /dev/null +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/fallback/CommonOperAccessOpenFeignClientFallback.java @@ -0,0 +1,27 @@ +package com.epmet.commons.tools.feign.fallback; + +import com.epmet.commons.tools.constant.ServiceConstant; +import com.epmet.commons.tools.dto.form.HasOperPermissionFormDTO; +import com.epmet.commons.tools.feign.CommonOperAccessOpenFeignClient; +import com.epmet.commons.tools.utils.ModuleUtils; +import com.epmet.commons.tools.utils.Result; + +/** + * @Description 运营端权限模块 + * @Author yinzuomei + * @Date 2020/5/21 15:47 + */ +//@Component +public class CommonOperAccessOpenFeignClientFallback implements CommonOperAccessOpenFeignClient { + @Override + public Result clearOperUserAccess() { + return ModuleUtils.feignConError(ServiceConstant.OPER_ACCESS_SERVER, "clearOperUserAccess"); + + } + + @Override + public Result hasOperPermission(HasOperPermissionFormDTO form) { + return ModuleUtils.feignConError(ServiceConstant.OPER_ACCESS_SERVER, "hasOperPermission"); + } +} + diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/fallback/CommonOperAccessOpenFeignClientFallbackFactory.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/fallback/CommonOperAccessOpenFeignClientFallbackFactory.java new file mode 100644 index 0000000000..d62f24900c --- /dev/null +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/fallback/CommonOperAccessOpenFeignClientFallbackFactory.java @@ -0,0 +1,19 @@ +package com.epmet.commons.tools.feign.fallback; + +import com.epmet.commons.tools.exception.ExceptionUtils; +import com.epmet.commons.tools.feign.CommonOperAccessOpenFeignClient; +import feign.hystrix.FallbackFactory; +import lombok.extern.slf4j.Slf4j; +import org.springframework.stereotype.Component; + +@Component +@Slf4j +public class CommonOperAccessOpenFeignClientFallbackFactory implements FallbackFactory { + private CommonOperAccessOpenFeignClientFallback fallback = new CommonOperAccessOpenFeignClientFallback(); + + @Override + public CommonOperAccessOpenFeignClient create(Throwable cause) { + log.error(String.format("FeignClient调用发生异常,异常信息:%s", ExceptionUtils.getThrowableErrorStackTrace(cause))); + return fallback; + } +} diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java index ac55205beb..d31359f1dc 100644 --- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java @@ -889,4 +889,13 @@ public class RedisKeys { public static String getDingMiniInfoKey(String suiteKey) { return rootPrefix.concat("ding:miniInfo:" + suiteKey); } + + /** + * 运营人员-资源权限 + * @param operId + * @return + */ + public static String operResourcesByUserId(String operId) { + return rootPrefix.concat("oper:access:resources:").concat(operId); + } } diff --git a/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/dto/form/HasOperPermissionFormDTO.java b/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/dto/form/HasOperPermissionFormDTO.java new file mode 100644 index 0000000000..9a8197cd9e --- /dev/null +++ b/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/dto/form/HasOperPermissionFormDTO.java @@ -0,0 +1,22 @@ +package com.epmet.dto.form; + +import lombok.Data; + +import javax.validation.constraints.NotBlank; + +@Data +public class HasOperPermissionFormDTO { + + /** + * uri + */ + @NotBlank(message = "uri不能为空") + private String uri; + + /** + * http方法 + */ + @NotBlank(message = "请求http方法不能为空") + private String method; + +} diff --git a/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/dto/result/OperResouce.java b/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/dto/result/OperResouce.java new file mode 100644 index 0000000000..5867da40ef --- /dev/null +++ b/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/dto/result/OperResouce.java @@ -0,0 +1,13 @@ +package com.epmet.dto.result; + +import lombok.Data; + +@Data +public class OperResouce { + + private String userId; + private String resourceUrl; + private String ResourceMethod; + + +} diff --git a/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/feign/OperAccessOpenFeignClient.java b/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/feign/OperAccessOpenFeignClient.java index 9e5a1b0771..01101e83ca 100644 --- a/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/feign/OperAccessOpenFeignClient.java +++ b/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/feign/OperAccessOpenFeignClient.java @@ -2,9 +2,12 @@ package com.epmet.feign; import com.epmet.commons.tools.constant.ServiceConstant; import com.epmet.commons.tools.utils.Result; +import com.epmet.dto.form.HasOperPermissionFormDTO; import com.epmet.feign.fallback.OperAccessOpenFeignClientFallbackFactory; import org.springframework.cloud.openfeign.FeignClient; import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestBody; /** * @Description 运营端权限模块 @@ -23,4 +26,11 @@ public interface OperAccessOpenFeignClient { **/ @GetMapping("/oper/access/menu/clearoperuseraccess") Result clearOperUserAccess(); + + /** + * 是否有该接口的权限 + * @return + */ + @PostMapping("/oper/access/menu/hasPermission") + Result hasOperPermission(@RequestBody HasOperPermissionFormDTO form); } diff --git a/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/feign/fallback/OperAccessOpenFeignClientFallback.java b/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/feign/fallback/OperAccessOpenFeignClientFallback.java index 46c4b182eb..c6e275097c 100644 --- a/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/feign/fallback/OperAccessOpenFeignClientFallback.java +++ b/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/feign/fallback/OperAccessOpenFeignClientFallback.java @@ -3,6 +3,7 @@ package com.epmet.feign.fallback; import com.epmet.commons.tools.constant.ServiceConstant; import com.epmet.commons.tools.utils.ModuleUtils; import com.epmet.commons.tools.utils.Result; +import com.epmet.dto.form.HasOperPermissionFormDTO; import com.epmet.feign.OperAccessOpenFeignClient; /** @@ -17,5 +18,10 @@ public class OperAccessOpenFeignClientFallback implements OperAccessOpenFeignCli return ModuleUtils.feignConError(ServiceConstant.OPER_ACCESS_SERVER, "clearOperUserAccess"); } + + @Override + public Result hasOperPermission(HasOperPermissionFormDTO form) { + return ModuleUtils.feignConError(ServiceConstant.OPER_ACCESS_SERVER, "hasOperPermission"); + } } diff --git a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/controller/OperMenuController.java b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/controller/OperMenuController.java index 63fc7d61df..73a54ba654 100644 --- a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/controller/OperMenuController.java +++ b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/controller/OperMenuController.java @@ -1,9 +1,12 @@ package com.epmet.controller; import com.epmet.commons.tools.annotation.LoginUser; +import com.epmet.commons.tools.annotation.OperRequiredPermission; +import com.epmet.commons.tools.constant.AppClientConstant; import com.epmet.commons.tools.exception.ErrorCode; import com.epmet.commons.tools.page.PageData; import com.epmet.commons.tools.security.dto.TokenDto; +import com.epmet.commons.tools.utils.EpmetRequestHolder; import com.epmet.commons.tools.utils.ExcelUtils; import com.epmet.commons.tools.utils.Result; import com.epmet.commons.tools.validator.AssertUtils; @@ -12,6 +15,7 @@ import com.epmet.commons.tools.validator.group.AddGroup; import com.epmet.commons.tools.validator.group.DefaultGroup; import com.epmet.commons.tools.validator.group.UpdateGroup; import com.epmet.dto.OperMenuDTO; +import com.epmet.dto.form.HasOperPermissionFormDTO; import com.epmet.dto.result.MenuResourceDTO; import com.epmet.excel.OperMenuExcel; import com.epmet.service.OperMenuService; @@ -53,7 +57,7 @@ public class OperMenuController { //菜单资源列表 List resourceList = operResourceService.getMenuResourceList(id); - + data.setResourceList(resourceList); return new Result().ok(data); } @@ -161,4 +165,30 @@ public class OperMenuController { operMenuService.clearOperUserAccess(tokenDto.getApp(), tokenDto.getClient(), tokenDto.getUserId()); return new Result(); } + + /** + * 是否有该接口的权限 + * @return + */ + @PostMapping("hasPermission") + public Result hasOperPermission(@RequestBody HasOperPermissionFormDTO form) { + ValidatorUtils.validateEntity(form); + String uri = form.getUri(); + String method = form.getMethod(); + + String loginUserApp = EpmetRequestHolder.getLoginUserApp(); + String loginUserId = EpmetRequestHolder.getLoginUserId(); + + if (!AppClientConstant.APP_OPER.equals(loginUserApp)) { +// 只校验运营端,其他都返回true + return new Result(); + } + + Boolean isMathe = operMenuService.hasOperPermission(uri, method, loginUserId); + if (isMathe){ + return new Result(); + } else { + return new Result().error(); + } + } } diff --git a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/dao/OperMenuDao.java b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/dao/OperMenuDao.java index 2858a76f24..22ecf34695 100644 --- a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/dao/OperMenuDao.java +++ b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/dao/OperMenuDao.java @@ -9,6 +9,7 @@ package com.epmet.dao; import com.epmet.commons.mybatis.dao.BaseDao; +import com.epmet.dto.result.OperResouce; import com.epmet.entity.OperMenuEntity; import org.apache.ibatis.annotations.Mapper; import org.apache.ibatis.annotations.Param; @@ -49,4 +50,6 @@ public interface OperMenuDao extends BaseDao { * @param pid 父菜单ID */ List getListPid(String pid); + + List getOperResourcesByUserId(String operId); } diff --git a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/redis/OperMenuRedis.java b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/redis/OperMenuRedis.java index f1b568f33a..9121d631e9 100644 --- a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/redis/OperMenuRedis.java +++ b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/redis/OperMenuRedis.java @@ -17,10 +17,13 @@ package com.epmet.redis; +import com.alibaba.fastjson.JSON; +import com.alibaba.fastjson.TypeReference; import com.epmet.commons.tools.redis.RedisKeys; import com.epmet.commons.tools.redis.RedisUtils; import com.epmet.commons.tools.utils.HttpContextUtils; import com.epmet.dto.OperMenuDTO; +import com.epmet.dto.result.OperResouce; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; @@ -71,4 +74,25 @@ public class OperMenuRedis { return (Set)redisUtils.get(key); } + public List getOperResourcesByUserId(String operId) { + String key = RedisKeys.operResourcesByUserId(operId); + String json = (String) redisUtils.get(key); + return JSON.parseObject(json, new TypeReference>(){}); + } + + public void setOperResourcesByUserId(String operId, List resouces) { + String key = RedisKeys.operResourcesByUserId(operId); + String jsonString = JSON.toJSONString(resouces); + redisUtils.set(key, jsonString); + } + + /** + * 运营端用户资源删除 + * @param operId + * @param resouces + */ + public void deleteOperResourcesByUserId(String operId) { + String key = RedisKeys.operResourcesByUserId(operId); + redisUtils.delete(key); + } } \ No newline at end of file diff --git a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/OperMenuService.java b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/OperMenuService.java index 54e3a58067..670d972455 100644 --- a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/OperMenuService.java +++ b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/OperMenuService.java @@ -141,4 +141,6 @@ public interface OperMenuService extends BaseService { List getListPid(String pid); void clearOperUserAccess(String app, String client, String userId); + + Boolean hasOperPermission(String uri, String method, String loginUserId); } diff --git a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/impl/OperMenuServiceImpl.java b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/impl/OperMenuServiceImpl.java index d83970486c..f2dea5642e 100644 --- a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/impl/OperMenuServiceImpl.java +++ b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/impl/OperMenuServiceImpl.java @@ -34,6 +34,7 @@ import com.epmet.commons.tools.utils.TreeUtils; import com.epmet.dao.OperMenuDao; import com.epmet.dto.OperMenuDTO; import com.epmet.dto.OperUserDTO; +import com.epmet.dto.result.OperResouce; import com.epmet.entity.OperMenuEntity; import com.epmet.enums.MenuTypeEnum; import com.epmet.feign.EpmetUserFeignClient; @@ -48,6 +49,7 @@ import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; +import org.springframework.util.AntPathMatcher; import java.util.*; @@ -71,6 +73,8 @@ public class OperMenuServiceImpl extends BaseServiceImpl page(Map params) { IPage page = baseDao.selectPage( @@ -242,6 +246,9 @@ public class OperMenuServiceImpl extends BaseServiceImpl resouces = operMenuRedis.getOperResourcesByUserId(operId); + if (resouces == null) { + resouces = baseDao.getOperResourcesByUserId(operId); + operMenuRedis.setOperResourcesByUserId(operId, resouces); + } + + return pathMatcher(uri, method, resouces); + } + + private boolean pathMatcher(String requestUri, String method, List resources){ + for (OperResouce resource : resources) { + String resourceUrl = resource.getResourceUrl(); + String resourceMethod = resource.getResourceMethod(); + +// 路径匹配 && http方法 匹配 + if(antPathMatcher.match(resourceUrl, requestUri) && resourceMethod.equals(method)){ + return true; + } + } + return false; + } } diff --git a/epmet-module/oper-access/oper-access-server/src/main/resources/mapper/OperMenuDao.xml b/epmet-module/oper-access/oper-access-server/src/main/resources/mapper/OperMenuDao.xml index e3a61dbd36..dd44c0b389 100644 --- a/epmet-module/oper-access/oper-access-server/src/main/resources/mapper/OperMenuDao.xml +++ b/epmet-module/oper-access/oper-access-server/src/main/resources/mapper/OperMenuDao.xml @@ -39,4 +39,15 @@ select * from oper_menu where del_flag = 0 and pid = #{value} + From 7de7df24928d655c6a94b6c21def2b4193eacdd6 Mon Sep 17 00:00:00 2001 From: wangxianzhang Date: Tue, 27 Sep 2022 17:47:19 +0800 Subject: [PATCH 2/9] =?UTF-8?q?=E8=BF=90=E8=90=A5=E7=AB=AF-=E8=B6=8A?= =?UTF-8?q?=E6=9D=83?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../epmet/commons/tools/redis/RedisKeys.java | 8 +++ .../com/epmet/auth/InternalAuthProcessor.java | 56 +++++++++++++++++++ 2 files changed, 64 insertions(+) diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java index d31359f1dc..bb22e8de4b 100644 --- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java @@ -898,4 +898,12 @@ public class RedisKeys { public static String operResourcesByUserId(String operId) { return rootPrefix.concat("oper:access:resources:").concat(operId); } + + /** + * 获取需要检查的资源url + * @return + */ + public static String getOperExamineResourceUrls() { + return rootPrefix.concat("oper:access:examineresources"); + } } diff --git a/epmet-gateway/src/main/java/com/epmet/auth/InternalAuthProcessor.java b/epmet-gateway/src/main/java/com/epmet/auth/InternalAuthProcessor.java index 305bf2b3a4..a34a0385d4 100644 --- a/epmet-gateway/src/main/java/com/epmet/auth/InternalAuthProcessor.java +++ b/epmet-gateway/src/main/java/com/epmet/auth/InternalAuthProcessor.java @@ -1,11 +1,20 @@ package com.epmet.auth; +import com.alibaba.fastjson.JSON; +import com.alibaba.fastjson.TypeReference; import com.epmet.commons.tools.constant.AppClientConstant; import com.epmet.commons.tools.constant.Constant; +import com.epmet.commons.tools.dto.form.HasOperPermissionFormDTO; +import com.epmet.commons.tools.dto.result.OperResouce; import com.epmet.commons.tools.exception.EpmetErrorCode; +import com.epmet.commons.tools.exception.EpmetException; import com.epmet.commons.tools.exception.RenException; +import com.epmet.commons.tools.feign.CommonOperAccessOpenFeignClient; +import com.epmet.commons.tools.redis.RedisKeys; +import com.epmet.commons.tools.redis.RedisUtils; import com.epmet.commons.tools.security.dto.BaseTokenDto; import com.epmet.commons.tools.utils.CpUserDetailRedis; +import com.epmet.commons.tools.utils.Result; import com.epmet.filter.CpProperty; import com.epmet.jwt.JwtTokenUtils; import io.jsonwebtoken.Claims; @@ -15,12 +24,14 @@ import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.cloud.gateway.filter.GatewayFilterChain; import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpMethod; import org.springframework.http.server.reactive.ServerHttpRequest; import org.springframework.stereotype.Component; import org.springframework.util.AntPathMatcher; import org.springframework.web.server.ServerWebExchange; import java.util.Date; +import java.util.List; /** * 内部认证处理器 @@ -41,6 +52,12 @@ public class InternalAuthProcessor extends AuthProcessor { @Autowired private CpProperty cpProperty; + @Autowired + private CommonOperAccessOpenFeignClient operAccessOpenFeignClient; + + @Autowired + private RedisUtils redisUtils; + @Override public ServerWebExchange auth(ServerWebExchange exchange, GatewayFilterChain chain) { ServerHttpRequest request = exchange.getRequest(); @@ -104,10 +121,49 @@ public class InternalAuthProcessor extends AuthProcessor { builder.header(AppClientConstant.CUSTOMER_ID, customerId); } + // 针对运营端的url拦截和校验 + if (AppClientConstant.APP_OPER.equals(app)) { + HttpMethod method = request.getMethod(); + Boolean hasAccess = checkRequestOperResource(requestUri, method.toString()); + if (!hasAccess) { + throw new EpmetException(EpmetErrorCode.EPMET_COMMON_OPERATION_FAIL.getCode(), "资源未授权", "资源未授权"); + } + } + ServerHttpRequest shr = builder.build(); return exchange.mutate().request(shr).build(); } + /** + * 校验运营端用户是否有权访问该资源 + * @param uri + * @param method + * @return + */ + private Boolean checkRequestOperResource(String uri, String method) { + String resourceJsonString = (String)redisUtils.get(RedisKeys.getOperExamineResourceUrls()); + List resources = JSON.parseObject(resourceJsonString, new TypeReference>() {}); + + for (OperResouce resource : resources) { + if (antPathMatcher.match(resource.getResourceUrl(), uri) + && resource.getResourceMethod().equals(method)) { + + //需要校验权限的url + HasOperPermissionFormDTO form = new HasOperPermissionFormDTO(); + form.setUri(uri); + form.setMethod(method); + Result result = operAccessOpenFeignClient.hasOperPermission(form); + if (result == null || !result.success()) { + return false; + } + return true; + } + } + + // 如果当前请求url不需要校验权限,那么返回true + return true; + } + /** * 是否需要认证 * @param requestUri From 5487329beb9cd8e71524b9076869fb0cff058ab3 Mon Sep 17 00:00:00 2001 From: wangxianzhang Date: Tue, 27 Sep 2022 20:23:50 +0800 Subject: [PATCH 3/9] - --- .../controller/SysDictTypeController.java | 2 - .../annotation/OperRequiredPermission.java | 33 ----------- .../aspect/OperRequiredPermissionAspect.java | 56 ------------------- .../epmet/controller/OperMenuController.java | 1 - 4 files changed, 92 deletions(-) delete mode 100644 epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/annotation/OperRequiredPermission.java delete mode 100644 epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/aspect/OperRequiredPermissionAspect.java diff --git a/epmet-admin/epmet-admin-server/src/main/java/com/epmet/controller/SysDictTypeController.java b/epmet-admin/epmet-admin-server/src/main/java/com/epmet/controller/SysDictTypeController.java index a8e1c75fb6..0f81215fe5 100644 --- a/epmet-admin/epmet-admin-server/src/main/java/com/epmet/controller/SysDictTypeController.java +++ b/epmet-admin/epmet-admin-server/src/main/java/com/epmet/controller/SysDictTypeController.java @@ -8,7 +8,6 @@ package com.epmet.controller; -import com.epmet.commons.tools.annotation.OperRequiredPermission; import com.epmet.commons.tools.page.PageData; import com.epmet.commons.tools.utils.Result; import com.epmet.commons.tools.validator.AssertUtils; @@ -60,7 +59,6 @@ public class SysDictTypeController { return new Result(); } - @OperRequiredPermission @PutMapping public Result update(@RequestBody SysDictTypeDTO dto){ //效验数据 diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/annotation/OperRequiredPermission.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/annotation/OperRequiredPermission.java deleted file mode 100644 index c526223053..0000000000 --- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/annotation/OperRequiredPermission.java +++ /dev/null @@ -1,33 +0,0 @@ -/** - * Copyright 2018 人人开源 http://www.renren.io - *

- * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. You may obtain a copy of - * the License at - *

- * http://www.apache.org/licenses/LICENSE-2.0 - *

- * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - * License for the specific language governing permissions and limitations under - * the License. - */ - -package com.epmet.commons.tools.annotation; - -import com.epmet.commons.tools.enums.RequirePermissionEnum; - -import java.lang.annotation.*; - -/** - * 运营端-权限注解 - * @Author wxz - * @Description - * @Date 2022/09/27 16:17 - **/ -@Target(ElementType.METHOD) -@Retention(RetentionPolicy.RUNTIME) -@Documented -public @interface OperRequiredPermission { -} diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/aspect/OperRequiredPermissionAspect.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/aspect/OperRequiredPermissionAspect.java deleted file mode 100644 index 21de15630a..0000000000 --- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/aspect/OperRequiredPermissionAspect.java +++ /dev/null @@ -1,56 +0,0 @@ -package com.epmet.commons.tools.aspect; - -import com.epmet.commons.tools.dto.form.HasOperPermissionFormDTO; -import com.epmet.commons.tools.exception.EpmetErrorCode; -import com.epmet.commons.tools.exception.EpmetException; -import com.epmet.commons.tools.feign.CommonOperAccessOpenFeignClient; -import com.epmet.commons.tools.utils.Result; -import org.aspectj.lang.JoinPoint; -import org.aspectj.lang.annotation.Aspect; -import org.aspectj.lang.annotation.Before; -import org.aspectj.lang.reflect.MethodSignature; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.core.annotation.Order; -import org.springframework.stereotype.Component; -import org.springframework.web.context.request.RequestAttributes; -import org.springframework.web.context.request.RequestContextHolder; -import org.springframework.web.context.request.ServletRequestAttributes; - -import javax.servlet.http.HttpServletRequest; - -@Aspect -@Component -@Order(30) -public class OperRequiredPermissionAspect { - - @Autowired - private CommonOperAccessOpenFeignClient operAccessOpenFeignClient; - - @Before("@annotation(com.epmet.commons.tools.annotation.OperRequiredPermission)") - public void proceed(JoinPoint pjp) throws Throwable { -// MethodSignature signature = (MethodSignature) pjp.getSignature(); - HttpServletRequest request = getRequest(); - - String url = request.getRequestURI().toString(); - String method = request.getMethod(); - - HasOperPermissionFormDTO form = new HasOperPermissionFormDTO(); - form.setUri(url); - form.setMethod(method); - Result result = operAccessOpenFeignClient.hasOperPermission(form); - if (result == null || !result.success()) { - throw new EpmetException(EpmetErrorCode.EPMET_COMMON_OPERATION_FAIL.getCode(), "资源未授权", "资源未授权"); - } - } - - /** - * 获取Request对象 - * - * @return - */ - private HttpServletRequest getRequest() { - RequestAttributes ra = RequestContextHolder.getRequestAttributes(); - ServletRequestAttributes sra = (ServletRequestAttributes) ra; - return sra.getRequest(); - } -} diff --git a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/controller/OperMenuController.java b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/controller/OperMenuController.java index 73a54ba654..466eb6d7bf 100644 --- a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/controller/OperMenuController.java +++ b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/controller/OperMenuController.java @@ -1,7 +1,6 @@ package com.epmet.controller; import com.epmet.commons.tools.annotation.LoginUser; -import com.epmet.commons.tools.annotation.OperRequiredPermission; import com.epmet.commons.tools.constant.AppClientConstant; import com.epmet.commons.tools.exception.ErrorCode; import com.epmet.commons.tools.page.PageData; From 99f6995d001c5af73d5499942674e208bad8e894 Mon Sep 17 00:00:00 2001 From: wangxianzhang Date: Tue, 27 Sep 2022 22:42:13 +0800 Subject: [PATCH 4/9] =?UTF-8?q?=E8=B6=8A=E6=9D=83=E9=97=AE=E9=A2=98?= =?UTF-8?q?=E5=A4=84=E7=90=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../dto/form/HasOperPermissionFormDTO.java | 2 ++ .../CommonOperAccessOpenFeignClient.java | 2 +- .../java/com/epmet/GatewayApplication.java | 26 +++++++++++++++++++ .../com/epmet/auth/InternalAuthProcessor.java | 11 +++++--- .../java/com/epmet/filter/CpProperty.java | 11 ++++++++ .../com/epmet/filter/EpmetGatewayFilter.java | 5 ++++ .../src/main/resources/bootstrap-urls.yml | 5 ++++ .../src/main/resources/bootstrap.yml | 1 + .../dto/form/HasOperPermissionFormDTO.java | 2 ++ .../epmet/controller/OperMenuController.java | 13 ++++------ .../java/com/epmet/redis/OperMenuRedis.java | 4 +-- 11 files changed, 68 insertions(+), 14 deletions(-) create mode 100644 epmet-gateway/src/main/resources/bootstrap-urls.yml diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/dto/form/HasOperPermissionFormDTO.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/dto/form/HasOperPermissionFormDTO.java index f2ab024566..62faa45150 100644 --- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/dto/form/HasOperPermissionFormDTO.java +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/dto/form/HasOperPermissionFormDTO.java @@ -19,4 +19,6 @@ public class HasOperPermissionFormDTO { @NotBlank(message = "请求http方法不能为空") private String method; + @NotBlank(message = "操作者ID不能为空") + private String operId; } diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/CommonOperAccessOpenFeignClient.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/CommonOperAccessOpenFeignClient.java index 374a26aff5..90262649b8 100644 --- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/CommonOperAccessOpenFeignClient.java +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/CommonOperAccessOpenFeignClient.java @@ -14,8 +14,8 @@ import org.springframework.web.bind.annotation.RequestBody; * @Author yinzuomei * @Date 2020/5/21 15:17 本服务对外开放的API,其他服务通过引用此client调用该服务 */ -// , url = "http://localhost:8093" @FeignClient(name = ServiceConstant.OPER_ACCESS_SERVER, fallbackFactory = CommonOperAccessOpenFeignClientFallbackFactory.class) +//@FeignClient(name = ServiceConstant.OPER_ACCESS_SERVER, fallbackFactory = CommonOperAccessOpenFeignClientFallbackFactory.class, url = "http://localhost:8093") public interface CommonOperAccessOpenFeignClient { /** * @param diff --git a/epmet-gateway/src/main/java/com/epmet/GatewayApplication.java b/epmet-gateway/src/main/java/com/epmet/GatewayApplication.java index cf7493a300..0a6cd98492 100644 --- a/epmet-gateway/src/main/java/com/epmet/GatewayApplication.java +++ b/epmet-gateway/src/main/java/com/epmet/GatewayApplication.java @@ -8,9 +8,15 @@ package com.epmet; +import com.alibaba.fastjson.JSON; import com.epmet.commons.tools.aspect.ServletExceptionHandler; import com.epmet.commons.tools.config.RedissonConfig; import com.epmet.commons.tools.config.ThreadDispatcherConfig; +import com.epmet.commons.tools.redis.RedisKeys; +import com.epmet.commons.tools.redis.RedisUtils; +import com.epmet.filter.CpProperty; +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.cloud.client.discovery.EnableDiscoveryClient; @@ -18,6 +24,9 @@ import org.springframework.cloud.openfeign.EnableFeignClients; import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.FilterType; +import javax.annotation.PostConstruct; +import java.util.List; + /** * 网关服务 * @@ -31,7 +40,24 @@ import org.springframework.context.annotation.FilterType; @ComponentScan(basePackages = {"com.epmet.*"}, excludeFilters = @ComponentScan.Filter(type = FilterType.ASSIGNABLE_TYPE, classes = {RedissonConfig.class, ThreadDispatcherConfig.class, ServletExceptionHandler.class})) public class GatewayApplication { + @Autowired + private CpProperty cpProperty; + + @Autowired + private RedisUtils redisUtils; + public static void main(String[] args) { SpringApplication.run(GatewayApplication.class, args); } + + /** + * 初始化运营端校验资源列表 + */ + @PostConstruct + public void initOperExamineResources() { + if (!redisUtils.hasKey(RedisKeys.getOperExamineResourceUrls())) { + List operExamineResourceUrls = cpProperty.getOperExamineResourceUrls(); + redisUtils.setString(RedisKeys.getOperExamineResourceUrls(), JSON.toJSONString(operExamineResourceUrls)); + } + } } diff --git a/epmet-gateway/src/main/java/com/epmet/auth/InternalAuthProcessor.java b/epmet-gateway/src/main/java/com/epmet/auth/InternalAuthProcessor.java index a34a0385d4..b8e69d32ef 100644 --- a/epmet-gateway/src/main/java/com/epmet/auth/InternalAuthProcessor.java +++ b/epmet-gateway/src/main/java/com/epmet/auth/InternalAuthProcessor.java @@ -124,7 +124,7 @@ public class InternalAuthProcessor extends AuthProcessor { // 针对运营端的url拦截和校验 if (AppClientConstant.APP_OPER.equals(app)) { HttpMethod method = request.getMethod(); - Boolean hasAccess = checkRequestOperResource(requestUri, method.toString()); + Boolean hasAccess = checkRequestOperResource(userId, requestUri, method.toString()); if (!hasAccess) { throw new EpmetException(EpmetErrorCode.EPMET_COMMON_OPERATION_FAIL.getCode(), "资源未授权", "资源未授权"); } @@ -140,10 +140,14 @@ public class InternalAuthProcessor extends AuthProcessor { * @param method * @return */ - private Boolean checkRequestOperResource(String uri, String method) { - String resourceJsonString = (String)redisUtils.get(RedisKeys.getOperExamineResourceUrls()); + private Boolean checkRequestOperResource(String userId, String uri, String method) { + String resourceJsonString = redisUtils.getString(RedisKeys.getOperExamineResourceUrls()); List resources = JSON.parseObject(resourceJsonString, new TypeReference>() {}); + if (resources == null) { + return true; + } + for (OperResouce resource : resources) { if (antPathMatcher.match(resource.getResourceUrl(), uri) && resource.getResourceMethod().equals(method)) { @@ -152,6 +156,7 @@ public class InternalAuthProcessor extends AuthProcessor { HasOperPermissionFormDTO form = new HasOperPermissionFormDTO(); form.setUri(uri); form.setMethod(method); + form.setOperId(userId); Result result = operAccessOpenFeignClient.hasOperPermission(form); if (result == null || !result.success()) { return false; diff --git a/epmet-gateway/src/main/java/com/epmet/filter/CpProperty.java b/epmet-gateway/src/main/java/com/epmet/filter/CpProperty.java index 2ea01e1c32..71dce075fe 100644 --- a/epmet-gateway/src/main/java/com/epmet/filter/CpProperty.java +++ b/epmet-gateway/src/main/java/com/epmet/filter/CpProperty.java @@ -42,4 +42,15 @@ public class CpProperty { */ private List swaggerUrls; + /** + * 运营端,需要校验的url资源列表 + */ + private List operExamineResourceUrls; + + @Data + public static class OperExamineResource { + private String resourceUrl; + private String resourceMethod; + } + } diff --git a/epmet-gateway/src/main/java/com/epmet/filter/EpmetGatewayFilter.java b/epmet-gateway/src/main/java/com/epmet/filter/EpmetGatewayFilter.java index 7cca3c4b36..ea02f75376 100644 --- a/epmet-gateway/src/main/java/com/epmet/filter/EpmetGatewayFilter.java +++ b/epmet-gateway/src/main/java/com/epmet/filter/EpmetGatewayFilter.java @@ -5,6 +5,7 @@ import com.epmet.auth.ExternalAuthProcessor; import com.epmet.auth.InternalAuthProcessor; import com.epmet.commons.tools.constant.AppClientConstant; import com.epmet.commons.tools.exception.EpmetErrorCode; +import com.epmet.commons.tools.exception.EpmetException; import com.epmet.commons.tools.exception.ExceptionUtils; import com.epmet.commons.tools.exception.RenException; import com.epmet.commons.tools.utils.IpUtils; @@ -64,6 +65,10 @@ public class EpmetGatewayFilter implements GatewayFilter { } return doFilter(exchange, chain); + } catch (EpmetException re) { + // 人为抛出,则携带错误码和错误信息响应给前端 + log.error("EpmetGatewayFilter认证出错RenException,错误信息:{}", ExceptionUtils.getErrorStackTrace(re)); + return response(exchange, new Result<>().error(re.getCode(), re.getMessage())); } catch (RenException re) { // 人为抛出,则携带错误码和错误信息响应给前端 log.error("EpmetGatewayFilter认证出错RenException,错误信息:{}", ExceptionUtils.getErrorStackTrace(re)); diff --git a/epmet-gateway/src/main/resources/bootstrap-urls.yml b/epmet-gateway/src/main/resources/bootstrap-urls.yml new file mode 100644 index 0000000000..dded0b1b86 --- /dev/null +++ b/epmet-gateway/src/main/resources/bootstrap-urls.yml @@ -0,0 +1,5 @@ +epmet: + oper-examine-resource-urls: + # 角色编辑 + - resourceUrl: /oper/access/operrole + resourceMethod: PUT \ No newline at end of file diff --git a/epmet-gateway/src/main/resources/bootstrap.yml b/epmet-gateway/src/main/resources/bootstrap.yml index bfc3d86130..483f545f43 100644 --- a/epmet-gateway/src/main/resources/bootstrap.yml +++ b/epmet-gateway/src/main/resources/bootstrap.yml @@ -12,6 +12,7 @@ spring: name: epmet-gateway-server #环境 dev|test|prod profiles: + include: urls active: @spring.profiles.active@ messages: encoding: UTF-8 diff --git a/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/dto/form/HasOperPermissionFormDTO.java b/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/dto/form/HasOperPermissionFormDTO.java index 9a8197cd9e..0284894e54 100644 --- a/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/dto/form/HasOperPermissionFormDTO.java +++ b/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/dto/form/HasOperPermissionFormDTO.java @@ -19,4 +19,6 @@ public class HasOperPermissionFormDTO { @NotBlank(message = "请求http方法不能为空") private String method; + @NotBlank(message = "操作者ID不能为空") + private String operId; } diff --git a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/controller/OperMenuController.java b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/controller/OperMenuController.java index 466eb6d7bf..f56bb2aa57 100644 --- a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/controller/OperMenuController.java +++ b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/controller/OperMenuController.java @@ -175,15 +175,12 @@ public class OperMenuController { String uri = form.getUri(); String method = form.getMethod(); - String loginUserApp = EpmetRequestHolder.getLoginUserApp(); - String loginUserId = EpmetRequestHolder.getLoginUserId(); + // if (!AppClientConstant.APP_OPER.equals(loginUserApp)) { + //// 只校验运营端,其他都返回true + // return new Result(); + // } - if (!AppClientConstant.APP_OPER.equals(loginUserApp)) { -// 只校验运营端,其他都返回true - return new Result(); - } - - Boolean isMathe = operMenuService.hasOperPermission(uri, method, loginUserId); + Boolean isMathe = operMenuService.hasOperPermission(uri, method, form.getOperId()); if (isMathe){ return new Result(); } else { diff --git a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/redis/OperMenuRedis.java b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/redis/OperMenuRedis.java index 9121d631e9..4173845149 100644 --- a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/redis/OperMenuRedis.java +++ b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/redis/OperMenuRedis.java @@ -76,14 +76,14 @@ public class OperMenuRedis { public List getOperResourcesByUserId(String operId) { String key = RedisKeys.operResourcesByUserId(operId); - String json = (String) redisUtils.get(key); + String json = redisUtils.getString(key); return JSON.parseObject(json, new TypeReference>(){}); } public void setOperResourcesByUserId(String operId, List resouces) { String key = RedisKeys.operResourcesByUserId(operId); String jsonString = JSON.toJSONString(resouces); - redisUtils.set(key, jsonString); + redisUtils.setString(key, jsonString); } /** From fd420a00db1fba65170e6e1f991a50af2e31b5c5 Mon Sep 17 00:00:00 2001 From: wangxianzhang Date: Wed, 28 Sep 2022 12:42:19 +0800 Subject: [PATCH 5/9] =?UTF-8?q?=E8=B6=8A=E6=9D=83=E9=97=AE=E9=A2=98?= =?UTF-8?q?=E5=A4=84=E7=90=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../CommonOperAccessOpenFeignClient.java | 10 +++++ ...mmonOperAccessOpenFeignClientFallback.java | 8 ++++ .../epmet/commons/tools/redis/RedisKeys.java | 6 ++- .../java/com/epmet/GatewayApplication.java | 14 +++---- .../com/epmet/auth/InternalAuthProcessor.java | 11 +++++- .../feign/OperAccessOpenFeignClient.java | 7 ++++ .../OperAccessOpenFeignClientFallback.java | 5 +++ .../epmet/controller/OperMenuController.java | 13 ++++++- .../main/java/com/epmet/dao/OperMenuDao.java | 2 + .../com/epmet/service/OperMenuService.java | 3 ++ .../service/impl/OperMenuServiceImpl.java | 39 +++++++++++++++++++ .../service/impl/OperRoleServiceImpl.java | 23 +++++++++++ .../src/main/resources/mapper/OperMenuDao.xml | 9 ++++- .../service/impl/OperUserServiceImpl.java | 15 +++++++ 14 files changed, 153 insertions(+), 12 deletions(-) diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/CommonOperAccessOpenFeignClient.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/CommonOperAccessOpenFeignClient.java index 90262649b8..15f76dcb62 100644 --- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/CommonOperAccessOpenFeignClient.java +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/CommonOperAccessOpenFeignClient.java @@ -2,6 +2,7 @@ package com.epmet.commons.tools.feign; import com.epmet.commons.tools.constant.ServiceConstant; import com.epmet.commons.tools.dto.form.HasOperPermissionFormDTO; +import com.epmet.commons.tools.dto.result.OperResouce; import com.epmet.commons.tools.feign.fallback.CommonOperAccessOpenFeignClientFallbackFactory; import com.epmet.commons.tools.utils.Result; import org.springframework.cloud.openfeign.FeignClient; @@ -9,6 +10,8 @@ import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; +import java.util.List; + /** * @Description 运营端权限模块 * @Author yinzuomei @@ -33,4 +36,11 @@ public interface CommonOperAccessOpenFeignClient { */ @PostMapping("/oper/access/menu/hasPermission") Result hasOperPermission(@RequestBody HasOperPermissionFormDTO form); + + /** + * 需要验证的菜单资源 + * @return + */ + @PostMapping("/oper/access/menu/getExamineResourceUrls") + Result> getExamineResourceUrls(); } diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/fallback/CommonOperAccessOpenFeignClientFallback.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/fallback/CommonOperAccessOpenFeignClientFallback.java index d6ce167496..ba047f1ada 100644 --- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/fallback/CommonOperAccessOpenFeignClientFallback.java +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/fallback/CommonOperAccessOpenFeignClientFallback.java @@ -2,10 +2,13 @@ package com.epmet.commons.tools.feign.fallback; import com.epmet.commons.tools.constant.ServiceConstant; import com.epmet.commons.tools.dto.form.HasOperPermissionFormDTO; +import com.epmet.commons.tools.dto.result.OperResouce; import com.epmet.commons.tools.feign.CommonOperAccessOpenFeignClient; import com.epmet.commons.tools.utils.ModuleUtils; import com.epmet.commons.tools.utils.Result; +import java.util.List; + /** * @Description 运营端权限模块 * @Author yinzuomei @@ -23,5 +26,10 @@ public class CommonOperAccessOpenFeignClientFallback implements CommonOperAccess public Result hasOperPermission(HasOperPermissionFormDTO form) { return ModuleUtils.feignConError(ServiceConstant.OPER_ACCESS_SERVER, "hasOperPermission"); } + + @Override + public Result> getExamineResourceUrls() { + return ModuleUtils.feignConError(ServiceConstant.OPER_ACCESS_SERVER, "getExamineResourceUrls"); + } } diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java index bb22e8de4b..c09f13f2f4 100644 --- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java @@ -895,8 +895,12 @@ public class RedisKeys { * @param operId * @return */ + public static String operResourcesBaseDir() { + return rootPrefix.concat("oper:access:resources:"); + } + public static String operResourcesByUserId(String operId) { - return rootPrefix.concat("oper:access:resources:").concat(operId); + return operResourcesBaseDir().concat(operId); } /** diff --git a/epmet-gateway/src/main/java/com/epmet/GatewayApplication.java b/epmet-gateway/src/main/java/com/epmet/GatewayApplication.java index 0a6cd98492..399f574dd9 100644 --- a/epmet-gateway/src/main/java/com/epmet/GatewayApplication.java +++ b/epmet-gateway/src/main/java/com/epmet/GatewayApplication.java @@ -53,11 +53,11 @@ public class GatewayApplication { /** * 初始化运营端校验资源列表 */ - @PostConstruct - public void initOperExamineResources() { - if (!redisUtils.hasKey(RedisKeys.getOperExamineResourceUrls())) { - List operExamineResourceUrls = cpProperty.getOperExamineResourceUrls(); - redisUtils.setString(RedisKeys.getOperExamineResourceUrls(), JSON.toJSONString(operExamineResourceUrls)); - } - } +// @PostConstruct +// public void initOperExamineResources() { +// if (!redisUtils.hasKey(RedisKeys.getOperExamineResourceUrls())) { +// List operExamineResourceUrls = cpProperty.getOperExamineResourceUrls(); +// redisUtils.setString(RedisKeys.getOperExamineResourceUrls(), JSON.toJSONString(operExamineResourceUrls)); +// } +// } } diff --git a/epmet-gateway/src/main/java/com/epmet/auth/InternalAuthProcessor.java b/epmet-gateway/src/main/java/com/epmet/auth/InternalAuthProcessor.java index b8e69d32ef..c857f97159 100644 --- a/epmet-gateway/src/main/java/com/epmet/auth/InternalAuthProcessor.java +++ b/epmet-gateway/src/main/java/com/epmet/auth/InternalAuthProcessor.java @@ -4,12 +4,14 @@ import com.alibaba.fastjson.JSON; import com.alibaba.fastjson.TypeReference; import com.epmet.commons.tools.constant.AppClientConstant; import com.epmet.commons.tools.constant.Constant; +import com.epmet.commons.tools.constant.ServiceConstant; import com.epmet.commons.tools.dto.form.HasOperPermissionFormDTO; import com.epmet.commons.tools.dto.result.OperResouce; import com.epmet.commons.tools.exception.EpmetErrorCode; import com.epmet.commons.tools.exception.EpmetException; import com.epmet.commons.tools.exception.RenException; import com.epmet.commons.tools.feign.CommonOperAccessOpenFeignClient; +import com.epmet.commons.tools.feign.ResultDataResolver; import com.epmet.commons.tools.redis.RedisKeys; import com.epmet.commons.tools.redis.RedisUtils; import com.epmet.commons.tools.security.dto.BaseTokenDto; @@ -37,7 +39,7 @@ import java.util.List; * 内部认证处理器 */ @Component -public class InternalAuthProcessor extends AuthProcessor { +public class InternalAuthProcessor extends AuthProcessor implements ResultDataResolver { private Logger logger = LoggerFactory.getLogger(getClass()); @@ -145,7 +147,12 @@ public class InternalAuthProcessor extends AuthProcessor { List resources = JSON.parseObject(resourceJsonString, new TypeReference>() {}); if (resources == null) { - return true; + // redis中没有缓存,需要api获取 + resources = getResultDataOrThrowsException(operAccessOpenFeignClient.getExamineResourceUrls(), ServiceConstant.OPER_ACCESS_SERVER, + EpmetErrorCode.SERVER_ERROR.getCode(), "调用operaccess获取要校验的资源失败", "调用operaccess获取要校验的资源失败"); + + // 缓存 + redisUtils.setString(RedisKeys.getOperExamineResourceUrls(), JSON.toJSONString(resources)); } for (OperResouce resource : resources) { diff --git a/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/feign/OperAccessOpenFeignClient.java b/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/feign/OperAccessOpenFeignClient.java index 01101e83ca..6bae396ae4 100644 --- a/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/feign/OperAccessOpenFeignClient.java +++ b/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/feign/OperAccessOpenFeignClient.java @@ -33,4 +33,11 @@ public interface OperAccessOpenFeignClient { */ @PostMapping("/oper/access/menu/hasPermission") Result hasOperPermission(@RequestBody HasOperPermissionFormDTO form); + + /** + * 需要验证的菜单资源 + * @return + */ + @PostMapping("/oper/access/menu/getExamineResourceUrls") + Result getExamineResourceUrls(); } diff --git a/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/feign/fallback/OperAccessOpenFeignClientFallback.java b/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/feign/fallback/OperAccessOpenFeignClientFallback.java index c6e275097c..0f20298bfa 100644 --- a/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/feign/fallback/OperAccessOpenFeignClientFallback.java +++ b/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/feign/fallback/OperAccessOpenFeignClientFallback.java @@ -23,5 +23,10 @@ public class OperAccessOpenFeignClientFallback implements OperAccessOpenFeignCli public Result hasOperPermission(HasOperPermissionFormDTO form) { return ModuleUtils.feignConError(ServiceConstant.OPER_ACCESS_SERVER, "hasOperPermission"); } + + @Override + public Result getExamineResourceUrls() { + return ModuleUtils.feignConError(ServiceConstant.OPER_ACCESS_SERVER, "getExamineResourceUrls"); + } } diff --git a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/controller/OperMenuController.java b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/controller/OperMenuController.java index f56bb2aa57..c04455b92e 100644 --- a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/controller/OperMenuController.java +++ b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/controller/OperMenuController.java @@ -16,6 +16,7 @@ import com.epmet.commons.tools.validator.group.UpdateGroup; import com.epmet.dto.OperMenuDTO; import com.epmet.dto.form.HasOperPermissionFormDTO; import com.epmet.dto.result.MenuResourceDTO; +import com.epmet.dto.result.OperResouce; import com.epmet.excel.OperMenuExcel; import com.epmet.service.OperMenuService; import com.epmet.service.OperResourceService; @@ -166,7 +167,7 @@ public class OperMenuController { } /** - * 是否有该接口的权限 + * 改运营人员是否有该接口的权限 * @return */ @PostMapping("hasPermission") @@ -187,4 +188,14 @@ public class OperMenuController { return new Result().error(); } } + + /** + * 需要验证的菜单资源 + * @return + */ + @PostMapping("getExamineResourceUrls") + public Result getExamineResourceUrls() { + List resources = operMenuService.getExamineResourceUrls(); + return new Result().ok(resources); + } } diff --git a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/dao/OperMenuDao.java b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/dao/OperMenuDao.java index 22ecf34695..4e38620c38 100644 --- a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/dao/OperMenuDao.java +++ b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/dao/OperMenuDao.java @@ -52,4 +52,6 @@ public interface OperMenuDao extends BaseDao { List getListPid(String pid); List getOperResourcesByUserId(String operId); + + List getExamineResourceUrls(); } diff --git a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/OperMenuService.java b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/OperMenuService.java index 670d972455..a56dffb0ac 100644 --- a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/OperMenuService.java +++ b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/OperMenuService.java @@ -21,6 +21,7 @@ import com.epmet.commons.mybatis.service.BaseService; import com.epmet.commons.tools.page.PageData; import com.epmet.commons.tools.security.dto.TokenDto; import com.epmet.dto.OperMenuDTO; +import com.epmet.dto.result.OperResouce; import com.epmet.entity.OperMenuEntity; import java.util.List; @@ -143,4 +144,6 @@ public interface OperMenuService extends BaseService { void clearOperUserAccess(String app, String client, String userId); Boolean hasOperPermission(String uri, String method, String loginUserId); + + List getExamineResourceUrls(); } diff --git a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/impl/OperMenuServiceImpl.java b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/impl/OperMenuServiceImpl.java index f2dea5642e..60a879a61a 100644 --- a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/impl/OperMenuServiceImpl.java +++ b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/impl/OperMenuServiceImpl.java @@ -24,8 +24,11 @@ import com.epmet.commons.tools.constant.Constant; import com.epmet.commons.tools.constant.FieldConstant; import com.epmet.commons.tools.enums.SuperAdminEnum; import com.epmet.commons.tools.exception.ErrorCode; +import com.epmet.commons.tools.exception.ExceptionUtils; import com.epmet.commons.tools.exception.RenException; import com.epmet.commons.tools.page.PageData; +import com.epmet.commons.tools.redis.RedisKeys; +import com.epmet.commons.tools.redis.RedisUtils; import com.epmet.commons.tools.security.dto.TokenDto; import com.epmet.commons.tools.utils.ConvertUtils; import com.epmet.commons.tools.utils.HttpContextUtils; @@ -72,6 +75,8 @@ public class OperMenuServiceImpl extends BaseServiceImpl getExamineResourceUrls() { + return baseDao.getExamineResourceUrls(); + } } diff --git a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/impl/OperRoleServiceImpl.java b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/impl/OperRoleServiceImpl.java index 7af5d774c6..e9d80b6399 100644 --- a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/impl/OperRoleServiceImpl.java +++ b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/impl/OperRoleServiceImpl.java @@ -21,7 +21,10 @@ import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; import com.baomidou.mybatisplus.core.metadata.IPage; import com.epmet.commons.mybatis.service.impl.BaseServiceImpl; import com.epmet.commons.tools.constant.FieldConstant; +import com.epmet.commons.tools.exception.ExceptionUtils; import com.epmet.commons.tools.page.PageData; +import com.epmet.commons.tools.redis.RedisKeys; +import com.epmet.commons.tools.redis.RedisUtils; import com.epmet.commons.tools.utils.ConvertUtils; import com.epmet.dao.OperRoleDao; import com.epmet.dto.OperRoleDTO; @@ -30,6 +33,7 @@ import com.epmet.redis.OperRoleRedis; import com.epmet.service.OperRoleMenuService; import com.epmet.service.OperRoleService; import com.epmet.service.OperRoleUserService; +import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; @@ -46,6 +50,7 @@ import java.util.Map; * @since v1.0.0 2020-03-18 */ @Service +@Slf4j public class OperRoleServiceImpl extends BaseServiceImpl implements OperRoleService { @Autowired @@ -55,6 +60,9 @@ public class OperRoleServiceImpl extends BaseServiceImpl page(Map params) { IPage page = baseDao.selectPage( @@ -93,6 +101,13 @@ public class OperRoleServiceImpl extends BaseServiceImpl + + + diff --git a/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/OperUserServiceImpl.java b/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/OperUserServiceImpl.java index 119e07c453..d44fe607eb 100644 --- a/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/OperUserServiceImpl.java +++ b/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/OperUserServiceImpl.java @@ -26,8 +26,11 @@ import com.epmet.commons.tools.constant.FieldConstant; import com.epmet.commons.tools.enums.SuperAdminEnum; import com.epmet.commons.tools.exception.EpmetErrorCode; import com.epmet.commons.tools.exception.EpmetException; +import com.epmet.commons.tools.exception.ExceptionUtils; import com.epmet.commons.tools.exception.RenException; import com.epmet.commons.tools.page.PageData; +import com.epmet.commons.tools.redis.RedisKeys; +import com.epmet.commons.tools.redis.RedisUtils; import com.epmet.commons.tools.security.password.PasswordUtils; import com.epmet.commons.tools.utils.ConvertUtils; import com.epmet.commons.tools.utils.Result; @@ -39,6 +42,7 @@ import com.epmet.entity.UserEntity; import com.epmet.feign.OperRoleUserFeignClient; import com.epmet.service.OperUserService; import com.epmet.service.UserService; +import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; @@ -56,6 +60,7 @@ import java.util.Map; * @since v1.0.0 2020-03-18 */ @Service +@Slf4j public class OperUserServiceImpl extends BaseServiceImpl implements OperUserService { @Autowired @@ -64,6 +69,8 @@ public class OperUserServiceImpl extends BaseServiceImpl page(Map params) { @@ -132,6 +139,13 @@ public class OperUserServiceImpl extends BaseServiceImpl Date: Wed, 28 Sep 2022 16:02:52 +0800 Subject: [PATCH 6/9] =?UTF-8?q?=E9=85=8D=E7=BD=AE=E8=8F=9C=E5=8D=95?= =?UTF-8?q?=E9=97=AE=E9=A2=98=E4=BF=AE=E5=A4=8D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../src/main/resources/mapper/OperMenuDao.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/epmet-module/oper-access/oper-access-server/src/main/resources/mapper/OperMenuDao.xml b/epmet-module/oper-access/oper-access-server/src/main/resources/mapper/OperMenuDao.xml index 3b013f6048..bd302185f5 100644 --- a/epmet-module/oper-access/oper-access-server/src/main/resources/mapper/OperMenuDao.xml +++ b/epmet-module/oper-access/oper-access-server/src/main/resources/mapper/OperMenuDao.xml @@ -27,8 +27,8 @@ select t3.*, (select lang.field_value from oper_language lang where lang.table_name='oper_menu' and lang.field_name='name' and lang.table_id=t3.id and lang.language=#{language}) as name from oper_role_user t1 left join oper_role_menu t2 on (t1.role_id = t2.role_id AND t2.del_flag = 0) - left join oper_menu t3 on (t2.menu_id = t3.id and t3.del_flag = 0) - where t1.user_id = #{userId} AND t1.del_flag = 0 + left join oper_menu t3 on (t2.menu_id = t3.id) + where t1.user_id = #{userId} AND t1.del_flag = 0 and t3.del_flag = 0 and t3.type = #{type} From 3d8f23a10483aadf772b08cc29d723de12c79c0c Mon Sep 17 00:00:00 2001 From: wangxianzhang Date: Wed, 28 Sep 2022 16:07:09 +0800 Subject: [PATCH 7/9] =?UTF-8?q?=E9=85=8D=E7=BD=AE=E8=8F=9C=E5=8D=95?= =?UTF-8?q?=E9=97=AE=E9=A2=98=E4=BF=AE=E5=A4=8D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../com/epmet/service/impl/OperMenuServiceImpl.java | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/impl/OperMenuServiceImpl.java b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/impl/OperMenuServiceImpl.java index 60a879a61a..47667c980f 100644 --- a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/impl/OperMenuServiceImpl.java +++ b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/impl/OperMenuServiceImpl.java @@ -292,6 +292,18 @@ public class OperMenuServiceImpl extends BaseServiceImpl operUserDTOResult = epmetUserFeignClient.info(operId); + if(!operUserDTOResult.success()||null==operUserDTOResult.getData()){ + logger.error("查询运营人员信息失败:operId:{}", operId); + return false; + } + + //系统管理员,拥有最高权限 + if(operUserDTOResult.getData().getSuperAdmin() == SuperAdminEnum.YES.value()){ + return true; + } + + // 不是系统管理员再具体查询 List resouces = operMenuRedis.getOperResourcesByUserId(operId); if (resouces == null) { resouces = baseDao.getOperResourcesByUserId(operId); From a5f75c2a756cbae0807bbd7f0dcbdbaaf636cbb0 Mon Sep 17 00:00:00 2001 From: wangxianzhang Date: Wed, 28 Sep 2022 16:26:40 +0800 Subject: [PATCH 8/9] =?UTF-8?q?=E8=BF=90=E8=90=A5=E7=AB=AF=E8=8F=9C?= =?UTF-8?q?=E5=8D=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../src/main/resources/mapper/OperMenuDao.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/epmet-module/oper-access/oper-access-server/src/main/resources/mapper/OperMenuDao.xml b/epmet-module/oper-access/oper-access-server/src/main/resources/mapper/OperMenuDao.xml index bd302185f5..5c0a2e6bf4 100644 --- a/epmet-module/oper-access/oper-access-server/src/main/resources/mapper/OperMenuDao.xml +++ b/epmet-module/oper-access/oper-access-server/src/main/resources/mapper/OperMenuDao.xml @@ -28,7 +28,7 @@ and lang.table_id=t3.id and lang.language=#{language}) as name from oper_role_user t1 left join oper_role_menu t2 on (t1.role_id = t2.role_id AND t2.del_flag = 0) left join oper_menu t3 on (t2.menu_id = t3.id) - where t1.user_id = #{userId} AND t1.del_flag = 0 and t3.del_flag = 0 + where t1.user_id = #{userId} AND t1.del_flag = 0 and t3.del_flag = 0 and t2.DEL_FLAG = 0 and t3.type = #{type} From 238840908b27500fa5a88d0223904155c7df7cb1 Mon Sep 17 00:00:00 2001 From: jianjun Date: Wed, 28 Sep 2022 16:43:08 +0800 Subject: [PATCH 9/9] bug --- .../src/main/resources/mapper/OperRoleMenuDao.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/epmet-module/oper-access/oper-access-server/src/main/resources/mapper/OperRoleMenuDao.xml b/epmet-module/oper-access/oper-access-server/src/main/resources/mapper/OperRoleMenuDao.xml index b9075fceda..17f9602254 100644 --- a/epmet-module/oper-access/oper-access-server/src/main/resources/mapper/OperRoleMenuDao.xml +++ b/epmet-module/oper-access/oper-access-server/src/main/resources/mapper/OperRoleMenuDao.xml @@ -4,7 +4,7 @@