diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/dto/form/HasOperPermissionFormDTO.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/dto/form/HasOperPermissionFormDTO.java new file mode 100644 index 0000000000..62faa45150 --- /dev/null +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/dto/form/HasOperPermissionFormDTO.java @@ -0,0 +1,24 @@ +package com.epmet.commons.tools.dto.form; + +import lombok.Data; + +import javax.validation.constraints.NotBlank; + +@Data +public class HasOperPermissionFormDTO { + + /** + * uri + */ + @NotBlank(message = "uri不能为空") + private String uri; + + /** + * http方法 + */ + @NotBlank(message = "请求http方法不能为空") + private String method; + + @NotBlank(message = "操作者ID不能为空") + private String operId; +} diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/dto/result/OperResouce.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/dto/result/OperResouce.java new file mode 100644 index 0000000000..632f013746 --- /dev/null +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/dto/result/OperResouce.java @@ -0,0 +1,13 @@ +package com.epmet.commons.tools.dto.result; + +import lombok.Data; + +@Data +public class OperResouce { + + private String userId; + private String resourceUrl; + private String ResourceMethod; + + +} diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/CommonOperAccessOpenFeignClient.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/CommonOperAccessOpenFeignClient.java new file mode 100644 index 0000000000..15f76dcb62 --- /dev/null +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/CommonOperAccessOpenFeignClient.java @@ -0,0 +1,46 @@ +package com.epmet.commons.tools.feign; + +import com.epmet.commons.tools.constant.ServiceConstant; +import com.epmet.commons.tools.dto.form.HasOperPermissionFormDTO; +import com.epmet.commons.tools.dto.result.OperResouce; +import com.epmet.commons.tools.feign.fallback.CommonOperAccessOpenFeignClientFallbackFactory; +import com.epmet.commons.tools.utils.Result; +import org.springframework.cloud.openfeign.FeignClient; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestBody; + +import java.util.List; + +/** + * @Description 运营端权限模块 + * @Author yinzuomei + * @Date 2020/5/21 15:17 本服务对外开放的API,其他服务通过引用此client调用该服务 + */ +@FeignClient(name = ServiceConstant.OPER_ACCESS_SERVER, fallbackFactory = CommonOperAccessOpenFeignClientFallbackFactory.class) +//@FeignClient(name = ServiceConstant.OPER_ACCESS_SERVER, fallbackFactory = CommonOperAccessOpenFeignClientFallbackFactory.class, url = "http://localhost:8093") +public interface CommonOperAccessOpenFeignClient { + /** + * @param + * @return com.epmet.commons.tools.utils.Result + * @Author yinzuomei + * @Description 清空运营人员权限信息、菜单信息 + * @Date 2020/5/21 17:08 + **/ + @GetMapping("/oper/access/menu/clearoperuseraccess") + Result clearOperUserAccess(); + + /** + * 是否有该接口的权限 + * @return + */ + @PostMapping("/oper/access/menu/hasPermission") + Result hasOperPermission(@RequestBody HasOperPermissionFormDTO form); + + /** + * 需要验证的菜单资源 + * @return + */ + @PostMapping("/oper/access/menu/getExamineResourceUrls") + Result> getExamineResourceUrls(); +} diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/fallback/CommonOperAccessOpenFeignClientFallback.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/fallback/CommonOperAccessOpenFeignClientFallback.java new file mode 100644 index 0000000000..ba047f1ada --- /dev/null +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/fallback/CommonOperAccessOpenFeignClientFallback.java @@ -0,0 +1,35 @@ +package com.epmet.commons.tools.feign.fallback; + +import com.epmet.commons.tools.constant.ServiceConstant; +import com.epmet.commons.tools.dto.form.HasOperPermissionFormDTO; +import com.epmet.commons.tools.dto.result.OperResouce; +import com.epmet.commons.tools.feign.CommonOperAccessOpenFeignClient; +import com.epmet.commons.tools.utils.ModuleUtils; +import com.epmet.commons.tools.utils.Result; + +import java.util.List; + +/** + * @Description 运营端权限模块 + * @Author yinzuomei + * @Date 2020/5/21 15:47 + */ +//@Component +public class CommonOperAccessOpenFeignClientFallback implements CommonOperAccessOpenFeignClient { + @Override + public Result clearOperUserAccess() { + return ModuleUtils.feignConError(ServiceConstant.OPER_ACCESS_SERVER, "clearOperUserAccess"); + + } + + @Override + public Result hasOperPermission(HasOperPermissionFormDTO form) { + return ModuleUtils.feignConError(ServiceConstant.OPER_ACCESS_SERVER, "hasOperPermission"); + } + + @Override + public Result> getExamineResourceUrls() { + return ModuleUtils.feignConError(ServiceConstant.OPER_ACCESS_SERVER, "getExamineResourceUrls"); + } +} + diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/fallback/CommonOperAccessOpenFeignClientFallbackFactory.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/fallback/CommonOperAccessOpenFeignClientFallbackFactory.java new file mode 100644 index 0000000000..d62f24900c --- /dev/null +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/fallback/CommonOperAccessOpenFeignClientFallbackFactory.java @@ -0,0 +1,19 @@ +package com.epmet.commons.tools.feign.fallback; + +import com.epmet.commons.tools.exception.ExceptionUtils; +import com.epmet.commons.tools.feign.CommonOperAccessOpenFeignClient; +import feign.hystrix.FallbackFactory; +import lombok.extern.slf4j.Slf4j; +import org.springframework.stereotype.Component; + +@Component +@Slf4j +public class CommonOperAccessOpenFeignClientFallbackFactory implements FallbackFactory { + private CommonOperAccessOpenFeignClientFallback fallback = new CommonOperAccessOpenFeignClientFallback(); + + @Override + public CommonOperAccessOpenFeignClient create(Throwable cause) { + log.error(String.format("FeignClient调用发生异常,异常信息:%s", ExceptionUtils.getThrowableErrorStackTrace(cause))); + return fallback; + } +} diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java index ac55205beb..c09f13f2f4 100644 --- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java @@ -889,4 +889,25 @@ public class RedisKeys { public static String getDingMiniInfoKey(String suiteKey) { return rootPrefix.concat("ding:miniInfo:" + suiteKey); } + + /** + * 运营人员-资源权限 + * @param operId + * @return + */ + public static String operResourcesBaseDir() { + return rootPrefix.concat("oper:access:resources:"); + } + + public static String operResourcesByUserId(String operId) { + return operResourcesBaseDir().concat(operId); + } + + /** + * 获取需要检查的资源url + * @return + */ + public static String getOperExamineResourceUrls() { + return rootPrefix.concat("oper:access:examineresources"); + } } diff --git a/epmet-gateway/src/main/java/com/epmet/GatewayApplication.java b/epmet-gateway/src/main/java/com/epmet/GatewayApplication.java index cf7493a300..399f574dd9 100644 --- a/epmet-gateway/src/main/java/com/epmet/GatewayApplication.java +++ b/epmet-gateway/src/main/java/com/epmet/GatewayApplication.java @@ -8,9 +8,15 @@ package com.epmet; +import com.alibaba.fastjson.JSON; import com.epmet.commons.tools.aspect.ServletExceptionHandler; import com.epmet.commons.tools.config.RedissonConfig; import com.epmet.commons.tools.config.ThreadDispatcherConfig; +import com.epmet.commons.tools.redis.RedisKeys; +import com.epmet.commons.tools.redis.RedisUtils; +import com.epmet.filter.CpProperty; +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.cloud.client.discovery.EnableDiscoveryClient; @@ -18,6 +24,9 @@ import org.springframework.cloud.openfeign.EnableFeignClients; import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.FilterType; +import javax.annotation.PostConstruct; +import java.util.List; + /** * 网关服务 * @@ -31,7 +40,24 @@ import org.springframework.context.annotation.FilterType; @ComponentScan(basePackages = {"com.epmet.*"}, excludeFilters = @ComponentScan.Filter(type = FilterType.ASSIGNABLE_TYPE, classes = {RedissonConfig.class, ThreadDispatcherConfig.class, ServletExceptionHandler.class})) public class GatewayApplication { + @Autowired + private CpProperty cpProperty; + + @Autowired + private RedisUtils redisUtils; + public static void main(String[] args) { SpringApplication.run(GatewayApplication.class, args); } + + /** + * 初始化运营端校验资源列表 + */ +// @PostConstruct +// public void initOperExamineResources() { +// if (!redisUtils.hasKey(RedisKeys.getOperExamineResourceUrls())) { +// List operExamineResourceUrls = cpProperty.getOperExamineResourceUrls(); +// redisUtils.setString(RedisKeys.getOperExamineResourceUrls(), JSON.toJSONString(operExamineResourceUrls)); +// } +// } } diff --git a/epmet-gateway/src/main/java/com/epmet/auth/InternalAuthProcessor.java b/epmet-gateway/src/main/java/com/epmet/auth/InternalAuthProcessor.java index 305bf2b3a4..c857f97159 100644 --- a/epmet-gateway/src/main/java/com/epmet/auth/InternalAuthProcessor.java +++ b/epmet-gateway/src/main/java/com/epmet/auth/InternalAuthProcessor.java @@ -1,11 +1,22 @@ package com.epmet.auth; +import com.alibaba.fastjson.JSON; +import com.alibaba.fastjson.TypeReference; import com.epmet.commons.tools.constant.AppClientConstant; import com.epmet.commons.tools.constant.Constant; +import com.epmet.commons.tools.constant.ServiceConstant; +import com.epmet.commons.tools.dto.form.HasOperPermissionFormDTO; +import com.epmet.commons.tools.dto.result.OperResouce; import com.epmet.commons.tools.exception.EpmetErrorCode; +import com.epmet.commons.tools.exception.EpmetException; import com.epmet.commons.tools.exception.RenException; +import com.epmet.commons.tools.feign.CommonOperAccessOpenFeignClient; +import com.epmet.commons.tools.feign.ResultDataResolver; +import com.epmet.commons.tools.redis.RedisKeys; +import com.epmet.commons.tools.redis.RedisUtils; import com.epmet.commons.tools.security.dto.BaseTokenDto; import com.epmet.commons.tools.utils.CpUserDetailRedis; +import com.epmet.commons.tools.utils.Result; import com.epmet.filter.CpProperty; import com.epmet.jwt.JwtTokenUtils; import io.jsonwebtoken.Claims; @@ -15,18 +26,20 @@ import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.cloud.gateway.filter.GatewayFilterChain; import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpMethod; import org.springframework.http.server.reactive.ServerHttpRequest; import org.springframework.stereotype.Component; import org.springframework.util.AntPathMatcher; import org.springframework.web.server.ServerWebExchange; import java.util.Date; +import java.util.List; /** * 内部认证处理器 */ @Component -public class InternalAuthProcessor extends AuthProcessor { +public class InternalAuthProcessor extends AuthProcessor implements ResultDataResolver { private Logger logger = LoggerFactory.getLogger(getClass()); @@ -41,6 +54,12 @@ public class InternalAuthProcessor extends AuthProcessor { @Autowired private CpProperty cpProperty; + @Autowired + private CommonOperAccessOpenFeignClient operAccessOpenFeignClient; + + @Autowired + private RedisUtils redisUtils; + @Override public ServerWebExchange auth(ServerWebExchange exchange, GatewayFilterChain chain) { ServerHttpRequest request = exchange.getRequest(); @@ -104,10 +123,59 @@ public class InternalAuthProcessor extends AuthProcessor { builder.header(AppClientConstant.CUSTOMER_ID, customerId); } + // 针对运营端的url拦截和校验 + if (AppClientConstant.APP_OPER.equals(app)) { + HttpMethod method = request.getMethod(); + Boolean hasAccess = checkRequestOperResource(userId, requestUri, method.toString()); + if (!hasAccess) { + throw new EpmetException(EpmetErrorCode.EPMET_COMMON_OPERATION_FAIL.getCode(), "资源未授权", "资源未授权"); + } + } + ServerHttpRequest shr = builder.build(); return exchange.mutate().request(shr).build(); } + /** + * 校验运营端用户是否有权访问该资源 + * @param uri + * @param method + * @return + */ + private Boolean checkRequestOperResource(String userId, String uri, String method) { + String resourceJsonString = redisUtils.getString(RedisKeys.getOperExamineResourceUrls()); + List resources = JSON.parseObject(resourceJsonString, new TypeReference>() {}); + + if (resources == null) { + // redis中没有缓存,需要api获取 + resources = getResultDataOrThrowsException(operAccessOpenFeignClient.getExamineResourceUrls(), ServiceConstant.OPER_ACCESS_SERVER, + EpmetErrorCode.SERVER_ERROR.getCode(), "调用operaccess获取要校验的资源失败", "调用operaccess获取要校验的资源失败"); + + // 缓存 + redisUtils.setString(RedisKeys.getOperExamineResourceUrls(), JSON.toJSONString(resources)); + } + + for (OperResouce resource : resources) { + if (antPathMatcher.match(resource.getResourceUrl(), uri) + && resource.getResourceMethod().equals(method)) { + + //需要校验权限的url + HasOperPermissionFormDTO form = new HasOperPermissionFormDTO(); + form.setUri(uri); + form.setMethod(method); + form.setOperId(userId); + Result result = operAccessOpenFeignClient.hasOperPermission(form); + if (result == null || !result.success()) { + return false; + } + return true; + } + } + + // 如果当前请求url不需要校验权限,那么返回true + return true; + } + /** * 是否需要认证 * @param requestUri diff --git a/epmet-gateway/src/main/java/com/epmet/filter/CpProperty.java b/epmet-gateway/src/main/java/com/epmet/filter/CpProperty.java index 2ea01e1c32..71dce075fe 100644 --- a/epmet-gateway/src/main/java/com/epmet/filter/CpProperty.java +++ b/epmet-gateway/src/main/java/com/epmet/filter/CpProperty.java @@ -42,4 +42,15 @@ public class CpProperty { */ private List swaggerUrls; + /** + * 运营端,需要校验的url资源列表 + */ + private List operExamineResourceUrls; + + @Data + public static class OperExamineResource { + private String resourceUrl; + private String resourceMethod; + } + } diff --git a/epmet-gateway/src/main/java/com/epmet/filter/EpmetGatewayFilter.java b/epmet-gateway/src/main/java/com/epmet/filter/EpmetGatewayFilter.java index 7cca3c4b36..ea02f75376 100644 --- a/epmet-gateway/src/main/java/com/epmet/filter/EpmetGatewayFilter.java +++ b/epmet-gateway/src/main/java/com/epmet/filter/EpmetGatewayFilter.java @@ -5,6 +5,7 @@ import com.epmet.auth.ExternalAuthProcessor; import com.epmet.auth.InternalAuthProcessor; import com.epmet.commons.tools.constant.AppClientConstant; import com.epmet.commons.tools.exception.EpmetErrorCode; +import com.epmet.commons.tools.exception.EpmetException; import com.epmet.commons.tools.exception.ExceptionUtils; import com.epmet.commons.tools.exception.RenException; import com.epmet.commons.tools.utils.IpUtils; @@ -64,6 +65,10 @@ public class EpmetGatewayFilter implements GatewayFilter { } return doFilter(exchange, chain); + } catch (EpmetException re) { + // 人为抛出,则携带错误码和错误信息响应给前端 + log.error("EpmetGatewayFilter认证出错RenException,错误信息:{}", ExceptionUtils.getErrorStackTrace(re)); + return response(exchange, new Result<>().error(re.getCode(), re.getMessage())); } catch (RenException re) { // 人为抛出,则携带错误码和错误信息响应给前端 log.error("EpmetGatewayFilter认证出错RenException,错误信息:{}", ExceptionUtils.getErrorStackTrace(re)); diff --git a/epmet-gateway/src/main/resources/bootstrap-urls.yml b/epmet-gateway/src/main/resources/bootstrap-urls.yml new file mode 100644 index 0000000000..dded0b1b86 --- /dev/null +++ b/epmet-gateway/src/main/resources/bootstrap-urls.yml @@ -0,0 +1,5 @@ +epmet: + oper-examine-resource-urls: + # 角色编辑 + - resourceUrl: /oper/access/operrole + resourceMethod: PUT \ No newline at end of file diff --git a/epmet-gateway/src/main/resources/bootstrap.yml b/epmet-gateway/src/main/resources/bootstrap.yml index bfc3d86130..483f545f43 100644 --- a/epmet-gateway/src/main/resources/bootstrap.yml +++ b/epmet-gateway/src/main/resources/bootstrap.yml @@ -12,6 +12,7 @@ spring: name: epmet-gateway-server #环境 dev|test|prod profiles: + include: urls active: @spring.profiles.active@ messages: encoding: UTF-8 diff --git a/epmet-module/epmet-oss/epmet-oss-client/src/main/java/com/epmet/dto/result/UploadImgResultDTO.java b/epmet-module/epmet-oss/epmet-oss-client/src/main/java/com/epmet/dto/result/UploadImgResultDTO.java index cbd2797bfb..1906e0a192 100644 --- a/epmet-module/epmet-oss/epmet-oss-client/src/main/java/com/epmet/dto/result/UploadImgResultDTO.java +++ b/epmet-module/epmet-oss/epmet-oss-client/src/main/java/com/epmet/dto/result/UploadImgResultDTO.java @@ -13,6 +13,10 @@ import java.io.Serializable; @Data public class UploadImgResultDTO implements Serializable { private String url; + /** + * 原始文件名 + */ + private String fileName; /** * 域名 */ diff --git a/epmet-module/epmet-oss/epmet-oss-server/src/main/java/com/epmet/service/impl/OssServiceImpl.java b/epmet-module/epmet-oss/epmet-oss-server/src/main/java/com/epmet/service/impl/OssServiceImpl.java index d55751762c..140d57ead6 100644 --- a/epmet-module/epmet-oss/epmet-oss-server/src/main/java/com/epmet/service/impl/OssServiceImpl.java +++ b/epmet-module/epmet-oss/epmet-oss-server/src/main/java/com/epmet/service/impl/OssServiceImpl.java @@ -279,6 +279,7 @@ public class OssServiceImpl extends BaseServiceImpl implement UploadImgResultDTO dto = new UploadImgResultDTO(); dto.setUrl(url); dto.setDomain(ossDomain); + dto.setFileName(file.getOriginalFilename()); return new Result().ok(dto); } diff --git a/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/dto/form/HasOperPermissionFormDTO.java b/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/dto/form/HasOperPermissionFormDTO.java new file mode 100644 index 0000000000..0284894e54 --- /dev/null +++ b/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/dto/form/HasOperPermissionFormDTO.java @@ -0,0 +1,24 @@ +package com.epmet.dto.form; + +import lombok.Data; + +import javax.validation.constraints.NotBlank; + +@Data +public class HasOperPermissionFormDTO { + + /** + * uri + */ + @NotBlank(message = "uri不能为空") + private String uri; + + /** + * http方法 + */ + @NotBlank(message = "请求http方法不能为空") + private String method; + + @NotBlank(message = "操作者ID不能为空") + private String operId; +} diff --git a/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/dto/result/OperResouce.java b/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/dto/result/OperResouce.java new file mode 100644 index 0000000000..5867da40ef --- /dev/null +++ b/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/dto/result/OperResouce.java @@ -0,0 +1,13 @@ +package com.epmet.dto.result; + +import lombok.Data; + +@Data +public class OperResouce { + + private String userId; + private String resourceUrl; + private String ResourceMethod; + + +} diff --git a/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/feign/OperAccessOpenFeignClient.java b/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/feign/OperAccessOpenFeignClient.java index 9e5a1b0771..6bae396ae4 100644 --- a/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/feign/OperAccessOpenFeignClient.java +++ b/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/feign/OperAccessOpenFeignClient.java @@ -2,9 +2,12 @@ package com.epmet.feign; import com.epmet.commons.tools.constant.ServiceConstant; import com.epmet.commons.tools.utils.Result; +import com.epmet.dto.form.HasOperPermissionFormDTO; import com.epmet.feign.fallback.OperAccessOpenFeignClientFallbackFactory; import org.springframework.cloud.openfeign.FeignClient; import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestBody; /** * @Description 运营端权限模块 @@ -23,4 +26,18 @@ public interface OperAccessOpenFeignClient { **/ @GetMapping("/oper/access/menu/clearoperuseraccess") Result clearOperUserAccess(); + + /** + * 是否有该接口的权限 + * @return + */ + @PostMapping("/oper/access/menu/hasPermission") + Result hasOperPermission(@RequestBody HasOperPermissionFormDTO form); + + /** + * 需要验证的菜单资源 + * @return + */ + @PostMapping("/oper/access/menu/getExamineResourceUrls") + Result getExamineResourceUrls(); } diff --git a/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/feign/fallback/OperAccessOpenFeignClientFallback.java b/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/feign/fallback/OperAccessOpenFeignClientFallback.java index 46c4b182eb..0f20298bfa 100644 --- a/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/feign/fallback/OperAccessOpenFeignClientFallback.java +++ b/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/feign/fallback/OperAccessOpenFeignClientFallback.java @@ -3,6 +3,7 @@ package com.epmet.feign.fallback; import com.epmet.commons.tools.constant.ServiceConstant; import com.epmet.commons.tools.utils.ModuleUtils; import com.epmet.commons.tools.utils.Result; +import com.epmet.dto.form.HasOperPermissionFormDTO; import com.epmet.feign.OperAccessOpenFeignClient; /** @@ -17,5 +18,15 @@ public class OperAccessOpenFeignClientFallback implements OperAccessOpenFeignCli return ModuleUtils.feignConError(ServiceConstant.OPER_ACCESS_SERVER, "clearOperUserAccess"); } + + @Override + public Result hasOperPermission(HasOperPermissionFormDTO form) { + return ModuleUtils.feignConError(ServiceConstant.OPER_ACCESS_SERVER, "hasOperPermission"); + } + + @Override + public Result getExamineResourceUrls() { + return ModuleUtils.feignConError(ServiceConstant.OPER_ACCESS_SERVER, "getExamineResourceUrls"); + } } diff --git a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/controller/OperMenuController.java b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/controller/OperMenuController.java index 63fc7d61df..c04455b92e 100644 --- a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/controller/OperMenuController.java +++ b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/controller/OperMenuController.java @@ -1,9 +1,11 @@ package com.epmet.controller; import com.epmet.commons.tools.annotation.LoginUser; +import com.epmet.commons.tools.constant.AppClientConstant; import com.epmet.commons.tools.exception.ErrorCode; import com.epmet.commons.tools.page.PageData; import com.epmet.commons.tools.security.dto.TokenDto; +import com.epmet.commons.tools.utils.EpmetRequestHolder; import com.epmet.commons.tools.utils.ExcelUtils; import com.epmet.commons.tools.utils.Result; import com.epmet.commons.tools.validator.AssertUtils; @@ -12,7 +14,9 @@ import com.epmet.commons.tools.validator.group.AddGroup; import com.epmet.commons.tools.validator.group.DefaultGroup; import com.epmet.commons.tools.validator.group.UpdateGroup; import com.epmet.dto.OperMenuDTO; +import com.epmet.dto.form.HasOperPermissionFormDTO; import com.epmet.dto.result.MenuResourceDTO; +import com.epmet.dto.result.OperResouce; import com.epmet.excel.OperMenuExcel; import com.epmet.service.OperMenuService; import com.epmet.service.OperResourceService; @@ -53,7 +57,7 @@ public class OperMenuController { //菜单资源列表 List resourceList = operResourceService.getMenuResourceList(id); - + data.setResourceList(resourceList); return new Result().ok(data); } @@ -161,4 +165,37 @@ public class OperMenuController { operMenuService.clearOperUserAccess(tokenDto.getApp(), tokenDto.getClient(), tokenDto.getUserId()); return new Result(); } + + /** + * 改运营人员是否有该接口的权限 + * @return + */ + @PostMapping("hasPermission") + public Result hasOperPermission(@RequestBody HasOperPermissionFormDTO form) { + ValidatorUtils.validateEntity(form); + String uri = form.getUri(); + String method = form.getMethod(); + + // if (!AppClientConstant.APP_OPER.equals(loginUserApp)) { + //// 只校验运营端,其他都返回true + // return new Result(); + // } + + Boolean isMathe = operMenuService.hasOperPermission(uri, method, form.getOperId()); + if (isMathe){ + return new Result(); + } else { + return new Result().error(); + } + } + + /** + * 需要验证的菜单资源 + * @return + */ + @PostMapping("getExamineResourceUrls") + public Result getExamineResourceUrls() { + List resources = operMenuService.getExamineResourceUrls(); + return new Result().ok(resources); + } } diff --git a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/dao/OperMenuDao.java b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/dao/OperMenuDao.java index 2858a76f24..4e38620c38 100644 --- a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/dao/OperMenuDao.java +++ b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/dao/OperMenuDao.java @@ -9,6 +9,7 @@ package com.epmet.dao; import com.epmet.commons.mybatis.dao.BaseDao; +import com.epmet.dto.result.OperResouce; import com.epmet.entity.OperMenuEntity; import org.apache.ibatis.annotations.Mapper; import org.apache.ibatis.annotations.Param; @@ -49,4 +50,8 @@ public interface OperMenuDao extends BaseDao { * @param pid 父菜单ID */ List getListPid(String pid); + + List getOperResourcesByUserId(String operId); + + List getExamineResourceUrls(); } diff --git a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/redis/OperMenuRedis.java b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/redis/OperMenuRedis.java index f1b568f33a..4173845149 100644 --- a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/redis/OperMenuRedis.java +++ b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/redis/OperMenuRedis.java @@ -17,10 +17,13 @@ package com.epmet.redis; +import com.alibaba.fastjson.JSON; +import com.alibaba.fastjson.TypeReference; import com.epmet.commons.tools.redis.RedisKeys; import com.epmet.commons.tools.redis.RedisUtils; import com.epmet.commons.tools.utils.HttpContextUtils; import com.epmet.dto.OperMenuDTO; +import com.epmet.dto.result.OperResouce; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; @@ -71,4 +74,25 @@ public class OperMenuRedis { return (Set)redisUtils.get(key); } + public List getOperResourcesByUserId(String operId) { + String key = RedisKeys.operResourcesByUserId(operId); + String json = redisUtils.getString(key); + return JSON.parseObject(json, new TypeReference>(){}); + } + + public void setOperResourcesByUserId(String operId, List resouces) { + String key = RedisKeys.operResourcesByUserId(operId); + String jsonString = JSON.toJSONString(resouces); + redisUtils.setString(key, jsonString); + } + + /** + * 运营端用户资源删除 + * @param operId + * @param resouces + */ + public void deleteOperResourcesByUserId(String operId) { + String key = RedisKeys.operResourcesByUserId(operId); + redisUtils.delete(key); + } } \ No newline at end of file diff --git a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/OperMenuService.java b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/OperMenuService.java index 54e3a58067..a56dffb0ac 100644 --- a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/OperMenuService.java +++ b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/OperMenuService.java @@ -21,6 +21,7 @@ import com.epmet.commons.mybatis.service.BaseService; import com.epmet.commons.tools.page.PageData; import com.epmet.commons.tools.security.dto.TokenDto; import com.epmet.dto.OperMenuDTO; +import com.epmet.dto.result.OperResouce; import com.epmet.entity.OperMenuEntity; import java.util.List; @@ -141,4 +142,8 @@ public interface OperMenuService extends BaseService { List getListPid(String pid); void clearOperUserAccess(String app, String client, String userId); + + Boolean hasOperPermission(String uri, String method, String loginUserId); + + List getExamineResourceUrls(); } diff --git a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/impl/OperMenuServiceImpl.java b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/impl/OperMenuServiceImpl.java index d83970486c..60a879a61a 100644 --- a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/impl/OperMenuServiceImpl.java +++ b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/impl/OperMenuServiceImpl.java @@ -24,8 +24,11 @@ import com.epmet.commons.tools.constant.Constant; import com.epmet.commons.tools.constant.FieldConstant; import com.epmet.commons.tools.enums.SuperAdminEnum; import com.epmet.commons.tools.exception.ErrorCode; +import com.epmet.commons.tools.exception.ExceptionUtils; import com.epmet.commons.tools.exception.RenException; import com.epmet.commons.tools.page.PageData; +import com.epmet.commons.tools.redis.RedisKeys; +import com.epmet.commons.tools.redis.RedisUtils; import com.epmet.commons.tools.security.dto.TokenDto; import com.epmet.commons.tools.utils.ConvertUtils; import com.epmet.commons.tools.utils.HttpContextUtils; @@ -34,6 +37,7 @@ import com.epmet.commons.tools.utils.TreeUtils; import com.epmet.dao.OperMenuDao; import com.epmet.dto.OperMenuDTO; import com.epmet.dto.OperUserDTO; +import com.epmet.dto.result.OperResouce; import com.epmet.entity.OperMenuEntity; import com.epmet.enums.MenuTypeEnum; import com.epmet.feign.EpmetUserFeignClient; @@ -48,6 +52,7 @@ import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; +import org.springframework.util.AntPathMatcher; import java.util.*; @@ -70,6 +75,10 @@ public class OperMenuServiceImpl extends BaseServiceImpl page(Map params) { @@ -112,6 +121,13 @@ public class OperMenuServiceImpl extends BaseServiceImpl resouces = operMenuRedis.getOperResourcesByUserId(operId); + if (resouces == null) { + resouces = baseDao.getOperResourcesByUserId(operId); + operMenuRedis.setOperResourcesByUserId(operId, resouces); + } + + return pathMatcher(uri, method, resouces); + } + + private boolean pathMatcher(String requestUri, String method, List resources){ + for (OperResouce resource : resources) { + String resourceUrl = resource.getResourceUrl(); + String resourceMethod = resource.getResourceMethod(); + +// 路径匹配 && http方法 匹配 + if(antPathMatcher.match(resourceUrl, requestUri) && resourceMethod.equals(method)){ + return true; + } + } + return false; + } + + @Override + public List getExamineResourceUrls() { + return baseDao.getExamineResourceUrls(); + } } diff --git a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/impl/OperRoleServiceImpl.java b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/impl/OperRoleServiceImpl.java index 7af5d774c6..e9d80b6399 100644 --- a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/impl/OperRoleServiceImpl.java +++ b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/impl/OperRoleServiceImpl.java @@ -21,7 +21,10 @@ import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; import com.baomidou.mybatisplus.core.metadata.IPage; import com.epmet.commons.mybatis.service.impl.BaseServiceImpl; import com.epmet.commons.tools.constant.FieldConstant; +import com.epmet.commons.tools.exception.ExceptionUtils; import com.epmet.commons.tools.page.PageData; +import com.epmet.commons.tools.redis.RedisKeys; +import com.epmet.commons.tools.redis.RedisUtils; import com.epmet.commons.tools.utils.ConvertUtils; import com.epmet.dao.OperRoleDao; import com.epmet.dto.OperRoleDTO; @@ -30,6 +33,7 @@ import com.epmet.redis.OperRoleRedis; import com.epmet.service.OperRoleMenuService; import com.epmet.service.OperRoleService; import com.epmet.service.OperRoleUserService; +import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; @@ -46,6 +50,7 @@ import java.util.Map; * @since v1.0.0 2020-03-18 */ @Service +@Slf4j public class OperRoleServiceImpl extends BaseServiceImpl implements OperRoleService { @Autowired @@ -55,6 +60,9 @@ public class OperRoleServiceImpl extends BaseServiceImpl page(Map params) { IPage page = baseDao.selectPage( @@ -93,6 +101,13 @@ public class OperRoleServiceImpl extends BaseServiceImpl and t3.type = #{type} @@ -39,4 +39,22 @@ select * from oper_menu where del_flag = 0 and pid = #{value} + + + + diff --git a/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/OperUserServiceImpl.java b/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/OperUserServiceImpl.java index 119e07c453..d44fe607eb 100644 --- a/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/OperUserServiceImpl.java +++ b/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/OperUserServiceImpl.java @@ -26,8 +26,11 @@ import com.epmet.commons.tools.constant.FieldConstant; import com.epmet.commons.tools.enums.SuperAdminEnum; import com.epmet.commons.tools.exception.EpmetErrorCode; import com.epmet.commons.tools.exception.EpmetException; +import com.epmet.commons.tools.exception.ExceptionUtils; import com.epmet.commons.tools.exception.RenException; import com.epmet.commons.tools.page.PageData; +import com.epmet.commons.tools.redis.RedisKeys; +import com.epmet.commons.tools.redis.RedisUtils; import com.epmet.commons.tools.security.password.PasswordUtils; import com.epmet.commons.tools.utils.ConvertUtils; import com.epmet.commons.tools.utils.Result; @@ -39,6 +42,7 @@ import com.epmet.entity.UserEntity; import com.epmet.feign.OperRoleUserFeignClient; import com.epmet.service.OperUserService; import com.epmet.service.UserService; +import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; @@ -56,6 +60,7 @@ import java.util.Map; * @since v1.0.0 2020-03-18 */ @Service +@Slf4j public class OperUserServiceImpl extends BaseServiceImpl implements OperUserService { @Autowired @@ -64,6 +69,8 @@ public class OperUserServiceImpl extends BaseServiceImpl page(Map params) { @@ -132,6 +139,13 @@ public class OperUserServiceImpl extends BaseServiceImpl