From 8320ac3028eae7685a95a97779f343dad5097bfa Mon Sep 17 00:00:00 2001 From: wxz Date: Fri, 24 Apr 2020 13:53:47 +0800 Subject: [PATCH] =?UTF-8?q?1.=E5=A2=9E=E5=8A=A0DataFilter=E7=9B=B8?= =?UTF-8?q?=E5=85=B3=E5=B7=A5=E5=85=B7=202.=E5=AE=9E=E7=8E=B0=E4=BA=86?= =?UTF-8?q?=E5=8A=9F=E8=83=BD=E7=BA=A7RBAC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../epmet/service/impl/NewsServiceImpl.java | 2 +- .../src/test/java/com/epmet/TokenGenTest.java | 63 +++++++ .../mybatis/annotation/DataFilter.java | 20 -- .../mybatis/aspect/DataFilterAspect.java | 172 ++++++++++++------ .../mybatis/aspect/DataFilterAspectBak.java | 106 +++++++++++ .../dto/form/StaffPermissionFormDTO.java | 26 +++ .../commons/mybatis/entity/DataScope.java | 9 +- .../mybatis/feign/GovAccessFeignClient.java | 26 +++ .../GovAccessFeignClientFallback.java | 25 +++ .../handler/FieldMetaObjectHandler.java | 8 +- .../interceptor/DataFilterInterceptor.java | 6 + .../interceptor/DataFilterInterceptorBak.java | 100 ++++++++++ .../tools/annotation/RequirePermission.java | 36 ++++ .../commons/tools/aspect/AccessOpeAspect.java | 46 +++++ .../tools/exception/EpmetErrorCode.java | 3 +- .../tools/exception/RenExceptionHandler.java | 4 +- .../tools/security/dto/GovTokenDto.java | 2 +- .../tools/security/user/LoginUserUtil.java | 61 ++++++- epmet-gateway/pom.xml | 8 +- .../com/epmet/filter/FeignRequestFilter.java | 3 +- .../epmet/dto/form/StaffPermCacheFormDTO.java | 15 +- .../epmet/controller/AccessController.java | 15 +- .../java/com/epmet/service/AccessService.java | 10 +- .../epmet/service/impl/AccessServiceImpl.java | 15 +- .../db.migration/epmet_gov_access.sql | 2 +- .../epmet/controller/AccessController.java | 11 +- .../com/epmet/feign/GovAccessFeignClient.java | 18 +- .../GovAccessFeignClientFallback.java | 17 +- .../java/com/epmet/service/AccessService.java | 3 +- .../epmet/service/impl/AccessServiceImpl.java | 16 +- .../epmet/controller/StaffRoleController.java | 1 + .../service/impl/StaffRoleServiceImpl.java | 1 + 32 files changed, 728 insertions(+), 122 deletions(-) create mode 100644 epmet-auth/src/test/java/com/epmet/TokenGenTest.java create mode 100644 epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/aspect/DataFilterAspectBak.java create mode 100644 epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/dto/form/StaffPermissionFormDTO.java create mode 100644 epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/GovAccessFeignClient.java create mode 100644 epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/fallback/GovAccessFeignClientFallback.java create mode 100644 epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/interceptor/DataFilterInterceptorBak.java create mode 100644 epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/annotation/RequirePermission.java create mode 100644 epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/aspect/AccessOpeAspect.java diff --git a/epmet-admin/epmet-admin-server/src/main/java/com/epmet/service/impl/NewsServiceImpl.java b/epmet-admin/epmet-admin-server/src/main/java/com/epmet/service/impl/NewsServiceImpl.java index 31d7c6c310..220cf7d171 100644 --- a/epmet-admin/epmet-admin-server/src/main/java/com/epmet/service/impl/NewsServiceImpl.java +++ b/epmet-admin/epmet-admin-server/src/main/java/com/epmet/service/impl/NewsServiceImpl.java @@ -31,7 +31,7 @@ public class NewsServiceImpl extends BaseServiceImpl implem * mybatis数据权限演示 */ @Override - @DataFilter(prefix = "AND", isPendingCreator = false) + //@DataFilter(prefix = "AND", isPendingCreator = false) public PageData page(Map params) { paramsToLike(params, "title"); diff --git a/epmet-auth/src/test/java/com/epmet/TokenGenTest.java b/epmet-auth/src/test/java/com/epmet/TokenGenTest.java new file mode 100644 index 0000000000..3368e2d1cf --- /dev/null +++ b/epmet-auth/src/test/java/com/epmet/TokenGenTest.java @@ -0,0 +1,63 @@ +package com.epmet; + +import com.epmet.common.token.constant.LoginConstant; +import com.epmet.commons.tools.security.dto.GovTokenDto; +import com.epmet.commons.tools.utils.CpUserDetailRedis; +import com.epmet.jwt.JwtTokenProperties; +import com.epmet.jwt.JwtTokenUtils; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.test.context.junit4.SpringRunner; + +import java.util.HashMap; +import java.util.Map; + +@RunWith(SpringRunner.class) +@SpringBootTest +public class TokenGenTest { + + @Autowired + private JwtTokenProperties jwtTokenProperties; + + @Autowired + private JwtTokenUtils jwtTokenUtils; + + @Autowired + private CpUserDetailRedis cpUserDetailRedis; + + @Test + public void genToken() { + String staffId = "wxz"; + String tokenStr = generateGovWxmpToken(staffId); + int expire = jwtTokenProperties.getExpire(); + GovTokenDto govTokenDto = new GovTokenDto(); + govTokenDto.setApp(LoginConstant.APP_GOV); + govTokenDto.setClient(LoginConstant.CLIENT_WXMP); + govTokenDto.setUserId(staffId); + govTokenDto.setOpenId(""); + govTokenDto.setSessionKey(""); + govTokenDto.setUnionId(""); + govTokenDto.setToken(tokenStr); + govTokenDto.setUpdateTime(System.currentTimeMillis()); + govTokenDto.setExpireTime(jwtTokenUtils.getExpiration(tokenStr).getTime()); + govTokenDto.setAgencyId("1"); + govTokenDto.setCustomerId("f76def116c9c2dc0269cc17867af122c"); + cpUserDetailRedis.set(govTokenDto, expire); + } + + /** + * @Description 生成token + * @Date 2020/4/18 23:04 + **/ + private String generateGovWxmpToken(String staffId) { + Map map = new HashMap<>(); + map.put("app", LoginConstant.APP_GOV); + map.put("client", LoginConstant.CLIENT_WXMP); + map.put("userId", staffId); + String token = jwtTokenUtils.createToken(map); + return token; + } + +} diff --git a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/annotation/DataFilter.java b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/annotation/DataFilter.java index dd1d3aee3b..96b7691f22 100644 --- a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/annotation/DataFilter.java +++ b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/annotation/DataFilter.java @@ -25,24 +25,4 @@ public @interface DataFilter { */ String tableAlias() default ""; - /** - * 查询条件前缀,可选值有:[where、and] - */ - String prefix() default ""; - - /** - * 用户ID - */ - String userId() default "creator"; - - /** - * 部门ID - */ - String deptId() default "dept_id"; - - /** - * 是否拼接用户ID - */ - boolean isPendingCreator() default true; - } diff --git a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/aspect/DataFilterAspect.java b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/aspect/DataFilterAspect.java index f322f631f9..14ce3af0a1 100644 --- a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/aspect/DataFilterAspect.java +++ b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/aspect/DataFilterAspect.java @@ -8,25 +8,28 @@ package com.epmet.commons.mybatis.aspect; -import cn.hutool.core.collection.CollUtil; -import com.epmet.commons.mybatis.annotation.DataFilter; +import com.epmet.commons.mybatis.dto.form.StaffPermissionFormDTO; import com.epmet.commons.mybatis.entity.DataScope; -import com.epmet.commons.tools.constant.Constant; -import com.epmet.commons.tools.enums.SuperAdminEnum; +import com.epmet.commons.mybatis.feign.GovAccessFeignClient; +import com.epmet.commons.tools.aspect.AccessOpeAspect; +import com.epmet.commons.tools.exception.EpmetErrorCode; import com.epmet.commons.tools.exception.ErrorCode; import com.epmet.commons.tools.exception.RenException; -import com.epmet.commons.tools.security.user.SecurityUser; -import com.epmet.commons.tools.security.user.UserDetail; +import com.epmet.commons.tools.security.user.LoginUserUtil; +import com.epmet.commons.tools.utils.Result; import org.apache.commons.lang3.StringUtils; import org.aspectj.lang.JoinPoint; import org.aspectj.lang.annotation.Aspect; import org.aspectj.lang.annotation.Before; -import org.aspectj.lang.annotation.Pointcut; -import org.aspectj.lang.reflect.MethodSignature; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import org.springframework.util.CollectionUtils; +import java.util.Arrays; import java.util.List; -import java.util.Map; +import java.util.Set; /** * 数据过滤,切面处理类 @@ -37,69 +40,124 @@ import java.util.Map; @Aspect @Component public class DataFilterAspect { - @Pointcut("@annotation(com.epmet.commons.mybatis.annotation.DataFilter)") - public void dataFilterCut() { - } + private static final Logger log = LoggerFactory.getLogger(DataFilterAspect.class); + + @Autowired + private LoginUserUtil loginUserUtil; + + @Autowired + private GovAccessFeignClient govAccessFeignClient; - @Before("dataFilterCut()") + @Before("@annotation(com.epmet.commons.mybatis.annotation.DataFilter)") public void dataFilter(JoinPoint point) { - Object params = point.getArgs()[0]; - if(params != null && params instanceof Map){ - UserDetail user = SecurityUser.getUser(); - - //如果不是超级管理员,则进行数据过滤 - if(user.getSuperAdmin() == SuperAdminEnum.NO.value()){ - Map map = (Map)params; - String sqlFilter = getSqlFilter(user, point); - map.put(Constant.SQL_FILTER, new DataScope(sqlFilter)); - } + // 反射的方式 + //MethodSignature signature = (MethodSignature) point.getSignature(); + //Class[] parameterTypes = signature.getParameterTypes(); + //for (Class parameterType : parameterTypes) { + // if (parameterType == DataScope.class) { + // + // } + //} + + String reqiurePermission = AccessOpeAspect.requirePermissionTl.get(); + // 没有配置所需权限,不做操作,打印提示日志 + if (StringUtils.isBlank(reqiurePermission)) { + log.warn("Api编码需要指定所需权限,请在Api上使用@RequirePermission注解完成所需权限配置"); + return; + } - return ; + // 校验操作权限 + validateOpePermission(reqiurePermission); + + Object[] methodArgs = point.getArgs(); + for (Object methodArg : methodArgs) { + if (methodArg instanceof DataScope) { + ((DataScope) methodArg).setSqlFilter(getSqlFilterSegment()); + return; + } } - throw new RenException(ErrorCode.DATA_SCOPE_PARAMS_ERROR); + //throw new RenException(ErrorCode.DATA_SCOPE_PARAMS_ERROR); } /** - * 获取数据过滤的SQL + * 校验操作权限 */ - private String getSqlFilter(UserDetail user, JoinPoint point){ - MethodSignature signature = (MethodSignature) point.getSignature(); - DataFilter dataFilter = signature.getMethod().getAnnotation(DataFilter.class); - //获取表的别名 - String tableAlias = dataFilter.tableAlias(); - if(StringUtils.isNotBlank(tableAlias)){ - tableAlias += "."; + private void validateOpePermission(String requirePermission) { + StaffPermissionFormDTO staffPermissionFormDTO = new StaffPermissionFormDTO(); + staffPermissionFormDTO.setApp(loginUserUtil.getLoginUserApp()); + staffPermissionFormDTO.setClient(loginUserUtil.getLoginUserClient()); + staffPermissionFormDTO.setStaffId(loginUserUtil.getLoginUserId()); + Result> permissions = govAccessFeignClient.getStaffCurrPermissions(staffPermissionFormDTO); + if (permissions.getCode() != 0) { + // 查询不到权限,记录日志,抛出8000异常 + log.error("调用Access查询权限失败:{}", permissions.getMsg()); + throw new RenException(EpmetErrorCode.SERVER_ERROR.getCode()); } - StringBuilder sqlFilter = new StringBuilder(); - - //查询条件前缀 - String prefix = dataFilter.prefix(); - if(StringUtils.isNotBlank(prefix)){ - sqlFilter.append(" ").append(prefix); + if (!CollectionUtils.isEmpty(permissions.getData()) && StringUtils.isNotBlank(requirePermission) + && permissions.getData().contains(requirePermission)) { + // 权限允许,正常结束 + return; } + // 权限不足抛出异常 + throw new RenException(EpmetErrorCode.REQUIRE_PERMISSION.getCode()); + } - sqlFilter.append(" ("); - - //部门ID列表 - List deptIdList = user.getDeptIdList(); - if(CollUtil.isNotEmpty(deptIdList)){ - sqlFilter.append(tableAlias).append(dataFilter.deptId()); - - sqlFilter.append(" in(").append(StringUtils.join(deptIdList, ",")).append(")"); - } + /** + * 生成过滤sql片段 + * @return + */ + private String getSqlFilterSegment() { + // 根据角色列表查询操作范围列表 - //查询本人数据 - if (dataFilter.isPendingCreator()) { - if(CollUtil.isNotEmpty(deptIdList)){ - sqlFilter.append(" or "); - } - sqlFilter.append(tableAlias).append(dataFilter.userId()).append("=").append(user.getId()); - } - sqlFilter.append(")"); + // 拼接sql语句 - return sqlFilter.toString(); + // TODO + return "dept_id in (1,2,3)"; } + + ///** + // * 获取数据过滤的SQL + // */ + //@Deprecated + //private String getSqlFilter(UserDetail user, JoinPoint point){ + // MethodSignature signature = (MethodSignature) point.getSignature(); + // DataFilter dataFilter = signature.getMethod().getAnnotation(DataFilter.class); + // //获取表的别名 + // String tableAlias = dataFilter.tableAlias(); + // if(StringUtils.isNotBlank(tableAlias)){ + // tableAlias += "."; + // } + // + // StringBuilder sqlFilter = new StringBuilder(); + // + // //查询条件前缀 + // String prefix = dataFilter.prefix(); + // if(StringUtils.isNotBlank(prefix)){ + // sqlFilter.append(" ").append(prefix); + // } + // + // sqlFilter.append(" ("); + // + // //部门ID列表 + // List deptIdList = user.getDeptIdList(); + // if(CollUtil.isNotEmpty(deptIdList)){ + // sqlFilter.append(tableAlias).append(dataFilter.deptId()); + // + // sqlFilter.append(" in(").append(StringUtils.join(deptIdList, ",")).append(")"); + // } + // + // //查询本人数据 + // if (dataFilter.isPendingCreator()) { + // if(CollUtil.isNotEmpty(deptIdList)){ + // sqlFilter.append(" or "); + // } + // sqlFilter.append(tableAlias).append(dataFilter.userId()).append("=").append(user.getId()); + // } + // sqlFilter.append(")"); + // + // return sqlFilter.toString(); + //} } diff --git a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/aspect/DataFilterAspectBak.java b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/aspect/DataFilterAspectBak.java new file mode 100644 index 0000000000..2c4c532bda --- /dev/null +++ b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/aspect/DataFilterAspectBak.java @@ -0,0 +1,106 @@ +///** +// * Copyright (c) 2018 人人开源 All rights reserved. +// * +// * https://www.renren.io +// * +// * 版权所有,侵权必究! +// */ +// +//package com.epmet.commons.mybatis.aspect; +// +//import cn.hutool.core.collection.CollUtil; +//import com.epmet.commons.mybatis.annotation.DataFilter; +//import com.epmet.commons.mybatis.entity.DataScope; +//import com.epmet.commons.tools.constant.Constant; +//import com.epmet.commons.tools.enums.SuperAdminEnum; +//import com.epmet.commons.tools.exception.ErrorCode; +//import com.epmet.commons.tools.exception.RenException; +//import com.epmet.commons.tools.security.user.SecurityUser; +//import com.epmet.commons.tools.security.user.UserDetail; +//import org.apache.commons.lang3.StringUtils; +//import org.aspectj.lang.JoinPoint; +//import org.aspectj.lang.annotation.Aspect; +//import org.aspectj.lang.annotation.Before; +//import org.aspectj.lang.annotation.Pointcut; +//import org.aspectj.lang.reflect.MethodSignature; +//import org.springframework.stereotype.Component; +// +//import java.util.Arrays; +//import java.util.List; +//import java.util.Map; +// +///** +// * 数据过滤,切面处理类 +// * +// * @author Mark sunlightcs@gmail.com +// * @since 1.0.0 +// */ +//@Aspect +//@Component +//public class DataFilterAspectBak { +// @Pointcut("@annotation(com.epmet.commons.mybatis.annotation.DataFilter)") +// public void dataFilterCut() { +// +// } +// +// @Before("dataFilterCut()") +// public void dataFilter(JoinPoint point) { +// Object params = point.getArgs()[0]; +// if(params != null && params instanceof Map){ +// UserDetail user = SecurityUser.getUser(); +// +// //如果不是超级管理员,则进行数据过滤 +// if(user.getSuperAdmin() == SuperAdminEnum.NO.value()){ +// Map map = (Map)params; +// String sqlFilter = getSqlFilter(user, point); +// map.put(Constant.SQL_FILTER, new DataScope(sqlFilter)); +// } +// +// return ; +// } +// +// throw new RenException(ErrorCode.DATA_SCOPE_PARAMS_ERROR); +// } +// +// /** +// * 获取数据过滤的SQL +// */ +// private String getSqlFilter(UserDetail user, JoinPoint point){ +// MethodSignature signature = (MethodSignature) point.getSignature(); +// DataFilter dataFilter = signature.getMethod().getAnnotation(DataFilter.class); +// //获取表的别名 +// String tableAlias = dataFilter.tableAlias(); +// if(StringUtils.isNotBlank(tableAlias)){ +// tableAlias += "."; +// } +// +// StringBuilder sqlFilter = new StringBuilder(); +// +// //查询条件前缀 +// String prefix = dataFilter.prefix(); +// if(StringUtils.isNotBlank(prefix)){ +// sqlFilter.append(" ").append(prefix); +// } +// +// sqlFilter.append(" ("); +// +// //部门ID列表 +// List deptIdList = user.getDeptIdList(); +// if(CollUtil.isNotEmpty(deptIdList)){ +// sqlFilter.append(tableAlias).append(dataFilter.deptId()); +// +// sqlFilter.append(" in(").append(StringUtils.join(deptIdList, ",")).append(")"); +// } +// +// //查询本人数据 +// if (dataFilter.isPendingCreator()) { +// if(CollUtil.isNotEmpty(deptIdList)){ +// sqlFilter.append(" or "); +// } +// sqlFilter.append(tableAlias).append(dataFilter.userId()).append("=").append(user.getId()); +// } +// sqlFilter.append(")"); +// +// return sqlFilter.toString(); +// } +//} diff --git a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/dto/form/StaffPermissionFormDTO.java b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/dto/form/StaffPermissionFormDTO.java new file mode 100644 index 0000000000..3bc88d6fb1 --- /dev/null +++ b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/dto/form/StaffPermissionFormDTO.java @@ -0,0 +1,26 @@ +package com.epmet.commons.mybatis.dto.form; + +import lombok.Data; + +import javax.validation.constraints.NotBlank; +import java.util.Set; + +@Data +public class StaffPermissionFormDTO { + + /** + * 工作人员 id + */ + private String staffId; + + /** + * 登录头信息app + */ + private String app; + + /** + * 登录头信息client + */ + private String client; + +} diff --git a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/entity/DataScope.java b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/entity/DataScope.java index 43d3ca1619..59dd035fac 100644 --- a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/entity/DataScope.java +++ b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/entity/DataScope.java @@ -1,8 +1,8 @@ /** * Copyright (c) 2018 人人开源 All rights reserved. - * + *

* https://www.renren.io - * + *

* 版权所有,侵权必究! */ @@ -15,8 +15,13 @@ package com.epmet.commons.mybatis.entity; * @since 1.0.0 */ public class DataScope { + private String sqlFilter; + public static DataScope getDefault() { + return new DataScope(""); + } + public DataScope(String sqlFilter) { this.sqlFilter = sqlFilter; } diff --git a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/GovAccessFeignClient.java b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/GovAccessFeignClient.java new file mode 100644 index 0000000000..198d996bc9 --- /dev/null +++ b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/GovAccessFeignClient.java @@ -0,0 +1,26 @@ +package com.epmet.commons.mybatis.feign; + +import com.epmet.commons.mybatis.dto.form.StaffPermissionFormDTO; +import com.epmet.commons.mybatis.feign.fallback.GovAccessFeignClientFallback; +import com.epmet.commons.tools.constant.ServiceConstant; +import com.epmet.commons.tools.utils.Result; +import org.springframework.cloud.openfeign.FeignClient; +import org.springframework.web.bind.annotation.PostMapping; + +import java.util.Set; + +/** + * @Description + * @Author sun + */ +@FeignClient(name = ServiceConstant.GOV_ACCESS_SERVER, fallback = GovAccessFeignClientFallback.class) +public interface GovAccessFeignClient { + + /** + * 查询用户当前权限列表(DataFilterAspect中用到) + * @return + */ + @PostMapping("/gov/access/access/getcurrpermissions") + Result> getStaffCurrPermissions(StaffPermissionFormDTO dto); + +} diff --git a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/fallback/GovAccessFeignClientFallback.java b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/fallback/GovAccessFeignClientFallback.java new file mode 100644 index 0000000000..3c5ccd599b --- /dev/null +++ b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/fallback/GovAccessFeignClientFallback.java @@ -0,0 +1,25 @@ +package com.epmet.commons.mybatis.feign.fallback; + +import com.epmet.commons.mybatis.dto.form.StaffPermissionFormDTO; +import com.epmet.commons.mybatis.feign.GovAccessFeignClient; +import com.epmet.commons.tools.constant.ServiceConstant; +import com.epmet.commons.tools.utils.ModuleUtils; +import com.epmet.commons.tools.utils.Result; +import org.springframework.stereotype.Component; + +import java.util.Set; + +/** + * 调用政府端权限 + * @Author wxz + * @Description + * @Date 2020/4/24 11:17 + **/ +@Component +public class GovAccessFeignClientFallback implements GovAccessFeignClient { + + @Override + public Result> getStaffCurrPermissions(StaffPermissionFormDTO dto) { + return ModuleUtils.feignConError(ServiceConstant.GOV_ACCESS_SERVER, "getStaffCurrPermissions", dto); + } +} diff --git a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/handler/FieldMetaObjectHandler.java b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/handler/FieldMetaObjectHandler.java index bd7d0619fd..fcd85b0c0e 100644 --- a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/handler/FieldMetaObjectHandler.java +++ b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/handler/FieldMetaObjectHandler.java @@ -22,6 +22,7 @@ import com.epmet.commons.tools.security.user.SecurityUser; import com.epmet.commons.tools.security.user.UserDetail; import org.apache.commons.lang3.StringUtils; import org.apache.ibatis.reflection.MetaObject; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import java.util.Date; @@ -40,11 +41,14 @@ public class FieldMetaObjectHandler implements MetaObjectHandler { private final static String UPDATER = "updater"; private final static String DEPT_ID = "deptId"; + @Autowired + private LoginUserUtil loginUserUtil; + @Override public void insertFill(MetaObject metaObject) { Date date = new Date(); if (metaObject.getOriginalObject() instanceof BaseEpmetEntity) { - String loginUserId = LoginUserUtil.getLoginUserId(); + String loginUserId = loginUserUtil.getLoginUserId(); // epmet项目新增的 loginUserId = StringUtils.isBlank(loginUserId) ? Constant.APP_USER_FLAG : loginUserId; //Long deptId = user == null ? null : user.getDeptId(); @@ -107,7 +111,7 @@ public class FieldMetaObjectHandler implements MetaObjectHandler { //更新时间 setFieldValByName(UPDATE_DATE, new Date(), metaObject); } else if (fillEsuaEntity) { - String loginUserId = LoginUserUtil.getLoginUserId(); + String loginUserId = loginUserUtil.getLoginUserId(); String userId = StringUtils.isBlank(loginUserId) ? Constant.APP_USER_FLAG : loginUserId; setFieldValByName(FieldConstant.UPDATED_BY_HUMP, userId, metaObject); setFieldValByName(FieldConstant.UPDATED_TIME_HUMP, new Date(), metaObject); diff --git a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/interceptor/DataFilterInterceptor.java b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/interceptor/DataFilterInterceptor.java index eea6262cd4..046c012da4 100644 --- a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/interceptor/DataFilterInterceptor.java +++ b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/interceptor/DataFilterInterceptor.java @@ -8,6 +8,7 @@ package com.epmet.commons.mybatis.interceptor; +import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; import com.baomidou.mybatisplus.core.toolkit.PluginUtils; import com.baomidou.mybatisplus.core.toolkit.StringUtils; import com.baomidou.mybatisplus.extension.handlers.AbstractSqlParserHandler; @@ -55,12 +56,17 @@ public class DataFilterInterceptor extends AbstractSqlParserHandler implements I // 判断参数里是否有DataScope对象 DataScope scope = null; if (paramObj instanceof DataScope) { + // 直接传入DataScope,不分页? scope = (DataScope) paramObj; } else if (paramObj instanceof Map) { + // 入参是一个Map for (Object arg : ((Map) paramObj).values()) { if (arg instanceof DataScope) { scope = (DataScope) arg; break; + } else if (arg instanceof QueryWrapper) { + // 通过Mybatis-plus封装的通用方法进行查询 + break; } } } diff --git a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/interceptor/DataFilterInterceptorBak.java b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/interceptor/DataFilterInterceptorBak.java new file mode 100644 index 0000000000..1a3445f0f5 --- /dev/null +++ b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/interceptor/DataFilterInterceptorBak.java @@ -0,0 +1,100 @@ +///** +// * Copyright (c) 2018 人人开源 All rights reserved. +// *

+// * https://www.renren.io +// *

+// * 版权所有,侵权必究! +// */ +// +//package com.epmet.commons.mybatis.interceptor; +// +//import com.baomidou.mybatisplus.core.toolkit.PluginUtils; +//import com.baomidou.mybatisplus.extension.handlers.AbstractSqlParserHandler; +//import com.epmet.commons.mybatis.entity.DataScope; +//import org.apache.ibatis.executor.statement.StatementHandler; +//import org.apache.ibatis.mapping.BoundSql; +//import org.apache.ibatis.mapping.MappedStatement; +//import org.apache.ibatis.mapping.SqlCommandType; +//import org.apache.ibatis.plugin.*; +//import org.apache.ibatis.reflection.MetaObject; +//import org.apache.ibatis.reflection.SystemMetaObject; +// +//import java.sql.Connection; +//import java.util.Map; +//import java.util.Properties; +// +///** +// * 数据过滤 +// * +// * @author Mark sunlightcs@gmail.com +// * @since 1.0.0 +// */ +//@Intercepts({@Signature(type = StatementHandler.class, method = "prepare", args = {Connection.class, Integer.class})}) +//public class DataFilterInterceptorBak extends AbstractSqlParserHandler implements Interceptor { +// +// @Override +// public Object intercept(Invocation invocation) throws Throwable { +// StatementHandler statementHandler = (StatementHandler) PluginUtils.realTarget(invocation.getTarget()); +// MetaObject metaObject = SystemMetaObject.forObject(statementHandler); +// +// // SQL解析 +// this.sqlParser(metaObject); +// +// // 先判断是不是SELECT操作 +// MappedStatement mappedStatement = (MappedStatement) metaObject.getValue("delegate.mappedStatement"); +// if (!SqlCommandType.SELECT.equals(mappedStatement.getSqlCommandType())) { +// return invocation.proceed(); +// } +// +// // 针对定义了rowBounds,做为mapper接口方法的参数 +// BoundSql boundSql = (BoundSql) metaObject.getValue("delegate.boundSql"); +// String originalSql = boundSql.getSql(); +// Object paramObj = boundSql.getParameterObject(); +// +// // 判断参数里是否有DataScope对象 +// DataScope scope = null; +// if (paramObj instanceof DataScope) { +// scope = (DataScope) paramObj; +// } else if (paramObj instanceof Map) { +// for (Object arg : ((Map) paramObj).values()) { +// if (arg instanceof DataScope) { +// scope = (DataScope) arg; +// break; +// } +// } +// } +// +// // 不用数据过滤 +// if (scope == null) { +// return invocation.proceed(); +// } +// +// // 拼接新SQL +// String orderBy = "ORDER BY"; +// String groupBy = "GROUP BY"; +// if (originalSql.indexOf(groupBy) > -1) { +// originalSql = originalSql.replace(groupBy, scope.getSqlFilter() + groupBy); +// } else if (originalSql.indexOf(orderBy) > -1) { +// originalSql = originalSql.replace(orderBy, scope.getSqlFilter() + orderBy); +// } else { +// originalSql = originalSql + scope.getSqlFilter(); +// } +// +// // 重写SQL +// metaObject.setValue("delegate.boundSql.sql", originalSql); +// return invocation.proceed(); +// } +// +// @Override +// public Object plugin(Object target) { +// if (target instanceof StatementHandler) { +// return Plugin.wrap(target, this); +// } +// return target; +// } +// +// @Override +// public void setProperties(Properties properties) { +// +// } +//} diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/annotation/RequirePermission.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/annotation/RequirePermission.java new file mode 100644 index 0000000000..3a5fe74459 --- /dev/null +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/annotation/RequirePermission.java @@ -0,0 +1,36 @@ +/** + * Copyright 2018 人人开源 http://www.renren.io + *

+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + *

+ * http://www.apache.org/licenses/LICENSE-2.0 + *

+ * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ + +package com.epmet.commons.tools.annotation; + +import java.lang.annotation.*; + +/** + * 权限注解 + * @Author wxz + * @Description + * @Date 2020/4/23 16:17 + **/ +@Target(ElementType.METHOD) +@Retention(RetentionPolicy.RUNTIME) +@Documented +public @interface RequirePermission { + + String key() default ""; + + String desc() default ""; + +} diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/aspect/AccessOpeAspect.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/aspect/AccessOpeAspect.java new file mode 100644 index 0000000000..eeeedc6508 --- /dev/null +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/aspect/AccessOpeAspect.java @@ -0,0 +1,46 @@ +/** + * Copyright (c) 2018 人人开源 All rights reserved. + * + * https://www.renren.io + * + * 版权所有,侵权必究! + */ + +package com.epmet.commons.tools.aspect; + +import com.epmet.commons.tools.annotation.RequirePermission; +import org.aspectj.lang.JoinPoint; +import org.aspectj.lang.annotation.Aspect; +import org.aspectj.lang.annotation.Before; +import org.aspectj.lang.reflect.MethodSignature; +import org.springframework.stereotype.Component; + +/** + * 每次请求,过滤Api中配置的权限key出来 + * @Author wxz + * @Description + * @Date 2020/4/23 16:16 + **/ +@Aspect +@Component +public class AccessOpeAspect { + + /** + * 存储所需操作权限的 ThreadLocal + */ + public static final ThreadLocal requirePermissionTl = new ThreadLocal<>(); + + @Before("@annotation(com.epmet.commons.tools.annotation.RequirePermission)") + public void before(JoinPoint point) throws Throwable { + // 取RequirePermission注解 + MethodSignature methodSignature = (MethodSignature) point.getSignature(); + RequirePermission requirePermissionAnno = methodSignature.getMethod().getAnnotation(RequirePermission.class); + String key = requirePermissionAnno.key(); + String desc = requirePermissionAnno.desc(); + System.out.println(key); + System.out.println(desc); + + // 放入ThreadLocal,供DataFilterAspect中使用 + requirePermissionTl.set(key); + } +} diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/exception/EpmetErrorCode.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/exception/EpmetErrorCode.java index d07777427a..6fc0a1cbf5 100644 --- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/exception/EpmetErrorCode.java +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/exception/EpmetErrorCode.java @@ -27,7 +27,8 @@ public enum EpmetErrorCode { MESSAGE_SMS_SEND_ERROR(8105, "短信发送失败"), CANNOT_AUDIT_WARM(8201, "请完善居民信息"), - NOT_DEL_AGENCY(8202, "该机关存在下级机关,不允许删除"); + NOT_DEL_AGENCY(8202, "该机关存在下级机关,不允许删除"), + REQUIRE_PERMISSION(8203, "没有足够的操作权限"); private int code; diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/exception/RenExceptionHandler.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/exception/RenExceptionHandler.java index 5a035ffa80..e49e03d52d 100644 --- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/exception/RenExceptionHandler.java +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/exception/RenExceptionHandler.java @@ -44,6 +44,8 @@ public class RenExceptionHandler { private ModuleConfig moduleConfig; @Autowired private LogProducer logProducer; + @Autowired + private LoginUserUtil loginUserUtil; /** * 处理自定义异常 @@ -120,7 +122,7 @@ public class RenExceptionHandler { //登录用户ID - log.setCreator(LoginUserUtil.getLoginUserId()); + log.setCreator(loginUserUtil.getLoginUserId()); //异常信息 log.setErrorInfo(ExceptionUtils.getErrorStackTrace(ex)); diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/security/dto/GovTokenDto.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/security/dto/GovTokenDto.java index bfb7e6dc67..7088bb10a3 100644 --- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/security/dto/GovTokenDto.java +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/security/dto/GovTokenDto.java @@ -67,6 +67,6 @@ public class GovTokenDto extends BaseTokenDto implements Serializable { /** * 功能权限列表,实际上是gov_staff => staff_role => role_operation查询到的operationKey */ - private List permissions; + private Set permissions; } diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/security/user/LoginUserUtil.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/security/user/LoginUserUtil.java index 2b249bee22..088a26eb73 100644 --- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/security/user/LoginUserUtil.java +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/security/user/LoginUserUtil.java @@ -1,33 +1,82 @@ package com.epmet.commons.tools.security.user; -import com.epmet.commons.tools.constant.Constant; +import com.epmet.commons.tools.constant.AppClientConstant; import com.epmet.commons.tools.utils.HttpContextUtils; import org.apache.commons.lang3.StringUtils; -import org.springframework.web.context.request.RequestAttributes; -import org.springframework.web.context.request.RequestContextHolder; -import org.springframework.web.context.request.ServletRequestAttributes; +import org.springframework.stereotype.Component; import javax.servlet.http.HttpServletRequest; +import java.util.List; /** * 登录用户相关工具 */ +@Component public class LoginUserUtil { + //@Autowired + //private + /** * 查询登录用户的id * @return */ - public static String getLoginUserId() { + public String getLoginUserId() { HttpServletRequest request = HttpContextUtils.getHttpServletRequest(); if (request == null) { return null; } - String userId = request.getHeader(Constant.USER_KEY); + String userId = request.getHeader(AppClientConstant.USER_ID); if (StringUtils.isBlank(userId)) { return null; } return userId; } + + /** + * 登录用户的App头信息 + * @return + */ + public String getLoginUserApp() { + HttpServletRequest request = HttpContextUtils.getHttpServletRequest(); + if (request == null) { + return null; + } + + String app = request.getHeader(AppClientConstant.APP); + if (StringUtils.isBlank(app)) { + return null; + } + return app; + } + + /** + * 获取登录用户client头信息 + * @return + */ + public String getLoginUserClient() { + HttpServletRequest request = HttpContextUtils.getHttpServletRequest(); + if (request == null) { + return null; + } + + String client = request.getHeader(AppClientConstant.CLIENT); + if (StringUtils.isBlank(client)) { + return null; + } + return client; + } + + /** + * 获取用户的部门ID列表 + * @return + */ + public List getLoginUserDepartments() { + String loginUserId = getLoginUserId(); + String loginUserApp = getLoginUserApp(); + String loginUserClient = getLoginUserClient(); + // todo + return null; + } } diff --git a/epmet-gateway/pom.xml b/epmet-gateway/pom.xml index 57d6203598..7ccab3e048 100644 --- a/epmet-gateway/pom.xml +++ b/epmet-gateway/pom.xml @@ -157,12 +157,12 @@ lb://resi-partymember-server - - lb://gov-access-server + http://127.0.0.1:8099 + - - lb://gov-mine-server + http://127.0.0.1:8098 + diff --git a/epmet-gateway/src/main/java/com/epmet/filter/FeignRequestFilter.java b/epmet-gateway/src/main/java/com/epmet/filter/FeignRequestFilter.java index 1b98025d7c..1da14ce7ef 100644 --- a/epmet-gateway/src/main/java/com/epmet/filter/FeignRequestFilter.java +++ b/epmet-gateway/src/main/java/com/epmet/filter/FeignRequestFilter.java @@ -1,5 +1,6 @@ package com.epmet.filter; +import com.epmet.commons.tools.constant.AppClientConstant; import com.epmet.commons.tools.constant.Constant; import com.epmet.commons.tools.security.dto.BaseTokenDto; import com.epmet.commons.tools.utils.CpUserDetailRedis; @@ -54,7 +55,7 @@ public class FeignRequestFilter implements GlobalFilter, UserTokenFilter { if (baseTokenDto != null) { ServerHttpRequest build = exchange.getRequest().mutate() - .header(Constant.USER_KEY, new String[]{baseTokenDto.getUserId()}).build(); + .header(AppClientConstant.USER_ID, new String[]{baseTokenDto.getUserId()}).build(); return chain.filter(exchange.mutate().request(build).build()); } diff --git a/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/StaffPermCacheFormDTO.java b/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/StaffPermCacheFormDTO.java index b800d6bc1a..56907e52af 100644 --- a/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/StaffPermCacheFormDTO.java +++ b/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/StaffPermCacheFormDTO.java @@ -3,7 +3,7 @@ package com.epmet.dto.form; import lombok.Data; import javax.validation.constraints.NotBlank; -import java.util.List; +import java.util.Set; @Data public class StaffPermCacheFormDTO { @@ -13,27 +13,32 @@ public class StaffPermCacheFormDTO { */ public interface UpdatePermissionCache {} + /** + * 查询当前权限列表 + */ + public interface GetStaffCurrPermissions {} + /** * 工作人员 id */ - @NotBlank(message = "工作人员ID不能为空", groups = {UpdatePermissionCache.class}) + @NotBlank(message = "工作人员ID不能为空", groups = {UpdatePermissionCache.class, GetStaffCurrPermissions.class}) private String staffId; /** * 登录头信息app */ - @NotBlank(message = "登录头信息app不能为空", groups = {UpdatePermissionCache.class}) + @NotBlank(message = "登录头信息app不能为空", groups = {UpdatePermissionCache.class, GetStaffCurrPermissions.class}) private String app; /** * 登录头信息client */ - @NotBlank(message = "登录头信息client不能为空", groups = {UpdatePermissionCache.class}) + @NotBlank(message = "登录头信息client不能为空", groups = {UpdatePermissionCache.class, GetStaffCurrPermissions.class}) private String client; /** * 权限列表 */ - private List permissions; + private Set permissions; } diff --git a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/controller/AccessController.java b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/controller/AccessController.java index 0f7eaf4920..aa954dc584 100644 --- a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/controller/AccessController.java +++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/controller/AccessController.java @@ -10,7 +10,7 @@ import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; -import java.util.List; +import java.util.Set; /** * 权限相关Api @@ -36,8 +36,19 @@ public class AccessController { String staffId = staffPermCacheFormDTO.getStaffId(); String app = staffPermCacheFormDTO.getApp(); String client = staffPermCacheFormDTO.getClient(); - List permissions = staffPermCacheFormDTO.getPermissions(); + Set permissions = staffPermCacheFormDTO.getPermissions(); accessService.updatePermissionCache(staffId, app, client, permissions); return new Result(); } + + /** + * 查询用户当前权限列表(DataFilterAspect中用到) + * @return + */ + @PostMapping("getcurrpermissions") + public Result> getStaffCurrPermissions(@RequestBody StaffPermCacheFormDTO dto) { + ValidatorUtils.validateEntity(dto, StaffPermCacheFormDTO.GetStaffCurrPermissions.class); + Set permissions = accessService.listStaffCurrPermissions(dto.getApp(), dto.getClient(), dto.getStaffId()); + return new Result>().ok(permissions); + } } diff --git a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/AccessService.java b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/AccessService.java index cbf51355d1..a9e5150db8 100644 --- a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/AccessService.java +++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/AccessService.java @@ -1,6 +1,6 @@ package com.epmet.service; -import java.util.List; +import java.util.Set; public interface AccessService { /** @@ -8,5 +8,11 @@ public interface AccessService { * @param staffId * @param permissions */ - void updatePermissionCache(String staffId, String app, String client, List permissions); + void updatePermissionCache(String staffId, String app, String client, Set permissions); + + /** + * 查询用户当前权限列表 + * @return + */ + Set listStaffCurrPermissions(String app, String client, String staffId); } diff --git a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/AccessServiceImpl.java b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/AccessServiceImpl.java index e391283e94..cd846aa3b8 100644 --- a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/AccessServiceImpl.java +++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/AccessServiceImpl.java @@ -7,8 +7,10 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import org.springframework.util.CollectionUtils; -import java.util.List; +import java.util.HashSet; +import java.util.Set; @Service public class AccessServiceImpl implements AccessService { @@ -24,7 +26,7 @@ public class AccessServiceImpl implements AccessService { * @param permissions */ @Override - public void updatePermissionCache(String staffId, String app, String client, List permissions) { + public void updatePermissionCache(String staffId, String app, String client, Set permissions) { GovTokenDto govTokenDto = cpUserDetailRedis.get(app, client, staffId, GovTokenDto.class); if (govTokenDto == null) { logger.warn("更新[{}]用户缓存:Redis中不存在该用户TokenDto缓存信息", staffId); @@ -37,4 +39,13 @@ public class AccessServiceImpl implements AccessService { cpUserDetailRedis.set(govTokenDto, expire); logger.warn("更新[{}]用户缓存成功。", staffId); } + + @Override + public Set listStaffCurrPermissions(String app, String client, String staffId) { + GovTokenDto govTokenDto = cpUserDetailRedis.get(app, client, staffId, GovTokenDto.class); + if (govTokenDto == null || CollectionUtils.isEmpty(govTokenDto.getPermissions())) { + return new HashSet<>(); + } + return new HashSet<>(govTokenDto.getPermissions()); + } } diff --git a/epmet-module/gov-access/gov-access-server/src/main/resources/db.migration/epmet_gov_access.sql b/epmet-module/gov-access/gov-access-server/src/main/resources/db.migration/epmet_gov_access.sql index 67e7a5c7b2..bcc1d74a5d 100644 --- a/epmet-module/gov-access/gov-access-server/src/main/resources/db.migration/epmet_gov_access.sql +++ b/epmet-module/gov-access/gov-access-server/src/main/resources/db.migration/epmet_gov_access.sql @@ -61,7 +61,7 @@ CREATE TABLE `role_operation` ( CREATE TABLE `role_scope` ( `ID` varchar(64) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL, `ROLE_ID` varchar(64) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL COMMENT '角色ID', - `PERMISSION_KEY` varchar(64) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL COMMENT '权限key', + `SCOPE_KEY` varchar(64) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL COMMENT '范围Key', `DEL_FLAG` tinyint(1) NULL DEFAULT NULL COMMENT '是否删除,0:未删除,1:已删除', `REVISION` int(10) NULL DEFAULT NULL COMMENT '乐观锁', `CREATED_BY` varchar(64) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL COMMENT '创建者id', diff --git a/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/controller/AccessController.java b/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/controller/AccessController.java index 9cef45a3b4..173e19243a 100644 --- a/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/controller/AccessController.java +++ b/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/controller/AccessController.java @@ -29,14 +29,21 @@ public class AccessController { @Autowired private AccessService accessService; + /** + * 查询用户可操作功能列表(包含缓存) + * @param tokenDto + * @param staffOperationDTO + * @return + */ @PostMapping("getstaffoperations") public Result> getStaffOperations(@LoginUser TokenDto tokenDto, @RequestBody StaffOperationDTO staffOperationDTO) { //public Result> getStaffOperations(@RequestBody StaffOperationDTO staffOperationDTO) { String agencyId = staffOperationDTO.getAgencyId(); String gridId = staffOperationDTO.getGridId(); String staffId = tokenDto.getUserId(); - Set opeKeys = accessService.listOpeKeysByStaffId(staffId, agencyId, gridId); + String app = tokenDto.getApp(); + String client = tokenDto.getClient(); + Set opeKeys = accessService.listOpeKeysByStaffId(app, client, staffId,agencyId, gridId); return new Result>().ok(opeKeys); } - } diff --git a/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/feign/GovAccessFeignClient.java b/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/feign/GovAccessFeignClient.java index facacdb301..8cb514ad3f 100644 --- a/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/feign/GovAccessFeignClient.java +++ b/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/feign/GovAccessFeignClient.java @@ -2,14 +2,13 @@ package com.epmet.feign; import com.epmet.commons.tools.constant.ServiceConstant; import com.epmet.commons.tools.utils.Result; -import com.epmet.dto.result.CustomerGridByUserIdResultDTO; +import com.epmet.dto.form.StaffPermCacheFormDTO; import com.epmet.dto.result.RoleOperationResultDTO; import com.epmet.feign.fallback.GovAccessFeignClientFallback; -import com.epmet.feign.fallback.GovOrgFeignClientFallBack; import org.springframework.cloud.openfeign.FeignClient; -import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestBody; import java.util.List; @@ -20,6 +19,19 @@ import java.util.List; @FeignClient(name = ServiceConstant.GOV_ACCESS_SERVER, fallback = GovAccessFeignClientFallback.class) public interface GovAccessFeignClient { + /** + * 根据角色ID查询角色权限列表 + * @param roleId + * @return + */ @PostMapping("/gov/access/role/operations/{roleId}") Result> listOperationsByRoleId(@PathVariable("roleId") String roleId); + + /** + * 刷新用户权限缓存 + * @param staffPermCacheFormDTO + * @return + */ + @PostMapping("/gov/access/access/updatepermissioncache") + Result updatePermissionCache(@RequestBody StaffPermCacheFormDTO staffPermCacheFormDTO); } diff --git a/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/feign/fallback/GovAccessFeignClientFallback.java b/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/feign/fallback/GovAccessFeignClientFallback.java index 0fc5df6a94..3e9fc8e415 100644 --- a/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/feign/fallback/GovAccessFeignClientFallback.java +++ b/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/feign/fallback/GovAccessFeignClientFallback.java @@ -3,14 +3,11 @@ package com.epmet.feign.fallback; import com.epmet.commons.tools.constant.ServiceConstant; import com.epmet.commons.tools.utils.ModuleUtils; import com.epmet.commons.tools.utils.Result; -import com.epmet.dto.StaffRoleDTO; -import com.epmet.dto.form.StaffRoleFormDTO; -import com.epmet.dto.result.CustomerGridByUserIdResultDTO; -import com.epmet.dto.result.LatestCustomerResultDTO; +import com.epmet.dto.form.StaffPermCacheFormDTO; import com.epmet.dto.result.RoleOperationResultDTO; -import com.epmet.feign.EpmetUserFeignClient; import com.epmet.feign.GovAccessFeignClient; import org.springframework.stereotype.Component; +import org.springframework.web.bind.annotation.RequestBody; import java.util.List; @@ -25,4 +22,14 @@ public class GovAccessFeignClientFallback implements GovAccessFeignClient { public Result> listOperationsByRoleId(String roleId) { return ModuleUtils.feignConError(ServiceConstant.GOV_ACCESS_SERVER, "listOperationsByRoleId"); } + + /** + * 刷新用户权限缓存 + * @param staffPermCacheFormDTO + * @return + */ + @Override + public Result updatePermissionCache(@RequestBody StaffPermCacheFormDTO staffPermCacheFormDTO) { + return ModuleUtils.feignConError(ServiceConstant.GOV_ACCESS_SERVER, "updatePermissionCache"); + } } diff --git a/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/service/AccessService.java b/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/service/AccessService.java index bb213bd94d..9866ea9ffd 100644 --- a/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/service/AccessService.java +++ b/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/service/AccessService.java @@ -12,8 +12,7 @@ import java.util.Set; public interface AccessService { /** * 根据staffId查询角色Key列表 - * @param staffId * @return */ - Set listOpeKeysByStaffId(String staffId, String agencyId, String gridId); + Set listOpeKeysByStaffId(String app, String client, String staffId, String agencyId, String gridId); } diff --git a/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/service/impl/AccessServiceImpl.java b/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/service/impl/AccessServiceImpl.java index c7823cd335..1da258978a 100644 --- a/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/service/impl/AccessServiceImpl.java +++ b/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/service/impl/AccessServiceImpl.java @@ -1,8 +1,9 @@ package com.epmet.service.impl; +import com.epmet.commons.tools.utils.CpUserDetailRedis; import com.epmet.commons.tools.utils.Result; import com.epmet.dto.GovStaffRoleDTO; -import com.epmet.dto.StaffRoleDTO; +import com.epmet.dto.form.StaffPermCacheFormDTO; import com.epmet.dto.form.StaffRoleFormDTO; import com.epmet.dto.result.RoleOperationResultDTO; import com.epmet.feign.EpmetUserFeignClient; @@ -26,8 +27,11 @@ public class AccessServiceImpl implements AccessService { @Autowired private GovAccessFeignClient govAccessFeignClient; + @Autowired + private CpUserDetailRedis cpUserDetailRedis; + @Override - public Set listOpeKeysByStaffId(String staffId, String agencyId, String gridId) { + public Set listOpeKeysByStaffId(String app, String client, String staffId, String agencyId, String gridId) { List roleDTOS = new ArrayList<>(); // 查询机关单位权限 StaffRoleFormDTO formDTO = new StaffRoleFormDTO(); @@ -56,6 +60,14 @@ public class AccessServiceImpl implements AccessService { } }); }); + + // 将最新权限缓存到redis,为了尽量统一操作入口,调用gov-access接口实现 + StaffPermCacheFormDTO staffPermCacheFormDTO = new StaffPermCacheFormDTO(); + staffPermCacheFormDTO.setApp(app); + staffPermCacheFormDTO.setClient(client); + staffPermCacheFormDTO.setStaffId(staffId); + staffPermCacheFormDTO.setPermissions(opeKeys); + govAccessFeignClient.updatePermissionCache(staffPermCacheFormDTO); return opeKeys; } } diff --git a/epmet-user/epmet-user-server/src/main/java/com/epmet/controller/StaffRoleController.java b/epmet-user/epmet-user-server/src/main/java/com/epmet/controller/StaffRoleController.java index 1c13ea4518..884db53afd 100644 --- a/epmet-user/epmet-user-server/src/main/java/com/epmet/controller/StaffRoleController.java +++ b/epmet-user/epmet-user-server/src/main/java/com/epmet/controller/StaffRoleController.java @@ -60,6 +60,7 @@ public class StaffRoleController { * @return */ @PostMapping("staffsinrole") + //@RequirePermission(key = "org_staff_list") public Result> getStaffsInRole(@RequestBody StaffRoleFormDTO staffRoleFormDTO) { ValidatorUtils.validateEntity(staffRoleFormDTO, StaffRoleFormDTO.GetStaffsInRole.class); String roleKey = staffRoleFormDTO.getRoleKey(); diff --git a/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/StaffRoleServiceImpl.java b/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/StaffRoleServiceImpl.java index ddcd8abe3b..739d20e945 100644 --- a/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/StaffRoleServiceImpl.java +++ b/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/StaffRoleServiceImpl.java @@ -108,6 +108,7 @@ public class StaffRoleServiceImpl extends BaseServiceImpl listStaffsInRole(String roleKey, String orgId) { return baseDao.listStaffIdsByRoleKeyAndOrgId(roleKey, orgId); }