运营端-后端接口权限

epmet-admin/epmet-admin-server/src/main/java/com/epmet/controller/SysDictTypeController.java

@@ -8,6 +8,7 @@
 
 package com.epmet.controller;
 
+import com.epmet.commons.tools.annotation.OperRequiredPermission;
 import com.epmet.commons.tools.page.PageData;
 import com.epmet.commons.tools.utils.Result;
 import com.epmet.commons.tools.validator.AssertUtils;
@@ -59,6 +60,7 @@ public class SysDictTypeController {
         return new Result();
     }
 
+    @OperRequiredPermission
     @PutMapping
     public Result update(@RequestBody SysDictTypeDTO dto){
         //效验数据

epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/annotation/OperRequiredPermission.java

@@ -0,0 +1,33 @@
+/**
+ * Copyright 2018 人人开源 http://www.renren.io
+ * <p>
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package com.epmet.commons.tools.annotation;
+
+import com.epmet.commons.tools.enums.RequirePermissionEnum;
+
+import java.lang.annotation.*;
+
+/**
+ * 运营端-权限注解
+ * @Author wxz
+ * @Description
+ * @Date 2022/09/27 16:17
+ **/
+@Target(ElementType.METHOD)
+@Retention(RetentionPolicy.RUNTIME)
+@Documented
+public @interface OperRequiredPermission {
+}

epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/aspect/OperRequiredPermissionAspect.java

@@ -0,0 +1,56 @@
+package com.epmet.commons.tools.aspect;
+
+import com.epmet.commons.tools.dto.form.HasOperPermissionFormDTO;
+import com.epmet.commons.tools.exception.EpmetErrorCode;
+import com.epmet.commons.tools.exception.EpmetException;
+import com.epmet.commons.tools.feign.CommonOperAccessOpenFeignClient;
+import com.epmet.commons.tools.utils.Result;
+import org.aspectj.lang.JoinPoint;
+import org.aspectj.lang.annotation.Aspect;
+import org.aspectj.lang.annotation.Before;
+import org.aspectj.lang.reflect.MethodSignature;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.annotation.Order;
+import org.springframework.stereotype.Component;
+import org.springframework.web.context.request.RequestAttributes;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import javax.servlet.http.HttpServletRequest;
+
+@Aspect
+@Component
+@Order(30)
+public class OperRequiredPermissionAspect {
+
+    @Autowired
+    private CommonOperAccessOpenFeignClient operAccessOpenFeignClient;
+
+    @Before("@annotation(com.epmet.commons.tools.annotation.OperRequiredPermission)")
+    public void proceed(JoinPoint pjp) throws Throwable {
+//        MethodSignature signature = (MethodSignature) pjp.getSignature();
+        HttpServletRequest request = getRequest();
+
+        String url = request.getRequestURI().toString();
+        String method = request.getMethod();
+
+        HasOperPermissionFormDTO form = new HasOperPermissionFormDTO();
+        form.setUri(url);
+        form.setMethod(method);
+        Result result = operAccessOpenFeignClient.hasOperPermission(form);
+        if (result == null || !result.success()) {
+            throw new EpmetException(EpmetErrorCode.EPMET_COMMON_OPERATION_FAIL.getCode(), "资源未授权", "资源未授权");
+        }
+    }
+
+    /**
+     * 获取Request对象
+     *
+     * @return
+     */
+    private HttpServletRequest getRequest() {
+        RequestAttributes ra = RequestContextHolder.getRequestAttributes();
+        ServletRequestAttributes sra = (ServletRequestAttributes) ra;
+        return sra.getRequest();
+    }
+}

epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/dto/form/HasOperPermissionFormDTO.java

@@ -0,0 +1,22 @@
+package com.epmet.commons.tools.dto.form;
+
+import lombok.Data;
+
+import javax.validation.constraints.NotBlank;
+
+@Data
+public class HasOperPermissionFormDTO {
+
+    /**
+     * uri
+     */
+    @NotBlank(message = "uri不能为空")
+    private String uri;
+
+    /**
+     * http方法
+     */
+    @NotBlank(message = "请求http方法不能为空")
+    private String method;
+
+}

epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/dto/result/OperResouce.java

@@ -0,0 +1,13 @@
+package com.epmet.commons.tools.dto.result;
+
+import lombok.Data;
+
+@Data
+public class OperResouce {
+
+    private String userId;
+    private String resourceUrl;
+    private String ResourceMethod;
+
+
+}

epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/CommonOperAccessOpenFeignClient.java

@@ -0,0 +1,36 @@
+package com.epmet.commons.tools.feign;
+
+import com.epmet.commons.tools.constant.ServiceConstant;
+import com.epmet.commons.tools.dto.form.HasOperPermissionFormDTO;
+import com.epmet.commons.tools.feign.fallback.CommonOperAccessOpenFeignClientFallbackFactory;
+import com.epmet.commons.tools.utils.Result;
+import org.springframework.cloud.openfeign.FeignClient;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+
+/**
+ * @Description 运营端权限模块
+ * @Author yinzuomei
+ * @Date 2020/5/21 15:17 本服务对外开放的API,其他服务通过引用此client调用该服务
+ */
+// , url = "http://localhost:8093"
+@FeignClient(name = ServiceConstant.OPER_ACCESS_SERVER, fallbackFactory = CommonOperAccessOpenFeignClientFallbackFactory.class)
+public interface CommonOperAccessOpenFeignClient {
+    /**
+     * @param
+     * @return com.epmet.commons.tools.utils.Result
+     * @Author yinzuomei
+     * @Description 清空运营人员权限信息、菜单信息
+     * @Date 2020/5/21 17:08
+     **/
+    @GetMapping("/oper/access/menu/clearoperuseraccess")
+    Result clearOperUserAccess();
+
+    /**
+     * 是否有该接口的权限
+     * @return
+     */
+    @PostMapping("/oper/access/menu/hasPermission")
+    Result hasOperPermission(@RequestBody HasOperPermissionFormDTO form);
+}

epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/fallback/CommonOperAccessOpenFeignClientFallback.java

@@ -0,0 +1,27 @@
+package com.epmet.commons.tools.feign.fallback;
+
+import com.epmet.commons.tools.constant.ServiceConstant;
+import com.epmet.commons.tools.dto.form.HasOperPermissionFormDTO;
+import com.epmet.commons.tools.feign.CommonOperAccessOpenFeignClient;
+import com.epmet.commons.tools.utils.ModuleUtils;
+import com.epmet.commons.tools.utils.Result;
+
+/**
+ * @Description 运营端权限模块
+ * @Author yinzuomei
+ * @Date 2020/5/21 15:47
+ */
+//@Component
+public class CommonOperAccessOpenFeignClientFallback implements CommonOperAccessOpenFeignClient {
+    @Override
+    public Result clearOperUserAccess() {
+        return ModuleUtils.feignConError(ServiceConstant.OPER_ACCESS_SERVER, "clearOperUserAccess");
+
+    }
+
+    @Override
+    public Result hasOperPermission(HasOperPermissionFormDTO form) {
+        return ModuleUtils.feignConError(ServiceConstant.OPER_ACCESS_SERVER, "hasOperPermission");
+    }
+}
+

epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/fallback/CommonOperAccessOpenFeignClientFallbackFactory.java

@@ -0,0 +1,19 @@
+package com.epmet.commons.tools.feign.fallback;
+
+import com.epmet.commons.tools.exception.ExceptionUtils;
+import com.epmet.commons.tools.feign.CommonOperAccessOpenFeignClient;
+import feign.hystrix.FallbackFactory;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Component;
+
+@Component
+@Slf4j
+public class CommonOperAccessOpenFeignClientFallbackFactory implements FallbackFactory<CommonOperAccessOpenFeignClient> {
+    private CommonOperAccessOpenFeignClientFallback fallback = new CommonOperAccessOpenFeignClientFallback();
+
+    @Override
+    public CommonOperAccessOpenFeignClient create(Throwable cause) {
+        log.error(String.format("FeignClient调用发生异常,异常信息:%s", ExceptionUtils.getThrowableErrorStackTrace(cause)));
+        return fallback;
+    }
+}

epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java

@@ -889,4 +889,13 @@ public class RedisKeys {
 	public static String getDingMiniInfoKey(String suiteKey) {
 		return rootPrefix.concat("ding:miniInfo:" + suiteKey);
 	}
+
+	/**
+	 * 运营人员-资源权限
+	 * @param operId
+	 * @return
+	 */
+    public static String operResourcesByUserId(String operId) {
+		return rootPrefix.concat("oper:access:resources:").concat(operId);
+    }
 }

epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/dto/form/HasOperPermissionFormDTO.java

@@ -0,0 +1,22 @@
+package com.epmet.dto.form;
+
+import lombok.Data;
+
+import javax.validation.constraints.NotBlank;
+
+@Data
+public class HasOperPermissionFormDTO {
+
+    /**
+     * uri
+     */
+    @NotBlank(message = "uri不能为空")
+    private String uri;
+
+    /**
+     * http方法
+     */
+    @NotBlank(message = "请求http方法不能为空")
+    private String method;
+
+}

epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/dto/result/OperResouce.java

@@ -0,0 +1,13 @@
+package com.epmet.dto.result;
+
+import lombok.Data;
+
+@Data
+public class OperResouce {
+
+    private String userId;
+    private String resourceUrl;
+    private String ResourceMethod;
+
+
+}

epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/feign/OperAccessOpenFeignClient.java

@@ -2,9 +2,12 @@ package com.epmet.feign;
 
 import com.epmet.commons.tools.constant.ServiceConstant;
 import com.epmet.commons.tools.utils.Result;
+import com.epmet.dto.form.HasOperPermissionFormDTO;
 import com.epmet.feign.fallback.OperAccessOpenFeignClientFallbackFactory;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
 
 /**
  * @Description 运营端权限模块
@@ -23,4 +26,11 @@ public interface OperAccessOpenFeignClient {
      **/
     @GetMapping("/oper/access/menu/clearoperuseraccess")
     Result clearOperUserAccess();
+
+    /**
+     * 是否有该接口的权限
+     * @return
+     */
+    @PostMapping("/oper/access/menu/hasPermission")
+    Result hasOperPermission(@RequestBody HasOperPermissionFormDTO form);
 }

epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/feign/fallback/OperAccessOpenFeignClientFallback.java

@@ -3,6 +3,7 @@ package com.epmet.feign.fallback;
 import com.epmet.commons.tools.constant.ServiceConstant;
 import com.epmet.commons.tools.utils.ModuleUtils;
 import com.epmet.commons.tools.utils.Result;
+import com.epmet.dto.form.HasOperPermissionFormDTO;
 import com.epmet.feign.OperAccessOpenFeignClient;
 
 /**
@@ -17,5 +18,10 @@ public class OperAccessOpenFeignClientFallback implements OperAccessOpenFeignCli
         return ModuleUtils.feignConError(ServiceConstant.OPER_ACCESS_SERVER, "clearOperUserAccess");
 
     }
+
+    @Override
+    public Result hasOperPermission(HasOperPermissionFormDTO form) {
+        return ModuleUtils.feignConError(ServiceConstant.OPER_ACCESS_SERVER, "hasOperPermission");
+    }
 }
 

epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/controller/OperMenuController.java

@@ -1,9 +1,12 @@
 package com.epmet.controller;
 
 import com.epmet.commons.tools.annotation.LoginUser;
+import com.epmet.commons.tools.annotation.OperRequiredPermission;
+import com.epmet.commons.tools.constant.AppClientConstant;
 import com.epmet.commons.tools.exception.ErrorCode;
 import com.epmet.commons.tools.page.PageData;
 import com.epmet.commons.tools.security.dto.TokenDto;
+import com.epmet.commons.tools.utils.EpmetRequestHolder;
 import com.epmet.commons.tools.utils.ExcelUtils;
 import com.epmet.commons.tools.utils.Result;
 import com.epmet.commons.tools.validator.AssertUtils;
@@ -12,6 +15,7 @@ import com.epmet.commons.tools.validator.group.AddGroup;
 import com.epmet.commons.tools.validator.group.DefaultGroup;
 import com.epmet.commons.tools.validator.group.UpdateGroup;
 import com.epmet.dto.OperMenuDTO;
+import com.epmet.dto.form.HasOperPermissionFormDTO;
 import com.epmet.dto.result.MenuResourceDTO;
 import com.epmet.excel.OperMenuExcel;
 import com.epmet.service.OperMenuService;
@@ -53,7 +57,7 @@ public class OperMenuController {
 
 		//菜单资源列表
 		List<MenuResourceDTO> resourceList = operResourceService.getMenuResourceList(id);
-
+		data.setResourceList(resourceList);
 		return new Result<OperMenuDTO>().ok(data);
 	}
 
@@ -161,4 +165,30 @@ public class OperMenuController {
 		operMenuService.clearOperUserAccess(tokenDto.getApp(), tokenDto.getClient(), tokenDto.getUserId());
 		return new Result();
 	}
+
+	/**
+	 * 是否有该接口的权限
+	 * @return
+	 */
+	@PostMapping("hasPermission")
+	public Result hasOperPermission(@RequestBody HasOperPermissionFormDTO form) {
+		ValidatorUtils.validateEntity(form);
+		String uri = form.getUri();
+		String method = form.getMethod();
+
+		String loginUserApp = EpmetRequestHolder.getLoginUserApp();
+		String loginUserId = EpmetRequestHolder.getLoginUserId();
+
+		if (!AppClientConstant.APP_OPER.equals(loginUserApp)) {
+//			只校验运营端，其他都返回true
+			return new Result();
+		}
+
+		Boolean isMathe = operMenuService.hasOperPermission(uri, method, loginUserId);
+		if (isMathe){
+			return new Result();
+		} else {
+			return new Result().error();
+		}
+	}
 }

epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/dao/OperMenuDao.java

@@ -9,6 +9,7 @@
 package com.epmet.dao;
 
 import com.epmet.commons.mybatis.dao.BaseDao;
+import com.epmet.dto.result.OperResouce;
 import com.epmet.entity.OperMenuEntity;
 import org.apache.ibatis.annotations.Mapper;
 import org.apache.ibatis.annotations.Param;
@@ -49,4 +50,6 @@ public interface OperMenuDao extends BaseDao<OperMenuEntity> {
      * @param pid  父菜单ID
      */
     List<OperMenuEntity> getListPid(String pid);
+
+    List<OperResouce> getOperResourcesByUserId(String operId);
 }

epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/redis/OperMenuRedis.java

@@ -17,10 +17,13 @@
 
 package com.epmet.redis;
 
+import com.alibaba.fastjson.JSON;
+import com.alibaba.fastjson.TypeReference;
 import com.epmet.commons.tools.redis.RedisKeys;
 import com.epmet.commons.tools.redis.RedisUtils;
 import com.epmet.commons.tools.utils.HttpContextUtils;
 import com.epmet.dto.OperMenuDTO;
+import com.epmet.dto.result.OperResouce;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
@@ -71,4 +74,25 @@ public class OperMenuRedis {
         return (Set<String>)redisUtils.get(key);
     }
 
+    public List<OperResouce> getOperResourcesByUserId(String operId) {
+        String key = RedisKeys.operResourcesByUserId(operId);
+        String json = (String) redisUtils.get(key);
+        return JSON.parseObject(json, new TypeReference<List<OperResouce>>(){});
+    }
+
+    public void setOperResourcesByUserId(String operId, List<OperResouce> resouces) {
+        String key = RedisKeys.operResourcesByUserId(operId);
+        String jsonString = JSON.toJSONString(resouces);
+        redisUtils.set(key, jsonString);
+    }
+
+    /**
+     * 运营端用户资源删除
+     * @param operId
+     * @param resouces
+     */
+    public void deleteOperResourcesByUserId(String operId) {
+        String key = RedisKeys.operResourcesByUserId(operId);
+        redisUtils.delete(key);
+    }
 }

epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/OperMenuService.java

@@ -141,4 +141,6 @@ public interface OperMenuService extends BaseService<OperMenuEntity> {
     List<OperMenuDTO> getListPid(String pid);
 
     void clearOperUserAccess(String app, String client, String userId);
+
+    Boolean hasOperPermission(String uri, String method, String loginUserId);
 }

epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/impl/OperMenuServiceImpl.java

@@ -34,6 +34,7 @@ import com.epmet.commons.tools.utils.TreeUtils;
 import com.epmet.dao.OperMenuDao;
 import com.epmet.dto.OperMenuDTO;
 import com.epmet.dto.OperUserDTO;
+import com.epmet.dto.result.OperResouce;
 import com.epmet.entity.OperMenuEntity;
 import com.epmet.enums.MenuTypeEnum;
 import com.epmet.feign.EpmetUserFeignClient;
@@ -48,6 +49,7 @@ import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
+import org.springframework.util.AntPathMatcher;
 
 import java.util.*;
 
@@ -71,6 +73,8 @@ public class OperMenuServiceImpl extends BaseServiceImpl<OperMenuDao, OperMenuEn
     @Autowired
     private OperLanguageService operLanguageService;
 
+    private final AntPathMatcher antPathMatcher = new AntPathMatcher();
+
     @Override
     public PageData<OperMenuDTO> page(Map<String, Object> params) {
         IPage<OperMenuEntity> page = baseDao.selectPage(
@@ -242,6 +246,9 @@ public class OperMenuServiceImpl extends BaseServiceImpl<OperMenuDao, OperMenuEn
     public void clearOperUserAccess(String app, String client, String userId) {
         //清空当前用户，菜单导航、权限标识
         operMenuRedis.delete(userId, app, client);
+
+//        根据用户id删除用户资源列表，后期可以跟deleteAccess合并起来，先为烟台的安全检测做。
+        operMenuRedis.deleteOperResourcesByUserId(userId);
         logger.info(String.format("运营端用户退出系统%s,清空菜单、权限成功",userId));
     }
 
@@ -249,4 +256,27 @@ public class OperMenuServiceImpl extends BaseServiceImpl<OperMenuDao, OperMenuEn
         operLanguageService.saveOrUpdate("oper_menu", tableId, fieldName, fieldValue, HttpContextUtils.getLanguage());
     }
 
+    @Override
+    public Boolean hasOperPermission(String uri, String method, String operId) {
+        List<OperResouce> resouces = operMenuRedis.getOperResourcesByUserId(operId);
+        if (resouces == null) {
+            resouces = baseDao.getOperResourcesByUserId(operId);
+            operMenuRedis.setOperResourcesByUserId(operId, resouces);
+        }
+
+        return pathMatcher(uri, method, resouces);
+    }
+
+    private boolean pathMatcher(String requestUri, String method, List<OperResouce> resources){
+        for (OperResouce resource : resources) {
+            String resourceUrl = resource.getResourceUrl();
+            String resourceMethod = resource.getResourceMethod();
+
+//            路径匹配 && http方法 匹配
+            if(antPathMatcher.match(resourceUrl, requestUri) && resourceMethod.equals(method)){
+                return true;
+            }
+        }
+        return false;
+    }
 }

epmet-module/oper-access/oper-access-server/src/main/resources/mapper/OperMenuDao.xml

@@ -39,4 +39,15 @@
         select * from oper_menu where del_flag = 0 and pid = #{value}
     </select>
 
+    <select id="getOperResourcesByUserId" resultType="com.epmet.dto.result.OperResouce">
+        select ru.user_id
+             , res.resource_url
+             , res.resource_method
+        from oper_role_user ru
+                     inner join oper_role_menu orm on (ru.role_id = orm.role_id and orm.DEL_FLAG = 0)
+                     inner join oper_menu m on (orm.menu_id = m.id and m.DEL_FLAG = 0 and m.type = 1)
+                     inner join oper_resource res on (orm.menu_id = res.resource_code and res.DEL_FLAG=0)
+        where ru.user_id = #{operId}
+          and ru.DEL_FLAG = 0
+    </select>
 </mapper>