From 2625c01f058f5e284af1b3855cfa01d8fdf64f28 Mon Sep 17 00:00:00 2001 From: houwei Date: Wed, 26 Jun 2024 15:25:06 +0800 Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E6=9D=83=E9=99=90=E5=88=A4?= =?UTF-8?q?=E6=96=AD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../com/das/common/config/SessionUtil.java | 8 ++++ .../das/common/config/StpInterfaceImpl.java | 43 +++++++++++++++++++ .../auth/controller/SysMenusController.java | 24 +++++++++++ .../auth/controller/SysOrgController.java | 20 +++++++++ .../auth/controller/SysRoleController.java | 20 +++++++++ .../auth/controller/SysUserController.java | 20 +++++++++ .../das/modules/auth/domain/vo/SysUserVo.java | 7 ++- .../modules/auth/mapper/SysUserMapper.java | 10 +++++ .../auth/service/impl/LoginServiceImpl.java | 9 ++++ .../service/impl/SysAuthorityServiceImpl.java | 6 +-- .../main/resources/mapper/SysUserMapper.xml | 20 +++++++++ 11 files changed, 183 insertions(+), 4 deletions(-) create mode 100644 das/src/main/java/com/das/common/config/SessionUtil.java create mode 100644 das/src/main/java/com/das/common/config/StpInterfaceImpl.java diff --git a/das/src/main/java/com/das/common/config/SessionUtil.java b/das/src/main/java/com/das/common/config/SessionUtil.java new file mode 100644 index 00000000..70fdcc02 --- /dev/null +++ b/das/src/main/java/com/das/common/config/SessionUtil.java @@ -0,0 +1,8 @@ +package com.das.common.config; + +/** + * Session 变量定义 + */ +public class SessionUtil { + public static final String SESSION_USER_KEY = "current_user"; +} diff --git a/das/src/main/java/com/das/common/config/StpInterfaceImpl.java b/das/src/main/java/com/das/common/config/StpInterfaceImpl.java new file mode 100644 index 00000000..a1c653bd --- /dev/null +++ b/das/src/main/java/com/das/common/config/StpInterfaceImpl.java @@ -0,0 +1,43 @@ +package com.das.common.config; + +import cn.dev33.satoken.stp.StpInterface; +import cn.dev33.satoken.stp.StpUtil; +import org.springframework.stereotype.Component; +import com.das.modules.auth.domain.vo.SysUserVo; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.List; + +/** + * 自定义权限验证接口扩展 + */ +@Component // 保证此类被springboot扫描,完成sa-token的自定义权限验证扩展 +public class StpInterfaceImpl implements StpInterface { + @Override + public List getPermissionList(Object loginId, String s) { + SysUserVo currentUser = (SysUserVo) StpUtil.getTokenSession().get(SessionUtil.SESSION_USER_KEY); + if(currentUser==null){ + return Collections.emptyList(); + }else{ + List list = new ArrayList<>(); + currentUser.getAuthorities().forEach(item->{ + list.add(item.toString()); + }); + + return list; + } + } + + /** + * 权限判断这块 全部采用权限Permission 判断,不采用角色Role判断 + * @param loginId + * @param s + * @return + */ + @Override + public List getRoleList(Object loginId, String s) { + return Collections.emptyList(); + } +} diff --git a/das/src/main/java/com/das/modules/auth/controller/SysMenusController.java b/das/src/main/java/com/das/modules/auth/controller/SysMenusController.java index cbe2ed49..c0f80fa7 100644 --- a/das/src/main/java/com/das/modules/auth/controller/SysMenusController.java +++ b/das/src/main/java/com/das/modules/auth/controller/SysMenusController.java @@ -1,15 +1,21 @@ package com.das.modules.auth.controller; +import cn.dev33.satoken.annotation.SaCheckPermission; +import cn.dev33.satoken.stp.StpUtil; +import com.das.common.config.SessionUtil; +import com.das.common.config.SysAuthorityIds; import com.das.common.result.R; import com.das.common.utils.PageDataInfo; import com.das.common.utils.PageQuery; import com.das.modules.auth.domain.dto.DeleteDto; import com.das.modules.auth.domain.dto.SysMenuDto; import com.das.modules.auth.domain.dto.SysMenuQueryDto; +import com.das.modules.auth.domain.vo.SysUserVo; import com.das.modules.auth.entity.SysMenu; import com.das.modules.auth.service.SysMenuService; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.util.StringUtils; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; @@ -32,6 +38,12 @@ public class SysMenusController { */ @PostMapping("/add") public R createMenu(@RequestBody SysMenuDto sysMenuDto) { + + //判断是否有权限 + boolean hasPermission = StpUtil.hasPermission(SysAuthorityIds.SYS_AUTHORITY_ID_ADMIN.toString()); + if(!hasPermission){ + return R.fail("没有系统管理权限"); + } return R.success(sysMenuService.createMenu(sysMenuDto)); } @@ -41,6 +53,12 @@ public class SysMenusController { */ @PostMapping("/update") public R updateMenu(@RequestBody SysMenuDto sysMenuDto) { + //判断是否有权限 + boolean hasPermission = StpUtil.hasPermission(SysAuthorityIds.SYS_AUTHORITY_ID_ADMIN.toString()); + if(!hasPermission){ + return R.fail("没有系统管理权限"); + } + sysMenuService.updateMenu(sysMenuDto); return R.success(); } @@ -51,6 +69,12 @@ public class SysMenusController { */ @PostMapping("/delete") public R deleteMenu(@RequestBody DeleteDto deleteDto) { + //判断是否有权限 + boolean hasPermission = StpUtil.hasPermission(SysAuthorityIds.SYS_AUTHORITY_ID_ADMIN.toString()); + if(!hasPermission){ + return R.fail("没有系统管理权限"); + } + sysMenuService.deleteMenu(deleteDto); return R.success(); } diff --git a/das/src/main/java/com/das/modules/auth/controller/SysOrgController.java b/das/src/main/java/com/das/modules/auth/controller/SysOrgController.java index e3fafee0..f6ef1a77 100644 --- a/das/src/main/java/com/das/modules/auth/controller/SysOrgController.java +++ b/das/src/main/java/com/das/modules/auth/controller/SysOrgController.java @@ -1,5 +1,7 @@ package com.das.modules.auth.controller; +import cn.dev33.satoken.stp.StpUtil; +import com.das.common.config.SysAuthorityIds; import com.das.common.result.R; import com.das.common.utils.PageDataInfo; import com.das.common.utils.PageQuery; @@ -32,6 +34,12 @@ public class SysOrgController { */ @PostMapping("/add") public R createOrg(@RequestBody SysOrgDto sysOrgDto) { + //判断是否有权限 + boolean hasPermission = StpUtil.hasPermission(SysAuthorityIds.SYS_AUTHORITY_ID_ADMIN.toString()); + if(!hasPermission){ + return R.fail("没有系统管理权限"); + } + return R.success(sysOrgService.createOrg(sysOrgDto)); } @@ -41,6 +49,12 @@ public class SysOrgController { */ @PostMapping("/update") public R updateOrg(@RequestBody SysOrgDto sysOrgDto) { + //判断是否有权限 + boolean hasPermission = StpUtil.hasPermission(SysAuthorityIds.SYS_AUTHORITY_ID_ADMIN.toString()); + if(!hasPermission){ + return R.fail("没有系统管理权限"); + } + sysOrgService.updateOrg(sysOrgDto); return R.success(); } @@ -51,6 +65,12 @@ public class SysOrgController { */ @PostMapping("/delete") public R deleteOrg(@RequestBody DeleteDto deleteDto) { + //判断是否有权限 + boolean hasPermission = StpUtil.hasPermission(SysAuthorityIds.SYS_AUTHORITY_ID_ADMIN.toString()); + if(!hasPermission){ + return R.fail("没有系统管理权限"); + } + sysOrgService.deleteOrg(deleteDto); return R.success(); } diff --git a/das/src/main/java/com/das/modules/auth/controller/SysRoleController.java b/das/src/main/java/com/das/modules/auth/controller/SysRoleController.java index 64d12ef0..dded787b 100644 --- a/das/src/main/java/com/das/modules/auth/controller/SysRoleController.java +++ b/das/src/main/java/com/das/modules/auth/controller/SysRoleController.java @@ -1,5 +1,7 @@ package com.das.modules.auth.controller; +import cn.dev33.satoken.stp.StpUtil; +import com.das.common.config.SysAuthorityIds; import com.das.common.result.R; import com.das.common.utils.PageDataInfo; import com.das.common.utils.PageQuery; @@ -32,6 +34,12 @@ public class SysRoleController { */ @PostMapping("/add") public R createRole(@RequestBody SysRoleDto sysRoleDto) { + //判断是否有权限 + boolean hasPermission = StpUtil.hasPermission(SysAuthorityIds.SYS_AUTHORITY_ID_ADMIN.toString()); + if(!hasPermission){ + return R.fail("没有系统管理权限"); + } + return R.success(sysRoleService.createRole(sysRoleDto)); } @@ -41,6 +49,12 @@ public class SysRoleController { */ @PostMapping("/update") public R updateRole(@RequestBody SysRoleDto sysRoleDto) { + //判断是否有权限 + boolean hasPermission = StpUtil.hasPermission(SysAuthorityIds.SYS_AUTHORITY_ID_ADMIN.toString()); + if(!hasPermission){ + return R.fail("没有系统管理权限"); + } + return R.success(sysRoleService.updateRole(sysRoleDto)); } @@ -50,6 +64,12 @@ public class SysRoleController { */ @PostMapping("/delete") public R deleteRole(@RequestBody DeleteDto deleteDto) { + //判断是否有权限 + boolean hasPermission = StpUtil.hasPermission(SysAuthorityIds.SYS_AUTHORITY_ID_ADMIN.toString()); + if(!hasPermission){ + return R.fail("没有系统管理权限"); + } + sysRoleService.deleteRole(deleteDto); return R.success(); } diff --git a/das/src/main/java/com/das/modules/auth/controller/SysUserController.java b/das/src/main/java/com/das/modules/auth/controller/SysUserController.java index 0d4f25e3..a93ac7c1 100644 --- a/das/src/main/java/com/das/modules/auth/controller/SysUserController.java +++ b/das/src/main/java/com/das/modules/auth/controller/SysUserController.java @@ -1,5 +1,7 @@ package com.das.modules.auth.controller; +import cn.dev33.satoken.stp.StpUtil; +import com.das.common.config.SysAuthorityIds; import com.das.common.result.R; import com.das.common.utils.PageDataInfo; import com.das.common.utils.PageQuery; @@ -32,6 +34,12 @@ public class SysUserController { */ @PostMapping("/add") public R createUser(@RequestBody SysUserDto sysUserDto) { + //判断是否有权限 + boolean hasPermission = StpUtil.hasPermission(SysAuthorityIds.SYS_AUTHORITY_ID_ADMIN.toString()); + if(!hasPermission){ + return R.fail("没有系统管理权限"); + } + return R.success(sysUserService.createUser(sysUserDto)); } @@ -41,6 +49,12 @@ public class SysUserController { */ @PostMapping("/update") public R updateUser(@RequestBody SysUserDto sysUserDto) { + //判断是否有权限 + boolean hasPermission = StpUtil.hasPermission(SysAuthorityIds.SYS_AUTHORITY_ID_ADMIN.toString()); + if(!hasPermission){ + return R.fail("没有系统管理权限"); + } + sysUserService.updateUser(sysUserDto); return R.success(); } @@ -51,6 +65,12 @@ public class SysUserController { */ @PostMapping("/delete") public R deleteUser(@RequestBody DeleteDto deleteDto) { + //判断是否有权限 + boolean hasPermission = StpUtil.hasPermission(SysAuthorityIds.SYS_AUTHORITY_ID_ADMIN.toString()); + if(!hasPermission){ + return R.fail("没有系统管理权限"); + } + sysUserService.deleteUser(deleteDto); return R.success(); } diff --git a/das/src/main/java/com/das/modules/auth/domain/vo/SysUserVo.java b/das/src/main/java/com/das/modules/auth/domain/vo/SysUserVo.java index 3feb73c6..12fbf9da 100644 --- a/das/src/main/java/com/das/modules/auth/domain/vo/SysUserVo.java +++ b/das/src/main/java/com/das/modules/auth/domain/vo/SysUserVo.java @@ -4,6 +4,8 @@ import lombok.Data; import java.io.Serial; import java.io.Serializable; +import java.util.ArrayList; +import java.util.List; /** * 账号信息 @@ -45,5 +47,8 @@ public class SysUserVo implements Serializable { */ private Long orgId; - + /** + *权限列表 + */ + private List authorities=new ArrayList<>(); } diff --git a/das/src/main/java/com/das/modules/auth/mapper/SysUserMapper.java b/das/src/main/java/com/das/modules/auth/mapper/SysUserMapper.java index 20aa8bfd..aad2ad63 100644 --- a/das/src/main/java/com/das/modules/auth/mapper/SysUserMapper.java +++ b/das/src/main/java/com/das/modules/auth/mapper/SysUserMapper.java @@ -2,10 +2,13 @@ package com.das.modules.auth.mapper; import com.baomidou.mybatisplus.core.metadata.IPage; import com.das.modules.auth.domain.dto.SysUserQueryDto; +import com.das.modules.auth.entity.SysOrg; import com.das.modules.auth.entity.SysUser; import com.baomidou.mybatisplus.core.mapper.BaseMapper; import org.apache.ibatis.annotations.Param; +import java.util.List; + /** *

* 用户信息 Mapper 接口 @@ -15,4 +18,11 @@ import org.apache.ibatis.annotations.Param; */ public interface SysUserMapper extends BaseMapper { IPage queryUserList(IPage page, @Param("sysUser") SysUserQueryDto sysUserQueryDto); + + /** + * 根据用户id查询权限列表 + * @param userId 用户id + * @return 该用户拥有的权限id列表 + */ + List queryAuthoritiesByUserId(@Param("userId") Long userId); } diff --git a/das/src/main/java/com/das/modules/auth/service/impl/LoginServiceImpl.java b/das/src/main/java/com/das/modules/auth/service/impl/LoginServiceImpl.java index b4717b6c..146cab73 100644 --- a/das/src/main/java/com/das/modules/auth/service/impl/LoginServiceImpl.java +++ b/das/src/main/java/com/das/modules/auth/service/impl/LoginServiceImpl.java @@ -7,6 +7,7 @@ import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; import com.baomidou.mybatisplus.core.toolkit.Wrappers; import com.das.common.captcha.CaptchaUtils; import com.das.common.config.SaTokenProperties; +import com.das.common.config.SessionUtil; import com.das.common.utils.AdminRedisTemplate; import com.das.modules.auth.domain.vo.LoginUserDetailsVo; import com.das.modules.auth.domain.dto.LoginDto; @@ -75,10 +76,18 @@ public class LoginServiceImpl implements LoginService { sysUserVo.setEmail(sysUser.getEmail()); sysUserVo.setOrgId(sysUser.getOrgId()); + //查询用户权限列表 + sysUserVo.setAuthorities(sysUserMapper.queryAuthoritiesByUserId(sysUser.getId())); + loginInfo.setSysUser(sysUserVo); // 存储用户信息到会话 loginInfo.setToken(token); loginInfo.setRefreshToken(refreshTokenUuid); + adminRedisTemplate.setEx(refreshToken, loginInfo, Duration.ofSeconds(saTokenProperties.getRefreshExpireTime())); + + //将登录用户信息存入 Session + StpUtil.getTokenSession().set(SessionUtil.SESSION_USER_KEY, sysUserVo); + return loginInfo; } diff --git a/das/src/main/java/com/das/modules/auth/service/impl/SysAuthorityServiceImpl.java b/das/src/main/java/com/das/modules/auth/service/impl/SysAuthorityServiceImpl.java index e3d37dc4..b1738198 100644 --- a/das/src/main/java/com/das/modules/auth/service/impl/SysAuthorityServiceImpl.java +++ b/das/src/main/java/com/das/modules/auth/service/impl/SysAuthorityServiceImpl.java @@ -30,9 +30,9 @@ public class SysAuthorityServiceImpl implements SysAuthorityService { @PostConstruct public void init() { List list = new ArrayList<>(); - list.add(new SysAuthority(SysAuthorityIds.SYS_AUTHORITY_ID_ADMIN,"systemMgr","系统管理权限",1)); - list.add(new SysAuthority(SysAuthorityIds.SYS_AUTHORITY_ID_DEVICE_MGR,"equipmentLedgerManagement","设备台账维护权限",1)); - list.add(new SysAuthority(SysAuthorityIds.SYS_AUTHORITY_ID_DEVICE_VIEW,"equipmentLedgerView","设备台账浏览权限",1)); + list.add(new SysAuthority(SysAuthorityIds.SYS_AUTHORITY_ID_ADMIN,"SYS_AUTHORITY_ID_ADMIN","系统管理权限",1)); + list.add(new SysAuthority(SysAuthorityIds.SYS_AUTHORITY_ID_DEVICE_MGR,"SYS_AUTHORITY_ID_DEVICE_MGR","设备台账维护权限",1)); + list.add(new SysAuthority(SysAuthorityIds.SYS_AUTHORITY_ID_DEVICE_VIEW,"SYS_AUTHORITY_ID_DEVICE_VIEW","设备台账浏览权限",1)); try { // 性能优化:先查询所有需要的权限是否存在,减少数据库访问次数 diff --git a/das/src/main/resources/mapper/SysUserMapper.xml b/das/src/main/resources/mapper/SysUserMapper.xml index d893fe6b..7696ecda 100644 --- a/das/src/main/resources/mapper/SysUserMapper.xml +++ b/das/src/main/resources/mapper/SysUserMapper.xml @@ -30,4 +30,24 @@ +