8 changed files with 326 additions and 19 deletions
@ -0,0 +1,74 @@
|
||||
/* |
||||
* Copyright (c) 2018-2028, Chill Zhuang All rights reserved. |
||||
* |
||||
* Redistribution and use in source and binary forms, with or without |
||||
* modification, are permitted provided that the following conditions are met: |
||||
* |
||||
* Redistributions of source code must retain the above copyright notice, |
||||
* this list of conditions and the following disclaimer. |
||||
* Redistributions in binary form must reproduce the above copyright |
||||
* notice, this list of conditions and the following disclaimer in the |
||||
* documentation and/or other materials provided with the distribution. |
||||
* Neither the name of the dreamlu.net developer nor the names of its |
||||
* contributors may be used to endorse or promote products derived from |
||||
* this software without specific prior written permission. |
||||
* Author: Chill 庄骞 (smallchill@163.com) |
||||
*/ |
||||
package org.springblade.system.cache; |
||||
|
||||
import org.springblade.core.cache.utils.CacheUtil; |
||||
import org.springblade.core.tool.utils.SpringUtil; |
||||
import org.springblade.core.tool.utils.StringPool; |
||||
import org.springblade.system.feign.IApiScopeClient; |
||||
|
||||
import java.util.List; |
||||
|
||||
import static org.springblade.core.cache.constant.CacheConstant.SYS_CACHE; |
||||
|
||||
/** |
||||
* 接口权限缓存 |
||||
* |
||||
* @author Chill |
||||
*/ |
||||
public class ApiScopeCache { |
||||
|
||||
private static final String SCOPE_CACHE_CODE = "apiScope:code:"; |
||||
|
||||
private static IApiScopeClient apiScopeClient; |
||||
|
||||
static { |
||||
apiScopeClient = SpringUtil.getBean(IApiScopeClient.class); |
||||
} |
||||
|
||||
/** |
||||
* 获取接口权限地址 |
||||
* |
||||
* @param roleId 角色id |
||||
* @return permissions |
||||
*/ |
||||
public static List<String> permissionPath(String roleId) { |
||||
List<String> permissions = CacheUtil.get(SYS_CACHE, SCOPE_CACHE_CODE, roleId, List.class); |
||||
if (permissions == null) { |
||||
permissions = apiScopeClient.permissionPath(roleId); |
||||
CacheUtil.put(SYS_CACHE, SCOPE_CACHE_CODE, roleId, permissions); |
||||
} |
||||
return permissions; |
||||
} |
||||
|
||||
/** |
||||
* 获取接口权限信息 |
||||
* |
||||
* @param permission 权限编号 |
||||
* @param roleId 角色id |
||||
* @return permissions |
||||
*/ |
||||
public static List<String> permissionCode(String permission, String roleId) { |
||||
List<String> permissions = CacheUtil.get(SYS_CACHE, SCOPE_CACHE_CODE, permission + StringPool.COLON + roleId, List.class); |
||||
if (permissions == null) { |
||||
permissions = apiScopeClient.permissionCode(permission, roleId); |
||||
CacheUtil.put(SYS_CACHE, SCOPE_CACHE_CODE, permission + StringPool.COLON + roleId, permissions); |
||||
} |
||||
return permissions; |
||||
} |
||||
|
||||
} |
@ -0,0 +1,50 @@
|
||||
/* |
||||
* Copyright (c) 2018-2028, Chill Zhuang All rights reserved. |
||||
* |
||||
* Redistribution and use in source and binary forms, with or without |
||||
* modification, are permitted provided that the following conditions are met: |
||||
* |
||||
* Redistributions of source code must retain the above copyright notice, |
||||
* this list of conditions and the following disclaimer. |
||||
* Redistributions in binary form must reproduce the above copyright |
||||
* notice, this list of conditions and the following disclaimer in the |
||||
* documentation and/or other materials provided with the distribution. |
||||
* Neither the name of the dreamlu.net developer nor the names of its |
||||
* contributors may be used to endorse or promote products derived from |
||||
* this software without specific prior written permission. |
||||
* Author: Chill 庄骞 (smallchill@163.com) |
||||
*/ |
||||
package org.springblade.system.config; |
||||
|
||||
|
||||
import lombok.AllArgsConstructor; |
||||
import org.springblade.core.datascope.handler.ScopeModelHandler; |
||||
import org.springblade.core.secure.config.RegistryConfiguration; |
||||
import org.springblade.core.secure.handler.IPermissionHandler; |
||||
import org.springblade.system.handler.ApiScopePermissionHandler; |
||||
import org.springblade.system.handler.DataScopeModelHandler; |
||||
import org.springframework.boot.autoconfigure.AutoConfigureBefore; |
||||
import org.springframework.context.annotation.Bean; |
||||
import org.springframework.context.annotation.Configuration; |
||||
|
||||
/** |
||||
* 公共封装包配置类 |
||||
* |
||||
* @author Chill |
||||
*/ |
||||
@Configuration |
||||
@AllArgsConstructor |
||||
@AutoConfigureBefore(RegistryConfiguration.class) |
||||
public class ScopeConfiguration { |
||||
|
||||
@Bean |
||||
public ScopeModelHandler scopeModelHandler() { |
||||
return new DataScopeModelHandler(); |
||||
} |
||||
|
||||
@Bean |
||||
public IPermissionHandler permissionHandler() { |
||||
return new ApiScopePermissionHandler(); |
||||
} |
||||
|
||||
} |
@ -0,0 +1,60 @@
|
||||
/* |
||||
* Copyright (c) 2018-2028, Chill Zhuang All rights reserved. |
||||
* |
||||
* Redistribution and use in source and binary forms, with or without |
||||
* modification, are permitted provided that the following conditions are met: |
||||
* |
||||
* Redistributions of source code must retain the above copyright notice, |
||||
* this list of conditions and the following disclaimer. |
||||
* Redistributions in binary form must reproduce the above copyright |
||||
* notice, this list of conditions and the following disclaimer in the |
||||
* documentation and/or other materials provided with the distribution. |
||||
* Neither the name of the dreamlu.net developer nor the names of its |
||||
* contributors may be used to endorse or promote products derived from |
||||
* this software without specific prior written permission. |
||||
* Author: Chill 庄骞 (smallchill@163.com) |
||||
*/ |
||||
package org.springblade.system.feign; |
||||
|
||||
import org.springblade.core.launch.constant.AppConstant; |
||||
import org.springframework.cloud.openfeign.FeignClient; |
||||
import org.springframework.web.bind.annotation.GetMapping; |
||||
import org.springframework.web.bind.annotation.RequestParam; |
||||
|
||||
import java.util.List; |
||||
|
||||
/** |
||||
* 接口权限Feign接口类 |
||||
* |
||||
* @author Chill |
||||
*/ |
||||
@FeignClient( |
||||
value = AppConstant.APPLICATION_SYSTEM_NAME, |
||||
fallback = IApiScopeClientFallback.class |
||||
) |
||||
public interface IApiScopeClient { |
||||
|
||||
String API_PREFIX = "/client/api-scope"; |
||||
String PERMISSION_PATH = API_PREFIX + "/permission-path"; |
||||
String PERMISSION_CODE = API_PREFIX + "/permission-code"; |
||||
|
||||
/** |
||||
* 获取接口权限地址 |
||||
* |
||||
* @param roleId 角色id |
||||
* @return permissions |
||||
*/ |
||||
@GetMapping(PERMISSION_PATH) |
||||
List<String> permissionPath(@RequestParam("roleId") String roleId); |
||||
|
||||
/** |
||||
* 获取接口权限信息 |
||||
* |
||||
* @param permission 权限编号 |
||||
* @param roleId 角色id |
||||
* @return permissions |
||||
*/ |
||||
@GetMapping(PERMISSION_CODE) |
||||
List<String> permissionCode(@RequestParam("permission") String permission, @RequestParam("roleId") String roleId); |
||||
|
||||
} |
@ -0,0 +1,63 @@
|
||||
/* |
||||
* Copyright (c) 2018-2028, Chill Zhuang All rights reserved. |
||||
* |
||||
* Redistribution and use in source and binary forms, with or without |
||||
* modification, are permitted provided that the following conditions are met: |
||||
* |
||||
* Redistributions of source code must retain the above copyright notice, |
||||
* this list of conditions and the following disclaimer. |
||||
* Redistributions in binary form must reproduce the above copyright |
||||
* notice, this list of conditions and the following disclaimer in the |
||||
* documentation and/or other materials provided with the distribution. |
||||
* Neither the name of the dreamlu.net developer nor the names of its |
||||
* contributors may be used to endorse or promote products derived from |
||||
* this software without specific prior written permission. |
||||
* Author: Chill 庄骞 (smallchill@163.com) |
||||
*/ |
||||
package org.springblade.system.handler; |
||||
|
||||
import org.springblade.core.secure.BladeUser; |
||||
import org.springblade.core.secure.handler.IPermissionHandler; |
||||
import org.springblade.core.secure.utils.SecureUtil; |
||||
import org.springblade.core.tool.utils.WebUtil; |
||||
|
||||
import javax.servlet.http.HttpServletRequest; |
||||
import java.util.List; |
||||
|
||||
import static org.springblade.system.cache.ApiScopeCache.permissionCode; |
||||
import static org.springblade.system.cache.ApiScopeCache.permissionPath; |
||||
|
||||
/** |
||||
* 接口权限校验类 |
||||
* |
||||
* @author Chill |
||||
*/ |
||||
public class ApiScopePermissionHandler implements IPermissionHandler { |
||||
|
||||
@Override |
||||
public boolean permissionAll() { |
||||
HttpServletRequest request = WebUtil.getRequest(); |
||||
BladeUser user = SecureUtil.getUser(); |
||||
if (request == null || user == null) { |
||||
return false; |
||||
} |
||||
String uri = request.getRequestURI(); |
||||
List<String> paths = permissionPath(user.getRoleId()); |
||||
if (paths == null || paths.size() == 0) { |
||||
return false; |
||||
} |
||||
return paths.stream().anyMatch(uri::contains); |
||||
} |
||||
|
||||
@Override |
||||
public boolean hasPermission(String permission) { |
||||
HttpServletRequest request = WebUtil.getRequest(); |
||||
BladeUser user = SecureUtil.getUser(); |
||||
if (request == null || user == null) { |
||||
return false; |
||||
} |
||||
List<String> codes = permissionCode(permission, user.getRoleId()); |
||||
return codes != null && codes.size() != 0; |
||||
} |
||||
|
||||
} |
@ -0,0 +1,61 @@
|
||||
/* |
||||
* Copyright (c) 2018-2028, Chill Zhuang All rights reserved. |
||||
* |
||||
* Redistribution and use in source and binary forms, with or without |
||||
* modification, are permitted provided that the following conditions are met: |
||||
* |
||||
* Redistributions of source code must retain the above copyright notice, |
||||
* this list of conditions and the following disclaimer. |
||||
* Redistributions in binary form must reproduce the above copyright |
||||
* notice, this list of conditions and the following disclaimer in the |
||||
* documentation and/or other materials provided with the distribution. |
||||
* Neither the name of the dreamlu.net developer nor the names of its |
||||
* contributors may be used to endorse or promote products derived from |
||||
* this software without specific prior written permission. |
||||
* Author: Chill 庄骞 (smallchill@163.com) |
||||
*/ |
||||
package org.springblade.system.feign; |
||||
|
||||
import lombok.RequiredArgsConstructor; |
||||
import org.springblade.core.tool.utils.Func; |
||||
import org.springframework.jdbc.core.JdbcTemplate; |
||||
import org.springframework.web.bind.annotation.GetMapping; |
||||
import org.springframework.web.bind.annotation.RestController; |
||||
import springfox.documentation.annotations.ApiIgnore; |
||||
|
||||
import java.util.ArrayList; |
||||
import java.util.Collections; |
||||
import java.util.List; |
||||
|
||||
import static org.springblade.core.secure.constant.PermissionConstant.permissionAllStatement; |
||||
import static org.springblade.core.secure.constant.PermissionConstant.permissionStatement; |
||||
|
||||
/** |
||||
* 接口权限Feign实现类 |
||||
* |
||||
* @author Chill |
||||
*/ |
||||
@ApiIgnore |
||||
@RestController |
||||
@RequiredArgsConstructor |
||||
public class ApiScopeClient implements IApiScopeClient { |
||||
|
||||
private final JdbcTemplate jdbcTemplate; |
||||
|
||||
@Override |
||||
@GetMapping(PERMISSION_PATH) |
||||
public List<String> permissionPath(String roleId) { |
||||
List<Long> roleIds = Func.toLongList(roleId); |
||||
return jdbcTemplate.queryForList(permissionAllStatement(roleIds.size()), roleIds.toArray(), String.class); |
||||
} |
||||
|
||||
@Override |
||||
@GetMapping(PERMISSION_CODE) |
||||
public List<String> permissionCode(String permission, String roleId) { |
||||
List<Object> args = new ArrayList<>(Collections.singletonList(permission)); |
||||
List<Long> roleIds = Func.toLongList(roleId); |
||||
args.addAll(roleIds); |
||||
return jdbcTemplate.queryForList(permissionStatement(roleIds.size()), args.toArray(), String.class); |
||||
} |
||||
|
||||
} |
Loading…
Reference in new issue