🎉 接口权限增加分布式支持

blade-service-api/blade-scope-api/src/main/java/org/springblade/system/cache/ApiScopeCache.java

@@ -0,0 +1,74 @@
+/*
+ *      Copyright (c) 2018-2028, Chill Zhuang All rights reserved.
+ *
+ *  Redistribution and use in source and binary forms, with or without
+ *  modification, are permitted provided that the following conditions are met:
+ *
+ *  Redistributions of source code must retain the above copyright notice,
+ *  this list of conditions and the following disclaimer.
+ *  Redistributions in binary form must reproduce the above copyright
+ *  notice, this list of conditions and the following disclaimer in the
+ *  documentation and/or other materials provided with the distribution.
+ *  Neither the name of the dreamlu.net developer nor the names of its
+ *  contributors may be used to endorse or promote products derived from
+ *  this software without specific prior written permission.
+ *  Author: Chill 庄骞 (smallchill@163.com)
+ */
+package org.springblade.system.cache;
+
+import org.springblade.core.cache.utils.CacheUtil;
+import org.springblade.core.tool.utils.SpringUtil;
+import org.springblade.core.tool.utils.StringPool;
+import org.springblade.system.feign.IApiScopeClient;
+
+import java.util.List;
+
+import static org.springblade.core.cache.constant.CacheConstant.SYS_CACHE;
+
+/**
+ * 接口权限缓存
+ *
+ * @author Chill
+ */
+public class ApiScopeCache {
+
+	private static final String SCOPE_CACHE_CODE = "apiScope:code:";
+
+	private static IApiScopeClient apiScopeClient;
+
+	static {
+		apiScopeClient = SpringUtil.getBean(IApiScopeClient.class);
+	}
+
+	/**
+	 * 获取接口权限地址
+	 *
+	 * @param roleId 角色id
+	 * @return permissions
+	 */
+	public static List<String> permissionPath(String roleId) {
+		List<String> permissions = CacheUtil.get(SYS_CACHE, SCOPE_CACHE_CODE, roleId, List.class);
+		if (permissions == null) {
+			permissions = apiScopeClient.permissionPath(roleId);
+			CacheUtil.put(SYS_CACHE, SCOPE_CACHE_CODE, roleId, permissions);
+		}
+		return permissions;
+	}
+
+	/**
+	 * 获取接口权限信息
+	 *
+	 * @param permission 权限编号
+	 * @param roleId     角色id
+	 * @return permissions
+	 */
+	public static List<String> permissionCode(String permission, String roleId) {
+		List<String> permissions = CacheUtil.get(SYS_CACHE, SCOPE_CACHE_CODE, permission + StringPool.COLON + roleId, List.class);
+		if (permissions == null) {
+			permissions = apiScopeClient.permissionCode(permission, roleId);
+			CacheUtil.put(SYS_CACHE, SCOPE_CACHE_CODE, permission + StringPool.COLON + roleId, permissions);
+		}
+		return permissions;
+	}
+
+}

blade-service-api/blade-scope-api/src/main/java/org/springblade/system/cache/DataScopeCache.java

@@ -34,8 +34,8 @@ import static org.springblade.core.cache.constant.CacheConstant.SYS_CACHE;
  */
 public class DataScopeCache {
 
-	private static final String SCOPE_CACHE_CODE = "scope:code:";
-	private static final String SCOPE_CACHE_CLASS = "scope:class:";
+	private static final String SCOPE_CACHE_CODE = "dataScope:code:";
+	private static final String SCOPE_CACHE_CLASS = "dataScope:class:";
 	private static final String DEPT_CACHE_ANCESTORS = "dept:ancestors:";
 
 	private static IDataScopeClient dataScopeClient;

blade-service-api/blade-scope-api/src/main/java/org/springblade/system/config/ScopeConfiguration.java

@@ -0,0 +1,50 @@
+/*
+ *      Copyright (c) 2018-2028, Chill Zhuang All rights reserved.
+ *
+ *  Redistribution and use in source and binary forms, with or without
+ *  modification, are permitted provided that the following conditions are met:
+ *
+ *  Redistributions of source code must retain the above copyright notice,
+ *  this list of conditions and the following disclaimer.
+ *  Redistributions in binary form must reproduce the above copyright
+ *  notice, this list of conditions and the following disclaimer in the
+ *  documentation and/or other materials provided with the distribution.
+ *  Neither the name of the dreamlu.net developer nor the names of its
+ *  contributors may be used to endorse or promote products derived from
+ *  this software without specific prior written permission.
+ *  Author: Chill 庄骞 (smallchill@163.com)
+ */
+package org.springblade.system.config;
+
+
+import lombok.AllArgsConstructor;
+import org.springblade.core.datascope.handler.ScopeModelHandler;
+import org.springblade.core.secure.config.RegistryConfiguration;
+import org.springblade.core.secure.handler.IPermissionHandler;
+import org.springblade.system.handler.ApiScopePermissionHandler;
+import org.springblade.system.handler.DataScopeModelHandler;
+import org.springframework.boot.autoconfigure.AutoConfigureBefore;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+/**
+ * 公共封装包配置类
+ *
+ * @author Chill
+ */
+@Configuration
+@AllArgsConstructor
+@AutoConfigureBefore(RegistryConfiguration.class)
+public class ScopeConfiguration {
+
+	@Bean
+	public ScopeModelHandler scopeModelHandler() {
+		return new DataScopeModelHandler();
+	}
+
+	@Bean
+	public IPermissionHandler permissionHandler() {
+		return new ApiScopePermissionHandler();
+	}
+
+}

blade-service-api/blade-scope-api/src/main/java/org/springblade/system/feign/IApiScopeClient.java

@@ -0,0 +1,60 @@
+/*
+ *      Copyright (c) 2018-2028, Chill Zhuang All rights reserved.
+ *
+ *  Redistribution and use in source and binary forms, with or without
+ *  modification, are permitted provided that the following conditions are met:
+ *
+ *  Redistributions of source code must retain the above copyright notice,
+ *  this list of conditions and the following disclaimer.
+ *  Redistributions in binary form must reproduce the above copyright
+ *  notice, this list of conditions and the following disclaimer in the
+ *  documentation and/or other materials provided with the distribution.
+ *  Neither the name of the dreamlu.net developer nor the names of its
+ *  contributors may be used to endorse or promote products derived from
+ *  this software without specific prior written permission.
+ *  Author: Chill 庄骞 (smallchill@163.com)
+ */
+package org.springblade.system.feign;
+
+import org.springblade.core.launch.constant.AppConstant;
+import org.springframework.cloud.openfeign.FeignClient;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+
+import java.util.List;
+
+/**
+ * 接口权限Feign接口类
+ *
+ * @author Chill
+ */
+@FeignClient(
+	value = AppConstant.APPLICATION_SYSTEM_NAME,
+	fallback = IApiScopeClientFallback.class
+)
+public interface IApiScopeClient {
+
+	String API_PREFIX = "/client/api-scope";
+	String PERMISSION_PATH = API_PREFIX + "/permission-path";
+	String PERMISSION_CODE = API_PREFIX + "/permission-code";
+
+	/**
+	 * 获取接口权限地址
+	 *
+	 * @param roleId 角色id
+	 * @return permissions
+	 */
+	@GetMapping(PERMISSION_PATH)
+	List<String> permissionPath(@RequestParam("roleId") String roleId);
+
+	/**
+	 * 获取接口权限信息
+	 *
+	 * @param permission 权限编号
+	 * @param roleId     角色id
+	 * @return permissions
+	 */
+	@GetMapping(PERMISSION_CODE)
+	List<String> permissionCode(@RequestParam("permission") String permission, @RequestParam("roleId") String roleId);
+
+}

blade-service-api/blade-scope-api/src/main/java/org/springblade/system/feign/IApiScopeClientFallback.java

@@ -14,27 +14,26 @@
  *  this software without specific prior written permission.
  *  Author: Chill 庄骞 (smallchill@163.com)
  */
-package org.springblade.system.config;
+package org.springblade.system.feign;
 
+import org.springframework.stereotype.Component;
 
-import lombok.AllArgsConstructor;
-import org.springblade.core.datascope.rule.ScopeModelRule;
-import org.springblade.system.rule.DataScopeModelRule;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
+import java.util.List;
 
 /**
- * 公共封装包配置类
+ * IApiScopeClientFallback
  *
  * @author Chill
  */
-@Configuration
-@AllArgsConstructor
-public class DataScopeConfiguration {
-
-	@Bean
-	public ScopeModelRule scopeModelRule() {
-		return new DataScopeModelRule();
+@Component
+public class IApiScopeClientFallback implements IApiScopeClient {
+	@Override
+	public List<String> permissionPath(String roleId) {
+		return null;
 	}
 
+	@Override
+	public List<String> permissionCode(String permission, String roleId) {
+		return null;
+	}
 }

blade-service-api/blade-scope-api/src/main/java/org/springblade/system/handler/ApiScopePermissionHandler.java

@@ -0,0 +1,63 @@
+/*
+ *      Copyright (c) 2018-2028, Chill Zhuang All rights reserved.
+ *
+ *  Redistribution and use in source and binary forms, with or without
+ *  modification, are permitted provided that the following conditions are met:
+ *
+ *  Redistributions of source code must retain the above copyright notice,
+ *  this list of conditions and the following disclaimer.
+ *  Redistributions in binary form must reproduce the above copyright
+ *  notice, this list of conditions and the following disclaimer in the
+ *  documentation and/or other materials provided with the distribution.
+ *  Neither the name of the dreamlu.net developer nor the names of its
+ *  contributors may be used to endorse or promote products derived from
+ *  this software without specific prior written permission.
+ *  Author: Chill 庄骞 (smallchill@163.com)
+ */
+package org.springblade.system.handler;
+
+import org.springblade.core.secure.BladeUser;
+import org.springblade.core.secure.handler.IPermissionHandler;
+import org.springblade.core.secure.utils.SecureUtil;
+import org.springblade.core.tool.utils.WebUtil;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.List;
+
+import static org.springblade.system.cache.ApiScopeCache.permissionCode;
+import static org.springblade.system.cache.ApiScopeCache.permissionPath;
+
+/**
+ * 接口权限校验类
+ *
+ * @author Chill
+ */
+public class ApiScopePermissionHandler implements IPermissionHandler {
+
+	@Override
+	public boolean permissionAll() {
+		HttpServletRequest request = WebUtil.getRequest();
+		BladeUser user = SecureUtil.getUser();
+		if (request == null || user == null) {
+			return false;
+		}
+		String uri = request.getRequestURI();
+		List<String> paths = permissionPath(user.getRoleId());
+		if (paths == null || paths.size() == 0) {
+			return false;
+		}
+		return paths.stream().anyMatch(uri::contains);
+	}
+
+	@Override
+	public boolean hasPermission(String permission) {
+		HttpServletRequest request = WebUtil.getRequest();
+		BladeUser user = SecureUtil.getUser();
+		if (request == null || user == null) {
+			return false;
+		}
+		List<String> codes = permissionCode(permission, user.getRoleId());
+		return codes != null && codes.size() != 0;
+	}
+
+}

blade-service-api/blade-scope-api/src/main/java/org/springblade/system/handler/DataScopeModelHandler.java

@@ -14,10 +14,10 @@
  *  this software without specific prior written permission.
  *  Author: Chill 庄骞 (smallchill@163.com)
  */
-package org.springblade.system.rule;
+package org.springblade.system.handler;
 
+import org.springblade.core.datascope.handler.ScopeModelHandler;
 import org.springblade.core.datascope.model.DataScopeModel;
-import org.springblade.core.datascope.rule.ScopeModelRule;
 import org.springblade.system.cache.DataScopeCache;
 
 import java.util.List;
@@ -27,7 +27,7 @@ import java.util.List;
  *
  * @author Chill
  */
-public class DataScopeModelRule implements ScopeModelRule {
+public class DataScopeModelHandler implements ScopeModelHandler {
 
 	/**
 	 * 获取数据权限

blade-service/blade-system/src/main/java/org/springblade/system/feign/ApiScopeClient.java

@@ -0,0 +1,61 @@
+/*
+ *      Copyright (c) 2018-2028, Chill Zhuang All rights reserved.
+ *
+ *  Redistribution and use in source and binary forms, with or without
+ *  modification, are permitted provided that the following conditions are met:
+ *
+ *  Redistributions of source code must retain the above copyright notice,
+ *  this list of conditions and the following disclaimer.
+ *  Redistributions in binary form must reproduce the above copyright
+ *  notice, this list of conditions and the following disclaimer in the
+ *  documentation and/or other materials provided with the distribution.
+ *  Neither the name of the dreamlu.net developer nor the names of its
+ *  contributors may be used to endorse or promote products derived from
+ *  this software without specific prior written permission.
+ *  Author: Chill 庄骞 (smallchill@163.com)
+ */
+package org.springblade.system.feign;
+
+import lombok.RequiredArgsConstructor;
+import org.springblade.core.tool.utils.Func;
+import org.springframework.jdbc.core.JdbcTemplate;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+import springfox.documentation.annotations.ApiIgnore;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import static org.springblade.core.secure.constant.PermissionConstant.permissionAllStatement;
+import static org.springblade.core.secure.constant.PermissionConstant.permissionStatement;
+
+/**
+ * 接口权限Feign实现类
+ *
+ * @author Chill
+ */
+@ApiIgnore
+@RestController
+@RequiredArgsConstructor
+public class ApiScopeClient implements IApiScopeClient {
+
+	private final JdbcTemplate jdbcTemplate;
+
+	@Override
+	@GetMapping(PERMISSION_PATH)
+	public List<String> permissionPath(String roleId) {
+		List<Long> roleIds = Func.toLongList(roleId);
+		return jdbcTemplate.queryForList(permissionAllStatement(roleIds.size()), roleIds.toArray(), String.class);
+	}
+
+	@Override
+	@GetMapping(PERMISSION_CODE)
+	public List<String> permissionCode(String permission, String roleId) {
+		List<Object> args = new ArrayList<>(Collections.singletonList(permission));
+		List<Long> roleIds = Func.toLongList(roleId);
+		args.addAll(roleIds);
+		return jdbcTemplate.queryForList(permissionStatement(roleIds.size()), args.toArray(), String.class);
+	}
+
+}