From 00c1e92e3ea2589af52d9f6afa2b3ca99165e49b Mon Sep 17 00:00:00 2001 From: smallchill Date: Sun, 14 Jul 2019 16:02:40 +0800 Subject: [PATCH] =?UTF-8?q?:tada:=20=E6=8E=A5=E5=8F=A3=E6=9D=83=E9=99=90?= =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E5=88=86=E5=B8=83=E5=BC=8F=E6=94=AF=E6=8C=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../system/cache/ApiScopeCache.java | 74 +++++++++++++++++++ .../system/cache/DataScopeCache.java | 4 +- .../system/config/ScopeConfiguration.java | 50 +++++++++++++ .../system/feign/IApiScopeClient.java | 60 +++++++++++++++ .../IApiScopeClientFallback.java} | 27 ++++--- .../handler/ApiScopePermissionHandler.java | 63 ++++++++++++++++ .../DataScopeModelHandler.java} | 6 +- .../system/feign/ApiScopeClient.java | 61 +++++++++++++++ 8 files changed, 326 insertions(+), 19 deletions(-) create mode 100644 blade-service-api/blade-scope-api/src/main/java/org/springblade/system/cache/ApiScopeCache.java create mode 100644 blade-service-api/blade-scope-api/src/main/java/org/springblade/system/config/ScopeConfiguration.java create mode 100644 blade-service-api/blade-scope-api/src/main/java/org/springblade/system/feign/IApiScopeClient.java rename blade-service-api/blade-scope-api/src/main/java/org/springblade/system/{config/DataScopeConfiguration.java => feign/IApiScopeClientFallback.java} (64%) create mode 100644 blade-service-api/blade-scope-api/src/main/java/org/springblade/system/handler/ApiScopePermissionHandler.java rename blade-service-api/blade-scope-api/src/main/java/org/springblade/system/{rule/DataScopeModelRule.java => handler/DataScopeModelHandler.java} (91%) create mode 100644 blade-service/blade-system/src/main/java/org/springblade/system/feign/ApiScopeClient.java diff --git a/blade-service-api/blade-scope-api/src/main/java/org/springblade/system/cache/ApiScopeCache.java b/blade-service-api/blade-scope-api/src/main/java/org/springblade/system/cache/ApiScopeCache.java new file mode 100644 index 00000000..9495a2b6 --- /dev/null +++ b/blade-service-api/blade-scope-api/src/main/java/org/springblade/system/cache/ApiScopeCache.java @@ -0,0 +1,74 @@ +/* + * Copyright (c) 2018-2028, Chill Zhuang All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * Neither the name of the dreamlu.net developer nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * Author: Chill 庄骞 (smallchill@163.com) + */ +package org.springblade.system.cache; + +import org.springblade.core.cache.utils.CacheUtil; +import org.springblade.core.tool.utils.SpringUtil; +import org.springblade.core.tool.utils.StringPool; +import org.springblade.system.feign.IApiScopeClient; + +import java.util.List; + +import static org.springblade.core.cache.constant.CacheConstant.SYS_CACHE; + +/** + * 接口权限缓存 + * + * @author Chill + */ +public class ApiScopeCache { + + private static final String SCOPE_CACHE_CODE = "apiScope:code:"; + + private static IApiScopeClient apiScopeClient; + + static { + apiScopeClient = SpringUtil.getBean(IApiScopeClient.class); + } + + /** + * 获取接口权限地址 + * + * @param roleId 角色id + * @return permissions + */ + public static List permissionPath(String roleId) { + List permissions = CacheUtil.get(SYS_CACHE, SCOPE_CACHE_CODE, roleId, List.class); + if (permissions == null) { + permissions = apiScopeClient.permissionPath(roleId); + CacheUtil.put(SYS_CACHE, SCOPE_CACHE_CODE, roleId, permissions); + } + return permissions; + } + + /** + * 获取接口权限信息 + * + * @param permission 权限编号 + * @param roleId 角色id + * @return permissions + */ + public static List permissionCode(String permission, String roleId) { + List permissions = CacheUtil.get(SYS_CACHE, SCOPE_CACHE_CODE, permission + StringPool.COLON + roleId, List.class); + if (permissions == null) { + permissions = apiScopeClient.permissionCode(permission, roleId); + CacheUtil.put(SYS_CACHE, SCOPE_CACHE_CODE, permission + StringPool.COLON + roleId, permissions); + } + return permissions; + } + +} diff --git a/blade-service-api/blade-scope-api/src/main/java/org/springblade/system/cache/DataScopeCache.java b/blade-service-api/blade-scope-api/src/main/java/org/springblade/system/cache/DataScopeCache.java index 8d8205fb..895d3a5a 100644 --- a/blade-service-api/blade-scope-api/src/main/java/org/springblade/system/cache/DataScopeCache.java +++ b/blade-service-api/blade-scope-api/src/main/java/org/springblade/system/cache/DataScopeCache.java @@ -34,8 +34,8 @@ import static org.springblade.core.cache.constant.CacheConstant.SYS_CACHE; */ public class DataScopeCache { - private static final String SCOPE_CACHE_CODE = "scope:code:"; - private static final String SCOPE_CACHE_CLASS = "scope:class:"; + private static final String SCOPE_CACHE_CODE = "dataScope:code:"; + private static final String SCOPE_CACHE_CLASS = "dataScope:class:"; private static final String DEPT_CACHE_ANCESTORS = "dept:ancestors:"; private static IDataScopeClient dataScopeClient; diff --git a/blade-service-api/blade-scope-api/src/main/java/org/springblade/system/config/ScopeConfiguration.java b/blade-service-api/blade-scope-api/src/main/java/org/springblade/system/config/ScopeConfiguration.java new file mode 100644 index 00000000..5e3f3b74 --- /dev/null +++ b/blade-service-api/blade-scope-api/src/main/java/org/springblade/system/config/ScopeConfiguration.java @@ -0,0 +1,50 @@ +/* + * Copyright (c) 2018-2028, Chill Zhuang All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * Neither the name of the dreamlu.net developer nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * Author: Chill 庄骞 (smallchill@163.com) + */ +package org.springblade.system.config; + + +import lombok.AllArgsConstructor; +import org.springblade.core.datascope.handler.ScopeModelHandler; +import org.springblade.core.secure.config.RegistryConfiguration; +import org.springblade.core.secure.handler.IPermissionHandler; +import org.springblade.system.handler.ApiScopePermissionHandler; +import org.springblade.system.handler.DataScopeModelHandler; +import org.springframework.boot.autoconfigure.AutoConfigureBefore; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; + +/** + * 公共封装包配置类 + * + * @author Chill + */ +@Configuration +@AllArgsConstructor +@AutoConfigureBefore(RegistryConfiguration.class) +public class ScopeConfiguration { + + @Bean + public ScopeModelHandler scopeModelHandler() { + return new DataScopeModelHandler(); + } + + @Bean + public IPermissionHandler permissionHandler() { + return new ApiScopePermissionHandler(); + } + +} diff --git a/blade-service-api/blade-scope-api/src/main/java/org/springblade/system/feign/IApiScopeClient.java b/blade-service-api/blade-scope-api/src/main/java/org/springblade/system/feign/IApiScopeClient.java new file mode 100644 index 00000000..d812e647 --- /dev/null +++ b/blade-service-api/blade-scope-api/src/main/java/org/springblade/system/feign/IApiScopeClient.java @@ -0,0 +1,60 @@ +/* + * Copyright (c) 2018-2028, Chill Zhuang All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * Neither the name of the dreamlu.net developer nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * Author: Chill 庄骞 (smallchill@163.com) + */ +package org.springblade.system.feign; + +import org.springblade.core.launch.constant.AppConstant; +import org.springframework.cloud.openfeign.FeignClient; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RequestParam; + +import java.util.List; + +/** + * 接口权限Feign接口类 + * + * @author Chill + */ +@FeignClient( + value = AppConstant.APPLICATION_SYSTEM_NAME, + fallback = IApiScopeClientFallback.class +) +public interface IApiScopeClient { + + String API_PREFIX = "/client/api-scope"; + String PERMISSION_PATH = API_PREFIX + "/permission-path"; + String PERMISSION_CODE = API_PREFIX + "/permission-code"; + + /** + * 获取接口权限地址 + * + * @param roleId 角色id + * @return permissions + */ + @GetMapping(PERMISSION_PATH) + List permissionPath(@RequestParam("roleId") String roleId); + + /** + * 获取接口权限信息 + * + * @param permission 权限编号 + * @param roleId 角色id + * @return permissions + */ + @GetMapping(PERMISSION_CODE) + List permissionCode(@RequestParam("permission") String permission, @RequestParam("roleId") String roleId); + +} diff --git a/blade-service-api/blade-scope-api/src/main/java/org/springblade/system/config/DataScopeConfiguration.java b/blade-service-api/blade-scope-api/src/main/java/org/springblade/system/feign/IApiScopeClientFallback.java similarity index 64% rename from blade-service-api/blade-scope-api/src/main/java/org/springblade/system/config/DataScopeConfiguration.java rename to blade-service-api/blade-scope-api/src/main/java/org/springblade/system/feign/IApiScopeClientFallback.java index 1d144b2f..de7eea4f 100644 --- a/blade-service-api/blade-scope-api/src/main/java/org/springblade/system/config/DataScopeConfiguration.java +++ b/blade-service-api/blade-scope-api/src/main/java/org/springblade/system/feign/IApiScopeClientFallback.java @@ -14,27 +14,26 @@ * this software without specific prior written permission. * Author: Chill 庄骞 (smallchill@163.com) */ -package org.springblade.system.config; +package org.springblade.system.feign; +import org.springframework.stereotype.Component; -import lombok.AllArgsConstructor; -import org.springblade.core.datascope.rule.ScopeModelRule; -import org.springblade.system.rule.DataScopeModelRule; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; +import java.util.List; /** - * 公共封装包配置类 + * IApiScopeClientFallback * * @author Chill */ -@Configuration -@AllArgsConstructor -public class DataScopeConfiguration { - - @Bean - public ScopeModelRule scopeModelRule() { - return new DataScopeModelRule(); +@Component +public class IApiScopeClientFallback implements IApiScopeClient { + @Override + public List permissionPath(String roleId) { + return null; } + @Override + public List permissionCode(String permission, String roleId) { + return null; + } } diff --git a/blade-service-api/blade-scope-api/src/main/java/org/springblade/system/handler/ApiScopePermissionHandler.java b/blade-service-api/blade-scope-api/src/main/java/org/springblade/system/handler/ApiScopePermissionHandler.java new file mode 100644 index 00000000..7a3bcfc1 --- /dev/null +++ b/blade-service-api/blade-scope-api/src/main/java/org/springblade/system/handler/ApiScopePermissionHandler.java @@ -0,0 +1,63 @@ +/* + * Copyright (c) 2018-2028, Chill Zhuang All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * Neither the name of the dreamlu.net developer nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * Author: Chill 庄骞 (smallchill@163.com) + */ +package org.springblade.system.handler; + +import org.springblade.core.secure.BladeUser; +import org.springblade.core.secure.handler.IPermissionHandler; +import org.springblade.core.secure.utils.SecureUtil; +import org.springblade.core.tool.utils.WebUtil; + +import javax.servlet.http.HttpServletRequest; +import java.util.List; + +import static org.springblade.system.cache.ApiScopeCache.permissionCode; +import static org.springblade.system.cache.ApiScopeCache.permissionPath; + +/** + * 接口权限校验类 + * + * @author Chill + */ +public class ApiScopePermissionHandler implements IPermissionHandler { + + @Override + public boolean permissionAll() { + HttpServletRequest request = WebUtil.getRequest(); + BladeUser user = SecureUtil.getUser(); + if (request == null || user == null) { + return false; + } + String uri = request.getRequestURI(); + List paths = permissionPath(user.getRoleId()); + if (paths == null || paths.size() == 0) { + return false; + } + return paths.stream().anyMatch(uri::contains); + } + + @Override + public boolean hasPermission(String permission) { + HttpServletRequest request = WebUtil.getRequest(); + BladeUser user = SecureUtil.getUser(); + if (request == null || user == null) { + return false; + } + List codes = permissionCode(permission, user.getRoleId()); + return codes != null && codes.size() != 0; + } + +} diff --git a/blade-service-api/blade-scope-api/src/main/java/org/springblade/system/rule/DataScopeModelRule.java b/blade-service-api/blade-scope-api/src/main/java/org/springblade/system/handler/DataScopeModelHandler.java similarity index 91% rename from blade-service-api/blade-scope-api/src/main/java/org/springblade/system/rule/DataScopeModelRule.java rename to blade-service-api/blade-scope-api/src/main/java/org/springblade/system/handler/DataScopeModelHandler.java index 8c219cbf..c7f7ce1d 100644 --- a/blade-service-api/blade-scope-api/src/main/java/org/springblade/system/rule/DataScopeModelRule.java +++ b/blade-service-api/blade-scope-api/src/main/java/org/springblade/system/handler/DataScopeModelHandler.java @@ -14,10 +14,10 @@ * this software without specific prior written permission. * Author: Chill 庄骞 (smallchill@163.com) */ -package org.springblade.system.rule; +package org.springblade.system.handler; +import org.springblade.core.datascope.handler.ScopeModelHandler; import org.springblade.core.datascope.model.DataScopeModel; -import org.springblade.core.datascope.rule.ScopeModelRule; import org.springblade.system.cache.DataScopeCache; import java.util.List; @@ -27,7 +27,7 @@ import java.util.List; * * @author Chill */ -public class DataScopeModelRule implements ScopeModelRule { +public class DataScopeModelHandler implements ScopeModelHandler { /** * 获取数据权限 diff --git a/blade-service/blade-system/src/main/java/org/springblade/system/feign/ApiScopeClient.java b/blade-service/blade-system/src/main/java/org/springblade/system/feign/ApiScopeClient.java new file mode 100644 index 00000000..8f25819e --- /dev/null +++ b/blade-service/blade-system/src/main/java/org/springblade/system/feign/ApiScopeClient.java @@ -0,0 +1,61 @@ +/* + * Copyright (c) 2018-2028, Chill Zhuang All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * Neither the name of the dreamlu.net developer nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * Author: Chill 庄骞 (smallchill@163.com) + */ +package org.springblade.system.feign; + +import lombok.RequiredArgsConstructor; +import org.springblade.core.tool.utils.Func; +import org.springframework.jdbc.core.JdbcTemplate; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RestController; +import springfox.documentation.annotations.ApiIgnore; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +import static org.springblade.core.secure.constant.PermissionConstant.permissionAllStatement; +import static org.springblade.core.secure.constant.PermissionConstant.permissionStatement; + +/** + * 接口权限Feign实现类 + * + * @author Chill + */ +@ApiIgnore +@RestController +@RequiredArgsConstructor +public class ApiScopeClient implements IApiScopeClient { + + private final JdbcTemplate jdbcTemplate; + + @Override + @GetMapping(PERMISSION_PATH) + public List permissionPath(String roleId) { + List roleIds = Func.toLongList(roleId); + return jdbcTemplate.queryForList(permissionAllStatement(roleIds.size()), roleIds.toArray(), String.class); + } + + @Override + @GetMapping(PERMISSION_CODE) + public List permissionCode(String permission, String roleId) { + List args = new ArrayList<>(Collections.singletonList(permission)); + List roleIds = Func.toLongList(roleId); + args.addAll(roleIds); + return jdbcTemplate.queryForList(permissionStatement(roleIds.size()), args.toArray(), String.class); + } + +}