⚡ 超管不受租户过期影响

5 years ago · 1b170a825a
2 changed files with 26 additions and 4 deletions
--- a/blade-auth/src/main/java/org/springblade/auth/service/BladeUserDetailsServiceImpl.java
+++ b/blade-auth/src/main/java/org/springblade/auth/service/BladeUserDetailsServiceImpl.java
@ -23,7 +23,6 @@ import org.springblade.auth.constant.AuthConstant;
 import org.springblade.auth.enums.BladeUserEnum;
 import org.springblade.auth.utils.TokenUtil;
 import org.springblade.core.tool.api.R;
-import org.springblade.core.tool.utils.DateUtil;
 import org.springblade.core.tool.utils.Func;
 import org.springblade.core.tool.utils.StringUtil;
 import org.springblade.core.tool.utils.WebUtil;
@ -39,7 +38,6 @@ import org.springframework.security.oauth2.common.exceptions.UserDeniedAuthoriza
 import org.springframework.stereotype.Service;

 import javax.servlet.http.HttpServletRequest;
-import java.util.Date;

 /**
 * 用户信息
@ -68,8 +66,7 @@ public class BladeUserDetailsServiceImpl implements UserDetailsService {
 		// 获取租户信息
 		R<Tenant> tenant = sysClient.getTenant(tenantId);
 		if (tenant.isSuccess()) {
-			Date expireTime = tenant.getData().getExpireTime();
-			if (expireTime != null && expireTime.before(DateUtil.now())) {
+			if (TokenUtil.judgeTenant(tenant.getData())) {
 				throw new UserDeniedAuthorizationException(TokenUtil.USER_HAS_NO_TENANT_PERMISSION);
 			}
 		} else {
--- a/blade-auth/src/main/java/org/springblade/auth/utils/TokenUtil.java
+++ b/blade-auth/src/main/java/org/springblade/auth/utils/TokenUtil.java
@ -18,14 +18,19 @@ package org.springblade.auth.utils;

 import lombok.SneakyThrows;
 import org.springblade.core.launch.constant.TokenConstant;
+import org.springblade.core.secure.utils.AuthUtil;
 import org.springblade.core.tool.utils.Charsets;
+import org.springblade.core.tool.utils.DateUtil;
 import org.springblade.core.tool.utils.StringPool;
 import org.springblade.core.tool.utils.WebUtil;
+import org.springblade.system.entity.Tenant;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException;
+import org.springframework.security.oauth2.common.exceptions.UserDeniedAuthorizationException;

 import java.util.Base64;
 import java.util.Calendar;
+import java.util.Date;

 /**
 * 认证工具类
@ -125,4 +130,24 @@ public class TokenUtil {
 		return 60 * 60 * 24 * 15;
 	}

+	/**
+	 * 判断租户权限
+	 *
+	 * @param tenant 租户信息
+	 * @return boolean
+	 */
+	public static boolean judgeTenant(Tenant tenant) {
+		if (tenant == null) {
+			throw new UserDeniedAuthorizationException(TokenUtil.USER_HAS_NO_TENANT);
+		}
+		if (AuthUtil.isAdministrator()) {
+			return false;
+		}
+		Date expireTime = tenant.getExpireTime();
+		if (expireTime != null && expireTime.before(DateUtil.now())) {
+			throw new UserDeniedAuthorizationException(TokenUtil.USER_HAS_NO_TENANT_PERMISSION);
+		}
+		return false;
+	}
+
 }