diff --git a/blade-auth/src/main/java/org/springblade/auth/service/BladeUserDetailsServiceImpl.java b/blade-auth/src/main/java/org/springblade/auth/service/BladeUserDetailsServiceImpl.java index b9c77658..797c9dd5 100644 --- a/blade-auth/src/main/java/org/springblade/auth/service/BladeUserDetailsServiceImpl.java +++ b/blade-auth/src/main/java/org/springblade/auth/service/BladeUserDetailsServiceImpl.java @@ -23,7 +23,6 @@ import org.springblade.auth.constant.AuthConstant; import org.springblade.auth.enums.BladeUserEnum; import org.springblade.auth.utils.TokenUtil; import org.springblade.core.tool.api.R; -import org.springblade.core.tool.utils.DateUtil; import org.springblade.core.tool.utils.Func; import org.springblade.core.tool.utils.StringUtil; import org.springblade.core.tool.utils.WebUtil; @@ -39,7 +38,6 @@ import org.springframework.security.oauth2.common.exceptions.UserDeniedAuthoriza import org.springframework.stereotype.Service; import javax.servlet.http.HttpServletRequest; -import java.util.Date; /** * 用户信息 @@ -68,8 +66,7 @@ public class BladeUserDetailsServiceImpl implements UserDetailsService { // 获取租户信息 R tenant = sysClient.getTenant(tenantId); if (tenant.isSuccess()) { - Date expireTime = tenant.getData().getExpireTime(); - if (expireTime != null && expireTime.before(DateUtil.now())) { + if (TokenUtil.judgeTenant(tenant.getData())) { throw new UserDeniedAuthorizationException(TokenUtil.USER_HAS_NO_TENANT_PERMISSION); } } else { diff --git a/blade-auth/src/main/java/org/springblade/auth/utils/TokenUtil.java b/blade-auth/src/main/java/org/springblade/auth/utils/TokenUtil.java index 5ab0cc08..10ef786f 100644 --- a/blade-auth/src/main/java/org/springblade/auth/utils/TokenUtil.java +++ b/blade-auth/src/main/java/org/springblade/auth/utils/TokenUtil.java @@ -18,14 +18,19 @@ package org.springblade.auth.utils; import lombok.SneakyThrows; import org.springblade.core.launch.constant.TokenConstant; +import org.springblade.core.secure.utils.AuthUtil; import org.springblade.core.tool.utils.Charsets; +import org.springblade.core.tool.utils.DateUtil; import org.springblade.core.tool.utils.StringPool; import org.springblade.core.tool.utils.WebUtil; +import org.springblade.system.entity.Tenant; import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException; +import org.springframework.security.oauth2.common.exceptions.UserDeniedAuthorizationException; import java.util.Base64; import java.util.Calendar; +import java.util.Date; /** * 认证工具类 @@ -125,4 +130,24 @@ public class TokenUtil { return 60 * 60 * 24 * 15; } + /** + * 判断租户权限 + * + * @param tenant 租户信息 + * @return boolean + */ + public static boolean judgeTenant(Tenant tenant) { + if (tenant == null) { + throw new UserDeniedAuthorizationException(TokenUtil.USER_HAS_NO_TENANT); + } + if (AuthUtil.isAdministrator()) { + return false; + } + Date expireTime = tenant.getExpireTime(); + if (expireTime != null && expireTime.before(DateUtil.now())) { + throw new UserDeniedAuthorizationException(TokenUtil.USER_HAS_NO_TENANT_PERMISSION); + } + return false; + } + }