⚡ 登录、新增用户增加租户权限判断

blade-auth/src/main/java/org/springblade/auth/service/BladeUserDetailsServiceImpl.java

@@ -23,9 +23,12 @@ import org.springblade.auth.constant.AuthConstant;
 import org.springblade.auth.enums.BladeUserEnum;
 import org.springblade.auth.utils.TokenUtil;
 import org.springblade.core.tool.api.R;
+import org.springblade.core.tool.utils.DateUtil;
 import org.springblade.core.tool.utils.Func;
 import org.springblade.core.tool.utils.StringUtil;
 import org.springblade.core.tool.utils.WebUtil;
+import org.springblade.system.entity.Tenant;
+import org.springblade.system.feign.ISysClient;
 import org.springblade.system.user.entity.User;
 import org.springblade.system.user.entity.UserInfo;
 import org.springblade.system.user.feign.IUserClient;
@@ -36,6 +39,7 @@ import org.springframework.security.oauth2.common.exceptions.UserDeniedAuthoriza
 import org.springframework.stereotype.Service;
 
 import javax.servlet.http.HttpServletRequest;
+import java.util.Date;
 
 /**
  * 用户信息
@@ -47,19 +51,31 @@ import javax.servlet.http.HttpServletRequest;
 public class BladeUserDetailsServiceImpl implements UserDetailsService {
 
 	private IUserClient userClient;
+	private ISysClient sysClient;
 
 	@Override
 	@SneakyThrows
 	public BladeUserDetails loadUserByUsername(String username) {
 		HttpServletRequest request = WebUtil.getRequest();
-		// 获取租户
+		// 获取租户ID
 		String headerTenant = request.getHeader(TokenUtil.TENANT_HEADER_KEY);
 		String paramTenant = request.getParameter(TokenUtil.TENANT_PARAM_KEY);
 		if (StringUtil.isAllBlank(headerTenant, paramTenant)) {
 			throw new UserDeniedAuthorizationException(TokenUtil.TENANT_NOT_FOUND);
 		}
-		// 租户ID
 		String tenantId = StringUtils.isBlank(headerTenant) ? paramTenant : headerTenant;
+
+		// 获取租户信息
+		R<Tenant> tenant = sysClient.getTenant(tenantId);
+		if (tenant.isSuccess()) {
+			Date expireTime = tenant.getData().getExpireTime();
+			if (expireTime != null && expireTime.before(DateUtil.now())) {
+				throw new UserDeniedAuthorizationException(TokenUtil.USER_HAS_NO_TENANT_PERMISSION);
+			}
+		} else {
+			throw new UserDeniedAuthorizationException(TokenUtil.USER_HAS_NO_TENANT);
+		}
+
 		// 获取用户类型
 		String userType = Func.toStr(request.getHeader(TokenUtil.USER_TYPE_HEADER_KEY), TokenUtil.DEFAULT_USER_TYPE);
 

blade-auth/src/main/java/org/springblade/auth/utils/TokenUtil.java

@@ -57,6 +57,8 @@ public class TokenUtil {
 	public final static String DEFAULT_USER_TYPE = "web";
 	public final static String USER_NOT_FOUND = "用户名或密码错误";
 	public final static String USER_HAS_NO_ROLE = "未获得用户的角色信息";
+	public final static String USER_HAS_NO_TENANT = "未获得用户的租户信息";
+	public final static String USER_HAS_NO_TENANT_PERMISSION = "租户授权已过期,请联系管理员";
 	public final static String HEADER_KEY = "Authorization";
 	public final static String HEADER_PREFIX = "Basic ";
 	public final static String DEFAULT_AVATAR = "";

blade-service-api/blade-system-api/src/main/java/org/springblade/system/cache/SysCache.java

@@ -49,6 +49,7 @@ public class SysCache {
 	private static final String ROLE_ALIAS_ID = "roleAlias:id:";
 	private static final String ROLE_ALIASES_ID = "roleAliases:id:";
 	private static final String TENANT_ID = "tenant:id:";
+	private static final String TENANT_TENANT_ID = "tenant:tenantId:";
 
 	private static ISysClient sysClient;
 
@@ -227,4 +228,17 @@ public class SysCache {
 		});
 	}
 
+	/**
+	 * 获取租户
+	 *
+	 * @param tenantId 租户id
+	 * @return Tenant
+	 */
+	public static Tenant getTenant(String tenantId) {
+		return CacheUtil.get(SYS_CACHE, TENANT_TENANT_ID, tenantId, () -> {
+			R<Tenant> result = getSysClient().getTenant(tenantId);
+			return result.getData();
+		});
+	}
+
 }

blade-service-api/blade-system-api/src/main/java/org/springblade/system/feign/ISysClient.java

@@ -48,6 +48,7 @@ public interface ISysClient {
 	String ROLE_ALIAS = API_PREFIX + "/role-alias";
 	String ROLE_ALIASES = API_PREFIX + "/role-aliases";
 	String TENANT = API_PREFIX + "/tenant";
+	String TENANT_ID = API_PREFIX + "/tenant-id";
 	String PARAM = API_PREFIX + "/param";
 	String PARAM_VALUE = API_PREFIX + "/param-value";
 
@@ -150,6 +151,15 @@ public interface ISysClient {
 	@GetMapping(TENANT)
 	R<Tenant> getTenant(@RequestParam("id") Long id);
 
+	/**
+	 * 获取租户
+	 *
+	 * @param tenantId 租户id
+	 * @return Tenant
+	 */
+	@GetMapping(TENANT_ID)
+	R<Tenant> getTenant(@RequestParam("tenantId") String tenantId);
+
 	/**
 	 * 获取参数
 	 *

blade-service-api/blade-system-api/src/main/java/org/springblade/system/feign/ISysClientFallback.java

@@ -85,6 +85,11 @@ public class ISysClientFallback implements ISysClient {
 		return R.fail("获取数据失败");
 	}
 
+	@Override
+	public R<Tenant> getTenant(String tenantId) {
+		return R.fail("获取数据失败");
+	}
+
 	@Override
 	public R<Param> getParam(Long id) {
 		return R.fail("获取数据失败");

blade-service/blade-system/src/main/java/org/springblade/system/controller/TenantController.java

@@ -33,6 +33,7 @@ import org.springblade.core.tool.constant.RoleConstant;
 import org.springblade.core.tool.utils.Func;
 import org.springblade.system.entity.Tenant;
 import org.springblade.system.service.ITenantService;
+import org.springframework.cache.annotation.CacheEvict;
 import org.springframework.web.bind.annotation.*;
 import springfox.documentation.annotations.ApiIgnore;
 
@@ -41,6 +42,8 @@ import java.util.Date;
 import java.util.List;
 import java.util.Map;
 
+import static org.springblade.core.cache.constant.CacheConstant.SYS_CACHE;
+
 /**
  * 控制器
  *
@@ -117,6 +120,7 @@ public class TenantController extends BladeController {
 	@ApiOperationSupport(order = 5)
 	@ApiOperation(value = "新增或修改", notes = "传入tenant")
 	@PreAuth(RoleConstant.HAS_ROLE_ADMINISTRATOR)
+	@CacheEvict(cacheNames = {SYS_CACHE}, allEntries = true)
 	public R submit(@Valid @RequestBody Tenant tenant) {
 		return R.status(tenantService.saveTenant(tenant));
 	}
@@ -129,6 +133,7 @@ public class TenantController extends BladeController {
 	@ApiOperationSupport(order = 6)
 	@ApiOperation(value = "逻辑删除", notes = "传入ids")
 	@PreAuth(RoleConstant.HAS_ROLE_ADMINISTRATOR)
+	@CacheEvict(cacheNames = {SYS_CACHE}, allEntries = true)
 	public R remove(@ApiParam(value = "主键集合", required = true) @RequestParam String ids) {
 		return R.status(tenantService.deleteLogic(Func.toLongList(ids)));
 	}
@@ -140,6 +145,7 @@ public class TenantController extends BladeController {
 	@ApiOperationSupport(order = 7)
 	@ApiOperation(value = "授权配置", notes = "传入ids,accountNumber,expireTime")
 	@PreAuth(RoleConstant.HAS_ROLE_ADMINISTRATOR)
+	@CacheEvict(cacheNames = {SYS_CACHE}, allEntries = true)
 	public R setting(@ApiParam(value = "主键集合", required = true) @RequestParam String ids, @ApiParam(value = "账号额度") Integer accountNumber, @ApiParam(value = "过期时间") Date expireTime) {
 		boolean temp = tenantService.update(
 			Wrappers.<Tenant>update().lambda()

blade-service/blade-system/src/main/java/org/springblade/system/feign/SysClient.java

@@ -112,6 +112,12 @@ public class SysClient implements ISysClient {
 		return R.data(tenantService.getById(id));
 	}
 
+	@Override
+	@GetMapping(TENANT_ID)
+	public R<Tenant> getTenant(String tenantId) {
+		return R.data(tenantService.getByTenantId(tenantId));
+	}
+
 	@Override
 	@GetMapping(PARAM)
 	public R<Param> getParam(Long id) {

blade-service/blade-system/src/main/java/org/springblade/system/service/ITenantService.java

@@ -36,6 +36,14 @@ public interface ITenantService extends BaseService<Tenant> {
 	 */
 	IPage<Tenant> selectTenantPage(IPage<Tenant> page, Tenant tenant);
 
+	/**
+	 * 根据租户编号获取实体
+	 *
+	 * @param tenantId
+	 * @return
+	 */
+	Tenant getByTenantId(String tenantId);
+
 	/**
 	 * 新增
 	 *

blade-service/blade-system/src/main/java/org/springblade/system/service/impl/TenantServiceImpl.java

@@ -54,6 +54,11 @@ public class TenantServiceImpl extends BaseServiceImpl<TenantMapper, Tenant> imp
 		return page.setRecords(baseMapper.selectTenantPage(page, tenant));
 	}
 
+	@Override
+	public Tenant getByTenantId(String tenantId) {
+		return getOne(Wrappers.<Tenant>query().lambda().eq(Tenant::getTenantId, tenantId));
+	}
+
 	@Override
 	@Transactional(rollbackFor = Exception.class)
 	public boolean saveTenant(Tenant tenant) {

blade-service/blade-user/src/main/java/org/springblade/system/user/service/impl/UserServiceImpl.java

@@ -30,6 +30,7 @@ import org.springblade.core.tool.utils.DateUtil;
 import org.springblade.core.tool.utils.DigestUtil;
 import org.springblade.core.tool.utils.Func;
 import org.springblade.system.cache.SysCache;
+import org.springblade.system.entity.Tenant;
 import org.springblade.system.user.entity.User;
 import org.springblade.system.user.entity.UserDept;
 import org.springblade.system.user.entity.UserInfo;
@@ -56,11 +57,18 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, User> implement
 	@Override
 	@Transactional(rollbackFor = Exception.class)
 	public boolean submit(User user) {
+		String tenantId = user.getTenantId();
+		Tenant tenant = SysCache.getTenant(tenantId);
+		Integer accountNumber = tenant.getAccountNumber();
+		Integer tenantCount = baseMapper.selectCount(Wrappers.<User>query().lambda().eq(User::getTenantId, Func.toStr(tenantId, BladeConstant.ADMIN_TENANT_ID)));
+		if (accountNumber != null && accountNumber > 0 && accountNumber < tenantCount) {
+			throw new ServiceException("当前租户已到最大账号额度");
+		}
 		if (Func.isNotEmpty(user.getPassword())) {
 			user.setPassword(DigestUtil.encrypt(user.getPassword()));
 		}
-		Integer cnt = baseMapper.selectCount(Wrappers.<User>query().lambda().eq(User::getTenantId, Func.toStr(user.getTenantId(), BladeConstant.ADMIN_TENANT_ID)).eq(User::getAccount, user.getAccount()));
-		if (cnt > 0 && Func.isEmpty(user.getId())) {
+		Integer userCount = baseMapper.selectCount(Wrappers.<User>query().lambda().eq(User::getTenantId, Func.toStr(tenantId, BladeConstant.ADMIN_TENANT_ID)).eq(User::getAccount, user.getAccount()));
+		if (userCount > 0 && Func.isEmpty(user.getId())) {
 			throw new ApiException("当前用户已存在!");
 		}
 		return save(user) && submitUserDept(user);