manager/orion-visor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: 修改权限配置.

Browse Source
This commit is contained in:
lijiahang
2023-11-22 16:11:17 +08:00
parent 5c21dd1144
commit 675c88a625
6 changed files with 79 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/java/com/orion/ops/framework/security/core/service/SecurityFrameworkService.java
View File

@@ -39,6 +39,14 @@ public interface SecurityFrameworkService {
*/
boolean hasRole(String role);
/**
* 检查是否有角色
*
* @param roles 角色
* @return has
*/
boolean hasAnyRole(String... roles);
/**
* 通过 token 获取用户信息
*

5
orion-ops-framework/orion-ops-spring-boot-starter-security/src/main/java/com/orion/ops/framework/security/core/service/SecurityFrameworkServiceDelegate.java
View File

@@ -32,6 +32,11 @@ public class SecurityFrameworkServiceDelegate implements SecurityFrameworkServic
return delegate.hasRole(role);
}
@Override
public boolean hasAnyRole(String... roles) {
return delegate.hasAnyRole(roles);
}
@Override
public LoginUser getUserByToken(String token) {
return delegate.getUserByToken(token);

3
orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/entity/vo/UserPermissionVO.java
View File

@@ -6,6 +6,7 @@ import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
import java.util.Collection;
import java.util.List;
/**
@@ -26,7 +27,7 @@ public class UserPermissionVO {
private UserCollectInfoVO user;
@Schema(description = "该用户已启用的角色")
private List<String> roles;
private Collection<String> roles;
@Schema(description = "该用户已启用的权限")
private List<String> permissions;

6
orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/framework/service/impl/SecurityFrameworkServiceImpl.java
View File

@@ -47,6 +47,12 @@ public class SecurityFrameworkServiceImpl implements SecurityFrameworkService {
return permissionService.hasRole(role);
}
@Override
public boolean hasAnyRole(String... roles) {
// 检查是否有角色
return permissionService.hasAnyRole(roles);
}
@Override
public LoginUser getUserByToken(String token) {
// 获取 token 信息

8
orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/service/PermissionService.java
View File

@@ -51,6 +51,14 @@ public interface PermissionService {
*/
boolean hasRole(String role);
/**
* 检查当前用户是否含有任意角色 (有效性判断)
*
* @param roles roles
* @return 是否包含
*/
boolean hasAnyRole(String... roles);
/**
* 检查当前用户是否含有此权限 (有效性判断)
*

83
orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/service/impl/PermissionServiceImpl.java
View File

@@ -2,6 +2,7 @@ package com.orion.ops.module.infra.service.impl;
import com.orion.lang.utils.Arrays1;
import com.orion.lang.utils.collect.Lists;
import com.orion.lang.utils.collect.Maps;
import com.orion.ops.framework.common.constant.Const;
import com.orion.ops.framework.common.security.LoginUser;
import com.orion.ops.framework.common.security.UserRole;
@@ -117,27 +118,44 @@ public class PermissionServiceImpl implements PermissionService {
@Override
public boolean hasRole(String role) {
// 获取用户角色
List<String> roles = this.getUserEnabledRoleCode();
Map<Long, String> roles = this.getUserEnabledRoles();
if (roles.isEmpty()) {
return false;
}
// 检查是否为超级管理员或包含此角色
return RoleDefine.containsAdmin(roles) || roles.contains(role);
return RoleDefine.containsAdmin(roles.values()) || roles.containsValue(role);
}
@Override
public boolean hasAnyRole(String... roles) {
if (Arrays1.isEmpty(roles)) {
return true;
}
// 获取用户角色
Map<Long, String> enableRoles = this.getUserEnabledRoles();
if (enableRoles.isEmpty()) {
return false;
}
// 检查是否为超级管理员 || 有此角色
return RoleDefine.containsAdmin(enableRoles.values())
|| Arrays.stream(roles).anyMatch(enableRoles::containsValue);
}
@Override
public boolean hasPermission(String permission) {
// 获取用户角色
List<String> roles = this.getUserEnabledRoleCode();
Map<Long, String> roles = this.getUserEnabledRoles();
if (roles.isEmpty()) {
return false;
}
// 检查是否为超级管理员
if (RoleDefine.containsAdmin(roles)) {
if (RoleDefine.containsAdmin(roles.values())) {
return true;
}
// 检查普通角色是否有此权限
return roles.stream().anyMatch(s -> this.checkRoleHasPermission(s, permission));
return roles.keySet()
.stream()
.anyMatch(s -> this.checkRoleHasPermission(s, permission));
}
@Override
@@ -146,38 +164,37 @@ public class PermissionServiceImpl implements PermissionService {
return true;
}
// 获取用户角色
List<String> roles = this.getUserEnabledRoleCode();
Map<Long, String> roles = this.getUserEnabledRoles();
if (roles.isEmpty()) {
return false;
}
// 检查是否为超级管理员
if (RoleDefine.containsAdmin(roles)) {
if (RoleDefine.containsAdmin(roles.values())) {
return true;
}
for (String permission : permissions) {
final boolean has = roles.stream().anyMatch(s -> this.checkRoleHasPermission(s, permission));
if (has) {
return true;
}
}
return false;
// 检查用户角色是否包含权限
return Arrays.stream(permissions)
.anyMatch(perm -> roles.keySet()
.stream()
.anyMatch(s -> this.checkRoleHasPermission(s, perm)));
}
@Override
public List<SystemMenuVO> getUserMenuList() {
// 获取用户角色
List<String> roles = this.getUserEnabledRoleCode();
Map<Long, String> roles = this.getUserEnabledRoles();
if (roles.isEmpty()) {
return Lists.empty();
}
// 查询角色菜单
Stream<SystemMenuCacheDTO> mergeStream;
if (RoleDefine.containsAdmin(roles)) {
if (RoleDefine.containsAdmin(roles.values())) {
// 管理员拥有全部菜单
mergeStream = menuCache.stream();
} else {
// 当前用户所适配的角色菜单
mergeStream = roles.stream()
mergeStream = roles.keySet()
.stream()
.map(roleMenuCache::get)
.filter(Objects::nonNull)
.flatMap(Collection::stream)
@@ -202,18 +219,19 @@ public class PermissionServiceImpl implements PermissionService {
// 获取用户系统偏好
Future<Map<String, Object>> systemPreference = preferenceService.getPreferenceAsync(id, PreferenceTypeEnum.SYSTEM);
// 获取用户角色
List<String> roles = this.getUserEnabledRoleCode();
Map<Long, String> roles = this.getUserEnabledRoles();
// 获取用户权限
List<String> permissions;
if (roles.isEmpty()) {
permissions = Lists.empty();
} else {
if (RoleDefine.containsAdmin(roles)) {
if (RoleDefine.containsAdmin(roles.values())) {
// 管理员拥有全部权限
permissions = Lists.of(Const.ASTERISK);
} else {
// 当前用户所适配的角色的权限
permissions = roles.stream()
permissions = roles.keySet()
.stream()
.map(roleMenuCache::get)
.filter(Objects::nonNull)
.flatMap(Collection::stream)
@@ -231,7 +249,7 @@ public class PermissionServiceImpl implements PermissionService {
// 组装数据
return UserPermissionVO.builder()
.user(user)
.roles(roles)
.roles(roles.values())
.permissions(permissions)
.build();
}
@@ -239,13 +257,13 @@ public class PermissionServiceImpl implements PermissionService {
/**
* 检查角色是否有权限
*
* @param role role
* @param roleId roleId
* @param permission permission
* @return 是否有权限
*/
private boolean checkRoleHasPermission(String role, String permission) {
private boolean checkRoleHasPermission(Long roleId, String permission) {
// 获取角色权限列表
List<SystemMenuCacheDTO> menus = roleMenuCache.get(role);
List<SystemMenuCacheDTO> menus = roleMenuCache.get(roleId);
if (Lists.isEmpty(menus)) {
return false;
}
@@ -262,27 +280,26 @@ public class PermissionServiceImpl implements PermissionService {
*
* @return roles
*/
private List<String> getUserEnabledRoleCode() {
private Map<Long, String> getUserEnabledRoles() {
// 获取当前用户角色
List<UserRole> userRoles = Optional.ofNullable(SecurityUtils.getLoginUser())
.map(LoginUser::getRoles)
.orElse(null);
.orElse(Lists.empty());
if (Lists.isEmpty(userRoles)) {
return Lists.empty();
return Maps.empty();
}
// 获取角色编码
List<String> roleCodes = userRoles.stream()
Map<Long, String> roles = userRoles.stream()
.map(UserRole::getId)
.map(roleCache::get)
.filter(Objects::nonNull)
// 过滤未启用的角色
.filter(r -> RoleStatusEnum.ENABLED.getStatus().equals(r.getStatus()))
.map(SystemRoleDO::getCode)
.collect(Collectors.toList());
if (Lists.isEmpty(roleCodes)) {
return Lists.empty();
.collect(Collectors.toMap(SystemRoleDO::getId, SystemRoleDO::getCode));
if (Maps.isEmpty(roles)) {
return Maps.empty();
}
return roleCodes;
return roles;
}
}