refactor: 修改权限配置.
This commit is contained in:
lijiahang
@@ -39,6 +39,14 @@ public interface SecurityFrameworkService {
|
|||||||
*/
|
*/
|
||||||
boolean hasRole(String role);
|
boolean hasRole(String role);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 检查是否有角色
|
||||||
|
*
|
||||||
|
* @param roles 角色
|
||||||
|
* @return has
|
||||||
|
*/
|
||||||
|
boolean hasAnyRole(String... roles);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 通过 token 获取用户信息
|
* 通过 token 获取用户信息
|
||||||
*
|
*
|
||||||
|
|||||||
@@ -32,6 +32,11 @@ public class SecurityFrameworkServiceDelegate implements SecurityFrameworkServic
|
|||||||
return delegate.hasRole(role);
|
return delegate.hasRole(role);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean hasAnyRole(String... roles) {
|
||||||
|
return delegate.hasAnyRole(roles);
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public LoginUser getUserByToken(String token) {
|
public LoginUser getUserByToken(String token) {
|
||||||
return delegate.getUserByToken(token);
|
return delegate.getUserByToken(token);
|
||||||
|
|||||||
@@ -6,6 +6,7 @@ import lombok.Builder;
|
|||||||
import lombok.Data;
|
import lombok.Data;
|
||||||
import lombok.NoArgsConstructor;
|
import lombok.NoArgsConstructor;
|
||||||
|
|
||||||
|
import java.util.Collection;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -26,7 +27,7 @@ public class UserPermissionVO {
|
|||||||
private UserCollectInfoVO user;
|
private UserCollectInfoVO user;
|
||||||
|
|
||||||
@Schema(description = "该用户已启用的角色")
|
@Schema(description = "该用户已启用的角色")
|
||||||
private List<String> roles;
|
private Collection<String> roles;
|
||||||
|
|
||||||
@Schema(description = "该用户已启用的权限")
|
@Schema(description = "该用户已启用的权限")
|
||||||
private List<String> permissions;
|
private List<String> permissions;
|
||||||
|
|||||||
@@ -47,6 +47,12 @@ public class SecurityFrameworkServiceImpl implements SecurityFrameworkService {
|
|||||||
return permissionService.hasRole(role);
|
return permissionService.hasRole(role);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean hasAnyRole(String... roles) {
|
||||||
|
// 检查是否有角色
|
||||||
|
return permissionService.hasAnyRole(roles);
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public LoginUser getUserByToken(String token) {
|
public LoginUser getUserByToken(String token) {
|
||||||
// 获取 token 信息
|
// 获取 token 信息
|
||||||
|
|||||||
@@ -51,6 +51,14 @@ public interface PermissionService {
|
|||||||
*/
|
*/
|
||||||
boolean hasRole(String role);
|
boolean hasRole(String role);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 检查当前用户是否含有任意角色 (有效性判断)
|
||||||
|
*
|
||||||
|
* @param roles roles
|
||||||
|
* @return 是否包含
|
||||||
|
*/
|
||||||
|
boolean hasAnyRole(String... roles);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 检查当前用户是否含有此权限 (有效性判断)
|
* 检查当前用户是否含有此权限 (有效性判断)
|
||||||
*
|
*
|
||||||
|
|||||||
@@ -2,6 +2,7 @@ package com.orion.ops.module.infra.service.impl;
|
|||||||
|
|
||||||
import com.orion.lang.utils.Arrays1;
|
import com.orion.lang.utils.Arrays1;
|
||||||
import com.orion.lang.utils.collect.Lists;
|
import com.orion.lang.utils.collect.Lists;
|
||||||
|
import com.orion.lang.utils.collect.Maps;
|
||||||
import com.orion.ops.framework.common.constant.Const;
|
import com.orion.ops.framework.common.constant.Const;
|
||||||
import com.orion.ops.framework.common.security.LoginUser;
|
import com.orion.ops.framework.common.security.LoginUser;
|
||||||
import com.orion.ops.framework.common.security.UserRole;
|
import com.orion.ops.framework.common.security.UserRole;
|
||||||
@@ -117,27 +118,44 @@ public class PermissionServiceImpl implements PermissionService {
|
|||||||
@Override
|
@Override
|
||||||
public boolean hasRole(String role) {
|
public boolean hasRole(String role) {
|
||||||
// 获取用户角色
|
// 获取用户角色
|
||||||
List<String> roles = this.getUserEnabledRoleCode();
|
Map<Long, String> roles = this.getUserEnabledRoles();
|
||||||
if (roles.isEmpty()) {
|
if (roles.isEmpty()) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
// 检查是否为超级管理员或包含此角色
|
// 检查是否为超级管理员或包含此角色
|
||||||
return RoleDefine.containsAdmin(roles) || roles.contains(role);
|
return RoleDefine.containsAdmin(roles.values()) || roles.containsValue(role);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean hasAnyRole(String... roles) {
|
||||||
|
if (Arrays1.isEmpty(roles)) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
// 获取用户角色
|
||||||
|
Map<Long, String> enableRoles = this.getUserEnabledRoles();
|
||||||
|
if (enableRoles.isEmpty()) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
// 检查是否为超级管理员 || 有此角色
|
||||||
|
return RoleDefine.containsAdmin(enableRoles.values())
|
||||||
|
|| Arrays.stream(roles).anyMatch(enableRoles::containsValue);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean hasPermission(String permission) {
|
public boolean hasPermission(String permission) {
|
||||||
// 获取用户角色
|
// 获取用户角色
|
||||||
List<String> roles = this.getUserEnabledRoleCode();
|
Map<Long, String> roles = this.getUserEnabledRoles();
|
||||||
if (roles.isEmpty()) {
|
if (roles.isEmpty()) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
// 检查是否为超级管理员
|
// 检查是否为超级管理员
|
||||||
if (RoleDefine.containsAdmin(roles)) {
|
if (RoleDefine.containsAdmin(roles.values())) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
// 检查普通角色是否有此权限
|
// 检查普通角色是否有此权限
|
||||||
return roles.stream().anyMatch(s -> this.checkRoleHasPermission(s, permission));
|
return roles.keySet()
|
||||||
|
.stream()
|
||||||
|
.anyMatch(s -> this.checkRoleHasPermission(s, permission));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@@ -146,38 +164,37 @@ public class PermissionServiceImpl implements PermissionService {
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
// 获取用户角色
|
// 获取用户角色
|
||||||
List<String> roles = this.getUserEnabledRoleCode();
|
Map<Long, String> roles = this.getUserEnabledRoles();
|
||||||
if (roles.isEmpty()) {
|
if (roles.isEmpty()) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
// 检查是否为超级管理员
|
// 检查是否为超级管理员
|
||||||
if (RoleDefine.containsAdmin(roles)) {
|
if (RoleDefine.containsAdmin(roles.values())) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
for (String permission : permissions) {
|
// 检查用户角色是否包含权限
|
||||||
final boolean has = roles.stream().anyMatch(s -> this.checkRoleHasPermission(s, permission));
|
return Arrays.stream(permissions)
|
||||||
if (has) {
|
.anyMatch(perm -> roles.keySet()
|
||||||
return true;
|
.stream()
|
||||||
}
|
.anyMatch(s -> this.checkRoleHasPermission(s, perm)));
|
||||||
}
|
|
||||||
return false;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<SystemMenuVO> getUserMenuList() {
|
public List<SystemMenuVO> getUserMenuList() {
|
||||||
// 获取用户角色
|
// 获取用户角色
|
||||||
List<String> roles = this.getUserEnabledRoleCode();
|
Map<Long, String> roles = this.getUserEnabledRoles();
|
||||||
if (roles.isEmpty()) {
|
if (roles.isEmpty()) {
|
||||||
return Lists.empty();
|
return Lists.empty();
|
||||||
}
|
}
|
||||||
// 查询角色菜单
|
// 查询角色菜单
|
||||||
Stream<SystemMenuCacheDTO> mergeStream;
|
Stream<SystemMenuCacheDTO> mergeStream;
|
||||||
if (RoleDefine.containsAdmin(roles)) {
|
if (RoleDefine.containsAdmin(roles.values())) {
|
||||||
// 管理员拥有全部菜单
|
// 管理员拥有全部菜单
|
||||||
mergeStream = menuCache.stream();
|
mergeStream = menuCache.stream();
|
||||||
} else {
|
} else {
|
||||||
// 当前用户所适配的角色菜单
|
// 当前用户所适配的角色菜单
|
||||||
mergeStream = roles.stream()
|
mergeStream = roles.keySet()
|
||||||
|
.stream()
|
||||||
.map(roleMenuCache::get)
|
.map(roleMenuCache::get)
|
||||||
.filter(Objects::nonNull)
|
.filter(Objects::nonNull)
|
||||||
.flatMap(Collection::stream)
|
.flatMap(Collection::stream)
|
||||||
@@ -202,18 +219,19 @@ public class PermissionServiceImpl implements PermissionService {
|
|||||||
// 获取用户系统偏好
|
// 获取用户系统偏好
|
||||||
Future<Map<String, Object>> systemPreference = preferenceService.getPreferenceAsync(id, PreferenceTypeEnum.SYSTEM);
|
Future<Map<String, Object>> systemPreference = preferenceService.getPreferenceAsync(id, PreferenceTypeEnum.SYSTEM);
|
||||||
// 获取用户角色
|
// 获取用户角色
|
||||||
List<String> roles = this.getUserEnabledRoleCode();
|
Map<Long, String> roles = this.getUserEnabledRoles();
|
||||||
// 获取用户权限
|
// 获取用户权限
|
||||||
List<String> permissions;
|
List<String> permissions;
|
||||||
if (roles.isEmpty()) {
|
if (roles.isEmpty()) {
|
||||||
permissions = Lists.empty();
|
permissions = Lists.empty();
|
||||||
} else {
|
} else {
|
||||||
if (RoleDefine.containsAdmin(roles)) {
|
if (RoleDefine.containsAdmin(roles.values())) {
|
||||||
// 管理员拥有全部权限
|
// 管理员拥有全部权限
|
||||||
permissions = Lists.of(Const.ASTERISK);
|
permissions = Lists.of(Const.ASTERISK);
|
||||||
} else {
|
} else {
|
||||||
// 当前用户所适配的角色的权限
|
// 当前用户所适配的角色的权限
|
||||||
permissions = roles.stream()
|
permissions = roles.keySet()
|
||||||
|
.stream()
|
||||||
.map(roleMenuCache::get)
|
.map(roleMenuCache::get)
|
||||||
.filter(Objects::nonNull)
|
.filter(Objects::nonNull)
|
||||||
.flatMap(Collection::stream)
|
.flatMap(Collection::stream)
|
||||||
@@ -231,7 +249,7 @@ public class PermissionServiceImpl implements PermissionService {
|
|||||||
// 组装数据
|
// 组装数据
|
||||||
return UserPermissionVO.builder()
|
return UserPermissionVO.builder()
|
||||||
.user(user)
|
.user(user)
|
||||||
.roles(roles)
|
.roles(roles.values())
|
||||||
.permissions(permissions)
|
.permissions(permissions)
|
||||||
.build();
|
.build();
|
||||||
}
|
}
|
||||||
@@ -239,13 +257,13 @@ public class PermissionServiceImpl implements PermissionService {
|
|||||||
/**
|
/**
|
||||||
* 检查角色是否有权限
|
* 检查角色是否有权限
|
||||||
*
|
*
|
||||||
* @param role role
|
* @param roleId roleId
|
||||||
* @param permission permission
|
* @param permission permission
|
||||||
* @return 是否有权限
|
* @return 是否有权限
|
||||||
*/
|
*/
|
||||||
private boolean checkRoleHasPermission(String role, String permission) {
|
private boolean checkRoleHasPermission(Long roleId, String permission) {
|
||||||
// 获取角色权限列表
|
// 获取角色权限列表
|
||||||
List<SystemMenuCacheDTO> menus = roleMenuCache.get(role);
|
List<SystemMenuCacheDTO> menus = roleMenuCache.get(roleId);
|
||||||
if (Lists.isEmpty(menus)) {
|
if (Lists.isEmpty(menus)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
@@ -262,27 +280,26 @@ public class PermissionServiceImpl implements PermissionService {
|
|||||||
*
|
*
|
||||||
* @return roles
|
* @return roles
|
||||||
*/
|
*/
|
||||||
private List<String> getUserEnabledRoleCode() {
|
private Map<Long, String> getUserEnabledRoles() {
|
||||||
// 获取当前用户角色
|
// 获取当前用户角色
|
||||||
List<UserRole> userRoles = Optional.ofNullable(SecurityUtils.getLoginUser())
|
List<UserRole> userRoles = Optional.ofNullable(SecurityUtils.getLoginUser())
|
||||||
.map(LoginUser::getRoles)
|
.map(LoginUser::getRoles)
|
||||||
.orElse(null);
|
.orElse(Lists.empty());
|
||||||
if (Lists.isEmpty(userRoles)) {
|
if (Lists.isEmpty(userRoles)) {
|
||||||
return Lists.empty();
|
return Maps.empty();
|
||||||
}
|
}
|
||||||
// 获取角色编码
|
// 获取角色编码
|
||||||
List<String> roleCodes = userRoles.stream()
|
Map<Long, String> roles = userRoles.stream()
|
||||||
.map(UserRole::getId)
|
.map(UserRole::getId)
|
||||||
.map(roleCache::get)
|
.map(roleCache::get)
|
||||||
.filter(Objects::nonNull)
|
.filter(Objects::nonNull)
|
||||||
// 过滤未启用的角色
|
// 过滤未启用的角色
|
||||||
.filter(r -> RoleStatusEnum.ENABLED.getStatus().equals(r.getStatus()))
|
.filter(r -> RoleStatusEnum.ENABLED.getStatus().equals(r.getStatus()))
|
||||||
.map(SystemRoleDO::getCode)
|
.collect(Collectors.toMap(SystemRoleDO::getId, SystemRoleDO::getCode));
|
||||||
.collect(Collectors.toList());
|
if (Maps.isEmpty(roles)) {
|
||||||
if (Lists.isEmpty(roleCodes)) {
|
return Maps.empty();
|
||||||
return Lists.empty();
|
|
||||||
}
|
}
|
||||||
return roleCodes;
|
return roles;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user