权限修改3.0

Fixiaobai

2023-08-28 b661f37beac05fefc728215fbbd36aabf974516a

权限修改3.0

 sys/src/main/java/com/yuanchu/limslaboratory/aop/AuthRequestAspect.java

@@ -37,6 +37,8 @@
    public void pointCut() {
    }

    private final static String ADMIN = "c3284d0f94606de1fd2af172aba15bf3";

    @Resource
    private UserService userService;

@@ -47,57 +49,59 @@
    @SneakyThrows
    @Before("pointCut()")
    public void before(JoinPoint joinPoint) {
        Class<?> clazz = joinPoint.getTarget().getClass();
        String clazzName = joinPoint.getTarget().getClass().getName();
        // 获取访问的方法名
        String methodName = joinPoint.getSignature().getName();
        // 获取方法所有参数及其类型
        Class[] argClz = ((MethodSignature) joinPoint.getSignature()).getParameterTypes();
        // 获取访问的方法对象
        Method method = clazz.getDeclaredMethod(methodName, argClz);
        //获取类上请求地址
        RequestMapping annotation = clazz.getAnnotation(RequestMapping.class);
        StringBuilder builder = new StringBuilder();
        String apiInfo=null;
        builder.append(annotation.value()[0]);
        //获取方法上注解
        if (method.isAnnotationPresent(PostMapping.class)) {
            PostMapping post = method.getAnnotation(PostMapping.class);
            builder.append(post.value()[0]);
        }
        if (method.isAnnotationPresent(GetMapping.class)) {
            GetMapping get = method.getAnnotation(GetMapping.class);
            builder.append(get.value()[0]);
        }
        if (method.isAnnotationPresent(DeleteMapping.class)) {
            DeleteMapping delete = method.getAnnotation(DeleteMapping.class);
            builder.append(delete.value()[0]);
        }
        if (method.isAnnotationPresent(PutMapping.class)) {
            PutMapping put = method.getAnnotation(PutMapping.class);
            builder.append(put.value()[0]);
        }
        if (method.isAnnotationPresent(ApiOperation.class)) {
            ApiOperation api = method.getAnnotation(ApiOperation.class);
            apiInfo=api.value();
        }
        HttpServletRequest request = ServletUtils.getRequest();
        Map<String, Object> userInfo = userService.getUserInfo(request.getHeader("X-Token"));
        if(Objects.nonNull(userInfo)){
        String roleId = String.valueOf(userInfo.get("roleId"));
        Map<String, Object> urlType = roleService.getUrlType(builder.toString());
        log.info("拦截请求----------------》"+builder);
        boolean b = roleService.hasUrl(String.valueOf(urlType.get("type")), String.valueOf(urlType.get("menuId")), roleId);
        if(!b){
            log.warn("用户/id："+userInfo.get("name")+"/"+userInfo.get("id")+"---------权限不足，已拦截！");
            //throw new AuthException("400","无权限");
        }
        }else {
            throw new AuthException("401","登陆过期");
        if (Objects.nonNull(userInfo)) {
            if (Objects.equals(userInfo.get("sessionLayerId"), ADMIN)) {
                log.info("超级管理员，无需拦截！");
                return;
            }
            Class<?> clazz = joinPoint.getTarget().getClass();
            String clazzName = joinPoint.getTarget().getClass().getName();
            // 获取访问的方法名
            String methodName = joinPoint.getSignature().getName();
            // 获取方法所有参数及其类型
            Class[] argClz = ((MethodSignature) joinPoint.getSignature()).getParameterTypes();
            // 获取访问的方法对象
            Method method = clazz.getDeclaredMethod(methodName, argClz);
            //获取类上请求地址
            RequestMapping annotation = clazz.getAnnotation(RequestMapping.class);
            StringBuilder builder = new StringBuilder();
            String apiInfo = null;
            builder.append(annotation.value()[0]);
            //获取方法上注解
            if (method.isAnnotationPresent(PostMapping.class)) {
                PostMapping post = method.getAnnotation(PostMapping.class);
                builder.append(post.value()[0]);
            }
            if (method.isAnnotationPresent(GetMapping.class)) {
                GetMapping get = method.getAnnotation(GetMapping.class);
                builder.append(get.value()[0]);
            }
            if (method.isAnnotationPresent(DeleteMapping.class)) {
                DeleteMapping delete = method.getAnnotation(DeleteMapping.class);
                builder.append(delete.value()[0]);
            }
            if (method.isAnnotationPresent(PutMapping.class)) {
                PutMapping put = method.getAnnotation(PutMapping.class);
                builder.append(put.value()[0]);
            }
            if (method.isAnnotationPresent(ApiOperation.class)) {
                ApiOperation api = method.getAnnotation(ApiOperation.class);
                apiInfo = api.value();
            }
            String roleId = String.valueOf(userInfo.get("roleId"));
            Map<String, Object> urlType = roleService.getUrlType(builder.toString());
            log.info("拦截请求----------------》" + builder);
            boolean b = roleService.hasUrl(String.valueOf(urlType.get("type")), String.valueOf(urlType.get("menuId")), roleId);
            if (!b) {
                log.warn("用户/id：" + userInfo.get("name") + "/" + userInfo.get("id") + "---------权限不足，已拦截！");
                //throw new AuthException("400","无权限");
            }
        } else {
            throw new AuthException("401", "登陆过期");
        }
    }




}

 sys/src/test/java/com/yuanchu/limslaboratory/SysApplicationTests.java

@@ -1,5 +1,6 @@
package com.yuanchu.limslaboratory;

import cn.hutool.crypto.SecureUtil;
import com.yuanchu.limslaboratory.mapper.OrganizationalMapper;
import com.yuanchu.limslaboratory.service.PlanService;
import com.yuanchu.limslaboratory.service.UserService;
@@ -40,6 +41,11 @@
    }

    @Test
    void TT2(){
        System.out.println(SecureUtil.md5(SecureUtil.md5("account")));
    }

    @Test
    void uploading() {
        // 替换为doc或docx文件的路径
        String filePath = "D:\\20892\\desktop\\QR-14-01-02+++内部审核年度计划.doc";

 user-server/src/main/java/com/yuanchu/limslaboratory/clients/UserLoginUtils.java

@@ -1,5 +1,6 @@
package com.yuanchu.limslaboratory.clients;

import cn.hutool.crypto.SecureUtil;
import com.yuanchu.limslaboratory.mapper.RoleManageMapper;
import com.yuanchu.limslaboratory.mapper.UserMapper;
import com.yuanchu.limslaboratory.pojo.Menu;
@@ -51,6 +52,7 @@
                mapRedis.put("name", user.getName());
                mapRedis.put("enterpriseId", user.getEnterpriseId());
                mapRedis.put("data", data);
                mapRedis.put("sessionLayerId", SecureUtil.md5(SecureUtil.md5(user.getAccount())));
                mapRedis.put("roleId",user.getRoleId());
                //存入redis,二个小时后删除
                RedisUtil.set(token, mapRedis, 120);

 user-server/src/main/java/com/yuanchu/limslaboratory/service/impl/UserServiceImpl.java

@@ -58,9 +58,11 @@
            }
            Map<String, Object> data = new HashMap<>();
            data.put("name",loginUser.get("name"));
            data.put("account", loginUser.get("account"));
            data.put("id",loginUser.get("id"));
            data.put("roleId",loginUser.get("roleId"));
            data.put("remind", remind);
            data.put("sessionLayerId",loginUser.get("sessionLayerId"));
            RoleAndMenuDto role = getRoleInfo(Long.valueOf(String.valueOf(loginUser.get("roleId"))));
            data.put("role",role);
            return data;
@@ -148,6 +150,9 @@


    public RoleAndMenuDto getRoleInfo(Long roleId) {
        if(roleId==0){
            return null;
        }
        RoleAndMenuDto roleAndMenuDto = roleManageMapper.selectAllRoleAndMenuByRoleId(roleId);
        List<RoleMenu> collect = roleAndMenuDto.getRoleMenuList()
                .stream()

 user-server/src/main/resources/mapper/UserMapper.xml

@@ -33,6 +33,7 @@
        <if test="status != null">
            AND u.`job_state` in (#{status})
        </if>
        and type=1
        ORDER BY u.`create_time` DESC
    </select>