From 9bcc1937654b94a43a5a54b7401222dc3c261dbc Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期三, 01 十一月 2023 16:08:42 +0800
Subject: [PATCH] 新增编程式判断资源访问权限
---
src/main/java/com/ruoyi/common/constant/Constants.java | 20 ++++++++++
src/main/java/com/ruoyi/common/utils/StringUtils.java | 24 ++++++++++++
src/main/java/com/ruoyi/framework/security/service/PermissionService.java | 19 ++-------
src/main/java/com/ruoyi/common/utils/SecurityUtils.java | 56 ++++++++++++++++++++++++++++
4 files changed, 105 insertions(+), 14 deletions(-)
diff --git a/src/main/java/com/ruoyi/common/constant/Constants.java b/src/main/java/com/ruoyi/common/constant/Constants.java
index fca7b7b..8ca9f5c 100644
--- a/src/main/java/com/ruoyi/common/constant/Constants.java
+++ b/src/main/java/com/ruoyi/common/constant/Constants.java
@@ -63,6 +63,26 @@
* 鐧诲綍澶辫触
*/
public static final String LOGIN_FAIL = "Error";
+
+ /**
+ * 鎵�鏈夋潈闄愭爣璇�
+ */
+ public static final String ALL_PERMISSION = "*:*:*";
+
+ /**
+ * 绠$悊鍛樿鑹叉潈闄愭爣璇�
+ */
+ public static final String SUPER_ADMIN = "admin";
+
+ /**
+ * 瑙掕壊鏉冮檺鍒嗛殧绗�
+ */
+ public static final String ROLE_DELIMETER = ",";
+
+ /**
+ * 鏉冮檺鏍囪瘑鍒嗛殧绗�
+ */
+ public static final String PERMISSION_DELIMETER = ",";
/**
* 楠岃瘉鐮佹湁鏁堟湡锛堝垎閽燂級
diff --git a/src/main/java/com/ruoyi/common/utils/SecurityUtils.java b/src/main/java/com/ruoyi/common/utils/SecurityUtils.java
index c4eb9b6..3caec60 100644
--- a/src/main/java/com/ruoyi/common/utils/SecurityUtils.java
+++ b/src/main/java/com/ruoyi/common/utils/SecurityUtils.java
@@ -1,11 +1,17 @@
package com.ruoyi.common.utils;
+import java.util.Collection;
+import java.util.List;
+import java.util.stream.Collectors;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.util.PatternMatchUtils;
+import com.ruoyi.common.constant.Constants;
import com.ruoyi.common.constant.HttpStatus;
import com.ruoyi.common.exception.ServiceException;
import com.ruoyi.framework.security.LoginUser;
+import com.ruoyi.project.system.domain.SysRole;
/**
* 瀹夊叏鏈嶅姟宸ュ叿绫�
@@ -118,4 +124,54 @@
{
return userId != null && 1L == userId;
}
+
+ /**
+ * 楠岃瘉鐢ㄦ埛鏄惁鍏峰鏌愭潈闄�
+ *
+ * @param permission 鏉冮檺瀛楃涓�
+ * @return 鐢ㄦ埛鏄惁鍏峰鏌愭潈闄�
+ */
+ public static boolean hasPermi(String permission)
+ {
+ return hasPermi(getLoginUser().getPermissions(), permission);
+ }
+
+ /**
+ * 鍒ゆ柇鏄惁鍖呭惈鏉冮檺
+ *
+ * @param authorities 鏉冮檺鍒楄〃
+ * @param permission 鏉冮檺瀛楃涓�
+ * @return 鐢ㄦ埛鏄惁鍏峰鏌愭潈闄�
+ */
+ public static boolean hasPermi(Collection<String> authorities, String permission)
+ {
+ return authorities.stream().filter(StringUtils::hasText)
+ .anyMatch(x -> Constants.ALL_PERMISSION.contains(x) || PatternMatchUtils.simpleMatch(x, permission));
+ }
+
+ /**
+ * 楠岃瘉鐢ㄦ埛鏄惁鎷ユ湁鏌愪釜瑙掕壊
+ *
+ * @param role 瑙掕壊鏍囪瘑
+ * @return 鐢ㄦ埛鏄惁鍏峰鏌愯鑹�
+ */
+ public static boolean hasRole(String role)
+ {
+ List<SysRole> roleList = getLoginUser().getUser().getRoles();
+ Collection<String> roles = roleList.stream().map(SysRole::getRoleKey).collect(Collectors.toSet());
+ return hasRole(roles, role);
+ }
+
+ /**
+ * 鍒ゆ柇鏄惁鍖呭惈瑙掕壊
+ *
+ * @param roles 瑙掕壊鍒楄〃
+ * @param role 瑙掕壊
+ * @return 鐢ㄦ埛鏄惁鍏峰鏌愯鑹叉潈闄�
+ */
+ public static boolean hasRole(Collection<String> roles, String role)
+ {
+ return roles.stream().filter(StringUtils::hasText)
+ .anyMatch(x -> Constants.SUPER_ADMIN.contains(x) || PatternMatchUtils.simpleMatch(x, role));
+ }
}
diff --git a/src/main/java/com/ruoyi/common/utils/StringUtils.java b/src/main/java/com/ruoyi/common/utils/StringUtils.java
index aa34b03..215d115 100644
--- a/src/main/java/com/ruoyi/common/utils/StringUtils.java
+++ b/src/main/java/com/ruoyi/common/utils/StringUtils.java
@@ -241,6 +241,30 @@
}
/**
+ * 鍒ゆ柇鏄惁涓虹┖锛屽苟涓斾笉鏄┖鐧藉瓧绗�
+ *
+ * @param str 瑕佸垽鏂殑value
+ * @return 缁撴灉
+ */
+ public static boolean hasText(String str)
+ {
+ return (str != null && !str.isEmpty() && containsText(str));
+ }
+
+ private static boolean containsText(CharSequence str)
+ {
+ int strLen = str.length();
+ for (int i = 0; i < strLen; i++)
+ {
+ if (!Character.isWhitespace(str.charAt(i)))
+ {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ /**
* 鏍煎紡鍖栨枃鏈�, {} 琛ㄧず鍗犱綅绗�<br>
* 姝ゆ柟娉曞彧鏄畝鍗曞皢鍗犱綅绗� {} 鎸夌収椤哄簭鏇挎崲涓哄弬鏁�<br>
* 濡傛灉鎯宠緭鍑� {} 浣跨敤 \\杞箟 { 鍗冲彲锛屽鏋滄兂杈撳嚭 {} 涔嬪墠鐨� \ 浣跨敤鍙岃浆涔夌 \\\\ 鍗冲彲<br>
diff --git a/src/main/java/com/ruoyi/framework/security/service/PermissionService.java b/src/main/java/com/ruoyi/framework/security/service/PermissionService.java
index 471eef4..0d9296c 100644
--- a/src/main/java/com/ruoyi/framework/security/service/PermissionService.java
+++ b/src/main/java/com/ruoyi/framework/security/service/PermissionService.java
@@ -3,6 +3,7 @@
import java.util.Set;
import org.springframework.stereotype.Service;
import org.springframework.util.CollectionUtils;
+import com.ruoyi.common.constant.Constants;
import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.framework.security.LoginUser;
@@ -17,16 +18,6 @@
@Service("ss")
public class PermissionService
{
- /** 鎵�鏈夋潈闄愭爣璇� */
- private static final String ALL_PERMISSION = "*:*:*";
-
- /** 绠$悊鍛樿鑹叉潈闄愭爣璇� */
- private static final String SUPER_ADMIN = "admin";
-
- private static final String ROLE_DELIMETER = ",";
-
- private static final String PERMISSION_DELIMETER = ",";
-
/**
* 楠岃瘉鐢ㄦ埛鏄惁鍏峰鏌愭潈闄�
*
@@ -78,7 +69,7 @@
}
PermissionContextHolder.setContext(permissions);
Set<String> authorities = loginUser.getPermissions();
- for (String permission : permissions.split(PERMISSION_DELIMETER))
+ for (String permission : permissions.split(Constants.PERMISSION_DELIMETER))
{
if (permission != null && hasPermissions(authorities, permission))
{
@@ -108,7 +99,7 @@
for (SysRole sysRole : loginUser.getUser().getRoles())
{
String roleKey = sysRole.getRoleKey();
- if (SUPER_ADMIN.equals(roleKey) || roleKey.equals(StringUtils.trim(role)))
+ if (Constants.SUPER_ADMIN.equals(roleKey) || roleKey.equals(StringUtils.trim(role)))
{
return true;
}
@@ -144,7 +135,7 @@
{
return false;
}
- for (String role : roles.split(ROLE_DELIMETER))
+ for (String role : roles.split(Constants.ROLE_DELIMETER))
{
if (hasRole(role))
{
@@ -163,6 +154,6 @@
*/
private boolean hasPermissions(Set<String> permissions, String permission)
{
- return permissions.contains(ALL_PERMISSION) || permissions.contains(StringUtils.trim(permission));
+ return permissions.contains(Constants.ALL_PERMISSION) || permissions.contains(StringUtils.trim(permission));
}
}
--
Gitblit v1.9.3