From a108965c488f2aad5ae56f9c2e4225797fca9ca3 Mon Sep 17 00:00:00 2001 From: liulxb <1964023718@qq.com> Date: Tue, 23 Jul 2024 15:40:10 +0800 Subject: [PATCH] =?UTF-8?q?#=E5=A2=9E=E5=8A=A0=E4=B8=8A=E6=B8=B8=E5=85=BC?= =?UTF-8?q?=E5=AE=B9=E5=BA=94=E7=94=A8=E5=85=A8=E6=99=AF=E8=AE=BF=E9=97=AE?= =?UTF-8?q?=E6=9D=83=E9=99=90=E6=8E=A5=E5=8F=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 检查用户是否有权限访问上游兼容应用全景 --- .../query/ApplicationVersionQueryAdapter.java | 49 +++++++++++++++++++ .../common/account/UserPermission.java | 21 ++++++++ .../common/aop/PreUserPermissionAspect.java | 24 ++------- 3 files changed, 75 insertions(+), 19 deletions(-) diff --git a/src/main/java/com/easysoftware/adapter/query/ApplicationVersionQueryAdapter.java b/src/main/java/com/easysoftware/adapter/query/ApplicationVersionQueryAdapter.java index 7064977..f49f6ba 100644 --- a/src/main/java/com/easysoftware/adapter/query/ApplicationVersionQueryAdapter.java +++ b/src/main/java/com/easysoftware/adapter/query/ApplicationVersionQueryAdapter.java @@ -12,8 +12,14 @@ package com.easysoftware.adapter.query; import com.easysoftware.common.account.UerPermissionDef; +import com.easysoftware.common.account.UserPermission; import com.easysoftware.common.annotation.PreUserPermission; +import com.easysoftware.common.entity.MessageCode; +import com.easysoftware.common.utils.ResultUtil; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; @@ -25,15 +31,33 @@ import com.easysoftware.common.aop.RequestLimitRedis; import jakarta.validation.Valid; +import java.util.HashMap; + @RestController @RequestMapping("/appVersion") public class ApplicationVersionQueryAdapter { + /** + * Logger for ApplicationVersionQueryAdapter. + */ + private static final Logger LOGGER = LoggerFactory.getLogger(ApplicationVersionQueryAdapter.class); + /** * Autowired service for handling application version-related operations. */ @Autowired private ApplicationVersionService appVersionService; + /** + * Autowired UserPermission for check user permission. + */ + @Autowired + private UserPermission userPermission; + + /** + * Define current functional permissions. + */ + private static final String[] REQUIRE_PERMISSIONS = {UerPermissionDef.USER_PERMISSION_READ}; + /** * Endpoint to search for application versions based on the provided search * condition. @@ -63,4 +87,29 @@ public class ApplicationVersionQueryAdapter { // 检查会话权限 return appVersionService.searchAppVerColumn(condition); } + + /** + * Check if the user has permission to access. + * + * @return ResponseEntity. + */ + @GetMapping("/permission") + @RequestLimitRedis() + public ResponseEntity checkPermission() { + HashMap result = new HashMap<>(); + try { + /* 检查用户权限 */ + boolean permissionFlag = userPermission.checkUserPermission(REQUIRE_PERMISSIONS); + + if (permissionFlag) { + result.put("allow_access", Boolean.TRUE); + } else { + result.put("allow_access", Boolean.FALSE); + } + return ResultUtil.success(HttpStatus.OK, result); + } catch (Exception e) { + LOGGER.error("Authentication exception"); + return ResultUtil.fail(HttpStatus.UNAUTHORIZED, MessageCode.EC00020); + } + } } diff --git a/src/main/java/com/easysoftware/common/account/UserPermission.java b/src/main/java/com/easysoftware/common/account/UserPermission.java index e9e2666..051f025 100644 --- a/src/main/java/com/easysoftware/common/account/UserPermission.java +++ b/src/main/java/com/easysoftware/common/account/UserPermission.java @@ -52,6 +52,27 @@ public class UserPermission { @Value("${cookie.token.name}") private String cookieTokenName; + /** + * check user permission. + * @param requirePermissions required user Permissions. + * @return Permission matching results. + */ + public boolean checkUserPermission(String[] requirePermissions) { + /* 访问权限要求为空 */ + if (Objects.isNull(requirePermissions) || 0 == requirePermissions.length) { + return true; + } + + /* 获取客户权限 */ + HashSet permissionSet = this.getPermissionList(); + if (Objects.isNull(permissionSet) || permissionSet.isEmpty()) { + return false; + } + + /* 检查客户权限是否满足访问权限 */ + return Arrays.stream(requirePermissions).anyMatch(permissionSet::contains); + } + /** * Get user permission by user token and manage token. * @return Collection of user permissions. diff --git a/src/main/java/com/easysoftware/common/aop/PreUserPermissionAspect.java b/src/main/java/com/easysoftware/common/aop/PreUserPermissionAspect.java index 694550e..af11c7b 100644 --- a/src/main/java/com/easysoftware/common/aop/PreUserPermissionAspect.java +++ b/src/main/java/com/easysoftware/common/aop/PreUserPermissionAspect.java @@ -15,8 +15,6 @@ import org.springframework.http.HttpStatus; import org.springframework.stereotype.Component; import java.lang.reflect.Method; -import java.util.HashSet; -import java.util.Objects; @Aspect @Component @@ -48,24 +46,12 @@ public class PreUserPermissionAspect { PreUserPermission preUserPermission = method.getAnnotation(PreUserPermission.class); String[] paramValues = preUserPermission.value(); - /* 方法使用注解,如果未指定参数,默认无权限控制;否则,进行权限检查 */ - if (!Objects.isNull(paramValues) && 0 != paramValues.length) { - /* 获取客户权限 */ - HashSet permissionSet = userPermission.getPermissionList(); + /* 检查客户权限是否满足访问权限 */ + boolean permissionFlag = userPermission.checkUserPermission(paramValues); - /* 检查客户权限是否满足访问权限 */ - boolean permissionFlag = false; - for (String item : paramValues) { - if (permissionSet.contains(item)) { - permissionFlag = true; - break; - } - } - - if (!permissionFlag) { - LOGGER.error("Insufficient permissions"); - return ResultUtil.fail(HttpStatus.UNAUTHORIZED, MessageCode.EC00019); - } + if (!permissionFlag) { + LOGGER.error("Insufficient permissions"); + return ResultUtil.fail(HttpStatus.FORBIDDEN, MessageCode.EC00019); } } catch (Exception e) { LOGGER.error("Authentication exception"); -- Gitee