检查权限切面类

3 years ago · db44f975f2
parent c1a948bdc6
commit db44f975f2
10 changed files with 77 additions and 38 deletions
--- a/src/main/java/com/zh/project0512/aop/AdminCheckAuthorityAspect.java
+++ b/src/main/java/com/zh/project0512/aop/AdminCheckAuthorityAspect.java
@ -1,8 +1,13 @@
 package com.zh.project0512.aop;

 import com.zh.project0512.annotation.AdminCheckAuthorityAnnotation;
+import com.zh.project0512.model.Admin;
+import com.zh.project0512.service.IAdminRoleService;
+import com.zh.project0512.service.IAdminService;
 import com.zh.project0512.service.IUserService;
+import com.zh.project0512.utils.BizException;
 import com.zh.project0512.utils.JwtUtil;
+import com.zh.project0512.utils.result.HttpStatusEnum;
 import jdk.nashorn.internal.ir.annotations.Reference;
 import org.aspectj.lang.JoinPoint;
 import org.aspectj.lang.annotation.AfterReturning;
@ -37,7 +42,9 @@ public class AdminCheckAuthorityAspect {
    private final static Logger logger = LoggerFactory.getLogger(AdminCheckAuthorityAspect.class);

    @Resource
-    IUserService userService;
+    IAdminService adminService;
+    @Resource
+    IAdminRoleService adminRoleService;


    /**
@ -59,38 +66,36 @@ public class AdminCheckAuthorityAspect {

        //获取当前用户的信息
        String tokenId = request.getHeader("token");
-        Integer userId = userService.selByOpenid(new JwtUtil().parseOpenid(tokenId)).getId();
-
-//        //如果不是超级管理员，则判断是否有足够权限
-//        if (manageUser.getType() != 1){//1.公司超级管理员
-//            //1、查询【当前用户】所拥有的【角色】
-//            String roleIdsStr = manageUser.getRoleId();
-//            if (roleIdsStr != null){
-//                String[] roleIds = roleIdsStr.split(",");
-//
-//                HashSet<Integer> jurisdictionIds = new HashSet<>();
-//                for (String roleId : roleIds) {
-//                    //2、根据【角色】查询对应的权限
-//                    List<Integer> jurisdictionIdList = manageCheckAuthorityService.findJurisdictionByRoleId(roleId,sysCommunity);
-//
-//                    //3、将各个角色的权限 合在一起 并进行 去重操作
-//                    jurisdictionIds.addAll(jurisdictionIdList);
-//                }
-//
-//
-//                //4、获取该api所需权限
-//                MethodSignature signature = (MethodSignature) joinPoint.getSignature();
-//                ManageCheckAuthorityAnnotation annotation = signature.getMethod().getAnnotation(ManageCheckAuthorityAnnotation.class);
-//                String jurisdictionId = annotation.jurisdictionId();
-//
-//                //5、判断该用户是否存在该api所需权限,如果存在，则通过，不存在则抛出提示权限不足
-//                if (!jurisdictionIds.contains(Integer.valueOf(jurisdictionId))){
-//                    throw new BizException(HttpStatusEnum.CUSTOM_EXCEPTION,"用户权限不足");
-//                }
-//            }else {
-//                throw new BizException(HttpStatusEnum.CUSTOM_EXCEPTION,"用户权限不足");
-//            }
-//        }
+        Integer id = Integer.valueOf(new JwtUtil().parseAdminJWT(tokenId).getId());
+
+        Admin admin = adminService.getById(id);
+        //1、查询【当前用户】所拥有的【角色】
+        String roleIdsStr = admin.getRoleIds();
+        if (roleIdsStr != null && !roleIdsStr.trim().equals("")){
+            String[] roleIds = roleIdsStr.split(",");
+
+            HashSet<Integer> jurisdictionIds = new HashSet<>();
+            for (String roleId : roleIds) {
+                //2、根据【角色】查询对应的权限
+                List<Integer> jurisdictionIdList = adminRoleService.findJurisdictionByRoleId(roleId);
+
+                //3、将各个角色的权限 合在一起 并进行 去重操作
+                jurisdictionIds.addAll(jurisdictionIdList);
+            }
+
+
+            //4、获取该api所需权限
+            MethodSignature signature = (MethodSignature) joinPoint.getSignature();
+            AdminCheckAuthorityAnnotation annotation = signature.getMethod().getAnnotation(AdminCheckAuthorityAnnotation.class);
+            String jurisdictionId = annotation.jurisdictionId();
+
+            //5、判断该用户是否存在该api所需权限,如果存在，则通过，不存在则抛出提示权限不足
+            if (!jurisdictionIds.contains(Integer.valueOf(jurisdictionId))){
+                throw new BizException(HttpStatusEnum.CUSTOM_EXCEPTION,"用户权限不足");
+            }
+        }else {
+            throw new BizException(HttpStatusEnum.CUSTOM_EXCEPTION,"用户权限不足");
+        }

    }

--- a/src/main/java/com/zh/project0512/controller/manage/AdminJurisdictionController.java
+++ b/src/main/java/com/zh/project0512/controller/manage/AdminJurisdictionController.java
@ -1,5 +1,6 @@
 package com.zh.project0512.controller.manage;

+import com.zh.project0512.annotation.AdminCheckAuthorityAnnotation;
 import com.zh.project0512.model.dto.OperationRoleJurisdictionDTO;
 import com.zh.project0512.model.dto.AdminJurisdictionFBIDTO;
 import com.zh.project0512.model.vo.AdminJurisdictionFBRIVo;
@ -34,6 +35,7 @@ public class AdminJurisdictionController {
     * @param operationRoleJurisdictionDTO 操作用户权限DTO
     * @return 操作结果
     */
+    @AdminCheckAuthorityAnnotation(jurisdictionId = "5")
    @Operation(summary = "操作角色权限")
    @PostMapping("/operationRoleJurisdiction")
    public Result<String> operationRoleJurisdiction(@Validated @RequestBody OperationRoleJurisdictionDTO operationRoleJurisdictionDTO){
--- a/src/main/java/com/zh/project0512/model/Admin.java
+++ b/src/main/java/com/zh/project0512/model/Admin.java
@ -94,5 +94,10 @@ public class Admin extends Model {
     */
    private Integer status;

+    /**
+     * 角色id，用,分隔
+     */
+    @TableField("roleIds")
+    private String roleIds;

 }
--- a/src/main/java/com/zh/project0512/model/AdminJurisdiction.java
+++ b/src/main/java/com/zh/project0512/model/AdminJurisdiction.java
@ -16,7 +16,7 @@ import java.io.Serializable;
@Data
@NoArgsConstructor
@AllArgsConstructor
-@TableName("userJurisdiction")
+@TableName("adminJurisdiction")
 public class AdminJurisdiction implements Serializable {
    private static final long serialVersionUID = 1L;
    /**
--- a/src/main/java/com/zh/project0512/model/AdminMenus.java
+++ b/src/main/java/com/zh/project0512/model/AdminMenus.java
@ -16,7 +16,7 @@ import java.io.Serializable;
@Data
@NoArgsConstructor
@AllArgsConstructor
-@TableName("userMenus")
+@TableName("adminMenus")
 public class AdminMenus implements Serializable {
    private static final long serialVersionUID = 1L;

--- a/src/main/java/com/zh/project0512/model/AdminOperation.java
+++ b/src/main/java/com/zh/project0512/model/AdminOperation.java
@ -16,7 +16,7 @@ import java.io.Serializable;
@Data
@NoArgsConstructor
@AllArgsConstructor
-@TableName("userOperation")
+@TableName("adminOperation")
 public class AdminOperation implements Serializable {
    private static final long serialVersionUID = 1L;

--- a/src/main/java/com/zh/project0512/model/AdminRole.java
+++ b/src/main/java/com/zh/project0512/model/AdminRole.java
@ -17,7 +17,7 @@ import java.util.Date;
@Data
@NoArgsConstructor
@AllArgsConstructor
-@TableName("userRole")
+@TableName("adminRole")
 public class AdminRole implements Serializable {
    private static final long serialVersionUID = 1L;

--- a/src/main/java/com/zh/project0512/model/AdminRoleJurisdiction.java
+++ b/src/main/java/com/zh/project0512/model/AdminRoleJurisdiction.java
@ -16,7 +16,7 @@ import java.io.Serializable;
@Data
@NoArgsConstructor
@AllArgsConstructor
-@TableName("userRoleJurisdiction")
+@TableName("adminRoleJurisdiction")
 public class AdminRoleJurisdiction implements Serializable {
    private static final long serialVersionUID = 1L;

--- a/src/main/java/com/zh/project0512/service/IAdminRoleService.java
+++ b/src/main/java/com/zh/project0512/service/IAdminRoleService.java
@ -6,6 +6,8 @@ import com.zh.project0512.model.dto.AdminRoleUpdateDTO;
 import com.zh.project0512.model.vo.AdminRoleListVo;
 import com.zh.project0512.utils.page.PageInfo;

+import java.util.List;
+
 public interface IAdminRoleService {
    /**
     * 查询用户角色
@ -27,4 +29,11 @@ public interface IAdminRoleService {
     * @return 操作结果
     */
    boolean update(AdminRoleUpdateDTO adminRoleUpdateDTO);
+
+    /**
+     * 根据【角色】查询对应的权限
+     * @param roleId 角色主键id
+     * @return 对应的权限
+     */
+    List<Integer> findJurisdictionByRoleId(String roleId);
 }
--- a/src/main/java/com/zh/project0512/serviceImpl/AdminRoleServiceImpl.java
+++ b/src/main/java/com/zh/project0512/serviceImpl/AdminRoleServiceImpl.java
@ -3,8 +3,10 @@ package com.zh.project0512.serviceImpl;
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
+import com.zh.project0512.mapper.AdminRoleJurisdictionMapper;
 import com.zh.project0512.mapper.AdminRoleMapper;
 import com.zh.project0512.model.AdminRole;
+import com.zh.project0512.model.AdminRoleJurisdiction;
 import com.zh.project0512.model.dto.AdminRoleInsertDTO;
 import com.zh.project0512.model.dto.AdminRoleListDTO;
 import com.zh.project0512.model.dto.AdminRoleUpdateDTO;
@ -27,6 +29,8 @@ import java.util.UUID;
 public class AdminRoleServiceImpl implements IAdminRoleService {
    @Resource
    AdminRoleMapper adminRoleMapper;
+    @Resource
+    AdminRoleJurisdictionMapper adminRoleJurisdictionMapper;

    @Override
    public PageInfo<AdminRoleListVo> list(AdminRoleListDTO adminRoleListDTO) {
@ -69,4 +73,18 @@ public class AdminRoleServiceImpl implements IAdminRoleService {
        int update = adminRoleMapper.updateById(adminRole);
        return update > 0;
    }
+
+    @Override
+    public List<Integer> findJurisdictionByRoleId(String roleId) {
+        ArrayList<Integer> jurisdictionIds = new ArrayList<>();
+
+        QueryWrapper<AdminRoleJurisdiction> queryWrapper = new QueryWrapper<>();
+        queryWrapper.eq("role_id",roleId);
+        List<AdminRoleJurisdiction> adminRoleJurisdictionList = adminRoleJurisdictionMapper.selectList(queryWrapper);
+        for (AdminRoleJurisdiction adminRoleJurisdiction : adminRoleJurisdictionList) {
+            jurisdictionIds.add(adminRoleJurisdiction.getJurisdictionId());
+        }
+
+        return jurisdictionIds;
+    }
 }