Skip to content

I
ibzuaa
提交 5fcdee14 编写于 作者: zhouweidong's avatar zhouweidong
浏览文件
操作

移除资源表查询接口,权限数按照Authority返回

上级 07859c6b
隐藏空白字符变更
内嵌 并排
正在显示 包含 20 行增加207 行删除
ibzuaa-boot/src/main/java/cn/ibizlab/config/DevBootSecurityConfig.java
浏览文件 @ 5fcdee14
......@@ -102,6 +102,8 @@ public class DevBootSecurityConfig extends WebSecurityConfigurerAdapter {
.antMatchers( HttpMethod.POST,"/"+uaaLoginPath).permitAll()
.antMatchers( HttpMethod.POST,"/"+uaaLoginPath2).permitAll()
.antMatchers("/syspssystems/**/permissiondata").permitAll()
//同步系统权限资源
.antMatchers("/syspssystems/save").permitAll()
.antMatchers("/uaa/login").permitAll()
.anyRequest().authenticated()
// 防止iframe 造成跨域
......
ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/config/apiSecurityConfig.java
浏览文件 @ 5fcdee14
......@@ -117,6 +117,8 @@ public class apiSecurityConfig extends WebSecurityConfigurerAdapter {
.antMatchers("/"+uploadpath).permitAll()
.antMatchers("/"+previewpath+"/**").permitAll()
.antMatchers("/syspssystems/**/permissiondata").permitAll()
//同步系统权限资源
.antMatchers("/syspssystems/save").permitAll()
.antMatchers("/uaa/login").permitAll()
// 所有请求都需要认证
.anyRequest().authenticated()
......
ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SysPSSystemResource.java
浏览文件 @ 5fcdee14
......@@ -105,7 +105,7 @@ public class SysPSSystemResource {
return ResponseEntity.status(HttpStatus.OK).body(true);
}
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SysPSSystem-Save-all')")
// @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SysPSSystem-Save-all')")
@ApiOperation(value = "Save", tags = {"SysPSSystem" }, notes = "Save")
@RequestMapping(method = RequestMethod.POST, value = "/syspssystems/save")
public ResponseEntity<Boolean> save(@RequestBody SysPSSystemDTO syspssystemdto) {
......
ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/extensions/ClientAuthenticationResource.java
浏览文件 @ 5fcdee14
package cn.ibizlab.api.rest.extensions;
import cn.ibizlab.core.uaa.service.ISysPermissionService;
import cn.ibizlab.core.uaa.extensions.service.UAACoreService;
import cn.ibizlab.util.client.IBZOUFeignClient;
import cn.ibizlab.util.security.AuthTokenUtil;
import cn.ibizlab.util.security.AuthenticationInfo;
import cn.ibizlab.util.security.AuthenticationUser;
import cn.ibizlab.util.security.AuthorizationLogin;
import cn.ibizlab.util.service.AuthenticationUserService;
import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.ResponseEntity;
import org.springframework.util.StringUtils;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.*;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.*;
/**
* 客户端登录认证
......@@ -36,19 +33,6 @@ public class ClientAuthenticationResource
@Autowired
private AuthTokenUtil jwtTokenUtil;
/**
* 实体操作标识
*/
private String OPPriTag="OPPRIV";
/**
* 统一资源标识
*/
private String UniResTag="UNIRES";
/**
* 菜单项标识
*/
private String AppMenuTag="APPMENU";
@Autowired
@Qualifier("IBZUSERService")
private AuthenticationUserService userDetailsService;
......@@ -56,9 +40,6 @@ public class ClientAuthenticationResource
@Autowired
private IBZOUFeignClient ouFeignClient;
@Autowired
private ISysPermissionService permissionService;
@PostMapping(value = "v7/login")
public ResponseEntity<AuthenticationInfo> login(@Validated @RequestBody AuthorizationLogin authorizationLogin){
userDetailsService.resetByUsername(authorizationLogin.getUsername());
......@@ -98,197 +79,25 @@ public class ClientAuthenticationResource
return ResponseEntity.ok().body(user);
}
@Autowired
UAACoreService uaaCoreService;
/**
* 设置用户权限
* 由于GrantedAuthority缺少无参构造,导致无法序列化,暂时通过PermissionList中转
* @param user
* @return
*/
public void setUserPermission(AuthenticationUser user) {
JSONObject permissionObj=new JSONObject();
//数据能力
String opprivSQL="SELECT\n" +
"\tT2.pssysmoduleid as sysmodule,\n" +
"\tT2.psdataentityid as dataentity,\n" +
"\tT2.pssourceid as pssourceid,\n" +
"\tT2.pssourcetype as pssourcetype,\n" +
"\tT2.psdedatarangeid as dedatarange,\n" +
"\tT1.sys_permissionid as permissionid,\n"+
"\tT1.sys_permissionname\n" +
"FROM\n" +
"\tibzrole_permission T\n" +
"INNER JOIN ibzpermission T1 ON T.SYS_PERMISSIONID = T1.SYS_PERMISSIONID\n" +
"INNER JOIN ibzpsdeoppriv T2 on T1.SYS_PERMISSIONID=t2.SYS_PSDEOPPRIVID\n" +
"WHERE\n" +
"\tT.SYS_ROLEID IN (\n" +
"\t SELECT SYS_ROLEID\n" +
"\t FROM\n" +
"\t IBZUSER_ROLE t LEFT JOIN IBZUSER t1 ON t.SYS_USERID=T1.USERID\n" +
"\t WHERE\n" +
"\t T1.USERID = #{et.param0}\n" +
"\t)\n" +
"AND T1.PERMISSIONTYPE = #{et.param1} and t1.enable=1 ";
//统一资源
String uniResSQL="SELECT\n" +
"\tt2.SYS_PSSYSUNIRESID,\n" +
"\tt2.SYS_PSSYSUNIRESNAME,\n" +
"\tT2.UNIRESCODE \n" +
"FROM\n" +
"\tibzrole_permission T\n" +
"INNER JOIN ibzpermission T1 ON T.SYS_PERMISSIONID = T1.SYS_PERMISSIONID\n" +
"INNER JOIN IBZPSSYSUNIRES T2 on T1.SYS_PERMISSIONID=t2.SYS_PSSYSUNIRESID\n" +
"WHERE\n" +
"\tT.SYS_ROLEID IN (\n" +
"\t SELECT SYS_ROLEID\n" +
"\t FROM\n" +
"\t IBZUSER_ROLE t LEFT JOIN IBZUSER t1 ON t.SYS_USERID=T1.USERID\n" +
"\t WHERE\n" +
"\t T1.USERID = #{et.param0}\n" +
"\t)\n" +
"AND T1.PERMISSIONTYPE = #{et.param1} and t1.enable=1";
//应用菜单
String appMenuSQL="SELECT\n" +
"\tt2.PSAPPMENUITEMID as MENUITEMID,\n" +
"\tt2.SYS_PSAPPMENUITEMNAME AS MENUITEMNAME \n" +
"FROM\n" +
"\tibzrole_permission T\n" +
"INNER JOIN ibzpermission T1 ON T.SYS_PERMISSIONID = T1.SYS_PERMISSIONID\n" +
"INNER JOIN ibzpsappmenuitem T2 on T1.SYS_PERMISSIONID=t2.SYS_PSAPPMENUITEMID\n" +
"WHERE\n" +
"\tT.SYS_ROLEID IN (\n" +
"\t SELECT SYS_ROLEID\n" +
"\t FROM\n" +
"\t IBZUSER_ROLE t LEFT JOIN IBZUSER t1 ON t.SYS_USERID=T1.USERID\n" +
"\t WHERE\n" +
"\t T1.USERID = #{et.param0}\n" +
"\t)\n" +
"AND T1.PERMISSIONTYPE = #{et.param1} and t1.enable=1";
Map opprivParam=new HashMap();
opprivParam.put("param0",user.getUserid());
opprivParam.put("param1",OPPriTag);
Map uniresParam=new HashMap();
uniresParam.put("param0",user.getUserid());
uniresParam.put("param1",UniResTag);
Map appMenuParam=new HashMap();
appMenuParam.put("param0",user.getUserid());
appMenuParam.put("param1",AppMenuTag);
List<JSONObject> entitiesList= permissionService.select(opprivSQL,opprivParam); //查询用户权限下数据能力
List<JSONObject> uniResList= permissionService.select(uniResSQL,uniresParam); //查询用户权限下的统一资源
List<JSONObject> appMenuItemList= permissionService.select(appMenuSQL,appMenuParam); //查询用户权限下的菜单项
JSONObject entities=getEntitiesList(entitiesList);
JSONArray uniRes=getUniRes(uniResList);
JSONArray appMenuItem=getAppMenuItem(appMenuItemList);
permissionObj.put("entities",entities);
permissionObj.put("unires",uniRes);
permissionObj.put("appmenu",appMenuItem);
permissionObj.put("authorities",getAuthoritiesArray(user,entitiesList));
user.setPermissionList(permissionObj);
}
/**
* 获取用户资源
* @return
*/
private JSONArray getAuthoritiesArray(AuthenticationUser user,List<JSONObject> dataRangeArray) {
JSONArray authoritiesArray =new JSONArray();
if(dataRangeArray.size()>0){
for(int a=0;a<dataRangeArray.size();a++){
JSONObject dataRangeObj=dataRangeArray.get(a);
String dataRangeId=dataRangeObj.getString("dedatarange");
String permissionId=dataRangeObj.getString("permissionid");
if( !StringUtils.isEmpty(dataRangeId) && !StringUtils.isEmpty(permissionId) && dataRangeId.equalsIgnoreCase("all") ){
authoritiesArray.add(permissionId);
}
}
}
Collection<GrantedAuthority> userAuthorities=uaaCoreService.getAuthoritiesByUserId(user.getUserid());
Set<String> authorities = AuthorityUtils.authorityListToSet(userAuthorities);
if(user.getSuperuser()==1){
authoritiesArray.add("ROLE_SUPERADMIN");
}
return authoritiesArray;
}
/**
* 获取应用菜单
* @param menuItemList
* @return
*/
private JSONArray getAppMenuItem(List<JSONObject> menuItemList) {
JSONArray menuItemArr=new JSONArray();
for(int a=0;a<menuItemList.size();a++){
JSONObject menuItem=menuItemList.get(a);
JSONObject newMenuItem=new JSONObject();
newMenuItem.put("appid",menuItem.getString("MENUITEMID"));
newMenuItem.put("appmenuid",menuItem.getString("MENUITEMNAME"));
newMenuItem.put("menuitemid",menuItem.getString("MENUITEMID"));
newMenuItem.put("menuitemname",menuItem.getString("MENUITEMNAME"));
menuItemArr.add(newMenuItem);
}
return menuItemArr;
}
/**
* 获取统一资源
* @param uniResList
* @return
*/
private JSONArray getUniRes(List<JSONObject> uniResList) {
JSONArray uniResArr=new JSONArray();
for(int a=0;a<uniResList.size();a++){
JSONObject uniRes=uniResList.get(a);
JSONObject newUniRes=new JSONObject();
newUniRes.put("unirescode",uniRes.getString("UNIRESCODE"));
newUniRes.put("uniresname",uniRes.getString("SYS_PSSYSUNIRESNAME"));
uniResArr.add(newUniRes);
}
return uniResArr;
}
/**
* 拼接实体行为资源
* @param role_permissions
* @return
*/
private JSONObject getEntitiesList(List<JSONObject> role_permissions) {
JSONObject permission_entity= new JSONObject();
for (Map rolePermission : role_permissions) {
JSONObject obj = JSONObject.parseObject(JSONObject.toJSON(rolePermission).toString());
String entityName = obj.getString("dataentity");
String dataRangeName = obj.getString("dedatarange");
String sourceName = obj.getString("pssourceid");
String sourceType=obj.getString("pssourcetype");
JSONObject entity = new JSONObject();
JSONObject permission = new JSONObject();
JSONArray dataRange = new JSONArray();
if (permission_entity.containsKey(entityName))//实体合并
entity = permission_entity.getJSONObject(entityName);
if (entity.containsKey(sourceType))//数据能力合并
permission = entity.getJSONObject(sourceType);
if(permission.containsKey(sourceName))
dataRange=permission.getJSONArray(sourceName);
dataRange.add(dataRangeName);
permission.put(sourceName,dataRange);
entity.put(sourceType, permission);
permission_entity.put(entityName, entity);
authorities.add("ROLE_SUPERADMIN");
}
return permission_entity;
JSONObject permission =new JSONObject();
permission.put("authorities",authorities);
user.setPermissionList(permission);
}
/**
......
Markdown 格式
0% or
您添加了 0 到此讨论。请谨慎行事。
先完成此消息的编辑!
想要评论请 注册