移除资源表查询接口，权限数按照Authority返回

ibzuaa-boot/src/main/java/cn/ibizlab/config/DevBootSecurityConfig.java

@@ -102,6 +102,8 @@ public class DevBootSecurityConfig extends WebSecurityConfigurerAdapter {
                        .antMatchers( HttpMethod.POST,"/"+uaaLoginPath).permitAll()
                        .antMatchers( HttpMethod.POST,"/"+uaaLoginPath2).permitAll()
                        .antMatchers("/syspssystems/**/permissiondata").permitAll()
+                       //同步系统权限资源
+                       .antMatchers("/syspssystems/save").permitAll()
                        .antMatchers("/uaa/login").permitAll()
                 .anyRequest().authenticated()
                 // 防止iframe 造成跨域

ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/config/apiSecurityConfig.java

@@ -117,6 +117,8 @@ public class apiSecurityConfig extends WebSecurityConfigurerAdapter {
                 .antMatchers("/"+uploadpath).permitAll()
                 .antMatchers("/"+previewpath+"/**").permitAll()
                 .antMatchers("/syspssystems/**/permissiondata").permitAll()
+                //同步系统权限资源
+                .antMatchers("/syspssystems/save").permitAll()
                 .antMatchers("/uaa/login").permitAll()
                 // 所有请求都需要认证
                 .anyRequest().authenticated()

ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SysPSSystemResource.java

@@ -105,7 +105,7 @@ public class SysPSSystemResource {
         return  ResponseEntity.status(HttpStatus.OK).body(true);
     }
 
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SysPSSystem-Save-all')")
+//    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SysPSSystem-Save-all')")
     @ApiOperation(value = "Save", tags = {"SysPSSystem" },  notes = "Save")
 	@RequestMapping(method = RequestMethod.POST, value = "/syspssystems/save")
     public ResponseEntity<Boolean> save(@RequestBody SysPSSystemDTO syspssystemdto) {

ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/extensions/ClientAuthenticationResource.java

 
 package cn.ibizlab.api.rest.extensions;
 
-import cn.ibizlab.core.uaa.service.ISysPermissionService;
+import cn.ibizlab.core.uaa.extensions.service.UAACoreService;
 import cn.ibizlab.util.client.IBZOUFeignClient;
 import cn.ibizlab.util.security.AuthTokenUtil;
 import cn.ibizlab.util.security.AuthenticationInfo;
 import cn.ibizlab.util.security.AuthenticationUser;
 import cn.ibizlab.util.security.AuthorizationLogin;
 import cn.ibizlab.util.service.AuthenticationUserService;
-import com.alibaba.fastjson.JSONArray;
 import com.alibaba.fastjson.JSONObject;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.ResponseEntity;
-import org.springframework.util.StringUtils;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
+import java.util.*;
 
 /**
  * 客户端登录认证
@@ -36,19 +33,6 @@ public class ClientAuthenticationResource
     @Autowired
     private AuthTokenUtil jwtTokenUtil;
 
-    /**
-     * 实体操作标识
-     */
-    private String OPPriTag="OPPRIV";
-    /**
-     * 统一资源标识
-     */
-    private String UniResTag="UNIRES";
-    /**
-     * 菜单项标识
-     */
-    private String AppMenuTag="APPMENU";
-
     @Autowired
     @Qualifier("IBZUSERService")
     private AuthenticationUserService userDetailsService;
@@ -56,9 +40,6 @@ public class ClientAuthenticationResource
     @Autowired
     private IBZOUFeignClient ouFeignClient;
 
-    @Autowired
-    private ISysPermissionService permissionService;
-
     @PostMapping(value = "v7/login")
     public ResponseEntity<AuthenticationInfo> login(@Validated @RequestBody AuthorizationLogin authorizationLogin){
         userDetailsService.resetByUsername(authorizationLogin.getUsername());
@@ -98,197 +79,25 @@ public class ClientAuthenticationResource
         return ResponseEntity.ok().body(user);
     }
 
+    @Autowired
+    UAACoreService uaaCoreService;
+
+
     /**
      * 设置用户权限
+     * 由于GrantedAuthority缺少无参构造，导致无法序列化，暂时通过PermissionList中转
      * @param user
      * @return
      */
     public void setUserPermission(AuthenticationUser user) {
-
-        JSONObject permissionObj=new JSONObject();
-
-        //数据能力
-        String opprivSQL="SELECT\n" +
-                "\tT2.pssysmoduleid as sysmodule,\n" +
-                "\tT2.psdataentityid as dataentity,\n" +
-                "\tT2.pssourceid as pssourceid,\n" +
-                "\tT2.pssourcetype as pssourcetype,\n" +
-                "\tT2.psdedatarangeid as dedatarange,\n" +
-                "\tT1.sys_permissionid as permissionid,\n"+
-                "\tT1.sys_permissionname\n" +
-                "FROM\n" +
-                "\tibzrole_permission T\n" +
-                "INNER JOIN ibzpermission T1 ON T.SYS_PERMISSIONID = T1.SYS_PERMISSIONID\n" +
-                "INNER JOIN ibzpsdeoppriv T2 on T1.SYS_PERMISSIONID=t2.SYS_PSDEOPPRIVID\n" +
-                "WHERE\n" +
-                "\tT.SYS_ROLEID IN (\n" +
-                "\t SELECT  SYS_ROLEID\n" +
-                "\t FROM\n" +
-                "\t IBZUSER_ROLE t LEFT JOIN IBZUSER  t1 ON t.SYS_USERID=T1.USERID\n" +
-                "\t WHERE\n" +
-                "\t T1.USERID = #{et.param0}\n" +
-                "\t)\n" +
-                "AND T1.PERMISSIONTYPE = #{et.param1} and  t1.enable=1 ";
-
-        //统一资源
-        String uniResSQL="SELECT\n" +
-                "\tt2.SYS_PSSYSUNIRESID,\n" +
-                "\tt2.SYS_PSSYSUNIRESNAME,\n" +
-                "\tT2.UNIRESCODE \n" +
-                "FROM\n" +
-                "\tibzrole_permission T\n" +
-                "INNER JOIN ibzpermission T1 ON T.SYS_PERMISSIONID = T1.SYS_PERMISSIONID\n" +
-                "INNER JOIN IBZPSSYSUNIRES T2 on T1.SYS_PERMISSIONID=t2.SYS_PSSYSUNIRESID\n" +
-                "WHERE\n" +
-                "\tT.SYS_ROLEID IN (\n" +
-                "\t SELECT  SYS_ROLEID\n" +
-                "\t FROM\n" +
-                "\t IBZUSER_ROLE t LEFT JOIN IBZUSER  t1 ON t.SYS_USERID=T1.USERID\n" +
-                "\t WHERE\n" +
-                "\t T1.USERID = #{et.param0}\n" +
-                "\t)\n" +
-                "AND T1.PERMISSIONTYPE = #{et.param1} and  t1.enable=1";
-
-        //应用菜单
-        String appMenuSQL="SELECT\n" +
-                "\tt2.PSAPPMENUITEMID as MENUITEMID,\n" +
-                "\tt2.SYS_PSAPPMENUITEMNAME AS MENUITEMNAME \n" +
-                "FROM\n" +
-                "\tibzrole_permission T\n" +
-                "INNER JOIN ibzpermission T1 ON T.SYS_PERMISSIONID = T1.SYS_PERMISSIONID\n" +
-                "INNER JOIN ibzpsappmenuitem T2 on T1.SYS_PERMISSIONID=t2.SYS_PSAPPMENUITEMID\n" +
-                "WHERE\n" +
-                "\tT.SYS_ROLEID IN (\n" +
-                "\t SELECT  SYS_ROLEID\n" +
-                "\t FROM\n" +
-                "\t IBZUSER_ROLE t LEFT JOIN IBZUSER  t1 ON t.SYS_USERID=T1.USERID\n" +
-                "\t WHERE\n" +
-                "\t T1.USERID = #{et.param0}\n" +
-                "\t)\n" +
-                "AND T1.PERMISSIONTYPE = #{et.param1} and  t1.enable=1";
-
-
-        Map opprivParam=new HashMap();
-        opprivParam.put("param0",user.getUserid());
-        opprivParam.put("param1",OPPriTag);
-
-        Map uniresParam=new HashMap();
-        uniresParam.put("param0",user.getUserid());
-        uniresParam.put("param1",UniResTag);
-
-        Map appMenuParam=new HashMap();
-        appMenuParam.put("param0",user.getUserid());
-        appMenuParam.put("param1",AppMenuTag);
-
-        List<JSONObject> entitiesList= permissionService.select(opprivSQL,opprivParam); //查询用户权限下数据能力
-        List<JSONObject> uniResList= permissionService.select(uniResSQL,uniresParam);   //查询用户权限下的统一资源
-        List<JSONObject> appMenuItemList= permissionService.select(appMenuSQL,appMenuParam); //查询用户权限下的菜单项
-
-        JSONObject entities=getEntitiesList(entitiesList);
-        JSONArray uniRes=getUniRes(uniResList);
-        JSONArray appMenuItem=getAppMenuItem(appMenuItemList);
-
-        permissionObj.put("entities",entities);
-        permissionObj.put("unires",uniRes);
-        permissionObj.put("appmenu",appMenuItem);
-        permissionObj.put("authorities",getAuthoritiesArray(user,entitiesList));
-        user.setPermissionList(permissionObj);
-    }
-
-    /**
-     * 获取用户资源
-     * @return
-     */
-    private JSONArray getAuthoritiesArray(AuthenticationUser user,List<JSONObject> dataRangeArray) {
-
-        JSONArray authoritiesArray =new JSONArray();
-        if(dataRangeArray.size()>0){
-            for(int a=0;a<dataRangeArray.size();a++){
-                JSONObject dataRangeObj=dataRangeArray.get(a);
-                String dataRangeId=dataRangeObj.getString("dedatarange");
-                String permissionId=dataRangeObj.getString("permissionid");
-                if( !StringUtils.isEmpty(dataRangeId) && !StringUtils.isEmpty(permissionId) && dataRangeId.equalsIgnoreCase("all") ){
-                    authoritiesArray.add(permissionId);
-                }
-            }
-        }
+        Collection<GrantedAuthority> userAuthorities=uaaCoreService.getAuthoritiesByUserId(user.getUserid());
+        Set<String> authorities = AuthorityUtils.authorityListToSet(userAuthorities);
         if(user.getSuperuser()==1){
-            authoritiesArray.add("ROLE_SUPERADMIN");
-        }
-
-        return authoritiesArray;
-    }
-
-    /**
-     * 获取应用菜单
-     * @param menuItemList
-     * @return
-     */
-    private JSONArray getAppMenuItem(List<JSONObject> menuItemList) {
-        JSONArray menuItemArr=new JSONArray();
-        for(int a=0;a<menuItemList.size();a++){
-            JSONObject menuItem=menuItemList.get(a);
-            JSONObject newMenuItem=new JSONObject();
-            newMenuItem.put("appid",menuItem.getString("MENUITEMID"));
-            newMenuItem.put("appmenuid",menuItem.getString("MENUITEMNAME"));
-            newMenuItem.put("menuitemid",menuItem.getString("MENUITEMID"));
-            newMenuItem.put("menuitemname",menuItem.getString("MENUITEMNAME"));
-            menuItemArr.add(newMenuItem);
-        }
-        return menuItemArr;
-    }
-
-    /**
-     * 获取统一资源
-     * @param uniResList
-     * @return
-     */
-    private JSONArray getUniRes(List<JSONObject> uniResList) {
-
-        JSONArray uniResArr=new JSONArray();
-        for(int a=0;a<uniResList.size();a++){
-            JSONObject uniRes=uniResList.get(a);
-            JSONObject newUniRes=new JSONObject();
-            newUniRes.put("unirescode",uniRes.getString("UNIRESCODE"));
-            newUniRes.put("uniresname",uniRes.getString("SYS_PSSYSUNIRESNAME"));
-            uniResArr.add(newUniRes);
-        }
-        return uniResArr;
-    }
-
-    /**
-     * 拼接实体行为资源
-     * @param role_permissions
-     * @return
-     */
-    private JSONObject getEntitiesList(List<JSONObject> role_permissions) {
-
-        JSONObject permission_entity= new JSONObject();
-        for (Map rolePermission : role_permissions) {
-            JSONObject obj = JSONObject.parseObject(JSONObject.toJSON(rolePermission).toString());
-            String entityName = obj.getString("dataentity");
-            String dataRangeName = obj.getString("dedatarange");
-            String sourceName = obj.getString("pssourceid");
-            String sourceType=obj.getString("pssourcetype");
-            JSONObject entity = new JSONObject();
-            JSONObject permission = new JSONObject();
-            JSONArray dataRange = new JSONArray();
-
-            if (permission_entity.containsKey(entityName))//实体合并
-                entity = permission_entity.getJSONObject(entityName);
-
-            if (entity.containsKey(sourceType))//数据能力合并
-                permission = entity.getJSONObject(sourceType);
-
-            if(permission.containsKey(sourceName))
-                dataRange=permission.getJSONArray(sourceName);
-
-            dataRange.add(dataRangeName);
-            permission.put(sourceName,dataRange);
-            entity.put(sourceType, permission);
-            permission_entity.put(entityName, entity);
+            authorities.add("ROLE_SUPERADMIN");
         }
-        return permission_entity;
+        JSONObject permission =new JSONObject();
+        permission.put("authorities",authorities);
+        user.setPermissionList(permission);
     }
 
     /**