提交 5fcdee14 编写于 作者: zhouweidong's avatar zhouweidong

移除资源表查询接口,权限数按照Authority返回

上级 07859c6b
...@@ -102,6 +102,8 @@ public class DevBootSecurityConfig extends WebSecurityConfigurerAdapter { ...@@ -102,6 +102,8 @@ public class DevBootSecurityConfig extends WebSecurityConfigurerAdapter {
.antMatchers( HttpMethod.POST,"/"+uaaLoginPath).permitAll() .antMatchers( HttpMethod.POST,"/"+uaaLoginPath).permitAll()
.antMatchers( HttpMethod.POST,"/"+uaaLoginPath2).permitAll() .antMatchers( HttpMethod.POST,"/"+uaaLoginPath2).permitAll()
.antMatchers("/syspssystems/**/permissiondata").permitAll() .antMatchers("/syspssystems/**/permissiondata").permitAll()
//同步系统权限资源
.antMatchers("/syspssystems/save").permitAll()
.antMatchers("/uaa/login").permitAll() .antMatchers("/uaa/login").permitAll()
.anyRequest().authenticated() .anyRequest().authenticated()
// 防止iframe 造成跨域 // 防止iframe 造成跨域
......
...@@ -117,6 +117,8 @@ public class apiSecurityConfig extends WebSecurityConfigurerAdapter { ...@@ -117,6 +117,8 @@ public class apiSecurityConfig extends WebSecurityConfigurerAdapter {
.antMatchers("/"+uploadpath).permitAll() .antMatchers("/"+uploadpath).permitAll()
.antMatchers("/"+previewpath+"/**").permitAll() .antMatchers("/"+previewpath+"/**").permitAll()
.antMatchers("/syspssystems/**/permissiondata").permitAll() .antMatchers("/syspssystems/**/permissiondata").permitAll()
//同步系统权限资源
.antMatchers("/syspssystems/save").permitAll()
.antMatchers("/uaa/login").permitAll() .antMatchers("/uaa/login").permitAll()
// 所有请求都需要认证 // 所有请求都需要认证
.anyRequest().authenticated() .anyRequest().authenticated()
......
...@@ -105,7 +105,7 @@ public class SysPSSystemResource { ...@@ -105,7 +105,7 @@ public class SysPSSystemResource {
return ResponseEntity.status(HttpStatus.OK).body(true); return ResponseEntity.status(HttpStatus.OK).body(true);
} }
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SysPSSystem-Save-all')") // @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SysPSSystem-Save-all')")
@ApiOperation(value = "Save", tags = {"SysPSSystem" }, notes = "Save") @ApiOperation(value = "Save", tags = {"SysPSSystem" }, notes = "Save")
@RequestMapping(method = RequestMethod.POST, value = "/syspssystems/save") @RequestMapping(method = RequestMethod.POST, value = "/syspssystems/save")
public ResponseEntity<Boolean> save(@RequestBody SysPSSystemDTO syspssystemdto) { public ResponseEntity<Boolean> save(@RequestBody SysPSSystemDTO syspssystemdto) {
......
package cn.ibizlab.api.rest.extensions; package cn.ibizlab.api.rest.extensions;
import cn.ibizlab.core.uaa.service.ISysPermissionService; import cn.ibizlab.core.uaa.extensions.service.UAACoreService;
import cn.ibizlab.util.client.IBZOUFeignClient; import cn.ibizlab.util.client.IBZOUFeignClient;
import cn.ibizlab.util.security.AuthTokenUtil; import cn.ibizlab.util.security.AuthTokenUtil;
import cn.ibizlab.util.security.AuthenticationInfo; import cn.ibizlab.util.security.AuthenticationInfo;
import cn.ibizlab.util.security.AuthenticationUser; import cn.ibizlab.util.security.AuthenticationUser;
import cn.ibizlab.util.security.AuthorizationLogin; import cn.ibizlab.util.security.AuthorizationLogin;
import cn.ibizlab.util.service.AuthenticationUserService; import cn.ibizlab.util.service.AuthenticationUserService;
import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject; import com.alibaba.fastjson.JSONObject;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.ResponseEntity; import org.springframework.http.ResponseEntity;
import org.springframework.util.StringUtils; import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.validation.annotation.Validated; import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import java.util.HashMap; import java.util.*;
import java.util.List;
import java.util.Map;
import java.util.Set;
/** /**
* 客户端登录认证 * 客户端登录认证
...@@ -36,19 +33,6 @@ public class ClientAuthenticationResource ...@@ -36,19 +33,6 @@ public class ClientAuthenticationResource
@Autowired @Autowired
private AuthTokenUtil jwtTokenUtil; private AuthTokenUtil jwtTokenUtil;
/**
* 实体操作标识
*/
private String OPPriTag="OPPRIV";
/**
* 统一资源标识
*/
private String UniResTag="UNIRES";
/**
* 菜单项标识
*/
private String AppMenuTag="APPMENU";
@Autowired @Autowired
@Qualifier("IBZUSERService") @Qualifier("IBZUSERService")
private AuthenticationUserService userDetailsService; private AuthenticationUserService userDetailsService;
...@@ -56,9 +40,6 @@ public class ClientAuthenticationResource ...@@ -56,9 +40,6 @@ public class ClientAuthenticationResource
@Autowired @Autowired
private IBZOUFeignClient ouFeignClient; private IBZOUFeignClient ouFeignClient;
@Autowired
private ISysPermissionService permissionService;
@PostMapping(value = "v7/login") @PostMapping(value = "v7/login")
public ResponseEntity<AuthenticationInfo> login(@Validated @RequestBody AuthorizationLogin authorizationLogin){ public ResponseEntity<AuthenticationInfo> login(@Validated @RequestBody AuthorizationLogin authorizationLogin){
userDetailsService.resetByUsername(authorizationLogin.getUsername()); userDetailsService.resetByUsername(authorizationLogin.getUsername());
...@@ -98,197 +79,25 @@ public class ClientAuthenticationResource ...@@ -98,197 +79,25 @@ public class ClientAuthenticationResource
return ResponseEntity.ok().body(user); return ResponseEntity.ok().body(user);
} }
@Autowired
UAACoreService uaaCoreService;
/** /**
* 设置用户权限 * 设置用户权限
* 由于GrantedAuthority缺少无参构造,导致无法序列化,暂时通过PermissionList中转
* @param user * @param user
* @return * @return
*/ */
public void setUserPermission(AuthenticationUser user) { public void setUserPermission(AuthenticationUser user) {
Collection<GrantedAuthority> userAuthorities=uaaCoreService.getAuthoritiesByUserId(user.getUserid());
JSONObject permissionObj=new JSONObject(); Set<String> authorities = AuthorityUtils.authorityListToSet(userAuthorities);
//数据能力
String opprivSQL="SELECT\n" +
"\tT2.pssysmoduleid as sysmodule,\n" +
"\tT2.psdataentityid as dataentity,\n" +
"\tT2.pssourceid as pssourceid,\n" +
"\tT2.pssourcetype as pssourcetype,\n" +
"\tT2.psdedatarangeid as dedatarange,\n" +
"\tT1.sys_permissionid as permissionid,\n"+
"\tT1.sys_permissionname\n" +
"FROM\n" +
"\tibzrole_permission T\n" +
"INNER JOIN ibzpermission T1 ON T.SYS_PERMISSIONID = T1.SYS_PERMISSIONID\n" +
"INNER JOIN ibzpsdeoppriv T2 on T1.SYS_PERMISSIONID=t2.SYS_PSDEOPPRIVID\n" +
"WHERE\n" +
"\tT.SYS_ROLEID IN (\n" +
"\t SELECT SYS_ROLEID\n" +
"\t FROM\n" +
"\t IBZUSER_ROLE t LEFT JOIN IBZUSER t1 ON t.SYS_USERID=T1.USERID\n" +
"\t WHERE\n" +
"\t T1.USERID = #{et.param0}\n" +
"\t)\n" +
"AND T1.PERMISSIONTYPE = #{et.param1} and t1.enable=1 ";
//统一资源
String uniResSQL="SELECT\n" +
"\tt2.SYS_PSSYSUNIRESID,\n" +
"\tt2.SYS_PSSYSUNIRESNAME,\n" +
"\tT2.UNIRESCODE \n" +
"FROM\n" +
"\tibzrole_permission T\n" +
"INNER JOIN ibzpermission T1 ON T.SYS_PERMISSIONID = T1.SYS_PERMISSIONID\n" +
"INNER JOIN IBZPSSYSUNIRES T2 on T1.SYS_PERMISSIONID=t2.SYS_PSSYSUNIRESID\n" +
"WHERE\n" +
"\tT.SYS_ROLEID IN (\n" +
"\t SELECT SYS_ROLEID\n" +
"\t FROM\n" +
"\t IBZUSER_ROLE t LEFT JOIN IBZUSER t1 ON t.SYS_USERID=T1.USERID\n" +
"\t WHERE\n" +
"\t T1.USERID = #{et.param0}\n" +
"\t)\n" +
"AND T1.PERMISSIONTYPE = #{et.param1} and t1.enable=1";
//应用菜单
String appMenuSQL="SELECT\n" +
"\tt2.PSAPPMENUITEMID as MENUITEMID,\n" +
"\tt2.SYS_PSAPPMENUITEMNAME AS MENUITEMNAME \n" +
"FROM\n" +
"\tibzrole_permission T\n" +
"INNER JOIN ibzpermission T1 ON T.SYS_PERMISSIONID = T1.SYS_PERMISSIONID\n" +
"INNER JOIN ibzpsappmenuitem T2 on T1.SYS_PERMISSIONID=t2.SYS_PSAPPMENUITEMID\n" +
"WHERE\n" +
"\tT.SYS_ROLEID IN (\n" +
"\t SELECT SYS_ROLEID\n" +
"\t FROM\n" +
"\t IBZUSER_ROLE t LEFT JOIN IBZUSER t1 ON t.SYS_USERID=T1.USERID\n" +
"\t WHERE\n" +
"\t T1.USERID = #{et.param0}\n" +
"\t)\n" +
"AND T1.PERMISSIONTYPE = #{et.param1} and t1.enable=1";
Map opprivParam=new HashMap();
opprivParam.put("param0",user.getUserid());
opprivParam.put("param1",OPPriTag);
Map uniresParam=new HashMap();
uniresParam.put("param0",user.getUserid());
uniresParam.put("param1",UniResTag);
Map appMenuParam=new HashMap();
appMenuParam.put("param0",user.getUserid());
appMenuParam.put("param1",AppMenuTag);
List<JSONObject> entitiesList= permissionService.select(opprivSQL,opprivParam); //查询用户权限下数据能力
List<JSONObject> uniResList= permissionService.select(uniResSQL,uniresParam); //查询用户权限下的统一资源
List<JSONObject> appMenuItemList= permissionService.select(appMenuSQL,appMenuParam); //查询用户权限下的菜单项
JSONObject entities=getEntitiesList(entitiesList);
JSONArray uniRes=getUniRes(uniResList);
JSONArray appMenuItem=getAppMenuItem(appMenuItemList);
permissionObj.put("entities",entities);
permissionObj.put("unires",uniRes);
permissionObj.put("appmenu",appMenuItem);
permissionObj.put("authorities",getAuthoritiesArray(user,entitiesList));
user.setPermissionList(permissionObj);
}
/**
* 获取用户资源
* @return
*/
private JSONArray getAuthoritiesArray(AuthenticationUser user,List<JSONObject> dataRangeArray) {
JSONArray authoritiesArray =new JSONArray();
if(dataRangeArray.size()>0){
for(int a=0;a<dataRangeArray.size();a++){
JSONObject dataRangeObj=dataRangeArray.get(a);
String dataRangeId=dataRangeObj.getString("dedatarange");
String permissionId=dataRangeObj.getString("permissionid");
if( !StringUtils.isEmpty(dataRangeId) && !StringUtils.isEmpty(permissionId) && dataRangeId.equalsIgnoreCase("all") ){
authoritiesArray.add(permissionId);
}
}
}
if(user.getSuperuser()==1){ if(user.getSuperuser()==1){
authoritiesArray.add("ROLE_SUPERADMIN"); authorities.add("ROLE_SUPERADMIN");
}
return authoritiesArray;
}
/**
* 获取应用菜单
* @param menuItemList
* @return
*/
private JSONArray getAppMenuItem(List<JSONObject> menuItemList) {
JSONArray menuItemArr=new JSONArray();
for(int a=0;a<menuItemList.size();a++){
JSONObject menuItem=menuItemList.get(a);
JSONObject newMenuItem=new JSONObject();
newMenuItem.put("appid",menuItem.getString("MENUITEMID"));
newMenuItem.put("appmenuid",menuItem.getString("MENUITEMNAME"));
newMenuItem.put("menuitemid",menuItem.getString("MENUITEMID"));
newMenuItem.put("menuitemname",menuItem.getString("MENUITEMNAME"));
menuItemArr.add(newMenuItem);
}
return menuItemArr;
}
/**
* 获取统一资源
* @param uniResList
* @return
*/
private JSONArray getUniRes(List<JSONObject> uniResList) {
JSONArray uniResArr=new JSONArray();
for(int a=0;a<uniResList.size();a++){
JSONObject uniRes=uniResList.get(a);
JSONObject newUniRes=new JSONObject();
newUniRes.put("unirescode",uniRes.getString("UNIRESCODE"));
newUniRes.put("uniresname",uniRes.getString("SYS_PSSYSUNIRESNAME"));
uniResArr.add(newUniRes);
}
return uniResArr;
}
/**
* 拼接实体行为资源
* @param role_permissions
* @return
*/
private JSONObject getEntitiesList(List<JSONObject> role_permissions) {
JSONObject permission_entity= new JSONObject();
for (Map rolePermission : role_permissions) {
JSONObject obj = JSONObject.parseObject(JSONObject.toJSON(rolePermission).toString());
String entityName = obj.getString("dataentity");
String dataRangeName = obj.getString("dedatarange");
String sourceName = obj.getString("pssourceid");
String sourceType=obj.getString("pssourcetype");
JSONObject entity = new JSONObject();
JSONObject permission = new JSONObject();
JSONArray dataRange = new JSONArray();
if (permission_entity.containsKey(entityName))//实体合并
entity = permission_entity.getJSONObject(entityName);
if (entity.containsKey(sourceType))//数据能力合并
permission = entity.getJSONObject(sourceType);
if(permission.containsKey(sourceName))
dataRange=permission.getJSONArray(sourceName);
dataRange.add(dataRangeName);
permission.put(sourceName,dataRange);
entity.put(sourceType, permission);
permission_entity.put(entityName, entity);
} }
return permission_entity; JSONObject permission =new JSONObject();
permission.put("authorities",authorities);
user.setPermissionList(permission);
} }
/** /**
......
Markdown 格式
0% or
您添加了 0 到此讨论。请谨慎行事。
先完成此消息的编辑!
想要评论请 注册