Skip to content
项目
群组
代码片段
帮助
正在加载...
帮助
提交反馈
为 GitLab 提交贡献
登录
切换导航
I
ibzuaa
项目
项目
详情
动态
版本
周期分析
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
统计图
议题
0
议题
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
CI / CD
CI / CD
流水线
作业
计划
统计图
Wiki
Wiki
代码片段
代码片段
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
统计图
创建新议题
作业
提交
议题看板
打开侧边栏
ibiz4jteam
ibzuaa
提交
da7097fb
提交
da7097fb
编写于
4月 28, 2020
作者:
zhouweidong
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
业务系统权限接入user代码
上级
c9db415e
变更
2
隐藏空白字符变更
内嵌
并排
正在显示
2 个修改的文件
包含
360 行增加
和
0 行删除
+360
-0
DevBootSecurityConfig.java
...rc/main/java/cn/ibizlab/config/DevBootSecurityConfig.java
+1
-0
PermissionFeignService.java
...bizlab/uaaapi/rest/extensions/PermissionFeignService.java
+359
-0
未找到文件。
ibzuaa-boot/src/main/java/cn/ibizlab/config/DevBootSecurityConfig.java
浏览文件 @
da7097fb
...
@@ -90,6 +90,7 @@ public class DevBootSecurityConfig extends WebSecurityConfigurerAdapter {
...
@@ -90,6 +90,7 @@ public class DevBootSecurityConfig extends WebSecurityConfigurerAdapter {
"/**/img/**"
,
"/**/img/**"
,
"/"
"/"
).
permitAll
()
).
permitAll
()
.
antMatchers
(
"/uaa/permission/**"
).
permitAll
()
//放行登录请求
//放行登录请求
.
antMatchers
(
HttpMethod
.
POST
,
"/"
+
loginPath
).
permitAll
()
.
antMatchers
(
HttpMethod
.
POST
,
"/"
+
loginPath
).
permitAll
()
.
anyRequest
().
authenticated
()
.
anyRequest
().
authenticated
()
...
...
ibzuaa-provider/ibzuaa-provider-uaaapi/src/main/java/cn/ibizlab/uaaapi/rest/extensions/PermissionFeignService.java
0 → 100644
浏览文件 @
da7097fb
package
cn
.
ibizlab
.
uaaapi
.
rest
.
extensions
;
import
cn.ibizlab.core.uaa.domain.SYS_PERMISSION
;
import
cn.ibizlab.core.uaa.domain.SYS_PSAPPMENUITEM
;
import
cn.ibizlab.core.uaa.domain.SYS_PSDEOPPRIV
;
import
cn.ibizlab.core.uaa.service.ISYS_PERMISSIONService
;
import
cn.ibizlab.core.uaa.service.ISYS_PSAPPMENUITEMService
;
import
cn.ibizlab.core.uaa.service.ISYS_PSDEOPPRIVService
;
import
com.alibaba.fastjson.JSONArray
;
import
com.alibaba.fastjson.JSONObject
;
import
com.fasterxml.jackson.databind.JsonNode
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.util.DigestUtils
;
import
org.springframework.util.StringUtils
;
import
org.springframework.validation.annotation.Validated
;
import
org.springframework.web.bind.annotation.*
;
import
javax.validation.constraints.NotBlank
;
import
java.util.ArrayList
;
import
java.util.List
;
import
java.util.Map
;
/**
* 为业务系统提供权限相关服务
* 提供以下能力:
* (1)返回用户权限数据(含菜单、表格、表单)
* (2)业务系统权限数据初始化(含菜单、数据能力):保存业务系统权限数据到UAA中,用于权限树展示
*/
@RestController
public
class
PermissionFeignService
{
@Autowired
private
ISYS_PERMISSIONService
permissionService
;
@Autowired
private
ISYS_PSAPPMENUITEMService
psappmenuitemService
;
@Autowired
private
ISYS_PSDEOPPRIVService
psdeopprivService
;
/**
* 根据登录的用户userid,系统标识,获取指定该系统下角色的菜单、或权限
* @return
*/
@GetMapping
(
value
=
"/uaa/permission/{userid}"
)
public
JSONObject
getUserPermissionData
(
@Validated
@NotBlank
(
message
=
"userid不允许为空"
)
@PathVariable
(
"userid"
)
String
userid
,
@Validated
@NotBlank
(
message
=
"systemid不允许为空"
)
@RequestParam
(
"systemid"
)
String
systemid
)
{
String
menuSQL
=
"SELECT\n"
+
"\tt3.PERMISSIONID as permissionid\n"
+
"FROM\n"
+
"\tibzrole_permission t\n"
+
"INNER JOIN ibzpermission t2 on t.SYS_PERMISSIONID = t2.SYS_PERMISSIONID\n"
+
"INNER JOIN ibzpsappmenuitem t3 on t2.SYS_PERMISSIONID=t3.SYS_PSAPPMENUITEMID\n"
+
"WHERE\n"
+
"t.SYS_ROLEID IN (\n"
+
" SELECT SYS_ROLEID\n"
+
" FROM\n"
+
" IBZUSER_ROLE\n"
+
" WHERE\n"
+
" SYS_USERID = '%s'\n"
+
" )\n"
+
"AND t.SYSTEMID = '%s'\n"
+
"AND t2.ENABLE = 1\n"
+
"AND t.TYPE = 0"
;
List
<
JSONObject
>
permissionList
=
permissionService
.
select
(
String
.
format
(
menuSQL
,
userid
,
systemid
));
//查询用户权限下的菜单数据
JSONObject
permissionObj
=
new
JSONObject
();
JSONObject
gridData
=
new
JSONObject
();
JSONObject
formdata
=
new
JSONObject
();
JSONArray
menuArray
=
new
JSONArray
();
//菜单
if
(
permissionList
.
size
()>
0
){
for
(
Map
permission
:
permissionList
){
if
(!
StringUtils
.
isEmpty
(
permission
.
get
(
"permissionid"
))){
menuArray
.
add
(
permission
.
get
(
"permissionid"
));
}
}
}
String
opprivSQL
=
"SELECT\n"
+
"\tT2.pssysmoduleid as sysmodule,\n"
+
"\tT2.psdataentityid as dataentity,\n"
+
"\tT2.psdedatasetid as dedataset,\n"
+
"\tT2.psdedatarangeid as dedatarange,\n"
+
"\tT1.sys_permissionname\n"
+
"FROM\n"
+
"\tibzrole_permission T\n"
+
"INNER JOIN ibzpermission T1 ON T.SYS_PERMISSIONID = T1.SYS_PERMISSIONID\n"
+
"INNER JOIN ibzpsdeoppriv T2 on T1.SYS_PERMISSIONID=t2.SYS_PSDEOPPRIVID\n"
+
"WHERE\n"
+
"\tT.SYS_ROLEID IN (\n"
+
"\t\tSELECT\n"
+
"\t\t\tSYS_ROLEID\n"
+
"\t\tFROM\n"
+
"\t\t\tIBZUSER_ROLE\n"
+
"\t\tWHERE\n"
+
"\t\t\tSYS_USERID = '%s'\n"
+
"\t)\n"
+
"AND T.SYSTEMID = '%s'\n"
+
"AND T.TYPE = 1"
;
List
<
JSONObject
>
permissionList2
=
permissionService
.
select
(
String
.
format
(
opprivSQL
,
userid
,
systemid
));
//查询用户权限下的菜单数据
gridData
=
getGridPermission
(
permissionList2
);
//拿到表格需要json数据
formdata
=
getFormPermission
(
permissionList2
);
permissionObj
.
put
(
"menuList"
,
menuArray
);
permissionObj
.
put
(
"dataAbility-grid"
,
gridData
);
permissionObj
.
put
(
"dataAbility-form"
,
formdata
);
return
permissionObj
;
}
private
JSONObject
getGridPermission
(
List
<
JSONObject
>
role_permissions
){
JSONObject
permission_entity
=
new
JSONObject
();
//顶级模块数据,表格
for
(
Map
rolePermission:
role_permissions
){
JSONObject
obj
=
JSONObject
.
parseObject
(
JSONObject
.
toJSON
(
rolePermission
).
toString
());
String
str_entity
=
obj
.
getString
(
"dataentity"
);
String
str_dataset
=
obj
.
getString
(
"dedataset"
);
String
str_datarange
=
obj
.
getString
(
"dedatarange"
);
String
str_permissionname
=
obj
.
getString
(
"sys_permissionname"
);
JSONObject
cur_entity
=
new
JSONObject
();
JSONObject
cur_dataset
=
new
JSONObject
();
JSONArray
cur_permission
=
new
JSONArray
();
if
(
permission_entity
.
containsKey
(
str_entity
))
cur_entity
=
permission_entity
.
getJSONObject
(
str_entity
);
if
(
cur_entity
.
containsKey
(
str_dataset
))
//数据集合并
cur_dataset
=
cur_entity
.
getJSONObject
(
str_dataset
);
if
(
cur_dataset
.
containsKey
(
str_permissionname
))
//数据能力合并
cur_permission
=
cur_dataset
.
getJSONArray
(
str_permissionname
);
cur_permission
.
add
(
str_datarange
);
cur_dataset
.
put
(
str_permissionname
,
cur_permission
);
cur_entity
.
put
(
str_dataset
,
cur_dataset
);
permission_entity
.
put
(
str_entity
,
cur_entity
);
}
return
permission_entity
;
}
//表单数据拼接
private
JSONObject
getFormPermission
(
List
<
JSONObject
>
role_permissions
)
{
JSONObject
permission_entity
=
new
JSONObject
();
for
(
Map
rolePermission
:
role_permissions
)
{
JSONObject
obj
=
JSONObject
.
parseObject
(
JSONObject
.
toJSON
(
rolePermission
).
toString
());
String
str_entity
=
obj
.
getString
(
"dataentity"
);
String
str_datarange
=
obj
.
getString
(
"dedatarange"
);
String
str_permissionname
=
obj
.
getString
(
"sys_permissionname"
);
JSONObject
cur_entity
=
new
JSONObject
();
JSONObject
cur_dataset
=
new
JSONObject
();
JSONArray
cur_permission
=
new
JSONArray
();
if
(
permission_entity
.
containsKey
(
str_entity
))
//实体合并
cur_entity
=
permission_entity
.
getJSONObject
(
str_entity
);
if
(
cur_entity
.
containsKey
(
str_permissionname
))
//数据能力合并
cur_permission
=
cur_entity
.
getJSONArray
(
str_permissionname
);
cur_permission
.
add
(
str_datarange
);
cur_dataset
.
put
(
str_permissionname
,
cur_permission
);
cur_entity
.
put
(
str_permissionname
,
cur_permission
);
permission_entity
.
put
(
str_entity
,
cur_entity
);
}
return
permission_entity
;
}
/**
* 拿到业务系统传过来的权限和菜单数据,存入uaa的权限表中
*/
@PostMapping
(
"/uaa/permission/save"
)
public
Map
<
String
,
JsonNode
>
pushSystemPermissionData
(
@RequestBody
Map
<
String
,
Object
>
map
,
@Validated
@NotBlank
(
message
=
"systemid不允许为空"
)
@RequestParam
(
"systemid"
)
String
systemId
){
//如果map值不为null说明要更新数据,则先将表中该系统标识下的所有数据进行逻辑删除
if
(
map
!=
null
){
permissionService
.
execute
(
String
.
format
(
"UPDATE ibzpermission t SET t.enable=0 WHERE SYSTEMID='%s'"
,
systemId
));
}
List
<
SYS_PSAPPMENUITEM
>
menuItemList
=
new
ArrayList
<>();
//操作能力集合
List
<
SYS_PSDEOPPRIV
>
opprivList
=
new
ArrayList
<>();
//菜单项集合
List
<
SYS_PERMISSION
>
ability_list
=
new
ArrayList
<>();
//资源-操作能力集合
List
<
SYS_PERMISSION
>
menu_list
=
new
ArrayList
<>();
//资源-菜单项集合
if
(
map
.
containsKey
(
"permission"
)){
JSONObject
paramsObj
=
new
JSONObject
(
map
);
JSONArray
capabilityPermissionObj
=
paramsObj
.
getJSONArray
(
"permission"
);
parseDECapability
(
capabilityPermissionObj
,
systemId
,
ability_list
,
opprivList
);
}
if
(
map
.
containsKey
(
"menu"
)){
JSONObject
paramsObj
=
new
JSONObject
(
map
);
JSONArray
menuList
=
paramsObj
.
getJSONArray
(
"menu"
);
for
(
int
a
=
0
;
a
<
menuList
.
size
();
a
++){
JSONObject
menuPermissionObj
=
menuList
.
getJSONObject
(
a
);
if
(
menuPermissionObj
.
containsKey
(
"items"
)){
String
app_id
=
menuPermissionObj
.
getString
(
"appid"
);
//应用名称
String
app_name
=
menuPermissionObj
.
getString
(
"appname"
);
//应用名称
String
menu_name
=
menuPermissionObj
.
getString
(
"name"
);
//菜单名称
String
menu_logicName
=
menuPermissionObj
.
getString
(
"logicname"
);
//菜单名称
parseMenu
(
menuPermissionObj
.
getJSONArray
(
"items"
),
""
,
app_name
,
menu_name
,
systemId
,
menu_list
,
menuItemList
,
app_id
,
menu_logicName
);
}
}
}
if
(
menuItemList
.
size
()>
0
){
psappmenuitemService
.
saveOrUpdateBatch
(
menuItemList
);
//批量保存菜单项
}
if
(
opprivList
.
size
()>
0
){
psdeopprivService
.
saveOrUpdateBatch
(
opprivList
);
//批量保存数据操作标识
}
if
(
menu_list
.
size
()>
0
){
permissionService
.
saveOrUpdateBatch
(
menu_list
);
//批量保存菜单项资源
}
if
(
ability_list
.
size
()>
0
){
permissionService
.
saveOrUpdateBatch
(
ability_list
);
//批量保存数据操作标识资源
}
return
null
;
}
/**
* 递归解析菜单数据
* @param childNodeArr 菜单项集合
* @param p_permissionid 菜单项父标识
* @param app_name 前端应用
* @param menu_name 菜单
*/
public
void
parseMenu
(
JSONArray
childNodeArr
,
String
p_permissionid
,
String
app_name
,
String
menu_name
,
String
systemid
,
List
<
SYS_PERMISSION
>
menu_list
,
List
<
SYS_PSAPPMENUITEM
>
menuItemList
,
String
app_id
,
String
menu_logicName
){
int
isLeaf
=
0
;
for
(
int
a
=
0
;
a
<
childNodeArr
.
size
();
a
++){
JSONObject
childNode
=
childNodeArr
.
getJSONObject
(
a
);
String
menu_id
=
childNode
.
getString
(
"id"
);
if
(
childNode
.
containsKey
(
"items"
)){
JSONArray
nodeArr
=
childNode
.
getJSONArray
(
"items"
);
parseMenu
(
nodeArr
,
menu_id
,
app_name
,
menu_name
,
systemid
,
menu_list
,
menuItemList
,
app_id
,
menu_logicName
);
if
(
nodeArr
.
size
()>
0
)
//判断当前菜单为叶子节点
isLeaf
=
1
;
}
saveMenuPermission
(
childNode
,
p_permissionid
,
app_name
,
menu_name
,
systemid
,
isLeaf
,
menu_list
,
menuItemList
,
menu_id
,
app_id
,
menu_logicName
);
//保存菜单数据
}
}
/**
* 保存菜单数据
* @param menuObj 菜单项
* @param p_permissionid 菜单项父标识
* @param app_name 前端应用
* @param menu_name 菜单
* @param isLeaf 判断当前菜单为叶子节点
*/
private
void
saveMenuPermission
(
JSONObject
menuObj
,
String
p_permissionid
,
String
app_name
,
String
menu_name
,
String
systemid
,
int
isLeaf
,
List
<
SYS_PERMISSION
>
menu_list
,
List
<
SYS_PSAPPMENUITEM
>
menuItemList
,
String
menu_id
,
String
app_id
,
String
menu_logicName
){
String
sysPermissionId
=
DigestUtils
.
md5DigestAsHex
(
String
.
format
(
"%s%s"
,
systemid
,
menu_id
).
getBytes
());
//存资源表
SYS_PERMISSION
sys_permission
=
new
SYS_PERMISSION
();
sys_permission
.
setPermissionname
(
menuObj
.
getString
(
"text"
));
sys_permission
.
setPssystemid
(
systemid
);
sys_permission
.
setPermissionid
(
sysPermissionId
);
sys_permission
.
setType
(
"0"
);
sys_permission
.
setEnable
(
1
);
menu_list
.
add
(
sys_permission
);
//存菜单项表
SYS_PSAPPMENUITEM
psAppMenuItem
=
new
SYS_PSAPPMENUITEM
();
psAppMenuItem
.
setAppmenuitemid
(
sysPermissionId
);
psAppMenuItem
.
setAppmenuitemname
(
menuObj
.
getString
(
"text"
));
psAppMenuItem
.
setPsappid
(
app_id
);
psAppMenuItem
.
setPsappname
(
app_name
);
psAppMenuItem
.
setPsappmenuid
(
menu_name
);
psAppMenuItem
.
setPsappmenuname
(
menu_logicName
);
psAppMenuItem
.
setPssystemid
(
systemid
);
psAppMenuItem
.
setPermissionid
(
menu_id
);
psAppMenuItem
.
setParentpermissionid
(
p_permissionid
);
psAppMenuItem
.
setIsleaf
(
isLeaf
);
menuItemList
.
add
(
psAppMenuItem
);
}
/**
* 递归解析实体数据能力
* @param childNodeArr
* @param
*/
public
void
parseDECapability
(
JSONArray
childNodeArr
,
String
systemid
,
List
<
SYS_PERMISSION
>
ability_list
,
List
<
SYS_PSDEOPPRIV
>
opprivList
){
for
(
int
a
=
0
;
a
<
childNodeArr
.
size
();
a
++){
JSONObject
childNode
=
childNodeArr
.
getJSONObject
(
a
);
String
deName
=
childNode
.
getString
(
"dename"
);
//实体逻辑名
String
delogicname
=
childNode
.
getString
(
"delogicname"
);
//实体逻辑名
JSONObject
sysmoudle
=
childNode
.
getJSONObject
(
"sysmoudle"
);
//系统模块
JSONArray
dedataset
=
childNode
.
getJSONArray
(
"dedataset"
);
JSONArray
dedatarange
=
childNode
.
getJSONArray
(
"dedatarange"
);
JSONArray
deprivs
=
childNode
.
getJSONArray
(
"deprivs"
);
for
(
int
b
=
0
;
b
<
dedataset
.
size
();
b
++){
JSONObject
dataset_name
=
dedataset
.
getJSONObject
(
b
);
for
(
int
c
=
0
;
c
<
dedatarange
.
size
();
c
++){
JSONObject
datarange_name
=
dedatarange
.
getJSONObject
(
c
);
for
(
int
d
=
0
;
d
<
deprivs
.
size
();
d
++){
JSONObject
deprivs_name
=
deprivs
.
getJSONObject
(
d
);
saveDECapability
(
sysmoudle
,
deName
,
delogicname
,
dataset_name
,
datarange_name
,
deprivs_name
,
systemid
,
ability_list
,
opprivList
);
}
}
}
}
}
/**
* 保存实体数据能力
* @param sysmoudle 系统模块
* @param delogicname 实体
* @param dataset_name 实体数据集
* @param datarange_name 实体数据范围
* @param deprivs_name 实体操作能力
*/
private
void
saveDECapability
(
JSONObject
sysmoudle
,
String
deName
,
String
delogicname
,
JSONObject
dataset_name
,
JSONObject
datarange_name
,
JSONObject
deprivs_name
,
String
systemid
,
List
<
SYS_PERMISSION
>
ability_list
,
List
<
SYS_PSDEOPPRIV
>
opprivList
)
{
String
permissionId
=
DigestUtils
.
md5DigestAsHex
(
String
.
format
(
"%s%s%s%s%s%s"
,
systemid
,
sysmoudle
,
delogicname
,
dataset_name
,
datarange_name
,
deprivs_name
).
getBytes
());
String
sysPermissionId
=
DigestUtils
.
md5DigestAsHex
(
String
.
format
(
"%s%s"
,
systemid
,
permissionId
).
getBytes
());
//存资源表
SYS_PERMISSION
sys_permission
=
new
SYS_PERMISSION
();
sys_permission
.
setPermissionname
(
deprivs_name
.
getString
(
"name"
));
sys_permission
.
setPssystemid
(
systemid
);
sys_permission
.
setPermissionid
(
sysPermissionId
);
sys_permission
.
setType
(
"1"
);
sys_permission
.
setEnable
(
1
);
ability_list
.
add
(
sys_permission
);
//存数据操作能力表
SYS_PSDEOPPRIV
psDEOppriv
=
new
SYS_PSDEOPPRIV
();
psDEOppriv
.
setPsdeopprivid
(
sysPermissionId
);
psDEOppriv
.
setPsdeopprivname
(
deprivs_name
.
getString
(
"name"
));
psDEOppriv
.
setPermissionid
(
permissionId
);
psDEOppriv
.
setPssystemid
(
systemid
);
psDEOppriv
.
setPssysmoduleid
(
sysmoudle
.
getString
(
"id"
));
psDEOppriv
.
setPssysmodulename
(
sysmoudle
.
getString
(
"name"
));
psDEOppriv
.
setPsdataentityid
(
deName
);
psDEOppriv
.
setPsdataentityname
(
delogicname
);
psDEOppriv
.
setPsdedatasetid
(
dataset_name
.
getString
(
"id"
));
psDEOppriv
.
setPsdedatasetname
(
dataset_name
.
getString
(
"name"
));
psDEOppriv
.
setPsdedatarangeid
(
datarange_name
.
getString
(
"id"
));
psDEOppriv
.
setPsdedatarangename
(
datarange_name
.
getString
(
"name"
));
opprivList
.
add
(
psDEOppriv
);
}
}
编辑
预览
Markdown
格式
0%
请重试
or
添加新附件
添加附件
取消
您添加了
0
人
到此讨论。请谨慎行事。
先完成此消息的编辑!
取消
想要评论请
注册
或
登录