lihongjie/coal
1
0
Fork 0
mirror of https://codeup.aliyun.com/64f7d6b8ce01efaafef1e678/coal/coal.git synced 2026-01-25 23:57:12 +08:00
Code Issues Packages Projects Releases Wiki Activity

bugfix

Browse Source
This commit is contained in:
lihongjie0209
2023-11-12 21:01:42 +08:00
parent 7809711544
commit 123939a3ab
5 changed files with 63 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
src/main/java/cn/lihongjie/coal/filter/AuthFilter.java
View File

@@ -3,15 +3,21 @@ package cn.lihongjie.coal.filter;
import cn.lihongjie.coal.base.dto.R;
import cn.lihongjie.coal.common.Ctx;
import cn.lihongjie.coal.exception.BizException;
import cn.lihongjie.coal.permission.entity.PermissionEntity;
import cn.lihongjie.coal.permission.service.PermissionService;
import cn.lihongjie.coal.resource.dto.ResourceDto;
import cn.lihongjie.coal.resource.entity.ResourceEntity;
import cn.lihongjie.coal.resource.service.ResourceService;
import cn.lihongjie.coal.role.service.RoleService;
import cn.lihongjie.coal.session.SessionService;
import cn.lihongjie.coal.spring.config.SystemConfig;
import cn.lihongjie.coal.user.entity.UserEntity;
import cn.lihongjie.coal.user.service.UserService;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.vavr.collection.Stream;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
@@ -20,6 +26,7 @@ import jakarta.servlet.http.HttpServletResponse;
import lombok.SneakyThrows;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.entity.ContentType;
import org.slf4j.MDC;
@@ -38,6 +45,8 @@ import org.springframework.web.filter.OncePerRequestFilter;
import org.springframework.web.util.pattern.PathPatternParser;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.Optional;
import java.util.function.Consumer;
@@ -59,6 +68,8 @@ public class AuthFilter extends OncePerRequestFilter {
@Value("${server.servlet.context-path}")
private String contextPath;
@Autowired PermissionService permissionService;
@Override
public void doFilterInternal(
HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
@@ -79,6 +90,8 @@ public class AuthFilter extends OncePerRequestFilter {
}
}
@Autowired UserService userService;
private Consumer<TransactionStatus> getTransactionStatusConsumer(
HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) {
@@ -108,8 +121,17 @@ public class AuthFilter extends OncePerRequestFilter {
request.setAttribute("__resourceEntity", resource.get());
if (StringUtils.isEmpty(sessionId)) {
// 找到匿名权限
List<PermissionEntity> permissions = permissionService.getByType("0");
if (permissions.stream()
.flatMap(
x ->
ObjectUtils.defaultIfNull(
x.getResources(), new ArrayList<ResourceEntity>())
.stream())
.anyMatch(x -> StringUtils.equals(x.getId(), resource.get().getId()))) {
if (resource.get().getAnonymous()) {
sessionService.anonymousSession();
UserEntity user = Ctx.currentUser();
MDC.put("user", user.getUsername());
@@ -142,12 +164,11 @@ public class AuthFilter extends OncePerRequestFilter {
UserEntity user = Ctx.currentUser();
MDC.put("user", user.getUsername());
Optional<ResourceEntity> userResource =
user.allRoles().stream()
.flatMap(x -> x.getPermissions().stream())
.flatMap(x -> x.getResources().stream())
Optional<ResourceDto> userResource =
Stream.ofAll(userService.resources(user.getId()))
.filter(x -> StringUtils.equals(x.getId(), resource.get().getId()))
.findAny();
.headOption()
.toJavaOptional();
if (userResource.isEmpty() && BooleanUtils.isFalse(user.getSysAdmin())) {

4
src/main/java/cn/lihongjie/coal/permission/entity/PermissionEntity.java
View File

@@ -31,8 +31,8 @@ public class PermissionEntity extends CommonEntity {
+ " t_dictionary_item i\n"
+ "where d.id = i.dictionary_id\n"
+ " and d.code = 'permission.type'\n"
+ " and i.code = item_type)")
@Comment("权限类型-名称")
+ " and i.code = permission_type)")
// @Comment("权限类型-名称")
private String permissionTypeName;
@ManyToMany()

8
src/main/java/cn/lihongjie/coal/permission/repository/PermissionRepository.java
View File

@@ -5,5 +5,11 @@ import cn.lihongjie.coal.permission.entity.PermissionEntity;
import org.springframework.stereotype.Repository;
import java.util.List;
@Repository
public interface PermissionRepository extends BaseRepository<PermissionEntity> {}
public interface PermissionRepository extends BaseRepository<PermissionEntity> {
List<PermissionEntity> findAllByPermissionType(String type);
List<PermissionEntity> findAllByPermissionTypeIn(String[] types);
}

8
src/main/java/cn/lihongjie/coal/permission/service/PermissionService.java
View File

@@ -161,4 +161,12 @@ public class PermissionService extends BaseService<PermissionEntity, PermissionR
this.repository.save(permission);
}
}
public List<PermissionEntity> getByType(String type) {
return this.repository.findAllByPermissionType(type);
}
public List<PermissionEntity> getByTypes(String[] types) {
return this.repository.findAllByPermissionTypeIn(types);
}
}

36
src/main/java/cn/lihongjie/coal/user/service/UserService.java
View File

@@ -2,10 +2,13 @@ package cn.lihongjie.coal.user.service;
import cn.lihongjie.coal.base.dto.CommonQuery;
import cn.lihongjie.coal.base.dto.IdRequest;
import cn.lihongjie.coal.base.entity.BaseEntity;
import cn.lihongjie.coal.base.service.BaseService;
import cn.lihongjie.coal.common.Ctx;
import cn.lihongjie.coal.exception.BizException;
import cn.lihongjie.coal.organization.entity.OrganizationEntity;
import cn.lihongjie.coal.permission.entity.PermissionEntity;
import cn.lihongjie.coal.permission.service.PermissionService;
import cn.lihongjie.coal.resource.dto.ResourceDto;
import cn.lihongjie.coal.resource.mapper.ResourceMapper;
import cn.lihongjie.coal.resource.service.ResourceService;
@@ -16,6 +19,8 @@ import cn.lihongjie.coal.user.entity.UserEntity;
import cn.lihongjie.coal.user.mapper.UserMapper;
import cn.lihongjie.coal.user.repository.UserRepository;
import io.vavr.collection.Stream;
import jakarta.annotation.PostConstruct;
import jakarta.persistence.criteria.CriteriaBuilder;
import jakarta.persistence.criteria.CriteriaQuery;
@@ -24,7 +29,6 @@ import jakarta.persistence.criteria.Root;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
@@ -37,7 +41,6 @@ import org.springframework.security.crypto.password.Pbkdf2PasswordEncoder;
import org.springframework.stereotype.Service;
import org.springframework.util.StopWatch;
import java.util.ArrayList;
import java.util.List;
import java.util.Optional;
import java.util.stream.Collectors;
@@ -225,6 +228,8 @@ public class UserService extends BaseService<UserEntity, UserRepository> {
@Autowired ResourceService resourceService;
@Autowired PermissionService permissionService;
public List<ResourceDto> resources(String id) {
UserEntity user = get(id);
@@ -235,21 +240,18 @@ public class UserService extends BaseService<UserEntity, UserRepository> {
.collect(Collectors.toList());
}
if (CollectionUtils.isEmpty(user.getRoles())) {
return new ArrayList<>();
}
return io.vavr.collection.Stream.ofAll(user.allRoles())
.flatMap(
x ->
x.getPermissions() == null
? io.vavr.collection.Stream.empty()
: x.getPermissions())
.flatMap(
x ->
x.getResources() == null
? io.vavr.collection.Stream.empty()
: x.getResources())
.distinctBy(x -> x.getId())
return Stream.ofAll(user.allRoles())
.flatMap(x -> x.getPermissions() == null ? Stream.empty() : x.getPermissions())
.flatMap(x -> x.getResources() == null ? Stream.empty() : x.getResources())
.appendAll(
Stream.ofAll(
BooleanUtils.isTrue(user.getOrgAdmin())
? permissionService.getByTypes(
new String[] {"0", "1", "2"})
: permissionService.getByTypes(
new String[] {"0", "1"}))
.flatMap(PermissionEntity::getResources))
.distinctBy(BaseEntity::getId)
.map(x -> resourceMapper.toDto(x))
.collect(Collectors.toList());
}