处理管理员权限问题

src/main/java/cn/lihongjie/coal/annotation/OrgAdmin.java

@@ -0,0 +1,19 @@
+package cn.lihongjie.coal.annotation;
+
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Retention(RetentionPolicy.RUNTIME)
+@Target({ElementType.TYPE, ElementType.METHOD})
+public @interface OrgAdmin {
+
+    boolean value() default true;
+
+
+
+
+
+}

src/main/java/cn/lihongjie/coal/annotation/SysAdmin.java

@@ -0,0 +1,19 @@
+package cn.lihongjie.coal.annotation;
+
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Retention(RetentionPolicy.RUNTIME)
+@Target({ElementType.TYPE, ElementType.METHOD})
+public @interface SysAdmin {
+
+    boolean value() default true;
+
+
+
+
+
+}

src/main/java/cn/lihongjie/coal/aop/ControllerAop.java

@@ -1,15 +1,18 @@
 package cn.lihongjie.coal.aop;
 
 import cn.lihongjie.coal.annotation.Anonymous;
+import cn.lihongjie.coal.annotation.OrgAdmin;
+import cn.lihongjie.coal.annotation.SysAdmin;
 import cn.lihongjie.coal.annotation.SysLog;
 import cn.lihongjie.coal.common.Ctx;
 import cn.lihongjie.coal.common.RequestUtils;
 import cn.lihongjie.coal.dto.R;
-import cn.lihongjie.coal.entity.SysLogEntity;
+import cn.lihongjie.coal.entity.*;
 import cn.lihongjie.coal.exception.BizException;
 import cn.lihongjie.coal.service.SysLogService;
 import jakarta.servlet.http.HttpServletRequest;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.ObjectUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.exception.ExceptionUtils;
 import org.aspectj.lang.ProceedingJoinPoint;
@@ -24,7 +27,9 @@ import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
 
 import java.lang.reflect.Method;
+import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.List;
 
 @Aspect
 @Component
@@ -49,9 +54,9 @@ public class ControllerAop {
         if (!Ctx.isLoggedIn()) {
 
 
-            Anonymous anonymous = AnnotationUtils.findAnnotation(method, Anonymous.class);
+            Anonymous anonymous = ObjectUtils.defaultIfNull(AnnotationUtils.findAnnotation(method, Anonymous.class), AnnotationUtils.findAnnotation(method.getClass(), Anonymous.class));
 
-            if (anonymous != null && !anonymous.value()) {
+            if (anonymous == null || !anonymous.value()) {
 
 
                 return R.fail("invalidToken", "登录状态失效,请重新登录");
@@ -59,10 +64,48 @@ public class ControllerAop {
 
             }
 
-            Anonymous clsAnonymous = AnnotationUtils.findAnnotation(method.getClass(), Anonymous.class);
 
-            if (clsAnonymous == null || !clsAnonymous.value()) {
-                return R.fail("invalidToken", "登录状态失效,请重新登录");
+        } else {
+
+            OrgAdmin orgAdmin = ObjectUtils.defaultIfNull(AnnotationUtils.findAnnotation(method, OrgAdmin.class), AnnotationUtils.findAnnotation(method.getClass(), OrgAdmin.class));
+
+            if (orgAdmin != null && orgAdmin.value() && !Ctx.isOrgAdmin()) {
+
+
+                return R.fail("invalidAccess", "非法访问，请联系机构管理员。");
+
+
+            }
+
+            SysAdmin sysAdmin = ObjectUtils.defaultIfNull(AnnotationUtils.findAnnotation(method, SysAdmin.class), AnnotationUtils.findAnnotation(method.getClass(), SysAdmin.class));
+
+            if (sysAdmin != null && sysAdmin.value() && !Ctx.isSysAdmin()) {
+
+
+                return R.fail("invalidAccess", "非法访问，请联系系统管理员。");
+
+
+            }
+
+
+            UserEntity user = Ctx.currentUser();
+
+
+            if (!(user.getSysAdmin() != null && user.getSysAdmin())) {
+
+
+                if (ObjectUtils.<List<RoleEntity>>defaultIfNull(user.getRoles(), new ArrayList<>())
+                        .stream()
+                        .flatMap((RoleEntity r) -> ObjectUtils.<List<PermissionEntity>>defaultIfNull(r.getPermissions(), new ArrayList<>()).stream())
+                        .flatMap((PermissionEntity r) -> ObjectUtils.<List<ResourceEntity>>defaultIfNull(r.getResources(), new ArrayList<>()).stream())
+                        .noneMatch(x -> x.getUrl().equalsIgnoreCase(request.getRequestURI().replaceAll(request.getContextPath(), "")))) {
+
+
+                }{
+                    return R.fail("invalidAccess", "当前资源未授权，请联系机构管理员处理。");
+
+                }
+
             }
 
         }

src/main/java/cn/lihongjie/coal/common/Ctx.java

@@ -1,6 +1,7 @@
 package cn.lihongjie.coal.common;
 
 
+import cn.lihongjie.coal.entity.UserEntity;
 import cn.lihongjie.coal.service.SessionService;
 import lombok.experimental.UtilityClass;
 import org.springframework.security.core.context.SecurityContextHolder;
@@ -30,4 +31,20 @@ public class Ctx {
     private static SessionService.MyAuthentication getAuthentication() {
         return (SessionService.MyAuthentication) SecurityContextHolder.getContext().getAuthentication();
     }
+
+    public static boolean isOrgAdmin() {
+
+        return getAuthentication().getUser().getOrgAdmin();
+
+    }
+
+    public static boolean isSysAdmin() {
+
+        return getAuthentication().getUser().getSysAdmin();
+
+    }
+
+    public static UserEntity currentUser() {
+        return getAuthentication().getUser();
+    }
 }

src/main/java/cn/lihongjie/coal/entity/UserEntity.java

@@ -1,7 +1,6 @@
 package cn.lihongjie.coal.entity;
 
 import cn.lihongjie.coal.entity.base.OrgCommonEntity;
-import com.fasterxml.jackson.annotation.JsonManagedReference;
 import jakarta.persistence.Entity;
 import jakarta.persistence.ManyToMany;
 import lombok.Data;
@@ -37,6 +36,13 @@ public class UserEntity extends OrgCommonEntity {
 
 
 
+    @Comment("机构管理员标识")
+    private Boolean orgAdmin;
+
+
+
+    @Comment("系统管理员标识")
+    private Boolean sysAdmin;