From 557887e3eeef22e242a62953556090f34e790a88 Mon Sep 17 00:00:00 2001
From: lihongjie0209 <lihongjie0209@gmail.com>
Date: Sun, 30 Jul 2023 23:07:52 +0800
Subject: [PATCH] =?UTF-8?q?=E5=A4=84=E7=90=86=E7=AE=A1=E7=90=86=E5=91=98?=
 =?UTF-8?q?=E6=9D=83=E9=99=90=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../lihongjie/coal/annotation/OrgAdmin.java   | 19 +++++++
 .../lihongjie/coal/annotation/SysAdmin.java   | 19 +++++++
 .../cn/lihongjie/coal/aop/ControllerAop.java  | 55 +++++++++++++++++--
 .../java/cn/lihongjie/coal/common/Ctx.java    | 17 ++++++
 .../cn/lihongjie/coal/entity/UserEntity.java  |  8 ++-
 5 files changed, 111 insertions(+), 7 deletions(-)
 create mode 100644 src/main/java/cn/lihongjie/coal/annotation/OrgAdmin.java
 create mode 100644 src/main/java/cn/lihongjie/coal/annotation/SysAdmin.java

diff --git a/src/main/java/cn/lihongjie/coal/annotation/OrgAdmin.java b/src/main/java/cn/lihongjie/coal/annotation/OrgAdmin.java
new file mode 100644
index 00000000..70851f6f
--- /dev/null
+++ b/src/main/java/cn/lihongjie/coal/annotation/OrgAdmin.java
@@ -0,0 +1,19 @@
+package cn.lihongjie.coal.annotation;
+
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Retention(RetentionPolicy.RUNTIME)
+@Target({ElementType.TYPE, ElementType.METHOD})
+public @interface OrgAdmin {
+
+    boolean value() default true;
+
+
+
+
+
+}
diff --git a/src/main/java/cn/lihongjie/coal/annotation/SysAdmin.java b/src/main/java/cn/lihongjie/coal/annotation/SysAdmin.java
new file mode 100644
index 00000000..52ccfa06
--- /dev/null
+++ b/src/main/java/cn/lihongjie/coal/annotation/SysAdmin.java
@@ -0,0 +1,19 @@
+package cn.lihongjie.coal.annotation;
+
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Retention(RetentionPolicy.RUNTIME)
+@Target({ElementType.TYPE, ElementType.METHOD})
+public @interface SysAdmin {
+
+    boolean value() default true;
+
+
+
+
+
+}
diff --git a/src/main/java/cn/lihongjie/coal/aop/ControllerAop.java b/src/main/java/cn/lihongjie/coal/aop/ControllerAop.java
index 3dcc9c37..29ab09ab 100644
--- a/src/main/java/cn/lihongjie/coal/aop/ControllerAop.java
+++ b/src/main/java/cn/lihongjie/coal/aop/ControllerAop.java
@@ -1,15 +1,18 @@
 package cn.lihongjie.coal.aop;
 
 import cn.lihongjie.coal.annotation.Anonymous;
+import cn.lihongjie.coal.annotation.OrgAdmin;
+import cn.lihongjie.coal.annotation.SysAdmin;
 import cn.lihongjie.coal.annotation.SysLog;
 import cn.lihongjie.coal.common.Ctx;
 import cn.lihongjie.coal.common.RequestUtils;
 import cn.lihongjie.coal.dto.R;
-import cn.lihongjie.coal.entity.SysLogEntity;
+import cn.lihongjie.coal.entity.*;
 import cn.lihongjie.coal.exception.BizException;
 import cn.lihongjie.coal.service.SysLogService;
 import jakarta.servlet.http.HttpServletRequest;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.ObjectUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.exception.ExceptionUtils;
 import org.aspectj.lang.ProceedingJoinPoint;
@@ -24,7 +27,9 @@ import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
 
 import java.lang.reflect.Method;
+import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.List;
 
 @Aspect
 @Component
@@ -49,9 +54,9 @@ public class ControllerAop {
         if (!Ctx.isLoggedIn()) {
 
 
-            Anonymous anonymous = AnnotationUtils.findAnnotation(method, Anonymous.class);
+            Anonymous anonymous = ObjectUtils.defaultIfNull(AnnotationUtils.findAnnotation(method, Anonymous.class), AnnotationUtils.findAnnotation(method.getClass(), Anonymous.class));
 
-            if (anonymous != null && !anonymous.value()) {
+            if (anonymous == null || !anonymous.value()) {
 
 
                 return R.fail("invalidToken", "登录状态失效,请重新登录");
@@ -59,10 +64,48 @@ public class ControllerAop {
 
             }
 
-            Anonymous clsAnonymous = AnnotationUtils.findAnnotation(method.getClass(), Anonymous.class);
 
-            if (clsAnonymous == null || !clsAnonymous.value()) {
-                return R.fail("invalidToken", "登录状态失效,请重新登录");
+        } else {
+
+            OrgAdmin orgAdmin = ObjectUtils.defaultIfNull(AnnotationUtils.findAnnotation(method, OrgAdmin.class), AnnotationUtils.findAnnotation(method.getClass(), OrgAdmin.class));
+
+            if (orgAdmin != null && orgAdmin.value() && !Ctx.isOrgAdmin()) {
+
+
+                return R.fail("invalidAccess", "非法访问，请联系机构管理员。");
+
+
+            }
+
+            SysAdmin sysAdmin = ObjectUtils.defaultIfNull(AnnotationUtils.findAnnotation(method, SysAdmin.class), AnnotationUtils.findAnnotation(method.getClass(), SysAdmin.class));
+
+            if (sysAdmin != null && sysAdmin.value() && !Ctx.isSysAdmin()) {
+
+
+                return R.fail("invalidAccess", "非法访问，请联系系统管理员。");
+
+
+            }
+
+
+            UserEntity user = Ctx.currentUser();
+
+
+            if (!(user.getSysAdmin() != null && user.getSysAdmin())) {
+
+
+                if (ObjectUtils.<List<RoleEntity>>defaultIfNull(user.getRoles(), new ArrayList<>())
+                        .stream()
+                        .flatMap((RoleEntity r) -> ObjectUtils.<List<PermissionEntity>>defaultIfNull(r.getPermissions(), new ArrayList<>()).stream())
+                        .flatMap((PermissionEntity r) -> ObjectUtils.<List<ResourceEntity>>defaultIfNull(r.getResources(), new ArrayList<>()).stream())
+                        .noneMatch(x -> x.getUrl().equalsIgnoreCase(request.getRequestURI().replaceAll(request.getContextPath(), "")))) {
+
+
+                }{
+                    return R.fail("invalidAccess", "当前资源未授权，请联系机构管理员处理。");
+
+                }
+
             }
 
         }
diff --git a/src/main/java/cn/lihongjie/coal/common/Ctx.java b/src/main/java/cn/lihongjie/coal/common/Ctx.java
index 0e0b0969..7118e281 100644
--- a/src/main/java/cn/lihongjie/coal/common/Ctx.java
+++ b/src/main/java/cn/lihongjie/coal/common/Ctx.java
@@ -1,6 +1,7 @@
 package cn.lihongjie.coal.common;
 
 
+import cn.lihongjie.coal.entity.UserEntity;
 import cn.lihongjie.coal.service.SessionService;
 import lombok.experimental.UtilityClass;
 import org.springframework.security.core.context.SecurityContextHolder;
@@ -30,4 +31,20 @@ public class Ctx {
     private static SessionService.MyAuthentication getAuthentication() {
         return (SessionService.MyAuthentication) SecurityContextHolder.getContext().getAuthentication();
     }
+
+    public static boolean isOrgAdmin() {
+
+        return getAuthentication().getUser().getOrgAdmin();
+
+    }
+
+    public static boolean isSysAdmin() {
+
+        return getAuthentication().getUser().getSysAdmin();
+
+    }
+
+    public static UserEntity currentUser() {
+        return getAuthentication().getUser();
+    }
 }
diff --git a/src/main/java/cn/lihongjie/coal/entity/UserEntity.java b/src/main/java/cn/lihongjie/coal/entity/UserEntity.java
index 68ec212e..301e3cbe 100644
--- a/src/main/java/cn/lihongjie/coal/entity/UserEntity.java
+++ b/src/main/java/cn/lihongjie/coal/entity/UserEntity.java
@@ -1,7 +1,6 @@
 package cn.lihongjie.coal.entity;
 
 import cn.lihongjie.coal.entity.base.OrgCommonEntity;
-import com.fasterxml.jackson.annotation.JsonManagedReference;
 import jakarta.persistence.Entity;
 import jakarta.persistence.ManyToMany;
 import lombok.Data;
@@ -37,6 +36,13 @@ public class UserEntity extends OrgCommonEntity {
 
 
 
+    @Comment("机构管理员标识")
+    private Boolean orgAdmin;
+
+
+
+    @Comment("系统管理员标识")
+    private Boolean sysAdmin;