diff --git a/src/main/java/xyz/playedu/api/bus/BackendBus.java b/src/main/java/xyz/playedu/api/bus/BackendBus.java index 149686d..71667de 100644 --- a/src/main/java/xyz/playedu/api/bus/BackendBus.java +++ b/src/main/java/xyz/playedu/api/bus/BackendBus.java @@ -1,9 +1,27 @@ package xyz.playedu.api.bus; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; import xyz.playedu.api.constant.BackendConstant; +import xyz.playedu.api.service.AdminPermissionService; +import xyz.playedu.api.service.AdminRolePermissionService; +import xyz.playedu.api.service.AdminUserRoleService; +import java.util.HashMap; +import java.util.List; + +@Component public class BackendBus { + @Autowired + private AdminUserRoleService adminUserRoleService; + + @Autowired + private AdminRolePermissionService rolePermissionService; + + @Autowired + private AdminPermissionService permissionService; + public static boolean inUnAuthWhitelist(String uri) { for (int i = 0; i < BackendConstant.UN_AUTH_URI_WHITELIST.length; i++) { if (uri.equals(BackendConstant.UN_AUTH_URI_WHITELIST[i])) { @@ -13,4 +31,17 @@ public class BackendBus { return false; } + public HashMap adminUserPermissions(Integer userId) { + HashMap permissons = new HashMap<>(); + List roleIds = adminUserRoleService.getRoleIdsByUserId(userId); + if (roleIds.size() == 0) { + return permissons; + } + List permissionIds = rolePermissionService.getPermissionIdsByRoleIds(roleIds); + if (permissionIds.size() == 0) { + return permissons; + } + return permissionService.getSlugsByIds(permissionIds); + } + } diff --git a/src/main/java/xyz/playedu/api/controller/backend/AdminRoleController.java b/src/main/java/xyz/playedu/api/controller/backend/AdminRoleController.java index 0112a66..07d9860 100644 --- a/src/main/java/xyz/playedu/api/controller/backend/AdminRoleController.java +++ b/src/main/java/xyz/playedu/api/controller/backend/AdminRoleController.java @@ -4,9 +4,11 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.transaction.annotation.Transactional; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.*; +import xyz.playedu.api.constant.BPermissionConstant; import xyz.playedu.api.domain.AdminPermission; import xyz.playedu.api.domain.AdminRole; import xyz.playedu.api.domain.AdminRolePermission; +import xyz.playedu.api.middleware.BackendPermissionMiddleware; import xyz.playedu.api.request.backend.AdminRoleRequest; import xyz.playedu.api.service.AdminPermissionService; import xyz.playedu.api.service.AdminRolePermissionService; @@ -36,12 +38,14 @@ public class AdminRoleController { @Autowired private AdminRolePermissionService rolePermissionService; + @BackendPermissionMiddleware(slug = BPermissionConstant.ADMIN_ROLE) @GetMapping("/index") public JsonResponse index() { List data = roleService.list(); return JsonResponse.data(data); } + @BackendPermissionMiddleware(slug = BPermissionConstant.ADMIN_ROLE) @GetMapping("/create") public JsonResponse create() { List permissions = permissionService.listOrderBySortAsc(); @@ -50,6 +54,7 @@ public class AdminRoleController { return JsonResponse.data(data); } + @BackendPermissionMiddleware(slug = BPermissionConstant.ADMIN_ROLE) @PostMapping("/create") @Transactional public JsonResponse store(@RequestBody @Validated AdminRoleRequest request) { @@ -76,6 +81,7 @@ public class AdminRoleController { return JsonResponse.success(); } + @BackendPermissionMiddleware(slug = BPermissionConstant.ADMIN_ROLE) @GetMapping("/{id}") public JsonResponse edit(@PathVariable(name = "id") Integer id) { AdminRole role = roleService.getById(id); @@ -85,6 +91,7 @@ public class AdminRoleController { return JsonResponse.data(role); } + @BackendPermissionMiddleware(slug = BPermissionConstant.ADMIN_ROLE) @PutMapping("/{id}") @Transactional public JsonResponse update(@PathVariable(name = "id") Integer id, @RequestBody @Validated AdminRoleRequest request) { @@ -116,6 +123,7 @@ public class AdminRoleController { return JsonResponse.success(); } + @BackendPermissionMiddleware(slug = BPermissionConstant.ADMIN_ROLE) @DeleteMapping("/{id}") @Transactional public JsonResponse destroy(@PathVariable(name = "id") Integer id) { diff --git a/src/main/java/xyz/playedu/api/controller/backend/AdminUserController.java b/src/main/java/xyz/playedu/api/controller/backend/AdminUserController.java index a3398e7..c4d70c9 100644 --- a/src/main/java/xyz/playedu/api/controller/backend/AdminUserController.java +++ b/src/main/java/xyz/playedu/api/controller/backend/AdminUserController.java @@ -5,9 +5,11 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.transaction.annotation.Transactional; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.*; +import xyz.playedu.api.constant.BPermissionConstant; import xyz.playedu.api.domain.AdminRole; import xyz.playedu.api.domain.AdminUser; import xyz.playedu.api.domain.AdminUserRole; +import xyz.playedu.api.middleware.BackendPermissionMiddleware; import xyz.playedu.api.request.backend.AdminUserRequest; import xyz.playedu.api.service.AdminRoleService; import xyz.playedu.api.service.AdminUserRoleService; @@ -35,6 +37,7 @@ public class AdminUserController { @Autowired private AdminUserRoleService userRoleService; + @BackendPermissionMiddleware(slug = BPermissionConstant.ADMIN_USER_INDEX) @GetMapping("/index") public JsonResponse Index(@RequestParam(name = "page", defaultValue = "1") Integer page, @RequestParam(name = "size", defaultValue = "10") Integer size) { PaginationResult result = adminUserService.paginate(page, size, null); @@ -50,6 +53,7 @@ public class AdminUserController { return JsonResponse.data(result); } + @BackendPermissionMiddleware(slug = BPermissionConstant.ADMIN_USER_STORE) @GetMapping("/create") public JsonResponse create() { List roles = roleService.list(); @@ -59,6 +63,7 @@ public class AdminUserController { } + @BackendPermissionMiddleware(slug = BPermissionConstant.ADMIN_USER_STORE) @PostMapping("/create") @Transactional public JsonResponse store(@RequestBody @Validated AdminUserRequest request) { @@ -100,6 +105,7 @@ public class AdminUserController { return JsonResponse.success(); } + @BackendPermissionMiddleware(slug = BPermissionConstant.ADMIN_USER_UPDATE) @GetMapping("/{id}") public JsonResponse edit(@PathVariable Integer id) { AdminUser adminUser = adminUserService.findById(id); @@ -111,6 +117,7 @@ public class AdminUserController { return JsonResponse.data(adminUser); } + @BackendPermissionMiddleware(slug = BPermissionConstant.ADMIN_USER_UPDATE) @PutMapping("/{id}") @Transactional public JsonResponse update(@PathVariable Integer id, @RequestBody @Validated AdminUserRequest request) { @@ -159,6 +166,7 @@ public class AdminUserController { return JsonResponse.success(); } + @BackendPermissionMiddleware(slug = BPermissionConstant.ADMIN_USER_DESTROY) @DeleteMapping("/{id}") @Transactional public JsonResponse destroy(@PathVariable Integer id) { diff --git a/src/main/java/xyz/playedu/api/controller/backend/DepartmentController.java b/src/main/java/xyz/playedu/api/controller/backend/DepartmentController.java index ecbb541..19a222c 100644 --- a/src/main/java/xyz/playedu/api/controller/backend/DepartmentController.java +++ b/src/main/java/xyz/playedu/api/controller/backend/DepartmentController.java @@ -5,8 +5,10 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.*; import xyz.playedu.api.bus.DepartmentBus; +import xyz.playedu.api.constant.BPermissionConstant; import xyz.playedu.api.domain.Department; import xyz.playedu.api.exception.NotFoundException; +import xyz.playedu.api.middleware.BackendPermissionMiddleware; import xyz.playedu.api.request.backend.DepartmentRequest; import xyz.playedu.api.service.DepartmentService; import xyz.playedu.api.types.JsonResponse; @@ -29,6 +31,7 @@ public class DepartmentController { @Autowired private DepartmentBus departmentBus; + @BackendPermissionMiddleware(slug = BPermissionConstant.DEPARTMENT_INDEX) @GetMapping("/index") public JsonResponse index() { Map> departments = departmentService.all().stream().collect(Collectors.groupingBy(Department::getParentId)); @@ -39,12 +42,14 @@ public class DepartmentController { return JsonResponse.data(data); } + @BackendPermissionMiddleware(slug = BPermissionConstant.DEPARTMENT_STORE) @GetMapping("/create") public JsonResponse create(@RequestParam(name = "parent_id", defaultValue = "0") Integer parentId) { List data = departmentService.listByParentId(parentId); return JsonResponse.data(data); } + @BackendPermissionMiddleware(slug = BPermissionConstant.DEPARTMENT_STORE) @PostMapping("/create") public JsonResponse store(@RequestBody @Validated DepartmentRequest request) throws NotFoundException { String parentChain = ""; @@ -65,12 +70,14 @@ public class DepartmentController { return JsonResponse.success(); } + @BackendPermissionMiddleware(slug = BPermissionConstant.DEPARTMENT_UPDATE) @GetMapping("/{id}") public JsonResponse edit(@PathVariable Integer id) throws NotFoundException { Department department = departmentService.findOrFail(id); return JsonResponse.data(department); } + @BackendPermissionMiddleware(slug = BPermissionConstant.DEPARTMENT_UPDATE) @PutMapping("/{id}") public JsonResponse update(@PathVariable Integer id, @RequestBody DepartmentRequest request) throws NotFoundException { Department department = departmentService.findOrFail(id); @@ -78,6 +85,7 @@ public class DepartmentController { return JsonResponse.success(); } + @BackendPermissionMiddleware(slug = BPermissionConstant.DEPARTMENT_DESTROY) @DeleteMapping("/{id}") public JsonResponse destroy(@PathVariable Integer id) throws NotFoundException { Department department = departmentService.findOrFail(id); diff --git a/src/main/java/xyz/playedu/api/middleware/BackendPermissionMiddleware.java b/src/main/java/xyz/playedu/api/middleware/BackendPermissionMiddleware.java new file mode 100644 index 0000000..555a1a0 --- /dev/null +++ b/src/main/java/xyz/playedu/api/middleware/BackendPermissionMiddleware.java @@ -0,0 +1,14 @@ +package xyz.playedu.api.middleware; + +import java.lang.annotation.*; + +/** + * @Author 杭州白书科技有限公司 + * @create 2023/2/21 16:40 + */ +@Documented +@Target({ElementType.METHOD}) +@Retention(RetentionPolicy.RUNTIME) +public @interface BackendPermissionMiddleware { + String slug() default ""; +} diff --git a/src/main/java/xyz/playedu/api/middleware/impl/BackendPermissionMiddlewareImpl.java b/src/main/java/xyz/playedu/api/middleware/impl/BackendPermissionMiddlewareImpl.java new file mode 100644 index 0000000..abe296b --- /dev/null +++ b/src/main/java/xyz/playedu/api/middleware/impl/BackendPermissionMiddlewareImpl.java @@ -0,0 +1,45 @@ +package xyz.playedu.api.middleware.impl; + +import lombok.extern.slf4j.Slf4j; +import org.aspectj.lang.ProceedingJoinPoint; +import org.aspectj.lang.annotation.Around; +import org.aspectj.lang.annotation.Aspect; +import org.aspectj.lang.annotation.Pointcut; +import org.aspectj.lang.reflect.MethodSignature; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; +import xyz.playedu.api.PlayEduThreadLocal; +import xyz.playedu.api.bus.BackendBus; +import xyz.playedu.api.middleware.BackendPermissionMiddleware; +import xyz.playedu.api.types.JsonResponse; + +import java.util.HashMap; + +/** + * @Author 杭州白书科技有限公司 + * @create 2023/2/21 16:42 + */ +@Aspect +@Component +@Slf4j +public class BackendPermissionMiddlewareImpl { + + @Autowired + private BackendBus backendBus; + + @Pointcut("@annotation(xyz.playedu.api.middleware.BackendPermissionMiddleware)") + private void doPointcut() { + } + + @Around("doPointcut()") + public Object doAround(ProceedingJoinPoint joinPoint) throws Throwable { + MethodSignature signature = (MethodSignature) joinPoint.getSignature(); + BackendPermissionMiddleware middleware = signature.getMethod().getAnnotation(BackendPermissionMiddleware.class); + Integer adminUserId = PlayEduThreadLocal.getAdminUserID(); + HashMap permissions = backendBus.adminUserPermissions(adminUserId); + if (permissions.get(middleware.slug()) == null) { + return JsonResponse.error("权限不足", 403); + } + return joinPoint.proceed(); + } +} diff --git a/src/main/java/xyz/playedu/api/service/AdminPermissionService.java b/src/main/java/xyz/playedu/api/service/AdminPermissionService.java index fd5e34f..569b690 100644 --- a/src/main/java/xyz/playedu/api/service/AdminPermissionService.java +++ b/src/main/java/xyz/playedu/api/service/AdminPermissionService.java @@ -17,4 +17,6 @@ public interface AdminPermissionService extends IService { List listOrderBySortAsc(); + HashMap getSlugsByIds(List ids); + } diff --git a/src/main/java/xyz/playedu/api/service/AdminRolePermissionService.java b/src/main/java/xyz/playedu/api/service/AdminRolePermissionService.java index f4e3049..889b176 100644 --- a/src/main/java/xyz/playedu/api/service/AdminRolePermissionService.java +++ b/src/main/java/xyz/playedu/api/service/AdminRolePermissionService.java @@ -4,6 +4,9 @@ import org.springframework.stereotype.Service; import xyz.playedu.api.domain.AdminRolePermission; import com.baomidou.mybatisplus.extension.service.IService; +import java.util.HashMap; +import java.util.List; + /** * @author tengteng * @description 针对表【admin_role_permission】的数据库操作Service @@ -14,4 +17,5 @@ public interface AdminRolePermissionService extends IService getPermissionIdsByRoleIds(List roleIds); } diff --git a/src/main/java/xyz/playedu/api/service/AdminUserRoleService.java b/src/main/java/xyz/playedu/api/service/AdminUserRoleService.java index 879f44d..4987037 100644 --- a/src/main/java/xyz/playedu/api/service/AdminUserRoleService.java +++ b/src/main/java/xyz/playedu/api/service/AdminUserRoleService.java @@ -3,6 +3,8 @@ package xyz.playedu.api.service; import xyz.playedu.api.domain.AdminUserRole; import com.baomidou.mybatisplus.extension.service.IService; +import java.util.List; + /** * @author tengteng * @description 针对表【admin_user_role】的数据库操作Service @@ -12,4 +14,6 @@ public interface AdminUserRoleService extends IService { void removeUserRolesByUserId(Integer userId); + List getRoleIdsByUserId(Integer userId); + } diff --git a/src/main/java/xyz/playedu/api/service/impl/AdminPermissionServiceImpl.java b/src/main/java/xyz/playedu/api/service/impl/AdminPermissionServiceImpl.java index a5c3a0a..839ddfa 100644 --- a/src/main/java/xyz/playedu/api/service/impl/AdminPermissionServiceImpl.java +++ b/src/main/java/xyz/playedu/api/service/impl/AdminPermissionServiceImpl.java @@ -31,6 +31,16 @@ public class AdminPermissionServiceImpl extends ServiceImpl listOrderBySortAsc() { return list(query().getWrapper().orderByAsc("group_name", "sort")); } + + @Override + public HashMap getSlugsByIds(List ids) { + List adminPermissions = list(query().getWrapper().in("id", ids)); + HashMap map = new HashMap<>(); + for (AdminPermission adminPermission : adminPermissions) { + map.put(adminPermission.getSlug(), true); + } + return map; + } } diff --git a/src/main/java/xyz/playedu/api/service/impl/AdminRolePermissionServiceImpl.java b/src/main/java/xyz/playedu/api/service/impl/AdminRolePermissionServiceImpl.java index 7a1ee9f..2e21d4d 100644 --- a/src/main/java/xyz/playedu/api/service/impl/AdminRolePermissionServiceImpl.java +++ b/src/main/java/xyz/playedu/api/service/impl/AdminRolePermissionServiceImpl.java @@ -1,23 +1,37 @@ package xyz.playedu.api.service.impl; import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl; +import lombok.extern.slf4j.Slf4j; +import xyz.playedu.api.domain.AdminRole; import xyz.playedu.api.domain.AdminRolePermission; import xyz.playedu.api.service.AdminRolePermissionService; import xyz.playedu.api.mapper.AdminRolePermissionMapper; import org.springframework.stereotype.Service; +import java.util.ArrayList; +import java.util.List; + /** * @author tengteng * @description 针对表【admin_role_permission】的数据库操作Service实现 * @createDate 2023-02-21 16:07:01 */ @Service -public class AdminRolePermissionServiceImpl extends ServiceImpl - implements AdminRolePermissionService { +public class AdminRolePermissionServiceImpl extends ServiceImpl implements AdminRolePermissionService { @Override public void removeRolePermissionsByRoleId(Integer roleId) { remove(query().getWrapper().eq("role_id", roleId)); } + + @Override + public List getPermissionIdsByRoleIds(List roleIds) { + List rolePermissions = list(query().getWrapper().in("role_id", roleIds)); + List ids = new ArrayList<>(); + for (AdminRolePermission rolePermission : rolePermissions) { + ids.add(rolePermission.getPermId()); + } + return ids; + } } diff --git a/src/main/java/xyz/playedu/api/service/impl/AdminUserRoleServiceImpl.java b/src/main/java/xyz/playedu/api/service/impl/AdminUserRoleServiceImpl.java index 192630f..2b4ac2f 100644 --- a/src/main/java/xyz/playedu/api/service/impl/AdminUserRoleServiceImpl.java +++ b/src/main/java/xyz/playedu/api/service/impl/AdminUserRoleServiceImpl.java @@ -6,19 +6,31 @@ import xyz.playedu.api.service.AdminUserRoleService; import xyz.playedu.api.mapper.AdminUserRoleMapper; import org.springframework.stereotype.Service; +import java.util.ArrayList; +import java.util.List; + /** * @author tengteng * @description 针对表【admin_user_role】的数据库操作Service实现 * @createDate 2023-02-21 16:25:43 */ @Service -public class AdminUserRoleServiceImpl extends ServiceImpl - implements AdminUserRoleService { +public class AdminUserRoleServiceImpl extends ServiceImpl implements AdminUserRoleService { @Override public void removeUserRolesByUserId(Integer userId) { remove(query().getWrapper().eq("admin_id", userId)); } + + @Override + public List getRoleIdsByUserId(Integer userId) { + List userRoles = list(query().getWrapper().eq("admin_id", userId)); + List ids = new ArrayList<>(); + for (AdminUserRole userRole : userRoles) { + ids.add(userRole.getRoleId()); + } + return ids; + } }