added: 数据权限

src/main/java/xyz/playedu/api/PlayEduBackendThreadLocal.java

@@ -2,12 +2,17 @@ package xyz.playedu.api;
 
 import xyz.playedu.api.domain.AdminUser;
 
+import java.util.HashMap;
 import java.util.LinkedHashMap;
 
 public class PlayEduBackendThreadLocal {
 
     private static final java.lang.ThreadLocal<LinkedHashMap<String, Object>> THREAD_LOCAL = new java.lang.ThreadLocal<>();
 
+    public final static String KEY_ADMIN_USER_ID = "admin_id";
+    public final static String KEY_ADMIN_USER = "admin_user";
+    public final static String KEY_ADMIN_PER = "admin_per";
+
     public PlayEduBackendThreadLocal() {
     }
 
@@ -25,19 +30,27 @@ public class PlayEduBackendThreadLocal {
     }
 
     public static Integer getAdminUserID() {
-        return (Integer) get("admin_user_id");
+        return (Integer) get(KEY_ADMIN_USER_ID);
     }
 
     public static void setAdminUserId(Integer userId) {
-        put("admin_user_id", userId);
+        put(KEY_ADMIN_USER_ID, userId);
     }
 
     public static AdminUser getAdminUser() {
-        return (AdminUser) get("admin_user");
+        return (AdminUser) get(KEY_ADMIN_USER);
     }
 
     public static void setAdminUser(AdminUser adminUser) {
-        put("admin_user", adminUser);
+        put(KEY_ADMIN_USER, adminUser);
+    }
+
+    public static void setAdminPer(HashMap<String, Boolean> permissions) {
+        put(KEY_ADMIN_PER, permissions);
+    }
+
+    public static HashMap<String, Boolean> getAdminPer() {
+        return (HashMap<String, Boolean>) get(KEY_ADMIN_PER);
     }
 
     public static void remove() {

src/main/java/xyz/playedu/api/bus/BackendBus.java

@@ -2,11 +2,13 @@ package xyz.playedu.api.bus;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
+import xyz.playedu.api.PlayEduBackendThreadLocal;
 import xyz.playedu.api.constant.BackendConstant;
 import xyz.playedu.api.domain.AdminRole;
 import xyz.playedu.api.service.AdminPermissionService;
 import xyz.playedu.api.service.AdminRoleService;
 import xyz.playedu.api.service.AdminUserService;
+import xyz.playedu.api.util.PrivacyUtil;
 
 import java.util.HashMap;
 import java.util.List;
@@ -56,4 +58,21 @@ public class BackendBus {
         return permissionService.getSlugsByIds(permissionIds);
     }
 
+    public static String valueHidden(String permissionSlug, String type, String value) {
+        HashMap<String, Boolean> permissions = PlayEduBackendThreadLocal.getAdminPer();
+        if (permissions.get(permissionSlug) != null) {
+            return value;
+        }
+        if (BackendConstant.PRIVACY_FIELD_TYPE_EMAIL.equals(type)) {
+            return PrivacyUtil.hideEmail(value);
+        } else if (BackendConstant.PRIVACY_FIELD_TYPE_PHONE.equals(type)) {
+            return PrivacyUtil.hidePhone(value);
+        } else if (BackendConstant.PRIVACY_FIELD_TYPE_NAME.equals(type)) {
+            return PrivacyUtil.hideChineseName(value);
+        } else if (BackendConstant.PRIVACY_FIELD_TYPE_ID_CARD.equals(type)) {
+            return PrivacyUtil.hideIDCard(value);
+        }
+        return PrivacyUtil.desValue(value, 1, 0, "*");
+    }
+
 }

src/main/java/xyz/playedu/api/checks/AdminPermissionCheck.java

@@ -47,6 +47,14 @@ public class AdminPermissionCheck implements ApplicationRunner {
             {"课程", "0", "课程", BPermissionConstant.COURSE},
     };
 
+    private final String[][] DATA_PERMISSIONS = {
+            {"管理员", "0", "邮箱", BPermissionConstant.DATA_ADMIN_EMAIL},
+
+            {"学员", "0", "邮箱", BPermissionConstant.DATA_USER_EMAIL},
+            {"学员", "10", "姓名", BPermissionConstant.DATA_USER_NAME},
+            {"学员", "10", "身份证号", BPermissionConstant.DATA_USER_ID_CARD},
+    };
+
     @Override
     public void run(ApplicationArguments args) throws Exception {
         HashMap<String, Boolean> slugs = permissionService.allSlugs();
@@ -71,8 +79,22 @@ public class AdminPermissionCheck implements ApplicationRunner {
             list.add(permission);
         }
 
-        if (list.size() == 0) {
+        for (int i = 0; i < DATA_PERMISSIONS.length; i++) {
-            return;
+            String[] item = DATA_PERMISSIONS[i];
+            String tmpSlug = item[3];
+            if (slugs.get(tmpSlug) != null) {//已经存在
+                continue;
+            }
+            AdminPermission permission = new AdminPermission();
+
+            permission.setGroupName(item[0]);
+            permission.setSort(Integer.valueOf(item[1]));
+            permission.setName(item[2]);
+            permission.setSlug(tmpSlug);
+            permission.setType(BPermissionConstant.TYPE_DATA);
+            permission.setCreatedAt(now);
+
+            list.add(permission);
         }
 
         permissionService.saveBatch(list);

src/main/java/xyz/playedu/api/constant/BPermissionConstant.java

@@ -32,4 +32,9 @@ public class BPermissionConstant {
 
     public final static String COURSE = "course";
 
+    public final static String DATA_USER_NAME = "data-user-name";
+    public final static String DATA_USER_EMAIL = "data-user-email";
+    public final static String DATA_USER_ID_CARD = "data-user-id-card";
+    public final static String DATA_ADMIN_EMAIL = "data-admin-email";
+
 }

src/main/java/xyz/playedu/api/constant/BackendConstant.java

@@ -49,4 +49,9 @@ public class BackendConstant {
     public final static String[] UPLOAD_IMAGE_CONTENT_TYPE_WL = {"image/png", "image/jpg", "image/jpeg", "image/gif"};
     public final static String UPLOAD_IMAGE_DIR = "images/";
 
+    public final static String PRIVACY_FIELD_TYPE_EMAIL = "email";
+    public final static String PRIVACY_FIELD_TYPE_PHONE = "phone";
+    public final static String PRIVACY_FIELD_TYPE_NAME = "name";
+    public final static String PRIVACY_FIELD_TYPE_ID_CARD = "IDCard";
+
 }

src/main/java/xyz/playedu/api/domain/AdminUser.java

@@ -8,15 +8,21 @@ import com.baomidou.mybatisplus.annotation.TableName;
 import java.io.Serializable;
 import java.util.Date;
 
+import com.fasterxml.jackson.annotation.JsonGetter;
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import lombok.Data;
+import lombok.extern.slf4j.Slf4j;
+import xyz.playedu.api.bus.BackendBus;
+import xyz.playedu.api.constant.BPermissionConstant;
+import xyz.playedu.api.constant.BackendConstant;
 
 /**
  * @TableName admin_users
  */
 @TableName(value = "admin_users")
 @Data
+@Slf4j
 public class AdminUser implements Serializable {
     /**
      *
@@ -79,6 +85,11 @@ public class AdminUser implements Serializable {
     @TableField(exist = false)
     private static final long serialVersionUID = 1L;
 
+    @JsonGetter("email")
+    public String transformEmail() {
+        return BackendBus.valueHidden(BPermissionConstant.DATA_ADMIN_EMAIL, BackendConstant.PRIVACY_FIELD_TYPE_EMAIL, email);
+    }
+
     @Override
     public boolean equals(Object that) {
         if (this == that) {

src/main/java/xyz/playedu/api/domain/User.java

@@ -8,9 +8,14 @@ import com.baomidou.mybatisplus.annotation.TableName;
 import java.io.Serializable;
 import java.util.Date;
 
+import com.fasterxml.jackson.annotation.JsonGetter;
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import lombok.Data;
+import lombok.extern.slf4j.Slf4j;
+import xyz.playedu.api.bus.BackendBus;
+import xyz.playedu.api.constant.BPermissionConstant;
+import xyz.playedu.api.constant.BackendConstant;
 
 /**
  * @TableName users
@@ -124,6 +129,21 @@ public class User implements Serializable {
     @TableField(exist = false)
     private static final long serialVersionUID = 1L;
 
+    @JsonGetter("name")
+    public String transformName() {
+        return BackendBus.valueHidden(BPermissionConstant.DATA_USER_NAME, BackendConstant.PRIVACY_FIELD_TYPE_NAME, getName());
+    }
+
+    @JsonGetter("email")
+    public String transformEmail() {
+        return BackendBus.valueHidden(BPermissionConstant.DATA_USER_EMAIL, BackendConstant.PRIVACY_FIELD_TYPE_EMAIL, getEmail());
+    }
+
+    @JsonGetter("id_card")
+    public String transformIdCard() {
+        return BackendBus.valueHidden(BPermissionConstant.DATA_USER_ID_CARD, BackendConstant.PRIVACY_FIELD_TYPE_ID_CARD, getIdCard());
+    }
+
     @Override
     public boolean equals(Object that) {
         if (this == that) {

src/main/java/xyz/playedu/api/middleware/AdminAuthMiddleware.java

@@ -33,6 +33,9 @@ public class AdminAuthMiddleware implements HandlerInterceptor {
     @Autowired
     private AppBus appBus;
 
+    @Autowired
+    private BackendBus backendBus;
+
     @Override
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
         if ("OPTIONS".equals(request.getMethod()) || BackendBus.inUnAuthWhitelist(request.getRequestURI())) {
@@ -57,6 +60,7 @@ public class AdminAuthMiddleware implements HandlerInterceptor {
 
             PlayEduBackendThreadLocal.setAdminUserId(payload.getSub());
             PlayEduBackendThreadLocal.setAdminUser(adminUser);
+            PlayEduBackendThreadLocal.setAdminPer(backendBus.adminUserPermissions(adminUser.getId()));
 
             return HandlerInterceptor.super.preHandle(request, response, handler);
         } catch (Exception e) {

src/main/java/xyz/playedu/api/util/PrivacyUtil.java

@@ -0,0 +1,55 @@
+package xyz.playedu.api.util;
+
+/**
+ * @Author 杭州白书科技有限公司
+ * @create 2023/3/3 10:51
+ */
+public class PrivacyUtil {
+
+    public static String hidePhone(String phone) {
+        return phone.replaceAll("(\\d{3})\\d{4}(\\d{4})", "$1****$2");
+    }
+
+    public static String hideEmail(String email) {
+        return email.replaceAll("(\\w?)(\\w+)(\\w)(@\\w+\\.[a-z]+(\\.[a-z]+)?)", "$1****$3$4");
+    }
+
+    public static String hideIDCard(String idCard) {
+        return idCard.replaceAll("(\\d{4})\\d{10}(\\w{4})", "$1*****$2");
+    }
+
+    public static String hideChineseName(String chineseName) {
+        if (chineseName == null) {
+            return null;
+        }
+        return desValue(chineseName, 1, 0, "*");
+    }
+
+    /**
+     * 对字符串进行脱敏操作
+     *
+     * @param origin          原始字符串
+     * @param prefixNoMaskLen 左侧需要保留几位明文字段
+     * @param suffixNoMaskLen 右侧需要保留几位明文字段
+     * @param maskStr         用于遮罩的字符串, 如'*'
+     * @return 脱敏后结果
+     */
+    public static String desValue(String origin, int prefixNoMaskLen, int suffixNoMaskLen, String maskStr) {
+        if (origin == null) {
+            return null;
+        }
+        StringBuilder sb = new StringBuilder();
+        for (int i = 0, n = origin.length(); i < n; i++) {
+            if (i < prefixNoMaskLen) {
+                sb.append(origin.charAt(i));
+                continue;
+            }
+            if (i > (n - suffixNoMaskLen - 1)) {
+                sb.append(origin.charAt(i));
+                continue;
+            }
+            sb.append(maskStr);
+        }
+        return sb.toString();
+    }
+}