完全权限模块的权限注册的添加

2020-07-13 22:45:31 +08:00
parent 61e5cfe617
commit 244f248ad5
42 changed files with 113 additions and 923 deletions
--- a/system/system-biz/src/main/java/cn/iocoder/mall/system/biz/dto/authorization/AuthorizationCheckPermissionsDTO.java
+++ b/system/system-biz/src/main/java/cn/iocoder/mall/system/biz/dto/authorization/AuthorizationCheckPermissionsDTO.java
@@ -1,21 +0,0 @@
-package cn.iocoder.mall.system.biz.dto.authorization;
-
-import lombok.Data;
-import lombok.experimental.Accessors;
-
-import javax.validation.constraints.NotNull;
-import java.util.Collection;
-
-/**
- * 授权模块 - 校验账号是否有权限 DTO
- */
-@Data
-@Accessors(chain = true)
-public class AuthorizationCheckPermissionsDTO {
-
-    @NotNull(message = "账号编号不能为空")
-    private Integer accountId;
-    @NotNull(message = "权限不能为空")
-    private Collection<String> permissions;
-
-}
--- a/system/system-biz/src/main/java/cn/iocoder/mall/system/biz/service/authorization/AuthorizationService.java
+++ b/system/system-biz/src/main/java/cn/iocoder/mall/system/biz/service/authorization/AuthorizationService.java
@@ -1,14 +1,6 @@
 package cn.iocoder.mall.system.biz.service.authorization;

-import cn.iocoder.common.framework.exception.ServiceException;
-import cn.iocoder.mall.system.biz.bo.authorization.ResourceBO;
-import cn.iocoder.mall.system.biz.bo.authorization.ResourceTreeNodeBO;
-import cn.iocoder.mall.system.biz.bo.authorization.RoleBO;
-import cn.iocoder.mall.system.biz.dto.authorization.*;
-
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
+import cn.iocoder.mall.system.biz.dto.authorization.AuthorizationCheckPermissionsDTO;

 /**
 * 授权模块 - Service 接口
@@ -22,41 +14,4 @@ public interface AuthorizationService {
     */
    void checkPermissions(AuthorizationCheckPermissionsDTO checkPermissionsDTO);

-    /**
-     * 获得指定账号的资源列表
-     *
-     * 如果该账号为超级管理员，则返回所有资源
-     *
-     * @param getResourcesByAccountIdDTO 查询条件 DTO
-     * @return 资源列表
-     */
-    List<ResourceBO> getResourcesByAccountId(AuthorizationGetResourcesByAccountIdDTO getResourcesByAccountIdDTO);
-
-    /**
-     * 获得每个账号拥有的角色集合
-     *
-     * @param getRoleMapByAccountIdsDTO 查询条件 DTO
-     * @return <账号编号, <RoleBO>>
-     */
-    Map<Integer, Set<RoleBO>> getRoleMapByAccountIds(AuthorizationGetRoleMapByAccountIdsDTO getRoleMapByAccountIdsDTO);
-
-    /**
-     * 获得指定账号的资源树
-     *
-     * 如果该账号为超级管理员，则返回所有资源
-     *
-     * @param getResourceTreeByAccountIdDTO 查询条件 DTO
-     * @return 资源树
-     */
-    List<ResourceTreeNodeBO> getResourceTreeByAccountId(AuthorizationGetResourcesByAccountIdDTO getResourceTreeByAccountIdDTO);
-
-    /**
-     * 获得指定角色拥有的资源编号集合
-     *
-     * @param getRoleResourcesDTO 查询条件 DTO
-     * @return 资源编号数集合
-     */
-    Set<Integer> getRoleResources(AuthorizationGetRoleResourcesDTO getRoleResourcesDTO);
-
-
 }
--- a/system/system-biz/src/main/java/cn/iocoder/mall/system/biz/service/authorization/AuthorizationServiceImpl.java
+++ b/system/system-biz/src/main/java/cn/iocoder/mall/system/biz/service/authorization/AuthorizationServiceImpl.java
@@ -30,48 +30,6 @@ import static cn.iocoder.mall.system.biz.enums.SystemErrorCodeEnum.AUTHORIZATION
@Slf4j
 public class AuthorizationServiceImpl implements AuthorizationService {

-    @Autowired
-    private AccountRoleMapper accountRoleMapper;
-    @Autowired
-    private RoleResourceMapper roleResourceMapper;
-
-    @Autowired
-    private RoleService roleService;
-    @Autowired
-    private ResourceService resourceService;
-
-    @Override
-    public void checkPermissions(AuthorizationCheckPermissionsDTO checkPermissionsDTO) {
-        // 查询管理员拥有的角色关联数据
-        List<AccountRoleDO> accountRoleDOs = accountRoleMapper.selectByAccountId(checkPermissionsDTO.getAccountId());
-        if (CollectionUtil.isEmpty(accountRoleDOs)) { // 如果没有角色，默认无法访问
-            throw ServiceExceptionUtil.exception(AUTHORIZATION_PERMISSION_DENY);
-        }
-        Set<Integer> roleIds = CollectionUtil.convertSet(accountRoleDOs, AccountRoleDO::getRoleId);
-        // 判断是否为超管。若是超管，默认有所有权限
-        if (roleService.hasSuperAdmin(roleIds)) {
-            return;
-        }
-        // 查询权限对应资源
-        List<ResourceBO> resourceBOs = resourceService.getResourcesByPermissions(checkPermissionsDTO.getPermissions());
-        if (CollectionUtil.isEmpty(resourceBOs)) { // 无对应资源，则认为无需权限验证
-            log.warn("[checkPermissions][permission({}) 未配置对应资源]", checkPermissionsDTO.getPermissions());
-            return;
-        }
-        Set<Integer> permissionIds = CollectionUtil.convertSet(resourceBOs, ResourceBO::getId);
-        // 权限验证
-        List<RoleResourceDO> roleResourceDOs = roleResourceMapper.selectListByResourceIds(permissionIds);
-        if (CollectionUtil.isEmpty(roleResourceDOs)) { // 资源未授予任何角色，必然权限验证不通过
-            throw ServiceExceptionUtil.exception(AUTHORIZATION_PERMISSION_DENY);
-        }
-        Map<Integer, List<Integer>> resourceRoleMap = CollectionUtil.convertMultiMap(roleResourceDOs,
-                RoleResourceDO::getResourceId, RoleResourceDO::getRoleId);
-        for (Map.Entry<Integer, List<Integer>> entry : resourceRoleMap.entrySet()) {
-            if (!CollectionUtil.containsAny(roleIds, entry.getValue())) { // 所以有任一不满足，就验证失败，抛出异常
-                throw ServiceExceptionUtil.exception(AUTHORIZATION_PERMISSION_DENY);
-            }
-        }
-    }

    @EventListener
    public void handleResourceDeleteEvent(ResourceDeleteEvent event) {