完全权限模块的权限注册的添加
This commit is contained in:
YunaiV
@@ -1,8 +1,11 @@
|
||||
package cn.iocoder.mall.systemservice.manager.permission;
|
||||
|
||||
import cn.hutool.core.collection.CollectionUtil;
|
||||
import cn.iocoder.common.framework.util.CollectionUtils;
|
||||
import cn.iocoder.common.framework.util.ServiceExceptionUtil;
|
||||
import cn.iocoder.mall.systemservice.rpc.permission.dto.PermissionAssignAdminRoleDTO;
|
||||
import cn.iocoder.mall.systemservice.rpc.permission.dto.PermissionAssignRoleResourceDTO;
|
||||
import cn.iocoder.mall.systemservice.rpc.permission.dto.PermissionCheckDTO;
|
||||
import cn.iocoder.mall.systemservice.service.permission.PermissionService;
|
||||
import cn.iocoder.mall.systemservice.service.permission.ResourceService;
|
||||
import cn.iocoder.mall.systemservice.service.permission.RoleService;
|
||||
@@ -13,6 +16,8 @@ import org.springframework.stereotype.Service;
|
||||
import java.util.Collections;
|
||||
import java.util.Set;
|
||||
|
||||
import static cn.iocoder.mall.systemservice.enums.SystemErrorCodeEnum.AUTHORIZATION_PERMISSION_DENY;
|
||||
|
||||
/**
|
||||
* 权限 Manager
|
||||
*/
|
||||
@@ -69,5 +74,25 @@ public class PermissionManager {
|
||||
permissionService.assignAdminRole(assignAdminRoleDTO.getAdminId(), assignAdminRoleDTO.getRoleIds());
|
||||
}
|
||||
|
||||
/**
|
||||
* 校验管理员是否拥有指定权限。
|
||||
*
|
||||
* 如果没有,则抛出 {@link cn.iocoder.common.framework.exception.ServiceException} 异常
|
||||
*
|
||||
* @param checkDTO 校验权限 DTO
|
||||
*/
|
||||
public void checkPermission(PermissionCheckDTO checkDTO) {
|
||||
// 查询管理员拥有的角色关联数据
|
||||
Set<Integer> roleIds = permissionService.listAdminRoleIds(checkDTO.getAdminId());
|
||||
if (CollectionUtil.isEmpty(roleIds)) { // 如果没有角色,默认无法访问
|
||||
throw ServiceExceptionUtil.exception(AUTHORIZATION_PERMISSION_DENY);
|
||||
}
|
||||
// 判断是否为超管。若是超管,默认有所有权限
|
||||
if (roleService.hasSuperAdmin(roleIds)) {
|
||||
return;
|
||||
}
|
||||
// 校验权限
|
||||
permissionService.checkPermission(roleIds, checkDTO.getPermissions());
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -4,6 +4,7 @@ import cn.iocoder.common.framework.vo.CommonResult;
|
||||
import cn.iocoder.mall.systemservice.manager.permission.PermissionManager;
|
||||
import cn.iocoder.mall.systemservice.rpc.permission.dto.PermissionAssignAdminRoleDTO;
|
||||
import cn.iocoder.mall.systemservice.rpc.permission.dto.PermissionAssignRoleResourceDTO;
|
||||
import cn.iocoder.mall.systemservice.rpc.permission.dto.PermissionCheckDTO;
|
||||
import org.apache.dubbo.config.annotation.Service;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
|
||||
@@ -42,4 +43,10 @@ public class PermissionRpcImpl implements PermissionRpc {
|
||||
return success(true);
|
||||
}
|
||||
|
||||
@Override
|
||||
public CommonResult<Boolean> checkPermission(PermissionCheckDTO checkDTO) {
|
||||
permissionManager.checkPermission(checkDTO);
|
||||
return success(true);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -5,6 +5,7 @@ import cn.iocoder.common.framework.util.CollectionUtils;
|
||||
import cn.iocoder.common.framework.util.ServiceExceptionUtil;
|
||||
import cn.iocoder.mall.systemservice.dal.mysql.dataobject.admin.AdminDO;
|
||||
import cn.iocoder.mall.systemservice.dal.mysql.dataobject.permission.AdminRoleDO;
|
||||
import cn.iocoder.mall.systemservice.dal.mysql.dataobject.permission.ResourceDO;
|
||||
import cn.iocoder.mall.systemservice.dal.mysql.dataobject.permission.RoleDO;
|
||||
import cn.iocoder.mall.systemservice.dal.mysql.dataobject.permission.RoleResourceDO;
|
||||
import cn.iocoder.mall.systemservice.dal.mysql.mapper.admin.AdminMapper;
|
||||
@@ -12,11 +13,14 @@ import cn.iocoder.mall.systemservice.dal.mysql.mapper.permission.AdminRoleMapper
|
||||
import cn.iocoder.mall.systemservice.dal.mysql.mapper.permission.ResourceMapper;
|
||||
import cn.iocoder.mall.systemservice.dal.mysql.mapper.permission.RoleMapper;
|
||||
import cn.iocoder.mall.systemservice.dal.mysql.mapper.permission.RoleResourceMapper;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
@@ -26,6 +30,7 @@ import static cn.iocoder.mall.systemservice.enums.SystemErrorCodeEnum.*;
|
||||
* 权限 Service
|
||||
*/
|
||||
@Service
|
||||
@Slf4j
|
||||
public class PermissionService {
|
||||
|
||||
@Autowired
|
||||
@@ -122,4 +127,26 @@ public class PermissionService {
|
||||
return CollectionUtils.convertSet(adminRoleDOs, AdminRoleDO::getRoleId);
|
||||
}
|
||||
|
||||
public void checkPermission(Collection<Integer> roleIds, Collection<String> permissions) {
|
||||
// 查询权限对应资源
|
||||
List<ResourceDO> resourceBOs = resourceMapper.selectListByPermissions(permissions);
|
||||
if (CollectionUtil.isEmpty(resourceBOs)) { // 无对应资源,则认为无需权限验证
|
||||
log.warn("[checkPermission][permission({}) 未配置对应资源]", permissions);
|
||||
return;
|
||||
}
|
||||
Set<Integer> permissionIds = CollectionUtils.convertSet(resourceBOs, ResourceDO::getId);
|
||||
// 权限验证
|
||||
List<RoleResourceDO> roleResourceDOs = roleResourceMapper.selectListByResourceIds(permissionIds);
|
||||
if (CollectionUtil.isEmpty(roleResourceDOs)) { // 资源未授予任何角色,必然权限验证不通过
|
||||
throw ServiceExceptionUtil.exception(AUTHORIZATION_PERMISSION_DENY);
|
||||
}
|
||||
Map<Integer, List<Integer>> resourceRoleMap = CollectionUtils.convertMultiMap(roleResourceDOs,
|
||||
RoleResourceDO::getResourceId, RoleResourceDO::getRoleId);
|
||||
for (Map.Entry<Integer, List<Integer>> entry : resourceRoleMap.entrySet()) {
|
||||
if (!CollectionUtil.containsAny(roleIds, entry.getValue())) { // 所以有任一不满足,就验证失败,抛出异常
|
||||
throw ServiceExceptionUtil.exception(AUTHORIZATION_PERMISSION_DENY);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user