完善管理员认证、鉴权拦截器

2019-02-27 01:19:38 +08:00
parent 09004dc000
commit 5a73061e73
11 changed files with 57 additions and 19 deletions
--- a/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/convert/OAuth2Convert.java
+++ b/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/convert/OAuth2Convert.java
@@ -10,6 +10,7 @@ import org.mapstruct.Mappings;
 import org.mapstruct.factory.Mappers;

 import java.util.List;
+import java.util.stream.Collectors;

@Mapper
 public interface OAuth2Convert {
@@ -26,10 +27,12 @@ public interface OAuth2Convert {
                .setExpiresIn(Math.max((int) ((oauth2AccessTokenDO.getExpiresTime().getTime() - System.currentTimeMillis()) / 1000), 0));
    }

-    @Mappings({
-            @Mapping(source = "oauth2AccessTokenDO.id", target = "accessToken"),
-            @Mapping(source = "adminRoleDOs.roleId", target = "roleIds")
-    })
-    OAuth2AuthenticationBO convertToAuthentication(OAuth2AccessTokenDO oauth2AccessTokenDO, List<AdminRoleDO> adminRoleDOs);
+    @Mappings({})
+    OAuth2AuthenticationBO convertToAuthentication(OAuth2AccessTokenDO oauth2AccessTokenDO);
+
+    default OAuth2AuthenticationBO convertToAuthentication(OAuth2AccessTokenDO oauth2AccessTokenDO, List<AdminRoleDO> adminRoleDOs) {
+        return convertToAuthentication(oauth2AccessTokenDO)
+                .setRoleIds(adminRoleDOs.stream().map(AdminRoleDO::getRoleId).collect(Collectors.toSet()));
+    }

 }
--- a/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/dataobject/RoleDO.java
+++ b/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/dataobject/RoleDO.java
@@ -33,6 +33,15 @@ public class RoleDO {
     */
    private Integer status;

+    public Integer getId() {
+        return id;
+    }
+
+    public RoleDO setId(Integer id) {
+        this.id = id;
+        return this;
+    }
+
    public String getName() {
        return name;
    }
--- a/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/dataobject/RoleResourceDO.java
+++ b/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/dataobject/RoleResourceDO.java
@@ -16,7 +16,7 @@ public class RoleResourceDO {
     */
    private Integer roleId;
    /**
-     * 资源比那好(外键：{@link ResourceDO}
+     * 资源编号(外键：{@link ResourceDO}
     */
    private Integer resourceId;
    /**
--- a/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/service/OAuth2ServiceImpl.java
+++ b/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/service/OAuth2ServiceImpl.java
@@ -70,6 +70,7 @@ public class OAuth2ServiceImpl implements OAuth2Service {
        }
        // 获得管理员拥有的角色
        List<AdminRoleDO> adminRoleDOs = adminService.getAdminRoles(accessTokenDO.getAdminId());
+        // TODO 芋艿，有个 bug ，要排除掉已经失效的角色
        return CommonResult.success(OAuth2Convert.INSTANCE.convertToAuthentication(accessTokenDO, adminRoleDOs));
    }

@@ -81,11 +82,11 @@ public class OAuth2ServiceImpl implements OAuth2Service {
        }
        // 校验权限
        List<RoleResourceDO> roleResourceDOs = roleService.getRoleByResourceHandler(url);
-        if (roleResourceDOs.isEmpty()) { // 任何角色，都可以访问
+        if (roleResourceDOs.isEmpty()) { // 任何角色，都可以访问。TODO 后面调整下，如果未配置的资源，直接不校验权限
            return CommonResult.success(true);
        }
        for (RoleResourceDO roleResourceDO : roleResourceDOs) {
-            if (roleIds.contains(roleResourceDO.getId())) {
+            if (roleIds.contains(roleResourceDO.getRoleId())) {
                return CommonResult.success(true);
            }
        }