增加 auth 授权相关处理(未完成)
This commit is contained in:
YunaiV
@@ -0,0 +1,15 @@
|
||||
package cn.iocoder.mall.system.biz.bo.authorization;
|
||||
|
||||
import lombok.Data;
|
||||
import lombok.experimental.Accessors;
|
||||
|
||||
/**
|
||||
* 授权模块 - 授权信息 BO
|
||||
*/
|
||||
@Data
|
||||
@Accessors(chain = true)
|
||||
public class AuthorizationBO {
|
||||
|
||||
|
||||
|
||||
}
|
||||
@@ -0,0 +1,34 @@
|
||||
package cn.iocoder.mall.system.biz.dataobject.authorization;
|
||||
|
||||
import cn.iocoder.common.framework.dataobject.DeletableDO;
|
||||
import cn.iocoder.mall.system.biz.dataobject.account.AccountDO;
|
||||
import com.baomidou.mybatisplus.annotation.TableName;
|
||||
import lombok.Data;
|
||||
import lombok.experimental.Accessors;
|
||||
|
||||
/**
|
||||
* {@link AccountDO} 和 {@link RoleDO} 的关联表
|
||||
*/
|
||||
@TableName("admin_role")
|
||||
@Data
|
||||
@Accessors(chain = true)
|
||||
public class AccountRoleDO extends DeletableDO {
|
||||
|
||||
/**
|
||||
* 编号
|
||||
*/
|
||||
private Integer id;
|
||||
/**
|
||||
* 账号编号
|
||||
*
|
||||
* 关联 {@link AccountDO#getId()}
|
||||
*/
|
||||
private Integer accountId;
|
||||
/**
|
||||
* 角色编号
|
||||
*
|
||||
* 关联 {@link RoleDO#getId()}
|
||||
*/
|
||||
private Integer roleId;
|
||||
|
||||
}
|
||||
@@ -0,0 +1,73 @@
|
||||
package cn.iocoder.mall.system.biz.dataobject.authorization;
|
||||
|
||||
import cn.iocoder.common.framework.dataobject.DeletableDO;
|
||||
import com.baomidou.mybatisplus.annotation.TableName;
|
||||
import lombok.Data;
|
||||
import lombok.EqualsAndHashCode;
|
||||
import lombok.experimental.Accessors;
|
||||
|
||||
/**
|
||||
* 资源实体
|
||||
*/
|
||||
@Data
|
||||
@EqualsAndHashCode(callSuper = true)
|
||||
@Accessors(chain = true)
|
||||
@TableName(value = "resource")
|
||||
public class ResourceDO extends DeletableDO {
|
||||
|
||||
/**
|
||||
* 资源编号
|
||||
*/
|
||||
private Integer id;
|
||||
/**
|
||||
* 菜单名
|
||||
*/
|
||||
private String name;
|
||||
/**
|
||||
* 权限标识
|
||||
*
|
||||
* 一般格式为:${系统}:${模块}:${操作}
|
||||
* 例如说:system:admin:add,即 system 服务的添加管理员。
|
||||
*
|
||||
* 当我们把该 ResourceDO 赋予给角色后,意味着该角色有该资源:
|
||||
* - 对于后端,配合 @RequiresPermissions 注解,配置 API 接口需要该权限,从而对 API 接口进行权限控制。
|
||||
* - 对于前端,配合前端标签,配置按钮是否展示,避免用户没有该权限时,结果可以看到该操作。
|
||||
*/
|
||||
private String permission;
|
||||
/**
|
||||
* 资源类型
|
||||
*
|
||||
* 关联 {@link Resource}
|
||||
*/
|
||||
private Integer type;
|
||||
/**
|
||||
* 排序
|
||||
*/
|
||||
private Integer sort;
|
||||
/**
|
||||
* 父级资源编号
|
||||
*
|
||||
* 关联:{@link ResourceDO#getId()}
|
||||
*/
|
||||
private Integer pid;
|
||||
/**
|
||||
*
|
||||
*
|
||||
* 目前当且仅当资源类型为【菜单】时,才会生效,即 handler 配置为界面 URL ,或者前端组件名,或者前端的路由。
|
||||
*/
|
||||
private String handler;
|
||||
/**
|
||||
* 图标
|
||||
*
|
||||
* 目前当且仅当资源类型为【菜单】时,才会生效
|
||||
*/
|
||||
private String icon;
|
||||
/**
|
||||
* 权限标识数组,使用逗号分隔。
|
||||
*
|
||||
* 例如:system:admin:add
|
||||
* 推荐格式为 ${系统}:${模块}:${操作}
|
||||
*/
|
||||
private String permissions;
|
||||
|
||||
}
|
||||
@@ -0,0 +1,25 @@
|
||||
package cn.iocoder.mall.system.biz.dataobject.authorization;
|
||||
|
||||
import cn.iocoder.common.framework.dataobject.DeletableDO;
|
||||
import com.baomidou.mybatisplus.annotation.TableName;
|
||||
import lombok.Data;
|
||||
import lombok.experimental.Accessors;
|
||||
|
||||
/**
|
||||
* 角色实体
|
||||
*/
|
||||
@TableName("role")
|
||||
@Data
|
||||
@Accessors(chain = true)
|
||||
public class RoleDO extends DeletableDO {
|
||||
|
||||
/**
|
||||
* 角色编号
|
||||
*/
|
||||
private Integer id;
|
||||
/**
|
||||
* 角色名
|
||||
*/
|
||||
private String name;
|
||||
|
||||
}
|
||||
@@ -0,0 +1,29 @@
|
||||
package cn.iocoder.mall.system.biz.dataobject.authorization;
|
||||
|
||||
import cn.iocoder.common.framework.dataobject.DeletableDO;
|
||||
import com.baomidou.mybatisplus.annotation.TableName;
|
||||
import lombok.Data;
|
||||
import lombok.experimental.Accessors;
|
||||
|
||||
/**
|
||||
* {@link RoleDO} 和 {@link ResourceDO} 的关联表
|
||||
*/
|
||||
@TableName("role_resource")
|
||||
@Data
|
||||
@Accessors(chain = true)
|
||||
public class RoleResourceDO extends DeletableDO {
|
||||
|
||||
/**
|
||||
* 编号
|
||||
*/
|
||||
private Integer id;
|
||||
/**
|
||||
* 角色编号(外键:{@link RoleDO}
|
||||
*/
|
||||
private Integer roleId;
|
||||
/**
|
||||
* 资源编号(外键:{@link ResourceDO}
|
||||
*/
|
||||
private Integer resourceId;
|
||||
|
||||
}
|
||||
@@ -0,0 +1,20 @@
|
||||
package cn.iocoder.mall.system.biz.dto.authorization;
|
||||
|
||||
import lombok.Data;
|
||||
import lombok.experimental.Accessors;
|
||||
|
||||
import javax.validation.constraints.NotNull;
|
||||
|
||||
/**
|
||||
* OAuth2 模块 - 访问令牌认证 Request
|
||||
*/
|
||||
@Data
|
||||
@Accessors(chain = true)
|
||||
public class AuthorizationCheckPermissionsDTO {
|
||||
|
||||
@NotNull(message = "访问令牌不能为空")
|
||||
private String accessToken;
|
||||
@NotNull(message = "IP 不能为空")
|
||||
private String ip;
|
||||
|
||||
}
|
||||
@@ -1,96 +0,0 @@
|
||||
package cn.iocoder.mall.system.biz.enums;
|
||||
|
||||
import cn.iocoder.common.framework.util.ServiceExceptionUtil;
|
||||
|
||||
/**
|
||||
* 错误码枚举类
|
||||
*
|
||||
* system 系统,使用 1-002-000-000 段
|
||||
*/
|
||||
public enum SystemErrorCodeEnum implements ServiceExceptionUtil.Enumerable {
|
||||
|
||||
// ========== OAUTH2 模块 ==========
|
||||
OAUTH2_UNKNOWN(1001001000, "未知错误"), // 预留
|
||||
OAUTH2_ACCOUNT_NOT_FOUND(1001001001, "账号不存在"),
|
||||
OAUTH2_ACCOUNT_PASSWORD_ERROR(1001001002, "密码不正确"),
|
||||
OAUTH2_INVALID_TOKEN_NOT_FOUND(1002001011, "访问令牌不存在"),
|
||||
OAUTH2_INVALID_TOKEN_EXPIRED(1002001012, "访问令牌已过期"),
|
||||
OAUTH2_INVALID_TOKEN_INVALID(1002001013, "访问令牌已失效"),
|
||||
// OAUTH2_NOT_LOGIN(1002001015, "账号未登陆"),
|
||||
// OAUTH_INVALID_REFRESH_TOKEN_NOT_FOUND(1002001017, "刷新令牌不存在"),
|
||||
// OAUTH_INVALID_REFRESH_TOKEN_EXPIRED(1002001018, "访问令牌已过期"),
|
||||
|
||||
|
||||
// ========== OAuth 手机验证码模块 ==========
|
||||
OAUTH2_MOBILE_CODE_NOT_FOUND(1001001100, "验证码不存在"),
|
||||
OAUTH2_MOBILE_CODE_EXPIRED(1001001101, "验证码已过期"),
|
||||
OAUTH2_MOBILE_CODE_USED(1001001102, "验证码已使用"),
|
||||
OAUTH2_MOBILE_CODE_NOT_CORRECT(1001001104, "验证码不正确"),
|
||||
OAUTH2_MOBILE_CODE_EXCEED_SEND_MAXIMUM_QUANTITY_PER_DAY(1001001105, "超过每日短信发送数量"),
|
||||
OAUTH2_MOBILE_CODE_SEND_TOO_FAST(1001001106, "短信发送过于频率"),
|
||||
|
||||
|
||||
// ========== 管理员模块 1002002000 ==========
|
||||
ADMIN_NOT_FOUND(1002002000, "管理员不存在"),
|
||||
// 废弃 ADMIN_USERNAME_NOT_REGISTERED(1002002000, "账号不存在"),
|
||||
// 废弃 ADMIN_PASSWORD_ERROR(1002002001, "密码不正确"),
|
||||
// ADMIN_IS_DISABLE(1002002002, "账号被禁用"),
|
||||
// ADMIN_USERNAME_EXISTS(1002002002, "账号已经存在"),
|
||||
// ADMIN_STATUS_EQUALS(1002002003, "账号已经是该状态"),
|
||||
// ADMIN_DELETE_ONLY_DISABLE(1002002004, "只有关闭的账号才可以删除"),
|
||||
// ADMIN_ADMIN_STATUS_CAN_NOT_UPDATE(1002002005, "管理员的账号状态不允许变更"),
|
||||
// ADMIN_ASSIGN_ROLE_NOT_EXISTS(1002002006, "分配员工角色时,有角色不存在"),
|
||||
// ADMIN_INVALID_PERMISSION(1002002007, "没有该操作权限"),
|
||||
// ADMIN_ADMIN_CAN_NOT_UPDATE(1002002008, "管理员的账号不允许变更"),
|
||||
// ADMIN_DEMO_CAN_NOT_WRITE(1002002009, "演示账号,暂不允许写操作。欢迎加入我们的交流群:http://t.cn/EKEr5WE"),
|
||||
|
||||
// ========== 资源模块 1002003000 ==========
|
||||
// RESOURCE_NAME_DUPLICATE(1002003000, "已经存在该名字的资源"),
|
||||
// RESOURCE_PARENT_NOT_EXISTS(1002003001, "父资源不存在"),
|
||||
// RESOURCE_PARENT_ERROR(1002003002, "不能设置自己为父资源"),
|
||||
// RESOURCE_NOT_EXISTS(1002003003, "资源不存在"),
|
||||
// RESOURCE_EXISTS_CHILDREN(1002003004, "存在子资源,无法删除"),
|
||||
// RESOURCE_PARENT_NOT_MENU(1002003005, "父资源的类型必须是菜单"),
|
||||
|
||||
// ========== 角色模块 1002004000 ==========
|
||||
// ROLE_NOT_EXISTS(1002004000, "角色不存在"),
|
||||
// ROLE_ASSIGN_RESOURCE_NOT_EXISTS(1002004001, "分配角色资源时,有资源不存在"),
|
||||
|
||||
// ========== 数据字典模块 1002005000 ==========
|
||||
// DATA_DICT_EXISTS(1002005000, "该数据字典已经存在"),
|
||||
// DATA_DICT_NOT_EXISTS(1002005001, "该数据字典不存在"),
|
||||
|
||||
// ========== 短信模板 1002006000 ==========
|
||||
// SMS_PLATFORM_FAIL(1002006000, "短信平台调用失败【具体错误会动态替换】"),
|
||||
// SMS_SIGN_NOT_EXISTENT(1002006001, "短信签名不存在"),
|
||||
// SMS_SIGN_IS_EXISTENT(1002006002, "短信签名已存在"),
|
||||
// SMS_TEMPLATE_NOT_EXISTENT(1002006020, "短信签名不存在"),
|
||||
// SMS_TEMPLATE_IS_EXISTENT(1002006021, "短信签名不存在"),
|
||||
// SMS_NOT_SEND_CLIENT(1002006030, "短信没有发送的client"),
|
||||
|
||||
// ========== 部门模块 1002007000 ==========
|
||||
// DEPT_SAME_LEVEL_NAME_EXITS(1002007001,"当前级别部门名字已存在"),
|
||||
// DEPT_PARENT_NOT_EXITS(1002007002,"父级部门不存在"),
|
||||
// DEPT_NOT_EXITS(1002007003, "当前部门不存在"),
|
||||
// DEPT_EXITS_CHILDREN(1002007004, "当前部门存在子部门"),
|
||||
// DEPT_PARENT_NOT_LEGAL(1002007005, "父级部门不合法"),
|
||||
;
|
||||
|
||||
private final int code;
|
||||
private final String message;
|
||||
|
||||
SystemErrorCodeEnum(int code, String message) {
|
||||
this.code = code;
|
||||
this.message = message;
|
||||
}
|
||||
|
||||
@Override
|
||||
public int getCode() {
|
||||
return code;
|
||||
}
|
||||
|
||||
public String getMessage() {
|
||||
return message;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,44 @@
|
||||
package cn.iocoder.mall.system.biz.enums.authorization;
|
||||
|
||||
import cn.iocoder.common.framework.core.IntArrayValuable;
|
||||
|
||||
import java.util.Arrays;
|
||||
|
||||
/**
|
||||
* 资源类型枚举
|
||||
*/
|
||||
public enum ResourceTypeEnum implements IntArrayValuable {
|
||||
|
||||
MENU(1, "菜单"),
|
||||
BUTTON(2, "按钮");
|
||||
|
||||
public static final int[] ARRAYS = Arrays.stream(values()).mapToInt(ResourceTypeEnum::getValue).toArray();
|
||||
|
||||
/**
|
||||
* 资源类型
|
||||
*/
|
||||
private final Integer value;
|
||||
/**
|
||||
* 资源类型名
|
||||
*/
|
||||
private final String name;
|
||||
|
||||
ResourceTypeEnum(Integer value, String name) {
|
||||
this.value = value;
|
||||
this.name = name;
|
||||
}
|
||||
|
||||
public Integer getValue() {
|
||||
return value;
|
||||
}
|
||||
|
||||
public String getName() {
|
||||
return name;
|
||||
}
|
||||
|
||||
@Override
|
||||
public int[] array() {
|
||||
return ARRAYS;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,10 @@
|
||||
package cn.iocoder.mall.system.biz.service.admin;
|
||||
|
||||
/**
|
||||
* 授权 Service 接口
|
||||
*/
|
||||
public class AuthorizationService {
|
||||
|
||||
|
||||
|
||||
}
|
||||
@@ -0,0 +1,9 @@
|
||||
package cn.iocoder.mall.system.biz.service.authorization;
|
||||
|
||||
import cn.iocoder.mall.system.biz.dto.authorization.AuthorizationCheckPermissionsDTO;
|
||||
|
||||
public interface AuthorizationService {
|
||||
|
||||
void checkPermissions(AuthorizationCheckPermissionsDTO checkPermissionsDTO);
|
||||
|
||||
}
|
||||
@@ -0,0 +1,14 @@
|
||||
package cn.iocoder.mall.system.biz.service.authorization;
|
||||
|
||||
import cn.iocoder.mall.system.biz.dto.authorization.AuthorizationCheckPermissionsDTO;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
@Service
|
||||
public class AuthorizationServiceImpl implements AuthorizationService {
|
||||
|
||||
@Override
|
||||
public void checkPermissions(AuthorizationCheckPermissionsDTO checkPermissionsDTO) {
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,4 @@
|
||||
package cn.iocoder.mall.system.biz.service.authorization;
|
||||
|
||||
public interface ResourceService {
|
||||
}
|
||||
@@ -0,0 +1,4 @@
|
||||
package cn.iocoder.mall.system.biz.service.authorization;
|
||||
|
||||
public interface RoleService {
|
||||
}
|
||||
@@ -53,7 +53,7 @@ public class OAuth2ServiceImpl implements OAuth2Service {
|
||||
|
||||
@Override
|
||||
@Transactional
|
||||
public OAuth2AccessTokenBO authenticate(OAuth2UsernameAuthenticateDTO authenticateDTO) {
|
||||
public OAuth2AccessTokenBO authenticate(OAuth2UsernameAuthenticateDTO authenticateDTO) {
|
||||
// 获得账号
|
||||
AccountBO accountBO = accountService.getByUsername(authenticateDTO.getUsername());
|
||||
if (accountBO == null) {
|
||||
@@ -101,13 +101,13 @@ public class OAuth2ServiceImpl implements OAuth2Service {
|
||||
public OAuth2AccessTokenBO authenticate(OAuth2AccessTokenAuthenticateDTO authenticateDTO) {
|
||||
OAuth2AccessTokenDO oauth2AccessTokenDO = oauth2AccessTokenMapper.selectById(authenticateDTO.getAccessToken());
|
||||
if (oauth2AccessTokenDO == null) { // 不存在
|
||||
throw ServiceExceptionUtil.exception(SystemErrorCodeEnum.OAUTH2_INVALID_TOKEN_NOT_FOUND.getCode());
|
||||
throw ServiceExceptionUtil.exception(SystemErrorCodeEnum.OAUTH2_ACCESS_TOKEN_NOT_FOUND.getCode());
|
||||
}
|
||||
if (oauth2AccessTokenDO.getExpiresTime().getTime() < System.currentTimeMillis()) { // 已过期
|
||||
throw ServiceExceptionUtil.exception(SystemErrorCodeEnum.OAUTH2_INVALID_TOKEN_EXPIRED.getCode());
|
||||
throw ServiceExceptionUtil.exception(SystemErrorCodeEnum.OAUTH2_ACCESS_TOKEN_TOKEN_EXPIRED.getCode());
|
||||
}
|
||||
if (!oauth2AccessTokenDO.getValid()) { // 无效
|
||||
throw ServiceExceptionUtil.exception(SystemErrorCodeEnum.OAUTH2_INVALID_TOKEN_INVALID.getCode());
|
||||
throw ServiceExceptionUtil.exception(SystemErrorCodeEnum.OAUTH2_ACCESS_TOKEN_INVALID.getCode());
|
||||
}
|
||||
// 转换返回
|
||||
return OAuth2Convert.INSTANCE.convert(oauth2AccessTokenDO);
|
||||
|
||||
Reference in New Issue
Block a user