Kaynağa Gözat

登录

master
yaoq 2 yıl önce
ebeveyn
işleme
ac30826a28
5 değiştirilmiş dosya ile 128 ekleme ve 80 silme
  1. +11
    -5
      smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/login/AuthService.java
  2. +7
    -4
      smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/login/LoginAckVO.java
  3. +6
    -1
      smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/user/UserHandler.java
  4. +35
    -2
      smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/user/UserPartyCache.java
  5. +69
    -68
      smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/realm/interceptor/AbstractPermInterceptor.java

+ 11
- 5
smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/login/AuthService.java Dosyayı Görüntüle

@@ -12,6 +12,7 @@ import cc.smtweb.framework.core.session.SessionManager;
import cc.smtweb.framework.core.session.UserSession;
import cc.smtweb.system.bpm.web.sys.user.party.Party;
import cc.smtweb.system.bpm.web.sys.user.party.PartyCache;
import cc.smtweb.system.bpm.web.sys.user.user.User;
import cc.smtweb.system.bpm.web.sys.user.user.UserCache;
import lombok.extern.slf4j.Slf4j;

@@ -59,13 +60,18 @@ public class AuthService {
return R.success(data);
}
userSession.setSiteId(1);
User user = UserCache.getInstance().get(userSession.getUserId());
LoginAckVO loginAckVO = new LoginAckVO();
loginAckVO.setUserId(userSession.getUserId());
loginAckVO.setUserName(UserCache.getInstance().getNameById(userSession.getUserId()));
loginAckVO.setUserAvatar("");
loginAckVO.setUserId(user.getId());
loginAckVO.setUserName(user.getName());
loginAckVO.setRealName(user.getName());
loginAckVO.setPartyId(userSession.getPartyId());
loginAckVO.setAvatar("");
loginAckVO.setDesc(user.getSign());
loginAckVO.setToken(sessionManager.login(userSession));
data.put("data", loginAckVO);

data.put("user", loginAckVO);
data.put("token", loginAckVO.getToken());
data.put("isOk", true);
data.put("msg", "");
return R.success(data);


+ 7
- 4
smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/login/LoginAckVO.java Dosyayı Görüntüle

@@ -4,8 +4,11 @@ import lombok.Data;

@Data
public class LoginAckVO {
private Long userId;
private String userAvatar;
private String userName;
private String token;
private Long userId;
private Long partyId;
private String userName;
private String realName;
private String avatar;
private String desc;
private String token;
}

+ 6
- 1
smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/user/UserHandler.java Dosyayı Görüntüle

@@ -8,7 +8,9 @@ import cc.smtweb.framework.core.db.EntityDao;
import cc.smtweb.framework.core.db.impl.DefaultEntity;
import cc.smtweb.framework.core.db.jdbc.AbsDbWorker;
import cc.smtweb.framework.core.db.vo.ModelTable;
import cc.smtweb.framework.core.exception.BizException;
import cc.smtweb.framework.core.mvc.service.AbstractHandler;
import cc.smtweb.framework.core.util.PubUtil;
import cc.smtweb.system.bpm.web.design.form.define.PageDataset;
import cc.smtweb.system.bpm.web.engine.dynPage.DynPageDelHandler;
import cc.smtweb.system.bpm.web.engine.dynPage.DynPageListHandler;
@@ -58,6 +60,7 @@ public class UserHandler {
roleList = new ArrayList<>();
partyList = new ArrayList<>();
List<Map<String, Object>> rows = data.readListMap("partyData");
if (PubUtil.isEmpty(rows)) throw new BizException("用户所属机构为空");
for (Map<String, Object> row : rows) {
UserParty userParty = new UserParty();
userParty.init();
@@ -66,7 +69,9 @@ public class UserHandler {
userParty.setEntityId(DbEngine.getInstance().nextId());
partyList.add(userParty);

for (String role_id : row.get("sup_roles").toString().split(",")) {
String roles = row.get("sup_roles").toString();
if(PubUtil.isEmpty(roles)) throw new BizException("用户机构所属角色为空");
for (String role_id : roles.split(",")) {
UserRole userRole = new UserRole();
userRole.init();
userRole.setEntityId(DbEngine.getInstance().nextId());


+ 35
- 2
smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/user/UserPartyCache.java Dosyayı Görüntüle

@@ -16,6 +16,10 @@ import java.util.Set;
public class UserPartyCache extends AbstractEntityCache<UserParty> {
//缓存key:按用户缓存
public final static String mk_u = "u";
//缓存key:按部门缓存
public final static String mk_d = "d";
//缓存key:按机构缓存
public final static String mk_p = "p";

public static UserPartyCache getInstance() {
return CacheManager.getIntance().getCache(UserPartyCache.class);
@@ -24,20 +28,49 @@ public class UserPartyCache extends AbstractEntityCache<UserParty> {
public UserPartyCache() {
//缓存key:按用户缓存
regList(mk_u, "sup_user_id");
regList(mk_d, "sup_dept_id");
regList(mk_p, "sup_party_id");
}

//缓存key:按用户缓存
public final Set<UserParty> getByU(String key) {
public final Set<UserParty> getByUser(String key) {
return getListByKey(mk_u, key);
}
public final Set<UserParty> getByDept(String key) {
return getListByKey(mk_d, key);
}
public final Set<UserParty> getByParty(String key) {
return getListByKey(mk_p, key);
}

public final Set<Long> getIdByUser(Long key) {
Set<Long> ids = new HashSet<>();
Set<UserParty> set = getByU(String.valueOf(key));
Set<UserParty> set = getByUser(String.valueOf(key));
if (PubUtil.isEmpty(set)) return ids;
set.forEach(bean -> {
ids.add(bean.getEntityId());
});
return ids;
}


public final Set<Long> getUserByDept(Long key) {
Set<Long> ids = new HashSet<>();
Set<UserParty> set = getByDept(String.valueOf(key));
if (PubUtil.isEmpty(set)) return ids;
set.forEach(bean -> {
ids.add(bean.getUserId());
});
return ids;
}

public final Set<Long> getUserByParty(Long key) {
Set<Long> ids = new HashSet<>();
Set<UserParty> set = getByParty(String.valueOf(key));
if (PubUtil.isEmpty(set)) return ids;
set.forEach(bean -> {
ids.add(bean.getUserId());
});
return ids;
}
}

+ 69
- 68
smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/realm/interceptor/AbstractPermInterceptor.java Dosyayı Görüntüle

@@ -15,95 +15,96 @@ import org.apache.commons.lang3.StringUtils;
import javax.servlet.http.HttpServletRequest;

public class AbstractPermInterceptor {
private final RedisManager redisManager;
private ISwCache<Long, PermChecker> cacheService;
private final RedisManager redisManager;
private ISwCache<Long, PermChecker> cacheService;

public AbstractPermInterceptor(RedisManager redisManager) {
this.redisManager = redisManager;
}

public void setCache(ISwCache<Long, PermChecker> cacheService) {
this.cacheService = cacheService;
}

protected boolean handle(HttpServletRequest request, String permissionValue) {
// 如果注解为null, 说明不需要拦截, 直接放过
if (StringUtils.isEmpty(permissionValue) || SwPerm.NONE.equals(permissionValue)) {
return true;
public AbstractPermInterceptor(RedisManager redisManager) {
this.redisManager = redisManager;
}

// redis读取session,判断是否登录
String token = SessionUtil.readToken(request);
if (StringUtils.isBlank(token)) {
throw new UnauthenticatedException("not find Auth-Token in header");
public void setCache(ISwCache<Long, PermChecker> cacheService) {
this.cacheService = cacheService;
}

UserSession us = redisManager.get(token, UserSession.class);
if (us == null) {
throw new UnauthenticatedException("not find UserSession by token: " + token);
}
protected boolean handle(HttpServletRequest request, String permissionValue) {
// 如果注解为null, 说明不需要拦截, 直接放过
if (SwPerm.NONE.equals(permissionValue)) {
return true;
}

request.setAttribute(IEditor.USER_TOKEN, token);
request.setAttribute(IEditor.USER_SESSION, us);
// redis读取session,判断是否登录
String token = SessionUtil.readToken(request);
if ("design".equals(token)) return true;
if (StringUtils.isBlank(token)) {
throw new UnauthenticatedException("not find Auth-Token in header");
}

// 如果标记了权限注解,则判断权限
if (checkPermission(permissionValue, us)) {
// 更新Token redis TTL
redisManager.expire(token, RedisManager.SESSION_EXPIRE_SEC);
return true;
} else {
throw new ForbiddenException("user not permission: " + permissionValue);
}
}
/**
* 权限检查
*/
private boolean checkPermission(String permissionValue, UserSession us) {
if (StringUtils.isBlank(permissionValue)) {
return true;
UserSession us = redisManager.get(token, UserSession.class);
if (us == null) {
throw new UnauthenticatedException("not find UserSession by token: " + token);
}
request.setAttribute(IEditor.USER_TOKEN, token);
request.setAttribute(IEditor.USER_SESSION, us);
// 如果标记了权限注解,则判断权限
if (checkPermission(permissionValue, us)) {
// 更新Token redis TTL
redisManager.expire(token, RedisManager.SESSION_EXPIRE_SEC);
return true;
} else {
throw new ForbiddenException("user not permission: " + permissionValue);
}
}

// 从本地缓存或数据库中获取该用户的权限信息
PermChecker permissionSet = cacheService.get(us.getUserId());
/**
* 权限检查
*/
private boolean checkPermission(String permissionValue, UserSession us) {
if (StringUtils.isBlank(permissionValue)) {
return true;
}

// 从本地缓存或数据库中获取该用户的权限信息
PermChecker permissionSet = cacheService.get(us.getUserId());

// if (MapUtils.isEmpty(permissionSet)) {
// throw new ForbiddenException("empty permission");
// }

PermCheckItem permChecker = permissionSet.get(permissionValue);

if (permChecker != null) {
return true;
}
PermCheckItem permChecker = permissionSet.get(permissionValue);

while (true) {
permissionValue = getParentPermValue(permissionValue);
if (permChecker != null) {
return true;
}

if (permissionValue != null) {
permChecker = permissionSet.get(permissionValue);
if (permChecker != null && permChecker.isPerfixMath()) {
return true;
while (true) {
permissionValue = getParentPermValue(permissionValue);

if (permissionValue != null) {
permChecker = permissionSet.get(permissionValue);
if (permChecker != null && permChecker.isPerfixMath()) {
return true;
}
} else {
break;
}
}
} else {
break;
}

return false;
}

return false;
}
private static String getParentPermValue(String permissionValue) {
if (permissionValue.length() > 0) {

private static String getParentPermValue(String permissionValue) {
if (permissionValue.length() > 0) {
int pos = permissionValue.lastIndexOf(':');
if (pos > 0) {
return permissionValue.substring(0, pos);
}

int pos = permissionValue.lastIndexOf(':');
if (pos > 0) {
return permissionValue.substring(0, pos);
}
return "";
}

return "";
return null;
}

return null;
}
}

Yükleniyor…
İptal
Kaydet