@@ -12,6 +12,7 @@ import cc.smtweb.framework.core.session.SessionManager; | |||
import cc.smtweb.framework.core.session.UserSession; | |||
import cc.smtweb.system.bpm.web.sys.user.party.Party; | |||
import cc.smtweb.system.bpm.web.sys.user.party.PartyCache; | |||
import cc.smtweb.system.bpm.web.sys.user.user.User; | |||
import cc.smtweb.system.bpm.web.sys.user.user.UserCache; | |||
import lombok.extern.slf4j.Slf4j; | |||
@@ -59,13 +60,18 @@ public class AuthService { | |||
return R.success(data); | |||
} | |||
userSession.setSiteId(1); | |||
User user = UserCache.getInstance().get(userSession.getUserId()); | |||
LoginAckVO loginAckVO = new LoginAckVO(); | |||
loginAckVO.setUserId(userSession.getUserId()); | |||
loginAckVO.setUserName(UserCache.getInstance().getNameById(userSession.getUserId())); | |||
loginAckVO.setUserAvatar(""); | |||
loginAckVO.setUserId(user.getId()); | |||
loginAckVO.setUserName(user.getName()); | |||
loginAckVO.setRealName(user.getName()); | |||
loginAckVO.setPartyId(userSession.getPartyId()); | |||
loginAckVO.setAvatar(""); | |||
loginAckVO.setDesc(user.getSign()); | |||
loginAckVO.setToken(sessionManager.login(userSession)); | |||
data.put("data", loginAckVO); | |||
data.put("user", loginAckVO); | |||
data.put("token", loginAckVO.getToken()); | |||
data.put("isOk", true); | |||
data.put("msg", ""); | |||
return R.success(data); | |||
@@ -4,8 +4,11 @@ import lombok.Data; | |||
@Data | |||
public class LoginAckVO { | |||
private Long userId; | |||
private String userAvatar; | |||
private String userName; | |||
private String token; | |||
private Long userId; | |||
private Long partyId; | |||
private String userName; | |||
private String realName; | |||
private String avatar; | |||
private String desc; | |||
private String token; | |||
} |
@@ -8,7 +8,9 @@ import cc.smtweb.framework.core.db.EntityDao; | |||
import cc.smtweb.framework.core.db.impl.DefaultEntity; | |||
import cc.smtweb.framework.core.db.jdbc.AbsDbWorker; | |||
import cc.smtweb.framework.core.db.vo.ModelTable; | |||
import cc.smtweb.framework.core.exception.BizException; | |||
import cc.smtweb.framework.core.mvc.service.AbstractHandler; | |||
import cc.smtweb.framework.core.util.PubUtil; | |||
import cc.smtweb.system.bpm.web.design.form.define.PageDataset; | |||
import cc.smtweb.system.bpm.web.engine.dynPage.DynPageDelHandler; | |||
import cc.smtweb.system.bpm.web.engine.dynPage.DynPageListHandler; | |||
@@ -58,6 +60,7 @@ public class UserHandler { | |||
roleList = new ArrayList<>(); | |||
partyList = new ArrayList<>(); | |||
List<Map<String, Object>> rows = data.readListMap("partyData"); | |||
if (PubUtil.isEmpty(rows)) throw new BizException("用户所属机构为空"); | |||
for (Map<String, Object> row : rows) { | |||
UserParty userParty = new UserParty(); | |||
userParty.init(); | |||
@@ -66,7 +69,9 @@ public class UserHandler { | |||
userParty.setEntityId(DbEngine.getInstance().nextId()); | |||
partyList.add(userParty); | |||
for (String role_id : row.get("sup_roles").toString().split(",")) { | |||
String roles = row.get("sup_roles").toString(); | |||
if(PubUtil.isEmpty(roles)) throw new BizException("用户机构所属角色为空"); | |||
for (String role_id : roles.split(",")) { | |||
UserRole userRole = new UserRole(); | |||
userRole.init(); | |||
userRole.setEntityId(DbEngine.getInstance().nextId()); | |||
@@ -16,6 +16,10 @@ import java.util.Set; | |||
public class UserPartyCache extends AbstractEntityCache<UserParty> { | |||
//缓存key:按用户缓存 | |||
public final static String mk_u = "u"; | |||
//缓存key:按部门缓存 | |||
public final static String mk_d = "d"; | |||
//缓存key:按机构缓存 | |||
public final static String mk_p = "p"; | |||
public static UserPartyCache getInstance() { | |||
return CacheManager.getIntance().getCache(UserPartyCache.class); | |||
@@ -24,20 +28,49 @@ public class UserPartyCache extends AbstractEntityCache<UserParty> { | |||
public UserPartyCache() { | |||
//缓存key:按用户缓存 | |||
regList(mk_u, "sup_user_id"); | |||
regList(mk_d, "sup_dept_id"); | |||
regList(mk_p, "sup_party_id"); | |||
} | |||
//缓存key:按用户缓存 | |||
public final Set<UserParty> getByU(String key) { | |||
public final Set<UserParty> getByUser(String key) { | |||
return getListByKey(mk_u, key); | |||
} | |||
public final Set<UserParty> getByDept(String key) { | |||
return getListByKey(mk_d, key); | |||
} | |||
public final Set<UserParty> getByParty(String key) { | |||
return getListByKey(mk_p, key); | |||
} | |||
public final Set<Long> getIdByUser(Long key) { | |||
Set<Long> ids = new HashSet<>(); | |||
Set<UserParty> set = getByU(String.valueOf(key)); | |||
Set<UserParty> set = getByUser(String.valueOf(key)); | |||
if (PubUtil.isEmpty(set)) return ids; | |||
set.forEach(bean -> { | |||
ids.add(bean.getEntityId()); | |||
}); | |||
return ids; | |||
} | |||
public final Set<Long> getUserByDept(Long key) { | |||
Set<Long> ids = new HashSet<>(); | |||
Set<UserParty> set = getByDept(String.valueOf(key)); | |||
if (PubUtil.isEmpty(set)) return ids; | |||
set.forEach(bean -> { | |||
ids.add(bean.getUserId()); | |||
}); | |||
return ids; | |||
} | |||
public final Set<Long> getUserByParty(Long key) { | |||
Set<Long> ids = new HashSet<>(); | |||
Set<UserParty> set = getByParty(String.valueOf(key)); | |||
if (PubUtil.isEmpty(set)) return ids; | |||
set.forEach(bean -> { | |||
ids.add(bean.getUserId()); | |||
}); | |||
return ids; | |||
} | |||
} |
@@ -15,95 +15,96 @@ import org.apache.commons.lang3.StringUtils; | |||
import javax.servlet.http.HttpServletRequest; | |||
public class AbstractPermInterceptor { | |||
private final RedisManager redisManager; | |||
private ISwCache<Long, PermChecker> cacheService; | |||
private final RedisManager redisManager; | |||
private ISwCache<Long, PermChecker> cacheService; | |||
public AbstractPermInterceptor(RedisManager redisManager) { | |||
this.redisManager = redisManager; | |||
} | |||
public void setCache(ISwCache<Long, PermChecker> cacheService) { | |||
this.cacheService = cacheService; | |||
} | |||
protected boolean handle(HttpServletRequest request, String permissionValue) { | |||
// 如果注解为null, 说明不需要拦截, 直接放过 | |||
if (StringUtils.isEmpty(permissionValue) || SwPerm.NONE.equals(permissionValue)) { | |||
return true; | |||
public AbstractPermInterceptor(RedisManager redisManager) { | |||
this.redisManager = redisManager; | |||
} | |||
// redis读取session,判断是否登录 | |||
String token = SessionUtil.readToken(request); | |||
if (StringUtils.isBlank(token)) { | |||
throw new UnauthenticatedException("not find Auth-Token in header"); | |||
public void setCache(ISwCache<Long, PermChecker> cacheService) { | |||
this.cacheService = cacheService; | |||
} | |||
UserSession us = redisManager.get(token, UserSession.class); | |||
if (us == null) { | |||
throw new UnauthenticatedException("not find UserSession by token: " + token); | |||
} | |||
protected boolean handle(HttpServletRequest request, String permissionValue) { | |||
// 如果注解为null, 说明不需要拦截, 直接放过 | |||
if (SwPerm.NONE.equals(permissionValue)) { | |||
return true; | |||
} | |||
request.setAttribute(IEditor.USER_TOKEN, token); | |||
request.setAttribute(IEditor.USER_SESSION, us); | |||
// redis读取session,判断是否登录 | |||
String token = SessionUtil.readToken(request); | |||
if ("design".equals(token)) return true; | |||
if (StringUtils.isBlank(token)) { | |||
throw new UnauthenticatedException("not find Auth-Token in header"); | |||
} | |||
// 如果标记了权限注解,则判断权限 | |||
if (checkPermission(permissionValue, us)) { | |||
// 更新Token redis TTL | |||
redisManager.expire(token, RedisManager.SESSION_EXPIRE_SEC); | |||
return true; | |||
} else { | |||
throw new ForbiddenException("user not permission: " + permissionValue); | |||
} | |||
} | |||
/** | |||
* 权限检查 | |||
*/ | |||
private boolean checkPermission(String permissionValue, UserSession us) { | |||
if (StringUtils.isBlank(permissionValue)) { | |||
return true; | |||
UserSession us = redisManager.get(token, UserSession.class); | |||
if (us == null) { | |||
throw new UnauthenticatedException("not find UserSession by token: " + token); | |||
} | |||
request.setAttribute(IEditor.USER_TOKEN, token); | |||
request.setAttribute(IEditor.USER_SESSION, us); | |||
// 如果标记了权限注解,则判断权限 | |||
if (checkPermission(permissionValue, us)) { | |||
// 更新Token redis TTL | |||
redisManager.expire(token, RedisManager.SESSION_EXPIRE_SEC); | |||
return true; | |||
} else { | |||
throw new ForbiddenException("user not permission: " + permissionValue); | |||
} | |||
} | |||
// 从本地缓存或数据库中获取该用户的权限信息 | |||
PermChecker permissionSet = cacheService.get(us.getUserId()); | |||
/** | |||
* 权限检查 | |||
*/ | |||
private boolean checkPermission(String permissionValue, UserSession us) { | |||
if (StringUtils.isBlank(permissionValue)) { | |||
return true; | |||
} | |||
// 从本地缓存或数据库中获取该用户的权限信息 | |||
PermChecker permissionSet = cacheService.get(us.getUserId()); | |||
// if (MapUtils.isEmpty(permissionSet)) { | |||
// throw new ForbiddenException("empty permission"); | |||
// } | |||
PermCheckItem permChecker = permissionSet.get(permissionValue); | |||
if (permChecker != null) { | |||
return true; | |||
} | |||
PermCheckItem permChecker = permissionSet.get(permissionValue); | |||
while (true) { | |||
permissionValue = getParentPermValue(permissionValue); | |||
if (permChecker != null) { | |||
return true; | |||
} | |||
if (permissionValue != null) { | |||
permChecker = permissionSet.get(permissionValue); | |||
if (permChecker != null && permChecker.isPerfixMath()) { | |||
return true; | |||
while (true) { | |||
permissionValue = getParentPermValue(permissionValue); | |||
if (permissionValue != null) { | |||
permChecker = permissionSet.get(permissionValue); | |||
if (permChecker != null && permChecker.isPerfixMath()) { | |||
return true; | |||
} | |||
} else { | |||
break; | |||
} | |||
} | |||
} else { | |||
break; | |||
} | |||
return false; | |||
} | |||
return false; | |||
} | |||
private static String getParentPermValue(String permissionValue) { | |||
if (permissionValue.length() > 0) { | |||
private static String getParentPermValue(String permissionValue) { | |||
if (permissionValue.length() > 0) { | |||
int pos = permissionValue.lastIndexOf(':'); | |||
if (pos > 0) { | |||
return permissionValue.substring(0, pos); | |||
} | |||
int pos = permissionValue.lastIndexOf(':'); | |||
if (pos > 0) { | |||
return permissionValue.substring(0, pos); | |||
} | |||
return ""; | |||
} | |||
return ""; | |||
return null; | |||
} | |||
return null; | |||
} | |||
} |