From 605c2c8fb7c7f4f7f9c7a79dd553e87392d27fc2 Mon Sep 17 00:00:00 2001 From: FLYPHT <1035748121@qq.com> Date: Thu, 8 Sep 2022 15:54:05 +0800 Subject: [PATCH 01/13] =?UTF-8?q?=E6=96=B0=E5=A2=9E=EF=BC=9A=E6=96=B0?= =?UTF-8?q?=E5=A2=9E=E8=8F=9C=E5=8D=95=E6=9D=83=E9=99=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../web/design/preview/PreviewMenuTreeService.java | 30 +++++- .../smtweb/system/bpm/web/login/AuthService.java | 2 +- .../smtweb/system/bpm/web/login/LoginHelper.java | 15 ++- .../system/bpm/web/sys/user/role/RoleCache.java | 3 +- .../system/bpm/web/sys/user/role/RoleHelper.java | 120 +++++++++++++++++++++ .../bpm/web/sys/user/role/RoleRightContent.java | 9 +- .../cc/smtweb/framework/core/util/StringUtil.java | 2 +- 7 files changed, 173 insertions(+), 8 deletions(-) create mode 100644 smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/role/RoleHelper.java diff --git a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/design/preview/PreviewMenuTreeService.java b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/design/preview/PreviewMenuTreeService.java index 54c963e..84162c7 100644 --- a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/design/preview/PreviewMenuTreeService.java +++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/design/preview/PreviewMenuTreeService.java @@ -21,6 +21,7 @@ import cc.smtweb.system.bpm.web.sys.user.menuPlan.MenuPlan; import cc.smtweb.system.bpm.web.sys.user.menuPlan.MenuPlanCache; import cc.smtweb.system.bpm.web.sys.user.menuPlan.MenuPlanContent; import cc.smtweb.system.bpm.web.sys.user.menuPlan.MenuPlanItem; +import cc.smtweb.system.bpm.web.sys.user.role.RoleHelper; import org.apache.commons.lang3.StringUtils; import java.util.*; @@ -36,6 +37,8 @@ public class PreviewMenuTreeService { List menuVOList = buildMenu(prj_id, module, us); if (!CommUtil.isEmpty(menuVOList)) { return R.success(menuVOList); + }else { + return R.success(new ArrayList<>()); } } List listForm; @@ -78,15 +81,16 @@ public class PreviewMenuTreeService { } public List buildMenu(String prj_id, String module, UserSession us) { - Set set = MenuPlanCache.getInstance().getByP(prj_id); + Set set = RoleHelper.getMenuPlans(us.getUserId(),us.getPartyId()); if (CommUtil.isEmpty(set)) { return new ArrayList<>(); } MenuPlan menuPlan = set.iterator().next(); MenuPlanContent mpc = new MenuPlanContent(menuPlan.getContent()); List list = new ArrayList<>(); + Set rightMenuIds = RoleHelper.getRoleMenuIds(us.getUserId() , us.getPartyId(),menuPlan.getId(), true); for (MenuPlanItem mp : mpc.getChildren(0)) { - List menuVOList = buildMenu(-1, mp); + List menuVOList = buildMenuWithRight(-1, mp,rightMenuIds); if (menuVOList == null) continue; list.addAll(menuVOList); } @@ -118,7 +122,27 @@ public class PreviewMenuTreeService { list.add(menu); return list; } - + private List buildMenuWithRight(long parent_id, MenuPlanItem mp,Set rightMenuIds) { + if (mp == null || !rightMenuIds.contains(mp.getId())) return null; + List list = new ArrayList<>(); + MenuVO menu = new MenuVO(); + menu.setId(mp.getId()); + menu.setName(mp.getLabel()); + menu.setIcon(mp.getIcon()); + menu.setPath(MenuCache.getInstance().getPath(mp.getMenu())); + menu.setParentId(parent_id); + List child = new ArrayList<>(); + if (!CommUtil.isEmpty(mp.getChildren())) { + for (MenuPlanItem cmp : mp.getChildren()) { + List m = buildMenuWithRight(menu.getId(), cmp,rightMenuIds); + if (m == null) continue; + child.addAll(m); + } + } + menu.setChildren(child); + list.add(menu); + return list; + } private MenuVO setMenuParent(Long parent_id, Map map, List list) { MenuVO parent = map.get(parent_id); if (parent != null) return parent; diff --git a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/login/AuthService.java b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/login/AuthService.java index f8cca82..9e961c3 100644 --- a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/login/AuthService.java +++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/login/AuthService.java @@ -55,7 +55,7 @@ public class AuthService { // return new UserSession(1); } else { user = LoginHelper.login(loginPO); - userSession = new UserSession(user.getId()); + userSession = LoginHelper.createUserSession(user); } } catch (BizException e) { data.put("isOk", false); diff --git a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/login/LoginHelper.java b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/login/LoginHelper.java index c5d68be..bbf3ef3 100644 --- a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/login/LoginHelper.java +++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/login/LoginHelper.java @@ -8,10 +8,13 @@ import cc.smtweb.framework.core.exception.BizException; import cc.smtweb.framework.core.session.UserSession; import cc.smtweb.system.bpm.web.sys.user.user.User; import cc.smtweb.system.bpm.web.sys.user.user.UserCache; +import cc.smtweb.system.bpm.web.sys.user.user.UserParty; +import cc.smtweb.system.bpm.web.sys.user.user.UserPartyCache; import org.apache.commons.codec.digest.DigestUtils; import org.apache.commons.lang3.StringUtils; import java.util.List; +import java.util.Set; /** * Created with IntelliJ IDEA. @@ -73,7 +76,17 @@ public class LoginHelper { if (user == null) { throw new BizException("账号或者密码出错"); } - return new UserSession(user.getId()); + return createUserSession(user); + } + public static UserSession createUserSession(User user){ + UserSession us = new UserSession(user.getId()); + Set ups = UserPartyCache.getInstance().getByUser(String.valueOf(us.getUserId())); + if(ups!=null&&ups.size()>0){ + UserParty up = ups.iterator().next(); + us.setPartyId(up.getPartyId()); + us.setDeptId(up.getDeptId()); + } + return us; } // public static UserSession login(LoginVO loginPO) { diff --git a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/role/RoleCache.java b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/role/RoleCache.java index 16ad7ca..5082ad6 100644 --- a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/role/RoleCache.java +++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/role/RoleCache.java @@ -4,6 +4,7 @@ import cc.smtweb.framework.core.annotation.SwCache; import cc.smtweb.framework.core.cache.AbstractEntityCache; import cc.smtweb.framework.core.cache.CacheManager; import cc.smtweb.framework.core.util.CommUtil; +import cc.smtweb.framework.core.util.StringUtil; import java.util.HashSet; import java.util.Set; @@ -36,6 +37,6 @@ public class RoleCache extends AbstractEntityCache { key.forEach(k -> { names.add(get(k).getName()); }); - return CommUtil.getSqlInStr(names); + return StringUtil.join(names,","); } } diff --git a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/role/RoleHelper.java b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/role/RoleHelper.java new file mode 100644 index 0000000..71d41ec --- /dev/null +++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/role/RoleHelper.java @@ -0,0 +1,120 @@ +package cc.smtweb.system.bpm.web.sys.user.role; + +import cc.smtweb.system.bpm.web.sys.user.menuPlan.MenuPlan; +import cc.smtweb.system.bpm.web.sys.user.menuPlan.MenuPlanCache; +import cc.smtweb.system.bpm.web.sys.user.menuPlan.MenuPlanContent; +import cc.smtweb.system.bpm.web.sys.user.menuPlan.MenuPlanItem; +import cc.smtweb.system.bpm.web.sys.user.user.UserRoleCache; + +import java.util.HashSet; +import java.util.List; +import java.util.Set; + +/** + * @Author: tanghp + * @Date: 2022-09-06 18:35 + * @Desc: 角色辅助类 + */ +public final class RoleHelper { + /** + * 获取角色权限 + * @param userId 用户ID + * @param menuPlanId 菜单方案ID + * @return + */ + public static List getRoleRightList(long userId, long menuPlanId){ + return null; + } + /** + * 获取用户的菜单权限 + * @param userId 用户ID + * @param partyId 机构ID + * @param incParent 是否包含父节点,(子节点配置了,把父节点也查出来) + * @return + */ + public static Set getRoleMenuIds(long userId,long partyId,boolean incParent){ + Set mpIds = getMenuPlanIds(userId,partyId); + if(mpIds.size()==0){ + return new HashSet<>(); + } + return getRoleMenuIds(userId,partyId,mpIds.iterator().next(),incParent); + } + /** + * 获取用户的菜单权限 + * @param userId 用户ID + * @param partyId 机构ID + * @param menuPlanId 菜单方案ID + * @param incParent 是否包含父节点,(子节点配置了,把父节点也查出来) + * @return + */ + public static Set getRoleMenuIds(long userId,long partyId, long menuPlanId,boolean incParent){ + Set menuIds = new HashSet<>(); + MenuPlan menuPlan = MenuPlanCache.getInstance().get(menuPlanId); + if(menuPlan==null)return menuIds; + Set roleIds = UserRoleCache.getInstance().getRoleIdByUP(userId,partyId); + RoleCache roleCache = RoleCache.getInstance(); + roleIds.forEach((roleId)-> { + Role role = roleCache.get(roleId); + if(role==null || role.getSmpId()!=menuPlanId){ + return; + } + RoleRightContent roleRightContent = new RoleRightContent(role.getPrivilege()); + menuIds.addAll(roleRightContent.getMenuRightIds()); + }); + MenuPlanContent menuPlanContent = new MenuPlanContent(menuPlan.getContent()); + if(incParent){ + Set tempIds = new HashSet<>(menuIds); + tempIds.forEach(id->{ + fillMenuId(id,menuPlanContent,menuIds); + }); + } + return menuIds; + } + private static void fillMenuId(Long id,MenuPlanContent menuPlanContent, Set menuIds){ + menuIds.add(id); + MenuPlanItem parent = menuPlanContent.findParentById(id); + if(parent!=null){ + if(!menuIds.contains(parent.getId())){ + fillMenuId(parent.getId(),menuPlanContent,menuIds); + } + } + } + /** + * 获取用户的菜单方案 + * @param userId 用户ID + * @param partyId 机构ID + * @return 菜单方案ID + */ + public static Set getMenuPlanIds(long userId,long partyId){ + Set mpList = new HashSet<>(); + Set roleIds = UserRoleCache.getInstance().getRoleIdByUP(userId,partyId); + RoleCache roleCache = RoleCache.getInstance(); + roleIds.forEach((roleId)-> { + Role role = roleCache.get(roleId); + if(role!=null&&role.getSmpId()>0L){ + mpList.add(role.getSmpId()); + } + }); + return mpList; + } + /** + * 获取用户的菜单方案 + * @param userId 用户ID + * @param partyId 机构ID + * @return 菜单方案 + */ + public static Set getMenuPlans(long userId,long partyId){ + Set mpList = new HashSet<>(); + Set roleIds = UserRoleCache.getInstance().getRoleIdByUP(userId,partyId); + roleIds.forEach((roleId)-> { + Role role = RoleCache.getInstance().get(roleId); + if(role!=null&&role.getSmpId()>0L){ + MenuPlan mp = MenuPlanCache.getInstance().get(role.getSmpId()); + if(mp!=null){ + mpList.add(mp); + } + } + }); + return mpList; + } +} diff --git a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/role/RoleRightContent.java b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/role/RoleRightContent.java index 4541047..3342cef 100644 --- a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/role/RoleRightContent.java +++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/role/RoleRightContent.java @@ -72,7 +72,14 @@ public class RoleRightContent { }); return CommUtil.getSqlInStr(menus); } - + public Set getMenuRightIds() { + Set ids = new HashSet<>(); + if (map.size() == 0) return ids; + map.values().forEach(roleRight -> { + if (roleRight.getMenu() == 1) ids.add(roleRight.getId()); + }); + return ids; + } public String getFieldRight(long key, int type) { RoleRight right = getRoleRight(key); if (right == null) return ""; diff --git a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/util/StringUtil.java b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/util/StringUtil.java index 1e9ee00..23c44dd 100644 --- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/util/StringUtil.java +++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/util/StringUtil.java @@ -240,7 +240,7 @@ public class StringUtil { * @param delim the delimiter character(s) to use. (null value will join with no delimiter) * @return a String of all values in the list seperated by the delimiter */ - public static String join(List list, String delim) { + public static String join(Collection list, String delim) { if (list == null || list.size() < 1) return null; StringBuffer buf = new StringBuffer(); From 483c490b670d29a214900ec973c865277b093b45 Mon Sep 17 00:00:00 2001 From: yaoq Date: Thu, 8 Sep 2022 16:04:39 +0800 Subject: [PATCH 02/13] =?UTF-8?q?=E8=8F=9C=E5=8D=95=E6=9D=83=E9=99=90?= =?UTF-8?q?=E4=BF=9D=E5=AD=98=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../main/java/cc/smtweb/system/bpm/web/sys/user/role/RoleHandler.java | 1 + 1 file changed, 1 insertion(+) diff --git a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/role/RoleHandler.java b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/role/RoleHandler.java index 6b4b16d..2e4fce4 100644 --- a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/role/RoleHandler.java +++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/role/RoleHandler.java @@ -59,6 +59,7 @@ public class RoleHandler { //if (CommUtil.isEmpty(set)) return R.error("未选择菜单!"); Role role = RoleCache.getInstance().get(role_id); RoleRightContent rc = new RoleRightContent(role.getPrivilege()); + rc.resetItem(); for (Long menu_id : set) { MenuPlanItem item = MenuPlanCache.getInstance().getById(role.getSmpId(), menu_id); RoleRight right = rc.getRoleRight(item.getId()); From 5f65d36c425cdd47ebc25ff514559ad78496bf73 Mon Sep 17 00:00:00 2001 From: yaoq Date: Thu, 8 Sep 2022 16:19:34 +0800 Subject: [PATCH 03/13] =?UTF-8?q?=E8=8F=9C=E5=8D=95=E6=9D=83=E9=99=90?= =?UTF-8?q?=E4=BF=9D=E5=AD=98=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/cc/smtweb/system/bpm/spring/file/attach/AttachHelper.java | 2 +- .../java/cc/smtweb/system/bpm/web/sys/user/menu/MenuHandler.java | 6 +++--- .../java/cc/smtweb/system/bpm/web/sys/user/role/RoleHandler.java | 2 +- .../cc/smtweb/system/bpm/web/sys/user/role/RoleRightContent.java | 6 +++--- .../java/cc/smtweb/framework/core/db/cache/ModelDatabaseCache.java | 6 +++--- .../java/cc/smtweb/framework/core/db/cache/ModelTableCache.java | 6 +++--- .../src/main/java/cc/smtweb/framework/core/util/StringUtil.java | 7 ++++++- 7 files changed, 20 insertions(+), 15 deletions(-) diff --git a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/spring/file/attach/AttachHelper.java b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/spring/file/attach/AttachHelper.java index 1deb63d..615342b 100644 --- a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/spring/file/attach/AttachHelper.java +++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/spring/file/attach/AttachHelper.java @@ -97,7 +97,7 @@ public final class AttachHelper { //批量删除 public boolean deleteAttachList(List attachIdList) throws Exception { if (CommUtil.isEmpty(attachIdList)) return false; - dbEngine.update("delete from " + AttachInfo.ENTITY_NAME + " where attach_id in(" + CommUtil.getSqlInStr(attachIdList) + ")"); + dbEngine.update("delete from " + AttachInfo.ENTITY_NAME + " where attach_id in(" + StringUtil.join(attachIdList,",") + ")"); return true; } diff --git a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/menu/MenuHandler.java b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/menu/MenuHandler.java index d905a1b..be2da7b 100644 --- a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/menu/MenuHandler.java +++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/menu/MenuHandler.java @@ -56,9 +56,9 @@ public class MenuHandler { } if (StringUtil.isNotEmpty(menu.getRight())) { Map> rightMap = JsonUtil.parseMap(menu.getRight()); - bean.put("sm_right_data", CommUtil.getSqlInStr(rightMap.get("data"))); - bean.put("sm_right_func", CommUtil.getSqlInStr(rightMap.get("func"))); - bean.put("sm_right_field", CommUtil.getSqlInStr(rightMap.get("field"))); + bean.put("sm_right_data", StringUtil.join(rightMap.get("data"), ",")); + bean.put("sm_right_func", StringUtil.join(rightMap.get("func"), ",")); + bean.put("sm_right_field", StringUtil.join(rightMap.get("field"), ",")); } } } diff --git a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/role/RoleHandler.java b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/role/RoleHandler.java index 2e4fce4..ccc534a 100644 --- a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/role/RoleHandler.java +++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/role/RoleHandler.java @@ -78,8 +78,8 @@ public class RoleHandler { right = new RoleRight(); right.setId(item.getId()); right.setMenuId(item.getMenu()); - right.setMenu(1); } + right.setMenu(1); right.setFunc(formData.readStringSet("func")); right.setData(formData.readListMap("data")); if (item.getMenu() > 0L) diff --git a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/role/RoleRightContent.java b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/role/RoleRightContent.java index 3342cef..36b2b17 100644 --- a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/role/RoleRightContent.java +++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/role/RoleRightContent.java @@ -61,7 +61,7 @@ public class RoleRightContent { public String getFuncRight(long key) { RoleRight right = getRoleRight(key); if (right == null) return ""; - return CommUtil.getSqlInStr(right.getRightFunc()); + return StringUtil.join(right.getRightFunc(),","); } public String getMenuRight() { @@ -70,7 +70,7 @@ public class RoleRightContent { map.values().forEach(roleRight -> { if (roleRight.getMenu() == 1) menus.add(roleRight.getId() + ""); }); - return CommUtil.getSqlInStr(menus); + return StringUtil.join(menus,","); } public Set getMenuRightIds() { Set ids = new HashSet<>(); @@ -89,7 +89,7 @@ public class RoleRightContent { cache.forEach((k, v) -> { if (v == type) fields.add(k); }); - return CommUtil.getSqlInStr(fields); + return StringUtil.join(fields,","); } public Map getDataRight(long key) { diff --git a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/db/cache/ModelDatabaseCache.java b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/db/cache/ModelDatabaseCache.java index 0cc77a3..104e94c 100644 --- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/db/cache/ModelDatabaseCache.java +++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/db/cache/ModelDatabaseCache.java @@ -8,7 +8,7 @@ import cc.smtweb.framework.core.db.DbEngine; import cc.smtweb.framework.core.db.EntityDao; import cc.smtweb.framework.core.db.vo.ModelDatabase; import cc.smtweb.framework.core.db.vo.ModelProject; -import cc.smtweb.framework.core.util.CommUtil; +import cc.smtweb.framework.core.util.StringUtil; import org.apache.commons.lang3.StringUtils; import java.util.List; @@ -38,7 +38,7 @@ public class ModelDatabaseCache extends AbstractCache { EntityDao dao = DbEngine.getInstance().findDao(ModelDatabase.class); if (StringUtils.isEmpty(SwConsts.SysParam.RUN_PROJECTS)) return dao.query(); - return dao.queryEx(" inner join " + ModelProject.ENTITY_NAME + " on db_prj_id=prj_id where prj_module in (" + CommUtil.getSqlInStr(SwConsts.SysParam.RUN_PROJECTS.split(",")) + ")"); + return dao.queryEx(" inner join " + ModelProject.ENTITY_NAME + " on db_prj_id=prj_id where prj_module in (" + StringUtil.join(SwConsts.SysParam.RUN_PROJECTS.split(","), ",") + ")"); } public final ModelDatabase getByName(String key) { @@ -47,6 +47,6 @@ public class ModelDatabaseCache extends AbstractCache { public final String getName(long id) { ModelDatabase db = get(id); - return db != null ? db.getName(): ""; + return db != null ? db.getName() : ""; } } diff --git a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/db/cache/ModelTableCache.java b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/db/cache/ModelTableCache.java index 1e2b2be..ac7fe84 100644 --- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/db/cache/ModelTableCache.java +++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/db/cache/ModelTableCache.java @@ -8,7 +8,7 @@ import cc.smtweb.framework.core.db.DbEngine; import cc.smtweb.framework.core.db.vo.ModelField; import cc.smtweb.framework.core.db.vo.ModelProject; import cc.smtweb.framework.core.db.vo.ModelTable; -import cc.smtweb.framework.core.util.CommUtil; +import cc.smtweb.framework.core.util.StringUtil; import org.apache.commons.lang3.StringUtils; import org.springframework.dao.DataAccessException; import org.springframework.jdbc.core.ResultSetExtractor; @@ -54,7 +54,7 @@ public class ModelTableCache extends AbstractCache { protected List loadAll() { String sql; if (!StringUtils.isEmpty(SwConsts.SysParam.RUN_PROJECTS)) { - sql = " inner join " + ModelProject.ENTITY_NAME + " on tb_prj_id=prj_id where prj_module in (" + CommUtil.getSqlInStr(SwConsts.SysParam.RUN_PROJECTS.split(",")) + ")"; + sql = " inner join " + ModelProject.ENTITY_NAME + " on tb_prj_id=prj_id where prj_module in (" + StringUtil.join(SwConsts.SysParam.RUN_PROJECTS.split(","), ",") + ")"; } else sql = ""; return DbEngine.getInstance().query("SELECT\n" + "t.tb_id,\n" + @@ -122,7 +122,7 @@ public class ModelTableCache extends AbstractCache { public final String getTableName(long id) { ModelTable bean = get(id); - return bean == null ? String.valueOf(id): bean.getTitle(); + return bean == null ? String.valueOf(id) : bean.getTitle(); } //根据外键 diff --git a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/util/StringUtil.java b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/util/StringUtil.java index 23c44dd..3cb9d3a 100644 --- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/util/StringUtil.java +++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/util/StringUtil.java @@ -254,6 +254,11 @@ public class StringUtil { return buf.toString(); } + + public static String join(String[] list, String delim) { + return join(Arrays.asList(list), delim); + } + /** * Splits a String on a delimiter into a List of Strings. * @@ -490,7 +495,7 @@ public class StringUtil { * @return str */ public static String checkNull(String strValue, String defaultValue) { - return strValue == null ? defaultValue: strValue; + return strValue == null ? defaultValue : strValue; } /** From 68a383fa0760759c871e3ac9dd593de0ecd2b5a8 Mon Sep 17 00:00:00 2001 From: yaoq Date: Thu, 8 Sep 2022 16:22:43 +0800 Subject: [PATCH 04/13] =?UTF-8?q?=E8=8F=9C=E5=8D=95=E6=9D=83=E9=99=90?= =?UTF-8?q?=E4=BF=9D=E5=AD=98=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/cc/smtweb/framework/core/db/cache/ModelDatabaseCache.java | 3 ++- .../java/cc/smtweb/framework/core/db/cache/ModelTableCache.java | 6 +++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/db/cache/ModelDatabaseCache.java b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/db/cache/ModelDatabaseCache.java index 104e94c..7c1d9e1 100644 --- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/db/cache/ModelDatabaseCache.java +++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/db/cache/ModelDatabaseCache.java @@ -8,6 +8,7 @@ import cc.smtweb.framework.core.db.DbEngine; import cc.smtweb.framework.core.db.EntityDao; import cc.smtweb.framework.core.db.vo.ModelDatabase; import cc.smtweb.framework.core.db.vo.ModelProject; +import cc.smtweb.framework.core.util.CommUtil; import cc.smtweb.framework.core.util.StringUtil; import org.apache.commons.lang3.StringUtils; @@ -38,7 +39,7 @@ public class ModelDatabaseCache extends AbstractCache { EntityDao dao = DbEngine.getInstance().findDao(ModelDatabase.class); if (StringUtils.isEmpty(SwConsts.SysParam.RUN_PROJECTS)) return dao.query(); - return dao.queryEx(" inner join " + ModelProject.ENTITY_NAME + " on db_prj_id=prj_id where prj_module in (" + StringUtil.join(SwConsts.SysParam.RUN_PROJECTS.split(","), ",") + ")"); + return dao.queryEx(" inner join " + ModelProject.ENTITY_NAME + " on db_prj_id=prj_id where prj_module in (" + CommUtil.getSqlInStr(SwConsts.SysParam.RUN_PROJECTS.split(",")) + ")"); } public final ModelDatabase getByName(String key) { diff --git a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/db/cache/ModelTableCache.java b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/db/cache/ModelTableCache.java index ac7fe84..1e2b2be 100644 --- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/db/cache/ModelTableCache.java +++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/db/cache/ModelTableCache.java @@ -8,7 +8,7 @@ import cc.smtweb.framework.core.db.DbEngine; import cc.smtweb.framework.core.db.vo.ModelField; import cc.smtweb.framework.core.db.vo.ModelProject; import cc.smtweb.framework.core.db.vo.ModelTable; -import cc.smtweb.framework.core.util.StringUtil; +import cc.smtweb.framework.core.util.CommUtil; import org.apache.commons.lang3.StringUtils; import org.springframework.dao.DataAccessException; import org.springframework.jdbc.core.ResultSetExtractor; @@ -54,7 +54,7 @@ public class ModelTableCache extends AbstractCache { protected List loadAll() { String sql; if (!StringUtils.isEmpty(SwConsts.SysParam.RUN_PROJECTS)) { - sql = " inner join " + ModelProject.ENTITY_NAME + " on tb_prj_id=prj_id where prj_module in (" + StringUtil.join(SwConsts.SysParam.RUN_PROJECTS.split(","), ",") + ")"; + sql = " inner join " + ModelProject.ENTITY_NAME + " on tb_prj_id=prj_id where prj_module in (" + CommUtil.getSqlInStr(SwConsts.SysParam.RUN_PROJECTS.split(",")) + ")"; } else sql = ""; return DbEngine.getInstance().query("SELECT\n" + "t.tb_id,\n" + @@ -122,7 +122,7 @@ public class ModelTableCache extends AbstractCache { public final String getTableName(long id) { ModelTable bean = get(id); - return bean == null ? String.valueOf(id) : bean.getTitle(); + return bean == null ? String.valueOf(id): bean.getTitle(); } //根据外键 From 1a96ce465442e58ff76a3ef4896a3d1b45ef43e2 Mon Sep 17 00:00:00 2001 From: zhenggm Date: Thu, 8 Sep 2022 16:38:06 +0800 Subject: [PATCH 05/13] =?UTF-8?q?=E7=B3=BB=E7=BB=9F=EF=BC=9A=E6=8B=A6?= =?UTF-8?q?=E6=88=AA=E5=99=A8=E8=B0=83=E6=95=B4=EF=BC=8C=E7=BB=9F=E4=B8=80?= =?UTF-8?q?=E5=BC=82=E5=B8=B8=E5=A4=84=E7=90=86=EF=BC=8C=E9=98=B2=E9=87=8D?= =?UTF-8?q?=E5=A4=8D=E6=8F=90=E4=BA=A4=E6=8C=87=E7=BA=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../spring/controller/FileDownloadController.java | 5 - .../spring/controller/FileUploadController.java | 10 -- .../smtweb/system/bpm/web/login/AuthService.java | 5 - .../cc/smtweb/framework/core/CoreInterceptor.java | 9 + .../smtweb/framework/core/annotation/SwPerm.java | 26 --- .../framework/core/cache/SessionCacheFactory.java | 9 +- .../cc/smtweb/framework/core/common/SwConsts.java | 9 + .../framework/core/exception/BizException.java | 15 ++ .../core/exception/SwExceptionHandler.java | 29 +++ .../framework/core/mvc/config/WebMvcConfig.java | 2 +- .../core/mvc/controller/MethodAccessManager.java | 8 +- .../core/mvc/controller/SwResponseBodyAdvice.java | 34 ++++ .../core/mvc/controller/access/IMethodAccess.java | 6 - .../core/mvc/controller/access/MethodAccess.java | 6 +- .../core/mvc/controller/scan/MethodParser.java | 20 +-- .../realm/interceptor/AbstractPermInterceptor.java | 110 ------------ .../interceptor/AuthorizationInterceptor.java | 42 ----- .../mvc/realm/interceptor/PermInterceptor.java | 27 --- .../smtweb/framework/core/session/SessionUtil.java | 197 +++++++++++++++++++-- smtweb-framework/pom.xml | 5 + 20 files changed, 291 insertions(+), 283 deletions(-) delete mode 100644 smtweb-framework/core/src/main/java/cc/smtweb/framework/core/annotation/SwPerm.java create mode 100644 smtweb-framework/core/src/main/java/cc/smtweb/framework/core/exception/SwExceptionHandler.java create mode 100644 smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/controller/SwResponseBodyAdvice.java delete mode 100644 smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/realm/interceptor/AbstractPermInterceptor.java delete mode 100644 smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/realm/interceptor/AuthorizationInterceptor.java delete mode 100644 smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/realm/interceptor/PermInterceptor.java diff --git a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/spring/controller/FileDownloadController.java b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/spring/controller/FileDownloadController.java index b21cc62..6e3df50 100644 --- a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/spring/controller/FileDownloadController.java +++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/spring/controller/FileDownloadController.java @@ -32,9 +32,6 @@ public class FileDownloadController { @Autowired private FilePathGenerator filePathGenerator; - @Autowired - private RedisManager redisManager; - /** * path方式下载文件 */ @@ -56,8 +53,6 @@ public class FileDownloadController { @RequestParam(value = "noCache", required = false) Boolean noCache, HttpServletRequest request ) throws FileNotFoundException { - SessionUtil.checkSession(request, redisManager); - File file = new File(filePathGenerator.getFileDiskPath(path)); if (!file.exists()) { diff --git a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/spring/controller/FileUploadController.java b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/spring/controller/FileUploadController.java index 260826f..bce6c81 100644 --- a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/spring/controller/FileUploadController.java +++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/spring/controller/FileUploadController.java @@ -30,9 +30,6 @@ public class FileUploadController { private DbEngine dbEngine; @Autowired - private RedisManager redisManager; - - @Autowired private ImageAttachDao imageAttachDao; // TODO: 权限处理,临时文件处理 @@ -44,7 +41,6 @@ public class FileUploadController { @RequestParam(value = "keepName", required = false) Boolean keepName, HttpServletRequest request ) { - SessionUtil.checkSession(request, redisManager); return uploadFile(path, file, ThumbImage.type(thumb), thumbHeight, insert, keepName); } @@ -54,8 +50,6 @@ public class FileUploadController { @RequestParam(value = "thumbHeight", required = false) Integer thumbHeight, @RequestParam(value = "commit", required = false) Boolean insert, HttpServletRequest request) { - SessionUtil.checkSession(request, redisManager); - MultipartFile file = MemMultipartFile.build(data.getData()); if (file == null) { return R.error("数据内容格式有错"); @@ -70,7 +64,6 @@ public class FileUploadController { @RequestParam(value = "commit", required = false) Boolean insert, @RequestParam(value = "keepName", required = false) Boolean keepName, HttpServletRequest request) { - SessionUtil.checkSession(request, redisManager); return uploadFile(path, file, ThumbImage.TYPE_AVATAR, size, insert, keepName); } @@ -81,7 +74,6 @@ public class FileUploadController { @RequestParam(value = "thumbHeight", required = false) Integer thumbHeight, @RequestParam(value = "keepName", required = false) Boolean keepName, HttpServletRequest request) { - SessionUtil.checkSession(request, redisManager); return uploadFile(path, file, ThumbImage.type(thumb), thumbHeight, true, keepName); } @@ -143,8 +135,6 @@ public class FileUploadController { // TODO: 修改为安全的后台删除方式 @PostMapping("/fs/remove") public R remove(@RequestParam(value = "filePath") String filePath, HttpServletRequest request) { - SessionUtil.checkSession(request, redisManager); - File file = new File(filePathGenerator.getFileDiskPath(filePath)); if (file.exists() && file.isFile()) { if (file.delete()) { diff --git a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/login/AuthService.java b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/login/AuthService.java index 9e961c3..2ee2eb7 100644 --- a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/login/AuthService.java +++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/login/AuthService.java @@ -2,7 +2,6 @@ package cc.smtweb.system.bpm.web.login; import cc.smtweb.framework.core.annotation.SwBody; import cc.smtweb.framework.core.annotation.SwParam; -import cc.smtweb.framework.core.annotation.SwPerm; import cc.smtweb.framework.core.annotation.SwService; import cc.smtweb.framework.core.common.R; import cc.smtweb.framework.core.common.SwMap; @@ -28,7 +27,6 @@ public class AuthService { @SwParam private SessionManager sessionManager; - @SwPerm() public R getParty(@SwParam("username") String username) { Set partySet = PartyCache.getInstance().getTopSet(); List list = new ArrayList<>(); @@ -43,7 +41,6 @@ public class AuthService { return R.success(list); } - @SwPerm(SwPerm.NONE) public R login(@SwBody LoginVO loginPO) { SwMap data = new SwMap(); User user = null; @@ -96,12 +93,10 @@ public class AuthService { return R.success(data); } - @SwPerm() public R ping(@SwParam("msg") String msg) { return R.success(msg); } - @SwPerm("user:edit") public R config(@SwParam("username") String username) { return R.success("config: " + username); } diff --git a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/CoreInterceptor.java b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/CoreInterceptor.java index d05da64..fae124f 100644 --- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/CoreInterceptor.java +++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/CoreInterceptor.java @@ -1,7 +1,15 @@ package cc.smtweb.framework.core; +import cc.smtweb.framework.core.cache.redis.RedisManager; import cc.smtweb.framework.core.common.SwConsts; import cc.smtweb.framework.core.exception.BizException; +import cc.smtweb.framework.core.mvc.controller.IEditor; +import cc.smtweb.framework.core.mvc.realm.exception.ForbiddenException; +import cc.smtweb.framework.core.mvc.realm.exception.UnauthenticatedException; +import cc.smtweb.framework.core.session.SessionUtil; +import cc.smtweb.framework.core.session.UserSession; +import cc.smtweb.framework.core.util.NumberUtil; +import org.apache.commons.lang3.StringUtils; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; @@ -15,6 +23,7 @@ public class CoreInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { if (!SwConsts.SysParam.SYS_STARTED) throw new BizException("系统启动中,请稍候..."); + SessionUtil.checkSession(request); return HandlerInterceptor.super.preHandle(request, response, handler); } diff --git a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/annotation/SwPerm.java b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/annotation/SwPerm.java deleted file mode 100644 index 2487667..0000000 --- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/annotation/SwPerm.java +++ /dev/null @@ -1,26 +0,0 @@ -package cc.smtweb.framework.core.annotation; - -import java.lang.annotation.ElementType; -import java.lang.annotation.Retention; -import java.lang.annotation.RetentionPolicy; -import java.lang.annotation.Target; - -/** - * 被该注释修饰的方法都会经过切面拦截校验权限,默认是需要已登录权限 - * - * @author kevin - */ -@Retention(RetentionPolicy.RUNTIME) -@Target({ElementType.METHOD, ElementType.TYPE}) -public @interface SwPerm { - /** - * 无权限控制的值,在函数上注解@SwPerm(SwPerm.NONE) - */ - static final String NONE = "*"; - static final String SESSION = ""; - - /** - * 权限定义值 - */ - String value() default SESSION; -} diff --git a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/cache/SessionCacheFactory.java b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/cache/SessionCacheFactory.java index 8ad6fdc..ca1e4b5 100644 --- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/cache/SessionCacheFactory.java +++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/cache/SessionCacheFactory.java @@ -8,7 +8,7 @@ import java.util.concurrent.ConcurrentHashMap; */ public class SessionCacheFactory { private static SessionCacheFactory INSTANCE = null; - private Map buffer = new ConcurrentHashMap<>(); + private Map buffer = new ConcurrentHashMap<>(); private SessionCacheFactory() { } @@ -27,10 +27,10 @@ public class SessionCacheFactory { //得到用户缓存对象 public SessionCache getUserCache(long userId) { - return getUserCache(userId, 0L); + return getCache(String.valueOf(userId), 0L); } - public SessionCache getUserCache(long userId, long timeout) { + public SessionCache getCache(String userId, long timeout) { SessionCache cache; cache = buffer.get(userId); @@ -41,11 +41,12 @@ public class SessionCacheFactory { buffer.put(userId, cache); } return cache; - } //删除用户缓存 public void remove(String userId) { buffer.remove(userId); } + + } diff --git a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/common/SwConsts.java b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/common/SwConsts.java index d76fb3d..a4149f5 100644 --- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/common/SwConsts.java +++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/common/SwConsts.java @@ -13,8 +13,17 @@ public interface SwConsts { public static String RUN_PROJECTS = ""; } + //错误码 + interface ErrorCode { + //未登录 + int NO_LOGIN = 101; + //指纹错误 + int TOKEN_INVALID = 102; + } + //启动顺序默认值 int DEFAULT_ORDER = 1; + //缓存中:树节点按parent的key String KEY_PARENT_ID = "pr"; //级次码、字符串连接符 diff --git a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/exception/BizException.java b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/exception/BizException.java index fe097be..8db6559 100644 --- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/exception/BizException.java +++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/exception/BizException.java @@ -10,6 +10,8 @@ public class BizException extends RuntimeException { * */ private static final long serialVersionUID = 1L; + //错误编号 + private int code = 0; public BizException() { super(); @@ -23,7 +25,20 @@ public class BizException extends RuntimeException { super(message); } + public BizException(int code) { + super(); + this.code = code; + } + public BizException(int code, String message) { + super(message); + this.code = code; + } + public BizException(Throwable cause) { super(cause.getMessage(), cause); } + + public int getCode() { + return code; + } } diff --git a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/exception/SwExceptionHandler.java b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/exception/SwExceptionHandler.java new file mode 100644 index 0000000..e7b24df --- /dev/null +++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/exception/SwExceptionHandler.java @@ -0,0 +1,29 @@ +package cc.smtweb.framework.core.exception; + +import cc.smtweb.framework.core.common.R; +import org.springframework.web.bind.annotation.ControllerAdvice; +import org.springframework.web.bind.annotation.ExceptionHandler; +import org.springframework.web.bind.annotation.ResponseBody; + +/** + * Created by Akmm at 2022-09-07 20:13 + * 异常统一处理 + */ +@ControllerAdvice +public class SwExceptionHandler { + /** + * 系统异常处理 + * + * @param e + * @return + */ + @ExceptionHandler(Exception.class) + @ResponseBody + public R error(Exception e) { + if (e instanceof BizException) { + return R.error(((BizException) e).getCode(), e.getMessage()); + } + e.printStackTrace(); + return R.error("系统异常,请联系技术支持人员!"); + } +} diff --git a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/config/WebMvcConfig.java b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/config/WebMvcConfig.java index 83c4bb1..dafb036 100644 --- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/config/WebMvcConfig.java +++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/config/WebMvcConfig.java @@ -64,7 +64,7 @@ public class WebMvcConfig implements WebMvcConfigurer { @Bean public MethodAccessManager methodAccessManager(CacheManager cacheManager) { - return new MethodAccessManager(redisManager, cacheManager); + return new MethodAccessManager(cacheManager); } @Override diff --git a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/controller/MethodAccessManager.java b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/controller/MethodAccessManager.java index 9c76896..4041fe0 100644 --- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/controller/MethodAccessManager.java +++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/controller/MethodAccessManager.java @@ -8,7 +8,6 @@ import cc.smtweb.framework.core.mvc.SchedulerManager; import cc.smtweb.framework.core.mvc.controller.access.IMethodAccess; import cc.smtweb.framework.core.mvc.controller.access.MethodAccess; import cc.smtweb.framework.core.mvc.controller.scan.BeanManager; -import cc.smtweb.framework.core.mvc.realm.interceptor.PermInterceptor; import cc.smtweb.framework.core.mvc.realm.service.PermChecker; import cc.smtweb.framework.core.mvc.scheduler.SchedulerTaskManager; import lombok.Getter; @@ -27,15 +26,13 @@ import java.util.Map; public class MethodAccessManager { private Map controllers; private IBeanContext beanContext; - private PermInterceptor permInterceptor; private SchedulerTaskManager schedulerTaskManager; private MethodAccess[] destroyMethods; @Getter private CacheManager cacheManager; - public MethodAccessManager(RedisManager redisManager, CacheManager cacheManager) { - permInterceptor = new PermInterceptor(redisManager); + public MethodAccessManager(CacheManager cacheManager) { this.cacheManager = cacheManager; } @@ -47,8 +44,6 @@ public class MethodAccessManager { IMethodAccess methodAccess = controllers.get(url); if (methodAccess != null) { - permInterceptor.preHandle(request, methodAccess.getPerm()); - return methodAccess.invoke(beanContext, params, body, request); } @@ -71,7 +66,6 @@ public class MethodAccessManager { this.beanContext = beanManager.getBeanContext(); this.controllers = beanManager.getControllers(); this.destroyMethods = beanManager.loadDestroyMethods(); - this.permInterceptor.setCache(cache); // 启动定时任务 this.schedulerTaskManager = SchedulerTaskManager.build(beanContext, beanManager.getTasks()); diff --git a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/controller/SwResponseBodyAdvice.java b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/controller/SwResponseBodyAdvice.java new file mode 100644 index 0000000..1934c8c --- /dev/null +++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/controller/SwResponseBodyAdvice.java @@ -0,0 +1,34 @@ +package cc.smtweb.framework.core.mvc.controller; + +import cc.smtweb.framework.core.common.R; +import cc.smtweb.framework.core.session.SessionUtil; +import org.springframework.core.MethodParameter; +import org.springframework.http.MediaType; +import org.springframework.http.server.ServerHttpRequest; +import org.springframework.http.server.ServerHttpResponse; +import org.springframework.web.bind.annotation.ControllerAdvice; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; +import org.springframework.web.servlet.mvc.method.annotation.ResponseBodyAdvice; + +/** + * Created by Akmm at 2022-09-08 16:03 + * 统一添加指纹 + */ +@ControllerAdvice +public class SwResponseBodyAdvice implements ResponseBodyAdvice { + @Override + public boolean supports(MethodParameter returnType, Class converterType) { + Class targetClass = returnType.getMethod().getDeclaringClass(); + + return true; + } + + @Override + public Object beforeBodyWrite(Object body, MethodParameter returnType, MediaType selectedContentType, Class selectedConverterType, ServerHttpRequest request, ServerHttpResponse response) { + if (body instanceof R) { + SessionUtil.setFingerValue(((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest(), (R)body); + } + return body; + } +} diff --git a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/controller/access/IMethodAccess.java b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/controller/access/IMethodAccess.java index ddfef8c..4f67e94 100644 --- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/controller/access/IMethodAccess.java +++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/controller/access/IMethodAccess.java @@ -46,10 +46,4 @@ public interface IMethodAccess { */ String fullName(); - /** - * API权限 - * - * @return 权限串 - */ - String getPerm(); } diff --git a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/controller/access/MethodAccess.java b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/controller/access/MethodAccess.java index e322bcd..9bb7395 100644 --- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/controller/access/MethodAccess.java +++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/controller/access/MethodAccess.java @@ -22,14 +22,12 @@ import java.util.Map; public class MethodAccess implements IMethodAccess { private final ControllerAccess controllerAccess; private final Method method; - @Getter - private final String perm; + private final MethodParamAccess[] paramBinds; - public MethodAccess(ControllerAccess controllerAccess, Method method, String perm, MethodParamAccess[] paramBinds) { + public MethodAccess(ControllerAccess controllerAccess, Method method, MethodParamAccess[] paramBinds) { this.controllerAccess = controllerAccess; this.method = method; - this.perm = perm; this.paramBinds = paramBinds; } diff --git a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/controller/scan/MethodParser.java b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/controller/scan/MethodParser.java index 34229ea..3e0b4a9 100644 --- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/controller/scan/MethodParser.java +++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/controller/scan/MethodParser.java @@ -35,20 +35,13 @@ public class MethodParser { public void parse(Class clazz, ControllerAccess controllerAccess, boolean isApi) throws ParseException { // this.controllerAccess = controllerAccess; - // 服务的默认权限 - String classPerm = ""; - SwPerm swPerm = clazz.getAnnotation(SwPerm.class); - if (swPerm != null) { - classPerm = swPerm.value(); - } - // 扫描方法注解 for (Method m : clazz.getMethods()) { int modifier = m.getModifiers(); // && (R.class.isAssignableFrom(m.getReturnType())) if (Modifier.isPublic(modifier) && !Modifier.isStatic(modifier) && !Object.class.equals(m.getDeclaringClass())) { - MethodAccess methodAccess = parseMethod(controllerAccess, m, classPerm); + MethodAccess methodAccess = parseMethod(controllerAccess, m); if (scanContext.dealMethod(m, methodAccess)) { if (isApi) { @@ -81,7 +74,7 @@ public class MethodParser { } } - private MethodAccess parseMethod(ControllerAccess controllerAccess, Method method, String defaultPerm) { + private MethodAccess parseMethod(ControllerAccess controllerAccess, Method method) { Class[] paramTypes = method.getParameterTypes(); Annotation[][] paramAnnotations = method.getParameterAnnotations(); @@ -146,14 +139,7 @@ public class MethodParser { } } - // 得到权限注解 - String perm = defaultPerm; - SwPerm swPerm = method.getAnnotation(SwPerm.class); - if (swPerm != null) { - perm = swPerm.value(); - } - - return new MethodAccess(controllerAccess, method, perm, paramBinds); + return new MethodAccess(controllerAccess, method, paramBinds); } } diff --git a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/realm/interceptor/AbstractPermInterceptor.java b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/realm/interceptor/AbstractPermInterceptor.java deleted file mode 100644 index 558047c..0000000 --- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/realm/interceptor/AbstractPermInterceptor.java +++ /dev/null @@ -1,110 +0,0 @@ -package cc.smtweb.framework.core.mvc.realm.interceptor; - -import cc.smtweb.framework.core.annotation.SwPerm; -import cc.smtweb.framework.core.cache.ISwCache; -import cc.smtweb.framework.core.cache.redis.RedisManager; -import cc.smtweb.framework.core.mvc.controller.IEditor; -import cc.smtweb.framework.core.mvc.realm.exception.ForbiddenException; -import cc.smtweb.framework.core.mvc.realm.exception.UnauthenticatedException; -import cc.smtweb.framework.core.mvc.realm.service.PermCheckItem; -import cc.smtweb.framework.core.mvc.realm.service.PermChecker; -import cc.smtweb.framework.core.session.SessionUtil; -import cc.smtweb.framework.core.session.UserSession; -import org.apache.commons.lang3.StringUtils; - -import javax.servlet.http.HttpServletRequest; - -public class AbstractPermInterceptor { - private final RedisManager redisManager; - private ISwCache cacheService; - - public AbstractPermInterceptor(RedisManager redisManager) { - this.redisManager = redisManager; - } - - public void setCache(ISwCache cacheService) { - this.cacheService = cacheService; - } - - protected boolean handle(HttpServletRequest request, String permissionValue) { - // 如果注解为null, 说明不需要拦截, 直接放过 - if (SwPerm.NONE.equals(permissionValue)) { - return true; - } - - // redis读取session,判断是否登录 - String token = SessionUtil.readToken(request); - if ("design".equals(token)) return true; - if (StringUtils.isBlank(token)) { - throw new UnauthenticatedException("not find Auth-Token in header"); - } - - UserSession us = redisManager.get(token, UserSession.class); - if (us == null) { - throw new UnauthenticatedException("not find UserSession by token: " + token); - } - - request.setAttribute(IEditor.USER_TOKEN, token); - request.setAttribute(IEditor.USER_SESSION, us); - - // 如果标记了权限注解,则判断权限 - if (checkPermission(permissionValue, us)) { - // 更新Token redis TTL - redisManager.expire(token, RedisManager.SESSION_EXPIRE_SEC); - return true; - } else { - throw new ForbiddenException("user not permission: " + permissionValue); - } - } - - /** - * 权限检查 - */ - private boolean checkPermission(String permissionValue, UserSession us) { - if (StringUtils.isBlank(permissionValue)) { - return true; - } - - // 从本地缓存或数据库中获取该用户的权限信息 - PermChecker permissionSet = cacheService.get(us.getUserId()); - -// if (MapUtils.isEmpty(permissionSet)) { -// throw new ForbiddenException("empty permission"); -// } - - PermCheckItem permChecker = permissionSet.get(permissionValue); - - if (permChecker != null) { - return true; - } - - while (true) { - permissionValue = getParentPermValue(permissionValue); - - if (permissionValue != null) { - permChecker = permissionSet.get(permissionValue); - if (permChecker != null && permChecker.isPerfixMath()) { - return true; - } - } else { - break; - } - } - - return false; - } - - private static String getParentPermValue(String permissionValue) { - if (permissionValue.length() > 0) { - - int pos = permissionValue.lastIndexOf(':'); - if (pos > 0) { - return permissionValue.substring(0, pos); - } - - return ""; - } - - return null; - } -} diff --git a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/realm/interceptor/AuthorizationInterceptor.java b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/realm/interceptor/AuthorizationInterceptor.java deleted file mode 100644 index b6430f0..0000000 --- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/realm/interceptor/AuthorizationInterceptor.java +++ /dev/null @@ -1,42 +0,0 @@ -package cc.smtweb.framework.core.mvc.realm.interceptor; - -import cc.smtweb.framework.core.annotation.SwPerm; -import cc.smtweb.framework.core.cache.redis.RedisManager; -import org.springframework.web.method.HandlerMethod; -import org.springframework.web.servlet.HandlerInterceptor; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -/** - * 暂时未使用,spring的拦截器方式判断权限 - */ -public class AuthorizationInterceptor extends AbstractPermInterceptor implements HandlerInterceptor { - - public AuthorizationInterceptor(RedisManager redisManager) { - super(redisManager); - } - - @Override - public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) - throws Exception { - if (handler instanceof HandlerMethod) { - HandlerMethod handlerMethod = (HandlerMethod) handler; - // 获取方法上的注解 - SwPerm requiredSwPerm = handlerMethod.getMethod().getAnnotation(SwPerm.class); - // 如果方法上的注解为空 则获取类的注解 - if (requiredSwPerm == null) { - requiredSwPerm = handlerMethod.getMethod().getDeclaringClass().getAnnotation(SwPerm.class); - } - - String requiredValue = null; - if (requiredSwPerm != null) { - requiredValue = requiredSwPerm.value(); - } - - return super.handle(request, requiredValue); - } - - return true; - } -} diff --git a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/realm/interceptor/PermInterceptor.java b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/realm/interceptor/PermInterceptor.java deleted file mode 100644 index 0edd4b0..0000000 --- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/realm/interceptor/PermInterceptor.java +++ /dev/null @@ -1,27 +0,0 @@ -package cc.smtweb.framework.core.mvc.realm.interceptor; - -import cc.smtweb.framework.core.cache.redis.RedisManager; - -import javax.servlet.http.HttpServletRequest; - -/** - * 权限拦截器,在API请求处理中一起完成 - * - * @author xkliu - */ -public class PermInterceptor extends AbstractPermInterceptor { - public PermInterceptor(RedisManager redisManager) { - super(redisManager); - } - - /** - * 校验用户是否有API权限 - * - * @param request http请求 - * @param permissionValue 权限值 - * @return 是否有权限 - */ - public boolean preHandle(HttpServletRequest request, String permissionValue) { - return super.handle(request, permissionValue); - } -} diff --git a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/session/SessionUtil.java b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/session/SessionUtil.java index 2237a24..32c51c0 100644 --- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/session/SessionUtil.java +++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/session/SessionUtil.java @@ -1,12 +1,22 @@ package cc.smtweb.framework.core.session; +import cc.smtweb.framework.core.cache.SessionCache; +import cc.smtweb.framework.core.cache.SessionCacheFactory; import cc.smtweb.framework.core.cache.redis.RedisManager; +import cc.smtweb.framework.core.common.R; +import cc.smtweb.framework.core.common.SwConsts; +import cc.smtweb.framework.core.exception.BizException; import cc.smtweb.framework.core.mvc.controller.IEditor; import cc.smtweb.framework.core.mvc.realm.exception.UnauthenticatedException; +import cc.smtweb.framework.core.util.NumberUtil; +import cc.smtweb.framework.core.util.StringUtil; import org.apache.commons.lang3.StringUtils; import org.springframework.web.context.request.RequestContextHolder; import javax.servlet.http.HttpServletRequest; +import java.util.ArrayList; +import java.util.List; +import java.util.concurrent.atomic.AtomicInteger; /** * 〈session工具类〉 @@ -15,6 +25,94 @@ import javax.servlet.http.HttpServletRequest; * @since 1.0.0 */ public class SessionUtil { + //登录令牌header名 + private final static String KEY_HEADER_SESSION = "Auth-Token"; + //url参数名 + private final static String KEY_PARAM_SESSION = "auth_token"; + + //防止重复提交指纹-header名 + private final static String KEY_HEADER_FP_KEY = "Fpk_Token"; + private final static String KEY_HEADER_FP_VAL = "Fpv_Token"; + //url参数名 + private final static String KEY_PARAM_FP_KEY = "fpk"; + private final static String KEY_PARAM_FP_VAL = "fpv"; + + //不需要校验登录的url + public static List notLoginUrl = new ArrayList<>(); + /*//不需要切换数据源的url,强制用主库 + public static List notSetDbUrl = new ArrayList<>();*/ + //不需要验证合法性的url + public static List notCheckUrlValid = new ArrayList<>(); + //不算用户交互操作的url,用于管理session失效 + public static List notInterActiveUrl = new ArrayList<>(); + static { + notLoginUrl.add("/db/*.do"); + notLoginUrl.add("/custdb/*.do"); + notLoginUrl.add("/attach/upload.do"); + notLoginUrl.add("/attach/download.do"); + notLoginUrl.add("/attach/uploadBase64.do"); + + notCheckUrlValid.add("/db/*.do"); + notCheckUrlValid.add("/custdb/*.do"); + notCheckUrlValid.add("/cust/common/httpService/service.do"); + notCheckUrlValid.add("/attach/upload.do"); + notCheckUrlValid.add("/attach/uploadBase64.do"); + + } + + private static void addUrl(String url, List list) { + list.add(url); + } + + //是否不需要url校验 + private static boolean isMatchUrl(String lasturi, List list) { + if (list.contains(lasturi)) return true; + for (String s: list){ + if (StringUtil.match(s, lasturi)) return true; + } + return false; + } + + //是否不需要登录验证 + public static boolean isNoLogin(String lasturi) { + return isMatchUrl(lasturi, notLoginUrl); + } + + //增加不需要登录的Uri + public static void addNoLoginUri(String uri) { + addUrl(uri, notLoginUrl); + } + + /*//是否不需要切换库 + public static boolean isNoSetDb(String lasturi) { + return isMatchUrl(lasturi, notSetDbUrl); + } + + //增加不需要登录的Uri + public static void addNoSetDbUrl(String uri) { + addUrl(uri, notSetDbUrl); + }*/ + + //是否不需要url校验 + public static boolean isNoCheckValid(String lasturi) { + return isMatchUrl(lasturi, notCheckUrlValid); + } + + //增加不需要校验合法性的Uri + public static void addNoCheckValidUri(String uri) { + addUrl(uri, notCheckUrlValid); + } + + //不算用户交互操作 + public static boolean isNoInterActive(String lasturi) { + return isMatchUrl(lasturi, notInterActiveUrl); + } + + //不算用户交互操作 + public static void addNoInterActiveUri(String uri) { + addUrl(uri, notInterActiveUrl); + } + private SessionUtil() { } @@ -23,41 +121,102 @@ public class SessionUtil { } public static String readToken(HttpServletRequest request) { - String token = request.getHeader("Auth-Token"); + return readToken(request, KEY_HEADER_SESSION, KEY_PARAM_SESSION); + } + + public static String readFingerKey(HttpServletRequest request) { + return readToken(request, KEY_HEADER_FP_KEY, KEY_PARAM_FP_KEY); + } + + public static int readFingerVal(HttpServletRequest request) { + return NumberUtil.getIntIgnoreErr(readToken(request, KEY_HEADER_FP_VAL, KEY_PARAM_FP_VAL)); + } + + private static String readToken(HttpServletRequest request, String headerName, String paramName) { + String token = request.getHeader(headerName); if (token == null) { - token = request.getParameter("auth_token"); + token = request.getParameter(paramName); } return token; } - public static UserSession checkSession(HttpServletRequest request, RedisManager redisManager) { - String token = readToken(request); + //无效登录异常 + public static void throwNoLogin() { + throw new BizException(SwConsts.ErrorCode.NO_LOGIN); + } - if (StringUtils.isBlank(token)) { - throw new UnauthenticatedException("not find Auth-Token in header"); - } + //校验是否登录 + private static void checkLogin(HttpServletRequest request) { - UserSession us = redisManager.get(token, UserSession.class); - if (us == null) { - throw new UnauthenticatedException("not find UserSession by token: " + token); - } + } - return us; + private static AtomicInteger getFingerVal(String id, String tokenkey) {//取并+1 + SessionCache cache = SessionCacheFactory.getInstance().getCache(KEY_PARAM_FP_KEY, 1200L); + return cache.get(id + "_" + tokenkey); } + public static void checkSession(HttpServletRequest request) { + //校验登录 + String lasturi = getUriLast(request.getContextPath(), request.getServletPath()); + String token = readToken(request); + UserSession us = null; + if (StringUtils.isNotBlank(token)) { + us = RedisManager.getInstance().get(token, UserSession.class); + } + //校验登录 + final boolean isNologin ="design".equals(token) || isNoLogin(lasturi); + if (!isNologin) { + if (us == null) { + throwNoLogin(); + } - public static UserSession checkSession(String accessToken, RedisManager redisManager) { - if (StringUtils.isBlank(accessToken)) { - throw new UnauthenticatedException("not find Auth-Token in header"); + request.setAttribute(IEditor.USER_TOKEN, token); + request.setAttribute(IEditor.USER_SESSION, us); } - UserSession us = redisManager.get(accessToken, UserSession.class); - if (us == null) { - throw new UnauthenticatedException("not find UserSession by token: " + accessToken); + String fpk = readFingerKey(request); + if (!StringUtil.isEmpty(fpk)) { + //校验指纹 + String fpKey = us != null ? String.valueOf(us.getUserId()): request.getSession(true).getId(); + int fpv = readFingerVal(request); + + SessionCache cache = SessionCacheFactory.getInstance().getCache(KEY_PARAM_FP_KEY, 1200L); + AtomicInteger ai = cache.get(fpKey + "_" + fpk); + int bv = ai != null ? ai.get() : 0; + if (fpv != bv) { + throw new BizException(SwConsts.ErrorCode.TOKEN_INVALID, "指纹错误,请勿重复提交!"); + } } + } + + //设置指纹 + public static void setFingerValue(HttpServletRequest request, R r) { + String fpk = readFingerKey(request); + if (!StringUtil.isEmpty(fpk)) { + UserSession us = (UserSession) request.getAttribute(IEditor.USER_SESSION); + String fpKey = us != null ? String.valueOf(us.getUserId()): request.getSession(true).getId(); + SessionCache cache = SessionCacheFactory.getInstance().getCache(KEY_PARAM_FP_KEY, 1200L); + + AtomicInteger ai = cache.get(fpKey + "_" + fpk); + if (ai == null) { + cache.put(fpKey + "_" + fpk, new AtomicInteger(0)); + } + r.put(KEY_PARAM_FP_VAL, ai.getAndIncrement()); + } + } - return us; + /** + * 截取请求名称,如重 /${contextPath}/framework/loginpage.do中截出loginpage.do; + * + * @param contextPath /dfp + * @param uri /dfp/framework/loginpage.do + */ + private static String getUriLast(String contextPath, String uri) { + int index = uri.indexOf(contextPath+"/"); + if (index < 0) return uri; + if (index > 1) return uri; + return uri.substring(index + contextPath.length()); } // private static Session getShiroSession() { diff --git a/smtweb-framework/pom.xml b/smtweb-framework/pom.xml index 38a69dc..c08d83c 100644 --- a/smtweb-framework/pom.xml +++ b/smtweb-framework/pom.xml @@ -27,5 +27,10 @@ core bpm + + + From be8af8b9633140401759bf5808c0c15d23c8d955 Mon Sep 17 00:00:00 2001 From: zhenggm Date: Thu, 8 Sep 2022 17:15:21 +0800 Subject: [PATCH 06/13] =?UTF-8?q?=E7=B3=BB=E7=BB=9F=EF=BC=9A=E6=8B=A6?= =?UTF-8?q?=E6=88=AA=E5=99=A8=E8=B0=83=E6=95=B4=EF=BC=8C=E7=BB=9F=E4=B8=80?= =?UTF-8?q?=E5=BC=82=E5=B8=B8=E5=A4=84=E7=90=86=EF=BC=8C=E9=98=B2=E9=87=8D?= =?UTF-8?q?=E5=A4=8D=E6=8F=90=E4=BA=A4=E6=8C=87=E7=BA=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/cc/smtweb/framework/core/session/SessionUtil.java | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/session/SessionUtil.java b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/session/SessionUtil.java index 32c51c0..60f9b51 100644 --- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/session/SessionUtil.java +++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/session/SessionUtil.java @@ -146,16 +146,6 @@ public class SessionUtil { throw new BizException(SwConsts.ErrorCode.NO_LOGIN); } - //校验是否登录 - private static void checkLogin(HttpServletRequest request) { - - } - - private static AtomicInteger getFingerVal(String id, String tokenkey) {//取并+1 - SessionCache cache = SessionCacheFactory.getInstance().getCache(KEY_PARAM_FP_KEY, 1200L); - return cache.get(id + "_" + tokenkey); - } - public static void checkSession(HttpServletRequest request) { //校验登录 String lasturi = getUriLast(request.getContextPath(), request.getServletPath()); @@ -202,6 +192,7 @@ public class SessionUtil { if (ai == null) { cache.put(fpKey + "_" + fpk, new AtomicInteger(0)); } + r.put(KEY_PARAM_FP_KEY, fpk); r.put(KEY_PARAM_FP_VAL, ai.getAndIncrement()); } } From 159f1147f064471d7f32a6f036b450e64f5bd9ae Mon Sep 17 00:00:00 2001 From: zhenggm Date: Thu, 8 Sep 2022 18:49:18 +0800 Subject: [PATCH 07/13] =?UTF-8?q?=E7=B3=BB=E7=BB=9F=EF=BC=9A=E6=8B=A6?= =?UTF-8?q?=E6=88=AA=E5=99=A8=E8=B0=83=E6=95=B4=EF=BC=8C=E7=BB=9F=E4=B8=80?= =?UTF-8?q?=E5=BC=82=E5=B8=B8=E5=A4=84=E7=90=86=EF=BC=8C=E9=98=B2=E9=87=8D?= =?UTF-8?q?=E5=A4=8D=E6=8F=90=E4=BA=A4=E6=8C=87=E7=BA=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/cc/smtweb/framework/core/session/SessionUtil.java | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/session/SessionUtil.java b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/session/SessionUtil.java index 60f9b51..91b02d2 100644 --- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/session/SessionUtil.java +++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/session/SessionUtil.java @@ -170,12 +170,13 @@ public class SessionUtil { //校验指纹 String fpKey = us != null ? String.valueOf(us.getUserId()): request.getSession(true).getId(); int fpv = readFingerVal(request); - - SessionCache cache = SessionCacheFactory.getInstance().getCache(KEY_PARAM_FP_KEY, 1200L); - AtomicInteger ai = cache.get(fpKey + "_" + fpk); - int bv = ai != null ? ai.get() : 0; - if (fpv != bv) { - throw new BizException(SwConsts.ErrorCode.TOKEN_INVALID, "指纹错误,请勿重复提交!"); + if (fpv > 0) { + SessionCache cache = SessionCacheFactory.getInstance().getCache(KEY_PARAM_FP_KEY, 1200L); + AtomicInteger ai = cache.get(fpKey + "_" + fpk); + int bv = ai != null ? ai.get(): 0; + if (fpv != bv) { + throw new BizException(SwConsts.ErrorCode.TOKEN_INVALID, "指纹错误,请勿重复提交!"); + } } } } From a258676c8d8d6a30e797528b1cab106a72c08590 Mon Sep 17 00:00:00 2001 From: zhenggm Date: Thu, 8 Sep 2022 18:57:37 +0800 Subject: [PATCH 08/13] =?UTF-8?q?=E7=B3=BB=E7=BB=9F=EF=BC=9A=E6=8B=A6?= =?UTF-8?q?=E6=88=AA=E5=99=A8=E8=B0=83=E6=95=B4=EF=BC=8C=E7=BB=9F=E4=B8=80?= =?UTF-8?q?=E5=BC=82=E5=B8=B8=E5=A4=84=E7=90=86=EF=BC=8C=E9=98=B2=E9=87=8D?= =?UTF-8?q?=E5=A4=8D=E6=8F=90=E4=BA=A4=E6=8C=87=E7=BA=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../src/main/java/cc/smtweb/framework/core/session/SessionUtil.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/session/SessionUtil.java b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/session/SessionUtil.java index 91b02d2..13f5340 100644 --- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/session/SessionUtil.java +++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/session/SessionUtil.java @@ -191,7 +191,8 @@ public class SessionUtil { AtomicInteger ai = cache.get(fpKey + "_" + fpk); if (ai == null) { - cache.put(fpKey + "_" + fpk, new AtomicInteger(0)); + ai = new AtomicInteger(0); + cache.put(fpKey + "_" + fpk, ai); } r.put(KEY_PARAM_FP_KEY, fpk); r.put(KEY_PARAM_FP_VAL, ai.getAndIncrement()); From 01ba68355476fee9e96cfd6c62610e4ebc37e7e2 Mon Sep 17 00:00:00 2001 From: FLYPHT <1035748121@qq.com> Date: Thu, 8 Sep 2022 19:11:23 +0800 Subject: [PATCH 09/13] =?UTF-8?q?=E4=BC=98=E5=8C=96=EF=BC=9A=E5=B7=A5?= =?UTF-8?q?=E4=BD=9C=E6=B5=81=E6=A8=A1=E5=9E=8B=E9=85=8D=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../src/main/java/cc/smtweb/framework/core/session/SessionUtil.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/session/SessionUtil.java b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/session/SessionUtil.java index 13f5340..ad099c4 100644 --- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/session/SessionUtil.java +++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/session/SessionUtil.java @@ -46,7 +46,9 @@ public class SessionUtil { //不算用户交互操作的url,用于管理session失效 public static List notInterActiveUrl = new ArrayList<>(); static { - notLoginUrl.add("/db/*.do"); + notLoginUrl.add("/api/getVerifyCode"); + notLoginUrl.add("/api/bpm/auth/login"); + notLoginUrl.add("/fs/static/*"); notLoginUrl.add("/custdb/*.do"); notLoginUrl.add("/attach/upload.do"); notLoginUrl.add("/attach/download.do"); From 1e916dc40de54cc947da79bc5f2b081d4b152163 Mon Sep 17 00:00:00 2001 From: zhenggm Date: Thu, 8 Sep 2022 19:21:34 +0800 Subject: [PATCH 10/13] =?UTF-8?q?=E7=B3=BB=E7=BB=9F=EF=BC=9A=E6=8B=A6?= =?UTF-8?q?=E6=88=AA=E5=99=A8=E8=B0=83=E6=95=B4=EF=BC=8C=E7=BB=9F=E4=B8=80?= =?UTF-8?q?=E5=BC=82=E5=B8=B8=E5=A4=84=E7=90=86=EF=BC=8C=E9=98=B2=E9=87=8D?= =?UTF-8?q?=E5=A4=8D=E6=8F=90=E4=BA=A4=E6=8C=87=E7=BA=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../src/main/java/cc/smtweb/framework/core/session/SessionUtil.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/session/SessionUtil.java b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/session/SessionUtil.java index ad099c4..2db422b 100644 --- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/session/SessionUtil.java +++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/session/SessionUtil.java @@ -197,7 +197,7 @@ public class SessionUtil { cache.put(fpKey + "_" + fpk, ai); } r.put(KEY_PARAM_FP_KEY, fpk); - r.put(KEY_PARAM_FP_VAL, ai.getAndIncrement()); + r.put(KEY_PARAM_FP_VAL, ai.incrementAndGet()); } } From 7893a1fb6ed585b9f88e02cc4f133392b7249e5f Mon Sep 17 00:00:00 2001 From: zhenggm Date: Fri, 9 Sep 2022 14:40:42 +0800 Subject: [PATCH 11/13] =?UTF-8?q?=E7=B3=BB=E7=BB=9F=EF=BC=9A=E8=87=AA?= =?UTF-8?q?=E5=AE=9A=E4=B9=89sql=E7=9A=84=E8=A1=A8=E6=9B=BF=E6=8D=A2,[#tab?= =?UTF-8?q?leName#]?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../cc/smtweb/system/bpm/web/engine/dynPage/DynPageHelper.java | 3 ++- .../system/bpm/web/engine/dynPage/DynPageLoadHandler.java | 2 +- .../cc/smtweb/framework/core/cache/redis/RedisSysTask.java | 2 -- .../src/main/java/cc/smtweb/framework/core/util/SqlUtil.java | 10 +++++++++- 4 files changed, 12 insertions(+), 5 deletions(-) diff --git a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/engine/dynPage/DynPageHelper.java b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/engine/dynPage/DynPageHelper.java index d805477..8ec90f0 100644 --- a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/engine/dynPage/DynPageHelper.java +++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/engine/dynPage/DynPageHelper.java @@ -14,6 +14,7 @@ import cc.smtweb.framework.core.exception.SwException; import cc.smtweb.framework.core.mvc.service.SqlNamedPara; import cc.smtweb.framework.core.util.MapUtil; import cc.smtweb.framework.core.util.NumberUtil; +import cc.smtweb.framework.core.util.SqlUtil; import cc.smtweb.framework.core.util.StringUtil; import cc.smtweb.system.bpm.web.design.form.define.*; import org.apache.commons.lang3.StringUtils; @@ -187,7 +188,7 @@ public class DynPageHelper { if (listener != null) listener.buildSelect(dataSet, sql); return sql.toString(); } else { - return dataSet.sql; + return SqlUtil.replaceTable(dataSet.sql); } } diff --git a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/engine/dynPage/DynPageLoadHandler.java b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/engine/dynPage/DynPageLoadHandler.java index c024f6a..c030db5 100644 --- a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/engine/dynPage/DynPageLoadHandler.java +++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/engine/dynPage/DynPageLoadHandler.java @@ -104,7 +104,7 @@ public class DynPageLoadHandler extends AbstractDynPageHandler { SwMap filter = params.readMap("filter"); //对应的数据集定义 PageDataset pageDataSet = readParamDs(); - + DynRetBean bean = null; if (SwEnum.DatasetType.LIST.value.equals(pageDataSet.type)) {//列表类 bean = DynRetBean.createList(getListWorker(filter, pageDataSet).buildListData()); diff --git a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/cache/redis/RedisSysTask.java b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/cache/redis/RedisSysTask.java index c7d9ce4..5042292 100644 --- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/cache/redis/RedisSysTask.java +++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/cache/redis/RedisSysTask.java @@ -38,8 +38,6 @@ public class RedisSysTask implements ISysTask { RedisBroadcastEvent redisBroadcast = JsonUtil.parse(message, RedisBroadcastEvent.class); applicationContext.publishEvent(redisBroadcast); - -// log.debug("Redis [" + channel + "] message:" + redisBroadcast); } }); diff --git a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/util/SqlUtil.java b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/util/SqlUtil.java index fe54704..58cb618 100644 --- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/util/SqlUtil.java +++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/util/SqlUtil.java @@ -3,6 +3,7 @@ package cc.smtweb.framework.core.util; import cc.smtweb.framework.core.common.AbstractEnum; import cc.smtweb.framework.core.common.IntEnum; import cc.smtweb.framework.core.common.StrEnum; +import cc.smtweb.framework.core.db.EntityHelper; import org.apache.commons.lang3.StringUtils; import java.util.List; @@ -22,7 +23,14 @@ public abstract class SqlUtil { * @return */ public static String replaceTable(String sql) { - return sql; + return StringUtil.myReplaceStrEx(sql, "[#", "#]", new StringUtil.IStrHanlder() { + @Override + public String work(String src) { + src = src.toUpperCase(); + return EntityHelper.getSchemaTableName(src); + } + }); + } /** From 29d76d56b5538d79eb1092104034e916af7b082e Mon Sep 17 00:00:00 2001 From: FLYPHT <1035748121@qq.com> Date: Fri, 9 Sep 2022 15:11:46 +0800 Subject: [PATCH 12/13] =?UTF-8?q?=E4=BC=98=E5=8C=96=EF=BC=9A=E7=AE=A1?= =?UTF-8?q?=E7=90=86=E5=91=98=E7=9A=84=E6=9D=83=E9=99=90=E6=8E=A7=E5=88=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../web/design/preview/PreviewMenuTreeService.java | 26 +++++++++++++++++----- .../bpm/web/sys/user/menuPlan/MenuPlanContent.java | 17 +++++++++++++- .../bpm/web/sys/user/menuPlan/MenuPlanItem.java | 12 ++++++++++ .../system/bpm/web/sys/user/role/RoleHelper.java | 10 +++++++++ 4 files changed, 58 insertions(+), 7 deletions(-) diff --git a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/design/preview/PreviewMenuTreeService.java b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/design/preview/PreviewMenuTreeService.java index 84162c7..1f9b501 100644 --- a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/design/preview/PreviewMenuTreeService.java +++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/design/preview/PreviewMenuTreeService.java @@ -34,9 +34,14 @@ public class PreviewMenuTreeService { public R treeAll(@SwParam("module") String module, UserSession us) { String prj_id = ModelProjectCache.getInstance().getIdByModule(module); if (!SwConsts.SysParam.SYS_DEBUG) { - List menuVOList = buildMenu(prj_id, module, us); + MenuVO home = new MenuVO(); + List menuVOList = buildMenu(prj_id, module, us,home); if (!CommUtil.isEmpty(menuVOList)) { - return R.success(menuVOList); + R r = R.success(menuVOList); + if(home.getId()>0){ + r.put("home",home); + } + return r; }else { return R.success(new ArrayList<>()); } @@ -76,11 +81,10 @@ public class PreviewMenuTreeService { root.setPath(module); root.setId(-1L); List data = TreeDataUtil.buildTree(root, list, MenuVO.createTreeHandler()); - - return R.success(data); + return R.success(data); } - public List buildMenu(String prj_id, String module, UserSession us) { + public List buildMenu(String prj_id, String module, UserSession us,MenuVO home) { Set set = RoleHelper.getMenuPlans(us.getUserId(),us.getPartyId()); if (CommUtil.isEmpty(set)) { return new ArrayList<>(); @@ -89,8 +93,18 @@ public class PreviewMenuTreeService { MenuPlanContent mpc = new MenuPlanContent(menuPlan.getContent()); List list = new ArrayList<>(); Set rightMenuIds = RoleHelper.getRoleMenuIds(us.getUserId() , us.getPartyId(),menuPlan.getId(), true); + for(MenuPlanItem item : mpc.getHomeList()){ + long id = item.getId(); + if(rightMenuIds.contains(id)){ + home.setId(item.getId()); + home.setName(item.getLabel()); + home.setIcon(item.getIcon()); + home.setPath(MenuCache.getInstance().getPath(item.getMenu())); + break; + } + } for (MenuPlanItem mp : mpc.getChildren(0)) { - List menuVOList = buildMenuWithRight(-1, mp,rightMenuIds); + List menuVOList = RoleHelper.isAdmin(us.getUserId())? buildMenu(-1,mp):buildMenuWithRight(-1, mp,rightMenuIds); if (menuVOList == null) continue; list.addAll(menuVOList); } diff --git a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/menuPlan/MenuPlanContent.java b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/menuPlan/MenuPlanContent.java index d3dd293..c762580 100644 --- a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/menuPlan/MenuPlanContent.java +++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/menuPlan/MenuPlanContent.java @@ -75,6 +75,7 @@ public class MenuPlanContent { oldItem.setMenu(item.getMenu()); oldItem.setIcon(item.getIcon()); oldItem.setSeq(item.getSeq()); + oldItem.setHome(item.getHome()); } } @@ -122,7 +123,21 @@ public class MenuPlanContent { MenuPlanItem parent = findById(parentId); return parent == null ? new ArrayList<>(): parent.getChildren(); } - + // 获取主页 + public List getHomeList(){ + List homeList = new ArrayList<>(); + findHome(list,homeList); + return homeList; + } + private void findHome(List source,List homeList){ + if(CommUtil.isEmpty(source))return; + for(MenuPlanItem item: source){ + if(item.getHome() == 1){ + homeList.add(item); + } + findHome(item.getChildren(),homeList); + } + } private MenuPlanItem findById(long id, List itemList) { if (CommUtil.isEmpty(itemList)) { return null; diff --git a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/menuPlan/MenuPlanItem.java b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/menuPlan/MenuPlanItem.java index e9d275f..fda1d80 100644 --- a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/menuPlan/MenuPlanItem.java +++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/menuPlan/MenuPlanItem.java @@ -80,7 +80,19 @@ public class MenuPlanItem extends BaseBean { public void setSeq(int seq) { put("seq", seq); } + /** + * 排序码 + */ + public int getHome() { + return getInt("home"); + } + /** + * 排序码 + */ + public void setHome(int home) { + put("home", home); + } public void setChildren(List children) { put("children", children); } diff --git a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/role/RoleHelper.java b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/role/RoleHelper.java index 71d41ec..a468715 100644 --- a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/role/RoleHelper.java +++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/role/RoleHelper.java @@ -4,6 +4,8 @@ import cc.smtweb.system.bpm.web.sys.user.menuPlan.MenuPlan; import cc.smtweb.system.bpm.web.sys.user.menuPlan.MenuPlanCache; import cc.smtweb.system.bpm.web.sys.user.menuPlan.MenuPlanContent; import cc.smtweb.system.bpm.web.sys.user.menuPlan.MenuPlanItem; +import cc.smtweb.system.bpm.web.sys.user.user.User; +import cc.smtweb.system.bpm.web.sys.user.user.UserCache; import cc.smtweb.system.bpm.web.sys.user.user.UserRoleCache; import java.util.HashSet; @@ -16,6 +18,14 @@ import java.util.Set; * @Desc: 角色辅助类 */ public final class RoleHelper { + public static boolean isAdmin(long userId){ + if(userId ==1L) return true; + User user = UserCache.getInstance().get(userId); + if(user!=null){ + return "admin".equalsIgnoreCase(user.getNicky()); + } + return false; + } /** * 获取角色权限 * @param userId 用户ID From b148e4d35baf4d4ed0360b1069a0e3e86ddaf0ce Mon Sep 17 00:00:00 2001 From: ht <2583017235@qq.com> Date: Fri, 9 Sep 2022 15:35:43 +0800 Subject: [PATCH 13/13] =?UTF-8?q?=E8=A7=92=E8=89=B2=E6=9D=83=E9=99=90admin?= =?UTF-8?q?=E6=B7=BB=E5=8A=A0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../smtweb/system/bpm/web/design/preview/PreviewMenuTreeService.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/design/preview/PreviewMenuTreeService.java b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/design/preview/PreviewMenuTreeService.java index 1f9b501..3a93cbf 100644 --- a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/design/preview/PreviewMenuTreeService.java +++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/design/preview/PreviewMenuTreeService.java @@ -38,7 +38,7 @@ public class PreviewMenuTreeService { List menuVOList = buildMenu(prj_id, module, us,home); if (!CommUtil.isEmpty(menuVOList)) { R r = R.success(menuVOList); - if(home.getId()>0){ + if(home.getId()!=null&&home.getId()>0){ r.put("home",home); } return r; @@ -85,7 +85,7 @@ public class PreviewMenuTreeService { } public List buildMenu(String prj_id, String module, UserSession us,MenuVO home) { - Set set = RoleHelper.getMenuPlans(us.getUserId(),us.getPartyId()); + Set set = RoleHelper.isAdmin(us.getUserId()) ? MenuPlanCache.getInstance().getByP(prj_id):RoleHelper.getMenuPlans(us.getUserId(),us.getPartyId()); if (CommUtil.isEmpty(set)) { return new ArrayList<>(); }