权限为空时问题处理

2021-12-08 19:26:37 +08:00 · 2021-12-08 19:26:37 +08:00 · 2e99c26654
commit 2e99c26654
parent 2e5f383db4
1 changed files with 16 additions and 2 deletions
--- a/manager-api/src/main/java/cn/lili/security/ManagerAuthenticationFilter.java
+++ b/manager-api/src/main/java/cn/lili/security/ManagerAuthenticationFilter.java
@ -90,8 +90,8 @@ public class ManagerAuthenticationFilter extends BasicAuthenticationFilter {
            //获取数据(GET 请求)权限
            if (request.getMethod().equals(RequestMethod.GET.name())) {
                //如果用户的超级权限和查阅权限都不包含当前请求的api
-                if (PatternMatchUtils.simpleMatch(permission.get(PermissionEnum.SUPER.name()).toArray(new String[0]), requestUrl)
-                        || PatternMatchUtils.simpleMatch(permission.get(PermissionEnum.QUERY.name()).toArray(new String[0]), requestUrl)) {
+                if (match(permission.get(PermissionEnum.SUPER.name()), requestUrl) ||
+                        match(permission.get(PermissionEnum.QUERY.name()), requestUrl)) {
                } else {
                    ResponseUtil.output(response, ResponseUtil.resultMap(false, 400, "权限不足"));
                    throw new NoPermissionException("权限不足");
@ -109,6 +109,20 @@ public class ManagerAuthenticationFilter extends BasicAuthenticationFilter {
        }
    }

+    /**
+     * 校验权限
+     *
+     * @param permissions 权限集合
+     * @param url         请求地址
+     * @return 是否拥有权限
+     */
+    boolean match(List<String> permissions, String url) {
+        if (permissions.isEmpty()) {
+            return false;
+        }
+        return PatternMatchUtils.simpleMatch(permissions.toArray(new String[0]), url);
+    }
+
    /**
     * 获取token信息
     *