From 2e99c26654e7df2d017f87ea671722247ac1394c Mon Sep 17 00:00:00 2001 From: Chopper Date: Wed, 8 Dec 2021 19:26:37 +0800 Subject: [PATCH] =?UTF-8?q?=E6=9D=83=E9=99=90=E4=B8=BA=E7=A9=BA=E6=97=B6?= =?UTF-8?q?=E9=97=AE=E9=A2=98=E5=A4=84=E7=90=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../security/ManagerAuthenticationFilter.java | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/manager-api/src/main/java/cn/lili/security/ManagerAuthenticationFilter.java b/manager-api/src/main/java/cn/lili/security/ManagerAuthenticationFilter.java index d45eb63f..0d3654e5 100755 --- a/manager-api/src/main/java/cn/lili/security/ManagerAuthenticationFilter.java +++ b/manager-api/src/main/java/cn/lili/security/ManagerAuthenticationFilter.java @@ -90,8 +90,8 @@ public class ManagerAuthenticationFilter extends BasicAuthenticationFilter { //获取数据(GET 请求)权限 if (request.getMethod().equals(RequestMethod.GET.name())) { //如果用户的超级权限和查阅权限都不包含当前请求的api - if (PatternMatchUtils.simpleMatch(permission.get(PermissionEnum.SUPER.name()).toArray(new String[0]), requestUrl) - || PatternMatchUtils.simpleMatch(permission.get(PermissionEnum.QUERY.name()).toArray(new String[0]), requestUrl)) { + if (match(permission.get(PermissionEnum.SUPER.name()), requestUrl) || + match(permission.get(PermissionEnum.QUERY.name()), requestUrl)) { } else { ResponseUtil.output(response, ResponseUtil.resultMap(false, 400, "权限不足")); throw new NoPermissionException("权限不足"); @@ -109,6 +109,20 @@ public class ManagerAuthenticationFilter extends BasicAuthenticationFilter { } } + /** + * 校验权限 + * + * @param permissions 权限集合 + * @param url 请求地址 + * @return 是否拥有权限 + */ + boolean match(List permissions, String url) { + if (permissions.isEmpty()) { + return false; + } + return PatternMatchUtils.simpleMatch(permissions.toArray(new String[0]), url); + } + /** * 获取token信息 *