当用户一个权限都没有时，会导致用户无法进入管理端页面，问题修复

2021-12-08 20:21:51 +08:00 · 2021-12-08 20:21:51 +08:00 · 520c09b801
commit 520c09b801
parent f850e4adaa
2 changed files with 30 additions and 29 deletions
--- a/framework/src/main/java/cn/lili/modules/system/token/ManagerTokenGenerate.java
+++ b/framework/src/main/java/cn/lili/modules/system/token/ManagerTokenGenerate.java
@ -68,40 +68,40 @@ public class ManagerTokenGenerate extends AbstractTokenGenerate {
     */
    private Map<String, List<String>> permissionList(List<UserMenuVO> userMenuVOList) {
        Map<String, List<String>> permission = new HashMap<>(2);
-        if (userMenuVOList == null || userMenuVOList.size() == 0) {
+
            return permission;
        }
        List<String> superPermissions = new ArrayList<>();
        List<String> queryPermissions = new ArrayList<>();
        initPermission(superPermissions, queryPermissions);
        //循环权限菜单
-        userMenuVOList.forEach(menu -> {
+        if (userMenuVOList == null || userMenuVOList.isEmpty()) {
-            //循环菜单，赋予用户权限
+            userMenuVOList.forEach(menu -> {
-            if (StrUtil.isNotEmpty(menu.getPermission())) {
+                //循环菜单，赋予用户权限
-                //获取路径集合
+                if (StrUtil.isNotEmpty(menu.getPermission())) {
-                String[] permissionUrl = menu.getPermission().split(",");
+                    //获取路径集合
-                //for循环路径集合
+                    String[] permissionUrl = menu.getPermission().split(",");
-                for (String url : permissionUrl) {
+                    //for循环路径集合
-                    //如果是超级权限 则计入超级权限
+                    for (String url : permissionUrl) {
-                    if (menu.getSuper()) {
+                        //如果是超级权限 则计入超级权限
-                        //如果已有超级权限，则这里就不做权限的累加
+                        if (menu.getSuper()) {
-                        if (!superPermissions.contains(url)) {
+                            //如果已有超级权限，则这里就不做权限的累加
-                            superPermissions.add(url);
+                            if (!superPermissions.contains(url)) {
                                superPermissions.add(url);
                            }
                        }
-                    }
+                        //否则计入浏览权限
-                    //否则计入浏览权限
+                        else {
-                    else {
+                            //没有权限，则累加。
-                        //没有权限，则累加。
+                            if (!queryPermissions.contains(url)) {
-                        if (!queryPermissions.contains(url)) {
+                                queryPermissions.add(url);
-                            queryPermissions.add(url);
+                            }
                        }
                    }
                }
-            }
+                //去除重复的权限
-            //去除重复的权限
+                queryPermissions.removeAll(superPermissions);
-            queryPermissions.removeAll(superPermissions);
+            });
-        });
+        }
        permission.put(PermissionEnum.SUPER.name(), superPermissions);
        permission.put(PermissionEnum.QUERY.name(), queryPermissions);
        return permission;
--- a/manager-api/src/main/java/cn/lili/security/ManagerAuthenticationFilter.java
+++ b/manager-api/src/main/java/cn/lili/security/ManagerAuthenticationFilter.java
@ -1,6 +1,7 @@
 package cn.lili.security;
 import cn.hutool.core.util.StrUtil;
 import cn.hutool.json.JSONUtil;
 import cn.lili.cache.Cache;
 import cn.lili.cache.CachePrefix;
 import cn.lili.common.security.AuthUser;
@ -94,16 +95,16 @@ public class ManagerAuthenticationFilter extends BasicAuthenticationFilter {
                        match(permission.get(PermissionEnum.QUERY.name()), requestUrl)) {
                } else {
                    ResponseUtil.output(response, ResponseUtil.resultMap(false, 400, "权限不足"));
-                    log.error("当前请求路径：{},所拥有权限：{}", requestUrl, permission);
+                    log.error("当前请求路径：{},所拥有权限：{}", requestUrl, JSONUtil.toJsonStr(permission));
-                    throw new NoPermissionException("权限不足-" + requestUrl);
+                    throw new NoPermissionException("权限不足");
                }
            }
            //非get请求（数据操作） 判定鉴权
            else {
                if (!match(permission.get(PermissionEnum.SUPER.name()), requestUrl)) {
                    ResponseUtil.output(response, ResponseUtil.resultMap(false, 400, "权限不足"));
-                    log.error("当前请求路径：{},所拥有权限：{}", requestUrl, permission);
+                    log.error("当前请求路径：{},所拥有权限：{}", requestUrl, JSONUtil.toJsonStr(permission));
-                    throw new NoPermissionException("权限不足-" + requestUrl);
+                    throw new NoPermissionException("权限不足");
                }
            }
        }