fix: 修复权限更新后，登录用户权限没有更新问题。

2023-06-06 18:06:41 +08:00 · 2023-06-06 18:06:41 +08:00 · 63f1f0df21
commit 63f1f0df21
parent 5d6e99dc8a
7 changed files with 77 additions and 31 deletions
--- a/framework/src/main/java/cn/lili/modules/member/serviceimpl/ClerkServiceImpl.java
+++ b/framework/src/main/java/cn/lili/modules/member/serviceimpl/ClerkServiceImpl.java
@ -170,8 +170,6 @@ public class ClerkServiceImpl extends ServiceImpl<ClerkMapper, Clerk> implements
                if (!clerkEditDTO.getRoles().isEmpty()) {
                    clerk.setRoleIds(CharSequenceUtil.join(",", clerkEditDTO.getRoles()));
                }
-                cache.vagueDel(CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.STORE) + UserContext.getCurrentUser().getId());
-                cache.vagueDel(CachePrefix.STORE_USER_MENU.getPrefix() + UserContext.getCurrentUser().getId());
            }

            //部门校验
@ -182,6 +180,18 @@ public class ClerkServiceImpl extends ServiceImpl<ClerkMapper, Clerk> implements
                    throw new ServiceException(ResultCode.PERMISSION_NOT_FOUND_ERROR);
                }
            }
+
+            //判断用户角色权限不为超级会员且权限路径不为空
+            if (Boolean.FALSE.equals(clerkEditDTO.getIsSuper()) && clerkEditDTO.getRoles() != null) {
+                //添加店员用户角色
+                List<StoreClerkRole> storeClerkRoleList = new ArrayList<>();
+
+                clerkEditDTO.getRoles().forEach(a -> storeClerkRoleList.add(StoreClerkRole.builder().clerkId(clerk.getId()).roleId(a).build()));
+
+                storeClerkRoleService.saveBatch(storeClerkRoleList);
+                cache.vagueDel(CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.STORE) + UserContext.getCurrentUser().getId());
+                cache.vagueDel(CachePrefix.STORE_USER_MENU.getPrefix() + UserContext.getCurrentUser().getId());
+            }
            clerk.setIsSuper(clerkEditDTO.getIsSuper());
            this.updateById(clerk);
            return clerk;
--- a/framework/src/main/java/cn/lili/modules/member/serviceimpl/StoreMenuServiceImpl.java
+++ b/framework/src/main/java/cn/lili/modules/member/serviceimpl/StoreMenuServiceImpl.java
@ -18,7 +18,6 @@ import cn.lili.modules.member.mapper.StoreMenuMapper;
 import cn.lili.modules.member.service.ClerkService;
 import cn.lili.modules.member.service.StoreMenuRoleService;
 import cn.lili.modules.member.service.StoreMenuService;
-import cn.lili.modules.member.token.StoreTokenGenerate;
 import cn.lili.modules.permission.entity.dto.MenuSearchParams;
 import cn.lili.mybatis.util.PageUtil;
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
@ -56,8 +55,6 @@ public class StoreMenuServiceImpl extends ServiceImpl<StoreMenuMapper, StoreMenu
    private ClerkService clerkService;


-    @Autowired
-    private StoreTokenGenerate storeTokenGenerate;

    @Override
    @Transactional(rollbackFor = Exception.class)
@ -95,14 +92,6 @@ public class StoreMenuServiceImpl extends ServiceImpl<StoreMenuMapper, StoreMenu
            menuList = this.baseMapper.findByUserId(clerkId);
            cache.put(cacheKey, menuList);
        }
-
-        String permissionCacheKey = CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.STORE) + userId;
-        Map<String, List<String>> permission = (Map<String, List<String>>) cache.get(permissionCacheKey);
-        if (permission == null || permission.isEmpty()) {
-            permission = storeTokenGenerate.permissionList(storeMenuRoleService.findAllMenu(clerkId, userId));
-            cache.put(permissionCacheKey, permission);
-        }
-
        return menuList;
    }

--- a/framework/src/main/java/cn/lili/modules/permission/serviceimpl/MenuServiceImpl.java
+++ b/framework/src/main/java/cn/lili/modules/permission/serviceimpl/MenuServiceImpl.java
@ -17,7 +17,6 @@ import cn.lili.modules.permission.entity.vo.UserMenuVO;
 import cn.lili.modules.permission.mapper.MenuMapper;
 import cn.lili.modules.permission.service.MenuService;
 import cn.lili.modules.permission.service.RoleMenuService;
-import cn.lili.modules.system.token.ManagerTokenGenerate;
 import cn.lili.mybatis.util.PageUtil;
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
@ -43,8 +42,6 @@ public class MenuServiceImpl extends ServiceImpl<MenuMapper, Menu> implements Me
    @Autowired
    private RoleMenuService roleMenuService;

-    @Autowired
-    private ManagerTokenGenerate managerTokenGenerate;

    @Autowired
    private Cache cache;
@ -83,11 +80,6 @@ public class MenuServiceImpl extends ServiceImpl<MenuMapper, Menu> implements Me
            //每5分钟重新确认用户权限
            cache.put(cacheKey, menuList, 300L);
        }
-        String permissionCacheKey = CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.MANAGER) + userId;
-        Map<String, List<String>> permission = (Map<String, List<String>>) cache.get(permissionCacheKey);
-        if (permission == null || permission.isEmpty()) {
-            cache.put(permissionCacheKey, this.managerTokenGenerate.permissionList(this.findAllMenu(userId)));
-        }
        return menuList;
    }

--- a/manager-api/src/main/java/cn/lili/security/ManagerAuthenticationFilter.java
+++ b/manager-api/src/main/java/cn/lili/security/ManagerAuthenticationFilter.java
@ -10,6 +10,8 @@ import cn.lili.common.security.enums.SecurityEnum;
 import cn.lili.common.security.enums.UserEnums;
 import cn.lili.common.security.token.SecretKeyUtil;
 import cn.lili.common.utils.ResponseUtil;
+import cn.lili.modules.permission.service.MenuService;
+import cn.lili.modules.system.token.ManagerTokenGenerate;
 import com.google.gson.Gson;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.ExpiredJwtException;
@ -43,10 +45,18 @@ public class ManagerAuthenticationFilter extends BasicAuthenticationFilter {

    private final Cache cache;

+    public final MenuService menuService;
+
+    private final ManagerTokenGenerate managerTokenGenerate;
+
    public ManagerAuthenticationFilter(AuthenticationManager authenticationManager,
+                                       MenuService menuService,
+                                       ManagerTokenGenerate managerTokenGenerate,
                                       Cache cache) {
        super(authenticationManager);
        this.cache = cache;
+        this.menuService = menuService;
+        this.managerTokenGenerate = managerTokenGenerate;
    }

    @SneakyThrows
@ -85,10 +95,14 @@ public class ManagerAuthenticationFilter extends BasicAuthenticationFilter {

        //如果不是超级管理员， 则鉴权
        if (Boolean.FALSE.equals(authUser.getIsSuper())) {
+            String permissionCacheKey = CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.MANAGER) + authUser.getId();
            //获取缓存中的权限
            Map<String, List<String>> permission =
-                    (Map<String, List<String>>) cache.get(CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.MANAGER) + authUser.getId());
-
+                    (Map<String, List<String>>) cache.get(permissionCacheKey);
+            if (permission == null || permission.isEmpty()) {
+                permission = managerTokenGenerate.permissionList(this.menuService.findAllMenu(authUser.getId()));
+                cache.put(permissionCacheKey, permission);
+            }
            //获取数据(GET 请求)权限
            if (request.getMethod().equals(RequestMethod.GET.name())) {
                //如果用户的超级权限和查阅权限都不包含当前请求的api
--- a/manager-api/src/main/java/cn/lili/security/ManagerSecurityConfig.java
+++ b/manager-api/src/main/java/cn/lili/security/ManagerSecurityConfig.java
@ -1,8 +1,10 @@
 package cn.lili.security;

 import cn.lili.cache.Cache;
-import cn.lili.common.security.CustomAccessDeniedHandler;
 import cn.lili.common.properties.IgnoredUrlsProperties;
+import cn.lili.common.security.CustomAccessDeniedHandler;
+import cn.lili.modules.permission.service.MenuService;
+import cn.lili.modules.system.token.ManagerTokenGenerate;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
@ -25,22 +27,24 @@ import org.springframework.web.cors.CorsConfigurationSource;
 public class ManagerSecurityConfig extends WebSecurityConfigurerAdapter {


+    @Autowired
+    public MenuService menuService;
    /**
     * 忽略验权配置
     */
    @Autowired
    private IgnoredUrlsProperties ignoredUrlsProperties;
-
    /**
     * spring security -》 权限不足处理
     */
    @Autowired
    private CustomAccessDeniedHandler accessDeniedHandler;
-
    @Autowired
    private Cache<String> cache;
    @Autowired
    private CorsConfigurationSource corsConfigurationSource;
+    @Autowired
+    private ManagerTokenGenerate managerTokenGenerate;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
@ -73,7 +77,7 @@ public class ManagerSecurityConfig extends WebSecurityConfigurerAdapter {
                .exceptionHandling().accessDeniedHandler(accessDeniedHandler)
                .and()
                //添加JWT认证过滤器
-                .addFilter(new ManagerAuthenticationFilter(authenticationManager(), cache));
+                .addFilter(new ManagerAuthenticationFilter(authenticationManager(), menuService, managerTokenGenerate, cache));
    }

 }
--- a/seller-api/src/main/java/cn/lili/security/StoreAuthenticationFilter.java
+++ b/seller-api/src/main/java/cn/lili/security/StoreAuthenticationFilter.java
@ -10,6 +10,10 @@ import cn.lili.common.security.enums.SecurityEnum;
 import cn.lili.common.security.enums.UserEnums;
 import cn.lili.common.security.token.SecretKeyUtil;
 import cn.lili.common.utils.ResponseUtil;
+import cn.lili.modules.member.entity.dos.Clerk;
+import cn.lili.modules.member.service.ClerkService;
+import cn.lili.modules.member.service.StoreMenuRoleService;
+import cn.lili.modules.member.token.StoreTokenGenerate;
 import com.google.gson.Gson;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.ExpiredJwtException;
@ -43,9 +47,21 @@ public class StoreAuthenticationFilter extends BasicAuthenticationFilter {

    private final Cache cache;

+    private final StoreTokenGenerate storeTokenGenerate;
+
+    private final StoreMenuRoleService storeMenuRoleService;
+
+    private final ClerkService clerkService;
+
    public StoreAuthenticationFilter(AuthenticationManager authenticationManager,
+                                     StoreTokenGenerate storeTokenGenerate,
+                                     StoreMenuRoleService storeMenuRoleService,
+                                     ClerkService clerkService,
                                     Cache cache) {
        super(authenticationManager);
+        this.storeTokenGenerate = storeTokenGenerate;
+        this.storeMenuRoleService = storeMenuRoleService;
+        this.clerkService = clerkService;
        this.cache = cache;
    }

@ -124,10 +140,19 @@ public class StoreAuthenticationFilter extends BasicAuthenticationFilter {

        //如果不是超级管理员， 则鉴权
        if (Boolean.FALSE.equals(authUser.getIsSuper())) {
+
+            String permissionCacheKey = CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.STORE) + authUser.getId();
            //获取缓存中的权限
            Map<String, List<String>> permission =
-                    (Map<String, List<String>>) cache.get(CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.STORE) + authUser.getId());
-
+                    (Map<String, List<String>>) cache.get(permissionCacheKey);
+            if (permission == null || permission.isEmpty()) {
+                //根据会员id查询店员信息
+                Clerk clerk = clerkService.getClerkByMemberId(authUser.getId());
+                if (clerk != null) {
+                    permission = storeTokenGenerate.permissionList(storeMenuRoleService.findAllMenu(clerk.getId(), authUser.getId()));
+                    cache.put(permissionCacheKey, permission);
+                }
+            }
            //获取数据(GET 请求)权限
            if (request.getMethod().equals(RequestMethod.GET.name())) {
                //如果用户的超级权限和查阅权限都不包含当前请求的api
--- a/seller-api/src/main/java/cn/lili/security/StoreSecurityConfig.java
+++ b/seller-api/src/main/java/cn/lili/security/StoreSecurityConfig.java
@ -1,9 +1,12 @@
 package cn.lili.security;

 import cn.lili.cache.Cache;
+import cn.lili.common.properties.IgnoredUrlsProperties;
 import cn.lili.common.security.CustomAccessDeniedHandler;
 import cn.lili.common.utils.SpringContextUtil;
-import cn.lili.common.properties.IgnoredUrlsProperties;
+import cn.lili.modules.member.service.ClerkService;
+import cn.lili.modules.member.service.StoreMenuRoleService;
+import cn.lili.modules.member.token.StoreTokenGenerate;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
@ -40,6 +43,15 @@ public class StoreSecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private Cache<String> cache;

+    @Autowired
+    private StoreTokenGenerate storeTokenGenerate;
+
+    @Autowired
+    private StoreMenuRoleService storeMenuRoleService;
+
+    @Autowired
+    private ClerkService clerkService;
+

    @Override
    protected void configure(HttpSecurity http) throws Exception {
@ -74,7 +86,7 @@ public class StoreSecurityConfig extends WebSecurityConfigurerAdapter {
                .exceptionHandling().accessDeniedHandler(accessDeniedHandler)
                .and()
                //添加JWT认证过滤器
-                .addFilter(new StoreAuthenticationFilter(authenticationManager(), cache));
+                .addFilter(new StoreAuthenticationFilter(authenticationManager(), storeTokenGenerate, storeMenuRoleService, clerkService, cache));
    }

 }