caojiahao/dev_caojiahao
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

!291 fix & improve

Browse Source 
Merge pull request !291 from OceansDeep/pg
This commit is contained in:
OceansDeep 2023-06-06 10:07:14 +00:00 committed by Gitee
commit 7dffd7dcb9
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
7 changed files with 77 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
framework/src/main/java/cn/lili/modules/member/serviceimpl/ClerkServiceImpl.java
View File

@ -170,8 +170,6 @@ public class ClerkServiceImpl extends ServiceImpl<ClerkMapper, Clerk> implements
if (!clerkEditDTO.getRoles().isEmpty()) {
clerk.setRoleIds(CharSequenceUtil.join(",", clerkEditDTO.getRoles()));
}
cache.vagueDel(CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.STORE) + UserContext.getCurrentUser().getId());
cache.vagueDel(CachePrefix.STORE_USER_MENU.getPrefix() + UserContext.getCurrentUser().getId());
}
//部门校验
@ -182,6 +180,18 @@ public class ClerkServiceImpl extends ServiceImpl<ClerkMapper, Clerk> implements
throw new ServiceException(ResultCode.PERMISSION_NOT_FOUND_ERROR);
}
}
//判断用户角色权限不为超级会员且权限路径不为空
if (Boolean.FALSE.equals(clerkEditDTO.getIsSuper()) && clerkEditDTO.getRoles() != null) {
//添加店员用户角色
List<StoreClerkRole> storeClerkRoleList = new ArrayList<>();
clerkEditDTO.getRoles().forEach(a -> storeClerkRoleList.add(StoreClerkRole.builder().clerkId(clerk.getId()).roleId(a).build()));
storeClerkRoleService.saveBatch(storeClerkRoleList);
cache.vagueDel(CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.STORE) + UserContext.getCurrentUser().getId());
cache.vagueDel(CachePrefix.STORE_USER_MENU.getPrefix() + UserContext.getCurrentUser().getId());
}
clerk.setIsSuper(clerkEditDTO.getIsSuper());
this.updateById(clerk);
return clerk;

11
framework/src/main/java/cn/lili/modules/member/serviceimpl/StoreMenuServiceImpl.java
View File

@ -18,7 +18,6 @@ import cn.lili.modules.member.mapper.StoreMenuMapper;
import cn.lili.modules.member.service.ClerkService;
import cn.lili.modules.member.service.StoreMenuRoleService;
import cn.lili.modules.member.service.StoreMenuService;
import cn.lili.modules.member.token.StoreTokenGenerate;
import cn.lili.modules.permission.entity.dto.MenuSearchParams;
import cn.lili.mybatis.util.PageUtil;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
@ -56,8 +55,6 @@ public class StoreMenuServiceImpl extends ServiceImpl<StoreMenuMapper, StoreMenu
private ClerkService clerkService;
@Autowired
private StoreTokenGenerate storeTokenGenerate;
@Override
@Transactional(rollbackFor = Exception.class)
@ -95,14 +92,6 @@ public class StoreMenuServiceImpl extends ServiceImpl<StoreMenuMapper, StoreMenu
menuList = this.baseMapper.findByUserId(clerkId);
cache.put(cacheKey, menuList);
}
String permissionCacheKey = CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.STORE) + userId;
Map<String, List<String>> permission = (Map<String, List<String>>) cache.get(permissionCacheKey);
if (permission == null || permission.isEmpty()) {
permission = storeTokenGenerate.permissionList(storeMenuRoleService.findAllMenu(clerkId, userId));
cache.put(permissionCacheKey, permission);
}
return menuList;
}

8
framework/src/main/java/cn/lili/modules/permission/serviceimpl/MenuServiceImpl.java
View File

@ -17,7 +17,6 @@ import cn.lili.modules.permission.entity.vo.UserMenuVO;
import cn.lili.modules.permission.mapper.MenuMapper;
import cn.lili.modules.permission.service.MenuService;
import cn.lili.modules.permission.service.RoleMenuService;
import cn.lili.modules.system.token.ManagerTokenGenerate;
import cn.lili.mybatis.util.PageUtil;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
@ -43,8 +42,6 @@ public class MenuServiceImpl extends ServiceImpl<MenuMapper, Menu> implements Me
@Autowired
private RoleMenuService roleMenuService;
@Autowired
private ManagerTokenGenerate managerTokenGenerate;
@Autowired
private Cache cache;
@ -83,11 +80,6 @@ public class MenuServiceImpl extends ServiceImpl<MenuMapper, Menu> implements Me
//每5分钟重新确认用户权限
cache.put(cacheKey, menuList, 300L);
}
String permissionCacheKey = CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.MANAGER) + userId;
Map<String, List<String>> permission = (Map<String, List<String>>) cache.get(permissionCacheKey);
if (permission == null || permission.isEmpty()) {
cache.put(permissionCacheKey, this.managerTokenGenerate.permissionList(this.findAllMenu(userId)));
}
return menuList;
}

18
manager-api/src/main/java/cn/lili/security/ManagerAuthenticationFilter.java
View File

@ -10,6 +10,8 @@ import cn.lili.common.security.enums.SecurityEnum;
import cn.lili.common.security.enums.UserEnums;
import cn.lili.common.security.token.SecretKeyUtil;
import cn.lili.common.utils.ResponseUtil;
import cn.lili.modules.permission.service.MenuService;
import cn.lili.modules.system.token.ManagerTokenGenerate;
import com.google.gson.Gson;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
@ -43,10 +45,18 @@ public class ManagerAuthenticationFilter extends BasicAuthenticationFilter {
private final Cache cache;
public final MenuService menuService;
private final ManagerTokenGenerate managerTokenGenerate;
public ManagerAuthenticationFilter(AuthenticationManager authenticationManager,
MenuService menuService,
ManagerTokenGenerate managerTokenGenerate,
Cache cache) {
super(authenticationManager);
this.cache = cache;
this.menuService = menuService;
this.managerTokenGenerate = managerTokenGenerate;
}
@SneakyThrows
@ -85,10 +95,14 @@ public class ManagerAuthenticationFilter extends BasicAuthenticationFilter {
//如果不是超级管理员 则鉴权
if (Boolean.FALSE.equals(authUser.getIsSuper())) {
String permissionCacheKey = CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.MANAGER) + authUser.getId();
//获取缓存中的权限
Map<String, List<String>> permission =
(Map<String, List<String>>) cache.get(CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.MANAGER) + authUser.getId());
(Map<String, List<String>>) cache.get(permissionCacheKey);
if (permission == null || permission.isEmpty()) {
permission = managerTokenGenerate.permissionList(this.menuService.findAllMenu(authUser.getId()));
cache.put(permissionCacheKey, permission);
}
//获取数据(GET 请求)权限
if (request.getMethod().equals(RequestMethod.GET.name())) {
//如果用户的超级权限和查阅权限都不包含当前请求的api

12
manager-api/src/main/java/cn/lili/security/ManagerSecurityConfig.java
View File

@ -1,8 +1,10 @@
package cn.lili.security;
import cn.lili.cache.Cache;
import cn.lili.common.security.CustomAccessDeniedHandler;
import cn.lili.common.properties.IgnoredUrlsProperties;
import cn.lili.common.security.CustomAccessDeniedHandler;
import cn.lili.modules.permission.service.MenuService;
import cn.lili.modules.system.token.ManagerTokenGenerate;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
@ -25,22 +27,24 @@ import org.springframework.web.cors.CorsConfigurationSource;
public class ManagerSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public MenuService menuService;
/**
* 忽略验权配置
*/
@Autowired
private IgnoredUrlsProperties ignoredUrlsProperties;
/**
* spring security - 权限不足处理
*/
@Autowired
private CustomAccessDeniedHandler accessDeniedHandler;
@Autowired
private Cache<String> cache;
@Autowired
private CorsConfigurationSource corsConfigurationSource;
@Autowired
private ManagerTokenGenerate managerTokenGenerate;
@Override
protected void configure(HttpSecurity http) throws Exception {
@ -73,7 +77,7 @@ public class ManagerSecurityConfig extends WebSecurityConfigurerAdapter {
.exceptionHandling().accessDeniedHandler(accessDeniedHandler)
.and()
//添加JWT认证过滤器
.addFilter(new ManagerAuthenticationFilter(authenticationManager(), cache));
.addFilter(new ManagerAuthenticationFilter(authenticationManager(), menuService, managerTokenGenerate, cache));
}
}

29
seller-api/src/main/java/cn/lili/security/StoreAuthenticationFilter.java
View File

@ -10,6 +10,10 @@ import cn.lili.common.security.enums.SecurityEnum;
import cn.lili.common.security.enums.UserEnums;
import cn.lili.common.security.token.SecretKeyUtil;
import cn.lili.common.utils.ResponseUtil;
import cn.lili.modules.member.entity.dos.Clerk;
import cn.lili.modules.member.service.ClerkService;
import cn.lili.modules.member.service.StoreMenuRoleService;
import cn.lili.modules.member.token.StoreTokenGenerate;
import com.google.gson.Gson;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
@ -43,9 +47,21 @@ public class StoreAuthenticationFilter extends BasicAuthenticationFilter {
private final Cache cache;
private final StoreTokenGenerate storeTokenGenerate;
private final StoreMenuRoleService storeMenuRoleService;
private final ClerkService clerkService;
public StoreAuthenticationFilter(AuthenticationManager authenticationManager,
StoreTokenGenerate storeTokenGenerate,
StoreMenuRoleService storeMenuRoleService,
ClerkService clerkService,
Cache cache) {
super(authenticationManager);
this.storeTokenGenerate = storeTokenGenerate;
this.storeMenuRoleService = storeMenuRoleService;
this.clerkService = clerkService;
this.cache = cache;
}
@ -124,10 +140,19 @@ public class StoreAuthenticationFilter extends BasicAuthenticationFilter {
//如果不是超级管理员 则鉴权
if (Boolean.FALSE.equals(authUser.getIsSuper())) {
String permissionCacheKey = CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.STORE) + authUser.getId();
//获取缓存中的权限
Map<String, List<String>> permission =
(Map<String, List<String>>) cache.get(CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.STORE) + authUser.getId());
(Map<String, List<String>>) cache.get(permissionCacheKey);
if (permission == null || permission.isEmpty()) {
//根据会员id查询店员信息
Clerk clerk = clerkService.getClerkByMemberId(authUser.getId());
if (clerk != null) {
permission = storeTokenGenerate.permissionList(storeMenuRoleService.findAllMenu(clerk.getId(), authUser.getId()));
cache.put(permissionCacheKey, permission);
}
}
//获取数据(GET 请求)权限
if (request.getMethod().equals(RequestMethod.GET.name())) {
//如果用户的超级权限和查阅权限都不包含当前请求的api

16
seller-api/src/main/java/cn/lili/security/StoreSecurityConfig.java
View File

@ -1,9 +1,12 @@
package cn.lili.security;
import cn.lili.cache.Cache;
import cn.lili.common.properties.IgnoredUrlsProperties;
import cn.lili.common.security.CustomAccessDeniedHandler;
import cn.lili.common.utils.SpringContextUtil;
import cn.lili.common.properties.IgnoredUrlsProperties;
import cn.lili.modules.member.service.ClerkService;
import cn.lili.modules.member.service.StoreMenuRoleService;
import cn.lili.modules.member.token.StoreTokenGenerate;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
@ -40,6 +43,15 @@ public class StoreSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private Cache<String> cache;
@Autowired
private StoreTokenGenerate storeTokenGenerate;
@Autowired
private StoreMenuRoleService storeMenuRoleService;
@Autowired
private ClerkService clerkService;
@Override
protected void configure(HttpSecurity http) throws Exception {
@ -74,7 +86,7 @@ public class StoreSecurityConfig extends WebSecurityConfigurerAdapter {
.exceptionHandling().accessDeniedHandler(accessDeniedHandler)
.and()
//添加JWT认证过滤器
.addFilter(new StoreAuthenticationFilter(authenticationManager(), cache));
.addFilter(new StoreAuthenticationFilter(authenticationManager(), storeTokenGenerate, storeMenuRoleService, clerkService, cache));
}
}