From 63f1f0df21064840b9af321129fbd8461317399f Mon Sep 17 00:00:00 2001 From: misworga831 Date: Tue, 6 Jun 2023 18:06:41 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E6=9D=83=E9=99=90?= =?UTF-8?q?=E6=9B=B4=E6=96=B0=E5=90=8E=EF=BC=8C=E7=99=BB=E5=BD=95=E7=94=A8?= =?UTF-8?q?=E6=88=B7=E6=9D=83=E9=99=90=E6=B2=A1=E6=9C=89=E6=9B=B4=E6=96=B0?= =?UTF-8?q?=E9=97=AE=E9=A2=98=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../member/serviceimpl/ClerkServiceImpl.java | 14 +++++++-- .../serviceimpl/StoreMenuServiceImpl.java | 11 ------- .../serviceimpl/MenuServiceImpl.java | 8 ----- .../security/ManagerAuthenticationFilter.java | 18 ++++++++++-- .../lili/security/ManagerSecurityConfig.java | 12 +++++--- .../security/StoreAuthenticationFilter.java | 29 +++++++++++++++++-- .../cn/lili/security/StoreSecurityConfig.java | 16 ++++++++-- 7 files changed, 77 insertions(+), 31 deletions(-) diff --git a/framework/src/main/java/cn/lili/modules/member/serviceimpl/ClerkServiceImpl.java b/framework/src/main/java/cn/lili/modules/member/serviceimpl/ClerkServiceImpl.java index 6d64a4a4..0ebdce68 100644 --- a/framework/src/main/java/cn/lili/modules/member/serviceimpl/ClerkServiceImpl.java +++ b/framework/src/main/java/cn/lili/modules/member/serviceimpl/ClerkServiceImpl.java @@ -170,8 +170,6 @@ public class ClerkServiceImpl extends ServiceImpl implements if (!clerkEditDTO.getRoles().isEmpty()) { clerk.setRoleIds(CharSequenceUtil.join(",", clerkEditDTO.getRoles())); } - cache.vagueDel(CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.STORE) + UserContext.getCurrentUser().getId()); - cache.vagueDel(CachePrefix.STORE_USER_MENU.getPrefix() + UserContext.getCurrentUser().getId()); } //部门校验 @@ -182,6 +180,18 @@ public class ClerkServiceImpl extends ServiceImpl implements throw new ServiceException(ResultCode.PERMISSION_NOT_FOUND_ERROR); } } + + //判断用户角色权限不为超级会员且权限路径不为空 + if (Boolean.FALSE.equals(clerkEditDTO.getIsSuper()) && clerkEditDTO.getRoles() != null) { + //添加店员用户角色 + List storeClerkRoleList = new ArrayList<>(); + + clerkEditDTO.getRoles().forEach(a -> storeClerkRoleList.add(StoreClerkRole.builder().clerkId(clerk.getId()).roleId(a).build())); + + storeClerkRoleService.saveBatch(storeClerkRoleList); + cache.vagueDel(CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.STORE) + UserContext.getCurrentUser().getId()); + cache.vagueDel(CachePrefix.STORE_USER_MENU.getPrefix() + UserContext.getCurrentUser().getId()); + } clerk.setIsSuper(clerkEditDTO.getIsSuper()); this.updateById(clerk); return clerk; diff --git a/framework/src/main/java/cn/lili/modules/member/serviceimpl/StoreMenuServiceImpl.java b/framework/src/main/java/cn/lili/modules/member/serviceimpl/StoreMenuServiceImpl.java index f9215e33..1a315cce 100644 --- a/framework/src/main/java/cn/lili/modules/member/serviceimpl/StoreMenuServiceImpl.java +++ b/framework/src/main/java/cn/lili/modules/member/serviceimpl/StoreMenuServiceImpl.java @@ -18,7 +18,6 @@ import cn.lili.modules.member.mapper.StoreMenuMapper; import cn.lili.modules.member.service.ClerkService; import cn.lili.modules.member.service.StoreMenuRoleService; import cn.lili.modules.member.service.StoreMenuService; -import cn.lili.modules.member.token.StoreTokenGenerate; import cn.lili.modules.permission.entity.dto.MenuSearchParams; import cn.lili.mybatis.util.PageUtil; import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; @@ -56,8 +55,6 @@ public class StoreMenuServiceImpl extends ServiceImpl> permission = (Map>) cache.get(permissionCacheKey); - if (permission == null || permission.isEmpty()) { - permission = storeTokenGenerate.permissionList(storeMenuRoleService.findAllMenu(clerkId, userId)); - cache.put(permissionCacheKey, permission); - } - return menuList; } diff --git a/framework/src/main/java/cn/lili/modules/permission/serviceimpl/MenuServiceImpl.java b/framework/src/main/java/cn/lili/modules/permission/serviceimpl/MenuServiceImpl.java index 17fb5cb4..aa7c932c 100644 --- a/framework/src/main/java/cn/lili/modules/permission/serviceimpl/MenuServiceImpl.java +++ b/framework/src/main/java/cn/lili/modules/permission/serviceimpl/MenuServiceImpl.java @@ -17,7 +17,6 @@ import cn.lili.modules.permission.entity.vo.UserMenuVO; import cn.lili.modules.permission.mapper.MenuMapper; import cn.lili.modules.permission.service.MenuService; import cn.lili.modules.permission.service.RoleMenuService; -import cn.lili.modules.system.token.ManagerTokenGenerate; import cn.lili.mybatis.util.PageUtil; import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl; @@ -43,8 +42,6 @@ public class MenuServiceImpl extends ServiceImpl implements Me @Autowired private RoleMenuService roleMenuService; - @Autowired - private ManagerTokenGenerate managerTokenGenerate; @Autowired private Cache cache; @@ -83,11 +80,6 @@ public class MenuServiceImpl extends ServiceImpl implements Me //每5分钟重新确认用户权限 cache.put(cacheKey, menuList, 300L); } - String permissionCacheKey = CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.MANAGER) + userId; - Map> permission = (Map>) cache.get(permissionCacheKey); - if (permission == null || permission.isEmpty()) { - cache.put(permissionCacheKey, this.managerTokenGenerate.permissionList(this.findAllMenu(userId))); - } return menuList; } diff --git a/manager-api/src/main/java/cn/lili/security/ManagerAuthenticationFilter.java b/manager-api/src/main/java/cn/lili/security/ManagerAuthenticationFilter.java index d3849317..75477cdc 100644 --- a/manager-api/src/main/java/cn/lili/security/ManagerAuthenticationFilter.java +++ b/manager-api/src/main/java/cn/lili/security/ManagerAuthenticationFilter.java @@ -10,6 +10,8 @@ import cn.lili.common.security.enums.SecurityEnum; import cn.lili.common.security.enums.UserEnums; import cn.lili.common.security.token.SecretKeyUtil; import cn.lili.common.utils.ResponseUtil; +import cn.lili.modules.permission.service.MenuService; +import cn.lili.modules.system.token.ManagerTokenGenerate; import com.google.gson.Gson; import io.jsonwebtoken.Claims; import io.jsonwebtoken.ExpiredJwtException; @@ -43,10 +45,18 @@ public class ManagerAuthenticationFilter extends BasicAuthenticationFilter { private final Cache cache; + public final MenuService menuService; + + private final ManagerTokenGenerate managerTokenGenerate; + public ManagerAuthenticationFilter(AuthenticationManager authenticationManager, + MenuService menuService, + ManagerTokenGenerate managerTokenGenerate, Cache cache) { super(authenticationManager); this.cache = cache; + this.menuService = menuService; + this.managerTokenGenerate = managerTokenGenerate; } @SneakyThrows @@ -85,10 +95,14 @@ public class ManagerAuthenticationFilter extends BasicAuthenticationFilter { //如果不是超级管理员, 则鉴权 if (Boolean.FALSE.equals(authUser.getIsSuper())) { + String permissionCacheKey = CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.MANAGER) + authUser.getId(); //获取缓存中的权限 Map> permission = - (Map>) cache.get(CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.MANAGER) + authUser.getId()); - + (Map>) cache.get(permissionCacheKey); + if (permission == null || permission.isEmpty()) { + permission = managerTokenGenerate.permissionList(this.menuService.findAllMenu(authUser.getId())); + cache.put(permissionCacheKey, permission); + } //获取数据(GET 请求)权限 if (request.getMethod().equals(RequestMethod.GET.name())) { //如果用户的超级权限和查阅权限都不包含当前请求的api diff --git a/manager-api/src/main/java/cn/lili/security/ManagerSecurityConfig.java b/manager-api/src/main/java/cn/lili/security/ManagerSecurityConfig.java index 32fb6e4f..43b936bc 100644 --- a/manager-api/src/main/java/cn/lili/security/ManagerSecurityConfig.java +++ b/manager-api/src/main/java/cn/lili/security/ManagerSecurityConfig.java @@ -1,8 +1,10 @@ package cn.lili.security; import cn.lili.cache.Cache; -import cn.lili.common.security.CustomAccessDeniedHandler; import cn.lili.common.properties.IgnoredUrlsProperties; +import cn.lili.common.security.CustomAccessDeniedHandler; +import cn.lili.modules.permission.service.MenuService; +import cn.lili.modules.system.token.ManagerTokenGenerate; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; @@ -25,22 +27,24 @@ import org.springframework.web.cors.CorsConfigurationSource; public class ManagerSecurityConfig extends WebSecurityConfigurerAdapter { + @Autowired + public MenuService menuService; /** * 忽略验权配置 */ @Autowired private IgnoredUrlsProperties ignoredUrlsProperties; - /** * spring security -》 权限不足处理 */ @Autowired private CustomAccessDeniedHandler accessDeniedHandler; - @Autowired private Cache cache; @Autowired private CorsConfigurationSource corsConfigurationSource; + @Autowired + private ManagerTokenGenerate managerTokenGenerate; @Override protected void configure(HttpSecurity http) throws Exception { @@ -73,7 +77,7 @@ public class ManagerSecurityConfig extends WebSecurityConfigurerAdapter { .exceptionHandling().accessDeniedHandler(accessDeniedHandler) .and() //添加JWT认证过滤器 - .addFilter(new ManagerAuthenticationFilter(authenticationManager(), cache)); + .addFilter(new ManagerAuthenticationFilter(authenticationManager(), menuService, managerTokenGenerate, cache)); } } diff --git a/seller-api/src/main/java/cn/lili/security/StoreAuthenticationFilter.java b/seller-api/src/main/java/cn/lili/security/StoreAuthenticationFilter.java index cc0565a5..816d74ba 100644 --- a/seller-api/src/main/java/cn/lili/security/StoreAuthenticationFilter.java +++ b/seller-api/src/main/java/cn/lili/security/StoreAuthenticationFilter.java @@ -10,6 +10,10 @@ import cn.lili.common.security.enums.SecurityEnum; import cn.lili.common.security.enums.UserEnums; import cn.lili.common.security.token.SecretKeyUtil; import cn.lili.common.utils.ResponseUtil; +import cn.lili.modules.member.entity.dos.Clerk; +import cn.lili.modules.member.service.ClerkService; +import cn.lili.modules.member.service.StoreMenuRoleService; +import cn.lili.modules.member.token.StoreTokenGenerate; import com.google.gson.Gson; import io.jsonwebtoken.Claims; import io.jsonwebtoken.ExpiredJwtException; @@ -43,9 +47,21 @@ public class StoreAuthenticationFilter extends BasicAuthenticationFilter { private final Cache cache; + private final StoreTokenGenerate storeTokenGenerate; + + private final StoreMenuRoleService storeMenuRoleService; + + private final ClerkService clerkService; + public StoreAuthenticationFilter(AuthenticationManager authenticationManager, + StoreTokenGenerate storeTokenGenerate, + StoreMenuRoleService storeMenuRoleService, + ClerkService clerkService, Cache cache) { super(authenticationManager); + this.storeTokenGenerate = storeTokenGenerate; + this.storeMenuRoleService = storeMenuRoleService; + this.clerkService = clerkService; this.cache = cache; } @@ -124,10 +140,19 @@ public class StoreAuthenticationFilter extends BasicAuthenticationFilter { //如果不是超级管理员, 则鉴权 if (Boolean.FALSE.equals(authUser.getIsSuper())) { + + String permissionCacheKey = CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.STORE) + authUser.getId(); //获取缓存中的权限 Map> permission = - (Map>) cache.get(CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.STORE) + authUser.getId()); - + (Map>) cache.get(permissionCacheKey); + if (permission == null || permission.isEmpty()) { + //根据会员id查询店员信息 + Clerk clerk = clerkService.getClerkByMemberId(authUser.getId()); + if (clerk != null) { + permission = storeTokenGenerate.permissionList(storeMenuRoleService.findAllMenu(clerk.getId(), authUser.getId())); + cache.put(permissionCacheKey, permission); + } + } //获取数据(GET 请求)权限 if (request.getMethod().equals(RequestMethod.GET.name())) { //如果用户的超级权限和查阅权限都不包含当前请求的api diff --git a/seller-api/src/main/java/cn/lili/security/StoreSecurityConfig.java b/seller-api/src/main/java/cn/lili/security/StoreSecurityConfig.java index 50202694..5f1f16c7 100644 --- a/seller-api/src/main/java/cn/lili/security/StoreSecurityConfig.java +++ b/seller-api/src/main/java/cn/lili/security/StoreSecurityConfig.java @@ -1,9 +1,12 @@ package cn.lili.security; import cn.lili.cache.Cache; +import cn.lili.common.properties.IgnoredUrlsProperties; import cn.lili.common.security.CustomAccessDeniedHandler; import cn.lili.common.utils.SpringContextUtil; -import cn.lili.common.properties.IgnoredUrlsProperties; +import cn.lili.modules.member.service.ClerkService; +import cn.lili.modules.member.service.StoreMenuRoleService; +import cn.lili.modules.member.token.StoreTokenGenerate; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; @@ -40,6 +43,15 @@ public class StoreSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private Cache cache; + @Autowired + private StoreTokenGenerate storeTokenGenerate; + + @Autowired + private StoreMenuRoleService storeMenuRoleService; + + @Autowired + private ClerkService clerkService; + @Override protected void configure(HttpSecurity http) throws Exception { @@ -74,7 +86,7 @@ public class StoreSecurityConfig extends WebSecurityConfigurerAdapter { .exceptionHandling().accessDeniedHandler(accessDeniedHandler) .and() //添加JWT认证过滤器 - .addFilter(new StoreAuthenticationFilter(authenticationManager(), cache)); + .addFilter(new StoreAuthenticationFilter(authenticationManager(), storeTokenGenerate, storeMenuRoleService, clerkService, cache)); } }