无关风月
2024-12-30 6adcbc3a83cc2d94bba4426c98903972223ec739
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
package com.jilongda.manage.security;
 
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import com.jilongda.manage.authority.mapper.SecResourcesMapper;
import com.jilongda.manage.authority.model.SecResources;
import com.jilongda.common.security.JwtTokenUtils;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.stereotype.Component;
 
import javax.servlet.http.HttpServletRequest;
import java.util.ArrayList;
import java.util.List;
import java.util.stream.Collectors;
 
/**
 * @author xiaochen
 * @ClassName RbacAuthorityService
 * @Description
 * @date 2020-09-23 11:32
 */
@Component
@Slf4j
public class RbacAuthorityService {
    private final SysUserDetailsService loadUserDetailsService;
    private final SecResourcesMapper secResourcesMapper;
 
    @Autowired
    public RbacAuthorityService(SysUserDetailsService loadUserDetailsService, SecResourcesMapper secResourcesMapper) {
        this.loadUserDetailsService = loadUserDetailsService;
        this.secResourcesMapper = secResourcesMapper;
    }
 
    /**
     * 校验权限
     *
     * @param request
     * @param authentication
     * @return
     */
    public boolean hasPermission(HttpServletRequest request, Authentication authentication) {
        String userName = JwtTokenUtils.getUsername(authentication);
        boolean hasPermission = false;
        if (StringUtils.isNotBlank(userName)) {
            SecurityUserDetails sysUserDetails = loadUserDetailsService.loadUserByUsername(userName);
            //获取资源,前后端分离,所以过滤页面权限,只保留按钮权限
            List<SecResources> resources = sysUserDetails.getResources().stream()
                    // 过滤页面权限 1页面 2按钮
                    .filter(resource -> resource.getCate().intValue() != 1)
                    // 不允许通过的请求地址
                    .filter(resource -> !resource.getPermit())
                    // 过滤 URL 为空
                    .filter(resource -> StringUtils.isNotBlank(resource.getPath()))
                    // 过滤 METHOD 为空,METHOD不可能为空
                    .collect(Collectors.toList());
            List<SecResources> sysResources;
            List<AntPathRequestMatcher> antPathRequestMatchers = new ArrayList<>();
            Long uid = sysUserDetails.getId();
            // 超管
            if (uid.equals(1)) {
                sysResources = secResourcesMapper.selectList(Wrappers.lambdaQuery(SecResources.class));
            } else {
                // 其他管理员
                sysResources = secResourcesMapper.selectResourceByUid(uid);
            }
            // 过滤页面权限 1页面 2按钮
            List<SecResources> resourcesList = sysResources.stream().filter(resource -> resource.getCate().intValue() != 1)
                    // 过滤 URL 为空
                    .filter(resource -> StringUtils.isNotBlank(resource.getPath()))
                    // 过滤 METHOD 为空,METHOD不可能为空
                    .collect(Collectors.toList());
            resourcesList.forEach(item -> {
                antPathRequestMatchers.add(new AntPathRequestMatcher(item.getPath()));
            });
            AntPathRequestMatcher antPathMatcher;
            for (SecResources btnPerm : resources) {
                antPathMatcher = new AntPathRequestMatcher(btnPerm.getPath());
                if (antPathMatcher.matches(request)) {
                    hasPermission = true;
                    break;
                }
            }
            return hasPermission;
        } else {
            return false;
        }
    }
 
}