mirror of
https://github.com/FatttSnake/Pinnacle-OA.git
synced 2026-04-04 22:41:24 +08:00
Added back-end permission verification
This commit is contained in:
@@ -1,7 +1,6 @@
|
||||
package com.cfive.pinnacle.config;
|
||||
|
||||
import com.cfive.pinnacle.filter.JwtAuthenticationTokenFilter;
|
||||
import com.cfive.pinnacle.handler.CustomAccessDeniedHandler;
|
||||
import com.cfive.pinnacle.handler.CustomAuthenticationEntryPointHandler;
|
||||
import com.cfive.pinnacle.service.permission.impl.UserDetailsServiceImpl;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
@@ -9,6 +8,7 @@ import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
@@ -22,11 +22,11 @@ import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
|
||||
import java.util.List;
|
||||
|
||||
@Configuration
|
||||
@EnableMethodSecurity()
|
||||
public class SecurityConfig {
|
||||
private UserDetailsServiceImpl userDetailsService;
|
||||
private JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;
|
||||
private CustomAuthenticationEntryPointHandler authenticationEntryPointHandler;
|
||||
private CustomAccessDeniedHandler accessDeniedHandler;
|
||||
|
||||
@Autowired
|
||||
public void setUserDetailsService(UserDetailsServiceImpl userDetailsService) {
|
||||
@@ -43,11 +43,6 @@ public class SecurityConfig {
|
||||
this.authenticationEntryPointHandler = authenticationEntryPointHandler;
|
||||
}
|
||||
|
||||
@Autowired
|
||||
public void setAccessDeniedHandler(CustomAccessDeniedHandler accessDeniedHandler) {
|
||||
this.accessDeniedHandler = accessDeniedHandler;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public PasswordEncoder passwordEncoder() {
|
||||
return new BCryptPasswordEncoder();
|
||||
@@ -101,7 +96,6 @@ public class SecurityConfig {
|
||||
|
||||
.exceptionHandling()
|
||||
.authenticationEntryPoint(authenticationEntryPointHandler)
|
||||
.accessDeniedHandler(accessDeniedHandler)
|
||||
.and()
|
||||
|
||||
.cors()
|
||||
|
||||
@@ -6,6 +6,7 @@ import com.cfive.pinnacle.entity.common.ResponseCode;
|
||||
import com.cfive.pinnacle.entity.common.ResponseResult;
|
||||
import com.cfive.pinnacle.service.IUserService;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
|
||||
@@ -30,6 +31,7 @@ public class UserController {
|
||||
}
|
||||
|
||||
@GetMapping
|
||||
@PreAuthorize("hasAuthority('system:user:all')")
|
||||
public ResponseResult getAllUser() {
|
||||
List<User> users = userService.getAllUser();
|
||||
return ResponseResult.databaseSelectSuccess(users);
|
||||
|
||||
@@ -9,6 +9,9 @@ import java.io.Serial;
|
||||
import java.io.Serializable;
|
||||
import java.util.List;
|
||||
|
||||
import com.cfive.pinnacle.entity.permission.Element;
|
||||
import com.cfive.pinnacle.entity.permission.Menu;
|
||||
import com.cfive.pinnacle.entity.permission.Operation;
|
||||
import com.fasterxml.jackson.databind.annotation.JsonSerialize;
|
||||
import com.fasterxml.jackson.databind.ser.std.ToStringSerializer;
|
||||
import lombok.Data;
|
||||
@@ -65,6 +68,15 @@ public class User implements Serializable {
|
||||
@TableField(exist = false)
|
||||
private List<Group> groups;
|
||||
|
||||
@TableField(exist = false)
|
||||
private List<Menu> menus;
|
||||
|
||||
@TableField(exist = false)
|
||||
private List<Element> elements;
|
||||
|
||||
@TableField(exist = false)
|
||||
private List<Operation> operations;
|
||||
|
||||
@TableField("deleted")
|
||||
private Long deleted;
|
||||
|
||||
|
||||
@@ -6,20 +6,38 @@ import lombok.AllArgsConstructor;
|
||||
import lombok.Data;
|
||||
import lombok.NoArgsConstructor;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
@Data
|
||||
@NoArgsConstructor
|
||||
@AllArgsConstructor
|
||||
public class LoginUser implements UserDetails {
|
||||
private User user;
|
||||
@JsonIgnore
|
||||
private List<GrantedAuthority> authorities;
|
||||
|
||||
public LoginUser(User user) {
|
||||
this.user = user;
|
||||
}
|
||||
|
||||
public void setUser(User user) {
|
||||
this.user = user;
|
||||
}
|
||||
|
||||
@JsonIgnore
|
||||
@Override
|
||||
public Collection<? extends GrantedAuthority> getAuthorities() {
|
||||
return null;
|
||||
if (authorities != null) {
|
||||
return authorities;
|
||||
}
|
||||
|
||||
authorities = user.getOperations().stream().map(operation -> new SimpleGrantedAuthority(operation.getCode())).collect(Collectors.toList());
|
||||
return authorities;
|
||||
}
|
||||
|
||||
@JsonIgnore
|
||||
|
||||
@@ -54,8 +54,7 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
|
||||
return;
|
||||
}
|
||||
|
||||
// Todo 权限
|
||||
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(loginUser, null, null);
|
||||
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(loginUser, null, loginUser.getAuthorities());
|
||||
SecurityContextHolder.getContext().setAuthentication(authenticationToken);
|
||||
|
||||
filterChain.doFilter(request, response);
|
||||
|
||||
@@ -1,19 +0,0 @@
|
||||
package com.cfive.pinnacle.handler;
|
||||
|
||||
import com.cfive.pinnacle.entity.common.ResponseCode;
|
||||
import com.cfive.pinnacle.utils.WebUtil;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
@Component
|
||||
public class CustomAccessDeniedHandler implements org.springframework.security.web.access.AccessDeniedHandler {
|
||||
@Override
|
||||
public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException {
|
||||
String objectResponse = WebUtil.objectResponse(ResponseCode.ACCESS_DENIED, "Access denied", null);
|
||||
WebUtil.renderString(response, objectResponse);
|
||||
}
|
||||
}
|
||||
@@ -4,6 +4,7 @@ import com.cfive.pinnacle.entity.common.ResponseCode;
|
||||
import com.cfive.pinnacle.entity.common.ResponseResult;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.springframework.dao.DuplicateKeyException;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.authentication.BadCredentialsException;
|
||||
import org.springframework.web.bind.annotation.ExceptionHandler;
|
||||
import org.springframework.web.bind.annotation.RestControllerAdvice;
|
||||
@@ -20,6 +21,9 @@ public class CustomExceptionHandler {
|
||||
if (e instanceof BadCredentialsException) {
|
||||
return ResponseResult.build(ResponseCode.LOGOUT_FAILED, e.getMessage(), null);
|
||||
}
|
||||
if (e instanceof AccessDeniedException) {
|
||||
return ResponseResult.build(ResponseCode.ACCESS_DENIED, e.getMessage(), null);
|
||||
}
|
||||
|
||||
log.debug(e.getMessage(), e);
|
||||
|
||||
|
||||
@@ -20,4 +20,6 @@ public interface UserMapper extends BaseMapper<User> {
|
||||
List<User> getAll();
|
||||
|
||||
User getOneById(@Param("id") long id);
|
||||
|
||||
User getOneWithPowerByUsername(@Param("username") String username);
|
||||
}
|
||||
|
||||
@@ -19,6 +19,8 @@ public interface IUserService extends IService<User> {
|
||||
|
||||
User getUser(long id);
|
||||
|
||||
User getUserWithPower(String username);
|
||||
|
||||
boolean addUser(User user);
|
||||
|
||||
boolean modifyUser(User user);
|
||||
|
||||
@@ -2,7 +2,13 @@ package com.cfive.pinnacle.service.impl;
|
||||
|
||||
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
|
||||
import com.cfive.pinnacle.entity.*;
|
||||
import com.cfive.pinnacle.entity.permission.Element;
|
||||
import com.cfive.pinnacle.entity.permission.Menu;
|
||||
import com.cfive.pinnacle.entity.permission.Operation;
|
||||
import com.cfive.pinnacle.mapper.*;
|
||||
import com.cfive.pinnacle.mapper.permission.ElementMapper;
|
||||
import com.cfive.pinnacle.mapper.permission.MenuMapper;
|
||||
import com.cfive.pinnacle.mapper.permission.OperationMapper;
|
||||
import com.cfive.pinnacle.service.IUserService;
|
||||
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
@@ -25,6 +31,9 @@ import java.util.List;
|
||||
@Service
|
||||
public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements IUserService {
|
||||
private UserMapper userMapper;
|
||||
private MenuMapper menuMapper;
|
||||
private ElementMapper elementMapper;
|
||||
private OperationMapper operationMapper;
|
||||
private UserRoleMapper userRoleMapper;
|
||||
private UserGroupMapper userGroupMapper;
|
||||
private PasswordEncoder passwordEncoder;
|
||||
@@ -34,11 +43,25 @@ public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements IU
|
||||
this.userMapper = userMapper;
|
||||
}
|
||||
|
||||
@Autowired
|
||||
public void setMenuMapper(MenuMapper menuMapper) {
|
||||
this.menuMapper = menuMapper;
|
||||
}
|
||||
|
||||
@Autowired
|
||||
public void setElementMapper(ElementMapper elementMapper) {
|
||||
this.elementMapper = elementMapper;
|
||||
}
|
||||
|
||||
@Autowired
|
||||
public void setOperationMapper(OperationMapper operationMapper) {
|
||||
this.operationMapper = operationMapper;
|
||||
}
|
||||
|
||||
@Autowired
|
||||
public void setUserRoleMapper(UserRoleMapper userRoleMapper) {
|
||||
this.userRoleMapper = userRoleMapper;
|
||||
}
|
||||
|
||||
@Autowired
|
||||
public void setUserGroupMapper(UserGroupMapper userGroupMapper) {
|
||||
this.userGroupMapper = userGroupMapper;
|
||||
@@ -71,6 +94,20 @@ public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements IU
|
||||
return user;
|
||||
}
|
||||
|
||||
@Override
|
||||
public User getUserWithPower(String username) {
|
||||
User user = userMapper.getOneWithPowerByUsername(username);
|
||||
if (user.getId() == 1L) {
|
||||
List<Menu> menus = menuMapper.selectList(null);
|
||||
List<Element> elements = elementMapper.selectList(null);
|
||||
List<Operation> operations = operationMapper.selectList(null);
|
||||
user.setMenus(menus);
|
||||
user.setElements(elements);
|
||||
user.setOperations(operations);
|
||||
}
|
||||
return user;
|
||||
}
|
||||
|
||||
@Override
|
||||
@Transactional
|
||||
public boolean addUser(User user) {
|
||||
|
||||
@@ -5,6 +5,8 @@ import com.cfive.pinnacle.entity.permission.LoginUser;
|
||||
import com.cfive.pinnacle.service.permission.ILoginService;
|
||||
import com.cfive.pinnacle.utils.JwtUtil;
|
||||
import com.cfive.pinnacle.utils.RedisCache;
|
||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
@@ -41,7 +43,13 @@ public class LoginServiceImpl implements ILoginService {
|
||||
LoginUser loginUser = (LoginUser) authentication.getPrincipal();
|
||||
loginUser.getUser().setPasswd("");
|
||||
String userId = loginUser.getUser().getId().toString();
|
||||
String jwt = JwtUtil.createJWT(userId);
|
||||
String jwt;
|
||||
try {
|
||||
jwt = JwtUtil.createJWT(new ObjectMapper().writeValueAsString(loginUser.getUser()));
|
||||
} catch (JsonProcessingException e) {
|
||||
jwt = JwtUtil.createJWT(userId);
|
||||
}
|
||||
|
||||
|
||||
HashMap<String, String> hashMap = new HashMap<>();
|
||||
hashMap.put("token", jwt);
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
package com.cfive.pinnacle.service.permission.impl;
|
||||
|
||||
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
|
||||
import com.cfive.pinnacle.entity.User;
|
||||
import com.cfive.pinnacle.entity.permission.LoginUser;
|
||||
import com.cfive.pinnacle.service.IUserService;
|
||||
@@ -25,15 +24,11 @@ public class UserDetailsServiceImpl implements UserDetailsService {
|
||||
|
||||
@Override
|
||||
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
|
||||
LambdaQueryWrapper<User> wrapper = new LambdaQueryWrapper<>();
|
||||
wrapper.eq(User::getUsername, username);
|
||||
User user = userService.getOne(wrapper);
|
||||
User user = userService.getUserWithPower(username);
|
||||
if (Objects.isNull(user)) {
|
||||
throw new UsernameNotFoundException("Username not found in database");
|
||||
}
|
||||
|
||||
// Todo 权限
|
||||
|
||||
return new LoginUser(user);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -47,6 +47,43 @@
|
||||
where t_user.deleted = 0
|
||||
and t_user.id = #{id};
|
||||
</select>
|
||||
<select id="getOneWithPowerByUsername" resultMap="userWithPowerMap">
|
||||
select distinct t_user.id as user_id,
|
||||
t_user.username as user_username,
|
||||
t_user.passwd as user_passwd,
|
||||
t_user.department_id as user_department,
|
||||
t_user.enable as user_enable,
|
||||
t_user.deleted as user_deleted,
|
||||
t_user.version as user_version,
|
||||
tm.id as menu_id,
|
||||
tm.name as menu_name,
|
||||
tm.url as menu_url,
|
||||
tm.power_id as menu_powerId,
|
||||
tm.parent_id as menu_parentId,
|
||||
te.id as element_id,
|
||||
te.name as element_name,
|
||||
te.power_id as element_powerId,
|
||||
te.menu_id as element_menuId,
|
||||
t.id as operation_id,
|
||||
t.name as operation_name,
|
||||
t.code as operation_code,
|
||||
t.power_id as operation_powerId,
|
||||
t.element_id as operation_elementId,
|
||||
t.parent_id as operation_parentId
|
||||
from t_user
|
||||
left join (select * from t_user_group where deleted = 0) as tug on t_user.id = tug.user_id
|
||||
left join (select * from t_group where deleted = 0) as tg on tg.id = tug.group_id
|
||||
left join (select * from t_role_group where deleted = 0) as trg on tg.id = trg.group_id
|
||||
left join (select * from t_user_role where deleted = 0) as tur on t_user.id = tur.user_id
|
||||
left join (select * from t_role where deleted = 0) as tr on tr.id = trg.role_id or tr.id = tur.role_id
|
||||
left join (select * from t_power_role where deleted = 0) as tpr on tpr.role_id = tr.id
|
||||
left join t_power as tp on tp.id = tpr.power_id
|
||||
left join t_menu tm on tp.id = tm.power_id
|
||||
left join t_element te on tp.id = te.power_id
|
||||
left join t_operation t on tp.id = t.power_id
|
||||
where t_user.deleted = 0
|
||||
and t_user.username = #{username};
|
||||
</select>
|
||||
|
||||
<resultMap id="userMap" type="user">
|
||||
<id property="id" column="user_id"/>
|
||||
@@ -68,4 +105,35 @@
|
||||
<result property="version" column="group_version"/>
|
||||
</collection>
|
||||
</resultMap>
|
||||
|
||||
<resultMap id="userWithPowerMap" type="user">
|
||||
<id property="id" column="user_id"/>
|
||||
<result property="username" column="user_username"/>
|
||||
<result property="passwd" column="user_passwd"/>
|
||||
<result property="departmentId" column="user_departmentId"/>
|
||||
<result property="enable" column="user_enable"/>
|
||||
<result property="deleted" column="user_deleted"/>
|
||||
<result property="version" column="user_version"/>
|
||||
<collection property="menus" ofType="menu">
|
||||
<id property="id" column="menu_id"/>
|
||||
<result property="name" column="menu_name"/>
|
||||
<result property="url" column="menu_url"/>
|
||||
<result property="powerId" column="menu_powerId"/>
|
||||
<result property="parentId" column="menu_parentId"/>
|
||||
</collection>
|
||||
<collection property="elements" ofType="element">
|
||||
<id property="id" column="element_id"/>
|
||||
<result property="name" column="element_name"/>
|
||||
<result property="powerId" column="element_powerId"/>
|
||||
<result property="menuId" column="element_menuId"/>
|
||||
</collection>
|
||||
<collection property="operations" ofType="operation">
|
||||
<id property="id" column="operation_id"/>
|
||||
<result property="name" column="operation_name"/>
|
||||
<result property="code" column="operation_code"/>
|
||||
<result property="powerId" column="operation_powerId"/>
|
||||
<result property="elementId" column="operation_elementId"/>
|
||||
<result property="parentId" column="operation_parentId"/>
|
||||
</collection>
|
||||
</resultMap>
|
||||
</mapper>
|
||||
|
||||
@@ -143,3 +143,37 @@ from t_user
|
||||
left join (select * from t_group where deleted = 0) as tg on tg.id = tug.group_id
|
||||
where t_user.deleted = 0;
|
||||
|
||||
select distinct t_user.id as user_id,
|
||||
t_user.username as user_username,
|
||||
t_user.passwd as user_passwd,
|
||||
t_user.department_id as user_department,
|
||||
t_user.enable as user_enable,
|
||||
t_user.deleted as user_deleted,
|
||||
t_user.version as user_version,
|
||||
tm.id as menu_id,
|
||||
tm.name as menu_name,
|
||||
tm.url as menu_url,
|
||||
tm.power_id as menu_powerId,
|
||||
tm.parent_id as menu_parentId,
|
||||
te.id as element_id,
|
||||
te.name as element_name,
|
||||
te.power_id as element_powerId,
|
||||
te.menu_id as element_menuId,
|
||||
t.id as operation_id,
|
||||
t.name as operation_name,
|
||||
t.code as operation_code,
|
||||
t.power_id as operation_powerId,
|
||||
t.element_id as operation_elementId,
|
||||
t.parent_id as operation_parentId
|
||||
from t_user
|
||||
left join (select * from t_user_group where deleted = 0) as tug on t_user.id = tug.user_id
|
||||
left join (select * from t_group where deleted = 0) as tg on tg.id = tug.group_id
|
||||
left join (select * from t_role_group where deleted = 0) as trg on tg.id = trg.group_id
|
||||
left join (select * from t_user_role where deleted = 0) as tur on t_user.id = tur.user_id
|
||||
left join (select * from t_role where deleted = 0) as tr on tr.id = trg.role_id or tr.id = tur.role_id
|
||||
left join (select * from t_power_role where deleted = 0) as tpr on tpr.role_id = tr.id
|
||||
left join t_power as tp on tp.id = tpr.power_id
|
||||
left join t_menu tm on tp.id = tm.power_id
|
||||
left join t_element te on tp.id = te.power_id
|
||||
left join t_operation t on tp.id = t.power_id
|
||||
where t_user.deleted = 0;
|
||||
Reference in New Issue
Block a user