/*
|
* Copyright (c) 2018-2028, Chill Zhuang All rights reserved.
|
*
|
* Redistribution and use in source and binary forms, with or without
|
* modification, are permitted provided that the following conditions are met:
|
*
|
* Redistributions of source code must retain the above copyright notice,
|
* this list of conditions and the following disclaimer.
|
* Redistributions in binary form must reproduce the above copyright
|
* notice, this list of conditions and the following disclaimer in the
|
* documentation and/or other materials provided with the distribution.
|
* Neither the name of the dreamlu.net developer nor the names of its
|
* contributors may be used to endorse or promote products derived from
|
* this software without specific prior written permission.
|
* Author: Chill 庄骞 (smallchill@163.com)
|
*/
|
package org.springblade.core.secure.handler;
|
|
import lombok.AllArgsConstructor;
|
import org.springblade.core.cache.utils.CacheUtil;
|
import org.springblade.core.secure.BladeUser;
|
import org.springblade.core.secure.utils.AuthUtil;
|
import org.springblade.core.tool.utils.Func;
|
import org.springblade.core.tool.utils.StringPool;
|
import org.springblade.core.tool.utils.WebUtil;
|
import org.springframework.jdbc.core.JdbcTemplate;
|
|
import javax.servlet.http.HttpServletRequest;
|
import java.util.ArrayList;
|
import java.util.Collections;
|
import java.util.List;
|
|
import static org.springblade.core.cache.constant.CacheConstant.SYS_CACHE;
|
import static org.springblade.core.secure.constant.PermissionConstant.permissionAllStatement;
|
import static org.springblade.core.secure.constant.PermissionConstant.permissionStatement;
|
|
/**
|
* 默认授权校验类
|
*
|
* @author Chill
|
*/
|
@AllArgsConstructor
|
public class BladePermissionHandler implements IPermissionHandler {
|
|
private static final String SCOPE_CACHE_CODE = "apiScope:code:";
|
|
private final JdbcTemplate jdbcTemplate;
|
|
@Override
|
public boolean permissionAll() {
|
HttpServletRequest request = WebUtil.getRequest();
|
BladeUser user = AuthUtil.getUser();
|
if (request == null || user == null) {
|
return false;
|
}
|
String uri = request.getRequestURI();
|
List<String> paths = permissionPath(user.getRoleId());
|
if (paths.size() == 0) {
|
return false;
|
}
|
return paths.stream().anyMatch(uri::contains);
|
}
|
|
@Override
|
public boolean hasPermission(String permission) {
|
HttpServletRequest request = WebUtil.getRequest();
|
BladeUser user = AuthUtil.getUser();
|
if (request == null || user == null) {
|
return false;
|
}
|
List<String> codes = permissionCode(permission, user.getRoleId());
|
return codes.size() != 0;
|
}
|
|
/**
|
* 获取接口权限地址
|
*
|
* @param roleId 角色id
|
* @return permissions
|
*/
|
private List<String> permissionPath(String roleId) {
|
List<String> permissions = CacheUtil.get(SYS_CACHE, SCOPE_CACHE_CODE, roleId, List.class, Boolean.FALSE);
|
if (permissions == null) {
|
List<Long> roleIds = Func.toLongList(roleId);
|
permissions = jdbcTemplate.queryForList(permissionAllStatement(roleIds.size()), roleIds.toArray(), String.class);
|
CacheUtil.put(SYS_CACHE, SCOPE_CACHE_CODE, roleId, permissions, Boolean.FALSE);
|
}
|
return permissions;
|
}
|
|
/**
|
* 获取接口权限信息
|
*
|
* @param permission 权限编号
|
* @param roleId 角色id
|
* @return permissions
|
*/
|
private List<String> permissionCode(String permission, String roleId) {
|
List<String> permissions = CacheUtil.get(SYS_CACHE, SCOPE_CACHE_CODE, permission + StringPool.COLON + roleId, List.class, Boolean.FALSE);
|
if (permissions == null) {
|
List<Object> args = new ArrayList<>(Collections.singletonList(permission));
|
List<Long> roleIds = Func.toLongList(roleId);
|
args.addAll(roleIds);
|
permissions = jdbcTemplate.queryForList(permissionStatement(roleIds.size()), args.toArray(), String.class);
|
CacheUtil.put(SYS_CACHE, SCOPE_CACHE_CODE, permission + StringPool.COLON + roleId, permissions, Boolean.FALSE);
|
}
|
return permissions;
|
}
|
|
}
|
