/* * Copyright (c) 2018-2028, Chill Zhuang All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * Neither the name of the dreamlu.net developer nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * Author: Chill 庄骞 (smallchill@163.com) */ package org.springblade.core.secure.handler; import lombok.AllArgsConstructor; import org.springblade.core.cache.utils.CacheUtil; import org.springblade.core.secure.BladeUser; import org.springblade.core.secure.utils.AuthUtil; import org.springblade.core.tool.utils.Func; import org.springblade.core.tool.utils.StringPool; import org.springblade.core.tool.utils.WebUtil; import org.springframework.jdbc.core.JdbcTemplate; import javax.servlet.http.HttpServletRequest; import java.util.ArrayList; import java.util.Collections; import java.util.List; import static org.springblade.core.cache.constant.CacheConstant.SYS_CACHE; import static org.springblade.core.secure.constant.PermissionConstant.permissionAllStatement; import static org.springblade.core.secure.constant.PermissionConstant.permissionStatement; /** * 默认授权校验类 * * @author Chill */ @AllArgsConstructor public class BladePermissionHandler implements IPermissionHandler { private static final String SCOPE_CACHE_CODE = "apiScope:code:"; private final JdbcTemplate jdbcTemplate; @Override public boolean permissionAll() { HttpServletRequest request = WebUtil.getRequest(); BladeUser user = AuthUtil.getUser(); if (request == null || user == null) { return false; } String uri = request.getRequestURI(); List paths = permissionPath(user.getRoleId()); if (paths.size() == 0) { return false; } return paths.stream().anyMatch(uri::contains); } @Override public boolean hasPermission(String permission) { HttpServletRequest request = WebUtil.getRequest(); BladeUser user = AuthUtil.getUser(); if (request == null || user == null) { return false; } List codes = permissionCode(permission, user.getRoleId()); return codes.size() != 0; } /** * 获取接口权限地址 * * @param roleId 角色id * @return permissions */ private List permissionPath(String roleId) { List permissions = CacheUtil.get(SYS_CACHE, SCOPE_CACHE_CODE, roleId, List.class, Boolean.FALSE); if (permissions == null) { List roleIds = Func.toLongList(roleId); permissions = jdbcTemplate.queryForList(permissionAllStatement(roleIds.size()), roleIds.toArray(), String.class); CacheUtil.put(SYS_CACHE, SCOPE_CACHE_CODE, roleId, permissions, Boolean.FALSE); } return permissions; } /** * 获取接口权限信息 * * @param permission 权限编号 * @param roleId 角色id * @return permissions */ private List permissionCode(String permission, String roleId) { List permissions = CacheUtil.get(SYS_CACHE, SCOPE_CACHE_CODE, permission + StringPool.COLON + roleId, List.class, Boolean.FALSE); if (permissions == null) { List args = new ArrayList<>(Collections.singletonList(permission)); List roleIds = Func.toLongList(roleId); args.addAll(roleIds); permissions = jdbcTemplate.queryForList(permissionStatement(roleIds.size()), args.toArray(), String.class); CacheUtil.put(SYS_CACHE, SCOPE_CACHE_CODE, permission + StringPool.COLON + roleId, permissions, Boolean.FALSE); } return permissions; } }