Browse Source

权限验证逻辑ok 未测试

NorthLan 7 years ago
parent
commit
3d50c50b91

+ 1 - 0
zen-api/src/main/kotlin/com/gxzc/zen/api/sys/service/ISysPermissionService.kt

@@ -15,6 +15,7 @@ interface ISysPermissionService {
     fun getPermissionSetByUserId(id: Long): HashSet<String>
     /**
      * 初始化所有用户的权限缓存
+     * FIXME TODO 凡是修改了 user_role / role 表的都需要针对 user_id 将缓存进行移除或更新
      */
     fun initAllUserPermissionCache()
 }

+ 0 - 1
zen-api/src/main/kotlin/com/gxzc/zen/api/sys/service/impl/SysPermissionServiceImpl.kt

@@ -25,7 +25,6 @@ class SysPermissionServiceImpl : ISysPermissionService {
     @Autowired
     private lateinit var sysUserRoleService: ISysUserRoleService
 
-
     @Cacheable(value = [CACHEKEYS.USER_PERM], key = "'uid_' + #id")
     override fun getPermissionSetByUserId(id: Long): HashSet<String> {
         val roleList = sysUserRoleService.getUserRoleListByUserId(id)

+ 8 - 4
zen-core/src/main/kotlin/com/gxzc/zen/common/contants/PLATFORM.kt

@@ -1,12 +1,16 @@
 package com.gxzc.zen.common.contants
 
 /**
- *
+ * 平台代码枚举
  * @author NorthLan
  * @date 2018/2/6
  * @url https://noahlan.com
  */
-enum class PLATFORM(val id: Int, name: String) {
-    COMMON(0, "通用"),
-    SYSTEM(1, "系统")
+enum class PLATFORM(val id: Int) {
+    COMMON(0),
+    SYSTEM(1),
+    RECEIVE(2),
+    SAVE(3),
+    MANAGER(4),
+    UTILIZATION(5)
 }

+ 5 - 11
zen-core/src/main/kotlin/com/gxzc/zen/common/util/SpringContextHolder.kt

@@ -15,21 +15,15 @@ import org.springframework.stereotype.Component
 class SpringContextHolder : ApplicationContextAware {
     companion object {
         private val logger = LoggerFactory.getLogger(SpringContextHolder::class.java)
-        private var applicationContext: ApplicationContext? = null
-            get() {
-                if (field == null) {
-                    throw RuntimeException("Please check if SpringContextHolder has been autowired")
-                }
-                return field
-            }
+        private lateinit var applicationContext: ApplicationContext
 
         @Suppress("UNCHECKED_CAST")
         fun <T> getBean(beanName: String): T {
-            return applicationContext?.getBean(beanName) as T
+            return applicationContext.getBean(beanName) as T
         }
 
-        fun <T : Any> getBean(requiredType: Class<T>): T? {
-            return applicationContext?.getBean(requiredType)
+        fun <T : Any> getBean(requiredType: Class<T>): T {
+            return applicationContext.getBean(requiredType)
         }
     }
 
@@ -37,7 +31,7 @@ class SpringContextHolder : ApplicationContextAware {
         logger.info("${this::class.java.simpleName} initializing...")
     }
 
-    override fun setApplicationContext(applicationContext: ApplicationContext?) {
+    override fun setApplicationContext(applicationContext: ApplicationContext) {
         SpringContextHolder.applicationContext = applicationContext
     }
 }

+ 5 - 13
zen-umps/src/main/kotlin/com/gxzc/zen/umps/KissoAuthorization.kt

@@ -2,7 +2,10 @@ package com.gxzc.zen.umps
 
 import com.baomidou.kisso.SSOAuthorization
 import com.baomidou.kisso.security.token.SSOToken
+import com.gxzc.zen.api.sys.service.ISysPermissionService
 import com.gxzc.zen.common.util.PlatformUtil
+import com.gxzc.zen.common.util.SpringContextHolder
+import com.gxzc.zen.umps.util.PermissionUtil
 import org.apache.commons.lang3.StringUtils
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.cache.CacheManager
@@ -14,27 +17,16 @@ class KissoAuthorization : SSOAuthorization {
     @Autowired
     private lateinit var cacheManager: CacheManager
 
-//    private val permissionService = SpringContextHolder.getBean(ISysPermissionService::class.java)
+    private val permissionService = SpringContextHolder.getBean(ISysPermissionService::class.java)
 
     override fun isPermitted(token: SSOToken?, permission: String?): Boolean {
-//        if (token == null) return false
-//        if (!StringUtils.isNumeric(token.id)) return false
-//        val pers = permissionService?.findUserPermissions(token.id?.toLong()!!)
-//        if (pers?.contains(permission)!!) return true
-
         if (token == null) {
             return false
         }
         if (!StringUtils.isNumeric(token.id)) {
             return false
         }
-        cacheManager.getCache("a").put("haha", arrayListOf("1"))
-
-        val userPerm = "1:user.list:crud" // permission = "user.list:c"
         val realPerm = "${PlatformUtil.getPlatformId()}:$permission"
-
-
-
-        return false
+        return PermissionUtil.isPermitted(realPerm, permissionService.getPermissionSetByUserId(token.id.toLong()))
     }
 }

+ 51 - 19
zen-umps/src/main/kotlin/com/gxzc/zen/umps/util/PermissionUtil.kt

@@ -1,6 +1,8 @@
 package com.gxzc.zen.umps.util
 
 import com.gxzc.zen.umps.common.Permission
+import org.slf4j.LoggerFactory
+import org.springframework.util.Assert
 
 /**
  *
@@ -9,33 +11,63 @@ import com.gxzc.zen.umps.common.Permission
  * @url https://noahlan.com
  */
 object PermissionUtil {
-
-    fun convertPermission(perms: HashSet<String>): HashSet<Permission> {
-        val result = hashSetOf<Permission>()
-        perms.forEach()
-    }
-
+    private val logger = LoggerFactory.getLogger(PermissionUtil::class.java)
 
     /**
      * 权限判定
-     * @param needPerm 需要的权限
+     * @param needPermString 需要的权限
      * @param userPerm 用户权限列表
      */
-    fun isPermitted(needPerm: String?, userPerm: String?): Boolean {
-        if (needPerm.isNullOrEmpty()) {
-            return true
-        }
-        if (userPerm.isNullOrEmpty()) {
+    fun isPermitted(needPermString: String, userPerm: HashSet<String>): Boolean {
+        try {
+            assertPermissionString(needPermString)
+            val userPermSet = convertToPermissionSet(userPerm)
+            val needPerm = convertToPermission(needPermString)
+            // 验证逻辑 platformId=0 为通用(超级)权限
+            userPermSet
+                    .filter { it.perm == needPerm.perm && verifyCRUD(needPerm.crud, it.crud) }
+                    .forEach {
+                        // 验证平台
+                        return if (it.platformId == 0) {
+                            true
+                        } else {
+                            it.platformId == needPerm.platformId
+                        }
+                    }
+        } catch (e: RuntimeException) {
+            logger.error("权限验证系统错误...", e)
             return false
         }
-        val needCRUD = needPerm!!.substring(needPerm.lastIndexOf(':'))
-        val userCRUD = userPerm!!.substring(userPerm.lastIndexOf(':'))
+        return false
+    }
+
+    private fun verifyCRUD(needCRUD: String, userCRUD: String): Boolean {
+        return false
+    }
+
+    /**
+     * 批量将权限串转换为权限实体
+     */
+    private fun convertToPermissionSet(perms: HashSet<String>): HashSet<Permission> {
+        val result = hashSetOf<Permission>()
+        perms.forEach({
+            result.add(convertToPermission(it))
+        })
+        return result
+    }
+
+    /**
+     * 将权限串转换为权限实体
+     */
+    private fun convertToPermission(str: String): Permission {
+        return Permission(str)
+    }
 
-        for (item in needCRUD) {
-            if (item !in userCRUD) {
-                return false
-            }
+    private fun assertPermissionString(str: String) {
+        Assert.notNull(str, "Permission string not be null.")
+        val splitList = str.split(':')
+        if (splitList.size < 3) {
+            throw RuntimeException("permission字符串错误,必须为:分割且长度等于3")
         }
-        return true
     }
 }