center/dataease-dm
center/dataease-dm
13
0
Fork 0
forked from github/dataease
Code Pull Requests Activity

Merge pull request #1739 from dataease/pr@dev@refactor_api_auth_admin

Browse Source 
fix: api权限单独处理admin
This commit is contained in:
fit2cloud-chenyw 2022-02-08 11:37:08 +08:00 committed by GitHub
commit 253e48107a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 18 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
backend/src/main/java/io/dataease/auth/aop/DePermissionAnnotationHandler.java
View File

@ -27,7 +27,11 @@ public class DePermissionAnnotationHandler {
@Around(value = "@annotation(io.dataease.auth.annotation.DePermissions)")
public Object PermissionsAround(ProceedingJoinPoint point) {
try {
if (AuthUtils.getUser().getIsAdmin()) {
return point.proceed(point.getArgs());
}
MethodSignature ms = (MethodSignature) point.getSignature();
Method method = ms.getMethod();
DePermissions annotation = method.getAnnotation(DePermissions.class);
@ -47,13 +51,13 @@ public class DePermissionAnnotationHandler {
Boolean someAccess = false;
for (int i = 0; i < dePermissions.length; i++) {
DePermission permission = dePermissions[i];
try{
try {
boolean currentAccess = access(args[permission.paramIndex()], permission, 0);
if (currentAccess) {
someAccess = true;
break;
}
}catch (Exception e) {
} catch (Exception e) {
exceptions.add(e);
}
}
@ -71,6 +75,9 @@ public class DePermissionAnnotationHandler {
@Around(value = "@annotation(io.dataease.auth.annotation.DePermission)")
public Object PermissionAround(ProceedingJoinPoint point) {
try {
if (AuthUtils.getUser().getIsAdmin()) {
return point.proceed(point.getArgs());
}
MethodSignature ms = (MethodSignature) point.getSignature();
Method method = ms.getMethod();
@ -88,20 +95,22 @@ public class DePermissionAnnotationHandler {
}
private Boolean access(Object arg, DePermission annotation, int layer) throws Exception {
if (ObjectUtils.isEmpty(arg)) return true;
if (ObjectUtils.isEmpty(arg))
return true;
String type = annotation.type().name().toLowerCase();
String value = annotation.value();
Integer requireLevel = annotation.level().getLevel();
Set<String> resourceIds = AuthUtils.permissionByType(type).stream().filter(
item -> item.getLevel() >= requireLevel
).map(AuthItem::getAuthSource).collect(Collectors.toSet());
item -> item.getLevel() >= requireLevel).map(AuthItem::getAuthSource).collect(Collectors.toSet());
Class<?> parameterType = arg.getClass();
if (parameterType.isPrimitive() || isWrapClass(parameterType) || isString(parameterType)) {
boolean permissionValid = resourceIds.contains(arg);
if (permissionValid) return true;
throw new UnauthorizedException("Subject does not have permission[" + annotation.level().name() +":"+ annotation.type() + ":" + arg + "]");
if (permissionValid)
return true;
throw new UnauthorizedException("Subject does not have permission[" + annotation.level().name() + ":"
+ annotation.type() + ":" + arg + "]");
} else if (isArray(parameterType)) {
for (int i = 0; i < Array.getLength(arg); i++) {
Object o = Array.get(arg, i);
@ -124,7 +133,7 @@ public class DePermissionAnnotationHandler {
Object o = argMap.get(values[layer]);
return access(o, annotation, ++layer);
} else {
//当作自定义类处理
// 当作自定义类处理
String[] values = value.split("u002E");
String fieldName = values[layer];
@ -135,7 +144,7 @@ public class DePermissionAnnotationHandler {
return true;
}
private Object getFieldValue(Object o, String fieldName) throws Exception{
private Object getFieldValue(Object o, String fieldName) throws Exception {
Class<?> aClass = o.getClass();
while (null != aClass.getSuperclass()) {
Field[] declaredFields = aClass.getDeclaredFields();
@ -183,5 +192,4 @@ public class DePermissionAnnotationHandler {
return Arrays.stream(wrapClasies).anyMatch(item -> StringUtils.equals(item, clz.getName()));
}
}