center/dataease-dm
center/dataease-dm
13
0
Fork 0
forked from github/dataease
Code Pull Requests Activity

Merge pull request #1739 from dataease/pr@dev@refactor_api_auth_admin

Browse Source 
fix: api权限单独处理admin
This commit is contained in:
fit2cloud-chenyw 2022-02-08 11:37:08 +08:00 committed by GitHub
commit 253e48107a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 18 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
backend/src/main/java/io/dataease/auth/aop/DePermissionAnnotationHandler.java
View File

@ -27,7 +27,11 @@ public class DePermissionAnnotationHandler {
@Around(value = "@annotation(io.dataease.auth.annotation.DePermissions)") @Around(value = "@annotation(io.dataease.auth.annotation.DePermissions)")
public Object PermissionsAround(ProceedingJoinPoint point) { public Object PermissionsAround(ProceedingJoinPoint point) {
try { try {
if (AuthUtils.getUser().getIsAdmin()) {
return point.proceed(point.getArgs());
}
MethodSignature ms = (MethodSignature) point.getSignature(); MethodSignature ms = (MethodSignature) point.getSignature();
Method method = ms.getMethod(); Method method = ms.getMethod();
DePermissions annotation = method.getAnnotation(DePermissions.class); DePermissions annotation = method.getAnnotation(DePermissions.class);
@ -47,13 +51,13 @@ public class DePermissionAnnotationHandler {
Boolean someAccess = false; Boolean someAccess = false;
for (int i = 0; i < dePermissions.length; i++) { for (int i = 0; i < dePermissions.length; i++) {
DePermission permission = dePermissions[i]; DePermission permission = dePermissions[i];
try{ try {
boolean currentAccess = access(args[permission.paramIndex()], permission, 0); boolean currentAccess = access(args[permission.paramIndex()], permission, 0);
if (currentAccess) { if (currentAccess) {
someAccess = true; someAccess = true;
break; break;
} }
}catch (Exception e) { } catch (Exception e) {
exceptions.add(e); exceptions.add(e);
} }
} }
@ -71,6 +75,9 @@ public class DePermissionAnnotationHandler {
@Around(value = "@annotation(io.dataease.auth.annotation.DePermission)") @Around(value = "@annotation(io.dataease.auth.annotation.DePermission)")
public Object PermissionAround(ProceedingJoinPoint point) { public Object PermissionAround(ProceedingJoinPoint point) {
try { try {
if (AuthUtils.getUser().getIsAdmin()) {
return point.proceed(point.getArgs());
}
MethodSignature ms = (MethodSignature) point.getSignature(); MethodSignature ms = (MethodSignature) point.getSignature();
Method method = ms.getMethod(); Method method = ms.getMethod();
@ -88,20 +95,22 @@ public class DePermissionAnnotationHandler {
} }
private Boolean access(Object arg, DePermission annotation, int layer) throws Exception { private Boolean access(Object arg, DePermission annotation, int layer) throws Exception {
if (ObjectUtils.isEmpty(arg)) return true; if (ObjectUtils.isEmpty(arg))
return true;
String type = annotation.type().name().toLowerCase(); String type = annotation.type().name().toLowerCase();
String value = annotation.value(); String value = annotation.value();
Integer requireLevel = annotation.level().getLevel(); Integer requireLevel = annotation.level().getLevel();
Set<String> resourceIds = AuthUtils.permissionByType(type).stream().filter( Set<String> resourceIds = AuthUtils.permissionByType(type).stream().filter(
item -> item.getLevel() >= requireLevel item -> item.getLevel() >= requireLevel).map(AuthItem::getAuthSource).collect(Collectors.toSet());
).map(AuthItem::getAuthSource).collect(Collectors.toSet());
Class<?> parameterType = arg.getClass(); Class<?> parameterType = arg.getClass();
if (parameterType.isPrimitive() || isWrapClass(parameterType) || isString(parameterType)) { if (parameterType.isPrimitive() || isWrapClass(parameterType) || isString(parameterType)) {
boolean permissionValid = resourceIds.contains(arg); boolean permissionValid = resourceIds.contains(arg);
if (permissionValid) return true; if (permissionValid)
throw new UnauthorizedException("Subject does not have permission[" + annotation.level().name() +":"+ annotation.type() + ":" + arg + "]"); return true;
throw new UnauthorizedException("Subject does not have permission[" + annotation.level().name() + ":"
+ annotation.type() + ":" + arg + "]");
} else if (isArray(parameterType)) { } else if (isArray(parameterType)) {
for (int i = 0; i < Array.getLength(arg); i++) { for (int i = 0; i < Array.getLength(arg); i++) {
Object o = Array.get(arg, i); Object o = Array.get(arg, i);
@ -124,7 +133,7 @@ public class DePermissionAnnotationHandler {
Object o = argMap.get(values[layer]); Object o = argMap.get(values[layer]);
return access(o, annotation, ++layer); return access(o, annotation, ++layer);
} else { } else {
//当作自定义类处理 // 当作自定义类处理
String[] values = value.split("u002E"); String[] values = value.split("u002E");
String fieldName = values[layer]; String fieldName = values[layer];
@ -135,7 +144,7 @@ public class DePermissionAnnotationHandler {
return true; return true;
} }
private Object getFieldValue(Object o, String fieldName) throws Exception{ private Object getFieldValue(Object o, String fieldName) throws Exception {
Class<?> aClass = o.getClass(); Class<?> aClass = o.getClass();
while (null != aClass.getSuperclass()) { while (null != aClass.getSuperclass()) {
Field[] declaredFields = aClass.getDeclaredFields(); Field[] declaredFields = aClass.getDeclaredFields();
@ -183,5 +192,4 @@ public class DePermissionAnnotationHandler {
return Arrays.stream(wrapClasies).anyMatch(item -> StringUtils.equals(item, clz.getName())); return Arrays.stream(wrapClasies).anyMatch(item -> StringUtils.equals(item, clz.getName()));
} }
} }