From c014db1dcfd45c576c3ea12fdce58c45131c542c Mon Sep 17 00:00:00 2001 From: s2042968 Date: Wed, 19 Feb 2025 10:52:36 +0800 Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E5=A4=8D=E5=88=B6/=E7=A7=BB?= =?UTF-8?q?=E5=8A=A8=E6=97=B6=EF=BC=8C=E5=AF=B9=E4=BA=8E=E7=9B=AE=E6=A0=87?= =?UTF-8?q?=E6=96=87=E4=BB=B6=E5=A4=B9=E7=9A=84=E6=9D=83=E9=99=90=E6=A0=A1?= =?UTF-8?q?=E9=AA=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../manage/aop/FilePermissionCheckAspect.java | 69 +++++++++++-------- .../manage/service/PermissionService.java | 8 +++ .../manage/service/RolePermissionService.java | 2 +- .../serviceimpl/PermissionServiceImpl.java | 28 +++++++- .../RolePermissionServiceImpl.java | 13 ++-- .../src/main/resources/application.properties | 4 +- 6 files changed, 85 insertions(+), 39 deletions(-) diff --git a/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/aop/FilePermissionCheckAspect.java b/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/aop/FilePermissionCheckAspect.java index d657f1f..156c9e4 100644 --- a/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/aop/FilePermissionCheckAspect.java +++ b/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/aop/FilePermissionCheckAspect.java @@ -28,39 +28,54 @@ public class FilePermissionCheckAspect { @Around("@annotation(requiredPermission)") public Object requirePermission(ProceedingJoinPoint joinPoint, RequiredPermission requiredPermission) throws Throwable{ - - // 获取方法参数 Object[] args = joinPoint.getArgs(); - if (args.length > 0) { - FilePermission filePermission = requiredPermission.value(); - String userId = UserThreadLocal.getUserId(); - String id = ""; + if (args.length == 0) { + return joinPoint.proceed(); + } - if (args[0] instanceof String) { - String childId = args[0].toString(); - id = edFileInfoService.getCategoryId(childId); - } + FilePermission filePermission = requiredPermission.value(); + String userId = UserThreadLocal.getUserId(); + String id = extractId(args[0]); // 提取ID逻辑封装成方法,减少冗余代码 - if (args[0] instanceof UpdateFileInfoDTO) { - UpdateFileInfoDTO updateFileInfoDTO = (UpdateFileInfoDTO) args[0]; - String childId = updateFileInfoDTO.getId(); - id = edFileInfoService.getCategoryId(childId); - } - - if (args[0] instanceof FileInfoQueryDTO) { - FileInfoQueryDTO fileInfoQueryDTO = (FileInfoQueryDTO) args[0]; - id = fileInfoQueryDTO.getParentId(); - if (id.length() > ElectromagneticConstants.PRJ_ID_LENGTH) { - return joinPoint.proceed(); - } - } - - Map permissions = permissionService.getUserPermission(userId,id,true); - if (!permissions.get(filePermission.getCode()).equals(Boolean.TRUE)) { - throw new PermissionDeniedException("用户无权限执行此操作"); + // 特殊处理 FileInfoQueryDTO + if (args[0] instanceof FileInfoQueryDTO) { + if (id.length() > ElectromagneticConstants.PRJ_ID_LENGTH) { + return joinPoint.proceed(); } } + + // 先判断是否有权限,避免不必要的 `if` 嵌套 + if (!permissionService.isPermitted(filePermission.getCode(), userId, id)) { + throw new PermissionDeniedException("用户无权限执行此操作"); + } + + // 如果是 MOVE 操作,还需要检查目标文件夹权限 + if (filePermission.equals(FilePermission.MOVE)) { + if (args.length < 2 || !(args[1] instanceof String)) { + throw new IllegalArgumentException("MOVE 操作需要提供目标文件夹 ID"); + } + String targetId = edFileInfoService.getCategoryId(args[1].toString()); + if (!permissionService.isPermitted(filePermission.getCode(), userId, targetId)) { + throw new PermissionDeniedException("用户无权限对目标文件夹执行此操作"); + } + } + return joinPoint.proceed(); } + + /** + * 提取参数中的 ID,避免重复代码 + */ + private String extractId(Object arg) { + if (arg instanceof String) { + return edFileInfoService.getCategoryId(arg.toString()); + } else if (arg instanceof UpdateFileInfoDTO) { + return edFileInfoService.getCategoryId(((UpdateFileInfoDTO) arg).getId()); + } else if (arg instanceof FileInfoQueryDTO) { + return ((FileInfoQueryDTO) arg).getParentId(); + } + throw new IllegalArgumentException("不支持的参数类型:" + arg.getClass().getName()); + } + } diff --git a/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/PermissionService.java b/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/PermissionService.java index eccfad6..5884e78 100644 --- a/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/PermissionService.java +++ b/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/PermissionService.java @@ -49,4 +49,12 @@ public interface PermissionService { */ void syncPermissions (String prjId); + /** + * 判断用户有无权限 + * @param permissionCode 权限 + * @param userId 用户编码 + * @param fileId 文件编码 + * @return + */ + boolean isPermitted (String permissionCode, String userId, String fileId); } diff --git a/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/RolePermissionService.java b/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/RolePermissionService.java index fda8927..3b94260 100644 --- a/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/RolePermissionService.java +++ b/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/RolePermissionService.java @@ -16,7 +16,7 @@ public interface RolePermissionService extends IService { * @param currentPermission * @param infoId */ - void syncPermissions (List currentPermission, String infoId); + void syncNewPermissions (List currentPermission, String infoId); /** * 获取新权限 diff --git a/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/serviceimpl/PermissionServiceImpl.java b/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/serviceimpl/PermissionServiceImpl.java index 741b3a7..612809b 100644 --- a/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/serviceimpl/PermissionServiceImpl.java +++ b/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/serviceimpl/PermissionServiceImpl.java @@ -1,16 +1,13 @@ package com.electromagnetic.industry.software.manage.service.serviceimpl; import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; -import com.baomidou.mybatisplus.core.toolkit.Wrappers; import com.electromagnetic.industry.software.common.enums.*; -import com.electromagnetic.industry.software.common.util.EleLog; import com.electromagnetic.industry.software.common.util.UserThreadLocal; import com.electromagnetic.industry.software.manage.mapper.EdFileInfoMapper; import com.electromagnetic.industry.software.manage.mapper.UserRoleMapper; import com.electromagnetic.industry.software.manage.pojo.models.EdFileInfo; import com.electromagnetic.industry.software.manage.pojo.models.RolePermission; import com.electromagnetic.industry.software.manage.pojo.models.UserRole; -import com.electromagnetic.industry.software.manage.pojo.req.PublishedFileDTO; import com.electromagnetic.industry.software.manage.service.PermissionService; import com.electromagnetic.industry.software.manage.service.RolePermissionService; import lombok.extern.slf4j.Slf4j; @@ -205,4 +202,29 @@ public class PermissionServiceImpl implements PermissionService { rolePermissionService.syncPermissionsAfterTreeUpdate(files, prjId); } + /** + * 判断用户有无权限 + * @param permissionCode 权限 + * @param userId 用户编码 + * @param fileId 文件编码 + * @return + */ + @Override + public boolean isPermitted (String permissionCode, String userId, String fileId) { + LambdaQueryWrapper queryWrapper = new LambdaQueryWrapper<>(); + queryWrapper.eq(UserRole::getUserId, userId); + List roleIds = Optional.ofNullable(userRoleMapper.selectList(queryWrapper)) + .orElse(Collections.emptyList()) + .stream().map(UserRole::getRoleId).collect(Collectors.toList()); + + if (roleIds.isEmpty()) { + return false; + } + + LambdaQueryWrapper queryWrapper1 = new LambdaQueryWrapper<>(); + queryWrapper1.eq(RolePermission::getPermissionCode, permissionCode) + .eq(RolePermission::getFileId, fileId) + .in(RolePermission::getRoleId, roleIds); + return rolePermissionService.count(queryWrapper1)>0; + } } diff --git a/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/serviceimpl/RolePermissionServiceImpl.java b/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/serviceimpl/RolePermissionServiceImpl.java index 42b2523..4ec2c99 100644 --- a/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/serviceimpl/RolePermissionServiceImpl.java +++ b/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/serviceimpl/RolePermissionServiceImpl.java @@ -2,8 +2,6 @@ package com.electromagnetic.industry.software.manage.service.serviceimpl; import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl; -import com.electromagnetic.industry.software.common.enums.EffectFlagEnum; -import com.electromagnetic.industry.software.common.enums.EleDataStatusEnum; import com.electromagnetic.industry.software.manage.mapper.RolePermissionMapper; import com.electromagnetic.industry.software.manage.pojo.models.EdFileInfo; import com.electromagnetic.industry.software.manage.pojo.models.RolePermission; @@ -32,9 +30,9 @@ public class RolePermissionServiceImpl extends ServiceImpl currentPermission, String infoId) { + @Override + public void syncNewPermissions (List currentPermission, String infoId) { if (currentPermission == null) { throw new IllegalArgumentException("currentPermission must not be null"); @@ -104,8 +102,11 @@ public class RolePermissionServiceImpl extends ServiceImpl new ArrayList<>()).add(file); } + System.out.println("levelMap:"+levelMap); + // 获取叶子节点 int maxLen = levelMap.lastKey(); + // 从最底层的叶子节点的上级节点开始遍历,更新权限 for (int i=maxLen-1; i>0;i--) { for (EdFileInfo fileInfo : levelMap.get(i)) { @@ -117,10 +118,10 @@ public class RolePermissionServiceImpl extends ServiceImpl currentPermission = getCurrentPermission(publishedFileDTO); - syncPermissions(currentPermission, infoId); + syncNewPermissions(currentPermission, infoId); } - log.info("同步项目权限结束:{}", prjId); } + log.info("同步项目权限结束:{}", prjId); } private boolean isLeafNode(String id, List files) { diff --git a/electrmangnetic/src/main/resources/application.properties b/electrmangnetic/src/main/resources/application.properties index 5fd632c..8c19a2d 100644 --- a/electrmangnetic/src/main/resources/application.properties +++ b/electrmangnetic/src/main/resources/application.properties @@ -1,7 +1,7 @@ #required spring.application.name=electromagnetic-data spring.datasource.typd=com.alibaba.druid.pool.DruidDataSource -spring.datasource.url=jdbc:mysql://139.196.179.195:3306/em_user_test?serverTimezone=UTC&useUnicode=true&characterEncoding=utf-8&useSSL=true&serverTimezone=GMT%2B8&allowMultiQueries=true&rewriteBatchedStatements=true +spring.datasource.url=jdbc:mysql://139.196.179.195:3306/em_data_test?serverTimezone=UTC&useUnicode=true&characterEncoding=utf-8&useSSL=true&serverTimezone=GMT%2B8&allowMultiQueries=true&rewriteBatchedStatements=true spring.datasource.username=em_user_test spring.datasource.password=Szsd#2O25$test spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver @@ -14,7 +14,7 @@ pagehelper.helperDialect=mysql pagehelper.reasonable=false server.port=12395 file.security.passwd=adknfhkj87654knd -#windows文件存储目录,用于测试 +#windows文件存储目录,用于测试 data.windows.path=D:/tmp/eleData/project/ data.linux.path=/szsd/data/eleData/project/ data.upload.windows.tmp.path=D:/tmp/eleData/upload/