增加复制/移动时,对于目标文件夹的权限校验
This commit is contained in:
s2042968
parent
6ec4c66dd2
commit
c014db1dcf
|
|
@ -28,39 +28,54 @@ public class FilePermissionCheckAspect {
|
||||||
|
|
||||||
@Around("@annotation(requiredPermission)")
|
@Around("@annotation(requiredPermission)")
|
||||||
public Object requirePermission(ProceedingJoinPoint joinPoint, RequiredPermission requiredPermission) throws Throwable{
|
public Object requirePermission(ProceedingJoinPoint joinPoint, RequiredPermission requiredPermission) throws Throwable{
|
||||||
|
|
||||||
// 获取方法参数
|
|
||||||
Object[] args = joinPoint.getArgs();
|
Object[] args = joinPoint.getArgs();
|
||||||
|
|
||||||
if (args.length > 0) {
|
if (args.length == 0) {
|
||||||
FilePermission filePermission = requiredPermission.value();
|
return joinPoint.proceed();
|
||||||
String userId = UserThreadLocal.getUserId();
|
}
|
||||||
String id = "";
|
|
||||||
|
|
||||||
if (args[0] instanceof String) {
|
FilePermission filePermission = requiredPermission.value();
|
||||||
String childId = args[0].toString();
|
String userId = UserThreadLocal.getUserId();
|
||||||
id = edFileInfoService.getCategoryId(childId);
|
String id = extractId(args[0]); // 提取ID逻辑封装成方法,减少冗余代码
|
||||||
}
|
|
||||||
|
|
||||||
if (args[0] instanceof UpdateFileInfoDTO) {
|
// 特殊处理 FileInfoQueryDTO
|
||||||
UpdateFileInfoDTO updateFileInfoDTO = (UpdateFileInfoDTO) args[0];
|
if (args[0] instanceof FileInfoQueryDTO) {
|
||||||
String childId = updateFileInfoDTO.getId();
|
if (id.length() > ElectromagneticConstants.PRJ_ID_LENGTH) {
|
||||||
id = edFileInfoService.getCategoryId(childId);
|
return joinPoint.proceed();
|
||||||
}
|
|
||||||
|
|
||||||
if (args[0] instanceof FileInfoQueryDTO) {
|
|
||||||
FileInfoQueryDTO fileInfoQueryDTO = (FileInfoQueryDTO) args[0];
|
|
||||||
id = fileInfoQueryDTO.getParentId();
|
|
||||||
if (id.length() > ElectromagneticConstants.PRJ_ID_LENGTH) {
|
|
||||||
return joinPoint.proceed();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
Map<String,Boolean> permissions = permissionService.getUserPermission(userId,id,true);
|
|
||||||
if (!permissions.get(filePermission.getCode()).equals(Boolean.TRUE)) {
|
|
||||||
throw new PermissionDeniedException("用户无权限执行此操作");
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// 先判断是否有权限,避免不必要的 `if` 嵌套
|
||||||
|
if (!permissionService.isPermitted(filePermission.getCode(), userId, id)) {
|
||||||
|
throw new PermissionDeniedException("用户无权限执行此操作");
|
||||||
|
}
|
||||||
|
|
||||||
|
// 如果是 MOVE 操作,还需要检查目标文件夹权限
|
||||||
|
if (filePermission.equals(FilePermission.MOVE)) {
|
||||||
|
if (args.length < 2 || !(args[1] instanceof String)) {
|
||||||
|
throw new IllegalArgumentException("MOVE 操作需要提供目标文件夹 ID");
|
||||||
|
}
|
||||||
|
String targetId = edFileInfoService.getCategoryId(args[1].toString());
|
||||||
|
if (!permissionService.isPermitted(filePermission.getCode(), userId, targetId)) {
|
||||||
|
throw new PermissionDeniedException("用户无权限对目标文件夹执行此操作");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return joinPoint.proceed();
|
return joinPoint.proceed();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 提取参数中的 ID,避免重复代码
|
||||||
|
*/
|
||||||
|
private String extractId(Object arg) {
|
||||||
|
if (arg instanceof String) {
|
||||||
|
return edFileInfoService.getCategoryId(arg.toString());
|
||||||
|
} else if (arg instanceof UpdateFileInfoDTO) {
|
||||||
|
return edFileInfoService.getCategoryId(((UpdateFileInfoDTO) arg).getId());
|
||||||
|
} else if (arg instanceof FileInfoQueryDTO) {
|
||||||
|
return ((FileInfoQueryDTO) arg).getParentId();
|
||||||
|
}
|
||||||
|
throw new IllegalArgumentException("不支持的参数类型:" + arg.getClass().getName());
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -49,4 +49,12 @@ public interface PermissionService {
|
||||||
*/
|
*/
|
||||||
void syncPermissions (String prjId);
|
void syncPermissions (String prjId);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 判断用户有无权限
|
||||||
|
* @param permissionCode 权限
|
||||||
|
* @param userId 用户编码
|
||||||
|
* @param fileId 文件编码
|
||||||
|
* @return
|
||||||
|
*/
|
||||||
|
boolean isPermitted (String permissionCode, String userId, String fileId);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -16,7 +16,7 @@ public interface RolePermissionService extends IService<RolePermission> {
|
||||||
* @param currentPermission
|
* @param currentPermission
|
||||||
* @param infoId
|
* @param infoId
|
||||||
*/
|
*/
|
||||||
void syncPermissions (List<RolePermission> currentPermission, String infoId);
|
void syncNewPermissions (List<RolePermission> currentPermission, String infoId);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 获取新权限
|
* 获取新权限
|
||||||
|
|
|
||||||
|
|
@ -1,16 +1,13 @@
|
||||||
package com.electromagnetic.industry.software.manage.service.serviceimpl;
|
package com.electromagnetic.industry.software.manage.service.serviceimpl;
|
||||||
|
|
||||||
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
|
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
|
||||||
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
|
|
||||||
import com.electromagnetic.industry.software.common.enums.*;
|
import com.electromagnetic.industry.software.common.enums.*;
|
||||||
import com.electromagnetic.industry.software.common.util.EleLog;
|
|
||||||
import com.electromagnetic.industry.software.common.util.UserThreadLocal;
|
import com.electromagnetic.industry.software.common.util.UserThreadLocal;
|
||||||
import com.electromagnetic.industry.software.manage.mapper.EdFileInfoMapper;
|
import com.electromagnetic.industry.software.manage.mapper.EdFileInfoMapper;
|
||||||
import com.electromagnetic.industry.software.manage.mapper.UserRoleMapper;
|
import com.electromagnetic.industry.software.manage.mapper.UserRoleMapper;
|
||||||
import com.electromagnetic.industry.software.manage.pojo.models.EdFileInfo;
|
import com.electromagnetic.industry.software.manage.pojo.models.EdFileInfo;
|
||||||
import com.electromagnetic.industry.software.manage.pojo.models.RolePermission;
|
import com.electromagnetic.industry.software.manage.pojo.models.RolePermission;
|
||||||
import com.electromagnetic.industry.software.manage.pojo.models.UserRole;
|
import com.electromagnetic.industry.software.manage.pojo.models.UserRole;
|
||||||
import com.electromagnetic.industry.software.manage.pojo.req.PublishedFileDTO;
|
|
||||||
import com.electromagnetic.industry.software.manage.service.PermissionService;
|
import com.electromagnetic.industry.software.manage.service.PermissionService;
|
||||||
import com.electromagnetic.industry.software.manage.service.RolePermissionService;
|
import com.electromagnetic.industry.software.manage.service.RolePermissionService;
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
|
|
@ -205,4 +202,29 @@ public class PermissionServiceImpl implements PermissionService {
|
||||||
rolePermissionService.syncPermissionsAfterTreeUpdate(files, prjId);
|
rolePermissionService.syncPermissionsAfterTreeUpdate(files, prjId);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 判断用户有无权限
|
||||||
|
* @param permissionCode 权限
|
||||||
|
* @param userId 用户编码
|
||||||
|
* @param fileId 文件编码
|
||||||
|
* @return
|
||||||
|
*/
|
||||||
|
@Override
|
||||||
|
public boolean isPermitted (String permissionCode, String userId, String fileId) {
|
||||||
|
LambdaQueryWrapper<UserRole> queryWrapper = new LambdaQueryWrapper<>();
|
||||||
|
queryWrapper.eq(UserRole::getUserId, userId);
|
||||||
|
List<String> roleIds = Optional.ofNullable(userRoleMapper.selectList(queryWrapper))
|
||||||
|
.orElse(Collections.emptyList())
|
||||||
|
.stream().map(UserRole::getRoleId).collect(Collectors.toList());
|
||||||
|
|
||||||
|
if (roleIds.isEmpty()) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
LambdaQueryWrapper<RolePermission> queryWrapper1 = new LambdaQueryWrapper<>();
|
||||||
|
queryWrapper1.eq(RolePermission::getPermissionCode, permissionCode)
|
||||||
|
.eq(RolePermission::getFileId, fileId)
|
||||||
|
.in(RolePermission::getRoleId, roleIds);
|
||||||
|
return rolePermissionService.count(queryWrapper1)>0;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -2,8 +2,6 @@ package com.electromagnetic.industry.software.manage.service.serviceimpl;
|
||||||
|
|
||||||
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
|
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
|
||||||
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
|
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
|
||||||
import com.electromagnetic.industry.software.common.enums.EffectFlagEnum;
|
|
||||||
import com.electromagnetic.industry.software.common.enums.EleDataStatusEnum;
|
|
||||||
import com.electromagnetic.industry.software.manage.mapper.RolePermissionMapper;
|
import com.electromagnetic.industry.software.manage.mapper.RolePermissionMapper;
|
||||||
import com.electromagnetic.industry.software.manage.pojo.models.EdFileInfo;
|
import com.electromagnetic.industry.software.manage.pojo.models.EdFileInfo;
|
||||||
import com.electromagnetic.industry.software.manage.pojo.models.RolePermission;
|
import com.electromagnetic.industry.software.manage.pojo.models.RolePermission;
|
||||||
|
|
@ -32,9 +30,9 @@ public class RolePermissionServiceImpl extends ServiceImpl<RolePermissionMapper,
|
||||||
* @param currentPermission
|
* @param currentPermission
|
||||||
* @param infoId
|
* @param infoId
|
||||||
*/
|
*/
|
||||||
@Override
|
|
||||||
@Transactional
|
@Transactional
|
||||||
public void syncPermissions (List<RolePermission> currentPermission, String infoId) {
|
@Override
|
||||||
|
public void syncNewPermissions (List<RolePermission> currentPermission, String infoId) {
|
||||||
|
|
||||||
if (currentPermission == null) {
|
if (currentPermission == null) {
|
||||||
throw new IllegalArgumentException("currentPermission must not be null");
|
throw new IllegalArgumentException("currentPermission must not be null");
|
||||||
|
|
@ -104,8 +102,11 @@ public class RolePermissionServiceImpl extends ServiceImpl<RolePermissionMapper,
|
||||||
levelMap.computeIfAbsent(len, k -> new ArrayList<>()).add(file);
|
levelMap.computeIfAbsent(len, k -> new ArrayList<>()).add(file);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
System.out.println("levelMap:"+levelMap);
|
||||||
|
|
||||||
// 获取叶子节点
|
// 获取叶子节点
|
||||||
int maxLen = levelMap.lastKey();
|
int maxLen = levelMap.lastKey();
|
||||||
|
|
||||||
// 从最底层的叶子节点的上级节点开始遍历,更新权限
|
// 从最底层的叶子节点的上级节点开始遍历,更新权限
|
||||||
for (int i=maxLen-1; i>0;i--) {
|
for (int i=maxLen-1; i>0;i--) {
|
||||||
for (EdFileInfo fileInfo : levelMap.get(i)) {
|
for (EdFileInfo fileInfo : levelMap.get(i)) {
|
||||||
|
|
@ -117,10 +118,10 @@ public class RolePermissionServiceImpl extends ServiceImpl<RolePermissionMapper,
|
||||||
publishedFileDTO.newInit();
|
publishedFileDTO.newInit();
|
||||||
publishedFileDTO.setFileId(infoId);
|
publishedFileDTO.setFileId(infoId);
|
||||||
List<RolePermission> currentPermission = getCurrentPermission(publishedFileDTO);
|
List<RolePermission> currentPermission = getCurrentPermission(publishedFileDTO);
|
||||||
syncPermissions(currentPermission, infoId);
|
syncNewPermissions(currentPermission, infoId);
|
||||||
}
|
}
|
||||||
log.info("同步项目权限结束:{}", prjId);
|
|
||||||
}
|
}
|
||||||
|
log.info("同步项目权限结束:{}", prjId);
|
||||||
}
|
}
|
||||||
|
|
||||||
private boolean isLeafNode(String id, List<EdFileInfo> files) {
|
private boolean isLeafNode(String id, List<EdFileInfo> files) {
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
#required
|
#required
|
||||||
spring.application.name=electromagnetic-data
|
spring.application.name=electromagnetic-data
|
||||||
spring.datasource.typd=com.alibaba.druid.pool.DruidDataSource
|
spring.datasource.typd=com.alibaba.druid.pool.DruidDataSource
|
||||||
spring.datasource.url=jdbc:mysql://139.196.179.195:3306/em_user_test?serverTimezone=UTC&useUnicode=true&characterEncoding=utf-8&useSSL=true&serverTimezone=GMT%2B8&allowMultiQueries=true&rewriteBatchedStatements=true
|
spring.datasource.url=jdbc:mysql://139.196.179.195:3306/em_data_test?serverTimezone=UTC&useUnicode=true&characterEncoding=utf-8&useSSL=true&serverTimezone=GMT%2B8&allowMultiQueries=true&rewriteBatchedStatements=true
|
||||||
spring.datasource.username=em_user_test
|
spring.datasource.username=em_user_test
|
||||||
spring.datasource.password=Szsd#2O25$test
|
spring.datasource.password=Szsd#2O25$test
|
||||||
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
|
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
|
||||||
|
|
@ -14,7 +14,7 @@ pagehelper.helperDialect=mysql
|
||||||
pagehelper.reasonable=false
|
pagehelper.reasonable=false
|
||||||
server.port=12395
|
server.port=12395
|
||||||
file.security.passwd=adknfhkj87654knd
|
file.security.passwd=adknfhkj87654knd
|
||||||
#windowsæ件åå¨ç®å½ï¼ç¨äºæµè¯
|
#windowsæÂÂ件åÂÂå¨ç®å½Âï¼Âç¨äºÂæµÂè¯Â
|
||||||
data.windows.path=D:/tmp/eleData/project/
|
data.windows.path=D:/tmp/eleData/project/
|
||||||
data.linux.path=/szsd/data/eleData/project/
|
data.linux.path=/szsd/data/eleData/project/
|
||||||
data.upload.windows.tmp.path=D:/tmp/eleData/upload/
|
data.upload.windows.tmp.path=D:/tmp/eleData/upload/
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue