From eb17cb7b477cdf362fe6667cec2a76b5bf69f1e2 Mon Sep 17 00:00:00 2001
From: s2042968 <s2042968@ed.ac.uk>
Date: Fri, 10 Jan 2025 09:44:40 +0800
Subject: [PATCH] =?UTF-8?q?=E5=90=8E=E5=8F=B0=E9=99=90=E5=88=B6=E6=9D=83?=
 =?UTF-8?q?=E9=99=90=E6=96=B0=E5=A2=9E=E6=9B=B4=E6=94=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../software/manage/aop/PermissionAspect.java | 31 ++++++++++++++++++
 .../manage/service/PermissionService.java     |  6 ++++
 .../serviceimpl/PermissionServiceImpl.java    | 32 ++++++++++++++++++-
 .../annotations/RequiredPermission.java       | 14 ++++++++
 4 files changed, 82 insertions(+), 1 deletion(-)
 create mode 100644 electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/aop/PermissionAspect.java
 create mode 100644 electromagnetic-common/src/main/java/com/electromagnetic/industry/software/common/annotations/RequiredPermission.java

diff --git a/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/aop/PermissionAspect.java b/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/aop/PermissionAspect.java
new file mode 100644
index 0000000..4e8b773
--- /dev/null
+++ b/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/aop/PermissionAspect.java
@@ -0,0 +1,31 @@
+package com.electromagnetic.industry.software.manage.aop;
+
+import com.electromagnetic.industry.software.common.annotations.RequiredPermission;
+import com.electromagnetic.industry.software.common.enums.FilePermission;
+import com.electromagnetic.industry.software.common.util.UserThreadLocal;
+import com.electromagnetic.industry.software.manage.service.PermissionService;
+import org.aspectj.lang.annotation.Aspect;
+import org.aspectj.lang.annotation.Before;
+import org.springframework.stereotype.Component;
+
+import javax.annotation.Resource;
+import java.util.Map;
+
+@Aspect
+@Component
+public class PermissionAspect {
+
+    @Resource
+    PermissionService permissionService;
+
+    @Before("@annotation(requiredPermission) && args(id)")
+    public void requirePermission(RequiredPermission requiredPermission, String id) {
+
+        FilePermission filePermission = requiredPermission.value();
+        String userId = UserThreadLocal.getUserId();
+        Map<String,Boolean> permissions = permissionService.getUserPermission(userId,id);
+        if (!permissions.get(filePermission.getCode()).equals(Boolean.TRUE)) {
+            throw new SecurityException("用户无权限执行此操作");
+        }
+    }
+}
diff --git a/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/PermissionService.java b/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/PermissionService.java
index d8495da..817d1ce 100644
--- a/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/PermissionService.java
+++ b/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/PermissionService.java
@@ -37,4 +37,10 @@ public interface PermissionService {
      * @return
      */
     Map<String, Boolean> transToMap(List<String> permissionCodes);
+
+    /**
+     * 检查文件id列表是否可具有导出权限
+     * @param ids
+     */
+    String[] filterExportIds(String[] ids);
 }
diff --git a/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/serviceimpl/PermissionServiceImpl.java b/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/serviceimpl/PermissionServiceImpl.java
index e2d8a1e..339b3a7 100644
--- a/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/serviceimpl/PermissionServiceImpl.java
+++ b/electrmangnetic/src/main/java/com/electromagnetic/industry/software/manage/service/serviceimpl/PermissionServiceImpl.java
@@ -9,6 +9,7 @@ import com.electromagnetic.industry.software.manage.mapper.UserRoleMapper;
 import com.electromagnetic.industry.software.manage.pojo.models.RolePermission;
 import com.electromagnetic.industry.software.manage.pojo.models.UserRole;
 import com.electromagnetic.industry.software.manage.service.PermissionService;
+import com.electromagnetic.industry.software.manage.service.RolePermissionService;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
@@ -37,7 +38,7 @@ public class PermissionServiceImpl implements PermissionService {
 
         List<String> roleIds = getRoles(userId);
         // 只有当 roleIds 不为空且不为 null 时，才添加 in 条件
-        if (CollUtil.isEmpty(roleIds)) {
+        if (roleIds.isEmpty()) {
             return new HashMap<>();
         }
         LambdaQueryWrapper<RolePermission> queryWrapper1 = new LambdaQueryWrapper<>();
@@ -58,6 +59,10 @@ public class PermissionServiceImpl implements PermissionService {
         String userId = UserThreadLocal.getUserId();
         List<String> roleIds = getRoles(userId);
 
+        if (roleIds ==null || roleIds.isEmpty()) {
+            return new ArrayList<>();
+        }
+
         LambdaQueryWrapper<RolePermission> queryWrapper1 = new LambdaQueryWrapper<>();
         queryWrapper1.select(RolePermission::getFileId)
                 .in(RolePermission::getRoleId, roleIds)
@@ -112,4 +117,29 @@ public class PermissionServiceImpl implements PermissionService {
         }
         return result;
     }
+
+    /**
+     * 检查文件id列表是否可具有导出权限
+     * @param ids
+     */
+    @Override
+    public String[] filterExportIds(String[] ids){
+        if (ids.length==0) {
+            return ids;
+        }
+        String userId=UserThreadLocal.getUserId();
+        List<String> roleIds = getRoles(userId);
+        List<String> result = new ArrayList<>();
+        for (String id : ids) {
+            LambdaQueryWrapper<RolePermission> queryWrapper = new LambdaQueryWrapper<>();
+            queryWrapper.eq(RolePermission::getFileId, id)
+                    .eq(RolePermission::getPermissionCode, FilePermission.EXPORT.getCode())
+                    .in(RolePermission::getRoleId, roleIds);
+            List<RolePermission> list = rolePermissionMapper.selectList(queryWrapper);
+            if (!list.isEmpty()) {
+                result.add(id);
+            }
+        }
+        return result.toArray(new String[0]);
+    }
 }
diff --git a/electromagnetic-common/src/main/java/com/electromagnetic/industry/software/common/annotations/RequiredPermission.java b/electromagnetic-common/src/main/java/com/electromagnetic/industry/software/common/annotations/RequiredPermission.java
new file mode 100644
index 0000000..9d4314e
--- /dev/null
+++ b/electromagnetic-common/src/main/java/com/electromagnetic/industry/software/common/annotations/RequiredPermission.java
@@ -0,0 +1,14 @@
+package com.electromagnetic.industry.software.common.annotations;
+
+import com.electromagnetic.industry.software.common.enums.FilePermission;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Retention(RetentionPolicy.RUNTIME)
+@Target(ElementType.METHOD)
+public @interface RequiredPermission {
+    FilePermission value();
+}