p35z7urxv
/
pqa2fspn3
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[feat][M]: 新增用户权限校验规则

Browse Source
master
Romesum 5 years ago
parent e48b3dc752
commit 47f45aa895
2 changed files with 70 additions and 3 deletions
Show Stats Download Patch File Download Diff File

39
java/src/main/java/com/hzu/bookingsystem/filter/UserAuthorizeAspect.java
Unescape View File

@ -1,6 +1,9 @@
package com.hzu.bookingsystem.filter; package com.hzu.bookingsystem.filter;
import com.hzu.bookingsystem.controller.UserController;
import com.hzu.bookingsystem.exception.UserAuthorizeException; import com.hzu.bookingsystem.exception.UserAuthorizeException;
import com.hzu.bookingsystem.exception.UserRuleAuthorizeException;
import com.hzu.bookingsystem.repository.UserSecurityMapper;
import com.hzu.bookingsystem.utils.CookieUtil; import com.hzu.bookingsystem.utils.CookieUtil;
import org.aspectj.lang.annotation.Aspect; import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before; import org.aspectj.lang.annotation.Before;
@ -12,8 +15,12 @@ import org.springframework.util.StringUtils;
import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes; import org.springframework.web.context.request.ServletRequestAttributes;
import javax.annotation.Resource;
import javax.servlet.http.Cookie; import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
/** /**
* author * author
@ -24,12 +31,20 @@ public class UserAuthorizeAspect {
@Autowired @Autowired
private StringRedisTemplate redisTemplate; private StringRedisTemplate redisTemplate;
@Autowired
private UserController userController;
@Resource
private UserSecurityMapper userSecurityMapper;
@Pointcut("execution(public * com.hzu.bookingsystem.controller.*.*(..))" + @Pointcut("execution(public * com.hzu.bookingsystem.controller.*.*(..))" +
"&& !execution(public * com.hzu.bookingsystem.controller.UserController.login(..))" + "&& !execution(public * com.hzu.bookingsystem.controller.UserController.login(..))" +
"&& !execution(public * com.hzu.bookingsystem.controller.UserController.logout(..))") "&& !execution(public * com.hzu.bookingsystem.controller.UserController.logout(..))" +
"&& !execution(public * com.hzu.bookingsystem.controller.UserController.getUIdByCookie(..))")
// @Pointcut( // @Pointcut(
// "execution(public * com.hzu.bookingsystem.controller.UserController.getUserList(..))") // "execution(public * com.hzu.bookingsystem.controller.UserController.getUserList(..))")
public void verify() {} public void verify() {
}
@Before("verify()") @Before("verify()")
public void doVerify() { public void doVerify() {
@ -47,7 +62,25 @@ public class UserAuthorizeAspect {
String tokenValue = redisTemplate.opsForValue().get(cookie.getValue()); String tokenValue = redisTemplate.opsForValue().get(cookie.getValue());
if (StringUtils.isEmpty(tokenValue)) { if (StringUtils.isEmpty(tokenValue)) {
System.out.println("登陆已过期"); System.out.println("登陆已过期");
throw new UserAuthorizeException(); throw new UserAuthorizeException("未登录");
} }
//查询权限
Map<String, Object> map = userSecurityMapper.getRules(userController.getUIdByCookie(request));
String rule = (String) map.get("rules_id");
String[] rules = rule.split(",");
List<String> ruleList = Arrays.asList(rules);
String url = request.getRequestURI();
String[] split = url.split("/");
String realUrl = "/" + split[1] + "/" + split[2] + "/" + split[3];
Map<String, Object> map2 = userSecurityMapper.getRuleId(realUrl);
if (ruleList.contains(((Integer) map2.get("rules_id")).toString())) {
System.out.println("权限通过");
} else {
throw new UserRuleAuthorizeException("无权限访问!");
}
} }
} }

34
java/src/main/java/com/hzu/bookingsystem/repository/UserSecurityMapper.java
Unescape View File

@ -0,0 +1,34 @@
package com.hzu.bookingsystem.repository;
import com.hzu.bookingsystem.VO.WeekVO;
import com.hzu.bookingsystem.bean.LabRecordBean;
import com.hzu.bookingsystem.bean.LabTimeBean;
import com.hzu.bookingsystem.dto.LabRecordDTO;
import org.apache.ibatis.annotations.Mapper;
import org.apache.ibatis.annotations.Select;
import java.util.List;
import java.util.Map;
@Mapper
public interface UserSecurityMapper {
@Select("SELECT " +
" tb_auth_group.rules_id " +
"FROM " +
" tb_user, " +
" tb_auth_group_access, " +
" tb_auth_group " +
"WHERE " +
" tb_user.u_id = tb_auth_group_access.u_id " +
" AND tb_auth_group.group_id = tb_auth_group_access.group_id " +
" AND tb_auth_group_access.u_id = #{uId}")
Map<String,Object> getRules(Integer uId);
@Select("SELECT " +
" tb_auth_rules.rules_id " +
"FROM " +
" tb_auth_rules " +
"WHERE " +
" tb_auth_rules.url = #{url}")
Map<String,Object> getRuleId(String url);
}
Write Preview
Loading…
Cancel
Save