Merge remote-tracking branch 'origin/v1' into v1

4154b98c · 王俊权 · e92d8075 · c8ce9cab · 4154b98c · 4154b98c
Commit 4154b98c authored Sep 18, 2019 by 王俊权
4 changed files
--- a/src/main/java/cn/quantgroup/cashloanflowboss/api/role/entity/Permission.java
+++ b/src/main/java/cn/quantgroup/cashloanflowboss/api/role/entity/Permission.java
@@ -5,6 +5,7 @@ import lombok.AllArgsConstructor;
 import lombok.Data;
 import lombok.NoArgsConstructor;
+import javax.persistence.*;
 import java.util.List;
 /**
@@ -13,16 +14,33 @@ import java.util.List;
 @Data
 @NoArgsConstructor
 @AllArgsConstructor
+@Entity
+@Table(name = "permission")
 public class Permission {
+    /**
+     * 主键id
+     */
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
    /**
     * 授权ID
     */
-    private String id;
+    @Column(name = "name")
+    private String name;
+    /**
+     * 权限描述
+     */
+    @Column(name = "desc")
+    private String desc;
    /**
-     * 权利
+     * 权利 读 写 修改 删除 暂时不用
     */
-    private List<Authority> authorities;
+    //@Convert(converter = PermissionListConverter.class)
+    //@Column(name = "permissions")
+    //private List<Authority> authorities;
 }
--- a/src/main/java/cn/quantgroup/cashloanflowboss/api/role/entity/Role.java
+++ b/src/main/java/cn/quantgroup/cashloanflowboss/api/role/entity/Role.java
@@ -5,6 +5,7 @@ import lombok.Data;
 import javax.persistence.*;
 import java.util.List;
+import java.util.Set;
 import java.util.function.UnaryOperator;
 /**
@@ -31,9 +32,16 @@ public class Role extends Primary implements UnaryOperator<Role> {
    /**
     * 授权列表
     */
-    @Convert(converter = PermissionListConverter.class)
+    //@Convert(converter = PermissionListConverter.class)
-    @Column(name = "permissions")
+    //@Column(name = "permissions")
-    private List<Permission> permissions;
+    //private List<Permission> permissions;
+    /**
+     * 权限
+     */
+    @OneToMany(fetch = FetchType.EAGER)
+    @JoinTable(name = "role_permission_mapping", joinColumns = @JoinColumn(name = "role_id"), inverseJoinColumns = @JoinColumn(name = "permission_id"))
+    private Set<Permission> permissions;
    @Override
    public Role apply(Role role) {

--- a/src/main/java/cn/quantgroup/cashloanflowboss/component/security/SecurityInterceptor.java
+++ b/src/main/java/cn/quantgroup/cashloanflowboss/component/security/SecurityInterceptor.java
 package cn.quantgroup.cashloanflowboss.component.security;
 import cn.quantgroup.cashloanflowboss.component.security.annotiation.Security;
+import cn.quantgroup.cashloanflowboss.core.base.Result;
+import cn.quantgroup.cashloanflowboss.core.dictionary.ApplicationStatus;
 import cn.quantgroup.cashloanflowboss.core.exception.ApplicationException;
 import org.aopalliance.intercept.MethodInterceptor;
 import org.aopalliance.intercept.MethodInvocation;
@@ -19,7 +21,7 @@ public class SecurityInterceptor extends ApplicationObjectSupport implements Met
        Security security = invocation.getMethod().getAnnotation(Security.class);
        if (!this.getApplicationContext().getBean(SecurityHandler.class).doAuthentication(invocation, security.authorityId(), security.authorities())) {
-            throw new ApplicationException("认证失败");
+            return Result.buildFial(ApplicationStatus.INVALID_AUTHORITY);
        }
        return invocation.proceed();

--- a/src/main/java/cn/quantgroup/cashloanflowboss/core/configuration/ApplicationSecurityHandler.java
+++ b/src/main/java/cn/quantgroup/cashloanflowboss/core/configuration/ApplicationSecurityHandler.java
@@ -7,9 +7,13 @@ import cn.quantgroup.cashloanflowboss.component.security.SecurityHandler;
 import cn.quantgroup.cashloanflowboss.core.Application;
 import cn.quantgroup.cashloanflowboss.core.asserts.Assert;
 import cn.quantgroup.cashloanflowboss.core.dictionary.ApplicationStatus;
+import cn.quantgroup.cashloanflowboss.utils.JSONTools;
 import org.aopalliance.intercept.MethodInvocation;
+import org.apache.commons.collections.CollectionUtils;
 import org.springframework.context.annotation.Configuration;
+import java.util.ArrayList;
+import java.util.List;
 import java.util.Objects;
 import java.util.stream.Stream;
@@ -28,8 +32,29 @@ public class ApplicationSecurityHandler implements SecurityHandler {
        Assert.isNull(principal, ApplicationStatus.AUTHENTICATION_FAILURE);
        // 如果是超级管理员跳过权限验证
-        return principal.isSuperAdministrator() || principal.getRoles().stream().anyMatch(role -> Stream.iterate(role, Role::getParent).anyMatch(_role -> this.checkAuthority(authorityId, _role)));
+        boolean superAdministrator = principal.isSuperAdministrator();
+        boolean anyMatch = principal.getRoles().stream().anyMatch(role -> {
+            List<Role> roleList = getRoleAndParent(role);
+            return roleList.stream().anyMatch(_role -> this.checkAuthority(authorityId, _role));
+        });
+        return  superAdministrator || anyMatch;
+    }
+    private List<Role> getRoleAndParent(Role role) {
+        if (role == null) {
+            return new ArrayList<>();
+        }
+        List<Role> list = new ArrayList<>();
+        list.add(role);
+        while (role.getParent() != null) {
+            role = role.getParent();
+            list.add(role);
+        }
+        return list;
    }
    /**
@@ -40,7 +65,10 @@ public class ApplicationSecurityHandler implements SecurityHandler {
     * @return
     */
    private boolean checkAuthority(String authorityId, Role role) {
-        return Objects.nonNull(role.getPermissions()) && role.getPermissions().parallelStream().anyMatch(permission -> permission.getId().equals(authorityId));
+        if (role == null) {
+            return false;
+        }
+        return CollectionUtils.isNotEmpty(role.getPermissions()) && role.getPermissions().parallelStream().anyMatch(permission -> permission.getName().equals(authorityId));
    }
 }