Merge remote-tracking branch 'origin/v1' into v1

src/main/java/cn/quantgroup/cashloanflowboss/api/role/entity/Permission.java

@@ -5,6 +5,7 @@ import lombok.AllArgsConstructor;
 import lombok.Data;
 import lombok.NoArgsConstructor;
 
+import javax.persistence.*;
 import java.util.List;
 
 /**
@@ -13,16 +14,33 @@ import java.util.List;
 @Data
 @NoArgsConstructor
 @AllArgsConstructor
+@Entity
+@Table(name = "permission")
 public class Permission {
 
+    /**
+     * 主键id
+     */
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+
     /**
      * 授权ID
      */
-    private String id;
+    @Column(name = "name")
+    private String name;
+    /**
+     * 权限描述
+     */
+    @Column(name = "desc")
+    private String desc;
 
     /**
-     * 权利
+     * 权利 读 写 修改 删除 暂时不用
      */
-    private List<Authority> authorities;
+    //@Convert(converter = PermissionListConverter.class)
+    //@Column(name = "permissions")
+    //private List<Authority> authorities;
 
 }

src/main/java/cn/quantgroup/cashloanflowboss/api/role/entity/Role.java

@@ -5,6 +5,7 @@ import lombok.Data;
 
 import javax.persistence.*;
 import java.util.List;
+import java.util.Set;
 import java.util.function.UnaryOperator;
 
 /**
@@ -31,9 +32,16 @@ public class Role extends Primary implements UnaryOperator<Role> {
     /**
      * 授权列表
      */
-    @Convert(converter = PermissionListConverter.class)
-    @Column(name = "permissions")
-    private List<Permission> permissions;
+    //@Convert(converter = PermissionListConverter.class)
+    //@Column(name = "permissions")
+    //private List<Permission> permissions;
+    /**
+     * 权限
+     */
+    @OneToMany(fetch = FetchType.EAGER)
+    @JoinTable(name = "role_permission_mapping", joinColumns = @JoinColumn(name = "role_id"), inverseJoinColumns = @JoinColumn(name = "permission_id"))
+    private Set<Permission> permissions;
+
 
     @Override
     public Role apply(Role role) {

src/main/java/cn/quantgroup/cashloanflowboss/component/security/SecurityInterceptor.java

 package cn.quantgroup.cashloanflowboss.component.security;
 
 import cn.quantgroup.cashloanflowboss.component.security.annotiation.Security;
+import cn.quantgroup.cashloanflowboss.core.base.Result;
+import cn.quantgroup.cashloanflowboss.core.dictionary.ApplicationStatus;
 import cn.quantgroup.cashloanflowboss.core.exception.ApplicationException;
 import org.aopalliance.intercept.MethodInterceptor;
 import org.aopalliance.intercept.MethodInvocation;
@@ -19,7 +21,7 @@ public class SecurityInterceptor extends ApplicationObjectSupport implements Met
         Security security = invocation.getMethod().getAnnotation(Security.class);
 
         if (!this.getApplicationContext().getBean(SecurityHandler.class).doAuthentication(invocation, security.authorityId(), security.authorities())) {
-            throw new ApplicationException("认证失败");
+            return Result.buildFial(ApplicationStatus.INVALID_AUTHORITY);
         }
 
         return invocation.proceed();

src/main/java/cn/quantgroup/cashloanflowboss/core/configuration/ApplicationSecurityHandler.java

@@ -7,9 +7,13 @@ import cn.quantgroup.cashloanflowboss.component.security.SecurityHandler;
 import cn.quantgroup.cashloanflowboss.core.Application;
 import cn.quantgroup.cashloanflowboss.core.asserts.Assert;
 import cn.quantgroup.cashloanflowboss.core.dictionary.ApplicationStatus;
+import cn.quantgroup.cashloanflowboss.utils.JSONTools;
 import org.aopalliance.intercept.MethodInvocation;
+import org.apache.commons.collections.CollectionUtils;
 import org.springframework.context.annotation.Configuration;
 
+import java.util.ArrayList;
+import java.util.List;
 import java.util.Objects;
 import java.util.stream.Stream;
 
@@ -28,8 +32,29 @@ public class ApplicationSecurityHandler implements SecurityHandler {
         Assert.isNull(principal, ApplicationStatus.AUTHENTICATION_FAILURE);
 
         // 如果是超级管理员跳过权限验证
-        return principal.isSuperAdministrator() || principal.getRoles().stream().anyMatch(role -> Stream.iterate(role, Role::getParent).anyMatch(_role -> this.checkAuthority(authorityId, _role)));
+        boolean superAdministrator = principal.isSuperAdministrator();
 
+        boolean anyMatch = principal.getRoles().stream().anyMatch(role -> {
+            List<Role> roleList = getRoleAndParent(role);
+            return roleList.stream().anyMatch(_role -> this.checkAuthority(authorityId, _role));
+        });
+        return  superAdministrator || anyMatch;
+
+    }
+
+    private List<Role> getRoleAndParent(Role role) {
+        if (role == null) {
+            return new ArrayList<>();
+        }
+
+        List<Role> list = new ArrayList<>();
+        list.add(role);
+
+        while (role.getParent() != null) {
+            role = role.getParent();
+            list.add(role);
+        }
+        return list;
     }
 
     /**
@@ -40,7 +65,10 @@ public class ApplicationSecurityHandler implements SecurityHandler {
      * @return
      */
     private boolean checkAuthority(String authorityId, Role role) {
-        return Objects.nonNull(role.getPermissions()) && role.getPermissions().parallelStream().anyMatch(permission -> permission.getId().equals(authorityId));
+        if (role == null) {
+            return false;
+        }
+        return CollectionUtils.isNotEmpty(role.getPermissions()) && role.getPermissions().parallelStream().anyMatch(permission -> permission.getName().equals(authorityId));
     }
 
 }