package com.qianwen.core.secure.handler;
|
|
import java.util.ArrayList;
|
import java.util.Arrays;
|
import java.util.Collections;
|
import java.util.List;
|
|
import javax.servlet.http.HttpServletRequest;
|
|
import org.springframework.jdbc.core.JdbcTemplate;
|
import org.springframework.util.AntPathMatcher;
|
|
import com.qianwen.core.cache.utils.CacheUtil;
|
import com.qianwen.core.secure.BladeUser;
|
import com.qianwen.core.secure.constant.PermissionConstant;
|
import com.qianwen.core.secure.utils.AuthUtil;
|
import com.qianwen.core.tool.utils.Func;
|
import com.qianwen.core.tool.utils.StringUtil;
|
import com.qianwen.core.tool.utils.WebUtil;
|
|
|
public class BladePermissionHandler implements IPermissionHandler {
|
private static final String GATEWAY_REQUEST_URI = "original.gatewayRequestUrl";
|
private static final String SCOPE_CACHE_CODE = "apiScope:code:";
|
private final JdbcTemplate jdbcTemplate;
|
|
public BladePermissionHandler(final JdbcTemplate jdbcTemplate) {
|
this.jdbcTemplate = jdbcTemplate;
|
}
|
|
@Override // org.springblade.core.secure.handler.IPermissionHandler
|
public boolean permissionAll() {
|
HttpServletRequest request = WebUtil.getRequest();
|
BladeUser user = AuthUtil.getUser();
|
if (request == null || user == null) {
|
return false;
|
}
|
String uri = request.getRequestURI();
|
List<String> paths = permissionPath(user.getRoleId());
|
if (paths.size() == 0) {
|
return false;
|
}
|
return paths.stream().anyMatch(uri::contains);
|
}
|
|
@Override // org.springblade.core.secure.handler.IPermissionHandler
|
public boolean hasPermission(String permission) {
|
HttpServletRequest request = WebUtil.getRequest();
|
BladeUser user = AuthUtil.getUser();
|
if (request == null || user == null) {
|
return false;
|
}
|
List<String> codes = permissionCode(permission, user.getRoleId());
|
return codes.size() != 0;
|
}
|
|
private List<String> permissionPath(String roleId) {
|
List<String> permissions = (List) CacheUtil.get("blade:sys", SCOPE_CACHE_CODE, roleId, List.class, Boolean.FALSE);
|
if (permissions == null) {
|
List<Long> roleIds = Func.toLongList(roleId);
|
permissions = this.jdbcTemplate.queryForList(PermissionConstant.permissionAllStatement(roleIds.size()), roleIds.toArray(), String.class);
|
CacheUtil.put("blade:sys", SCOPE_CACHE_CODE, roleId, permissions, Boolean.FALSE);
|
}
|
return permissions;
|
}
|
|
private List<String> permissionCode(String permission, String roleId) {
|
|
List<String> permissions = (List<String>)CacheUtil.get("blade:sys", SCOPE_CACHE_CODE, roleId, List.class, Boolean.FALSE);
|
if (permissions == null) {
|
List<Object> args = new ArrayList<>();
|
List<Long> roleIds = Func.toLongList(roleId);
|
args.addAll(roleIds);
|
args.addAll(Collections.singletonList(permission));
|
permissions = this.jdbcTemplate.queryForList(PermissionConstant.permissionStatement(roleIds.size()), args.toArray(), String.class);
|
|
CacheUtil.put("blade:sys", SCOPE_CACHE_CODE, permission + ":" + roleId, permissions, Boolean.FALSE);
|
}
|
return permissions;
|
}
|
|
private String getOriginalURI(HttpServletRequest request) {
|
String uri = request.getRequestURI();
|
String requestOriginal = request.getHeader(GATEWAY_REQUEST_URI);
|
if (StringUtil.isNotBlank(requestOriginal)) {
|
uri = requestOriginal;
|
}
|
return uri;
|
}
|
|
@Override // org.springblade.core.secure.handler.IPermissionHandler
|
public boolean hasApiPermission() {
|
HttpServletRequest request = WebUtil.getRequest();
|
BladeUser user = AuthUtil.getUser();
|
if (request == null || user == null) {
|
return false;
|
}
|
String uri = getOriginalURI(request);
|
String method = request.getMethod().toUpperCase();
|
List<String> paths = permissionApiPath(method, user.getRoleId());
|
if (paths.size() == 0) {
|
return false;
|
}
|
return paths.stream().anyMatch(patter -> {
|
AntPathMatcher matcher = new AntPathMatcher(System.getProperty("file.separator"));
|
return matcher.match(patter, uri);
|
});
|
}
|
|
private List<String> permissionApiPath(String method, String roleId) {
|
List<String> permissions = (List) CacheUtil.get("blade:sys", SCOPE_CACHE_CODE, method + ":" + roleId, List.class, Boolean.FALSE);
|
if (permissions == null) {
|
List<Object> args = new ArrayList<>();
|
List<Long> roleIds = Func.toLongList(roleId);
|
args.addAll(roleIds);
|
args.addAll(Arrays.asList(method));
|
permissions = this.jdbcTemplate.queryForList(PermissionConstant.permissionApiStatement(roleIds.size()), args.toArray(), String.class);
|
CacheUtil.put("blade:sys", SCOPE_CACHE_CODE, method + ":" + roleId, permissions, Boolean.FALSE);
|
}
|
return permissions;
|
}
|
}
|
