权限
This commit is contained in:
zhanyunjiu
@@ -40,6 +40,10 @@
|
||||
<artifactId>yudao-spring-boot-starter-test</artifactId>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.data</groupId>
|
||||
<artifactId>spring-data-redis</artifactId>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
</project>
|
||||
|
||||
+16
-3
@@ -2,10 +2,10 @@ package cn.iocoder.yudao.framework.datapermission.core.dept.rule;
|
||||
|
||||
import cn.hutool.core.collection.CollUtil;
|
||||
import cn.hutool.core.util.StrUtil;
|
||||
import cn.iocoder.yudao.framework.datapermission.core.dept.service.DeptDataPermissionFrameworkService;
|
||||
import cn.iocoder.yudao.framework.datapermission.core.dept.service.dto.DeptDataPermissionRespDTO;
|
||||
import cn.iocoder.yudao.framework.common.util.collection.CollectionUtils;
|
||||
import cn.iocoder.yudao.framework.common.util.json.JsonUtils;
|
||||
import cn.iocoder.yudao.framework.datapermission.core.dept.service.DeptDataPermissionFrameworkService;
|
||||
import cn.iocoder.yudao.framework.datapermission.core.dept.service.dto.DeptDataPermissionRespDTO;
|
||||
import cn.iocoder.yudao.framework.datapermission.core.rule.DataPermissionRule;
|
||||
import cn.iocoder.yudao.framework.mybatis.core.dataobject.BaseDO;
|
||||
import cn.iocoder.yudao.framework.mybatis.core.util.MyBatisUtils;
|
||||
@@ -13,7 +13,7 @@ import cn.iocoder.yudao.framework.security.core.LoginUser;
|
||||
import cn.iocoder.yudao.framework.security.core.util.SecurityFrameworkUtils;
|
||||
import com.baomidou.mybatisplus.core.metadata.TableInfoHelper;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Getter;
|
||||
import lombok.SneakyThrows;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import net.sf.jsqlparser.expression.Alias;
|
||||
import net.sf.jsqlparser.expression.Expression;
|
||||
@@ -23,6 +23,7 @@ import net.sf.jsqlparser.expression.operators.conditional.OrExpression;
|
||||
import net.sf.jsqlparser.expression.operators.relational.EqualsTo;
|
||||
import net.sf.jsqlparser.expression.operators.relational.ExpressionList;
|
||||
import net.sf.jsqlparser.expression.operators.relational.InExpression;
|
||||
import net.sf.jsqlparser.parser.CCJSqlParserUtil;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
@@ -146,6 +147,7 @@ public class DeptDataPermissionRule implements DataPermissionRule {
|
||||
new ExpressionList(CollectionUtils.convertList(deptIds, LongValue::new)));
|
||||
}
|
||||
|
||||
@SneakyThrows
|
||||
private Expression buildUserExpression(String tableName, Alias tableAlias, Boolean self, Long userId) {
|
||||
// 如果不查看自己,则无需作为条件
|
||||
if (Boolean.FALSE.equals(self)) {
|
||||
@@ -155,6 +157,17 @@ public class DeptDataPermissionRule implements DataPermissionRule {
|
||||
if (StrUtil.isEmpty(columnName)) {
|
||||
return null;
|
||||
}
|
||||
|
||||
Long cpUserId = deptDataPermissionService.getCpUserIdBySystemUserId(userId);
|
||||
if (tableName.equals("farm_project")){
|
||||
Expression projectSql = CCJSqlParserUtil.parseCondExpression("(creator = " + userId + " or JSON_CONTAINS(members, '"+ cpUserId +"'))");
|
||||
return projectSql;
|
||||
}
|
||||
if (tableName.equals("farm_task")){
|
||||
Expression taskSql = CCJSqlParserUtil.parseCondExpression(" (creator = " + userId + " or JSON_CONTAINS(executor_person, '"+ cpUserId +"')" +
|
||||
" or main_person = " + cpUserId +")");
|
||||
return taskSql;
|
||||
}
|
||||
// 拼接条件
|
||||
return new EqualsTo(MyBatisUtils.buildColumn(tableName, tableAlias, columnName), new LongValue(userId));
|
||||
}
|
||||
|
||||
+2
@@ -19,4 +19,6 @@ public interface DeptDataPermissionFrameworkService {
|
||||
*/
|
||||
DeptDataPermissionRespDTO getDeptDataPermission(LoginUser loginUser);
|
||||
|
||||
Long getCpUserIdBySystemUserId(Long id);
|
||||
|
||||
}
|
||||
|
||||
+10
@@ -16,6 +16,7 @@ import cn.iocoder.yudao.module.system.convert.auth.AuthConvert;
|
||||
import cn.iocoder.yudao.module.system.dal.dataobject.user.AdminUserDO;
|
||||
import cn.iocoder.yudao.module.system.enums.logger.LoginLogTypeEnum;
|
||||
import cn.iocoder.yudao.module.system.enums.logger.LoginResultEnum;
|
||||
import cn.iocoder.yudao.module.system.service.CpUser.CpUserService;
|
||||
import cn.iocoder.yudao.module.system.service.common.CaptchaService;
|
||||
import cn.iocoder.yudao.module.system.service.logger.LoginLogService;
|
||||
import cn.iocoder.yudao.module.system.service.permission.PermissionService;
|
||||
@@ -25,6 +26,7 @@ import lombok.extern.slf4j.Slf4j;
|
||||
import me.zhyd.oauth.model.AuthUser;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Lazy;
|
||||
import org.springframework.data.redis.core.RedisTemplate;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.BadCredentialsException;
|
||||
import org.springframework.security.authentication.DisabledException;
|
||||
@@ -71,6 +73,11 @@ public class AdminAuthServiceImpl implements AdminAuthService {
|
||||
@Resource
|
||||
private SocialUserService socialUserService;
|
||||
|
||||
@Resource
|
||||
private RedisTemplate redisTemplate;
|
||||
@Resource
|
||||
private CpUserService cpUserService;
|
||||
|
||||
@Resource
|
||||
private Validator validator;
|
||||
|
||||
@@ -106,6 +113,9 @@ public class AdminAuthServiceImpl implements AdminAuthService {
|
||||
// 使用账号密码,进行登录
|
||||
LoginUser loginUser = this.login0(reqVO.getUsername(), reqVO.getPassword());
|
||||
|
||||
//将cpUserId存入 key为 系统用户id value为 cpUserId
|
||||
redisTemplate.opsForValue().set("CpUserId::" + loginUser.getId(), cpUserService.getByUserId(loginUser.getUsername()).getId().toString());
|
||||
|
||||
// 缓存登陆用户到 Redis 中,返回 sessionId 编号
|
||||
return createUserSessionAfterLoginSuccess(loginUser, LoginLogTypeEnum.LOGIN_USERNAME, userIp, userAgent);
|
||||
}
|
||||
|
||||
+9
@@ -27,6 +27,7 @@ import com.google.common.collect.Multimap;
|
||||
import com.google.common.collect.Sets;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.springframework.context.annotation.Lazy;
|
||||
import org.springframework.data.redis.core.RedisTemplate;
|
||||
import org.springframework.scheduling.annotation.Scheduled;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
@@ -101,6 +102,10 @@ public class PermissionServiceImpl implements PermissionService {
|
||||
@Lazy // 注入自己,所以延迟加载
|
||||
private PermissionService self;
|
||||
|
||||
@Resource
|
||||
private RedisTemplate redisTemplate;
|
||||
|
||||
|
||||
/**
|
||||
* 初始化 {@link #roleMenuCache} 和 {@link #menuRoleCache} 缓存
|
||||
*/
|
||||
@@ -433,4 +438,8 @@ public class PermissionServiceImpl implements PermissionService {
|
||||
UserRoleDO::getUserId);
|
||||
}
|
||||
|
||||
|
||||
public Long getCpUserIdBySystemUserId(Long userId){
|
||||
return Long.valueOf(redisTemplate.opsForValue().get("CpUserId::" + userId).toString());
|
||||
}
|
||||
}
|
||||
|
||||
-25
@@ -1,25 +0,0 @@
|
||||
package cn.iocoder.yudao.module.farm.config;
|
||||
|
||||
import cn.iocoder.yudao.framework.datapermission.core.dept.rule.DeptDataPermissionRuleCustomizer;
|
||||
import cn.iocoder.yudao.module.farm.dal.dataobject.project.ProjectDO;
|
||||
import cn.iocoder.yudao.module.farm.dal.dataobject.task.TaskDO;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
|
||||
@Configuration
|
||||
public class FarmPermissionRuleCustomizer {
|
||||
|
||||
@Bean
|
||||
public DeptDataPermissionRuleCustomizer farmCustomizer(){
|
||||
return rule -> {
|
||||
rule.addDeptColumn(ProjectDO.class);
|
||||
// user隔离不起作用
|
||||
rule.addUserColumn(ProjectDO.class,"creator");
|
||||
|
||||
rule.addDeptColumn(TaskDO.class);
|
||||
rule.addUserColumn(TaskDO.class,"creator");
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
+6
-5
@@ -1,13 +1,14 @@
|
||||
package cn.iocoder.yudao.module.farm.dal.mysql.area;
|
||||
|
||||
import java.util.*;
|
||||
|
||||
import cn.iocoder.yudao.framework.common.pojo.PageResult;
|
||||
import cn.iocoder.yudao.framework.mybatis.core.query.LambdaQueryWrapperX;
|
||||
import cn.iocoder.yudao.framework.mybatis.core.mapper.BaseMapperX;
|
||||
import cn.iocoder.yudao.framework.mybatis.core.query.LambdaQueryWrapperX;
|
||||
import cn.iocoder.yudao.module.farm.controller.admin.area.vo.AreaExportReqVO;
|
||||
import cn.iocoder.yudao.module.farm.controller.admin.area.vo.AreaPageReqVO;
|
||||
import cn.iocoder.yudao.module.farm.dal.dataobject.area.AreaDO;
|
||||
import org.apache.ibatis.annotations.Mapper;
|
||||
import cn.iocoder.yudao.module.farm.controller.admin.area.vo.*;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* Mapper
|
||||
@@ -22,7 +23,7 @@ public interface AreaMapper extends BaseMapperX<AreaDO> {
|
||||
.likeIfPresent(AreaDO::getName, reqVO.getName())
|
||||
.eqIfPresent(AreaDO::getParentId, reqVO.getParentId())
|
||||
.betweenIfPresent(AreaDO::getCreateTime, reqVO.getBeginCreateTime(), reqVO.getEndCreateTime())
|
||||
.eqIfPresent(AreaDO::getPretendDelete, reqVO.getPretendDelete())
|
||||
// .eqIfPresent(AreaDO::getPretendDelete, reqVO.getPretendDelete())
|
||||
.orderByDesc(AreaDO::getId));
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user