全部获取登录Id修改 2022/8/31

PAS/pom.xml

@@ -135,6 +135,11 @@
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.openjdk.nashorn</groupId>
+            <artifactId>nashorn-core</artifactId>
+            <version>15.3</version>
+        </dependency>
     </dependencies>
 
     <build>

PAS/src/main/java/cn/cslg/pas/common/utils/auth/AuthAop.java

@@ -1,5 +1,9 @@
 package cn.cslg.pas.common.utils.auth;
 
+import cn.cslg.pas.common.model.DataSource;
+import cn.cslg.pas.common.model.PersonnelVO;
+import cn.cslg.pas.common.utils.CacheUtils;
+import cn.cslg.pas.common.utils.SecurityUtils.LoginUtils;
 import cn.hutool.json.JSONString;
 import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONArray;
@@ -10,7 +14,9 @@ import org.aspectj.lang.ProceedingJoinPoint;
 import org.aspectj.lang.annotation.*;
 import org.aspectj.lang.reflect.CodeSignature;
 import org.aspectj.lang.reflect.MethodSignature;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Lazy;
 import org.springframework.stereotype.Component;
 import org.springframework.web.context.request.RequestAttributes;
 import org.springframework.web.context.request.RequestContextHolder;
@@ -21,6 +27,7 @@ import javax.script.ScriptEngineManager;
 import javax.servlet.http.HttpServletRequest;
 import java.lang.reflect.Field;
 import java.lang.reflect.Method;
+import java.util.List;
 
 
 @Aspect
@@ -28,6 +35,10 @@ import java.lang.reflect.Method;
 public class AuthAop {
     @Value("${authorUrl}")
     private String url;
+    @Autowired
+    private CacheUtils cacheUtils ;
+    @Autowired
+    private LoginUtils loginUtils ;
     /**
      * 定义切点
      */
@@ -73,7 +84,7 @@ public class AuthAop {
 
         //根据登录人的id以及功能id获得计算逻辑
         RequestBody requestBody =  new FormBody.Builder()
-                .add("loginId", "4")
+                .add("loginId", loginUtils.getId().toString())
                 .add("functionId",functionId.toString())
                 .build();
         OkHttpClient okHttpClient = new OkHttpClient();
@@ -88,17 +99,35 @@ public class AuthAop {
 
         Boolean isPass =true;
        if(jsonArray.size()>0){   // 如果查询结果的size大于0证明有限制逻辑
-//           //处理jsonObject,变为（x==y）&&（z==t）的形式 ,并用js引擎进行boolean判断
-//           String  sqls ="";
-//           for(int i=0;i<jsonArray.size();i++){
-//               String sql=TreeUtils.reCompute((JSONObject) jsonArray.get(i),functionId,args);
-//               sqls += jsonArray.size()!=i+1 ?  sql+" || ":sql;
-//           }
-//           //js引擎进行判断
-//           ScriptEngineManager manager = new ScriptEngineManager();
-//           ScriptEngine engine = manager.getEngineByName("javascript");//根据名字获得引擎
-//           Object result = engine.eval(sqls);//进行判断
-//            isPass =(Boolean) result;
+           RequestBody reBodySource =  new FormBody.Builder()
+                   .add("tableName", "local")
+                   .build();
+           //处理jsonObject,变为（x==y）&&（z==t）的形式 ,并用js引擎进行boolean判断
+           //建立连接
+           OkHttpClient okHttpClientSou = new OkHttpClient();
+           Request requestSou = new Request.Builder()
+                   .url(url+"/permission/api/data/getDataSource")
+                   .post(reBodySource)
+                   .addHeader("Cookie",LoginUtils.getToken())
+                   .build();
+           //获得请求返回
+           String resSource = okHttpClientSou.newCall(requestSou).execute().body().string();
+
+           JSONArray jsonArray1 = JSON.parseArray(resSource);
+           // 获得字典
+           List<DataSource> dataSources=jsonArray1.toJavaList(DataSource.class);
+           PersonnelVO personnelVO =cacheUtils.getLoginUserPersonnel(loginUtils.getId());
+           String  sqls ="";
+           for(int i=0;i<jsonArray.size();i++){
+
+               String sql=TreeUtils.reCompute(JSONObject.parseObject(jsonArray.get(i).toString()),args,dataSources,personnelVO);
+               sqls += jsonArray.size()!=i+1 ?  sql+" || ":sql;
+           }
+           //js引擎进行判断
+           ScriptEngineManager manager = new ScriptEngineManager();
+           ScriptEngine engine = manager.getEngineByName("javascript");//根据名字获得引擎
+           Object result = engine.eval(sqls);//进行判断
+            isPass =(Boolean) result;
        }
 
         //判断通过

PAS/src/main/java/cn/cslg/pas/common/utils/auth/TreeUtils.java

@@ -51,9 +51,18 @@ public class TreeUtils {
      * @param personnelVO 登录人的信息
      * @return 拼接的sql
      */
-    public static   String reCompute(JSONObject jsonObject,Integer id,Object[] object) throws NoSuchFieldException, IllegalAccessException {
+    public static   String reCompute(JSONObject jsonObject,Object[] object,List<DataSource> dataSource,PersonnelVO personnelVO) throws NoSuchFieldException, IllegalAccessException {
+        String sql="";
 
-        String sql=  cRecursionTree(jsonObject,id,object);
+        if (jsonObject.containsKey("left")&&jsonObject.containsKey("right")){
+            sql=  cRecursionTree(jsonObject,object,dataSource,personnelVO);}
+        // 不符合二叉树形式（单条数据）
+        else{
+            String field = distinguishFields(jsonObject.get("field").toString(),object,dataSource,personnelVO);
+            String value= distinguishValues(jsonObject.get("value").toString(),object);
+            String opr = distinguishLogic(jsonObject.getString("nodeType"),jsonObject.getString("opr"));
+            sql = ArryEqlToString(field,value,opr);
+        }
         return sql;
 
     }
@@ -102,28 +111,28 @@ public class TreeUtils {
     };
 
      //json规则判断
-    public static  String cRecursionTree(JSONObject jsonObject,Integer id, Object[] object) throws NoSuchFieldException, IllegalAccessException {
+    public static  String cRecursionTree(JSONObject jsonObject, Object[] object, List<DataSource> dataSource,PersonnelVO personnelVO) throws NoSuchFieldException, IllegalAccessException {
         String str1 = "";
         String str2 = "";
         JSONObject jsonLeft =jsonObject.getJSONObject("left");
         JSONObject jsonRight =jsonObject.getJSONObject("right");
         if(jsonLeft.containsKey("left")){
-            str1 = cRecursionTree(jsonLeft,id,object);
+            str1 = cRecursionTree(jsonLeft,object,dataSource,personnelVO);
         }
         else{
-            String field = distinguishFields(jsonLeft.get("field").toString(),object);
+            String field = distinguishFields(jsonLeft.get("field").toString(),object,dataSource,personnelVO);
             String value= distinguishValues(jsonLeft.get("value").toString(),object);
             String opr = distinguishLogic(jsonLeft.getString("nodeType"),jsonLeft.getString("opr"));
-            str1 = field+opr+value;
+            str1 = ArryEqlToString(field,value,opr);
         }
         if(jsonRight.containsKey("right")){
-            str2= cRecursionTree( jsonRight,id,object);
+            str2= cRecursionTree( jsonRight,object,dataSource,personnelVO);
         }
         else{
-            String field =distinguishFields(jsonRight.get("field").toString(),object);
+            String field =distinguishFields(jsonRight.get("field").toString(),object,dataSource,personnelVO);
             String value=distinguishValues(jsonRight.get("value").toString(),object);
             String opr = distinguishLogic(jsonRight.getString("nodeType"),jsonRight.getString("opr"));
-            str2 =field+opr+value;
+            str2 = ArryEqlToString(field,value,opr);
         }
         String sql ="("+ str1+") "+distinguishLogic(jsonObject.getString("nodeType"),jsonObject.getString("logicOpr"))+" ("+str2+")";
 
@@ -184,7 +193,7 @@ reField = "("+tem.substring(0,tem.length() - 1)+")";
     }
 
     //对field部分进行计算
-    public static String distinguishFields(String field, Object[] object) throws NoSuchFieldException, IllegalAccessException {
+    public static String distinguishFields(String field, Object[] object,List<DataSource> dataSources,PersonnelVO personnelVO) throws NoSuchFieldException, IllegalAccessException {
         String reField ="'"+field+"'";
         //反射获方法的参数值
         Class jsonClass = object[0].getClass();
@@ -197,13 +206,59 @@ reField = "("+tem.substring(0,tem.length() - 1)+")";
                break;
            }
         }
+        //获得登录用户部门列表信息
+        List<PersonnelVO.DP> dps =personnelVO.getDpList();
+        //获得登录用户角色列表信息
+        List<PersonnelVO.PerRole> perRoles =personnelVO.getRList();
+        String tem ="";
+        //遍历字典数据
+        for(DataSource dataSource :dataSources){
+            // 如果匹配上字典字段则进行处理
+            if(field.equals(dataSource.getDataSourceField())){
+                // 判断是否是部门信息
+                if(field.contains("DP.")){
+                    // 分割字符串获得部门字段
+                    String Fields= field.split("\\.")[1];
+                    // 遍历部门信息，用反射将对应字段转换成（*,*,...)格式
+                    for(PersonnelVO.DP dp : dps){
+                        Class DPClass =dp.getClass();
+                        Field dataField = DPClass.getDeclaredField(Fields);
+                        dataField.setAccessible(true);
+                        tem =dataField.get(dp).toString()+"," ;
+
+                    }
+                    reField = tem.substring(0,tem.length() - 1);
+                }
+                //判断是否是角色信息(处理过程同部门信息处理过程)
+                else if(field.contains("PerRole.")){
+                    String Fields= field.split("\\.")[1];
+                    for(PersonnelVO.PerRole perRole : perRoles){
+                        Class DPClass =perRole.getClass();
+                        Field dataField = DPClass.getDeclaredField(Fields);
+                        dataField.setAccessible(true);
+                        tem =dataField.get(perRole).toString()+"," ;
+                    }
+                    reField = tem.substring(0,tem.length() - 1);
+
+
+                }
+                else{
+                    Class personClass =personnelVO.getClass();
+                    Field dataField = personClass.getDeclaredField(field);
+                    dataField.setAccessible(true);
+                    reField =dataField.get(personnelVO).toString();
+                    break;
+                }
+
+
+            }}
 
         return reField;
     }
 
     //对value部分进行计算
     public static String distinguishValues(String value, Object[] object) throws NoSuchFieldException, IllegalAccessException {
-        String reValue ="'"+value+"'";
+        String reValue =""+value+"";
         //反射获得参数值
         Class jsonClass = object[0].getClass();
         for(Field field1: jsonClass.getDeclaredFields()){
@@ -219,7 +274,7 @@ reField = "("+tem.substring(0,tem.length() - 1)+")";
         return reValue;
     }
 
-
+    //对应改变运算逻辑
     public static  String distinguishLogic(String nodeType ,String opr) {
         if(nodeType .equals("logic")){
             switch (opr){
@@ -237,4 +292,19 @@ reField = "("+tem.substring(0,tem.length() - 1)+")";
             return  opr;
 
     }
+
+    // 将x,y=z,w 形式改为 x=z||x=w||y=z||y=w形式
+    public static  String ArryEqlToString(String field,String value,String opr){
+         String reStr ="";
+        String[] fields =field.split(",");
+        String[] values =value.split(",");
+        for (int i=0; i<fields.length;i++) {
+            for(int t=0; t<values.length;t++){
+            reStr+= i==fields.length-1&&t==values.length-1? fields[i]+opr+values[t]:fields[i]+opr+values[t]+"||";
+
+            }
+
+        }
+        return  reStr;
+    }
 }

PAS/src/main/java/cn/cslg/pas/controller/ProjectController.java

@@ -46,7 +46,7 @@ public class ProjectController {
     private final ProjectPatentLinkService projectPatentLinkService;
     private final LoginUtils loginUtils;
 
-    @checkAuth(FunId = 8)
+
     @PostMapping("list")
     @Operation(summary = "专题库列表")
     public String getPageList(@RequestBody ProjectVO params) {
@@ -71,8 +71,8 @@ public class ProjectController {
         return projectService.edit(project);
     }
 
-    @Permission(roles = {2})
     @PostMapping("delete")
+    @checkAuth(FunId = 10)
     @Operation(summary = "删除专题库")
     public String delete(Integer id) {
         return projectService.delete(id);
@@ -126,7 +126,6 @@ public class ProjectController {
     }
 
     @PostMapping("/export/list")
-    @Permission(roles = {2})
     @Operation(summary = "导出专题库信息列表")
     public void exportProjectList(HttpServletResponse response) {
         projectService.exportProject(response);

PAS/src/main/java/cn/cslg/pas/service/OAuth2Service.java

@@ -160,6 +160,11 @@ public class OAuth2Service {
                 .build();
         String resBody = okHttpClient.newCall(request).execute().body().string();
         JSONObject jsonObject = JSONObject.parseObject(resBody);
+         //判断请求返回是否为200，不是的话则返回报错信息
+        if(!jsonObject.get("code").equals(200)){
+            return Response.error(jsonObject.get("message").toString());
+
+        }
         String token = jsonObject.get("data").toString();
         PersonnelVO personnelVO = com.alibaba.fastjson2.JSONObject.parseObject(token, PersonnelVO.class);
 

PAS/src/main/java/cn/cslg/pas/service/ProjectService.java

@@ -114,8 +114,8 @@ public class ProjectService extends ServiceImpl<ProjectMapper, Project> {
 
     public IPage<Project> getPageList(ProjectVO params) {
         Map<String, Object> m = new HashMap<>();
-        m.put("token", params.getToken());
-        m.put("loginId", 4);
+        m.put("token", LoginUtils.getToken());
+        m.put("loginId", loginUtils.getId());
         m.put("functionId", 8);
         PersonnelVO user = cacheUtils.getLoginUserPersonnel(loginUtils.getId());
         List<Integer> projectIds = new ArrayList<Integer>() {{
@@ -1176,7 +1176,7 @@ public class ProjectService extends ServiceImpl<ProjectMapper, Project> {
             ProjectVO params = new ProjectVO();
             params.setSize(99999999999L);
             params.setCurrent(1L);
-            params.setMyself(true);
+            params.setMyself(false);
             ProjectVO.Sort sort = new ProjectVO.Sort();
             sort.setProp("create_time");
             sort.setOrder("desc");