角色权限 2022/9/7

PAS/src/main/java/cn/cslg/pas/common/core/annotation/Permission.java

@@ -1,13 +1,14 @@
 package cn.cslg.pas.common.core.annotation;
 
+import org.springframework.core.annotation.Order;
+
 import java.lang.annotation.ElementType;
 import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;
 import java.lang.annotation.Target;
 import java.util.List;
-
 @Target({ElementType.METHOD})
 @Retention(RetentionPolicy.RUNTIME)
 public @interface Permission {
-    int[] roles();
+    int[] roles() default {0};
 }

PAS/src/main/java/cn/cslg/pas/common/core/annotation/PermissionAspect.java

@@ -2,6 +2,7 @@ package cn.cslg.pas.common.core.annotation;
 
 import cn.cslg.pas.common.core.base.RequestHolder;
 import cn.cslg.pas.common.core.exception.PermissionException;
+import cn.cslg.pas.common.model.PersonnelVO;
 import cn.cslg.pas.common.utils.SecurityUtils.LoginUtils;
 import cn.cslg.pas.domain.Project;
 import cn.cslg.pas.domain.ProjectUser;
@@ -18,57 +19,58 @@ import org.aspectj.lang.annotation.Aspect;
 import org.aspectj.lang.annotation.Pointcut;
 import org.aspectj.lang.reflect.MethodSignature;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.annotation.Order;
 import org.springframework.stereotype.Component;
 import org.springframework.web.bind.annotation.ResponseBody;
 
 import javax.servlet.http.HttpServletRequest;
 import java.lang.reflect.Method;
 import java.util.Arrays;
-
+@Order(1)
 @Slf4j
 @Aspect
 @Component
 public class PermissionAspect {
 
-//    @Autowired
-//    private ProjectUserService projectUserService;
-//    @Autowired
-//    private ProjectService projectService;
-//    @Autowired
-//    private CacheUtils cacheUtils;
-//    @Autowired
-//    private LoginUtils loginUtils;
-//    @Pointcut("execution(public * cn.cslg.pas.controller.*.*(..))")
-//    public void privilege() {
-//    }
-//
-//    @ResponseBody
-//    @Around("privilege()")
-//    public Object isAccessMethod(ProceedingJoinPoint joinPoint) throws Throwable {
-//        //获取访问目标方法
-//        MethodSignature methodSignature = (MethodSignature) joinPoint.getSignature();
-//        Method targetMethod = methodSignature.getMethod();
-//        final int[] methodAccess = AnnotationParse.permissionParse(targetMethod);
-//        if (methodAccess != null && methodAccess.length != 0) {
-//            HttpServletRequest request = RequestHolder.getRequest();
-//            if (request != null) {
-//                String projectId = request.getHeader("x-project-id");
-//                Integer userId = loginUtils.getId();
-//                if (StringUtils.isNotEmpty(projectId)) {
-//                    Project project = projectService.getById(projectId);
-//                    User user = cacheUtils.getLoginUser(userId);
-//                    ProjectUser projectUser = projectUserService.getProjectUserByProjectIdAndUserId(Integer.parseInt(projectId), userId);
-//                    if (projectUser != null && project != null && user != null) {
-//                        if (project.getCreateBy().equals(userId)) {
-//                            return joinPoint.proceed();
-//                        }
-//                        if (Arrays.stream(methodAccess).noneMatch(item -> item == projectUser.getType())) {
-//                            throw new PermissionException("用户操作拦截");
-//                        }
-//                    }
-//                }
-//            }
-//        }
-//        return joinPoint.proceed();
-//    }
+    @Autowired
+    private ProjectUserService projectUserService;
+    @Autowired
+    private ProjectService projectService;
+    @Autowired
+    private CacheUtils cacheUtils;
+    @Autowired
+    private LoginUtils loginUtils;
+    @Pointcut("execution(public * cn.cslg.pas.controller.*.*(..))")
+    public void privilege() {
+    }
+
+    @ResponseBody
+    @Around("privilege()")
+    public Object isAccessMethod(ProceedingJoinPoint joinPoint) throws Throwable {
+        //获取访问目标方法
+        MethodSignature methodSignature = (MethodSignature) joinPoint.getSignature();
+        Method targetMethod = methodSignature.getMethod();
+        final int[] methodAccess = AnnotationParse.permissionParse(targetMethod);
+        if (methodAccess != null && methodAccess.length != 0) {
+            HttpServletRequest request = RequestHolder.getRequest();
+            if (request != null) {
+                String projectId = request.getHeader("x-project-id");
+                Integer userId = loginUtils.getId();
+                if (StringUtils.isNotEmpty(projectId)) {
+                    Project project = projectService.getById(projectId);
+                    PersonnelVO user = cacheUtils.getLoginUserPersonnel(userId);
+                    ProjectUser projectUser = projectUserService.getProjectUserByProjectIdAndUserId(Integer.parseInt(projectId), userId);
+                    if (projectUser != null && project != null && user != null) {
+                        if (project.getCreateBy().equals(userId)) {
+                            return joinPoint.proceed();
+                        }
+                        if (Arrays.stream(methodAccess).noneMatch(item -> item == projectUser.getType())) {
+                            throw new PermissionException("用户操作拦截");
+                        }
+                    }
+                }
+            }
+        }
+        return joinPoint.proceed();
+    }
 }

PAS/src/main/java/cn/cslg/pas/common/utils/auth/AuthAop.java

@@ -3,6 +3,7 @@ package cn.cslg.pas.common.utils.auth;
 import cn.cslg.pas.common.model.DataSource;
 import cn.cslg.pas.common.model.PersonnelVO;
 import cn.cslg.pas.common.utils.CacheUtils;
+import cn.cslg.pas.common.utils.RedisUtil;
 import cn.cslg.pas.common.utils.Response;
 import cn.cslg.pas.common.utils.SecurityUtils.LoginUtils;
 import com.alibaba.fastjson.JSON;
@@ -15,6 +16,7 @@ import org.aspectj.lang.annotation.*;
 import org.aspectj.lang.reflect.MethodSignature;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.core.annotation.Order;
 import org.springframework.stereotype.Component;
 import org.springframework.web.context.request.RequestAttributes;
 import org.springframework.web.context.request.RequestContextHolder;
@@ -24,9 +26,11 @@ import javax.script.ScriptEngine;
 import javax.script.ScriptEngineManager;
 import javax.servlet.http.HttpServletRequest;
 import java.lang.reflect.Method;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 
-
+@Order(2)
 @Aspect
 @Component
 public class AuthAop {
@@ -36,6 +40,8 @@ public class AuthAop {
     private CacheUtils cacheUtils;
     @Autowired
     private LoginUtils loginUtils;
+    @Autowired
+    private RedisUtil redisUtil;
 
     /**
      * 定义切点
@@ -106,7 +112,11 @@ public class AuthAop {
             // 获得字典
             List<DataSource> dataSources = jsonArray1.toJavaList(DataSource.class);
             PersonnelVO personnelVO = cacheUtils.getLoginUserPersonnel(loginUtils.getId());
+
+            //获得用户在各个专题库里的身份
+
             String sqls = "";
+            String  permissions= redisUtil.get("Permission"+loginUtils.getId());
             for (int i = 0; i < jsonArray.size(); i++) {
                 String sql = TreeUtils.reCompute(JSONObject.parseObject(jsonArray.get(i).toString()), args, dataSources, personnelVO);
                 sqls += jsonArray.size() != i + 1 ? sql + " || " : sql;

PAS/src/main/java/cn/cslg/pas/common/utils/auth/TreeUtils.java

@@ -12,6 +12,7 @@ import org.springframework.stereotype.Component;
 import javax.annotation.Resource;
 import java.lang.reflect.Field;
 import java.util.List;
+import java.util.Map;
 
 @Component
 public class TreeUtils {
@@ -55,11 +56,11 @@ public class TreeUtils {
      * @param personnelVO 登录人的信息
      * @return 拼接的sql
      */
-    public static   String reCompute(JSONObject jsonObject,Object[] object,List<DataSource> dataSource,PersonnelVO personnelVO) throws NoSuchFieldException, IllegalAccessException {
+    public static   String reCompute(JSONObject jsonObject, Object[] object, List<DataSource> dataSource, PersonnelVO personnelVO) throws NoSuchFieldException, IllegalAccessException {
         String sql="";
          //判断是否为sql类型规则
            if (jsonObject.get("nodeType").equals("sql")){
-               sql ="1==1";
+               sql ="1==1";//转换成1==1不影响其他的判断
            }
 
          //判断是否为单条数据
@@ -201,7 +202,7 @@ if(field.contains("local."+sourceField)){
 
         }
         //遍历字典数据
-        for(DataSource dataSource :dataSources){
+       else{ for(DataSource dataSource :dataSources){
             // 如果匹配上字典字段则进行处理
             if(field.equals(dataSource.getDataSourceField())){
                 // 判断是否是部门信息
@@ -240,7 +241,7 @@ reField = "("+tem.substring(0,tem.length() - 1)+")";
                 }
 
 
-            }}
+            }}}
 
         return reField;
     }
@@ -264,6 +265,12 @@ reField = "("+tem.substring(0,tem.length() - 1)+")";
         //获得登录用户角色列表信息
         List<PersonnelVO.PerRole> perRoles =personnelVO.getRList();
         String tem ="";
+
+
+         if(field=="PermssionType"){
+
+
+        }
         //遍历字典数据
         for(DataSource dataSource :dataSources){
             // 如果匹配上字典字段则进行处理

PAS/src/main/java/cn/cslg/pas/common/utils/auth/checkAuth.java

@@ -1,10 +1,13 @@
 package cn.cslg.pas.common.utils.auth;
 
 
+import org.springframework.core.annotation.Order;
+
 import java.lang.annotation.Documented;
 import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;
 
+
 @Retention(RetentionPolicy.RUNTIME)
 @Documented
 /**

PAS/src/main/java/cn/cslg/pas/controller/CommonController.java

@@ -1,7 +1,9 @@
 package cn.cslg.pas.controller;
 
+import cn.cslg.pas.common.core.annotation.Permission;
 import cn.cslg.pas.common.core.base.Constants;
 import cn.cslg.pas.common.utils.*;
+import cn.cslg.pas.common.utils.auth.checkAuth;
 import cn.cslg.pas.domain.SystemDict;
 import cn.cslg.pas.domain.SystemDictAssociate;
 import cn.cslg.pas.service.AreaService;
@@ -81,6 +83,8 @@ public class CommonController {
         return Response.success(JsonUtils.jsonToMap(str));
     }
 
+    @Permission(roles = {1,2,4})
+    @checkAuth(FunId = "/workspace/folder/analyticSystem/chartAnalysis/moreMenu/export")
     @PostMapping("export")
     @Operation(summary = "导出分析结果")
     public void export(@RequestBody Map<String, Object> count, Integer type, String xAxis, HttpServletResponse response, HttpServletRequest request) {

PAS/src/main/java/cn/cslg/pas/controller/CustomAnalysisItemController.java

@@ -41,6 +41,7 @@ public class CustomAnalysisItemController {
     }
 
     @checkAuth(FunId = "/workspace/folder/analyticSystem/chartAnalysis/addGroup")
+    @Permission(roles = {1})
     @PostMapping("add")
     @Operation(summary = "新增分析项")
     public String add(@RequestBody CustomAnalysisItem customAnalysisItem) {
@@ -54,6 +55,7 @@ public class CustomAnalysisItemController {
     }
 
     @checkAuth(FunId = "/workspace/folder/analyticSystem/chartAnalysis/groupModify")
+    @Permission(roles = {1})
     @PostMapping("edit")
     @Operation(summary = "编辑分析项")
     public String edit(@RequestBody CustomAnalysisItem customAnalysisItem) {

PAS/src/main/java/cn/cslg/pas/controller/DataAnalysisController.java

@@ -1,11 +1,13 @@
 package cn.cslg.pas.controller;
 
+import cn.cslg.pas.common.core.annotation.Permission;
 import cn.cslg.pas.common.core.base.Constants;
 import cn.cslg.pas.common.model.vo.AnalysisItemCountVO;
 import cn.cslg.pas.common.model.vo.SearchSourceDataVO;
 import cn.cslg.pas.common.utils.ResponseEnum;
 import cn.cslg.pas.common.utils.StringUtils;
 import cn.cslg.pas.common.model.vo.PatentVO;
+import cn.cslg.pas.common.utils.auth.checkAuth;
 import cn.cslg.pas.service.DataAnalysisService;
 import cn.cslg.pas.service.PatentService;
 import cn.cslg.pas.common.utils.CacheUtils;
@@ -46,6 +48,8 @@ public class DataAnalysisController {
         return Response.success(count);
     }
 
+    @Permission(roles = {1,2,4})
+    @checkAuth(FunId = "/workspace/folder/analyticSystem/chartAnalysis/count")
     @PostMapping("count")
     @Operation(summary = "统计结果")
     public String getCount(@RequestBody AnalysisItemCountVO countVO) {

PAS/src/main/java/cn/cslg/pas/controller/PatentKeywordsHighlightController.java

@@ -5,6 +5,7 @@ import cn.cslg.pas.common.core.base.Constants;
 import cn.cslg.pas.common.model.vo.PatentKeywordsHighlightVO;
 import cn.cslg.pas.common.utils.Response;
 import cn.cslg.pas.common.utils.SecurityUtils.LoginUtils;
+import cn.cslg.pas.common.utils.auth.checkAuth;
 import cn.cslg.pas.domain.PatentKeywordsHighlight;
 import cn.cslg.pas.service.PatentKeywordsHighlightService;
 import io.swagger.v3.oas.annotations.Operation;
@@ -34,7 +35,7 @@ public class PatentKeywordsHighlightController {
     public String getList(PatentKeywordsHighlightVO params) {
         return Response.success(patentKeywordsHighlightService.getPatentKeywordsHighlight(params));
     }
-
+    @checkAuth(FunId = "/workspace/common/highlight/update")
     @PostMapping("update")
     @Operation(summary = "更新模板")
     public String update(@RequestBody PatentKeywordsHighlight patentKeywordsHighlight) {
@@ -50,6 +51,7 @@ public class PatentKeywordsHighlightController {
         return Response.success(patentKeywordsHighlight);
     }
 
+    @checkAuth(FunId = "/workspace/common/highlight/delete")
     @PostMapping("delete")
     @Operation(summary = "删除模板")
     public String delete(Integer id) {

PAS/src/main/java/cn/cslg/pas/controller/ProjectController.java

@@ -1,5 +1,6 @@
 package cn.cslg.pas.controller;
 
+import cn.cslg.pas.common.core.annotation.Permission;
 import cn.cslg.pas.common.core.base.Constants;
 import cn.cslg.pas.common.model.PersonnelVO;
 import cn.cslg.pas.common.model.vo.ProjectVO;
@@ -55,7 +56,7 @@ public class ProjectController {
         PersonnelVO user = cacheUtils.getLoginUserPersonnel(loginUtils.getId());
         return projectService.add(project);
     }
-
+    @Permission()
     @checkAuth(FunId = "/workspace/project/modify")
     @PostMapping("edit")
     @Operation(summary = "编辑专题库")
@@ -63,6 +64,7 @@ public class ProjectController {
         return projectService.edit(project);
     }
 
+    @Permission()
     @PostMapping("delete")
     @checkAuth(FunId = "/workspace/project/delete")
     @Operation(summary = "删除专题库")
@@ -104,6 +106,7 @@ public class ProjectController {
         return Response.success();
     }
 
+    @Permission()
     @PostMapping("share")
     @checkAuth(FunId = "/workspace/project/project_share")
     @Operation(summary = "分享专题库")

PAS/src/main/java/cn/cslg/pas/controller/ProjectExportController.java

@@ -43,7 +43,7 @@ public class ProjectExportController {
     private final ProjectExportService projectExportService;
     private final LoginUtils loginUtils;
 
-    @Permission(roles = {2})
+
     @PostMapping
     @Operation(summary = "数据导出")
     public String export(@RequestBody ProjectExportVO params) {

PAS/src/main/java/cn/cslg/pas/controller/ProjectFieldController.java

@@ -38,6 +38,7 @@ public class ProjectFieldController {
     private final ProjectFieldService projectFieldService;
     private final CacheUtils cacheUtils;
     private final LoginUtils loginUtils;
+    @Permission(roles = {1})
     @checkAuth(FunId = "/workspace/common/customField/check")
     @GetMapping("list")
     @Operation(summary = "自定义字段列表")
@@ -45,6 +46,7 @@ public class ProjectFieldController {
         return Response.success(projectFieldService.getPageList(params));
     }
 
+    @Permission(roles = {1})
     @checkAuth(FunId = "/workspace/common/customField/add")
     @PostMapping("add")
     @Operation(summary = "新增自定义字段")
@@ -52,6 +54,7 @@ public class ProjectFieldController {
         return projectFieldService.add(projectField);
     }
 
+    @Permission(roles = {1})
     @checkAuth(FunId = "/workspace/common/customField/modify")
     @PostMapping("edit")
     @Operation(summary = "编辑自定义字段")
@@ -59,6 +62,7 @@ public class ProjectFieldController {
         return projectFieldService.edit(projectField);
     }
 
+    @Permission(roles = {1})
     @checkAuth(FunId = "/workspace/common/customField/delete")
     @PostMapping("delete")
     @Operation(summary = "删除自定义字段")
@@ -92,6 +96,7 @@ public class ProjectFieldController {
         return Response.success(true);
     }
 
+    @Permission(roles = {1})
     @checkAuth(FunId = "/workspace/common/customField/copy")
     @PostMapping("copy")
     @Operation(summary = "将自定义字段复制到一个专题库中")

PAS/src/main/java/cn/cslg/pas/controller/ProjectFileController.java

@@ -38,6 +38,7 @@ public class ProjectFileController {
         return Response.success(projectFileService.getPageList(params));
     }
 
+    @Permission(roles = {1})
     @checkAuth(FunId = "/workspace/project/report_manage/add")
     @PostMapping("add")
     @Operation(summary = "新增附件")
@@ -45,6 +46,7 @@ public class ProjectFileController {
         return projectFileService.add(projectFile, file);
     }
 
+    @Permission(roles = {1})
     @checkAuth(FunId = "/workspace/project/report_manage/modify")
     @PostMapping("edit")
     @Operation(summary = "编辑附件")
@@ -52,6 +54,7 @@ public class ProjectFileController {
         return projectFileService.edit(projectFile, file);
     }
 
+    @Permission(roles = {1})
     @checkAuth(FunId = "/workspace/project/report_manage/delete")
     @PostMapping("delete")
     @Operation(summary = "删除附件")

PAS/src/main/java/cn/cslg/pas/controller/ProjectFolderController.java

@@ -41,21 +41,24 @@ public class ProjectFolderController {
         return Response.success(projectFolderService.getList(params));
     }
 
-    @Permission(roles = {1, 2})
+    @Permission(roles = {1})
+    @checkAuth(FunId = "/workspace/common/folder_manage/add")
     @PostMapping("add")
     @Operation(summary = "新增文件夹")
     public String add(@RequestBody ProjectFolder projectFolder) {
         return projectFolderService.add(projectFolder);
     }
 
-    @Permission(roles = {1, 2})
+    @Permission(roles = {1})
+    @checkAuth(FunId = "/workspace/common/folder_manage/edit")
     @PostMapping("edit")
     @Operation(summary = "编辑文件夹")
     public String edit(@RequestBody List<ProjectFolder> folderList, String projectId) {
         return projectFolderService.edit(folderList, Integer.parseInt(projectId));
     }
 
-    @Permission(roles = {1, 2})
+    @Permission(roles = {1})
+    @checkAuth(FunId = "/workspace/common/folder_manage/delete")
     @PostMapping("delete")
     @Operation(summary = "删除文件夹")
     public String delete(Integer id) {
@@ -71,6 +74,7 @@ public class ProjectFolderController {
         return Response.success(true);
     }
 
+    @Permission(roles = {1})
     @checkAuth(FunId = "/workspace/folder/batchOperation/copy")
     @PostMapping("patent")
     @Operation(summary = "文件夹批量移动、复制专利")

PAS/src/main/java/cn/cslg/pas/controller/ProjectKeywordController.java

@@ -3,6 +3,7 @@ package cn.cslg.pas.controller;
 import cn.cslg.pas.common.core.base.Constants;
 import cn.cslg.pas.common.model.vo.ProjectKeywordVO;
 import cn.cslg.pas.common.utils.Response;
+import cn.cslg.pas.common.utils.auth.checkAuth;
 import cn.cslg.pas.domain.ProjectKeyword;
 import cn.cslg.pas.service.ProjectKeywordService;
 import io.swagger.v3.oas.annotations.Operation;

PAS/src/main/java/cn/cslg/pas/controller/ProjectUserController.java

@@ -35,6 +35,7 @@ public class ProjectUserController {
         return Response.success(projectUserService.getPageList(params));
     }
 
+    @Permission()
     @checkAuth(FunId = "/workspace/project/assign_participants/add")
     @PostMapping("add")
     @Operation(summary = "新增成员")
@@ -42,6 +43,7 @@ public class ProjectUserController {
         return projectUserService.add(projectUser);
     }
 
+    @Permission()
     @checkAuth(FunId = "/workspace/project/assign_participants/modify")
     @PostMapping("edit")
     @Operation(summary = "编辑成员")
@@ -49,6 +51,7 @@ public class ProjectUserController {
         return projectUserService.edit(projectUser);
     }
 
+    @Permission()
     @checkAuth(FunId = "/workspace/project/assign_participants/remove")
     @PostMapping("delete")
     @Operation(summary = "删除成员")

PAS/src/main/java/cn/cslg/pas/service/OAuth2Service.java

@@ -79,6 +79,7 @@ public class OAuth2Service {
             }
             result.put(projectId, userType);
         }
+        redisUtil.set("Permission"+loginUtils.getId(),JsonUtils.objectToJson(result));
         return result;
     }