代码结构修改 2022/9/29

PAS/src/main/java/cn/cslg/pas/common/config/InnerInterceptor/LizzMybatisIntercepts.java

@@ -53,6 +53,7 @@ public class LizzMybatisIntercepts implements InnerInterceptor {
             //获得原始sql
             String Localsql = boundSql.getSql();
             Map<String, Object> maps = SecurityUtils.getDataScope(); //获得线程里保存的functionId
+            //如果线程里有保存信息则进行sql拦截操作，若没有则sql保持不变
             if (maps != null) {
                 SecurityUtils.cleanDataScope(); //当第一次进来后删除线程保存的functionId,避免后续使用的查询sql进来
                 String token = maps.get("token").toString();
@@ -64,6 +65,7 @@ public class LizzMybatisIntercepts implements InnerInterceptor {
                         .build();
                 //建立连接
                 OkHttpClient okHttpClient = new OkHttpClient();
+                //发送远程请求
                 Request request = new Request.Builder()
                         .url(url + "/permission/api/data/queryDataRule")
                         .post(requestBody)
@@ -73,6 +75,7 @@ public class LizzMybatisIntercepts implements InnerInterceptor {
                 String resBody = Objects.requireNonNull(okHttpClient.newCall(request).execute().body()).string();
                 //处理请求返回
                 JSONArray jsonArray = JSONArray.parseArray(resBody);
+                //当返回结果不为[0]或[-1]进行sql拦截操作
                 if (!(jsonArray.get(0).equals("0") || jsonArray.get(0).equals("-1"))) {
                     StringBuilder sqls = new StringBuilder();
                     // 查询字典数据
@@ -82,6 +85,7 @@ public class LizzMybatisIntercepts implements InnerInterceptor {
                             .build();
                     //建立连接
                     OkHttpClient okHttpClientSou = new OkHttpClient();
+                    //发送请求
                     Request requestSou = new Request.Builder()
                             .url(url + "/permission/api/data/getDataSource")
                             .post(reBodySource)

PAS/src/main/java/cn/cslg/pas/common/utils/SecurityUtils/SecurityUtils.java

@@ -1,19 +1,27 @@
 package cn.cslg.pas.common.utils.SecurityUtils;
 
+import cn.cslg.pas.common.utils.RedisUtil;
 import org.springframework.stereotype.Component;
 
+import javax.annotation.Resource;
+import java.util.HashMap;
 import java.util.Map;
 
 @Component
 public class SecurityUtils {
-
+    @Resource
+    private LoginUtils loginUtils;
     protected static final ThreadLocal<Map<String, Object>> threadLocal = new ThreadLocal<>();
 
     /**
      * 设置权限标识
      */
-    public static void startDataScope(Map<String, Object> params) {
-        threadLocal.set(params);
+    public  void startDataScope(String Function) {
+        Map<String, Object> m = new HashMap<>();
+        m.put("token", LoginUtils.getToken());
+        m.put("loginId", loginUtils.getId());
+        m.put("functionId", "/workspace/project/check");
+        threadLocal.set(m);
     }
 
     /**
@@ -30,4 +38,5 @@ public class SecurityUtils {
         threadLocal.remove();
     }
 
+
 }

PAS/src/main/java/cn/cslg/pas/common/utils/auth/AuthAop.java

@@ -9,6 +9,7 @@ import cn.cslg.pas.common.utils.SecurityUtils.LoginUtils;
 import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONArray;
 import com.alibaba.fastjson.JSONObject;
+import io.swagger.v3.oas.annotations.Operation;
 import okhttp3.FormBody;
 import okhttp3.OkHttpClient;
 import okhttp3.Request;
@@ -58,43 +59,57 @@ public class AuthAop {
 
     }
 
+    /**
+     * @param joinPoint 当前执行的方法
+     */
     @Around("annotationPointcut()")
     public Object doAround(ProceedingJoinPoint joinPoint) throws Throwable {
+        // 是否通过切面过滤标记
         Boolean isPass = true;
-        // 获得注解上的参数值
         MethodSignature ms = (MethodSignature) joinPoint.getSignature();
+        //获得执行方法对象
         Method method = ms.getMethod();
+        //获得执行方法对象上的@checkAuth，@Operation注解对象
         checkAuth myAnnotation = method.getAnnotation(checkAuth.class);
+        Operation operAnnotation = method.getAnnotation(Operation.class);
+        //获得@checkAuth注解上FunId参数的值
         String functionId = myAnnotation.FunId();
+        //获得执行方法的参数对象
         Object[] args = joinPoint.getArgs();
-        //根据登录人的id以及功能id获得计算逻辑
+        //根据登录人的id以及功能id获得规则信息
+        //将登录人的id以及功能id放入requestBody中
         RequestBody requestBody = new FormBody.Builder()
                 .add("loginId", loginUtils.getId().toString())
                 .add("functionId", functionId)
                 .build();
+        //建立远程连接
         OkHttpClient okHttpClient = new OkHttpClient();
-
+        //发送请求
         Request request = new Request.Builder()
                 .url(url + "/permission/api/data/queryDataRule")
                 .addHeader("Cookie", LoginUtils.getToken())
                 .post(requestBody)
                 .build();
+        //获得请求结果
         String resBody = Objects.requireNonNull(okHttpClient.newCall(request).execute().body()).string();
         JSONArray jsonArray = JSONArray.parseArray(resBody);
+        //如果获得规则的返回值为[-1]则代表登录人没有使用该功能的权限
         if (jsonArray.get(0).toString().equals("-1")) {
             return Response.error("没有该功能");
         }
-        //判断是否含有功能并且是不做限制
+        //如果获得规则的返回值为[0],则直接通过判断
         else if (jsonArray.size() == 1 && jsonArray.get(0).equals("0")) {
             return joinPoint.proceed();
         }
-     if (jsonArray.size() > 0) {   // 如果查询结果的size大于0证明有限制逻辑
+        // 如果查询结果的size大于0证明有限制逻辑
+     if (jsonArray.size() > 0) {
             RequestBody reBodySource = new FormBody.Builder()
                     .add("tableName", "local")
                     .build();
             //处理jsonObject,变为（x==y）&&（z==t）的形式 ,并用js引擎进行boolean判断
-            //建立连接
+            //建立连接去获得字典信息
             OkHttpClient okHttpClientSou = new OkHttpClient();
+         //发送请求
             Request requestSou = new Request.Builder()
                     .url(url + "/permission/api/data/getDataSource")
                     .post(reBodySource)
@@ -106,23 +121,25 @@ public class AuthAop {
             JSONArray jsonArray1 = JSON.parseArray(resSource);
             // 获得字典
             List<DataSource> dataSources = jsonArray1.toJavaList(DataSource.class);
+            //获得登录人信息
             PersonnelVO personnelVO = cacheUtils.getLoginUserPersonnel(loginUtils.getId());
-
-            //获得用户在各个专题库里的身份
-
+         //循环遍历将多个规则拼接起来
             StringBuilder sqlStr = new StringBuilder();
             for (int i = 0; i < jsonArray.size(); i++) {
+                //将数据库里存的规则转换为可识别的判断逻辑
                 String sql = TreeUtils.reCompute(JSONObject.parseObject(jsonArray.get(i).toString()), args, dataSources, personnelVO);
                 sqlStr.append(jsonArray.size() != i + 1 ? sql + " || " : sql);
             }
             //js引擎进行判断
             ScriptEngineManager manager = new ScriptEngineManager();
-            ScriptEngine engine = manager.getEngineByName("javascript");//根据名字获得引擎
+            //根据名字获得引擎
+            ScriptEngine engine = manager.getEngineByName("javascript");
+         //进行判断,生成判断结果并将判断结果赋给isPass
             Object result = engine.eval(sqlStr.toString());//进行判断
             isPass = (Boolean) result;
         }
 
-        //判断不通过通过
+        //判断不通过
         if (!isPass) {
             return Response.error("没有权限进行该操作");
         }

PAS/src/main/java/cn/cslg/pas/common/utils/auth/TreeUtils.java

@@ -23,17 +23,20 @@ public class TreeUtils {
     // 处理sql语句，返回拼接sql
     public static String reSql(JSONObject jsonObject, List<DataSource> dataSource, PersonnelVO personnelVO) throws NoSuchFieldException, IllegalAccessException {
         String sql;
-        //判断是否为逻辑
+        //判断是否为规则，是的话则返回为“”，不对其他sql条件产生影响
         if (jsonObject.get("nodeType").equals("logic")) {
             sql = "";
         }
         //符合二叉树形式
         else if (jsonObject.containsKey("left") && jsonObject.containsKey("right")) {
+            //将二叉树转换为sql条件
             sql = recursionTree(jsonObject, dataSource, personnelVO);
         }
         // 不符合二叉树形式（单条数据）
         else {
+            //获得规则的field字段，作为sql条件的栏位
             String field = jsonObject.get("field").toString();
+            //获得规则的栏位值，并且要对值进行识别操作
             String value = distinguishFields(jsonObject.get("value").toString(), dataSource, personnelVO);
             if (jsonObject.get("opr").toString().equals("FIND_IN_SET")) {
                 sql = "FIND_IN_SET(" + value + "," + field + ")";
@@ -54,21 +57,27 @@ public class TreeUtils {
      * @param personnelVO 登录人的信息
      * @return 拼接的sql
      */
+    // 处理规则
     public static String reCompute(JSONObject jsonObject, Object[] object, List<DataSource> dataSource, PersonnelVO personnelVO) throws NoSuchFieldException, IllegalAccessException {
         String sql;
-        //判断是否为sql类型规则
+        //判断是否为sql类型规则，是的话规则转换为1==1，不对其他规则产生影响
         if (jsonObject.get("nodeType").equals("sql")) {
             sql = "1==1";
         }
-        //判断是否为单条数据
+        //符合二叉树形式
         else if (jsonObject.containsKey("left") && jsonObject.containsKey("right")) {
+            //将二叉树转换为规则判断
             sql = cRecursionTree(jsonObject, object, dataSource, personnelVO);
         }
-        // 不为sql类型的二叉树形式
+        // 不符合二叉树形式(单条数据)
         else {
+            //获得规则的 field字段，并进行识别操作
             String field = distinguishFields(jsonObject.get("field").toString(), object, dataSource, personnelVO);
+            //获得规则的 value字段，并进行识别操作
             String value = distinguishValues(jsonObject.get("value").toString(), object);
+            //获得规则的 运算符字段，并进行识别操作
             String opr = distinguishLogic(jsonObject.getString("nodeType"), jsonObject.getString("opr"));
+            //field 和value若为以,隔开的数组时，将被拆开，并合成为新的规则
             sql = arrayEqlToString(field, value, opr);
         }
 
@@ -81,16 +90,22 @@ public class TreeUtils {
      *
      * @param jsonObject jsonObject
      */
+    //将二叉树转换为sql条件
     public static String recursionTree(JSONObject jsonObject, List<DataSource> dataSource, PersonnelVO personnelVO) throws NoSuchFieldException, IllegalAccessException {
         String str1;
         String str2;
+        // 获得规则左边
         JSONObject jsonLeft = jsonObject.getJSONObject("left");
+        // 获得规则右边
         JSONObject jsonRight = jsonObject.getJSONObject("right");
-        //判断是否含有left分支
+        //判断是否含有left分支，有的话进行递归
         if (jsonLeft.containsKey("left")) {
             str1 = recursionTree(jsonLeft, dataSource, personnelVO);//递归
-        } else {
+        }
+        //没有的话解析字符串拼接成子sql
+        else {
             String field = jsonLeft.get("field").toString();
+            //获得规则的 value字段，并进行识别操作
             String value = distinguishFields(jsonLeft.get("value").toString(), dataSource, personnelVO); //没有的话解析字符串拼接成子sql
             if (jsonLeft.get("opr").toString().equals("FIND_IN_SET")) {
                 str1 = "FIND_IN_SET(" + value + "," + field + ")";
@@ -114,20 +129,27 @@ public class TreeUtils {
         return "(" + str1 + ") " + jsonObject.get("logicOpr") + " (" + str2 + ")";
     }
 
-    //json规则判断
+    //将二叉树转换为规则判断
     public static String cRecursionTree(JSONObject jsonObject, Object[] object, List<DataSource> dataSource, PersonnelVO personnelVO) throws NoSuchFieldException, IllegalAccessException {
         String str1;
         String str2;
+        // 获得规则左边
         JSONObject jsonLeft = jsonObject.getJSONObject("left");
+        // 获得规则右边
         JSONObject jsonRight = jsonObject.getJSONObject("right");
+        //判断是否含有left分支，有的话进行递归
         if (jsonLeft.containsKey("left")) {
             str1 = cRecursionTree(jsonLeft, object, dataSource, personnelVO);
         } else {
+            //获得规则的 field字段，并进行识别操作
             String field = distinguishFields(jsonLeft.get("field").toString(), object, dataSource, personnelVO);
+            //获得规则的 value字段，并进行识别操作
             String value = distinguishValues(jsonLeft.get("value").toString(), object);
+            //获得规则的 opr字段，并进行识别操作
             String opr = distinguishLogic(jsonLeft.getString("nodeType"), jsonLeft.getString("opr"));
             str1 = arrayEqlToString(field, value, opr);
         }
+        //同上部分处理right分支
         if (jsonRight.containsKey("right")) {
             str2 = cRecursionTree(jsonRight, object, dataSource, personnelVO);
         } else {

PAS/src/main/java/cn/cslg/pas/service/ProjectService.java

@@ -96,11 +96,11 @@ public class ProjectService extends ServiceImpl<ProjectMapper, Project> {
     private final PatentLabelService patentLabelService;
     private final CacheUtils cacheUtils;
     private final ProjectExportService projectExportService;
-    private final ProjectService projectService;
     private final PatentInventorMergeService patentInventorMergeService;
     private final UserService userService;
     private final ApiUtils apiUtils;
     private final LoginUtils loginUtils;
+    private final SecurityUtils securityUtils;
 
     public Project getProjectByName(String name) {
         LambdaQueryWrapper<Project> queryWrapper = new LambdaQueryWrapper<>();
@@ -110,11 +110,6 @@ public class ProjectService extends ServiceImpl<ProjectMapper, Project> {
     }
 
     public IPage<Project> getPageList(ProjectVO params) throws IOException {
-        Map<String, Object> m = new HashMap<>();
-        m.put("token", LoginUtils.getToken());
-        m.put("loginId", loginUtils.getId());
-        m.put("functionId", "/workspace/project/check");
-        PersonnelVO user = cacheUtils.getLoginUserPersonnel(loginUtils.getId());
         List<Integer> projectIds = new ArrayList<Integer>() {{
             add(-1);
         }};
@@ -124,7 +119,7 @@ public class ProjectService extends ServiceImpl<ProjectMapper, Project> {
         params.setProIds(projectIds);
         params.setCreateBy(loginUtils.getId());
 
-        SecurityUtils.startDataScope(m);
+        securityUtils.startDataScope("/workspace/project/check");
         IPage<Project> pageList = baseMapper.getPageList(new Page<>(params.getCurrent(), params.getSize()), params);
         List<Project> dataList = pageList.getRecords();
 
@@ -211,11 +206,7 @@ public class ProjectService extends ServiceImpl<ProjectMapper, Project> {
 
     public List<Project> getAllProjectByMySelf() {
 //使用专题库查询的权限查询，因为要使用专题库的权限，因此查询语句格式需要和专题库查询的格式统一，所以手写了查询语句
-        Map<String, Object> m = new HashMap<>();
-        m.put("token", LoginUtils.getToken());
-        m.put("loginId", loginUtils.getId());
-        m.put("functionId", "/workspace/project/check");
-        SecurityUtils.startDataScope(m);
+        securityUtils.startDataScope("/workspace/project/check");
         List<Project> projectList = baseMapper.getListForCount();
         this.setDataList(projectList);
         return projectList;