AuthAOP切面代码更新 2022/9/2

PAS/src/main/java/cn/cslg/pas/common/config/InnerInterceptor/LizzMybatisIntercepts.java

@@ -56,64 +56,67 @@ public class LizzMybatisIntercepts implements InnerInterceptor {
         Map<String,Object> maps= SecurityUtils.getDataScope(); //获得线程里保存的functionId
         if (maps != null) {
             SecurityUtils.cleanDataScope(); //当第一次进来后删除线程保存的functionId,避免后续使用的查询sql进来
-            String token =maps.get("token").toString();
+            String token = maps.get("token").toString();
             //查询数据规则
             //设定formdata类型参数
-            RequestBody requestBody =  new FormBody.Builder()
+            RequestBody requestBody = new FormBody.Builder()
                     .add("loginId", maps.get("loginId").toString())
-                    .add("functionId",maps.get("functionId").toString())
+                    .add("functionId", maps.get("functionId").toString())
                     .build();
             //建立连接
             OkHttpClient okHttpClient = new OkHttpClient();
             Request request = new Request.Builder()
-                    .url(url+"/permission/api/data/queryDataRule")
+                    .url(url + "/permission/api/data/queryDataRule")
                     .post(requestBody)
-                    .addHeader("Cookie",token)
+                    .addHeader("Cookie", token)
                     .build();
             //获得请求返回
             String resBody = okHttpClient.newCall(request).execute().body().string();
             //处理请求返回
             JSONArray jsonArray = JSONArray.parseArray(resBody);
-            String  sqls ="";
-            // 查询字典数据
-            //设定formdata类型参数
-            RequestBody reBodySource =  new FormBody.Builder()
-                    .add("tableName", "local")
-                    .build();
-            //建立连接
-            OkHttpClient okHttpClientSou = new OkHttpClient();
-            Request requestSou = new Request.Builder()
-                    .url(url+"/permission/api/data/getDataSource")
-                    .post(reBodySource)
-                    .addHeader("Cookie",token)
-                    .build();
-            //获得请求返回
-            String resSource = okHttpClientSou.newCall(requestSou).execute().body().string();
+            if (!(jsonArray.get(0).equals("0") || jsonArray.get(0).equals("-1"))) {
+                String sqls = "";
+                // 查询字典数据
+                //设定formdata类型参数
+                RequestBody reBodySource = new FormBody.Builder()
+                        .add("tableName", "local")
+                        .build();
+                //建立连接
+                OkHttpClient okHttpClientSou = new OkHttpClient();
+                Request requestSou = new Request.Builder()
+                        .url(url + "/permission/api/data/getDataSource")
+                        .post(reBodySource)
+                        .addHeader("Cookie", token)
+                        .build();
+                //获得请求返回
+                String resSource = okHttpClientSou.newCall(requestSou).execute().body().string();
 
-            JSONArray jsonArray1 = JSON.parseArray(resSource);
-            // 获得字典
-            List<DataSource> dataSources=jsonArray1.toJavaList(DataSource.class);
-             //拼接所有角色的限制条件
-            if(jsonArray.size()>0){
-                PersonnelVO personnelVO =cacheUtils.getLoginUserPersonnel(loginUtils.getId());
-            for(int i=0;i<jsonArray.size();i++){
-                String sql1= TreeUtils.reSql(JSONObject.parseObject( jsonArray.get(i).toString()) ,dataSources,personnelVO);
-                if(!sql1.equals("")){
-                sqls += jsonArray.size()!=i+1 ?  sql1+" OR ":sql1;}
-            }
-            // 根据sql语句结构，将拼接sql放入合适的位置
-            if(Localsql.contains("order by")){
-             Localsql=   Localsql.replace("order by","And (" +sqls+") order by");
-            }
-            else{
-                Localsql+=" And (" +sqls+")";
-            }
-            //将限制条件拼接到sql语句
+                JSONArray jsonArray1 = JSON.parseArray(resSource);
+                // 获得字典
+                List<DataSource> dataSources = jsonArray1.toJavaList(DataSource.class);
+                //拼接所有角色的限制条件
+                if (jsonArray.size() > 0) {
+                    PersonnelVO personnelVO = cacheUtils.getLoginUserPersonnel(loginUtils.getId());
+                    for (int i = 0; i < jsonArray.size(); i++) {
+                        String sql1 = TreeUtils.reSql(JSONObject.parseObject(jsonArray.get(i).toString()), dataSources, personnelVO);
+                        if (!sql1.equals("")) {
+                            sqls += jsonArray.size() != i + 1 ? sql1 + " OR " : sql1;
+                        }
+                    }
+                    // 根据sql语句结构，将拼接sql放入合适的位置
+                    if (Localsql.contains("order by")) {
+                        Localsql = Localsql.replace("order by", "And (" + sqls + ") order by");
+                    } else {
+                        Localsql += " And (" + sqls + ")";
+                    }
+                    //将限制条件拼接到sql语句
 
-            Field field = boundSql.getClass().getDeclaredField("sql");//反射获得boundsql的sql属性并改变sql参数
-            field.setAccessible(true); //属性设为可见（反射不安全的原因）
-            field.set(boundSql, Localsql);
-        }}
+                    Field field = boundSql.getClass().getDeclaredField("sql");//反射获得boundsql的sql属性并改变sql参数
+                    field.setAccessible(true); //属性设为可见（反射不安全的原因）
+                    field.set(boundSql, Localsql);
+                }
+            }
+        }
         return true;
         }
      finally {

PAS/src/main/java/cn/cslg/pas/controller/PatentInstructionController.java

@@ -4,6 +4,7 @@ package cn.cslg.pas.controller;
 import cn.cslg.pas.common.core.annotation.Permission;
 import cn.cslg.pas.common.core.base.Constants;
 import cn.cslg.pas.common.utils.SecurityUtils.LoginUtils;
+import cn.cslg.pas.common.utils.auth.checkAuth;
 import cn.cslg.pas.domain.PatentInstruction;
 import cn.cslg.pas.service.PatentInstructionService;
 import cn.cslg.pas.service.TaskService;
@@ -53,7 +54,7 @@ public class PatentInstructionController {
         return Response.success(patentInstructionService.getPageList(params));
     }
 
-    @Permission(roles = {1, 2})
+    @checkAuth(FunId = "/patent/instruction/batch/upload")
     @PostMapping("/batch/upload")
     @Operation(summary = "批量上传说明书")
     public String batchUpload(String url, Integer type, String remark) throws IOException {

PAS/src/main/java/cn/cslg/pas/controller/ProjectController.java

@@ -80,7 +80,7 @@ public class ProjectController {
         return projectService.delete(id);
     }
 
-    @Permission(roles = {1, 2})
+    @checkAuth(FunId = "/project/patent/delete")
     @PostMapping("/patent/delete")
     @Operation(summary = "删除专题库专利")
     public String deletePatent(Integer projectId, String ids) {
@@ -89,18 +89,21 @@ public class ProjectController {
         return Response.success(true);
     }
 
+    @checkAuth(FunId = "/project/total")
     @GetMapping("total")
     @Operation(summary = "专题库企业应用场景统计数据")
     public String getScenarioAndTypeTotal() {
         return Response.success(projectService.getScenarioAndTypeTotal());
     }
 
+    @checkAuth(FunId = "/project/status/total")
     @GetMapping("/status/total")
     @Operation(summary = "专题库状态统计数据")
     public String getProjectStatusTotal() {
         return Response.success(projectService.getProjectStatusTotal());
     }
 
+    @checkAuth(FunId = "/project/type/total")
     @GetMapping("/type/total")
     @Operation(summary = "专题库调查类型统计数据")
     public String getProjectTypeTotal(String scenario) {
@@ -120,8 +123,8 @@ public class ProjectController {
         return projectService.share(id, userIds);
     }
 
+    @checkAuth(FunId ="/project/importExcel")
     @PostMapping("importExcel")
-    @Permission(roles = {2})
     @Operation(summary = "根据模板导入专题库信息")
     public String importExcel(MultipartFile file) {
         return projectService.importExcel(file);

PAS/src/main/java/cn/cslg/pas/controller/ProjectFileController.java

@@ -4,6 +4,7 @@ import cn.cslg.pas.common.core.annotation.Permission;
 import cn.cslg.pas.common.core.base.Constants;
 import cn.cslg.pas.common.model.vo.ProjectFileVO;
 import cn.cslg.pas.common.utils.Response;
+import cn.cslg.pas.common.utils.auth.checkAuth;
 import cn.cslg.pas.domain.ProjectFile;
 import cn.cslg.pas.service.ProjectFileService;
 import io.swagger.v3.oas.annotations.Operation;
@@ -37,21 +38,21 @@ public class ProjectFileController {
         return Response.success(projectFileService.getPageList(params));
     }
 
-    @Permission(roles = {1, 2})
+    @checkAuth(FunId = "/project/file/add")
     @PostMapping("add")
     @Operation(summary = "新增附件")
     public String add(ProjectFile projectFile, MultipartFile file) {
         return projectFileService.add(projectFile, file);
     }
 
-    @Permission(roles = {1, 2})
+    @checkAuth(FunId = "/project/file/edit")
     @PostMapping("edit")
     @Operation(summary = "编辑附件")
     public String edit(ProjectFile projectFile, MultipartFile file) {
         return projectFileService.edit(projectFile, file);
     }
 
-    @Permission(roles = {1, 2})
+    @checkAuth(FunId = "/project/file/delete")
     @PostMapping("delete")
     @Operation(summary = "删除附件")
     public String delete(Integer id) {

PAS/src/main/java/cn/cslg/pas/controller/ProjectImportController.java

@@ -7,6 +7,7 @@ import cn.cslg.pas.common.model.vo.ProjectImportVO;
 import cn.cslg.pas.common.model.vo.TaskParams;
 import cn.cslg.pas.common.utils.*;
 import cn.cslg.pas.common.utils.SecurityUtils.LoginUtils;
+import cn.cslg.pas.common.utils.auth.checkAuth;
 import cn.cslg.pas.service.ProjectImportService;
 import cn.cslg.pas.service.ProjectImportStatusService;
 import cn.cslg.pas.service.ProjectService;
@@ -66,6 +67,7 @@ public class ProjectImportController {
         return Response.success(projectImportService.getPageList(params));
     }
 
+    @checkAuth(FunId = "/project/import/delete")
     @PostMapping("delete")
     @Operation(summary = "删除导入任务")
     public String delete(Integer id) {
@@ -78,7 +80,7 @@ public class ProjectImportController {
         return Response.success(projectImportStatusService.getProjectImportByImportId(importId));
     }
 
-    @Permission(roles = {2})
+    @checkAuth(FunId = "/project/import")
     @PostMapping
     @Operation(summary = "数据导入")
     public String importData(String url, ProjectImportVO params) {
@@ -93,6 +95,7 @@ public class ProjectImportController {
         return Response.success(importId);
     }
 
+    @checkAuth(FunId = "/project/import/ongoing")
     @GetMapping("ongoing")
     @Operation(summary = "获取用户是否存在导入中的任务")
     public String getProjectImportOngoing() {