admin1/qingcheng-houduan
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first

Browse Source
This commit is contained in:
chen-xin-zhi 2025-04-01 13:21:18 +08:00
parent fcebd8474e
commit 8bff09fcbc
4 changed files with 119 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

152
src/main/java/com/greenorange/promotion/aop/AuthInterceptor.java
View File

@ -1,75 +1,77 @@
//package com.greenorange.promotion.aop;
//
//
//import com.greenorange.promotion.annotation.AuthCheck;
//import com.greenorange.promotion.common.ErrorCode;
//import com.greenorange.promotion.constant.UserConstant;
//import com.greenorange.promotion.exception.BusinessException;
//import com.greenorange.promotion.model.enums.UserRoleEnum;
//import jakarta.annotation.Resource;
//import jakarta.servlet.http.HttpServletRequest;
//import org.apache.commons.lang3.StringUtils;
//import org.aspectj.lang.ProceedingJoinPoint;
//import org.aspectj.lang.annotation.Around;
//import org.aspectj.lang.annotation.Aspect;
//import org.springframework.stereotype.Component;
//import org.springframework.web.context.request.RequestAttributes;
//import org.springframework.web.context.request.RequestContextHolder;
//import org.springframework.web.context.request.ServletRequestAttributes;
//
///**
// * 权限校验AOP
// */
//@Aspect
//@Component
//public class AuthInterceptor {
//
// @Resource
// private UserService userService;
//
// /**
// * 执行拦截
// */
// @Around("@annotation(authCheck)")
// public Object doInterceptor(ProceedingJoinPoint joinPoint, AuthCheck authCheck) throws Throwable {
// // 接口的权限
// String mustRole = authCheck.mustRole();
// RequestAttributes requestAttributes = RequestContextHolder.currentRequestAttributes();
// HttpServletRequest request = ((ServletRequestAttributes) requestAttributes).getRequest();
// //当前登录用户
// User loginUser = userService.getLoginUser(request);
// //必须有该权限才通过
// if (StringUtils.isNotBlank(mustRole)) {
// //mustUserRoleEnum是接口权限
// UserRoleEnum mustUserRoleEnum = UserRoleEnum.getEnumByValues(mustRole);
// if(mustUserRoleEnum == null) {
// throw new BusinessException(ErrorCode.NO_AUTH_ERROR);
// }
// //用户权限
// String userRole = loginUser.getUserRole();
// //根据用户角色获取封装后的枚举类对象
// UserRoleEnum userRoleEnum = UserRoleEnum.getEnumByValues(userRole);
//
// //如果被封号直接拒绝
// if (UserRoleEnum.BAN.equals(userRoleEnum)) {
// throw new BusinessException(ErrorCode.NO_AUTH_ERROR);
// }
//
// //如果接口需要Boss权限则需要判断用户是否是boss管理员
// if (UserRoleEnum.BOSS.equals(mustUserRoleEnum)) {
// if (!mustRole.equals(userRole)) {
// throw new BusinessException(ErrorCode.NO_AUTH_ERROR);
// }
// }
// //如果接口需要管理员权限则需要判断用户是否是boss或者admin管理员
// if (UserRoleEnum.ADMIN.equals(mustUserRoleEnum)) {
// if (!mustRole.equals(userRole) && !userRole.equals(UserConstant.BOSS_ROLE)) {
// throw new BusinessException(ErrorCode.NO_AUTH_ERROR);
// }
// }
// }
// //通过权限校验放行
// return joinPoint.proceed();
// }
//
//}
package com.greenorange.promotion.aop;
import com.greenorange.promotion.annotation.AuthCheck;
import com.greenorange.promotion.common.ErrorCode;
import com.greenorange.promotion.constant.UserConstant;
import com.greenorange.promotion.exception.BusinessException;
import com.greenorange.promotion.model.entity.User;
import com.greenorange.promotion.model.enums.UserRoleEnum;
import com.greenorange.promotion.service.user.UserService;
import jakarta.annotation.Resource;
import jakarta.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
/**
* 权限校验AOP
*/
@Aspect
@Component
public class AuthInterceptor {
@Resource
private UserService userService;
/**
* 执行拦截
*/
@Around("@annotation(authCheck)")
public Object doInterceptor(ProceedingJoinPoint joinPoint, AuthCheck authCheck) throws Throwable {
// 接口的权限
String mustRole = authCheck.mustRole();
RequestAttributes requestAttributes = RequestContextHolder.currentRequestAttributes();
HttpServletRequest request = ((ServletRequestAttributes) requestAttributes).getRequest();
//当前登录用户
User loginUser = userService.getLoginUser(request);
//必须有该权限才通过
if (StringUtils.isNotBlank(mustRole)) {
//mustUserRoleEnum是接口权限
UserRoleEnum mustUserRoleEnum = UserRoleEnum.getEnumByValues(mustRole);
if(mustUserRoleEnum == null) {
throw new BusinessException(ErrorCode.NO_AUTH_ERROR);
}
//用户权限
String userRole = loginUser.getUserRole();
//根据用户角色获取封装后的枚举类对象
UserRoleEnum userRoleEnum = UserRoleEnum.getEnumByValues(userRole);
//如果被封号直接拒绝
if (UserRoleEnum.BAN.equals(userRoleEnum)) {
throw new BusinessException(ErrorCode.NO_AUTH_ERROR);
}
//如果接口需要Boss权限则需要判断用户是否是boss管理员
if (UserRoleEnum.BOSS.equals(mustUserRoleEnum)) {
if (!mustRole.equals(userRole)) {
throw new BusinessException(ErrorCode.NO_AUTH_ERROR);
}
}
//如果接口需要管理员权限则需要判断用户是否是boss或者admin管理员
if (UserRoleEnum.ADMIN.equals(mustUserRoleEnum)) {
if (!mustRole.equals(userRole) && !userRole.equals(UserConstant.BOSS_ROLE)) {
throw new BusinessException(ErrorCode.NO_AUTH_ERROR);
}
}
}
//通过权限校验放行
return joinPoint.proceed();
}
}

6
src/main/java/com/greenorange/promotion/constant/UserConstant.java
View File

@ -17,6 +17,12 @@ public interface UserConstant {
String USER_DEFAULT_AVATAR = "";
/**
* 用户登录键
*/
String USER_LOGIN_STATE = "qingcheng";
/**
* 默认角色
*/

7
src/main/java/com/greenorange/promotion/service/user/UserService.java
View File

@ -10,6 +10,7 @@ import com.greenorange.promotion.model.dto.user.UserUpdateRequest;
import com.greenorange.promotion.model.entity.User;
import com.baomidou.mybatisplus.extension.service.IService;
import com.greenorange.promotion.model.vo.user.UserVO;
import jakarta.servlet.http.HttpServletRequest;
import java.util.List;
@ -63,6 +64,8 @@ public interface UserService extends IService<User> {
boolean delBatchUser(CommonBatchRequest commonBatchRequest);
/**
* 校验用户是否登录
*/
User getLoginUser(HttpServletRequest request);
}

31
src/main/java/com/greenorange/promotion/service/user/impl/UserServiceImpl.java
View File

@ -15,17 +15,22 @@ import com.greenorange.promotion.model.dto.user.UserAddRequest;
import com.greenorange.promotion.model.dto.user.UserQueryRequest;
import com.greenorange.promotion.model.dto.user.UserUpdateRequest;
import com.greenorange.promotion.model.entity.User;
import com.greenorange.promotion.model.enums.UserRoleEnum;
import com.greenorange.promotion.model.vo.user.UserVO;
import com.greenorange.promotion.service.common.CommonService;
import com.greenorange.promotion.service.user.UserService;
import com.greenorange.promotion.mapper.UserMapper;
import com.greenorange.promotion.utils.SqlUtils;
import jakarta.annotation.Resource;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpSession;
import org.apache.commons.lang3.StringUtils;
import org.springframework.stereotype.Service;
import java.util.List;
import static com.greenorange.promotion.constant.UserConstant.USER_LOGIN_STATE;
/**
* @author 35880
* @description 针对表user(用户表)的数据库操作Service实现
@ -149,6 +154,32 @@ public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements Us
ThrowUtils.throwIf(!result, ErrorCode.OPERATION_ERROR, "用户批量删除失败");
return true;
}
/**
* 获取当前登录用户
*/
@Override
public User getLoginUser(HttpServletRequest request) {
HttpSession session = request.getSession();
Object userObj = session.getAttribute(USER_LOGIN_STATE);
User currentUser = (User) userObj;
if (currentUser == null || currentUser.getId() == null) {
throw new BusinessException(ErrorCode.NOT_LOGIN_ERROR);
}
//根据id进行查询
Long userId = currentUser.getId();
currentUser = this.getById(userId);
if (currentUser == null) {
throw new BusinessException(ErrorCode.NOT_LOGIN_ERROR);
}
//被封号
if (UserRoleEnum.BAN.getValue().equals(currentUser.getUserRole())) {
throw new BusinessException(ErrorCode.FORBIDDEN_ERROR);
}
return currentUser;
}
}