6 жил өмнө · b241023d21
--- a/examcloud-core-basic-starter/src/main/java/cn/com/qmth/examcloud/core/basic/starter/config/DefaultWebMvcConfigurerAdapter.java
+++ b/examcloud-core-basic-starter/src/main/java/cn/com/qmth/examcloud/core/basic/starter/config/DefaultWebMvcConfigurerAdapter.java
@@ -1,7 +1,7 @@
 
				 package cn.com.qmth.examcloud.core.basic.starter.config;

			
 
				 

			
 
				-import java.util.Collections;

			
 
				 import java.util.List;

			
 
				+import java.util.Set;

			
 
				 

			
 
				 import org.apache.commons.collections.CollectionUtils;

			
 
				 import org.apache.commons.lang3.StringUtils;

			
@@ -11,6 +11,8 @@ import org.springframework.context.annotation.Configuration;
 
				 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;

			
 
				 import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;

			
 
				 

			
 
				+import com.google.common.collect.Sets;

			
 
				+

			
 
				 import cn.com.qmth.examcloud.commons.base.util.PathUtil;

			
 
				 import cn.com.qmth.examcloud.commons.base.util.PropertiesUtil;

			
 
				 import cn.com.qmth.examcloud.commons.base.util.RegExpUtil;

			
@@ -72,23 +74,37 @@ public class DefaultWebMvcConfigurerAdapter extends WebMvcConfigurerAdapter {
 
				 					}

			
 
				 				}

			
 
				 

			
 
				-				String privileges = PropertiesUtil.getString(mappingPath);

			
 
				-				if (StringUtils.isBlank(privileges)) {

			
 
				+				// 权限组集合

			
 
				+				String privilegeGroups = PropertiesUtil.getString(mappingPath);

			
 
				+				if (StringUtils.isBlank(privilegeGroups)) {

			
 
				 					return true;

			
 
				 				}

			
 
				 

			
 
				-				List<String> privilegeList = RegExpUtil.findAll(privileges, "\\w+");

			
 
				-

			
 
				+				// 用户权限集合

			
 
				+				Set<String> rolePrivilegeList = Sets.newHashSet();

			
 
				 				Long rootOrgId = user.getRootOrgId();

			
 
				 				for (Role role : roleList) {

			
 
				 					String key = "$_P_" + rootOrgId + "_" + role.getRoleId();

			
 
				 					String rolePrivileges = redisClient.get(key, String.class);

			
 
				 

			
 
				-					List<String> rolePrivilegeList = RegExpUtil.findAll(rolePrivileges, "\\w+");

			
 
				+					List<String> rpList = RegExpUtil.findAll(rolePrivileges, "\\w+");

			
 
				+					rolePrivilegeList.addAll(rpList);

			
 
				+				}

			
 
				 

			
 
				-					boolean disjoint = Collections.disjoint(privilegeList, rolePrivilegeList);

			
 
				+				List<String> privilegeGroupList = RegExpUtil.findAll(privilegeGroups, "[^\\;]+");

			
 
				 

			
 
				-					return !disjoint;

			
 
				+				for (String pg : privilegeGroupList) {

			
 
				+					pg = pg.trim();

			
 
				+					if (StringUtils.isBlank(pg)) {

			
 
				+						continue;

			
 
				+					}

			
 
				+

			
 
				+					List<String> pList = RegExpUtil.findAll(pg, "[^\\,]+");

			
 
				+					if (rolePrivilegeList.containsAll(pList)) {

			
 
				+						return true;

			
 
				+					} else {

			
 
				+						continue;

			
 
				+					}

			
 
				 				}

			
 
				 

			
 
				 				return false;

			
--- a/examcloud-core-basic-starter/src/main/resources/security-mapping.properties
+++ b/examcloud-core-basic-starter/src/main/resources/security-mapping.properties
@@ -1,2 +1,2 @@
 
				  [${$rmp.ctr.basic}/org][rootOrgPage/{curPage}/{pageSize}][GET]=

			
 
				- [${$rmp.ctr.basic}/user][all/{curPage}/{pageSize}][GET]=[user index_user],

			
 
				+ [${$rmp.ctr.basic}/user][all/{curPage}/{pageSize}][GET]=user,index_user;