|
|
@@ -1,10 +1,23 @@
|
|
|
package cn.com.qmth.examcloud.core.basic.starter.config;
|
|
|
|
|
|
+import java.util.List;
|
|
|
+import java.util.Set;
|
|
|
+
|
|
|
+import org.apache.commons.collections4.CollectionUtils;
|
|
|
+import org.apache.commons.lang3.StringUtils;
|
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
|
import org.springframework.stereotype.Component;
|
|
|
|
|
|
+import com.google.common.collect.Sets;
|
|
|
+
|
|
|
import cn.com.qmth.examcloud.api.commons.security.bean.AccessApp;
|
|
|
+import cn.com.qmth.examcloud.api.commons.security.bean.Role;
|
|
|
import cn.com.qmth.examcloud.api.commons.security.bean.User;
|
|
|
+import cn.com.qmth.examcloud.api.commons.security.bean.UserType;
|
|
|
+import cn.com.qmth.examcloud.api.commons.security.enums.RoleMeta;
|
|
|
+import cn.com.qmth.examcloud.commons.util.PathUtil;
|
|
|
+import cn.com.qmth.examcloud.commons.util.PropertiesUtil;
|
|
|
+import cn.com.qmth.examcloud.commons.util.RegExpUtil;
|
|
|
import cn.com.qmth.examcloud.support.cache.CacheHelper;
|
|
|
import cn.com.qmth.examcloud.support.cache.bean.AppCacheBean;
|
|
|
import cn.com.qmth.examcloud.web.redis.RedisClient;
|
|
|
@@ -24,6 +37,10 @@ public class ExamCloudResourceManager implements ResourceManager {
|
|
|
@Autowired
|
|
|
RedisClient redisClient;
|
|
|
|
|
|
+ static {
|
|
|
+ PropertiesUtil.configure(PathUtil.getResoucePath("security.properties"));
|
|
|
+ }
|
|
|
+
|
|
|
@Override
|
|
|
public AccessApp getAccessApp(Long appId) {
|
|
|
AppCacheBean appCacheBean = CacheHelper.getApp(appId);
|
|
|
@@ -43,13 +60,7 @@ public class ExamCloudResourceManager implements ResourceManager {
|
|
|
}
|
|
|
|
|
|
if (null != apiInfo) {
|
|
|
- Integer id = apiInfo.getId();
|
|
|
-
|
|
|
- if (null != id) {
|
|
|
- if (id.equals(103)) {
|
|
|
- return true;
|
|
|
- }
|
|
|
- } else {
|
|
|
+ if (apiInfo.isNaked()) {
|
|
|
return true;
|
|
|
}
|
|
|
}
|
|
|
@@ -59,7 +70,59 @@ public class ExamCloudResourceManager implements ResourceManager {
|
|
|
|
|
|
@Override
|
|
|
public boolean hasPermission(User user, ApiInfo apiInfo, String mapping) {
|
|
|
- return true;
|
|
|
+
|
|
|
+ // 学生鉴权
|
|
|
+ if (user.getUserType().equals(UserType.STUDENT)) {
|
|
|
+ String key = "[s]" + mapping;
|
|
|
+ return PropertiesUtil.getBoolean(key, false);
|
|
|
+ }
|
|
|
+
|
|
|
+ List<Role> roleList = user.getRoleList();
|
|
|
+
|
|
|
+ if (CollectionUtils.isEmpty(roleList)) {
|
|
|
+ return false;
|
|
|
+ }
|
|
|
+
|
|
|
+ for (Role role : roleList) {
|
|
|
+ if (role.getRoleCode().equals(RoleMeta.SUPER_ADMIN.name())) {
|
|
|
+ return true;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ // 权限组集合
|
|
|
+ String privilegeGroups = PropertiesUtil.getString(mapping);
|
|
|
+ if (StringUtils.isBlank(privilegeGroups)) {
|
|
|
+ return true;
|
|
|
+ }
|
|
|
+
|
|
|
+ // 用户权限集合
|
|
|
+ Set<String> rolePrivilegeList = Sets.newHashSet();
|
|
|
+ Long rootOrgId = user.getRootOrgId();
|
|
|
+ for (Role role : roleList) {
|
|
|
+ String key = "$_P_" + rootOrgId + "_" + role.getRoleId();
|
|
|
+ String rolePrivileges = redisClient.get(key, String.class);
|
|
|
+
|
|
|
+ List<String> rpList = RegExpUtil.findAll(rolePrivileges, "\\w+");
|
|
|
+ rolePrivilegeList.addAll(rpList);
|
|
|
+ }
|
|
|
+
|
|
|
+ List<String> privilegeGroupList = RegExpUtil.findAll(privilegeGroups, "[^\\;]+");
|
|
|
+
|
|
|
+ for (String pg : privilegeGroupList) {
|
|
|
+ pg = pg.trim();
|
|
|
+ if (StringUtils.isBlank(pg)) {
|
|
|
+ continue;
|
|
|
+ }
|
|
|
+
|
|
|
+ List<String> pList = RegExpUtil.findAll(pg, "[^\\,]+");
|
|
|
+ if (rolePrivilegeList.containsAll(pList)) {
|
|
|
+ return true;
|
|
|
+ } else {
|
|
|
+ continue;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ return false;
|
|
|
}
|
|
|
|
|
|
}
|
WANG