。。。

examcloud-exchange-starter/src/main/java/cn/com/qmth/examcloud/exchange/config/DefaultWebMvcConfigurerAdapter.java

@@ -1,6 +1,7 @@
 package cn.com.qmth.examcloud.exchange.config;
 
 import java.util.List;
+import java.util.Set;
 
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.lang3.StringUtils;
@@ -10,15 +11,18 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
 
+import com.google.common.collect.Sets;
+
 import cn.com.qmth.examcloud.commons.base.util.PathUtil;
 import cn.com.qmth.examcloud.commons.base.util.PropertiesUtil;
+import cn.com.qmth.examcloud.commons.base.util.RegExpUtil;
 import cn.com.qmth.examcloud.commons.web.interceptor.FirstInterceptor;
 import cn.com.qmth.examcloud.commons.web.redis.RedisClient;
 import cn.com.qmth.examcloud.commons.web.security.RequestPermissionInterceptor;
 import cn.com.qmth.examcloud.commons.web.security.SpringCloudInterceptor;
 import cn.com.qmth.examcloud.commons.web.security.bean.Role;
 import cn.com.qmth.examcloud.commons.web.security.bean.User;
-import cn.com.qmth.examcloud.core.basic.api.CommonCloudService;
+import cn.com.qmth.examcloud.commons.web.security.enums.RoleMeta;
 
 /**
  * 默认WebMvcConfigurer
@@ -33,9 +37,6 @@ public class DefaultWebMvcConfigurerAdapter extends WebMvcConfigurerAdapter {
 	@Autowired
 	RedisClient redisClient;
 
-	@Autowired
-	CommonCloudService commonCloudService;
-
 	static {
 		PropertiesUtil.configureAndWatch(PathUtil.getResoucePath("security-mapping.properties"));
 	}
@@ -48,11 +49,6 @@ public class DefaultWebMvcConfigurerAdapter extends WebMvcConfigurerAdapter {
 		springCloudInterceptor.setRedisClient(redisClient);
 		registry.addInterceptor(springCloudInterceptor).addPathPatterns("/**");
 
-		ThirdPartyAccessInterceptor thirdPartyAccessInterceptor = new ThirdPartyAccessInterceptor();
-		thirdPartyAccessInterceptor.setRedisClient(redisClient);
-		thirdPartyAccessInterceptor.setCommonCloudService(commonCloudService);
-		registry.addInterceptor(thirdPartyAccessInterceptor).addPathPatterns("/**");
-
 		RequestPermissionInterceptor requestPermissionInterceptor = getRequestPermissionInterceptor();
 		requestPermissionInterceptor.configureAndWatch("security-exclusions.conf");
 		registry.addInterceptor(requestPermissionInterceptor).addPathPatterns("/**");
@@ -67,20 +63,47 @@ public class DefaultWebMvcConfigurerAdapter extends WebMvcConfigurerAdapter {
 			@Override
 			public boolean hasPermission(String mappingPath, User user) {
 				List<Role> roleList = user.getRoleList();
+
 				if (CollectionUtils.isEmpty(roleList)) {
 					return false;
 				}
 
-				String roles = PropertiesUtil.getString(mappingPath);
-				if (StringUtils.isBlank(roles)) {
-					return true;
+				for (Role role : roleList) {
+					if (role.getRoleCode().equals(RoleMeta.SUPER_ADMIN.name())) {
+						return true;
+					}
 				}
 
-				roles = "," + roles + ",";
+				// 权限组集合
+				String privilegeGroups = PropertiesUtil.getString(mappingPath);
+				if (StringUtils.isBlank(privilegeGroups)) {
+					return true;
+				}
 
+				// 用户权限集合
+				Set<String> rolePrivilegeList = Sets.newHashSet();
+				Long rootOrgId = user.getRootOrgId();
 				for (Role role : roleList) {
-					if (roles.contains("," + role.getRoleCode() + ",")) {
+					String key = "$_P_" + rootOrgId + "_" + role.getRoleId();
+					String rolePrivileges = redisClient.get(key, String.class);
+
+					List<String> rpList = RegExpUtil.findAll(rolePrivileges, "\\w+");
+					rolePrivilegeList.addAll(rpList);
+				}
+
+				List<String> privilegeGroupList = RegExpUtil.findAll(privilegeGroups, "[^\\;]+");
+
+				for (String pg : privilegeGroupList) {
+					pg = pg.trim();
+					if (StringUtils.isBlank(pg)) {
+						continue;
+					}
+
+					List<String> pList = RegExpUtil.findAll(pg, "[^\\,]+");
+					if (rolePrivilegeList.containsAll(pList)) {
 						return true;
+					} else {
+						continue;
 					}
 				}