|
|
@@ -0,0 +1,122 @@
|
|
|
+package cn.com.qmth.examcloud.ws.config;
|
|
|
+
|
|
|
+import java.util.List;
|
|
|
+import java.util.Set;
|
|
|
+
|
|
|
+import org.apache.commons.collections4.CollectionUtils;
|
|
|
+import org.apache.commons.lang3.StringUtils;
|
|
|
+import org.springframework.beans.factory.annotation.Autowired;
|
|
|
+import org.springframework.stereotype.Component;
|
|
|
+
|
|
|
+import com.google.common.collect.Sets;
|
|
|
+
|
|
|
+import cn.com.qmth.examcloud.api.commons.security.bean.AccessApp;
|
|
|
+import cn.com.qmth.examcloud.api.commons.security.bean.Role;
|
|
|
+import cn.com.qmth.examcloud.api.commons.security.bean.User;
|
|
|
+import cn.com.qmth.examcloud.api.commons.security.bean.UserType;
|
|
|
+import cn.com.qmth.examcloud.api.commons.security.enums.RoleMeta;
|
|
|
+import cn.com.qmth.examcloud.commons.util.PropertiesUtil;
|
|
|
+import cn.com.qmth.examcloud.commons.util.RegExpUtil;
|
|
|
+import cn.com.qmth.examcloud.web.redis.RedisClient;
|
|
|
+import cn.com.qmth.examcloud.web.security.ResourceManager;
|
|
|
+import cn.com.qmth.examcloud.web.support.ApiInfo;
|
|
|
+
|
|
|
+/**
|
|
|
+ * Demo资源管理器
|
|
|
+ *
|
|
|
+ * @author WANGWEI
|
|
|
+ * @date 2019年2月18日
|
|
|
+ * @Copyright (c) 2018-2020 WANGWEI [QQ:522080330] All Rights Reserved.
|
|
|
+ */
|
|
|
+@Component
|
|
|
+public class ExamCloudResourceManager implements ResourceManager {
|
|
|
+
|
|
|
+ @Autowired
|
|
|
+ RedisClient redisClient;
|
|
|
+
|
|
|
+ static {
|
|
|
+ PropertiesUtil.loadFromResource("security.properties");
|
|
|
+ }
|
|
|
+
|
|
|
+ @Override
|
|
|
+ public AccessApp getAccessApp(Long appId) {
|
|
|
+ return null;
|
|
|
+ }
|
|
|
+
|
|
|
+ @Override
|
|
|
+ public boolean isNaked(ApiInfo apiInfo, String mapping) {
|
|
|
+ if (null == apiInfo) {
|
|
|
+ return true;
|
|
|
+ }
|
|
|
+
|
|
|
+ if (mapping.matches(".*swagger.*")) {
|
|
|
+ return true;
|
|
|
+ }
|
|
|
+
|
|
|
+ if (null != apiInfo) {
|
|
|
+ if (apiInfo.isNaked()) {
|
|
|
+ return true;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ return false;
|
|
|
+ }
|
|
|
+
|
|
|
+ @Override
|
|
|
+ public boolean hasPermission(User user, ApiInfo apiInfo, String mapping) {
|
|
|
+
|
|
|
+ // 学生鉴权
|
|
|
+ if (user.getUserType().equals(UserType.STUDENT)) {
|
|
|
+ String key = "[s]" + mapping;
|
|
|
+ return PropertiesUtil.getBoolean(key, false);
|
|
|
+ }
|
|
|
+
|
|
|
+ List<Role> roleList = user.getRoleList();
|
|
|
+
|
|
|
+ if (CollectionUtils.isEmpty(roleList)) {
|
|
|
+ return false;
|
|
|
+ }
|
|
|
+
|
|
|
+ for (Role role : roleList) {
|
|
|
+ if (role.getRoleCode().equals(RoleMeta.SUPER_ADMIN.name())) {
|
|
|
+ return true;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ // 权限组集合
|
|
|
+ String privilegeGroups = PropertiesUtil.getString(mapping);
|
|
|
+ if (StringUtils.isBlank(privilegeGroups)) {
|
|
|
+ return true;
|
|
|
+ }
|
|
|
+
|
|
|
+ // 用户权限集合
|
|
|
+ Set<String> rolePrivilegeList = Sets.newHashSet();
|
|
|
+ Long rootOrgId = user.getRootOrgId();
|
|
|
+ for (Role role : roleList) {
|
|
|
+ String key = "$_P_" + rootOrgId + "_" + role.getRoleId();
|
|
|
+ String rolePrivileges = redisClient.get(key, String.class);
|
|
|
+
|
|
|
+ List<String> rpList = RegExpUtil.findAll(rolePrivileges, "\\w+");
|
|
|
+ rolePrivilegeList.addAll(rpList);
|
|
|
+ }
|
|
|
+
|
|
|
+ List<String> privilegeGroupList = RegExpUtil.findAll(privilegeGroups, "[^\\;]+");
|
|
|
+
|
|
|
+ for (String pg : privilegeGroupList) {
|
|
|
+ pg = pg.trim();
|
|
|
+ if (StringUtils.isBlank(pg)) {
|
|
|
+ continue;
|
|
|
+ }
|
|
|
+
|
|
|
+ List<String> pList = RegExpUtil.findAll(pg, "[^\\,]+");
|
|
|
+ if (rolePrivilegeList.containsAll(pList)) {
|
|
|
+ return true;
|
|
|
+ } else {
|
|
|
+ continue;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ return false;
|
|
|
+ }
|
|
|
+
|
|
|
+}
|
wangwei