| commit | author | age | ||
| 9bcb19 | 1 | /* |
| I | 2 | Copyright [2020] [https://www.xiaonuo.vip] |
| 3 | ||
| 4 | Licensed under the Apache License, Version 2.0 (the "License"); | |
| 5 | you may not use this file except in compliance with the License. | |
| 6 | You may obtain a copy of the License at | |
| 7 | ||
| 8 | http://www.apache.org/licenses/LICENSE-2.0 | |
| 9 | ||
| 10 | Unless required by applicable law or agreed to in writing, software | |
| 11 | distributed under the License is distributed on an "AS IS" BASIS, | |
| 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| 13 | See the License for the specific language governing permissions and | |
| 14 | limitations under the License. | |
| 15 | ||
| 16 | Snowy采用APACHE LICENSE 2.0开源协议,您在使用过程中,需要注意以下几点: | |
| 17 | ||
| 18 | 1.请不要删除和修改根目录下的LICENSE文件。 | |
| 19 | 2.请不要删除和修改Snowy源码头部的版权声明。 | |
| 20 | 3.请保留源码和相关描述文件的项目出处,作者声明等。 | |
| 21 | 4.分发源码时候,请注明软件出处 https://gitee.com/xiaonuobase/snowy | |
| 22 | 5.在修改包名,模块名称,项目代码等时,请注明软件出处 https://gitee.com/xiaonuobase/snowy | |
| 23 | 6.若您的项目无法满足以上几点,可申请商业授权,获取Snowy商业授权许可,请在官网购买授权,地址为 https://www.xiaonuo.vip | |
| 24 | */ | |
| 25 | package vip.xiaonuo.sys.core.aop; | |
| 26 | ||
| 27 | import cn.hutool.core.util.StrUtil; | |
| 28 | import cn.hutool.log.Log; | |
| 29 | import org.aspectj.lang.JoinPoint; | |
| 30 | import org.aspectj.lang.annotation.Aspect; | |
| 31 | import org.aspectj.lang.annotation.Before; | |
| 32 | import org.aspectj.lang.annotation.Pointcut; | |
| 33 | import org.aspectj.lang.reflect.MethodSignature; | |
| 34 | import org.springframework.core.annotation.Order; | |
| 35 | import vip.xiaonuo.core.annotion.BusinessLog; | |
| 36 | import vip.xiaonuo.core.annotion.Permission; | |
| 37 | import vip.xiaonuo.core.consts.AopSortConstant; | |
| 38 | import vip.xiaonuo.core.consts.SymbolConstant; | |
| 39 | import vip.xiaonuo.core.context.login.LoginContextHolder; | |
| 40 | import vip.xiaonuo.core.enums.LogicTypeEnum; | |
| 41 | import vip.xiaonuo.core.exception.PermissionException; | |
| 42 | import vip.xiaonuo.core.exception.enums.PermissionExceptionEnum; | |
| 43 | import vip.xiaonuo.core.util.HttpServletUtil; | |
| 44 | import vip.xiaonuo.sys.core.log.LogManager; | |
| 45 | ||
| 46 | import javax.servlet.http.HttpServletRequest; | |
| 47 | import java.lang.reflect.Method; | |
| 48 | ||
| 49 | /** | |
| 50 | * 权限过滤Aop切面 | |
| 51 | * | |
| 52 | * @author xuyuxiang | |
| 53 | * @date 2020/3/23 17:09 | |
| 54 | */ | |
| 55 | @Aspect | |
| 56 | @Order(AopSortConstant.PERMISSION_AOP) | |
| 57 | public class PermissionAop { | |
| 58 | ||
| 59 | private static final Log log = Log.get(); | |
| 60 | ||
| 61 | /** | |
| 62 | * 权限切入点 | |
| 63 | * | |
| 64 | * @author xuyuxiang | |
| 65 | * @date 2020/3/23 17:10 | |
| 66 | */ | |
| 67 | @Pointcut("@annotation(vip.xiaonuo.core.annotion.Permission)") | |
| 68 | private void getPermissionPointCut() { | |
| 69 | } | |
| 70 | ||
| 71 | /** | |
| 72 | * 执行权限过滤 | |
| 73 | * | |
| 74 | * @author xuyuxiang | |
| 75 | * @date 2020/3/23 17:14 | |
| 76 | */ | |
| 77 | @Before("getPermissionPointCut()") | |
| 78 | public void doPermission(JoinPoint joinPoint) { | |
| 79 | ||
| 80 | // 如果是超级管理员,直接放过权限校验 | |
| 81 | boolean isSuperAdmin = LoginContextHolder.me().isSuperAdmin(); | |
| 82 | if (isSuperAdmin) { | |
| 83 | return; | |
| 84 | } | |
| 85 | ||
| 86 | // 如果不是超级管理员,则开始进行权限校验 | |
| 87 | MethodSignature methodSignature = (MethodSignature) joinPoint.getSignature(); | |
| 88 | Method method = methodSignature.getMethod(); | |
| 89 | Permission permission = method.getAnnotation(Permission.class); | |
| 90 | ||
| 91 | // 当前方法需要的角色集合 | |
| 92 | String[] requireRoles = permission.value(); | |
| 93 | ||
| 94 | // 逻辑类型 | |
| 95 | LogicTypeEnum logicTypeEnum = permission.logicType(); | |
| 96 | ||
| 97 | // 首先校验当前用户有没有 当前请求requestUri的权限 | |
| 98 | HttpServletRequest request = HttpServletUtil.getRequest(); | |
| 99 | boolean hasUriPermission = LoginContextHolder.me().hasPermission(request.getRequestURI()); | |
| 100 | if (!hasUriPermission) { | |
| 101 | this.executeNoPermissionExceptionLog(joinPoint, new PermissionException(PermissionExceptionEnum.NO_PERMISSION)); | |
| 102 | throw new PermissionException(PermissionExceptionEnum.NO_PERMISSION); | |
| 103 | } | |
| 104 | ||
| 105 | // 如果当前接口需要特定的角色权限,则校验参数上的特殊角色当前用户有没 | |
| 106 | if (requireRoles.length != 0) { | |
| 107 | boolean hasSpecialRolePermission = true; | |
| 108 | if (LogicTypeEnum.AND.equals(logicTypeEnum)) { | |
| 109 | hasSpecialRolePermission = LoginContextHolder.me().hasAllRole(StrUtil.join(SymbolConstant.COMMA, (Object) requireRoles)); | |
| 110 | } else if (LogicTypeEnum.OR.equals(logicTypeEnum)) { | |
| 111 | hasSpecialRolePermission = LoginContextHolder.me().hasAnyRole(StrUtil.join(SymbolConstant.COMMA, (Object) requireRoles)); | |
| 112 | } else { | |
| 113 | log.error(">>> permission注解逻辑枚举错误"); | |
| 114 | } | |
| 115 | if (!hasSpecialRolePermission) { | |
| 116 | this.executeNoPermissionExceptionLog(joinPoint, new PermissionException(PermissionExceptionEnum.NO_PERMISSION)); | |
| 117 | throw new PermissionException(PermissionExceptionEnum.NO_PERMISSION); | |
| 118 | } | |
| 119 | } | |
| 120 | } | |
| 121 | ||
| 122 | /** | |
| 123 | * 记录无权限异常日志 | |
| 124 | * | |
| 125 | * @author xuyuxiang | |
| 126 | * @date 2020/3/24 11:14 | |
| 127 | */ | |
| 128 | private void executeNoPermissionExceptionLog(JoinPoint joinPoint, Exception exception) { | |
| 129 | MethodSignature methodSignature = (MethodSignature) joinPoint.getSignature(); | |
| 130 | Method method = methodSignature.getMethod(); | |
| 131 | BusinessLog businessLog = method.getAnnotation(BusinessLog.class); | |
| 132 | ||
| 133 | //异步记录日志 | |
| 134 | LogManager.me().executeExceptionLog( | |
| 135 | businessLog, LoginContextHolder.me().getSysLoginUserAccount(), joinPoint, exception); | |
| 136 | } | |
| 137 | ||
| 138 | } | |
