Examples with PrePermissions com.github.liuweijw.business.commons.web.aop.PrePermissions used on opensource projects

Example 1 with PrePermissions

use of com.github.liuweijw.business.commons.web.aop.PrePermissions in project fw-cloud-framework by liuweijw.

the class UserController method addUser.

/**
 * 添加用户
 */
@RequestMapping(value = "/addUser", method = RequestMethod.POST)
@PrePermissions(value = Functional.ADD)
public R<Boolean> addUser(HttpServletRequest request, @RequestBody UserForm userForm) {
    if (null == userForm.getRoleId())
        return new R<Boolean>().failure("请选择角色");
    User user = new User();
    user.setCreateTime(new Date());
    user.setStatu(0);
    user.setPassword(new BCryptPasswordEncoder().encode(userForm.getPassword().trim()));
    user.setUpdateTime(new Date());
    user.setUsername(userForm.getUsername());
    boolean r = this.userService.addUserAndRole(user, userForm.getRoleId());
    return new R<Boolean>().data(r);
}

Example 2 with PrePermissions

use of com.github.liuweijw.business.commons.web.aop.PrePermissions in project fw-cloud-framework by liuweijw.

the class AuthorizationInterceptor method preHandle.

@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
    if (!permissionConfiguration.isEnabled())
        return true;
    if (!handler.getClass().isAssignableFrom(HandlerMethod.class))
        return true;
    final HandlerMethod handlerMethod = (HandlerMethod) handler;
    final Method method = handlerMethod.getMethod();
    final Class<?> clazz = method.getDeclaringClass();
    String requestURI = request.getRequestURI();
    String modulePermission = "";
    // 为了规范，如果class上面没有设置@PrePermissions则不通过
    if (!clazz.isAnnotationPresent(PrePermissions.class)) {
        log.error("请求[" + requestURI + "]模块上未设置权限,请设置注解@PrePermissions权限！");
        R<Boolean> responseWithR = new R<Boolean>().failure("请求[" + requestURI + "]模块上未设置权限,请设置注解@PrePermissions权限！").data(false);
        this.handleWithResponse(response, responseWithR);
        return false;
    }
    PrePermissions clazzPermissions = clazz.getAnnotation(PrePermissions.class);
    if (!clazzPermissions.required())
        return true;
    modulePermission = clazzPermissions.value()[0];
    // 为了规范：方法上没设置权限的请求则不通过
    if (!method.isAnnotationPresent(PrePermissions.class)) {
        log.error("请求[" + requestURI + "]方法上未设置权限,请设置注解@PrePermissions权限！");
        R<Boolean> responseWithR = new R<Boolean>().failure("请求[" + requestURI + "]方法上未设置权限,请设置注解@PrePermissions权限！").data(false);
        this.handleWithResponse(response, responseWithR);
        return false;
    }
    PrePermissions prePermissions = method.getAnnotation(PrePermissions.class);
    String[] permissions = prePermissions.value();
    if (null == permissions || permissions.length == 0) {
        log.error("请求[" + requestURI + "]方法上未正确设置权限,请设置注解@PrePermissions权限！");
        R<Boolean> responseWithR = new R<Boolean>().failure("请求[" + requestURI + "]方法上未正确设置权限,请设置注解@PrePermissions权限！").data(false);
        this.handleWithResponse(response, responseWithR);
        return false;
    }
    // 验证是否有功能权限
    List<String> roleList = JwtUtil.getRole(request, jwtConfiguration.getJwtkey());
    if (null == roleList || roleList.size() == 0) {
        R<Boolean> responseWithR = new R<Boolean>().failure("请求[" + requestURI + "]权限验证失败！").data(false);
        this.handleWithResponse(response, responseWithR);
        return false;
    }
    // 所以角色权限集合
    Set<String> menuPermissions = new HashSet<String>();
    for (String roleCode : roleList) {
        menuPermissions.addAll(this.permissionService.findMenuPermissions(roleCode));
    }
    if (null == menuPermissions || menuPermissions.size() == 0) {
        R<Boolean> responseWithR = new R<Boolean>().failure("请求[" + requestURI + "]权限未配置！").data(false);
        this.handleWithResponse(response, responseWithR);
        return false;
    }
    for (String permission : permissions) {
        String valiatePermission = modulePermission + permission;
        log.info("请求[" + requestURI + "],permission:[" + valiatePermission + "]");
        // 验证permission是否有功能权限
        if (!menuPermissions.contains(valiatePermission)) {
            log.info("请求[" + requestURI + "]权限[" + valiatePermission + "]未配置！");
            R<Boolean> responseWithR = new R<Boolean>().failure("请求[" + requestURI + "]权限[" + valiatePermission + "]未配置！").data(false);
            this.handleWithResponse(response, responseWithR);
            return false;
        }
    }
    return true;
}

Example 3 with PrePermissions

use of com.github.liuweijw.business.commons.web.aop.PrePermissions in project fw-cloud-framework by liuweijw.

the class DeptController method upd.

@ApiOperation(value = "修改", notes = "部门信息")
@ApiImplicitParam(name = "dept", value = "", required = true, dataType = "Dept")
@RequestMapping(value = "/upd", method = RequestMethod.POST)
@PrePermissions(value = Functional.UPD)
public R<Boolean> upd(HttpServletRequest request, @RequestBody Dept dept) {
    if (null == dept)
        return new R<Boolean>().failure("部门信息不能为空");
    if (null == dept.getDeptId())
        return new R<Boolean>().failure("部门信息不存在");
    if (StringHelper.isBlank(dept.getDeptName()))
        return new R<Boolean>().failure("部门名称不能为空");
    Dept dbDept = deptService.findById(dept.getDeptId());
    if (null == dbDept)
        return new R<Boolean>().failure("部门不存在");
    dbDept.setUpdateTime(new Date());
    dbDept.setStatu(dept.getStatu());
    dbDept.setDeptName(dept.getDeptName());
    dbDept.setPos(null != dept.getPos() ? dept.getPos() : dbDept.getPos());
    Dept exDept = deptService.saveOrUpdate(dbDept);
    return new R<Boolean>().data(null != exDept);
}

Example 4 with PrePermissions

use of com.github.liuweijw.business.commons.web.aop.PrePermissions in project fw-cloud-framework by liuweijw.

the class DeptController method add.

@ApiOperation(value = "新增", notes = "部门信息")
@ApiImplicitParam(name = "dept", value = "", required = true, dataType = "Dept")
@RequestMapping(value = "/add", method = RequestMethod.POST)
@PrePermissions(value = Functional.ADD)
public R<Boolean> add(HttpServletRequest request, @RequestBody Dept dept) {
    if (null == dept)
        return new R<Boolean>().failure("部门信息不能为空");
    if (null == dept.getPid() || dept.getPid() < 0)
        return new R<Boolean>().failure("上级部门不能为空");
    if (StringHelper.isBlank(dept.getDeptName()))
        return new R<Boolean>().failure("部门名称不能为空");
    dept.setDeptId(null);
    dept.setPos(null != dept.getPos() ? dept.getPos() : 0);
    dept.setCreateTime(new Date());
    dept.setUpdateTime(new Date());
    dept.setStatu(0);
    Dept dbDept = deptService.saveOrUpdate(dept);
    return new R<Boolean>().data(null != dbDept);
}

Example 5 with PrePermissions

use of com.github.liuweijw.business.commons.web.aop.PrePermissions in project fw-cloud-framework by liuweijw.

the class RoleController method upd.

@ApiOperation(value = "修改", notes = "角色", produces = "application/json")
@ApiImplicitParam(name = "role", value = "", required = true, dataType = "Dict")
@RequestMapping(value = "/upd", method = RequestMethod.POST)
@PrePermissions(value = Functional.UPD)
public R<Boolean> upd(HttpServletRequest request, @RequestBody Role role) {
    if (null == role || null == role.getRoleId() || role.getRoleId() <= 0)
        return new R<Boolean>().failure("角色信息为空");
    role.setUpdateTime(new Date());
    if (null == role.getDeptId())
        return new R<Boolean>().failure("请选择角色所属部门");
    Role updateObj = roleService.saveRoleAndDept(role);
    return new R<Boolean>().data(null != updateObj);
}