Skip to content

孙克 / smf-core

转到一个项目
切换导航栏
切换导航栏固定状态
Commit 39699f8c LN
选项

增加组权限验证

1 个父辈 d5acd9d8
内嵌 并排
正在显示 8 个修改的文件 包含 61 行增加8 行删除
src/main/java/com/neotel/smfcore/core/system/rest/TaskController.java
...@@ -3,7 +3,9 @@ package com.neotel.smfcore.core.system.rest; ...@@ -3,7 +3,9 @@ package com.neotel.smfcore.core.system.rest;
import com.google.common.collect.Lists; import com.google.common.collect.Lists;
import com.neotel.smfcore.common.bean.PageData; import com.neotel.smfcore.common.bean.PageData;
import com.neotel.smfcore.common.exception.ValidateException;
import com.neotel.smfcore.common.utils.QueryHelp; import com.neotel.smfcore.common.utils.QueryHelp;
import com.neotel.smfcore.common.utils.SecurityUtils;
import com.neotel.smfcore.core.device.enums.OP_STATUS; import com.neotel.smfcore.core.device.enums.OP_STATUS;
import com.neotel.smfcore.core.device.util.DataCache; import com.neotel.smfcore.core.device.util.DataCache;
import com.neotel.smfcore.core.storage.service.po.Storage; import com.neotel.smfcore.core.storage.service.po.Storage;
...@@ -13,6 +15,8 @@ import com.neotel.smfcore.core.system.rest.bean.query.TaskQueryCondition; ...@@ -13,6 +15,8 @@ import com.neotel.smfcore.core.system.rest.bean.query.TaskQueryCondition;
import com.neotel.smfcore.core.system.service.manager.IDataLogManager; import com.neotel.smfcore.core.system.service.manager.IDataLogManager;
import com.neotel.smfcore.core.system.service.po.DataLog; import com.neotel.smfcore.core.system.service.po.DataLog;
import com.neotel.smfcore.core.system.util.TaskService; import com.neotel.smfcore.core.system.util.TaskService;
import com.neotel.smfcore.security.service.manager.IUserManager;
import com.neotel.smfcore.security.service.po.User;
import io.swagger.annotations.Api; import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiOperation;
import lombok.RequiredArgsConstructor; import lombok.RequiredArgsConstructor;
...@@ -50,6 +54,8 @@ public class TaskController { ...@@ -50,6 +54,8 @@ public class TaskController {
@Autowired @Autowired
private DataCache dataCache; private DataCache dataCache;
@Autowired
private IUserManager userManager;
// @ApiOperation("导出用户数据") // @ApiOperation("导出用户数据")
// @GetMapping(value = "/download") // @GetMapping(value = "/download")
...@@ -86,6 +92,10 @@ public class TaskController { ...@@ -86,6 +92,10 @@ public class TaskController {
if(groupId!=null&&groupId.equals("-1")){ if(groupId!=null&&groupId.equals("-1")){
groupId=""; groupId="";
} }
User curruser = userManager.get(SecurityUtils.getCurrentUserId());
if(!curruser.getGroups().contains(groupId)){
throw new ValidateException("smfcode.nogroupaccess","没有组[{0}]的操作权限",new String[] {groupId});
}
return getTaskList(groupId,null); return getTaskList(groupId,null);
} }
......
src/main/java/com/neotel/smfcore/security/rest/GroupController.java
...@@ -2,7 +2,9 @@ package com.neotel.smfcore.security.rest; ...@@ -2,7 +2,9 @@ package com.neotel.smfcore.security.rest;
import com.neotel.smfcore.common.bean.PageData; import com.neotel.smfcore.common.bean.PageData;
import com.neotel.smfcore.common.exception.ValidateException; import com.neotel.smfcore.common.exception.ValidateException;
import com.neotel.smfcore.common.utils.Constants;
import com.neotel.smfcore.common.utils.QueryHelp; import com.neotel.smfcore.common.utils.QueryHelp;
import com.neotel.smfcore.common.utils.SecurityUtils;
import com.neotel.smfcore.core.device.util.DataCache; import com.neotel.smfcore.core.device.util.DataCache;
import com.neotel.smfcore.core.storage.service.manager.IStorageManager; import com.neotel.smfcore.core.storage.service.manager.IStorageManager;
import com.neotel.smfcore.core.storage.service.po.Storage; import com.neotel.smfcore.core.storage.service.po.Storage;
...@@ -14,6 +16,7 @@ import com.neotel.smfcore.security.rest.bean.query.MenuQueryCondition; ...@@ -14,6 +16,7 @@ import com.neotel.smfcore.security.rest.bean.query.MenuQueryCondition;
import com.neotel.smfcore.security.service.manager.IGroupManager; import com.neotel.smfcore.security.service.manager.IGroupManager;
import com.neotel.smfcore.security.service.manager.IMenuManager; import com.neotel.smfcore.security.service.manager.IMenuManager;
import com.neotel.smfcore.security.service.manager.IUserManager; import com.neotel.smfcore.security.service.manager.IUserManager;
import com.neotel.smfcore.security.service.manager.impl.UserManagerImpl;
import com.neotel.smfcore.security.service.po.Group; import com.neotel.smfcore.security.service.po.Group;
import com.neotel.smfcore.security.service.po.User; import com.neotel.smfcore.security.service.po.User;
import io.swagger.annotations.Api; import io.swagger.annotations.Api;
...@@ -89,10 +92,14 @@ public class GroupController { ...@@ -89,10 +92,14 @@ public class GroupController {
Group group = Group.defaulGroup(); Group group = Group.defaulGroup();
groups.add(group); groups.add(group);
List<Group> resultGroups = new ArrayList<>(); List<Group> resultGroups = new ArrayList<>();
User curruser = userManager.get(SecurityUtils.getCurrentUserId());
for (Group g : for (Group g :
groups) { groups) {
if (dataCache.getCidsByGroupId(g.getId(), true).size() > 0) { if (curruser.hasGroup(g.getId())) {
resultGroups.add(g); if (dataCache.getCidsByGroupId(g.getId(), true).size() > 0) {
resultGroups.add(g);
}
} }
} }
return new ResponseEntity<>(groupMapper.toDto(resultGroups), HttpStatus.OK); return new ResponseEntity<>(groupMapper.toDto(resultGroups), HttpStatus.OK);
...@@ -102,8 +109,21 @@ public class GroupController { ...@@ -102,8 +109,21 @@ public class GroupController {
@PostMapping @PostMapping
@PreAuthorize("@el.check('group:add')") @PreAuthorize("@el.check('group:add')")
public ResponseEntity<Object> create(@RequestBody GroupDto groupDto) { public ResponseEntity<Object> create(@RequestBody GroupDto groupDto) {
Group resources=groupMapper.toEntity(groupDto); Group resources = groupMapper.toEntity(groupDto);
groupManager.saveGroup(resources); resources = groupManager.saveGroup(resources);
//创建分组的人默认增加组权限
User curruser = userManager.get(SecurityUtils.getCurrentUserId());
curruser.getGroups().add(resources.getId());
userManager.save(curruser);
if (!curruser.getUsername().equals(Constants.SUPER_USERNAME)) {
//管理员默认增加组权限
User adminUser = userManager.findByUserName(Constants.SUPER_USERNAME);
adminUser.getGroups().add(resources.getId());
userManager.save(adminUser);
}
return new ResponseEntity<>(HttpStatus.CREATED); return new ResponseEntity<>(HttpStatus.CREATED);
} }
...@@ -115,6 +135,10 @@ public class GroupController { ...@@ -115,6 +135,10 @@ public class GroupController {
if (resources.getId() == null) { if (resources.getId() == null) {
throw new ValidateException("smfcode.valueCanotNull","{0}不能为空",new String[]{"ID"} ); throw new ValidateException("smfcode.valueCanotNull","{0}不能为空",new String[]{"ID"} );
} }
User curruser = userManager.get(SecurityUtils.getCurrentUserId());
if(!curruser.hasGroup(resources.getId())){
throw new ValidateException("smfcode.nogroupaccess","没有组[{0}]的操作权限",new String[] {resources.getGroupName()});
}
groupManager.saveGroup(resources); groupManager.saveGroup(resources);
return new ResponseEntity<>(HttpStatus.NO_CONTENT); return new ResponseEntity<>(HttpStatus.NO_CONTENT);
} }
...@@ -132,6 +156,10 @@ public class GroupController { ...@@ -132,6 +156,10 @@ public class GroupController {
if(group==null){ if(group==null){
throw new ValidateException("smfcode.valueCanotNull","{0}不能为空",new String[]{"group"} ); throw new ValidateException("smfcode.valueCanotNull","{0}不能为空",new String[]{"group"} );
} }
User curruser = userManager.get(SecurityUtils.getCurrentUserId());
if(!curruser.hasGroup(group.getId())){
throw new ValidateException("smfcode.nogroupaccess","没有组[{0}]的操作权限",new String[] {group.getGroupName()});
}
// //查找组下是否有设备 // //查找组下是否有设备
// Query query = new Query(Criteria.where("groupId").is(id)); // Query query = new Query(Criteria.where("groupId").is(id));
// List<Storage> storages = storageManager.findByQuery(query); // List<Storage> storages = storageManager.findByQuery(query);
......
src/main/java/com/neotel/smfcore/security/service/po/User.java
...@@ -58,4 +58,14 @@ public class User extends BasePo implements Serializable { ...@@ -58,4 +58,14 @@ public class User extends BasePo implements Serializable {
private String checkCode; private String checkCode;
public boolean hasGroup(String groupId) {
if (groupId == null || groupId.equals("") || groupId.equals("-1")) {
return true;
} else if (getGroups().contains(groupId)) {
return true;
}
return false;
}
} }
src/main/resources/messages.properties
...@@ -84,7 +84,8 @@ smfcore.barcodeSetting=\u6761\u7801\u8BBE\u7F6E ...@@ -84,7 +84,8 @@ smfcore.barcodeSetting=\u6761\u7801\u8BBE\u7F6E
smfcore.posNotExist=\u4ED3\u4F4D\u4E0D\u5B58\u5728 smfcore.posNotExist=\u4ED3\u4F4D\u4E0D\u5B58\u5728
smfcore.error=\u51FA\u9519{0} smfcore.error=\u51FA\u9519{0}
smfcore.userManager=\u7528\u6237\u7BA1\u7406 smfcore.userManager=\u7528\u6237\u7BA1\u7406
smfcode.cannotRemove=\u5220\u9664\u5E93\u4F4D\u5931\u8D25\uFF0C\u5E93\u4F4D[{0}]\u4E2D\u6709\u6599 smfcode.cannotRemove=\u5220\u9664\u5E93\u4F4D\u5931\u8D25\uFF0C\u5E93\u4F4D[{0}]\u4E2D\u6709\u6599
smfcode.nogroupaccess=\u6CA1\u6709\u7EC4[{0}]\u7684\u64CD\u4F5C\u6743\u9650
......
src/main/resources/messages_en_US.properties
...@@ -84,4 +84,5 @@ smfcore.barcodeSetting=Barcode setting ...@@ -84,4 +84,5 @@ smfcore.barcodeSetting=Barcode setting
smfcore.posNotExist=Positions do not exist smfcore.posNotExist=Positions do not exist
smfcore.error=Error{0} smfcore.error=Error{0}
smfcore.userManager=User Management smfcore.userManager=User Management
smfcode.cannotRemove=Failed to delete the location, there is material in the location [{0}].
\ No newline at end of file \ No newline at end of file
smfcode.cannotRemove=Failed to delete the location, there is material in the location [{0}].
smfcode.nogroupaccess=No operation rights for the group [{0}]
\ No newline at end of file \ No newline at end of file
src/main/resources/messages_ja_JP.properties
...@@ -84,4 +84,5 @@ smfcore.barcodeSetting=\u30D0\u30FC\u30B3\u30FC\u30C9\u8A2D\u5B9A ...@@ -84,4 +84,5 @@ smfcore.barcodeSetting=\u30D0\u30FC\u30B3\u30FC\u30C9\u8A2D\u5B9A
smfcore.posNotExist=\u30E9\u30A4\u30D6\u30E9\u30EA\u30FC\u30B9\u30DA\u30FC\u30B9\u304C\u5B58\u5728\u3057\u306A\u3044 smfcore.posNotExist=\u30E9\u30A4\u30D6\u30E9\u30EA\u30FC\u30B9\u30DA\u30FC\u30B9\u304C\u5B58\u5728\u3057\u306A\u3044
smfcore.error=\u8AA4\u308A{0} smfcore.error=\u8AA4\u308A{0}
smfcore.userManager=\u30E6\u30FC\u30B6\u30FC\u7BA1\u7406 smfcore.userManager=\u30E6\u30FC\u30B6\u30FC\u7BA1\u7406
smfcode.cannotRemove=\u30B9\u30C8\u30C3\u30AF\u30EC\u30D9\u30EB\u306E\u524A\u9664\u306B\u5931\u6557\u3057\u307E\u3057\u305F\u3002\u30B9\u30C8\u30C3\u30AF\u30EC\u30D9\u30EB[{0}]\u306B\u6750\u6599\u304C\u3042\u308A\u307E\u3059\u3002
\ No newline at end of file \ No newline at end of file
smfcode.cannotRemove=\u30B9\u30C8\u30C3\u30AF\u30EC\u30D9\u30EB\u306E\u524A\u9664\u306B\u5931\u6557\u3057\u307E\u3057\u305F\u3002\u30B9\u30C8\u30C3\u30AF\u30EC\u30D9\u30EB[{0}]\u306B\u6750\u6599\u304C\u3042\u308A\u307E\u3059\u3002
smfcode.nogroupaccess=\u30B0\u30EB\u30FC\u30D7[{0}]\u306E\u64CD\u4F5C\u6A29\u9650\u304C\u3042\u308A\u307E\u305B\u3093\u3002
\ No newline at end of file \ No newline at end of file
src/main/resources/messages_zh_CN.properties
...@@ -85,4 +85,5 @@ smfcore.posNotExist=\u4ED3\u4F4D\u4E0D\u5B58\u5728 ...@@ -85,4 +85,5 @@ smfcore.posNotExist=\u4ED3\u4F4D\u4E0D\u5B58\u5728
smfcore.error=\u51FA\u9519{0} smfcore.error=\u51FA\u9519{0}
smfcore.userManager=\u7528\u6237\u7BA1\u7406 smfcore.userManager=\u7528\u6237\u7BA1\u7406
smfcode.cannotRemove=\u5220\u9664\u5E93\u4F4D\u5931\u8D25\uFF0C\u5E93\u4F4D[{0}]\u4E2D\u6709\u6599 smfcode.cannotRemove=\u5220\u9664\u5E93\u4F4D\u5931\u8D25\uFF0C\u5E93\u4F4D[{0}]\u4E2D\u6709\u6599
smfcode.nogroupaccess=\u6CA1\u6709\u7EC4[{0}]\u7684\u64CD\u4F5C\u6743\u9650
src/main/resources/messages_zh_TW.properties
...@@ -84,4 +84,5 @@ smfcore.barcodeSetting=\u689D\u78BC\u8A2D\u7F6E ...@@ -84,4 +84,5 @@ smfcore.barcodeSetting=\u689D\u78BC\u8A2D\u7F6E
smfcore.posNotExist=\u5EAB\u4F4D\u4E0D\u5B58\u5728 smfcore.posNotExist=\u5EAB\u4F4D\u4E0D\u5B58\u5728
smfcore.error=\u51FA\u932F{0} smfcore.error=\u51FA\u932F{0}
smfcore.userManager=\u7528\u6236\u7BA1\u7406 smfcore.userManager=\u7528\u6236\u7BA1\u7406
smfcode.cannotRemove=\u522A\u9664\u5EAB\u4F4D\u5931\u6557\uFF0C\u5EAB\u4F4D[{0}]\u4E2D\u6709\u6599
\ No newline at end of file \ No newline at end of file
smfcode.cannotRemove=\u522A\u9664\u5EAB\u4F4D\u5931\u6557\uFF0C\u5EAB\u4F4D[{0}]\u4E2D\u6709\u6599
smfcode.nogroupaccess=\u6C92\u6709\u7D44[{0}]\u7684\u64CD\u4F5C\u6B0A
\ No newline at end of file \ No newline at end of file
支持 Markdown 格式
你添加了 0 到此讨论。请谨慎行事。
Finish editing this message first!