Skip to content

孙克 / smf-core

转到一个项目
切换导航栏
切换导航栏固定状态
Commit 39699f8c LN
选项

增加组权限验证

1 个父辈 d5acd9d8
内嵌 并排
正在显示 8 个修改的文件 包含 55 行增加2 行删除
src/main/java/com/neotel/smfcore/core/system/rest/TaskController.java
......@@ -3,7 +3,9 @@ package com.neotel.smfcore.core.system.rest;
import com.google.common.collect.Lists;
import com.neotel.smfcore.common.bean.PageData;
import com.neotel.smfcore.common.exception.ValidateException;
import com.neotel.smfcore.common.utils.QueryHelp;
import com.neotel.smfcore.common.utils.SecurityUtils;
import com.neotel.smfcore.core.device.enums.OP_STATUS;
import com.neotel.smfcore.core.device.util.DataCache;
import com.neotel.smfcore.core.storage.service.po.Storage;
......@@ -13,6 +15,8 @@ import com.neotel.smfcore.core.system.rest.bean.query.TaskQueryCondition;
import com.neotel.smfcore.core.system.service.manager.IDataLogManager;
import com.neotel.smfcore.core.system.service.po.DataLog;
import com.neotel.smfcore.core.system.util.TaskService;
import com.neotel.smfcore.security.service.manager.IUserManager;
import com.neotel.smfcore.security.service.po.User;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import lombok.RequiredArgsConstructor;
......@@ -50,6 +54,8 @@ public class TaskController {
@Autowired
private DataCache dataCache;
@Autowired
private IUserManager userManager;
// @ApiOperation("导出用户数据")
// @GetMapping(value = "/download")
......@@ -86,6 +92,10 @@ public class TaskController {
if(groupId!=null&&groupId.equals("-1")){
groupId="";
}
User curruser = userManager.get(SecurityUtils.getCurrentUserId());
if(!curruser.getGroups().contains(groupId)){
throw new ValidateException("smfcode.nogroupaccess","没有组[{0}]的操作权限",new String[] {groupId});
}
return getTaskList(groupId,null);
}
......
src/main/java/com/neotel/smfcore/security/rest/GroupController.java
......@@ -2,7 +2,9 @@ package com.neotel.smfcore.security.rest;
import com.neotel.smfcore.common.bean.PageData;
import com.neotel.smfcore.common.exception.ValidateException;
import com.neotel.smfcore.common.utils.Constants;
import com.neotel.smfcore.common.utils.QueryHelp;
import com.neotel.smfcore.common.utils.SecurityUtils;
import com.neotel.smfcore.core.device.util.DataCache;
import com.neotel.smfcore.core.storage.service.manager.IStorageManager;
import com.neotel.smfcore.core.storage.service.po.Storage;
......@@ -14,6 +16,7 @@ import com.neotel.smfcore.security.rest.bean.query.MenuQueryCondition;
import com.neotel.smfcore.security.service.manager.IGroupManager;
import com.neotel.smfcore.security.service.manager.IMenuManager;
import com.neotel.smfcore.security.service.manager.IUserManager;
import com.neotel.smfcore.security.service.manager.impl.UserManagerImpl;
import com.neotel.smfcore.security.service.po.Group;
import com.neotel.smfcore.security.service.po.User;
import io.swagger.annotations.Api;
......@@ -89,12 +92,16 @@ public class GroupController {
Group group = Group.defaulGroup();
groups.add(group);
List<Group> resultGroups = new ArrayList<>();
User curruser = userManager.get(SecurityUtils.getCurrentUserId());
for (Group g :
groups) {
if (curruser.hasGroup(g.getId())) {
if (dataCache.getCidsByGroupId(g.getId(), true).size() > 0) {
resultGroups.add(g);
}
}
}
return new ResponseEntity<>(groupMapper.toDto(resultGroups), HttpStatus.OK);
}
......@@ -102,8 +109,21 @@ public class GroupController {
@PostMapping
@PreAuthorize("@el.check('group:add')")
public ResponseEntity<Object> create(@RequestBody GroupDto groupDto) {
Group resources=groupMapper.toEntity(groupDto);
groupManager.saveGroup(resources);
Group resources = groupMapper.toEntity(groupDto);
resources = groupManager.saveGroup(resources);
//创建分组的人默认增加组权限
User curruser = userManager.get(SecurityUtils.getCurrentUserId());
curruser.getGroups().add(resources.getId());
userManager.save(curruser);
if (!curruser.getUsername().equals(Constants.SUPER_USERNAME)) {
//管理员默认增加组权限
User adminUser = userManager.findByUserName(Constants.SUPER_USERNAME);
adminUser.getGroups().add(resources.getId());
userManager.save(adminUser);
}
return new ResponseEntity<>(HttpStatus.CREATED);
}
......@@ -115,6 +135,10 @@ public class GroupController {
if (resources.getId() == null) {
throw new ValidateException("smfcode.valueCanotNull","{0}不能为空",new String[]{"ID"} );
}
User curruser = userManager.get(SecurityUtils.getCurrentUserId());
if(!curruser.hasGroup(resources.getId())){
throw new ValidateException("smfcode.nogroupaccess","没有组[{0}]的操作权限",new String[] {resources.getGroupName()});
}
groupManager.saveGroup(resources);
return new ResponseEntity<>(HttpStatus.NO_CONTENT);
}
......@@ -132,6 +156,10 @@ public class GroupController {
if(group==null){
throw new ValidateException("smfcode.valueCanotNull","{0}不能为空",new String[]{"group"} );
}
User curruser = userManager.get(SecurityUtils.getCurrentUserId());
if(!curruser.hasGroup(group.getId())){
throw new ValidateException("smfcode.nogroupaccess","没有组[{0}]的操作权限",new String[] {group.getGroupName()});
}
// //查找组下是否有设备
// Query query = new Query(Criteria.where("groupId").is(id));
// List<Storage> storages = storageManager.findByQuery(query);
......
src/main/java/com/neotel/smfcore/security/service/po/User.java
......@@ -58,4 +58,14 @@ public class User extends BasePo implements Serializable {
private String checkCode;
public boolean hasGroup(String groupId) {
if (groupId == null || groupId.equals("") || groupId.equals("-1")) {
return true;
} else if (getGroups().contains(groupId)) {
return true;
}
return false;
}
}
src/main/resources/messages.properties
......@@ -85,6 +85,7 @@ smfcore.posNotExist=\u4ED3\u4F4D\u4E0D\u5B58\u5728
smfcore.error=\u51FA\u9519{0}
smfcore.userManager=\u7528\u6237\u7BA1\u7406
smfcode.cannotRemove=\u5220\u9664\u5E93\u4F4D\u5931\u8D25\uFF0C\u5E93\u4F4D[{0}]\u4E2D\u6709\u6599
smfcode.nogroupaccess=\u6CA1\u6709\u7EC4[{0}]\u7684\u64CD\u4F5C\u6743\u9650
......
src/main/resources/messages_en_US.properties
......@@ -85,3 +85,4 @@ smfcore.posNotExist=Positions do not exist
smfcore.error=Error{0}
smfcore.userManager=User Management
smfcode.cannotRemove=Failed to delete the location, there is material in the location [{0}].
smfcode.nogroupaccess=No operation rights for the group [{0}]
\ No newline at end of file
src/main/resources/messages_ja_JP.properties
......@@ -85,3 +85,4 @@ smfcore.posNotExist=\u30E9\u30A4\u30D6\u30E9\u30EA\u30FC\u30B9\u30DA\u30FC\u30B9
smfcore.error=\u8AA4\u308A{0}
smfcore.userManager=\u30E6\u30FC\u30B6\u30FC\u7BA1\u7406
smfcode.cannotRemove=\u30B9\u30C8\u30C3\u30AF\u30EC\u30D9\u30EB\u306E\u524A\u9664\u306B\u5931\u6557\u3057\u307E\u3057\u305F\u3002\u30B9\u30C8\u30C3\u30AF\u30EC\u30D9\u30EB[{0}]\u306B\u6750\u6599\u304C\u3042\u308A\u307E\u3059\u3002
smfcode.nogroupaccess=\u30B0\u30EB\u30FC\u30D7[{0}]\u306E\u64CD\u4F5C\u6A29\u9650\u304C\u3042\u308A\u307E\u305B\u3093\u3002
\ No newline at end of file
src/main/resources/messages_zh_CN.properties
......@@ -85,4 +85,5 @@ smfcore.posNotExist=\u4ED3\u4F4D\u4E0D\u5B58\u5728
smfcore.error=\u51FA\u9519{0}
smfcore.userManager=\u7528\u6237\u7BA1\u7406
smfcode.cannotRemove=\u5220\u9664\u5E93\u4F4D\u5931\u8D25\uFF0C\u5E93\u4F4D[{0}]\u4E2D\u6709\u6599
smfcode.nogroupaccess=\u6CA1\u6709\u7EC4[{0}]\u7684\u64CD\u4F5C\u6743\u9650
src/main/resources/messages_zh_TW.properties
......@@ -85,3 +85,4 @@ smfcore.posNotExist=\u5EAB\u4F4D\u4E0D\u5B58\u5728
smfcore.error=\u51FA\u932F{0}
smfcore.userManager=\u7528\u6236\u7BA1\u7406
smfcode.cannotRemove=\u522A\u9664\u5EAB\u4F4D\u5931\u6557\uFF0C\u5EAB\u4F4D[{0}]\u4E2D\u6709\u6599
smfcode.nogroupaccess=\u6C92\u6709\u7D44[{0}]\u7684\u64CD\u4F5C\u6B0A
\ No newline at end of file
支持 Markdown 格式
你添加了 0 到此讨论。请谨慎行事。
Finish editing this message first!