增加支持在请求里增加skipPermission 可以跳过权限验证

2024-10-23 15:49:12 +08:00 · 2024-10-23 15:49:12 +08:00 · daa8776312
parent 57b2a2f880
commit daa8776312
1 changed files with 27 additions and 14 deletions
--- a/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/auth/AuthLogic.java
+++ b/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/auth/AuthLogic.java
@ -1,10 +1,8 @@
 package com.bonus.common.security.auth;

-import java.util.Collection;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
+import java.util.*;

+import cn.hutool.json.JSONObject;
 import com.bonus.common.core.constant.SecurityConstants;
 import com.bonus.common.core.domain.R;
 import com.bonus.common.core.utils.DateUtils;
@ -146,17 +144,32 @@ public class AuthLogic
     */
    public void checkPermi(RequiresPermissions requiresPermissions, ProceedingJoinPoint joinPoint)
    {
-        SecurityContextHolder.setPermission(StringUtils.join(requiresPermissions.value(), ","));
-        if (requiresPermissions.logical() == Logical.AND) {
-            try{
-                checkPermiAnd(requiresPermissions.value());
-            }catch (Exception e){
-                //记录越权日志
-                addErrorLogs(joinPoint,requiresPermissions);
-                throw new NotPermissionException(requiresPermissions.value()[0]);
+        //获取请求参数
+        boolean needPermission = true;
+        Object[] args = joinPoint.getArgs();
+        for (int i = 0; i < args.length; i++) {
+            Object obj = args[i];
+            if (Objects.nonNull(obj) && obj instanceof JSONObject) {
+                JSONObject jsonObject = (JSONObject) obj;
+                if ("1".equals(jsonObject.getStr("skipPermission"))) {
+                    needPermission = false;
+                }
+            }
+        }
+
+        if (needPermission) {
+            SecurityContextHolder.setPermission(StringUtils.join(requiresPermissions.value(), ","));
+            if (requiresPermissions.logical() == Logical.AND) {
+                try {
+                    checkPermiAnd(requiresPermissions.value());
+                } catch (Exception e) {
+                    //记录越权日志
+                    addErrorLogs(joinPoint, requiresPermissions);
+                    throw new NotPermissionException(requiresPermissions.value()[0]);
+                }
+            } else {
+                checkPermiOr(requiresPermissions.value());
            }
-        } else {
-            checkPermiOr(requiresPermissions.value());
        }
    }