From daa877631230549a208abffc79246b79c6d914eb Mon Sep 17 00:00:00 2001
From: weiweiw <14335254+weiweiw22@user.noreply.gitee.com>
Date: Wed, 23 Oct 2024 15:49:12 +0800
Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E6=94=AF=E6=8C=81=E5=9C=A8?=
 =?UTF-8?q?=E8=AF=B7=E6=B1=82=E9=87=8C=E5=A2=9E=E5=8A=A0skipPermission=20?=
 =?UTF-8?q?=E5=8F=AF=E4=BB=A5=E8=B7=B3=E8=BF=87=E6=9D=83=E9=99=90=E9=AA=8C?=
 =?UTF-8?q?=E8=AF=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../bonus/common/security/auth/AuthLogic.java | 41 ++++++++++++-------
 1 file changed, 27 insertions(+), 14 deletions(-)

diff --git a/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/auth/AuthLogic.java b/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/auth/AuthLogic.java
index f92799c..bbc22ab 100644
--- a/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/auth/AuthLogic.java
+++ b/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/auth/AuthLogic.java
@@ -1,10 +1,8 @@
 package com.bonus.common.security.auth;
 
-import java.util.Collection;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
+import java.util.*;
 
+import cn.hutool.json.JSONObject;
 import com.bonus.common.core.constant.SecurityConstants;
 import com.bonus.common.core.domain.R;
 import com.bonus.common.core.utils.DateUtils;
@@ -146,17 +144,32 @@ public class AuthLogic
      */
     public void checkPermi(RequiresPermissions requiresPermissions, ProceedingJoinPoint joinPoint)
     {
-        SecurityContextHolder.setPermission(StringUtils.join(requiresPermissions.value(), ","));
-        if (requiresPermissions.logical() == Logical.AND) {
-            try{
-                checkPermiAnd(requiresPermissions.value());
-            }catch (Exception e){
-                //记录越权日志
-                addErrorLogs(joinPoint,requiresPermissions);
-                throw new NotPermissionException(requiresPermissions.value()[0]);
+        //获取请求参数
+        boolean needPermission = true;
+        Object[] args = joinPoint.getArgs();
+        for (int i = 0; i < args.length; i++) {
+            Object obj = args[i];
+            if (Objects.nonNull(obj) && obj instanceof JSONObject) {
+                JSONObject jsonObject = (JSONObject) obj;
+                if ("1".equals(jsonObject.getStr("skipPermission"))) {
+                    needPermission = false;
+                }
+            }
+        }
+
+        if (needPermission) {
+            SecurityContextHolder.setPermission(StringUtils.join(requiresPermissions.value(), ","));
+            if (requiresPermissions.logical() == Logical.AND) {
+                try {
+                    checkPermiAnd(requiresPermissions.value());
+                } catch (Exception e) {
+                    //记录越权日志
+                    addErrorLogs(joinPoint, requiresPermissions);
+                    throw new NotPermissionException(requiresPermissions.value()[0]);
+                }
+            } else {
+                checkPermiOr(requiresPermissions.value());
             }
-        } else {
-            checkPermiOr(requiresPermissions.value());
         }
     }