bonus
/
cqdevicemgt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master'

This commit is contained in:
liang.chao 2024-09-29 13:33:11 +08:00
parent 67eb17b150 c490ec515f
commit f158d87798
3 changed files with 43 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
sgzb-api/sgzb-api-system/src/main/java/com/bonus/sgzb/base/api/domain/SysDic.java
View File

@ -57,6 +57,11 @@ public class SysDic extends BaseEntity {
*/
private String level;
/**
* o/null: 默认,需要鉴权, 1: 跳过鉴权
*/
private Integer skipPermission;
/**
* 状态
*/
@ -159,6 +164,14 @@ public class SysDic extends BaseEntity {
return creator;
}
public Integer getSkipPermission() {
return skipPermission;
}
public void setSkipPermission(Integer skipPermission) {
this.skipPermission = skipPermission;
}
@Override
public String toString() {
return new ToStringBuilder(this, ToStringStyle.MULTI_LINE_STYLE)

34
sgzb-common/sgzb-common-security/src/main/java/com/bonus/sgzb/common/security/aspect/PreAuthorizeAspect.java
View File

@ -1,7 +1,12 @@
package com.bonus.sgzb.common.security.aspect;
import java.lang.reflect.Method;
import java.util.Objects;
import cn.hutool.json.JSONArray;
import cn.hutool.json.JSONObject;
import cn.hutool.json.JSONUtil;
import com.alibaba.fastjson2.JSON;
import com.bonus.sgzb.common.security.auth.AuthUtil;
import com.bonus.sgzb.common.security.annotation.RequiresRoles;
import org.aspectj.lang.ProceedingJoinPoint;
@ -54,9 +59,25 @@ public class PreAuthorizeAspect
@Around("pointcut()")
public Object around(ProceedingJoinPoint joinPoint) throws Throwable
{
//获取请求参数
boolean needPermission = true;
Object[] args = joinPoint.getArgs();
String argStr = JSON.toJSONString(args);
JSONArray jsonArray = JSONUtil.parseArray(argStr);
for (int i = 0; i < jsonArray.size(); i++) {
Object obj = jsonArray.getObj(i);
if (Objects.nonNull(obj) && obj instanceof JSONObject) {
JSONObject jsonObject = (JSONObject) obj;
if ("1".equals(jsonObject.getStr("skipPermission"))) {
needPermission = false;
}
}
}
// 注解鉴权
MethodSignature signature = (MethodSignature) joinPoint.getSignature();
checkMethodAnnotation(signature.getMethod());
checkMethodAnnotation(signature.getMethod(), needPermission);
try
{
// 执行原有逻辑
@ -72,7 +93,7 @@ public class PreAuthorizeAspect
/**
* 对一个Method对象进行注解检查
*/
public void checkMethodAnnotation(Method method)
public void checkMethodAnnotation(Method method, boolean needPermission)
{
// 校验 @RequiresLogin 注解
RequiresLogin requiresLogin = method.getAnnotation(RequiresLogin.class);
@ -89,10 +110,11 @@ public class PreAuthorizeAspect
}
// 校验 @RequiresPermissions 注解
RequiresPermissions requiresPermissions = method.getAnnotation(RequiresPermissions.class);
if (requiresPermissions != null)
{
AuthUtil.checkPermi(requiresPermissions);
if (needPermission) {
RequiresPermissions requiresPermissions = method.getAnnotation(RequiresPermissions.class);
if (requiresPermissions != null) {
AuthUtil.checkPermi(requiresPermissions);
}
}
}
}

2
sgzb-modules/sgzb-system/src/main/java/com/bonus/sgzb/system/controller/BmStorageLogController.java
View File

@ -5,6 +5,7 @@ import com.bonus.sgzb.common.core.web.domain.AjaxResult;
import com.bonus.sgzb.common.core.web.page.TableDataInfo;
import com.bonus.sgzb.common.security.annotation.InnerAuth;
import com.bonus.sgzb.base.api.domain.BmStorageLog;
import com.bonus.sgzb.common.security.annotation.RequiresPermissions;
import com.bonus.sgzb.system.service.impl.BmStorageLogService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;
@ -26,6 +27,7 @@ public class BmStorageLogController extends BaseController {
@Autowired
private BmStorageLogService bmStorageLogService;
@RequiresPermissions("stock:log:list")
@GetMapping("/list")
public TableDataInfo list(BmStorageLog record) {
startPage();