菜单鉴权，网页下拉不鉴权

2024-09-29 14:10:55 +08:00 · 2024-09-29 14:10:55 +08:00 · f138b59f2d
parent ee0107384e
commit f138b59f2d
2 changed files with 33 additions and 7 deletions
--- a/sgzb-common/sgzb-common-security/pom.xml
+++ b/sgzb-common/sgzb-common-security/pom.xml
@ -33,6 +33,12 @@
            <groupId>com.bonus.sgzb</groupId>
            <artifactId>sgzb-common-redis</artifactId>
        </dependency>
+        <dependency>
+            <groupId>cn.hutool</groupId>
+            <artifactId>hutool-all</artifactId>
+            <version>5.8.23</version>
+            <scope>compile</scope>
+        </dependency>

    </dependencies>

--- a/sgzb-common/sgzb-common-security/src/main/java/com/bonus/sgzb/common/security/aspect/PreAuthorizeAspect.java
+++ b/sgzb-common/sgzb-common-security/src/main/java/com/bonus/sgzb/common/security/aspect/PreAuthorizeAspect.java
@ -1,7 +1,11 @@
 package com.bonus.sgzb.common.security.aspect;

 import java.lang.reflect.Method;
-
+import java.util.Objects;
+import com.alibaba.fastjson2.JSON;
+import cn.hutool.json.JSONArray;
+import cn.hutool.json.JSONObject;
+import cn.hutool.json.JSONUtil;
 import com.bonus.sgzb.common.security.auth.AuthUtil;
 import com.bonus.sgzb.common.security.annotation.RequiresRoles;
 import org.aspectj.lang.ProceedingJoinPoint;
@ -54,9 +58,24 @@ public class PreAuthorizeAspect
    @Around("pointcut()")
    public Object around(ProceedingJoinPoint joinPoint) throws Throwable
    {
+        //获取请求参数
+        boolean needPermission = true;
+        Object[] args = joinPoint.getArgs();
+        String argStr = JSON.toJSONString(args);
+        JSONArray jsonArray = JSONUtil.parseArray(argStr);
+        for (int i = 0; i < jsonArray.size(); i++) {
+            Object obj = jsonArray.getObj(i);
+            if (Objects.nonNull(obj) && obj instanceof JSONObject) {
+                JSONObject jsonObject = (JSONObject) obj;
+                if ("1".equals(jsonObject.getStr("skipPermission"))) {
+                    needPermission = false;
+                }
+            }
+        }
+
        // 注解鉴权
        MethodSignature signature = (MethodSignature) joinPoint.getSignature();
-        checkMethodAnnotation(signature.getMethod());
+        checkMethodAnnotation(signature.getMethod(), needPermission);
        try
        {
            // 执行原有逻辑
@ -72,7 +91,7 @@ public class PreAuthorizeAspect
    /**
     * 对一个Method对象进行注解检查
     */
-    public void checkMethodAnnotation(Method method)
+    public void checkMethodAnnotation(Method method, boolean needPermission)
    {
        // 校验 @RequiresLogin 注解
        RequiresLogin requiresLogin = method.getAnnotation(RequiresLogin.class);
@ -89,10 +108,11 @@ public class PreAuthorizeAspect
        }

        // 校验 @RequiresPermissions 注解
-        RequiresPermissions requiresPermissions = method.getAnnotation(RequiresPermissions.class);
-        if (requiresPermissions != null)
-        {
-            AuthUtil.checkPermi(requiresPermissions);
+        if (needPermission) {
+            RequiresPermissions requiresPermissions = method.getAnnotation(RequiresPermissions.class);
+            if (requiresPermissions != null) {
+                AuthUtil.checkPermi(requiresPermissions);
+            }
        }
    }
 }