package com.gz.core.filter;
import cn.hutool.core.util.ObjectUtil;
import com.gz.core.redis.service.RedisService;
import com.gz.core.user.UserDetail;
import com.gz.core.utils.RequestUserUtils;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.List;
public class PermissionsFilter extends BaseFilter {
private final String USER_PERMS_CACHE_KEY = "EMULATE::SHIRO:PERMS:USER:";
private RedisService redisService;
private List<String> perms;
public PermissionsFilter(RedisService redisService, List<String> perms) {
this.redisService = redisService;
this.perms = perms;
}
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
String path = request.getServletPath().replace("/api/", "");
path = path.replace("/", ":");
UserDetail userDetail = RequestUserUtils.getUserDetail();
if (isSwagger(request)) {
chain.doFilter(request, response);
return;
}
if (ObjectUtil.isEmpty(userDetail)) {
chain.doFilter(request, response);
return;
}
//判断是否为权限拦截路径
if (!perms.contains(path)) {
chain.doFilter(request, response);
return;
}
//超管访问所有
if (userDetail.getUserId() == 1L) {
chain.doFilter(request, response);
return;
}
// //判断用户是否拥有对应的权限
// List<String> userPermsList = (List<String>) redisService.get(USER_PERMS_CACHE_KEY + userDetail.getUserId());
// if (userPermsList == null || !userPermsList.contains(path)) {
// this.writeError(response, GlobalErrorEnum.无权访问);
// return;
// }
chain.doFilter(request, response);
}
}
@SuppressWarnings("all")
@Bean
public FilterRegistrationBean<PermissionsFilter> PermissionsFilter(RedisService redisService, ApplicationContext context) {
//通过上下文获取设置权限的接口
List<String> perms = new ArrayList<>();
try {
Map<String, Object> openClz = context.getBeansWithAnnotation(RequestMapping.class);
for (Object clzObj : openClz.values()) {
Class clz = Class.forName(clzObj.getClass().getName(), true, Permissions.class.getClassLoader());
for (Method method : clz.getDeclaredMethods()) {
Permissions shiroPermsValidate = method.getAnnotation(Permissions.class);
if (shiroPermsValidate != null && ObjectUtil.isNotEmpty(shiroPermsValidate.perms())) {
perms.add(shiroPermsValidate.perms());
}
}
}
} catch (Exception e) {
log.info("获取权限接口失败{}", e);
}
log.info("perms:{}", perms);
FilterRegistrationBean<PermissionsFilter> registration = new FilterRegistrationBean<>();
registration.setDispatcherTypes(DispatcherType.REQUEST);
registration.setFilter(new PermissionsFilter(redisService, perms));
registration.addUrlPatterns("*");
registration.setName("PermissionsFilter");
registration.setOrder(2);
return registration;
}
package com.gz.core.annotation;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface Permissions {
String perms() default "";
}
@ApiOperation("查询操作日志")
@Permissions(perms = "sys:log:list")
@GetMapping("sys/log/list")
public ResultBody<PageData<LogEntity>> findList(ReqQueryLogDTO params) throws IOException {
return ResultBody.ok(logService.findPage(params));
}