部分接口发现越权,然后通过aop+策略模式解决
1.一个接口,需要对应业务的实现类;
2.定义一个注解(注解参数重要)
3.切面
public interface AuthCheckStrategy {
AuthCheckResult authCheck(HttpServletRequest request, Object checkObject);
}
@Slf4j
@Component
public class AppointSaveAuthCheckStrategy implements AuthCheckStrategy {
@Autowired
private AppointService appointService;
@Override
public AuthCheckResult authCheck(HttpServletRequest request, Object checkObject) {
UserInfo userInfo = UserUtils.getUserInfo(request);
if (null == userInfo) {
return AuthCheckResult.wrapErrorResult("非法访问");
}
JSONObject jsonObject = JSON.parseObject(JSON.toJSONString(checkObject));
JSONObject appointJsonObject = jsonObject.getJSONObject("appoint");
Long appointId = appointJsonObject.getLong("