接口权限控制

common-biz-client/src/main/java/com/diagbot/dto/PermissionDTO.java

@@ -5,6 +5,7 @@ import lombok.Setter;
 
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 
 /**
  * @Description:
@@ -14,6 +15,6 @@ import java.util.Map;
 @Getter
 @Setter
 public class PermissionDTO {
-    private Map<String, Map<String, PermissionParamDTO>> permissionMap;
+    private Map<String, Map<String, List<Map<String, Set<String>>>>> permissionMap;
     private List<HosPermissionDTO> hosPermissionDTOS;
 }

common-biz-client/src/main/java/com/diagbot/dto/PermissionParamDTO.java

@@ -3,6 +3,7 @@ package com.diagbot.dto;
 import lombok.Getter;
 import lombok.Setter;
 
+import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
@@ -15,5 +16,5 @@ import java.util.Set;
 @Setter
 public class PermissionParamDTO {
     private String permissionUrl;
-    private Map<String, Set<String>> paramMap;
-}
+    private List<Map<String, Set<String>>> paramList;
+}

common-biz-client/src/main/java/com/diagbot/facade/PermissionFacade.java

@@ -3,7 +3,6 @@ package com.diagbot.facade;
 import com.diagbot.client.TranCommonServiceClient;
 import com.diagbot.dto.HosPermissionDTO;
 import com.diagbot.dto.PermissionDTO;
-import com.diagbot.dto.PermissionParamDTO;
 import com.diagbot.dto.RespDTO;
 import com.diagbot.util.EntityUtil;
 import com.diagbot.util.ListUtil;
@@ -11,7 +10,6 @@ import com.diagbot.util.RespDTOUtil;
 import com.diagbot.util.StringUtil;
 import com.diagbot.vo.PermissionVO;
 import com.google.common.collect.Lists;
-import com.google.common.collect.Sets;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.cache.annotation.CacheEvict;
@@ -52,21 +50,21 @@ public class PermissionFacade {
         PermissionDTO permissionDTO = new PermissionDTO();
         permissionDTO.setHosPermissionDTOS(hosPermissionDTOS);
 
-        Map<String, Map<String, PermissionParamDTO>> permissionMap = new HashMap<>();
+        Map<String, Map<String, List<Map<String, Set<String>>>>> permissionMap = new HashMap<>();
         if (ListUtil.isNotEmpty(hosPermissionDTOS)) {
+            //带参数的接口缓存
             List<HosPermissionDTO> hasParamList = hosPermissionDTOS.stream()
                     .filter(hosPermissionDTO -> StringUtil.isNotBlank(hosPermissionDTO.getParamKey()))
                     .collect(Collectors.toList());
-            Map<String, PermissionParamDTO> hasParamMap = new HashMap<>();
+            Map<String, List<Map<String, Set<String>>>> hasParamMap = new HashMap<>();
             if (ListUtil.isNotEmpty(hasParamList)) {
                 Map<String, List<HosPermissionDTO>> hosPermissionDTOMap
                         = EntityUtil.makeEntityListMap(hasParamList, "permissionUrl");
                 for (Map.Entry<String, List<HosPermissionDTO>> entry : hosPermissionDTOMap.entrySet()) {
-                    PermissionParamDTO permissionParamDTO = new PermissionParamDTO();
-                    permissionParamDTO.setPermissionUrl(entry.getKey());
-                    Map<String, Set<String>> paramMap = new HashMap<>();
+                    List<Map<String, Set<String>>> paramList = Lists.newLinkedList();
                     if (ListUtil.isNotEmpty(entry.getValue())) {
                         for (HosPermissionDTO hosPermissionDTO : entry.getValue()) {
+                            Map<String, Set<String>> paramMap = new HashMap<>();
                             if (StringUtil.isBlank(hosPermissionDTO.getParamValue())) {
                                 continue;
                             }
@@ -78,38 +76,32 @@ public class PermissionFacade {
                                 continue;
                             }
                             for (int i = 0; i < paramKeyArr.length; i++) {
-                                Set<String> paramValueSet = paramMap.get(paramKeyArr[i]);
-                                if(paramValueSet==null){
-                                    paramValueSet= new HashSet<>();
-                                }
-                                paramValueSet.add(paramValueArr[i]);
+                                Set<String> paramValueSet
+                                        = new HashSet<>(Arrays.asList(paramValueArr[i].split(",|，")));
                                 paramMap.put(paramKeyArr[i], paramValueSet);
                             }
+                            paramList.add(paramMap);
                         }
+                        hasParamMap.put(entry.getKey(), paramList);
                     }
-                    permissionParamDTO.setParamMap(paramMap);
-                    hasParamMap.put(entry.getKey(), permissionParamDTO);
                 }
             }
             permissionMap.put("hasParam", hasParamMap);
-            //没有参数的接口
+            //不带参数的接口缓存
             List<HosPermissionDTO> noParamList = hosPermissionDTOS.stream()
                     .filter(hosPermissionDTO -> StringUtil.isBlank(hosPermissionDTO.getParamKey()))
                     .collect(Collectors.toList());
-            Map<String, PermissionParamDTO> noParamMap = new HashMap<>();
+            Map<String, List<Map<String, Set<String>>>> noParamMap = new HashMap<>();
             if (ListUtil.isNotEmpty(noParamList)) {
                 Map<String, List<HosPermissionDTO>> hosPermissionDTOMap
                         = EntityUtil.makeEntityListMap(noParamList, "permissionUrl");
                 for (Map.Entry<String, List<HosPermissionDTO>> entry : hosPermissionDTOMap.entrySet()) {
-                    PermissionParamDTO permissionParamDTO = new PermissionParamDTO();
-                    permissionParamDTO.setPermissionUrl(entry.getKey());
-                    noParamMap.put(entry.getKey(), permissionParamDTO);
+                    noParamMap.put(entry.getKey(), null);
                 }
             }
             permissionMap.put("noParam", noParamMap);
         }
         permissionDTO.setPermissionMap(permissionMap);
-
         return permissionDTO;
     }
 
@@ -123,4 +115,4 @@ public class PermissionFacade {
         log.info("清理服务权限缓存成功");
         return true;
     }
-}
+}

common-biz-client/src/main/java/com/diagbot/util/PermissionUtil.java

@@ -1,24 +1,25 @@
 package com.diagbot.util;
 
 import com.diagbot.dto.PermissionDTO;
-import com.diagbot.dto.PermissionParamDTO;
 import com.diagbot.exception.CommonErrorCode;
 import com.diagbot.exception.CommonException;
 import com.diagbot.facade.PermissionFacade;
 import com.diagbot.vo.PermissionVO;
+import com.google.common.collect.Lists;
 import lombok.extern.slf4j.Slf4j;
 import org.aspectj.lang.JoinPoint;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.core.DefaultParameterNameDiscoverer;
 import org.springframework.core.ParameterNameDiscoverer;
-import org.springframework.stereotype.Component;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.stereotype.Component;
 import org.springframework.web.context.request.RequestAttributes;
 import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
 
 import javax.servlet.http.HttpServletRequest;
 import java.lang.reflect.Field;
+import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.util.*;
 
@@ -69,8 +70,8 @@ public class PermissionUtil {
         permissionVO.setHospitalCode(hospitalCode);
         permissionVO.setSysType(sysType);
         PermissionDTO permissionDTO = permissionFacade.getPermission(permissionVO);
-        Map<String, PermissionParamDTO> hasParamMap = new HashMap<>();
-        Map<String, PermissionParamDTO> noParamMap = new HashMap<>();
+        Map<String, List<Map<String, Set<String>>>> hasParamMap = new HashMap<>();
+        Map<String, List<Map<String, Set<String>>>> noParamMap = new HashMap<>();
         if (permissionDTO.getPermissionMap() != null) {
             hasParamMap = permissionDTO.getPermissionMap().get("hasParam");
             noParamMap = permissionDTO.getPermissionMap().get("noParam");
@@ -85,11 +86,11 @@ public class PermissionUtil {
         }
         //todo 验证是否在有参数的Map
         Boolean hasParam = false;
-        Map<String, Set<String>> permissionParamMap = new HashMap<>();
+        List<Map<String, Set<String>>> perParamList = Lists.newLinkedList();
         if (hasParamMap != null) {
             if (hasParamMap.containsKey(uri)) {
                 hasParam = true;
-                permissionParamMap = hasParamMap.get(uri).getParamMap();
+                perParamList = hasParamMap.get(uri);
             }
         }
 
@@ -106,58 +107,79 @@ public class PermissionUtil {
         paramMap = getFieldsName(joinPoint);
         //todo 利用paramMap获取结果
         try {
-            if (!noParam && hasParam && permissionParamMap != null) {
+            if (!noParam && hasParam && ListUtil.isNotEmpty(perParamList)) {
+
                 for (Map.Entry<String, Object> entry : paramMap.entrySet()) {
                     if (entry.getValue() == null) {
                         continue;
                     }
                     Field[] fields = getAllFields(entry.getValue());
-                    for (int i = 0; i < fields.length; i++) {
-                        String fieldName = fields[i].getName();
-                        if (permissionParamMap.containsKey(fieldName)) {
-                            Set<String> permissionParamValueSet = permissionParamMap.get(fieldName);
-                            if (permissionParamValueSet == null || permissionParamValueSet.size() == 0) {
-                                continue;
-                            }
-                            String getter = "get" + fieldName.substring(0, 1).toUpperCase() + fieldName.substring(1);
-                            String type = fields[i].getGenericType().toString();
-                            Class clazz = entry.getValue().getClass();
-                            Method method = clazz.getMethod(getter, new Class[]{});
-                            Object obj = method.invoke(entry.getValue(), new Object[]{});
-                            if (type.equals("class java.lang.String")
-                                    || type.equals("class java.lang.Integer")
-                                    || type.equals("class java.lang.Long")) {
-                                String value = (String) obj;
-                                String[] valueArr = value.split(",|，");
-                                Set<String> valueSet = new HashSet<>(Arrays.asList(valueArr));
-                                Boolean hasPermission = false;
-                                for (String permissionParamValue : permissionParamValueSet) {
-                                    Set paramValueSet = new HashSet<>(Arrays.asList(permissionParamValue.split(",|，")));
+                    Boolean hasPermission = true;
+                    for (Map<String, Set<String>> perParamMap : perParamList) {
+                        if (perParamMap == null || perParamMap.size() == 0) {
+                            continue;
+                        }
+                        //验证单条paramKey是否所有参数都满足，包含关系
+                        for (Map.Entry<String, Set<String>> paramEntry : perParamMap.entrySet()) {
+                            for (int i = 0; i < fields.length; i++) {
+                                String fieldName = fields[i].getName();
+                                if (!paramEntry.getKey().equals(fieldName)) {
+                                    continue;
+                                }
+                                Set<String> paramValueSet = paramEntry.getValue();
+                                if (paramValueSet == null || paramValueSet.size() == 0) {
+                                    continue;
+                                }
+                                String getter = "get" + fieldName.substring(0, 1).toUpperCase() + fieldName.substring(1);
+                                String type = fields[i].getGenericType().toString();
+                                Class clazz = entry.getValue().getClass();
+                                Method method = clazz.getMethod(getter, new Class[]{});
+                                Object obj = method.invoke(entry.getValue(), new Object[]{});
+                                if (type.equals("class java.lang.String")
+                                        || type.equals("class java.lang.Integer")
+                                        || type.equals("class java.lang.Long")) {
+                                    String value = obj.toString();
+                                    String[] valueArr = value.split(",|，");
+                                    Set<String> valueSet = new HashSet<>(Arrays.asList(valueArr));
                                     if (paramValueSet.containsAll(valueSet)) {
                                         hasPermission = true;
                                         break;
+                                    } else {
+                                        hasPermission = false;
                                     }
-                                }
-                                if (!hasPermission) {
-                                    throw new CommonException(CommonErrorCode.NO_PERMISSION);
-                                }
-                            } else if (type.equals("class java.lang.Boolean")) {
-                                Boolean value = (Boolean) obj;
-                                Boolean hasPermission = false;
-                                for (String str : permissionParamValueSet) {
-                                    if (str.toLowerCase().equals(value.toString().toLowerCase())) {
+                                } else if (type.equals("class java.lang.Boolean")) {
+                                    Boolean value = (Boolean) obj;
+                                    Iterator<String> it = paramEntry.getValue().iterator();
+                                    while (it.hasNext()) {
+                                        it.next().toLowerCase();
+                                    }
+                                    if (paramEntry.getValue().contains(value.toString().toLowerCase())) {
                                         hasPermission = true;
+                                    } else {
+                                        hasPermission = false;
                                     }
                                 }
                                 if (!hasPermission) {
-                                    throw new CommonException(CommonErrorCode.NO_PERMISSION);
+                                    break;
                                 }
                             }
+                            //当前组合中有一个参数不满足，则整条都不满足
+                            if (!hasPermission) {
+                                break;
+                            }
                         }
+                        //有一条完整的参数验证通过，则结束循环
+                        if (hasPermission) {
+                            break;
+                        }
+                    }
+                    //遍历所有参数组合之后，没有一条满足，则说明没有权限
+                    if (!hasPermission) {
+                        throw new CommonException(CommonErrorCode.NO_PERMISSION);
                     }
                 }
             }
-        } catch (Exception e) {
+        } catch (NoSuchMethodException | IllegalAccessException | InvocationTargetException e) {
             throw new CommonException(CommonErrorCode.FAIL, e.getMessage());
         }
     }
@@ -238,5 +260,4 @@ public class PermissionUtil {
         }
         return false;
     }
-
-}
+}

tran-service/src/main/resources/mapper/HospitalRoleMapper.xml

@@ -52,6 +52,8 @@
         IFNULL( pe.param_key, '' ) <> ''
         END
         </if -->
+        ORDER BY
+        LENGTH( pe.param_key ) DESC
     </select>
 
 </mapper>