Merge remote-tracking branch 'origin/dev/ez-security210625' into dev/ez-security210625

common/src/main/java/com/lantone/common/constant/AuthConstant.java

@@ -61,5 +61,12 @@ public interface AuthConstant {
      * 系统id Http请求头
      */
     String SOFTWARE_ID_HEADER = "softwareId";
-
+    /**
+     * 超级管理员角色id
+     */
+    Long SUPPER_ADMIN = 1l ;
+    /**
+     * 数据权限过滤sql key
+     */
+    String DATAAUTH_FILTER_SQL = "dataAuthFilter";
 }

common/src/main/java/com/lantone/common/vo/GetUserPageVO.java

@@ -1,6 +1,6 @@
 package com.lantone.common.vo;
 
-import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
+import com.lantone.common.vo.base.BasePageVo;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
 
@@ -12,7 +12,7 @@ import java.io.Serializable;
  * </p>
  */
 @Data
-public class GetUserPageVO extends Page implements Serializable {
+public class GetUserPageVO extends BasePageVo implements Serializable {
 
     private static final long serialVersionUID = 1L;
 

common/src/main/java/com/lantone/common/vo/base/BasePageVo.java

@@ -0,0 +1,17 @@
+package com.lantone.common.vo.base;
+
+import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
+import lombok.Data;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * @Description:
+ * @Author songxl
+ * @Date 2021/8/26
+ */
+@Data
+public class BasePageVo extends Page {
+     Map<String,Object> map = new HashMap<>();
+}

common/src/main/java/com/lantone/common/vo/base/BaseVo.java

@@ -0,0 +1,17 @@
+package com.lantone.common.vo.base;
+
+import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
+import lombok.Data;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * @Description:
+ * @Author songxl
+ * @Date 2021/8/26
+ */
+@Data
+public class BaseVo {
+     Map<String,Object> map = new HashMap<>();
+}

dblayer-mbg/src/main/resources/mapper/HospitalUserMapper.xml

@@ -38,6 +38,9 @@
         <if test="getUserPageVO.name !=null and getUserPageVO.name !=''">
             AND u.`name` LIKE concat('%',#{getUserPageVO.name},'%')
         </if>
+        <if test="getUserPageVO.map.dataAuthFilter != null ">
+            and ${getUserPageVO.map.dataAuthFilter}
+        </if>
     </select>
     <select id="getHospitalUserById" resultType="java.lang.Long">
         SELECT

security-center/pom.xml

@@ -30,6 +30,10 @@
             <groupId>io.github.openfeign</groupId>
             <artifactId>feign-okhttp</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-aop</artifactId>
+        </dependency>
     </dependencies>
 
     <build>

security-center/src/main/java/com/lantone/security/annotation/DataAuthFilter.java

@@ -0,0 +1,31 @@
+package com.lantone.security.annotation;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+/**
+ * @Description:数据权限过滤注解
+ * @Author songxl
+ * @Date 2021/8/25
+ */
+@Target(ElementType.METHOD)
+@Retention(RetentionPolicy.RUNTIME)
+@Documented
+public @interface DataAuthFilter {
+    /**
+     * 用户表的别名
+     */
+    String userAlias() default "";
+    /**
+     * 科室表的别名
+     */
+    String deptAlias() default "";
+    /**
+     * 组织表的别名
+     */
+    String hospitalAlias() default "";
+
+}

security-center/src/main/java/com/lantone/security/aop/DataAuthFilterAspect.java

@@ -0,0 +1,108 @@
+package com.lantone.security.aop;
+
+import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
+import com.google.common.collect.Lists;
+import com.lantone.common.constant.AuthConstant;
+import com.lantone.common.enums.IsDeleteEnum;
+import com.lantone.common.exception.Asserts;
+import com.lantone.common.util.ListUtil;
+import com.lantone.common.util.SysUserUtils;
+import com.lantone.common.vo.base.BasePageVo;
+import com.lantone.common.vo.base.BaseVo;
+import com.lantone.dblayermbg.entity.UserRole;
+import com.lantone.dblayermbg.facade.UserRoleFacade;
+import com.lantone.security.annotation.DataAuthFilter;
+import org.apache.commons.lang.StringUtils;
+import org.aspectj.lang.JoinPoint;
+import org.aspectj.lang.annotation.Aspect;
+import org.aspectj.lang.annotation.Before;
+import org.aspectj.lang.annotation.Pointcut;
+import org.aspectj.lang.reflect.MethodSignature;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import java.util.List;
+import java.util.stream.Collectors;
+
+/**
+ * @Description:数据权限过滤处理切面
+ * @Author songxl
+ * @Date 2021/8/25
+ */
+@Aspect
+@Component
+public class DataAuthFilterAspect {
+    @Autowired
+    private UserRoleFacade userRoleFacade;
+
+    //切入点
+    @Pointcut("@annotation(com.lantone.security.annotation.DataAuthFilter)")
+    public void dataFilterCut() {
+
+    }
+
+    @Before("dataFilterCut()")
+    public void dataFilter(JoinPoint point) {
+        Object params = point.getArgs()[0];
+        if (params != null) {
+            //获取当前用户角色集合如果是超级管理员则不进行数据过滤
+            List<Long> roleIds = userRoleFacade.list(new QueryWrapper<UserRole>()
+                    .eq("user_id", SysUserUtils.getCurrentPrincipleId())
+                    .eq("is_deleted", IsDeleteEnum.N.getKey())).stream().map(UserRole::getRoleId).collect(Collectors.toList());
+            if (!roleIds.contains(AuthConstant.SUPPER_ADMIN)) {
+                if (params instanceof BaseVo){
+                    BaseVo vo = (BaseVo) params;
+                    vo.getMap().put(AuthConstant.DATAAUTH_FILTER_SQL, getSQLFilter(point));
+                }
+                if (params instanceof BasePageVo){
+                    BasePageVo vo = (BasePageVo) params;
+                    vo.getMap().put(AuthConstant.DATAAUTH_FILTER_SQL, getSQLFilter(point));
+                }
+            }
+            return;
+        } else {
+            Asserts.fail("数据权限接口，只能是Map类型参数，且不能为NULL");
+        }
+    }
+
+    /**
+     * @param point
+     * @Description获取数据过滤的SQL
+     * @Return java.lang.String
+     */
+    private String getSQLFilter(JoinPoint point) {
+
+        MethodSignature signature = (MethodSignature) point.getSignature();
+        DataAuthFilter dataAuthFilter = signature.getMethod().getAnnotation(DataAuthFilter.class);
+        //###模拟数据
+        List<String> users = Lists.newArrayList("1", "2");
+        List<String> depts = Lists.newArrayList("16", "34");
+        List<String> hopitals = Lists.newArrayList("1", "2");
+
+
+        StringBuilder sqlFilter = new StringBuilder();
+        sqlFilter.append(" (");
+
+        //sql拼接
+        //1.用户
+        if (StringUtils.isNotEmpty(dataAuthFilter.userAlias()) && ListUtil.isNotEmpty(users)) {
+            sqlFilter.append(dataAuthFilter.userAlias()).append(" in(").append(StringUtils.join(depts, ",")).append(")");
+        }
+        //2.科室
+        if (StringUtils.isNotEmpty(dataAuthFilter.deptAlias()) && ListUtil.isNotEmpty(depts)) {
+            sqlFilter.append(dataAuthFilter.deptAlias()).append(" in(").append(StringUtils.join(depts, ",")).append(")");
+        }
+        //3.组织
+        if (StringUtils.isNotEmpty(dataAuthFilter.hospitalAlias()) && ListUtil.isNotEmpty(hopitals)) {
+            sqlFilter.append(dataAuthFilter.hospitalAlias()).append(" in(").append(StringUtils.join(depts, ",")).append(")");
+        }
+
+        sqlFilter.append(") ");
+
+        if (sqlFilter.toString().trim().equals("()")) {
+            return null;
+        }
+
+        return sqlFilter.toString();
+    }
+}

security-center/src/main/java/com/lantone/security/aop/ResourceRoleRulesAspect.java

@@ -23,7 +23,16 @@ public class ResourceRoleRulesAspect {
     @Pointcut("execution(public * com.lantone.security.web.RoleManagementController.addRole(..))" +
             "||execution(public * com.lantone.security.web.RoleManagementController.deleteRole(..))" +
             "||execution(public * com.lantone.security.web.RoleManagementController.disableRole(..))" +
-            "||execution(public * com.lantone.security.web.RoleManagementController.updateRole(..))")
+            "||execution(public * com.lantone.security.web.RoleManagementController.updateRole(..))"+
+            "||execution(public * com.lantone.security.web.FuncManagementController.addMenu(..))"+
+            "||execution(public * com.lantone.security.web.FuncManagementController.updateMenu(..))"+
+            "||execution(public * com.lantone.security.web.FuncManagementController.deleteMenu(..))"+
+            "||execution(public * com.lantone.security.web.FuncManagementController.disableMenu(..))"+
+            "||execution(public * com.lantone.security.web.HospitalManagementController.addHospital(..))"+
+            "||execution(public * com.lantone.security.web.HospitalManagementController.updateHospital(..))"+
+            "||execution(public * com.lantone.security.web.HospitalManagementController.disableHospital(..))"+
+            "||execution(public * com.lantone.security.web.HospitalManagementController.deleteHospital(..))"
+    )
     public void basicInfoChange() {
     }
 

security-center/src/main/java/com/lantone/security/facade/FuncManagementFacade.java

@@ -191,8 +191,6 @@ public class FuncManagementFacade {
                 }
 
             });
-            //重新加载角色权限
-            resourceFacade.initResourceRolesMap();
             return true;
         }
         return false;
@@ -245,10 +243,6 @@ public class FuncManagementFacade {
                 .set("status", status)
                 .eq("id", id)
                 .eq("is_deleted", IsDeleteEnum.N.getKey()));
-        if(flag){
-            //重新加载角色权限
-            resourceFacade.initResourceRolesMap();
-        }
         return flag;
     }
 
@@ -262,8 +256,6 @@ public class FuncManagementFacade {
         if (menuFacade.update(new UpdateWrapper<Menu>()
                 .set("is_deleted", IsDeleteEnum.Y.getKey())
                 .eq("id", id))) {
-            //重新加载角色权限
-            resourceFacade.initResourceRolesMap();
             return true;
         } else {
             Asserts.fail("菜单详情删除失败");

security-center/src/main/java/com/lantone/security/facade/RoleManagementFacade.java

@@ -105,10 +105,6 @@ public class RoleManagementFacade {
                 .eq("id", roleId)
                 .eq("is_deleted", IsDeleteEnum.N.getKey()))) {
             boolean flag = deleteRoleSoftwareMenu(roleId);
-            if (flag){
-                //重新加载角色权限
-                resourceFacade.initResourceRolesMap();
-            }
             return flag;
         } else {
             Asserts.fail("角色删除失败");
@@ -245,10 +241,6 @@ public class RoleManagementFacade {
                 out.set(new RoleSoftwareResourceServiceImpl().saveBatch(roleSoftwareResources));
             }
         });
-        if (out.get()){
-            //重新加载角色权限
-            resourceFacade.initResourceRolesMap();
-        }
         return out.get();
     }
 

security-center/src/main/java/com/lantone/security/web/UserManagementController.java

@@ -104,5 +104,4 @@ public class UserManagementController {
     public CommonResult<Map<String,Object>> getUserHospitals() {
         return CommonResult.success(userManagementFacade.getUserHospitals());
     }
-
 }