pipIrr-SV.git - Gitblit

parent: 4ef44fad | 补丁 | 提交 | ignore whitespace

liurunyu

2023-11-07 b2364d7c11aea1b2a512184102036517fccd1385

用户登录，获取登录用户权限，权限验证

5个文件已修改

	pipIrr-platform/pipIrr-global/src/main/resources/mapper/BaPrivilegeMapper.xml	12 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	pipIrr-platform/pipIrr-global/src/main/resources/sql/ba_power.sql	2 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	pipIrr-platform/pipIrr-web/pipIrr-web-sso/src/main/java/com/dy/sso/busi/LoginVo.java	5 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	pipIrr-platform/pipIrr-web/pipIrr-web-sso/src/main/java/com/dy/sso/busi/SsoCtrl.java	71 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	pipIrr-platform/pipIrr-web/pipIrr-web-sso/src/main/java/com/dy/sso/busi/SsoSv.java	16 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史

 pipIrr-platform/pipIrr-global/src/main/resources/mapper/BaPrivilegeMapper.xml

@@ -4,7 +4,7 @@

    <resultMap id="BaseResultMap" type="com.dy.pipIrrGlobal.pojoBa.BaPrivilege">
        <!--@mbg.generated-->
        <!--@Table ba_priviledge-->
        <!--@Table ba_privilege-->
        <result column="id" jdbcType="BIGINT" property="id" />
        <result column="num" jdbcType="INTEGER" property="num" />
        <result column="name" jdbcType="VARCHAR" property="name" />
@@ -19,12 +19,12 @@
    <select id="selectAll" resultMap="BaseResultMap">
        select
        <include refid="Base_Column_List" />
        from ba_priviledge
        from ba_privilege
    </select>

    <select id="selectPrivilegeByUserId" resultType="Integer">
        select p.num
        from ba_priviledge p
        from ba_privilege p
        inner join ba_role_privilege rp on p.id = rp.privilegeId
        inner join ba_user_role ur on rp.roleId = ur.roleId
        inner join ba_role r on ur.roleId = r.id
@@ -36,7 +36,7 @@

    <select id="selectPrivilegeByRoleId" resultType="Integer">
        select p.num
        from ba_priviledge p
        from ba_privilege p
        inner join ba_role_privilege rp on p.id = rp.privilegeId
        <if test="roleId != null">
            where rp.roleId = #{roleId, jdbcType=BIGINT}
@@ -45,7 +45,7 @@

    <insert id="insert" parameterType="com.dy.pipIrrGlobal.pojoBa.BaPrivilege">
        <!--@mbg.generated-->
        insert into ba_priviledge (id, num, name, type
        insert into ba_privilege (id, num, name, type
        )
        values (#{id,jdbcType=BIGINT},
        #{num,jdbcType=INTEGER},
@@ -56,7 +56,7 @@

    <insert id="insertSelective" parameterType="com.dy.pipIrrGlobal.pojoBa.BaPrivilege">
        <!--@mbg.generated-->
        insert into ba_priviledge
        insert into ba_privilege
        <trim prefix="(" suffix=")" suffixOverrides=",">
            <if test="id != null">
                id,

 pipIrr-platform/pipIrr-global/src/main/resources/sql/ba_power.sql

@@ -8,4 +8,4 @@
    PRIMARY KEY (id)
)ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT 'ba_power';

ALTER TABLE ba_priviledge COMMENT '权限表';
ALTER TABLE ba_privilege COMMENT '权限表';

 pipIrr-platform/pipIrr-web/pipIrr-web-sso/src/main/java/com/dy/sso/busi/LoginVo.java

@@ -28,5 +28,10 @@
    @NotEmpty(message = "密码不能为空") //不能为空也不能为null
    @Length(message = "密码必须{min}位", min = 6, max = 6)
    public String password ;

    @Schema(description = "组织单位", requiredMode = Schema.RequiredMode.REQUIRED)
    @NotEmpty(message = "组织单位不能为空") //不能为空也不能为null
    @Length(message = "组织单位标签必须大于{min}位", min = 2)
    public String orgTag ;
}


 pipIrr-platform/pipIrr-web/pipIrr-web-sso/src/main/java/com/dy/sso/busi/SsoCtrl.java

@@ -1,6 +1,7 @@
package com.dy.sso.busi;

import com.dy.common.aop.SsoVo;
import com.dy.common.multiDataSource.DataSourceContext;
import com.dy.common.webUtil.BaseResponse;
import com.dy.common.webUtil.BaseResponseUtils;
import com.dy.common.webUtil.ResultCodeMsg;
@@ -44,7 +45,6 @@
    //@Autowired
    //private CacheManager cacheManager ;


    @Autowired
    public void setSv(SsoSv sv ){
        this.sv = sv ;
@@ -54,6 +54,7 @@
    /**
     * 客户端请求用户登录，客户端提交Json数据
     * @param vo 用户登录值对象
     * @param bindingResult 输入验证
     * @return 登录用户值对象
     */
    @Operation(summary = "单点登录", description = "提交登录用户值对象（json格式），进行单点登录")
@@ -119,6 +120,11 @@
        if(bindingResult != null && bindingResult.hasErrors()){
            return BaseResponseUtils.buildFail(Objects.requireNonNull(bindingResult.getFieldError()).getDefaultMessage());
        }
        if(vo.orgTag == null || vo.orgTag.trim().length() == 0){
            return BaseResponseUtils.buildFail("未选择组织单位");
        }
        //把组织单位标签作为数据源名称
        DataSourceContext.set(vo.orgTag);

        String uuid ;
        BaUser userPo ;
@@ -182,19 +188,72 @@
     * 此方法供子模块系统调用，所以不公开在API接口中
     * 方法功能：验证是否已经登录，如果登录了，再验证权限
     * @param token 登录用户token
     * @param power 验证一个权限
     * @param allPower 验证所有权限
     * @param anyPower 验证任何一个权限
     * @param privilege 验证一个权限
     * @param allPrivilege 验证所有权限
     * @param anyPrivilege 验证任何一个权限
     * @return SsoVo
     */
    @Hidden
    @GetMapping(path = "ssoCheck")
    public SsoVo ssoCheck(String token, String power, String[] allPower, String[] anyPower){
    public SsoVo ssoCheck(String token, String privilege, String[] allPrivilege, String[] anyPrivilege){
        BaUser userPo = this.sv.getByUuid(token) ;
        SsoVo vo = new SsoVo();
        if(userPo != null){
            vo.logined = true ;
            vo.hasPower = true ;
            vo.hasPower = false ;//默认是无权限
            if(userPo.supperAdmin != null && userPo.supperAdmin == 1){
                vo.hasPower = true ;
            }else{
                if(userPo.privileges != null && userPo.privileges.size() > 0){
                    if(privilege != null && !privilege.trim().equals("")){
                        int intPri = Integer.parseInt(privilege) ;
                        for(Integer pri : userPo.privileges){
                            if(pri == intPri){
                                vo.hasPower = true ;
                                break ;
                            }
                        }
                    }else{
                        if(allPrivilege != null && allPrivilege.length > 0){
                            int intPri ;
                            boolean ok = false ;
                            boolean allOk = true ;
                            for(String strPri : allPrivilege){
                                intPri = Integer.parseInt(strPri) ;
                                for(Integer pri : userPo.privileges){
                                    if(pri == intPri){
                                        ok = true ;
                                        break ;
                                    }
                                }
                                if(!ok){
                                    allOk = false ;
                                    break ;
                                }
                            }
                            if(allOk){
                                vo.hasPower = true ;
                            }
                        }else{
                            int intPri ;
                            if(anyPrivilege != null && anyPrivilege.length > 0){
                                for(String strPri : anyPrivilege){
                                    intPri = Integer.parseInt(strPri) ;
                                    for(Integer pri : userPo.privileges){
                                        if(pri == intPri){
                                            vo.hasPower = true ;
                                            break ;
                                        }
                                    }
                                    if(vo.hasPower){
                                        break ;
                                    }
                                }
                            }
                        }
                    }
                }
            }
            vo.dataSourceName = userPo.getOrgTag() ;
        }else{
            vo.logined = false ;

 pipIrr-platform/pipIrr-web/pipIrr-web-sso/src/main/java/com/dy/sso/busi/SsoSv.java

@@ -1,5 +1,6 @@
package com.dy.sso.busi;

import com.dy.pipIrrGlobal.daoBa.BaPrivilegeMapper;
import com.dy.pipIrrGlobal.daoBa.BaUserMapper;
import com.dy.pipIrrGlobal.pojoBa.BaUser;
import lombok.extern.slf4j.Slf4j;
@@ -7,23 +8,34 @@
import org.springframework.cache.annotation.CacheEvict;
import org.springframework.cache.annotation.Cacheable;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

@Slf4j
@Service
public class SsoSv {

    private BaUserMapper baUserMapper;
    private BaPrivilegeMapper baPrivilegeMapper;

    @Autowired
    private void setBaUserMapper(BaUserMapper baUserMapper){
        this.baUserMapper = baUserMapper ;
    }

    @Autowired
    private void setBaPrivilegeMapper(BaPrivilegeMapper baPrivilegeMapper){
        this.baPrivilegeMapper = baPrivilegeMapper ;
    }

    //当未注解@Transactional时，会输出日志：SqlSession [org.apache.ibatis.session.defaults.DefaultSqlSession@46727a0c] was not registered for synchronization because synchronization is not active
    //@Transactional
    @Transactional
    @Cacheable(cacheNames=CacheConstants.cacheNames, key="'" + CacheConstants.loginUserKeyPrefix + "' + #uuid", sync=true)
    public BaUser login(String uuid, String phone, String password){
        return this.baUserMapper.login(phone, password) ;
        BaUser baUser = this.baUserMapper.login(phone, password) ;
        if(baUser !=  null  && baUser.id != null){
            baUser.privileges = this.baPrivilegeMapper.selectPrivilegeByUserId(baUser.id) ;
        }
        return baUser;
    }

    @CacheEvict(cacheNames=CacheConstants.cacheNames, key="'" + CacheConstants.loginUserKeyPrefix + "' + #uuid")

			@@ -4,7 +4,7 @@

			<resultMap id="BaseResultMap" type="com.dy.pipIrrGlobal.pojoBa.BaPrivilege">
			<!--@mbg.generated-->
			<!--@Table ba_priviledge-->
			<!--@Table ba_privilege-->
			<result column="id" jdbcType="BIGINT" property="id" />
			<result column="num" jdbcType="INTEGER" property="num" />
			<result column="name" jdbcType="VARCHAR" property="name" />
			@@ -19,12 +19,12 @@
			<select id="selectAll" resultMap="BaseResultMap">
			select
			<include refid="Base_Column_List" />
			from ba_priviledge
			from ba_privilege
			</select>

			<select id="selectPrivilegeByUserId" resultType="Integer">
			select p.num
			from ba_priviledge p
			from ba_privilege p
			inner join ba_role_privilege rp on p.id = rp.privilegeId
			inner join ba_user_role ur on rp.roleId = ur.roleId
			inner join ba_role r on ur.roleId = r.id
			@@ -36,7 +36,7 @@

			<select id="selectPrivilegeByRoleId" resultType="Integer">
			select p.num
			from ba_priviledge p
			from ba_privilege p
			inner join ba_role_privilege rp on p.id = rp.privilegeId
			<if test="roleId != null">
			where rp.roleId = #{roleId, jdbcType=BIGINT}
			@@ -45,7 +45,7 @@

			<insert id="insert" parameterType="com.dy.pipIrrGlobal.pojoBa.BaPrivilege">
			<!--@mbg.generated-->
			insert into ba_priviledge (id, num, name, type
			insert into ba_privilege (id, num, name, type
			)
			values (#{id,jdbcType=BIGINT},
			#{num,jdbcType=INTEGER},
			@@ -56,7 +56,7 @@

			<insert id="insertSelective" parameterType="com.dy.pipIrrGlobal.pojoBa.BaPrivilege">
			<!--@mbg.generated-->
			insert into ba_priviledge
			insert into ba_privilege
			<trim prefix="(" suffix=")" suffixOverrides=",">
			<if test="id != null">
			id,

			@@ -8,4 +8,4 @@
			PRIMARY KEY (id)
			)ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT 'ba_power';

			ALTER TABLE ba_priviledge COMMENT '权限表';
			ALTER TABLE ba_privilege COMMENT '权限表';

			@@ -28,5 +28,10 @@
			@NotEmpty(message = "密码不能为空") //不能为空也不能为null
			@Length(message = "密码必须{min}位", min = 6, max = 6)
			public String password ;

			@Schema(description = "组织单位", requiredMode = Schema.RequiredMode.REQUIRED)
			@NotEmpty(message = "组织单位不能为空") //不能为空也不能为null
			@Length(message = "组织单位标签必须大于{min}位", min = 2)
			public String orgTag ;
			}

			@@ -1,6 +1,7 @@
			package com.dy.sso.busi;

			import com.dy.common.aop.SsoVo;
			import com.dy.common.multiDataSource.DataSourceContext;
			import com.dy.common.webUtil.BaseResponse;
			import com.dy.common.webUtil.BaseResponseUtils;
			import com.dy.common.webUtil.ResultCodeMsg;
			@@ -44,7 +45,6 @@
			//@Autowired
			//private CacheManager cacheManager ;


			@Autowired
			public void setSv(SsoSv sv ){
			this.sv = sv ;
			@@ -54,6 +54,7 @@
			/**
			* 客户端请求用户登录，客户端提交Json数据
			* @param vo 用户登录值对象
			* @param bindingResult 输入验证
			* @return 登录用户值对象
			*/
			@Operation(summary = "单点登录", description = "提交登录用户值对象（json格式），进行单点登录")
			@@ -119,6 +120,11 @@
			if(bindingResult != null && bindingResult.hasErrors()){
			return BaseResponseUtils.buildFail(Objects.requireNonNull(bindingResult.getFieldError()).getDefaultMessage());
			}
			if(vo.orgTag == null \|\| vo.orgTag.trim().length() == 0){
			return BaseResponseUtils.buildFail("未选择组织单位");
			}
			//把组织单位标签作为数据源名称
			DataSourceContext.set(vo.orgTag);

			String uuid ;
			BaUser userPo ;
			@@ -182,19 +188,72 @@
			* 此方法供子模块系统调用，所以不公开在API接口中
			* 方法功能：验证是否已经登录，如果登录了，再验证权限
			* @param token 登录用户token
			* @param power 验证一个权限
			* @param allPower 验证所有权限
			* @param anyPower 验证任何一个权限
			* @param privilege 验证一个权限
			* @param allPrivilege 验证所有权限
			* @param anyPrivilege 验证任何一个权限
			* @return SsoVo
			*/
			@Hidden
			@GetMapping(path = "ssoCheck")
			public SsoVo ssoCheck(String token, String power, String[] allPower, String[] anyPower){
			public SsoVo ssoCheck(String token, String privilege, String[] allPrivilege, String[] anyPrivilege){
			BaUser userPo = this.sv.getByUuid(token) ;
			SsoVo vo = new SsoVo();
			if(userPo != null){
			vo.logined = true ;
			vo.hasPower = true ;
			vo.hasPower = false ;//默认是无权限
			if(userPo.supperAdmin != null && userPo.supperAdmin == 1){
			vo.hasPower = true ;
			}else{
			if(userPo.privileges != null && userPo.privileges.size() > 0){
			if(privilege != null && !privilege.trim().equals("")){
			int intPri = Integer.parseInt(privilege) ;
			for(Integer pri : userPo.privileges){
			if(pri == intPri){
			vo.hasPower = true ;
			break ;
			}
			}
			}else{
			if(allPrivilege != null && allPrivilege.length > 0){
			int intPri ;
			boolean ok = false ;
			boolean allOk = true ;
			for(String strPri : allPrivilege){
			intPri = Integer.parseInt(strPri) ;
			for(Integer pri : userPo.privileges){
			if(pri == intPri){
			ok = true ;
			break ;
			}
			}
			if(!ok){
			allOk = false ;
			break ;
			}
			}
			if(allOk){
			vo.hasPower = true ;
			}
			}else{
			int intPri ;
			if(anyPrivilege != null && anyPrivilege.length > 0){
			for(String strPri : anyPrivilege){
			intPri = Integer.parseInt(strPri) ;
			for(Integer pri : userPo.privileges){
			if(pri == intPri){
			vo.hasPower = true ;
			break ;
			}
			}
			if(vo.hasPower){
			break ;
			}
			}
			}
			}
			}
			}
			}
			vo.dataSourceName = userPo.getOrgTag() ;
			}else{
			vo.logined = false ;

			@@ -1,5 +1,6 @@
			package com.dy.sso.busi;

			import com.dy.pipIrrGlobal.daoBa.BaPrivilegeMapper;
			import com.dy.pipIrrGlobal.daoBa.BaUserMapper;
			import com.dy.pipIrrGlobal.pojoBa.BaUser;
			import lombok.extern.slf4j.Slf4j;
			@@ -7,23 +8,34 @@
			import org.springframework.cache.annotation.CacheEvict;
			import org.springframework.cache.annotation.Cacheable;
			import org.springframework.stereotype.Service;
			import org.springframework.transaction.annotation.Transactional;

			@Slf4j
			@Service
			public class SsoSv {

			private BaUserMapper baUserMapper;
			private BaPrivilegeMapper baPrivilegeMapper;

			@Autowired
			private void setBaUserMapper(BaUserMapper baUserMapper){
			this.baUserMapper = baUserMapper ;
			}

			@Autowired
			private void setBaPrivilegeMapper(BaPrivilegeMapper baPrivilegeMapper){
			this.baPrivilegeMapper = baPrivilegeMapper ;
			}

			//当未注解@Transactional时，会输出日志：SqlSession [org.apache.ibatis.session.defaults.DefaultSqlSession@46727a0c] was not registered for synchronization because synchronization is not active
			//@Transactional
			@Transactional
			@Cacheable(cacheNames=CacheConstants.cacheNames, key="'" + CacheConstants.loginUserKeyPrefix + "' + #uuid", sync=true)
			public BaUser login(String uuid, String phone, String password){
			return this.baUserMapper.login(phone, password) ;
			BaUser baUser = this.baUserMapper.login(phone, password) ;
			if(baUser != null && baUser.id != null){
			baUser.privileges = this.baPrivilegeMapper.selectPrivilegeByUserId(baUser.id) ;
			}
			return baUser;
			}

			@CacheEvict(cacheNames=CacheConstants.cacheNames, key="'" + CacheConstants.loginUserKeyPrefix + "' + #uuid")