Commit 1cc780cabf717812523025334980c42b8bfe0279
1 parent
717a2b1d
feat: 按钮级权限控制
1、按钮级权限控制原理已实现并测试 2、对需要按钮级权限控制的接口的注解进行整改。
Showing
2 changed files
with
65 additions
and
1 deletions
| ... | ... | @@ -56,10 +56,12 @@ import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant. |
| 56 | 56 | public class YtDeviceController extends BaseController { |
| 57 | 57 | private final YtDeviceService deviceService; |
| 58 | 58 | private final DeviceService tbDeviceService; |
| 59 | + String sePL = new Date().toString(); | |
| 59 | 60 | |
| 60 | 61 | @PostMapping |
| 61 | 62 | @ApiOperation("创建|编辑") |
| 62 | - @PreAuthorize("hasAnyAuthority('TENANT_ADMIN')") | |
| 63 | +// @PreAuthorize("hasAnyAuthority('TENANT_ADMIN')") | |
| 64 | + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{})") | |
| 63 | 65 | public ResponseEntity<DeviceDTO> saveDevice( |
| 64 | 66 | @Validated(AddGroup.class) @RequestBody DeviceDTO deviceDTO) throws ThingsboardException, ExecutionException, InterruptedException { |
| 65 | 67 | String currentTenantId = getCurrentUser().getCurrentTenantId(); | ... | ... |
application/src/main/java/org/thingsboard/server/controller/yunteng/permission/PermissionTools.java
0 → 100644
| 1 | +package org.thingsboard.server.controller.yunteng.permission; | |
| 2 | + | |
| 3 | +import com.alibaba.excel.util.StringUtils; | |
| 4 | +import lombok.RequiredArgsConstructor; | |
| 5 | +import lombok.extern.slf4j.Slf4j; | |
| 6 | +import org.springframework.security.core.Authentication; | |
| 7 | +import org.springframework.security.core.context.SecurityContextHolder; | |
| 8 | +import org.springframework.stereotype.Service; | |
| 9 | +import org.thingsboard.server.dao.yunteng.service.RoleService; | |
| 10 | +import org.thingsboard.server.service.security.model.SecurityUser; | |
| 11 | + | |
| 12 | +import java.util.List; | |
| 13 | +import java.util.Set; | |
| 14 | + | |
| 15 | +@Service("check") | |
| 16 | +@Slf4j | |
| 17 | +@RequiredArgsConstructor | |
| 18 | +public class PermissionTools { | |
| 19 | + | |
| 20 | + private final RoleService roleService; | |
| 21 | + | |
| 22 | + /** | |
| 23 | + * 接口权限校验 | |
| 24 | + * | |
| 25 | + * @param needRoles 接口访问所需角色 | |
| 26 | + * @param needPermission 接口访问所需权限 | |
| 27 | + * @return | |
| 28 | + */ | |
| 29 | + public Boolean checkPermissions(List<String> needRoles, Set<String> needPermission) { | |
| 30 | + SecurityUser securityUser = null; | |
| 31 | + Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); | |
| 32 | + if (authentication != null && authentication.getPrincipal() instanceof SecurityUser) { | |
| 33 | + securityUser = (SecurityUser) authentication.getPrincipal(); | |
| 34 | + } | |
| 35 | + if (securityUser == null) { | |
| 36 | + return false; | |
| 37 | + } | |
| 38 | + Set<String> userRoles = securityUser.getRoles(); | |
| 39 | + if (needRoles != null && !needRoles.isEmpty()) { | |
| 40 | + if (userRoles == null) { | |
| 41 | + return false; | |
| 42 | + } | |
| 43 | + boolean roleMatched = userRoles.stream().anyMatch(f -> needRoles.contains(f)); | |
| 44 | + if (!roleMatched) { | |
| 45 | + return false; | |
| 46 | + } | |
| 47 | + } | |
| 48 | + | |
| 49 | + if (needPermission != null && !needPermission.isEmpty()) { | |
| 50 | + Set<String> userPermissions = roleService.getPermissions(securityUser.isPtSysadmin(), securityUser.isPtTenantAdmin(), securityUser.getCurrentTenantId(), securityUser.getCurrentUserId()); | |
| 51 | + if (userPermissions == null || userPermissions.isEmpty()) { | |
| 52 | + return false; | |
| 53 | + } | |
| 54 | + boolean permissionMatched = userPermissions.stream().anyMatch(f -> needPermission.contains(f)); | |
| 55 | + if (!permissionMatched) { | |
| 56 | + return false; | |
| 57 | + } | |
| 58 | + } | |
| 59 | + | |
| 60 | + return true; | |
| 61 | + } | |
| 62 | +} | ... | ... |