权限v3

authorize-api-service/src/main/java/com/xy/service/impl/AuthorizeServiceImpl.java

@@ -1,7 +1,7 @@
 package com.xy.service.impl;
 
 import cn.dev33.satoken.stp.StpUtil;
-import com.xy.config.SaTokenAuthorizeConfig;
+import com.xy.consts.CommConsts;
 import com.xy.dto.AuthorizeDto;
 import com.xy.dto.SysMenuDto;
 import com.xy.redis.RedisCache;
@@ -22,8 +22,6 @@ public class AuthorizeServiceImpl implements AuthorizeService {
 
     private SysMenuServiceImpl sysMenuService;
 
-    private SaTokenAuthorizeConfig saTokenAuthorizeConfig;
-
     @Override
     @ApiOperation("获取菜单")
     public R<List<SysMenuDto.Vo>> workMenu(SysMenuDto.WorkMenu workMenu) {
@@ -103,7 +101,7 @@ public class AuthorizeServiceImpl implements AuthorizeService {
     @Override
     @ApiOperation("token续签")
     public R<Boolean> renewTimeout() {
-        StpUtil.renewTimeout(SaTokenUtils.getToken(), saTokenAuthorizeConfig.getTimeout());
+        StpUtil.renewTimeout(SaTokenUtils.getToken(), CommConsts.TOKEN_TIMEOUT);
         return null;
     }
 }

authorize-api-service/src/main/java/com/xy/service/impl/SysRoleServiceImpl.java

@@ -7,6 +7,7 @@ import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.baomidou.mybatisplus.core.toolkit.Wrappers;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
 import com.xy.dto.BatchDeleteDto;
+import com.xy.dto.CommDto;
 import com.xy.dto.SysRoleDto;
 import com.xy.entity.*;
 import com.xy.mapper.SysRoleMapper;
@@ -76,12 +77,12 @@ public class SysRoleServiceImpl extends ServiceImpl<SysRoleMapper, SysRole> impl
     }
 
     @ApiOperation(value = "删除角色", notes = "删除角色")
-    @DeleteMapping
+    @DeleteMapping("batchDelete")
     public R<Boolean> batchDelete(@Valid @RequestBody BatchDeleteDto batchDeleteDto) {
         List<Long> ids = batchDeleteDto.getIds();
         if (CollUtil.isNotEmpty(ids)) {
             for (Long id : ids) {
-                deleteRoleById(id);
+                deleteRoleById(new CommDto().setId(id));
             }
         }
 
@@ -115,9 +116,10 @@ public class SysRoleServiceImpl extends ServiceImpl<SysRoleMapper, SysRole> impl
     }
 
     @ApiOperation(value = "删除角色", notes = "删除角色")
-    @DeleteMapping("{id}")
+    @DeleteMapping("deleteRoleById")
     @Transactional(rollbackFor = Exception.class)
-    public R<Boolean> deleteRoleById(@PathVariable("id") Long id) {
+    public R<Boolean> deleteRoleById(CommDto commDto) {
+        Long id = commDto.getId();
         //角色 sys_role
         removeById(id);
         //角色菜单 sys_role_menu

authorize-api-service/src/main/java/com/xy/service/impl/SysSystemServiceImpl.java

@@ -123,8 +123,6 @@ public class SysSystemServiceImpl extends ServiceImpl<SysSystemMapper, SysSystem
                 .le(SysSystem::getCreateTime, pageSelect.getEndCreateTime())
                 .like(SysSystem::getName)
                 .build();
-        //数据权限
-        RedisCache.getDataAuth(SaTokenUtils.getToken(), pageSelect.getSystemId(), lambdaQueryWrapper, SysSystem::getCreateUser);
         IPage<SysSystem> page = page(toIPage(pageSelect.getPage()), lambdaQueryWrapper);
         return R.ok(toPageBean(SysSystemDto.Vo.class, page));
     }

authorize-api/src/main/java/com/xy/dto/CommDto.java

@@ -0,0 +1,16 @@
+package com.xy.dto;
+
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+import lombok.experimental.Accessors;
+
+@Data
+@Accessors(chain = true)
+@ApiModel("id操作")
+public class CommDto {
+
+    @ApiModelProperty(value = "id", required = true)
+    public Long id;
+
+}

authorize-api/src/main/java/com/xy/dto/SysSystemDto.java

@@ -76,10 +76,6 @@ public class SysSystemDto {
     public static class PageSelect extends Select {
         @ApiModelProperty(value = "分页对象")
         private PageBean page;
-
-        @NotNull(message = "systemId不能为空")
-        @ApiModelProperty(value = "系统id")
-        private Long systemId;
     }
 
     @Data

authorize-sdk/src/main/java/com/xy/config/AuthorizeConfig.java

@@ -4,6 +4,8 @@ import lombok.Data;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.stereotype.Component;
 
+import java.util.List;
+
 @Data
 @Component
 @ConfigurationProperties(prefix = "authorize")
@@ -19,4 +21,8 @@ public class AuthorizeConfig {
      */
     private String url;
 
+    /**
+     * 需要过滤的url
+     */
+    private List<String> excludePaths;
 }

authorize-sdk/src/main/java/com/xy/config/AuthorizeIntercetor.java

@@ -0,0 +1,71 @@
+package com.xy.config;
+
+import com.xy.consts.CommConsts;
+import com.xy.enums.SaTokenEnum;
+import com.xy.error.CommRuntimeException;
+import com.xy.swagger.Knife4jConfig;
+import com.xy.utils.AuthorizeUtils;
+import com.xy.utils.Emptys;
+import lombok.AllArgsConstructor;
+import org.springframework.stereotype.Component;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+//@Component
+@AllArgsConstructor
+public class AuthorizeIntercetor extends HandlerInterceptorAdapter implements WebMvcConfigurer {
+
+    private AuthorizeConfig authorizeConfig;
+
+    /**
+     * 方法执行前
+     */
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
+        //登录鉴权
+        String satoken = request.getHeader(CommConsts.TOKEN_NAME);
+        boolean isLogin = AuthorizeUtils.authByLogin(satoken);
+        if (!isLogin) {
+            throw new CommRuntimeException(SaTokenEnum.NO_LOGIN.getKey(), SaTokenEnum.NO_LOGIN.getName());
+        }
+        //接口鉴权
+        String sysId = request.getHeader(CommConsts.SYS_ID);
+        if (!Emptys.check(sysId)) {
+            throw new CommRuntimeException(SaTokenEnum.NO_AUTHORITY.getKey(), SaTokenEnum.NO_AUTHORITY.getName());
+        }
+        String uri = request.getRequestURI();
+        boolean isInterface = AuthorizeUtils.authByInterface(satoken, Long.valueOf(sysId), uri);
+        if (!isInterface) {
+            throw new CommRuntimeException(SaTokenEnum.NO_AUTHORITY.getKey(), SaTokenEnum.NO_AUTHORITY.getName());
+        }
+        //token续签
+        AuthorizeUtils.renewTimeout(satoken);
+        return true;
+    }
+
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+        List<String> excludePaths = new ArrayList<>();
+        excludePaths.addAll(authorizeConfig.getExcludePaths());
+        excludePaths.addAll(Knife4jConfig.swaggerExcludes);
+        excludePaths.addAll(Arrays.asList(
+                "/**/js/**",
+                "/**/lib/**",
+                "/**/html/**",
+                "/**/*.jpg/**",
+                "/**/*.html/**",
+                "/**/static/**"
+                )
+        );
+        registry.addInterceptor(this)
+                .excludePathPatterns(excludePaths)
+                .addPathPatterns("/**");
+    }
+}

authorize-sdk/src/main/java/com/xy/consts/CommConsts.java

@@ -17,4 +17,14 @@ public class CommConsts {
      */
     public static final String TOKEN_NAME = "satoken";
 
+    /**
+     * 系统ID名称
+     */
+    public static final String SYS_ID = "sysId";
+
+    /**
+     * token有效期，单位：s
+     */
+    public static final Integer TOKEN_TIMEOUT = 3600;
+
 }

authorize-sdk/src/main/java/com/xy/utils/AuthorizeUtils.java

@@ -236,6 +236,18 @@ public class AuthorizeUtils {
         return list;
     }
 
+    /**
+     * 获取所有角色code
+     *
+     * @param longId   token
+     * @param systemId 系统id
+     * @return
+     */
+    public static List<String> getRoleCodes(Long longId, Long systemId) {
+        String token = StpUtil.getTokenValueByLoginId(longId);
+        return getRoleCodes(token, systemId);
+    }
+
     /**
      * 是否是管理员
      *
@@ -295,10 +307,10 @@ public class AuthorizeUtils {
             if (!Emptys.check(sysMenuJoinSysRoleMenus)) {
                 continue;
             }
-            list.addAll(new JArrayList<>(sysMenuJoinSysRoleMenus).filter()
+            JList<String> property = new JArrayList<>(sysMenuJoinSysRoleMenus).filter()
                     .isNotNull(SysMenuJoinSysRoleMenu::getInterfaceUri).list()
-                    .getProperty(SysMenuJoinSysRoleMenu::getInterfaceUri)
-            );
+                    .getProperty(SysMenuJoinSysRoleMenu::getInterfaceUri);
+            property.forEach(s -> list.addAll(SetUtils.array(s.split(",")).toList()));
         }
         return list.comparing();
     }
@@ -411,6 +423,22 @@ public class AuthorizeUtils {
                 : (T) id;
     }
 
+    /**
+     * token续签
+     *
+     * @param token token
+     */
+    public static void renewTimeout(String token) {
+        AuthorizeConfig authorizeConfig = getAuthorizeConfig();
+        if (!authorizeConfig.getIsNative()) {
+            Object obj = send("/authorize/renewTimeout", token, null);
+            if (obj == null) {
+                return;
+            }
+        }
+        StpUtil.renewTimeout(token, CommConsts.TOKEN_TIMEOUT);
+    }
+
     @Data
     @Accessors(chain = true)
     public static class CacheEntity implements Serializable {

authorize-start/src/main/resources/bootstrap.yml

@@ -13,7 +13,7 @@ cloud:
       shared-configs: redis.yaml,mysql.yaml
       name: authorize
   service:
-    name: dev_authorize
+    name: dev-authorize
 
 sa-token:
   # token名称 (同时也是cookie名称)
@@ -32,15 +32,6 @@ sa-token:
   is-log: false
   # 是否输出启动日志
   isPrint: false
-  # 是否开启接口鉴权
-  enablePermission: false
-  # 需要过滤的url
-  exclude-paths:
-    - /**/sysWorkUser/register
-    - /**/sysWorkUser/login
-    - /**/captcha/**
-    - /**/xy-captcha/**
-    - /**/actuator/dynamic-tp
 
 logging:
   config: classpath:log4j2-spring.xml

sql/init.sql

@@ -19,60 +19,75 @@ insert into sys_user_role(id, work_user_id, role_id, sys_id)
 values(1, 1, 1, 1);
 
 -- 新增菜单
-delete from sys_menu where id in(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23);
+delete from sys_menu where id in(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 100, 300);
 insert into sys_menu(id, pater_id, sys_id, code, name, type, interface_uri, web_json, create_time, update_time)
 values(1, null, 1, 'authorize', '权限管理', 1, null, null, now(), now());
 
 insert into sys_menu(id, pater_id, sys_id, code, name, type, interface_uri, web_json, create_time, update_time)
 values(2, 1, 1, 'menu', '菜单管理', 1, null, null, now(), now());
 insert into sys_menu(id, pater_id, sys_id, code, name, type, interface_uri, web_json, create_time, update_time)
-values(3, 2, 1, 'menu_data', '菜单列表', 2, '/sys-menu/menu', null, now(), now());
+values(3, 2, 1, 'menu_data', '菜单列表', 2, '/sys-menu/menu,/authorize/sys-menu/menu,/dev-authorize/sys-menu/menu', null, now(), now());
 insert into sys_menu(id, pater_id, sys_id, code, name, type, interface_uri, web_json, create_time, update_time)
-values(4, 3, 1, 'menu_add', '添加菜单', 3, '/sys-menu/save', null, now(), now());
+values(4, 3, 1, 'menu_add', '添加菜单', 3, '/sys-menu/save,/authorize/sys-menu/save,/dev-authorize/sys-menu/save', null, now(), now());
 insert into sys_menu(id, pater_id, sys_id, code, name, type, interface_uri, web_json, create_time, update_time)
-values(5, 3, 1, 'menu_del', '删除菜单', 3, '/sys-menu/del', null, now(), now());
+values(5, 3, 1, 'menu_del', '删除菜单', 3, '/sys-menu/del,/authorize/sys-menu/del,/dev-authorize/sys-menu/del', null, now(), now());
 insert into sys_menu(id, pater_id, sys_id, code, name, type, interface_uri, web_json, create_time, update_time)
-values(6, 3, 1, 'menu_edit', '编辑菜单', 3, '/sys-menu/update', null, now(), now());
+values(6, 3, 1, 'menu_edit', '编辑菜单', 3, '/sys-menu/update,/authorize/sys-menu/update,/dev-authorize/sys-menu/update', null, now(), now());
+insert into sys_menu(id, pater_id, sys_id, code, name, type, interface_uri, web_json, create_time, update_time)
+values(100, 3, 1, 'menu_work', '构建登录人系统菜单', 3, '/sys-menu/workMenu,/authorize/sys-menu/workMenu,/dev-authorize/sys-menu/workMenu', null, now(), now());
 
 insert into sys_menu(id, pater_id, sys_id, code, name, type, interface_uri, web_json, create_time, update_time)
 values(7, 1, 1, 'role', '角色管理', 1, null, null, now(), now());
 insert into sys_menu(id, pater_id, sys_id, code, name, type, interface_uri, web_json, create_time, update_time)
-values(8, 7, 1, 'role_data', '角色列表', 2, '/sysRole/page', null, now(), now());
+values(8, 7, 1, 'role_data', '角色列表', 2, '/sysRole/page,/authorize/sysRole/page,/dev-authorize/sysRole/page', null, now(), now());
 insert into sys_menu(id, pater_id, sys_id, code, name, type, interface_uri, web_json, create_time, update_time)
-values(9, 8, 1, 'role_add', '添加角色', 3, '/sysRole/saveOrUpdate', null, now(), now());
+values(9, 8, 1, 'role_add', '添加角色', 3, '/sysRole/saveOrUpdate,/authorize/sysRole/saveOrUpdate,/dev-authorize/sysRole/saveOrUpdate', null, now(), now());
 insert into sys_menu(id, pater_id, sys_id, code, name, type, interface_uri, web_json, create_time, update_time)
-values(10, 8, 1, 'role_add', '删除角色', 3, '/sysRole/*', null, now(), now());
+values(10, 8, 1, 'role_add', '删除角色', 3, '/sysRole/batchDelete,/authorize/sysRole/batchDelete,/dev-authorize/sysRole/batchDelete', null, now(), now());
 insert into sys_menu(id, pater_id, sys_id, code, name, type, interface_uri, web_json, create_time, update_time)
-values(11, 8, 1, 'role_menu', '分配菜单', 3, '/sysRole/saveRoleMenus', null, now(), now());
+values(11, 8, 1, 'role_menu', '分配菜单', 3, '/sysRole/saveRoleMenus,/authorize/sysRole/saveRoleMenus,/dev-authorize/sysRole/saveRoleMenus', null, now(), now());
 insert into sys_menu(id, pater_id, sys_id, code, name, type, interface_uri, web_json, create_time, update_time)
-values(12, 8, 1, 'role_edit', '编辑角色', 3, '/sysRole/saveOrUpdate', null, now(), now());
+values(12, 8, 1, 'role_edit', '编辑角色', 3, '/sysRole/saveOrUpdate,/authorize/sysRole/saveOrUpdate,/dev-authorize/sysRole/saveOrUpdate', null, now(), now());
 
 insert into sys_menu(id, pater_id, sys_id, code, name, type, interface_uri, web_json, create_time, update_time)
 values(13, 1, 1, 'system', '系统管理', 1, null, null, now(), now());
 insert into sys_menu(id, pater_id, sys_id, code, name, type, interface_uri, web_json, create_time, update_time)
-values(14, 13, 1, 'system_data', '系统列表', 2, "/sys-system/page", null, now(), now());
+values(14, 13, 1, 'system_data', '系统列表', 2, '/sys-system/page,/authorize/sys-system/page,/dev-authorize/sys-system/page', null, now(), now());
+insert into sys_menu(id, pater_id, sys_id, code, name, type, interface_uri, web_json, create_time, update_time)
+values(15, 14, 1, 'system_add', '添加系统', 2, '/sys-system/save,/authorize/sys-system/save,/dev-authorize/sys-system/save', null, now(), now());
 insert into sys_menu(id, pater_id, sys_id, code, name, type, interface_uri, web_json, create_time, update_time)
-values(15, 14, 1, 'system_add', '添加系统', 2, null, null, now(), now());
+values(16, 14, 1, 'system_del', '删除系统', 2, '/sys-system/del,/authorize/sys-system/del,/dev-authorize/sys-system/del', null, now(), now());
 insert into sys_menu(id, pater_id, sys_id, code, name, type, interface_uri, web_json, create_time, update_time)
-values(16, 14, 1, 'system_del', '删除系统', 2, null, null, now(), now());
+values(17, 14, 1, 'system_edit', '编辑系统', 2, '/sys-system/update,/authorize/sys-system/update,/dev-authorize/sys-system/update', null, now(), now());
 insert into sys_menu(id, pater_id, sys_id, code, name, type, interface_uri, web_json, create_time, update_time)
-values(17, 14, 1, 'system_edit', '编辑系统', 2, null, null, now(), now());
+values(300, 14, 1, 'system_list', '登录人所属系统列表', 2, '/sys-system/list,/authorize/sys-system/list,/dev-authorize/sys-system/list', null, now(), now());
 
 insert into sys_menu(id, pater_id, sys_id, code, name, type, interface_uri, web_json, create_time, update_time)
 values(18, 1, 1, 'dept', '部门管理', 1, null, null, now(), now());
 insert into sys_menu(id, pater_id, sys_id, code, name, type, interface_uri, web_json, create_time, update_time)
-values(19, 18, 1, 'dept_data', '部门列表', 2, null, null, now(), now());
+values(19, 18, 1, 'dept_data', '部门列表', 2, '', null, now(), now());
+insert into sys_menu(id, pater_id, sys_id, code, name, type, interface_uri, web_json, create_time, update_time)
+values(20, 19, 1, 'dept_add', '添加部门', 2, '/sysDept/saveOrUpdate,/authorize/sysDept/saveOrUpdate,/dev-authorize/sysDept/saveOrUpdate', null, now(), now());
+insert into sys_menu(id, pater_id, sys_id, code, name, type, interface_uri, web_json, create_time, update_time)
+values(21, 19, 1, 'dept_del', '删除部门', 2, '', null, now(), now());
+insert into sys_menu(id, pater_id, sys_id, code, name, type, interface_uri, web_json, create_time, update_time)
+values(22, 19, 1, 'dept_edit', '编辑部门', 2, '/sysDept/saveOrUpdate,/authorize/sysDept/saveOrUpdate,/dev-authorize/sysDept/saveOrUpdate', null, now(), now());
+insert into sys_menu(id, pater_id, sys_id, code, name, type, interface_uri, web_json, create_time, update_time)
+values(23, 19, 1, 'dept_role', '分配角色', 2, '/sysDept/saveOrUpdate,/authorize/sysDept/saveOrUpdate,/dev-authorize/sysDept/saveOrUpdate', null, now(), now());
+
+insert into sys_menu(id, pater_id, sys_id, code, name, type, interface_uri, web_json, create_time, update_time)
+values(24, 1, 1, 'system_value', '系统属性', 1, null, null, now(), now());
 insert into sys_menu(id, pater_id, sys_id, code, name, type, interface_uri, web_json, create_time, update_time)
-values(20, 19, 1, 'dept_add', '添加部门', 2, null, null, now(), now());
+values(25, 24, 1, 'system_value_data', '系统属性列表', 2, '/sys-system-value/page,/authorize/sys-system-value/page,/dev-authorize/sys-system-value/page', null, now(), now());
 insert into sys_menu(id, pater_id, sys_id, code, name, type, interface_uri, web_json, create_time, update_time)
-values(21, 19, 1, 'dept_del', '删除部门', 2, null, null, now(), now());
+values(26, 24, 1, 'system_value_add', '添加系统属性', 2, '/sys-system-value/save,/authorize/sys-system-value/save,/dev-authorize/sys-system-value/save', null, now(), now());
 insert into sys_menu(id, pater_id, sys_id, code, name, type, interface_uri, web_json, create_time, update_time)
-values(22, 19, 1, 'dept_edit', '编辑部门', 2, null, null, now(), now());
+values(27, 24, 1, 'system_value_del', '删除系统属性', 2, '/sys-system-value/del,/authorize/sys-system-value/del,/dev-authorize/sys-system-value/del', null, now(), now());
 insert into sys_menu(id, pater_id, sys_id, code, name, type, interface_uri, web_json, create_time, update_time)
-values(23, 19, 1, 'dept_role', '分配角色', 2, null, null, now(), now());
+values(28, 24, 1, 'system_value_edit', '编辑系统属性', 2, '/sys-system-value/update,/authorize/sys-system-value/update,/dev-authorize/sys-system-value/update', null, now(), now());
 
 -- 新增角色菜单关联
-delete from sys_role_menu where id in(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23);
+delete from sys_role_menu where id in(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 100, 300);
 insert into sys_role_menu(id, role_id, menu_id, select_is_admin, sys_id)
 values(1, 1, 1, true, 1);
 insert into sys_role_menu(id, role_id, menu_id, select_is_admin, sys_id)
@@ -119,3 +134,17 @@ insert into sys_role_menu(id, role_id, menu_id, select_is_admin, sys_id)
 values(22, 1, 22, true, 1);
 insert into sys_role_menu(id, role_id, menu_id, select_is_admin, sys_id)
 values(23, 1, 23, true, 1);
+insert into sys_role_menu(id, role_id, menu_id, select_is_admin, sys_id)
+values(24, 1, 24, true, 1);
+insert into sys_role_menu(id, role_id, menu_id, select_is_admin, sys_id)
+values(25, 1, 25, true, 1);
+insert into sys_role_menu(id, role_id, menu_id, select_is_admin, sys_id)
+values(26, 1, 26, true, 1);
+insert into sys_role_menu(id, role_id, menu_id, select_is_admin, sys_id)
+values(27, 1, 27, true, 1);
+insert into sys_role_menu(id, role_id, menu_id, select_is_admin, sys_id)
+values(28, 1, 28, true, 1);
+insert into sys_role_menu(id, role_id, menu_id, select_is_admin, sys_id)
+values(100, 1, 100, true, 1);
+insert into sys_role_menu(id, role_id, menu_id, select_is_admin, sys_id)
+values(300, 1, 300, true, 1);