权限 粒度化 到 系统 部门 部门及子部门 个人用户
AuthOperater 负责检查权限
//// Source code recreated from a .class file by IntelliJ IDEA// (powered by Fernflower decompiler)//package cn.com.do1.component.systemmgr.auth;import cn.com.do1.common.util.string.StringUtil;import cn.com.do1.component.systemmgr.auth.AuthQuickDac;import cn.com.do1.component.systemmgr.auth.UserAuth;import cn.com.do1.component.systemmgr.util.CollectionUtils;import cn.com.do1.component.systemmgr.util.SystemRoleCacheMgr;import cn.com.do1.component.systemmgr.util.Constants.ACCESS_LEVEL;import cn.com.do1.dqdp.core.DqdpAppContext;import java.util.ArrayList;import java.util.Collections;import java.util.Iterator;import java.util.List;import java.util.Map;import org.springframework.security.core.GrantedAuthority;import org.springframework.security.core.userdetails.UserDetails;public class AuthOperater {public AuthOperater() {}- //查询 权限code的级别
public static int ckCurrentUserPerAccessLevel(String permissionCode) throws Exception {if(permissionCode == null) {throw new Exception("权限代码不能为空!");} else if(UserAuth.isSuperUser()) {return ACCESS_LEVEL.ALL.value();} else {String[] roleIds = UserAuth.getSessionPerson().getRoleIds().split(",");ArrayList accessLevList = new ArrayList();String[] var6 = roleIds;int var5 = roleIds.length;for(int var4 = 0; var4 < var5; ++var4) {String roleid = var6[var4];List perlist = SystemRoleCacheMgr.getOPermissByRoleId(roleid);Iterator var9 = perlist.iterator();while(var9.hasNext()) {Map per = (Map)var9.next();if(per.get("PERMISSION_CODE").toString().equalsIgnoreCase(permissionCode)) {accessLevList.add(Integer.valueOf(per.get("ACCESS_LEVEL").toString()));}}}if(accessLevList.size() <= 0) {return ACCESS_LEVEL.NOT_HAS.value();} else {return ((Integer)Collections.min(accessLevList)).intValue();}}}- //检查当前用户是否包含权限code
public static boolean ckCurrentUserHasPer(String permissionCode) throws Exception {if(permissionCode == null) {return false;} else if(UserAuth.isSuperUser()) {return true;} else {UserDetails userDetails = DqdpAppContext.getCurrentUser();Iterator var3 = userDetails.getAuthorities().iterator();while(var3.hasNext()) {GrantedAuthority grantedAuthority = (GrantedAuthority)var3.next();try {if("all".equals(permissionCode) || StringUtil.isInContainer(permissionCode.split(","), grantedAuthority.getAuthority())) {return true;}} catch (Exception var4) {return false;}}return false;}}- //检查用户针对改权限拥有的级别所有的部门id
public static String ckUserModuelPreDepts(String permissionCode) throws Exception {int accessCode = ckCurrentUserPerAccessLevel(permissionCode);if(accessCode != ACCESS_LEVEL.NOT_HAS.value() && accessCode != ACCESS_LEVEL.USER.value()) {if(accessCode != ACCESS_LEVEL.ALL.value() && accessCode != ACCESS_LEVEL.SYSTEM_USER.value()) {ArrayList deptList = null;if(accessCode == ACCESS_LEVEL.DEPT.value()) {deptList = (ArrayList)AuthQuickDac.getContext().searchUserDeptLevelOrg(UserAuth.getSessionUser().getId().toLowerCase());}if(accessCode == ACCESS_LEVEL.DEPT_AND_CHILDREN.value()) {deptList = (ArrayList)AuthQuickDac.getContext().searchUserDChildLevOrg(UserAuth.getSessionUser().getId().toLowerCase());}deptList = (ArrayList)CollectionUtils.replaceList(deptList);return CollectionUtils.listToString(deptList);} else {return "all";}} else {return null;}}}
AuthQuickDac 负责查询权限粒度
//// Source code recreated from a .class file by IntelliJ IDEA// (powered by Fernflower decompiler)//package cn.com.do1.component.systemmgr.auth;import cn.com.do1.common.dac.QuickDAC;import cn.com.do1.component.systemmgr.org.model.TbDqdpOrgPO;import cn.com.do1.component.systemmgr.user.model.TbUserRoleDeptRefPO;import cn.com.do1.component.systemmgr.util.CollectionUtils;import cn.com.do1.component.systemmgr.util.SystemCacheUtils;import cn.com.do1.dqdp.core.DqdpAppContext;import java.sql.SQLException;import java.util.ArrayList;import java.util.Iterator;import java.util.List;import java.util.Map;import java.util.concurrent.TimeUnit;import java.util.concurrent.locks.ReentrantLock;import javax.sql.DataSource;import org.slf4j.Logger;import org.slf4j.LoggerFactory;public class AuthQuickDac {private static final Logger logger = LoggerFactory.getLogger(AuthQuickDac.class);private static ReentrantLock lock = new ReentrantLock(true);private static ThreadLocal<Integer> executeCount = new ThreadLocal();private static AuthQuickDac authQuickDac;private DataSource ds;private AuthQuickDac() {executeCount.set(Integer.valueOf(5));this.ds = (DataSource)DqdpAppContext.getSpringContext().getBean("dataSource");}public static AuthQuickDac getContext() {try {lock.lock();if(authQuickDac == null) {authQuickDac = new AuthQuickDac();}} finally {lock.unlock();}return authQuickDac;}private boolean getLook() {try {if(lock.tryLock(30L, TimeUnit.MILLISECONDS)) {executeCount.set(Integer.valueOf(0));logger.info("获取锁成功");return true;} else {logger.info("在指定的时间内未能获取到锁");if(5 <= ((Integer)executeCount.get()).intValue()) {logger.info("系统连续5次获取锁失败");return false;} else {executeCount.set(Integer.valueOf(((Integer)executeCount.get()).intValue() + 1));return this.getLook();}}} catch (InterruptedException var2) {logger.error(var2.getMessage(), var2);return false;}}public List searchUserDeptLevelOrg(String userid) {if(!this.getLook()) {return null;} else {QuickDAC quickDAC = null;try {quickDAC = new QuickDAC(this.ds.getConnection());quickDAC.preparedSql("select * from TB_USER_ROLE_DEPT_REF where USER_ID=:userid");quickDAC.setPreValue("userid", userid);List e = quickDAC.getList(TbUserRoleDeptRefPO.class);ArrayList depss = new ArrayList();if(e.size() > 0) {Iterator var6 = e.iterator();while(var6.hasNext()) {TbUserRoleDeptRefPO tbUserRoleDeptRefPO = (TbUserRoleDeptRefPO)var6.next();depss.add(tbUserRoleDeptRefPO.getOrgId());}}ArrayList var8 = depss;return var8;} catch (Exception var11) {logger.error(var11.getMessage(), var11);} finally {lock.unlock();quickDAC.destoryWithoutConnection();}return null;}}public List searchUserDChildLevOrg(String userid) {if(!this.getLook()) {return null;} else {QuickDAC quickDAC = null;try {quickDAC = new QuickDAC(this.ds.getConnection());quickDAC.preparedSql("select * from TB_USER_ROLE_DEPT_REF where USER_ID=:userid");quickDAC.setPreValue("userid", userid);List e = quickDAC.getList(TbUserRoleDeptRefPO.class);ArrayList depss = new ArrayList();Iterator orgid = e.iterator();while(orgid.hasNext()) {TbUserRoleDeptRefPO list = (TbUserRoleDeptRefPO)orgid.next();depss.add(list.getOrgId());}depss = (ArrayList)CollectionUtils.replaceList(depss);ArrayList list1 = new ArrayList();if(depss.size() > 0) {Iterator var7 = depss.iterator();while(var7.hasNext()) {String orgid1 = (String)var7.next();if(SystemCacheUtils.getOrgByOrgId(orgid1).get("IS_PARENT").toString().equalsIgnoreCase("0")) {Map org = SystemCacheUtils.getOrgByOrgId(orgid1);CollectionUtils.addListToList(list1, this.searchOrgByLRVal(quickDAC, org.get("LEFTVALUE").toString(), org.get("RIGHTVALUE").toString()));}}}CollectionUtils.addListToList(list1, depss);ArrayList var10 = list1;return var10;} catch (Exception var13) {logger.error(var13.getMessage(), var13);} finally {lock.unlock();quickDAC.destoryWithoutConnection();}return null;}}private List searchOrgByLRVal(QuickDAC qac, String leftVal, String rightVal) throws SQLException {qac.preparedSql("select * from TB_DQDP_ORGANIZATION where LEFTVALUE >:leftval and RIGHTVALUE <:rightval");qac.setPreValue("leftval", leftVal);qac.setPreValue("rightval", rightVal);List list = qac.getList(TbDqdpOrgPO.class);ArrayList orgs = new ArrayList();if(list.size() > 0) {Iterator var7 = list.iterator();while(var7.hasNext()) {TbDqdpOrgPO tbDqdpOrgPO = (TbDqdpOrgPO)var7.next();orgs.add(tbDqdpOrgPO.getOrganizationId());}}return orgs;}}
浙公网安备 33010602011771号