权限检测变更。

src/main/java/com/kingkong/bljs/api/RestController.java

@@ -1,6 +1,7 @@
 package com.kingkong.bljs.api;
 
 
+import com.kingkong.bljs.common.PrivChecker;
 import com.kingkong.bljs.service.ModelService;
 import com.kingkong.bljs.service.RestService;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -24,6 +25,7 @@ public class RestController extends BaseController {
      * @param code
      * @return
      */
+    @PrivChecker(type = 6,code = "#code", name = "0")
     @GetMapping("{code}")
     public Object get(@PathVariable String code, @RequestParam("body") String body) throws Exception{
         return restService.getData(code,body);
@@ -37,12 +39,14 @@ public class RestController extends BaseController {
      * @return
      * @throws Exception
      */
+    @PrivChecker(type = 6,code = "#code", name = "1")
     @PostMapping("{code}")
     public Object post(@PathVariable String code,@RequestBody String body) throws Exception{
         return restService.post(code,body);
     }
 
     @DeleteMapping("{code}/{params}")
+    @PrivChecker(type = 6,code = "#code", name = "2")
     public Object delete(@PathVariable String code,@PathVariable String params) throws Exception{
         return restService.delete(code,params);
     }

src/main/java/com/kingkong/bljs/common/PrivAspect.java

@@ -47,8 +47,8 @@ public class PrivAspect {
             params.put('#' + parameterNames[i], args[i]);
         }
 
-        String name = params.getString(checker.name(),"");
-        String code = params.getString(checker.code(),"");
+        String name = params.getString(checker.name(),checker.name());
+        String code = params.getString(checker.code(),checker.code());
 
         if(name.equals(""))
             throw new Exception("权限配置错误！");

src/main/java/com/kingkong/bljs/service/CommonService.java

@@ -32,7 +32,7 @@ public class CommonService {
         return new TableColumnCollection(this.queryService.getTableColumns(name));
     }
 
-    @PrivChecker(type = 1,name = "#name", action = "insert")
+    //@PrivChecker(type = 1,name = "#name", action = "insert")
     public long insert(String name,Map data) throws Exception{
         JSONObject object = new JSONObject();
         for(Object key: data.keySet()){
@@ -49,7 +49,7 @@ public class CommonService {
         return this.queryService.insert(name,object);
     }
 
-    @PrivChecker(type = 1 ,name = "#name", action = "update")
+    //@PrivChecker(type = 1 ,name = "#name", action = "update")
     public int update(String name,Map data,Map condition){
         TableColumnCollection columns  = this.getTableColumns(name);
         if(columns.containColumn("updated_at"))
@@ -58,7 +58,7 @@ public class CommonService {
         return this.queryService.update(name,data,condition);
     }
 
-    @PrivChecker(type = 1, name = "#name" ,action = "delete")
+    //@PrivChecker(type = 1, name = "#name" ,action = "delete")
     public boolean delete(String name,Map condition){
         return this.queryService.delete(name,JObject.parser(condition));
     }
@@ -67,7 +67,7 @@ public class CommonService {
         return this.queryService.deleteRaw(name,condition);
     }
 
-    @PrivChecker(type = 1, name = "#name" ,action = "select")
+    //@PrivChecker(type = 1, name = "#name" ,action = "select")
     public Map find(String name,Map condition){
         return this.queryService.first(name,condition);
     }
@@ -84,12 +84,12 @@ public class CommonService {
         return find(name,where);
     }
 
-    @PrivChecker(type = 1 , name = "#name" , action = "select")
+    //@PrivChecker(type = 1 , name = "#name" , action = "select")
     public List<Map> select(String name, Map condition){
         return this.queryService.selectTable(name,condition);
     }
 
-    @PrivChecker(type = 4, name = "#procName")
+    //@PrivChecker(type = 4, name = "#procName")
     public void executeProc(String procName,List<Object> params){
         queryService.executeProc(procName,params);
     }
@@ -104,7 +104,7 @@ public class CommonService {
      * @param name 序列名称
      * @return
      */
-    @PrivChecker(type = 5,name = "#name", action = "select")
+    //@PrivChecker(type = 5,name = "#name", action = "select")
     public long getSequence(String name){
         String strSQL = "select {0}.nextval id from dual";
         List<Map> result = this.queryService.select(strSQL,name);

src/main/java/com/kingkong/bljs/service/ModuleService.java

@@ -111,7 +111,7 @@ public class ModuleService {
      * @param mcode 模块避难
      * @return
      */
-    @PrivChecker(name = "#name",code = "#mid")
+    //@PrivChecker(name = "#name",code = "#mid")
     public Map getData(String mid,String name, JObject querier) throws Exception{
         //String strSQL = this.getSource(mid,name);
         Map item = this.getSource(mid,name);
@@ -252,12 +252,12 @@ public class ModuleService {
         return result;
     }
 
-    @PrivChecker(type = 1,name = "#name")
+    //@PrivChecker(type = 1,name = "#name")
     public List<Map> getList(String name,Map condition){
         return commonService.select(name,condition);
     }
 
-    @PrivChecker(type = 1,name = "#name")
+    //@PrivChecker(type = 1,name = "#name")
     public Map find(String name,Map condition){
         return commonService.find(name,condition);
     }

src/main/java/com/kingkong/bljs/service/PrivService.java

@@ -50,26 +50,29 @@ public class PrivService {
 
 
         for(Map item : privs){
-            if(1 == type){ //表权限
-                if(item.get("name").toString().equals(name) && item.get("action").toString().equals(action))
-                    return true;
+            if(1 == type){ //表权限,淘汰不用
+//                if(item.get("name").toString().equals(name) && item.get("action").toString().equals(action))
+//                    return true;
             }
-            else if(0 == type){ //数据源
-                if( item.get("m_id").toString().equals(code) && item.get("name").toString().equals(name)
-                        && item.get("action").toString().equals(action))
-                    return true;
-            } else if(2 == type){// url资源
-                if(item.get("name").toString().equals(name)){
+            else if(0 == type){ //数据源,淘汰不用
+//                if( item.get("m_id").toString().equals(code) && item.get("name").toString().equals(name)
+//                        && item.get("action").toString().equals(action))
+//                    return true;
+            } else if(2 == type){// url资源,淘汰不用
+//                if(item.get("name").toString().equals(name)){
+//                    return true;
+//                }
+            } else if(4 == type){ //存储过程,淘汰不用
+//                if( item.get("name").toString().toUpperCase().equals(name.toUpperCase())){
+//                    return  true;
+//                }
+            } else if (5 == type){//序列,淘汰不用
+//                if( item.get("name").toString().toUpperCase().equals(name.toUpperCase())){
+//                    return  true;
+//                }
+            } else if( 6 == type ){
+                if(item.get("code").toString().equals(code) && item.get("method").toString().equals(name))
                     return true;
-                }
-            } else if(4 == type){ //存储过程
-                if( item.get("name").toString().toUpperCase().equals(name.toUpperCase())){
-                    return  true;
-                }
-            } else if (5 == type){//序列
-                if( item.get("name").toString().toUpperCase().equals(name.toUpperCase())){
-                    return  true;
-                }
             }
 
         }

src/main/java/com/kingkong/bljs/service/RestService.java

@@ -57,6 +57,9 @@ public class RestService {
 
     private Object sqlAction(UserApi api,String request) {
         String strSQL = api.getContent();
+
+        strSQL = moduleService.parserEnvVariable(strSQL);
+
         return queryService.quickQuery(strSQL,request);
     }
 

src/main/java/com/kingkong/bljs/service/UserService.java

@@ -106,7 +106,7 @@ public class UserService {
                 "WHERE t.app_id = z.app_id and t.r_id = z.id and z.status =1 \n" +
                 "	and t.app_id ={0} and t.u_id ={1}";
 
-        List<Map> roles = queryService.select(strSQL,appid,user.get("id"));
+        List<Map> roles = queryService.select(strSQL,appid,user.get("id").toString());
         user.put("roles",roles);
 
         //菜单
@@ -121,17 +121,18 @@ public class UserService {
 
 
         // 后台判断权限
-        strSQL = "SELECT a.*,b.id m_id\n" +
-                "FROM k_role_priv t,k_module_priv z,k_module_priv_detail a,k_module b\n" +
-                "WHERE t.r_id in({0}) and  t.m_code = z.m_code and t.p_code = z.code\n" +
-                "	and a.code = z.code  and b.code = z.m_code ";
+//        strSQL =  "select a.name\n" +
+//                "from k_role_priv t,k_module_priv z,k_module_priv_detail a\n" +
+//                "where t.r_id in({0})\n" +
+//                "      and t.p_code = z.code and a.code = z.code\n" +
+//                "      and a.type = 3";
+//
+//        List<Map> list = queryService.select(strSQL,strRoles);
+//
+//        List<Map> privs = new ArrayList<>();
+        UserPriv userPriv = new UserPriv(strRoles);
 
-
-        List<Map> list = queryService.select(strSQL,strRoles);
-
-        List<Map> privs = listPriv(list);
-
-        user.put("privs",privs);
+        user.put("privs",userPriv.getPrivs());
 
 
         // 用于在前端判断权限
@@ -145,18 +146,18 @@ public class UserService {
     }
 
 
-    private List<Map> listPriv(List<Map> list){
-        List<Map> result = new ArrayList<Map>();
-        for(int i = 0;i < list.size(); i ++){
-            Map item = list.get(i);
-            result.add(item);
-            if(item.get("type").toString().equals("3")){
-                result.addAll(getModuleDefaultPriv(item.get("name").toString()));
-
-            }
-        }
-        return result;
-    }
+//    private List<Map> listPriv(List<Map> list){
+//        List<Map> result = new ArrayList<Map>();
+//        for(int i = 0;i < list.size(); i ++){
+//            Map item = list.get(i);
+//            result.add(item);
+//            if(item.get("type").toString().equals("3")){
+//                result.addAll(getModuleDefaultPriv(item.get("name").toString()));
+//
+//            }
+//        }
+//        return result;
+//    }
 
 
     /**
@@ -164,14 +165,14 @@ public class UserService {
      * @param moduleName
      * @return
      */
-    private List<Map> getModuleDefaultPriv(String moduleName){
-        String strSQL = "SELECT z.*,b.id m_id\n" +
-                "FROM k_module_priv t,k_module_priv_detail z,k_module b\n" +
-                "WHERE t.m_code= '{0}' AND t.code = t.m_code\n" +
-                "	and z.code = t.code and b.code = t.m_code";
-        List<Map> list = queryService.select(strSQL,moduleName);
-        return listPriv(list);
-    }
+//    private List<Map> getModuleDefaultPriv(String moduleName){
+//        String strSQL = "SELECT z.*,b.id m_id\n" +
+//                "FROM k_module_priv t,k_module_priv_detail z,k_module b\n" +
+//                "WHERE t.m_code= '{0}' AND t.code = t.m_code\n" +
+//                "	and z.code = t.code and b.code = t.m_code";
+//        List<Map> list = queryService.select(strSQL,moduleName);
+//        return listPriv(list);
+//    }
 
 
     /**
@@ -200,4 +201,89 @@ public class UserService {
 
     }
 
+
+    class UserPriv {
+        private String roleIds;
+
+        //已经加载的模块
+        private List<String> moduleCache = new ArrayList<>() ;
+
+        private List<Map> privs = new ArrayList<>();
+
+        public  UserPriv(String roleIds ){
+            this.roleIds = roleIds;
+        }
+
+        public List<Map> getPrivs(){
+            String strSQL = "select a.*\n" +
+                            "from k_role_priv t,k_module_priv z,k_module_priv_detail a\n" +
+                            "where t.r_id in({0})\n" +
+                            "      and t.p_code = z.code and a.code = z.code\n" +
+                            "      and a.type = 3";
+
+            List<Map> list = queryService.select(strSQL,roleIds);
+            load(list);
+            return privs;
+        }
+
+        //加载模块默认权限
+        private void loadModule(String module) {
+            if(moduleCache.contains(module))
+                return;
+
+            moduleCache.add(module);
+
+            String strSQL = "select  z.*\n" +
+                            "from k_module_priv t,k_module_priv_detail z\n" +
+                            "where t.m_code='{0}' and t.code = z.code\n" +
+                            "      and t.code = t.m_code";
+            List<Map> list = queryService.select(strSQL,module);
+            load(list);
+        }
+
+        private void load(List<Map> list){
+            for(Map map : list) {
+                String type = map.get("type").toString();
+                String name = map.get("name").toString();
+
+                if(type.equals("3")){ //模块信息
+                    loadModule(name);
+                }
+                else if(type.equals("6")) { // appi
+                    loadApi(name);
+                }
+                else if(type.equals("7")) { // api group
+                    loadApiGroup(name);
+                }
+            }
+        }
+
+        /**
+         * 加载api分组
+         * @param groupId
+         */
+        private void loadApiGroup(String groupId) {
+            String strSQL = "select code,name from k_api where  g_id={0}";
+            List<Map> list = queryService.select(strSQL,groupId);
+            privs = ListUtil.merge(privs,list);
+
+            // 下级分类
+            strSQL = "select id from k_api_group where  p_id={0}";
+            list = queryService.select(strSQL,groupId);
+            for(Map map : list) {
+                loadApiGroup(map.get("id").toString());
+            }
+        }
+
+
+        //加载API
+        private void loadApi(String apiId) {
+            String strSQL = "select code,method from k_api where id={0}";
+            List<Map> list = queryService.select(strSQL,apiId);
+
+            privs = ListUtil.merge(privs,list);
+        }
+
+    }
+
 }

src/main/java/com/kingkong/bljs/util/ListUtil.java

@@ -76,4 +76,12 @@ public class ListUtil {
         return null;
     }
 
+
+    public static List<Map> merge(List<Map> list,List<Map> list2) {
+        for(Map item: list2) {
+            list.add(item);
+        }
+        return list;
+    }
+
 }