From 9448ee6bb2e5042cffea3f1ec0781cc4b899c0d0 Mon Sep 17 00:00:00 2001 From: wangning <164851225@qq.com> Date: Fri, 6 Jul 2018 15:09:28 +0800 Subject: [PATCH] add permission check --- .../core/PartnerPermissionManager.java | 2 ++ .../impls/PartnerPermissionManagerImpl.java | 5 +++++ .../manager/ManagerUserInterceptor.java | 17 +++++++++++------ 3 files changed, 18 insertions(+), 6 deletions(-) diff --git a/src/main/java/au/com/royalpay/payment/manage/management/sysconfig/core/PartnerPermissionManager.java b/src/main/java/au/com/royalpay/payment/manage/management/sysconfig/core/PartnerPermissionManager.java index 0a884443d..41969cda6 100644 --- a/src/main/java/au/com/royalpay/payment/manage/management/sysconfig/core/PartnerPermissionManager.java +++ b/src/main/java/au/com/royalpay/payment/manage/management/sysconfig/core/PartnerPermissionManager.java @@ -30,4 +30,6 @@ public interface PartnerPermissionManager { void authorizeRole(ManagerRole role, List functions); List listUserFunctions(int role); + + JSONObject getPartnerFuncById(String funcId); } diff --git a/src/main/java/au/com/royalpay/payment/manage/management/sysconfig/core/impls/PartnerPermissionManagerImpl.java b/src/main/java/au/com/royalpay/payment/manage/management/sysconfig/core/impls/PartnerPermissionManagerImpl.java index abc025b36..e3c316242 100644 --- a/src/main/java/au/com/royalpay/payment/manage/management/sysconfig/core/impls/PartnerPermissionManagerImpl.java +++ b/src/main/java/au/com/royalpay/payment/manage/management/sysconfig/core/impls/PartnerPermissionManagerImpl.java @@ -216,4 +216,9 @@ public class PartnerPermissionManagerImpl implements PartnerPermissionManager { return permissionPartnerFunctionMapper.listByRoleMask(role); } + @Override + public JSONObject getPartnerFuncById(String funcId) { + return permissionPartnerFunctionMapper.find(funcId); + } + } diff --git a/src/main/java/au/com/royalpay/payment/manage/permission/manager/ManagerUserInterceptor.java b/src/main/java/au/com/royalpay/payment/manage/permission/manager/ManagerUserInterceptor.java index 4933f67cb..73bf94afc 100644 --- a/src/main/java/au/com/royalpay/payment/manage/permission/manager/ManagerUserInterceptor.java +++ b/src/main/java/au/com/royalpay/payment/manage/permission/manager/ManagerUserInterceptor.java @@ -1,12 +1,13 @@ package au.com.royalpay.payment.manage.permission.manager; +import au.com.royalpay.payment.manage.management.sysconfig.core.PartnerPermissionManager; import au.com.royalpay.payment.manage.management.sysconfig.core.PermissionManager; import au.com.royalpay.payment.manage.signin.core.SignInStatusManager; import au.com.royalpay.payment.tools.CommonConsts; import au.com.royalpay.payment.tools.exceptions.ForbiddenException; import au.com.royalpay.payment.tools.http.HttpUtils; - import au.com.royalpay.payment.tools.permission.enums.PartnerRole; + import com.alibaba.fastjson.JSONArray; import com.alibaba.fastjson.JSONObject; @@ -33,6 +34,8 @@ public class ManagerUserInterceptor extends HandlerInterceptorAdapter implements private SignInStatusManager signInStatusManager; @Resource private PermissionManager permissionManager; + @Resource + private PartnerPermissionManager partnerPermissionManager; @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { @@ -101,11 +104,13 @@ public class ManagerUserInterceptor extends HandlerInterceptorAdapter implements } } -// JSONObject func = permissionManager.getPartnerFuncById(funcId); -// JSONArray arr = loginUser.getJSONArray("available_module_ids"); -// if (arr == null || !arr.contains(func.getString("module_id"))) { -// throw new ForbiddenException("error.permission.nopermission"); -// } + JSONObject func = partnerPermissionManager.getPartnerFuncById(funcId); + if(func!=null && StringUtils.isNotEmpty(func.getString("module_id"))){ + JSONArray arr = loginUser.getJSONArray("available_module_ids"); + if (arr == null || !arr.contains(func.getString("module_id"))) { + throw new ForbiddenException("error.permission.nopermission"); + } + } request.setAttribute(CommonConsts.PARTNER_STATUS, loginUser); }