add permission check

master
wangning 7 years ago
parent ac472773f6
commit 9448ee6bb2

@ -30,4 +30,6 @@ public interface PartnerPermissionManager {
void authorizeRole(ManagerRole role, List<String> functions); void authorizeRole(ManagerRole role, List<String> functions);
List<JSONObject> listUserFunctions(int role); List<JSONObject> listUserFunctions(int role);
JSONObject getPartnerFuncById(String funcId);
} }

@ -216,4 +216,9 @@ public class PartnerPermissionManagerImpl implements PartnerPermissionManager {
return permissionPartnerFunctionMapper.listByRoleMask(role); return permissionPartnerFunctionMapper.listByRoleMask(role);
} }
@Override
public JSONObject getPartnerFuncById(String funcId) {
return permissionPartnerFunctionMapper.find(funcId);
}
} }

@ -1,12 +1,13 @@
package au.com.royalpay.payment.manage.permission.manager; package au.com.royalpay.payment.manage.permission.manager;
import au.com.royalpay.payment.manage.management.sysconfig.core.PartnerPermissionManager;
import au.com.royalpay.payment.manage.management.sysconfig.core.PermissionManager; import au.com.royalpay.payment.manage.management.sysconfig.core.PermissionManager;
import au.com.royalpay.payment.manage.signin.core.SignInStatusManager; import au.com.royalpay.payment.manage.signin.core.SignInStatusManager;
import au.com.royalpay.payment.tools.CommonConsts; import au.com.royalpay.payment.tools.CommonConsts;
import au.com.royalpay.payment.tools.exceptions.ForbiddenException; import au.com.royalpay.payment.tools.exceptions.ForbiddenException;
import au.com.royalpay.payment.tools.http.HttpUtils; import au.com.royalpay.payment.tools.http.HttpUtils;
import au.com.royalpay.payment.tools.permission.enums.PartnerRole; import au.com.royalpay.payment.tools.permission.enums.PartnerRole;
import com.alibaba.fastjson.JSONArray; import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject; import com.alibaba.fastjson.JSONObject;
@ -33,6 +34,8 @@ public class ManagerUserInterceptor extends HandlerInterceptorAdapter implements
private SignInStatusManager signInStatusManager; private SignInStatusManager signInStatusManager;
@Resource @Resource
private PermissionManager permissionManager; private PermissionManager permissionManager;
@Resource
private PartnerPermissionManager partnerPermissionManager;
@Override @Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
@ -101,11 +104,13 @@ public class ManagerUserInterceptor extends HandlerInterceptorAdapter implements
} }
} }
// JSONObject func = permissionManager.getPartnerFuncById(funcId); JSONObject func = partnerPermissionManager.getPartnerFuncById(funcId);
// JSONArray arr = loginUser.getJSONArray("available_module_ids"); if(func!=null && StringUtils.isNotEmpty(func.getString("module_id"))){
// if (arr == null || !arr.contains(func.getString("module_id"))) { JSONArray arr = loginUser.getJSONArray("available_module_ids");
// throw new ForbiddenException("error.permission.nopermission"); if (arr == null || !arr.contains(func.getString("module_id"))) {
// } throw new ForbiddenException("error.permission.nopermission");
}
}
request.setAttribute(CommonConsts.PARTNER_STATUS, loginUser); request.setAttribute(CommonConsts.PARTNER_STATUS, loginUser);
} }

Loading…
Cancel
Save