add permission check

master
wangning 6 years ago
parent ac472773f6
commit 9448ee6bb2

@ -30,4 +30,6 @@ public interface PartnerPermissionManager {
void authorizeRole(ManagerRole role, List<String> functions);
List<JSONObject> listUserFunctions(int role);
JSONObject getPartnerFuncById(String funcId);
}

@ -216,4 +216,9 @@ public class PartnerPermissionManagerImpl implements PartnerPermissionManager {
return permissionPartnerFunctionMapper.listByRoleMask(role);
}
@Override
public JSONObject getPartnerFuncById(String funcId) {
return permissionPartnerFunctionMapper.find(funcId);
}
}

@ -1,12 +1,13 @@
package au.com.royalpay.payment.manage.permission.manager;
import au.com.royalpay.payment.manage.management.sysconfig.core.PartnerPermissionManager;
import au.com.royalpay.payment.manage.management.sysconfig.core.PermissionManager;
import au.com.royalpay.payment.manage.signin.core.SignInStatusManager;
import au.com.royalpay.payment.tools.CommonConsts;
import au.com.royalpay.payment.tools.exceptions.ForbiddenException;
import au.com.royalpay.payment.tools.http.HttpUtils;
import au.com.royalpay.payment.tools.permission.enums.PartnerRole;
import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject;
@ -33,6 +34,8 @@ public class ManagerUserInterceptor extends HandlerInterceptorAdapter implements
private SignInStatusManager signInStatusManager;
@Resource
private PermissionManager permissionManager;
@Resource
private PartnerPermissionManager partnerPermissionManager;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
@ -101,11 +104,13 @@ public class ManagerUserInterceptor extends HandlerInterceptorAdapter implements
}
}
// JSONObject func = permissionManager.getPartnerFuncById(funcId);
// JSONArray arr = loginUser.getJSONArray("available_module_ids");
// if (arr == null || !arr.contains(func.getString("module_id"))) {
// throw new ForbiddenException("error.permission.nopermission");
// }
JSONObject func = partnerPermissionManager.getPartnerFuncById(funcId);
if(func!=null && StringUtils.isNotEmpty(func.getString("module_id"))){
JSONArray arr = loginUser.getJSONArray("available_module_ids");
if (arr == null || !arr.contains(func.getString("module_id"))) {
throw new ForbiddenException("error.permission.nopermission");
}
}
request.setAttribute(CommonConsts.PARTNER_STATUS, loginUser);
}

Loading…
Cancel
Save