diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/PrivateController.java b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/PrivateController.java index a860ea30..a495da22 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/PrivateController.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/PrivateController.java @@ -941,12 +941,12 @@ public class PrivateController { - if (!Sets.difference(notAuthFeatureIds, productFeatureIds).isEmpty()) { + if (!Sets.intersection(notAuthFeatureIds, productFeatureIds).isEmpty()) { return FeatureCodeCheckResult.builder() .authPermission(true) .reasons(Lists.newArrayList("权限点是免授权")) .build(); - } else if (!Sets.difference(parentNotAuthFeatureIds, productFeatureIds).isEmpty()) { + } else if (!Sets.intersection(parentNotAuthFeatureIds, productFeatureIds).isEmpty()) { return FeatureCodeCheckResult.builder() .authPermission(true) .reasons(Lists.newArrayList("权限点的子节点是免授权")) @@ -988,6 +988,14 @@ public class PrivateController { .build(); } + if (CollectionUtils.isEmpty(roles)) { + return FeatureCodeCheckResult.builder() + .featureCode(featureCode) + .authPermission(false) + .reasons(Lists.newArrayList("用户在项目里没有任何角色")) + .build(); + } + FeatureCodeCheckResult adminRoleCheckResult = resolveAdminRole(adminRoles, permissions); FeatureCodeCheckResult normalRoleCheckResult = resolveNormalRole(normalRoles, permissions, rolePermissions, featureCode); @@ -999,7 +1007,7 @@ public class PrivateController { || BooleanUtils.isTrue(notAuthCheckResult.getAuthPermission()); List adminRoleReasons = adminRoleCheckResult.getReasons(); - List normalRoleReasons = adminRoleCheckResult.getReasons(); + List normalRoleReasons = normalRoleCheckResult.getReasons(); List notAuthReasons = notAuthCheckResult.getReasons(); adminRoleReasons.addAll(normalRoleReasons); diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionQueryServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionQueryServiceImpl.java index 2904f048..8a332750 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionQueryServiceImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionQueryServiceImpl.java @@ -188,11 +188,6 @@ public class PermissionQueryServiceImpl implements PermissionQueryService { //这里暂时硬编码-非OMS端鉴权请求 直接转老接口处理 if (!StrUtil.equals("NT_OMS_WEB" ,req.getTerminal()) && !Objects.equals(TerminalInfo.NT_PC_GA_GENERAL, req.getTerminal())) { - if (USE_OLD_AUTH) { - log.info("user old auth"); - return hasPermissionV2(req); - } - log.info("user new auth"); // 为了兼容用户没有在企业中,但是需要看到企业类型的菜单,在调用相关接口时,忽略这些菜单的鉴权 if (CollectionUtils.isNotEmpty(notAuthUniCodes)) { @@ -202,6 +197,12 @@ public class PermissionQueryServiceImpl implements PermissionQueryService { } } + if (USE_OLD_AUTH) { + log.info("user old auth"); + return hasPermissionV2(req); + } + log.info("user new auth"); + List> authFutures = Lists.newArrayList(); authFutures.add(CompletableFuture.supplyAsync(TraceSupplier.create(() -> saasAuthService.authPermission(req)), executor)); authFutures.add(CompletableFuture.supplyAsync(TraceSupplier.create(() -> saasAuthService.authNewPermission(req)), executor));