From 008cd8c15b725d6f0002edd04b2c77f8430c35d9 Mon Sep 17 00:00:00 2001 From: lilong Date: Tue, 20 Aug 2024 16:33:39 +0800 Subject: [PATCH] =?UTF-8?q?feat:(REQ-2699)=20=E4=BF=AE=E6=94=B9=E7=94=A8?= =?UTF-8?q?=E6=88=B7=E6=B2=A1=E8=A7=92=E8=89=B2=E6=97=B6=EF=BC=8C=E4=B8=8D?= =?UTF-8?q?=E8=BF=94=E5=9B=9E=E6=9D=83=E9=99=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../tyr/server/controller/PrivateController.java | 14 +++++++++++--- .../service/impl/PermissionQueryServiceImpl.java | 11 ++++++----- 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/PrivateController.java b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/PrivateController.java index a860ea30..a495da22 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/PrivateController.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/PrivateController.java @@ -941,12 +941,12 @@ public class PrivateController { - if (!Sets.difference(notAuthFeatureIds, productFeatureIds).isEmpty()) { + if (!Sets.intersection(notAuthFeatureIds, productFeatureIds).isEmpty()) { return FeatureCodeCheckResult.builder() .authPermission(true) .reasons(Lists.newArrayList("权限点是免授权")) .build(); - } else if (!Sets.difference(parentNotAuthFeatureIds, productFeatureIds).isEmpty()) { + } else if (!Sets.intersection(parentNotAuthFeatureIds, productFeatureIds).isEmpty()) { return FeatureCodeCheckResult.builder() .authPermission(true) .reasons(Lists.newArrayList("权限点的子节点是免授权")) @@ -988,6 +988,14 @@ public class PrivateController { .build(); } + if (CollectionUtils.isEmpty(roles)) { + return FeatureCodeCheckResult.builder() + .featureCode(featureCode) + .authPermission(false) + .reasons(Lists.newArrayList("用户在项目里没有任何角色")) + .build(); + } + FeatureCodeCheckResult adminRoleCheckResult = resolveAdminRole(adminRoles, permissions); FeatureCodeCheckResult normalRoleCheckResult = resolveNormalRole(normalRoles, permissions, rolePermissions, featureCode); @@ -999,7 +1007,7 @@ public class PrivateController { || BooleanUtils.isTrue(notAuthCheckResult.getAuthPermission()); List adminRoleReasons = adminRoleCheckResult.getReasons(); - List normalRoleReasons = adminRoleCheckResult.getReasons(); + List normalRoleReasons = normalRoleCheckResult.getReasons(); List notAuthReasons = notAuthCheckResult.getReasons(); adminRoleReasons.addAll(normalRoleReasons); diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionQueryServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionQueryServiceImpl.java index 2904f048..8a332750 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionQueryServiceImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionQueryServiceImpl.java @@ -188,11 +188,6 @@ public class PermissionQueryServiceImpl implements PermissionQueryService { //这里暂时硬编码-非OMS端鉴权请求 直接转老接口处理 if (!StrUtil.equals("NT_OMS_WEB" ,req.getTerminal()) && !Objects.equals(TerminalInfo.NT_PC_GA_GENERAL, req.getTerminal())) { - if (USE_OLD_AUTH) { - log.info("user old auth"); - return hasPermissionV2(req); - } - log.info("user new auth"); // 为了兼容用户没有在企业中,但是需要看到企业类型的菜单,在调用相关接口时,忽略这些菜单的鉴权 if (CollectionUtils.isNotEmpty(notAuthUniCodes)) { @@ -202,6 +197,12 @@ public class PermissionQueryServiceImpl implements PermissionQueryService { } } + if (USE_OLD_AUTH) { + log.info("user old auth"); + return hasPermissionV2(req); + } + log.info("user new auth"); + List> authFutures = Lists.newArrayList(); authFutures.add(CompletableFuture.supplyAsync(TraceSupplier.create(() -> saasAuthService.authPermission(req)), executor)); authFutures.add(CompletableFuture.supplyAsync(TraceSupplier.create(() -> saasAuthService.authNewPermission(req)), executor));