111

k94314517

2023-08-11 081102af72c623e9b7da1d69cf71e486c7842d43

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
package doumeemes.config.shiro;
 
import doumeemes.core.constants.ResponseStatus;
import doumeemes.core.exception.BusinessException;
import doumeemes.core.model.LoginUserInfo;
import doumeemes.core.utils.Constants;
import doumeemes.dao.business.model.Company;
import doumeemes.dao.business.model.CompanyUser;
import doumeemes.dao.business.model.Department;
import doumeemes.dao.ext.dto.QueryCompanyUserExtDTO;
import doumeemes.dao.ext.vo.CompanyExtListVO;
import doumeemes.dao.ext.vo.CompanyUserExtListVO;
import doumeemes.dao.ext.vo.DepartmentExtListVO;
import doumeemes.dao.system.model.SystemDataPermission;
import doumeemes.dao.system.model.SystemPermission;
import doumeemes.dao.system.model.SystemRole;
import doumeemes.dao.system.model.SystemUser;
import doumeemes.service.business.CompanyUserService;
import doumeemes.service.ext.CompanyExtService;
import doumeemes.service.ext.CompanyUserExtService;
import doumeemes.service.ext.DepartmentExtService;
import doumeemes.service.system.SystemDataPermissionService;
import doumeemes.service.system.SystemPermissionService;
import doumeemes.service.system.SystemRoleService;
import doumeemes.service.system.SystemUserService;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import org.springframework.stereotype.Component;
 
import java.util.Date;
import java.util.List;
 
/**
 * 自定义Realm，处理认证和权限
 * @author Eva.Caesar Liu
 * @date 2022/04/18 18:12
 */
@Component
public class ShiroRealm extends AuthorizingRealm {
 
    @Lazy
    @Autowired
    private DepartmentExtService departmentExtService;
    @Lazy
    @Autowired
    private SystemDataPermissionService  systemDataPermissionService;
    @Lazy
    @Autowired
    private CompanyExtService companyExtService;
    @Lazy
    @Autowired
    private SystemUserService systemUserService;
    @Lazy
    @Autowired
    private CompanyUserExtService companyUserExtService;
 
    @Lazy
    @Autowired
    private SystemRoleService systemRoleService;
 
    @Lazy
    @Autowired
    private SystemPermissionService systemPermissionService;
    /**
     * 重写supports方法，使 Shiro 能够识别自定义的 Token
     * @param token
     * @return
     */
    @Override
    public boolean supports(AuthenticationToken token) {
        return token instanceof ShiroToken;
    }
    /**
     * 权限处理
     * @author Eva.Caesar Liu
     * @date 2022/04/18 18:12
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        LoginUserInfo loginUserInfo = (LoginUserInfo)principalCollection.getPrimaryPrincipal();
        // 设置用户角色和权限
        SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
        authorizationInfo.addRoles(loginUserInfo.getRoles());
        authorizationInfo.addStringPermissions(loginUserInfo.getPermissions());
        return authorizationInfo;
    }
 
    /**
     * 认证处理
     * @author Eva.Caesar Liu
     * @date 2022/04/18 18:12
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException,BusinessException {
        // 获取用户名
        ShiroToken authenticationToken =(ShiroToken) token;
        String username = authenticationToken.getPrincipal().toString();
        boolean isDdLogin = authenticationToken.getDdLogin();
        // 根据用户名查询用户对象
        SystemUser queryDto = new SystemUser();
        queryDto.setUsername(username);
        queryDto.setDeleted(Boolean.FALSE);
        SystemUser user = systemUserService.findOne(queryDto);
        if (user == null) {
            return null;
        }
        SystemRole role = new SystemRole();
        SystemPermission per = new SystemPermission();
        DepartmentExtListVO rootDepart = null,comDepart=null, depart = null;
        List<Integer> dpList = null;
        CompanyExtListVO com = null;
        CompanyUserExtListVO cu =null;
        if(Constants.equalsInteger(user.getType(),Constants.PlatType.admin)){
            //如果是平台用户
            role.setType(Constants.ROLETYPE.plat);
            per.setType(Constants.PlatType.admin);
        }else{
            if(authenticationToken.getCompanyId() == null){
                throw new BusinessException(ResponseStatus.BAD_REQUEST.getCode(),"对不起，该账户异常！");
            }
            com = companyExtService.getModelById(authenticationToken.getCompanyId());
            if(com == null){
                throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"对不起，该账户异常！");
            }
 
            if(com.getOepnValidDate().before(new Date())){
                throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"对不起，该企业已过使用有效期！");
            }
            //如果是企业用户
            QueryCompanyUserExtDTO c =new QueryCompanyUserExtDTO();
            c.setUserId(user.getId());
            c.setDeleted(Constants.ZERO);
            c.setCompanyId(authenticationToken.getCompanyId());
            cu = companyUserExtService.selectOne(c);
            if(cu == null){
                throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"对不起，该企业用户不存在！");
            }
            if(Constants.equalsInteger(cu.getStatus(),Constants.ONE)){
                throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"对不起，该企业用户已禁用！");
            }
            rootDepart = departmentExtService.getModelById(c.getCompanyId(),cu.getRootDepartId());
            comDepart = departmentExtService.getModelById(c.getCompanyId(),cu.getComDepartId());
            depart = departmentExtService.getModelById(c.getCompanyId(),cu.getDepartmentId());
            if(rootDepart == null || comDepart == null || depart==null){
                throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"对不起，该企业用户账户异常！");
            }
            role.setCompanyId(authenticationToken.getCompanyId());
            role.setType(Constants.ROLETYPE.com);
            per.setType(Constants.PlatType.company);
            per.setRoleType(Constants.ROLETYPE.com);
            per.setCompanyId(authenticationToken.getCompanyId());
            SystemRole rt = new SystemRole();
            rt.setType(Constants.ROLETYPE.com);
            rt.setCompanyId(c.getCompanyId());
            //数据部门权限集合
            dpList =systemDataPermissionService.selectHighRole(new SystemDataPermission(),rt,user,depart);
 
        }
        // 获取登录用户信息
        List<SystemRole> roles = systemRoleService.findByUserModel(user.getId(),role);
        List<SystemPermission> permissions = systemPermissionService.findByUserModel(user.getId(),per);
        LoginUserInfo userInfo = LoginUserInfo.from(user, roles, permissions,com,rootDepart,comDepart,depart,dpList,cu);
        // 验证用户
        return new SimpleAuthenticationInfo(userInfo, user.getPassword(), this.getName());
    }
 
}