package com.doumee.config.shiro;
|
|
import com.doumee.core.constants.ResponseStatus;
|
import com.doumee.core.exception.BusinessException;
|
import com.doumee.core.model.LoginUserInfo;
|
import com.doumee.core.utils.Constants;
|
import com.doumee.dao.business.CompanyPermissionMapper;
|
import com.doumee.dao.business.join.CompanyPermissionJoinMapper;
|
import com.doumee.dao.business.model.Company;
|
import com.doumee.dao.business.model.CompanyPermission;
|
import com.doumee.dao.system.model.SystemDataPermission;
|
import com.doumee.dao.system.model.SystemPermission;
|
import com.doumee.dao.system.model.SystemRole;
|
import com.doumee.dao.system.model.SystemUser;
|
import com.doumee.service.business.CompanyPermissionService;
|
import com.doumee.service.business.impl.CompanyServiceImpl;
|
import com.doumee.service.system.SystemDataPermissionService;
|
import com.doumee.service.system.SystemPermissionService;
|
import com.doumee.service.system.SystemRoleService;
|
import com.doumee.service.system.SystemUserService;
|
import com.github.xiaoymin.knife4j.core.util.CollectionUtils;
|
import org.apache.commons.lang3.StringUtils;
|
import org.apache.shiro.authc.AuthenticationException;
|
import org.apache.shiro.authc.AuthenticationInfo;
|
import org.apache.shiro.authc.AuthenticationToken;
|
import org.apache.shiro.authc.SimpleAuthenticationInfo;
|
import org.apache.shiro.authz.AuthorizationInfo;
|
import org.apache.shiro.authz.SimpleAuthorizationInfo;
|
import org.apache.shiro.realm.AuthorizingRealm;
|
import org.apache.shiro.subject.PrincipalCollection;
|
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.context.annotation.Lazy;
|
import org.springframework.stereotype.Component;
|
|
import java.util.ArrayList;
|
import java.util.List;
|
import java.util.Objects;
|
|
/**
|
* 自定义Realm,处理认证和权限
|
* @author Eva.Caesar Liu
|
* @date 2022/03/15 09:54
|
*/
|
@Component
|
public class ShiroRealm extends AuthorizingRealm {
|
|
@Lazy
|
@Autowired
|
private SystemDataPermissionService systemDataPermissionService;
|
@Lazy
|
@Autowired
|
private SystemUserService systemUserService;
|
@Lazy
|
@Autowired
|
private CompanyPermissionService companyPermissionService;
|
@Lazy
|
@Autowired
|
private CompanyServiceImpl companyService;
|
|
@Lazy
|
@Autowired
|
private SystemRoleService systemRoleService;
|
|
@Lazy
|
@Autowired
|
private SystemPermissionService systemPermissionService;
|
|
|
/**
|
* 权限处理
|
* @author Eva.Caesar Liu
|
* @date 2022/03/15 09:54
|
*/
|
@Override
|
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
|
LoginUserInfo loginUserInfo = (LoginUserInfo)principalCollection.getPrimaryPrincipal();
|
// 设置用户角色和权限
|
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
|
authorizationInfo.addRoles(loginUserInfo.getRoles());
|
authorizationInfo.addStringPermissions(loginUserInfo.getPermissions());
|
return authorizationInfo;
|
}
|
|
/**
|
* 认证处理
|
* @author Eva.Caesar Liu
|
* @date 2022/03/15 09:54
|
*/
|
@Override
|
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
|
// 获取用户名
|
ShiroToken authenticationToken = (ShiroToken)token;
|
String username = authenticationToken.getPrincipal().toString();
|
// 根据用户名查询用户对象
|
SystemUser queryDto = new SystemUser();
|
if(authenticationToken.isNeedPassword()){
|
//账号密码登录
|
queryDto.setUsername(username);
|
}else{
|
//手机号验证码登录
|
queryDto.setMobile(username);
|
}
|
queryDto.setType(authenticationToken.getUserType());
|
queryDto.setDeleted(Boolean.FALSE);
|
SystemUser user = systemUserService.findOne(queryDto);
|
if(user == null){
|
throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"对不起,账号信息不正确!");
|
}
|
if(!Constants.equalsInteger(user.getStatus(),Constants.ZERO)){
|
throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"对不起,账号信息已被禁用,如有疑问请联系系统管理员!");
|
}
|
List<SystemRole> roles = null;
|
List<SystemPermission> permissions =null;
|
// 获取登录用户信息
|
if(authenticationToken.getUserType() == 0){
|
roles = systemRoleService.findByUserId(user.getId());
|
CompanyPermission c = new CompanyPermission();
|
c.setUserId(user.getId());
|
c.setIsdeleted(Constants.ZERO);
|
List<CompanyPermission> pList = companyPermissionService.findList(c);
|
if(pList!=null){
|
for (CompanyPermission cc : pList){
|
if(user.getCompanyIdList() == null){
|
user.setCompanyIdList(new ArrayList<>());
|
}
|
user.getCompanyIdList().add(cc.getCompanyId());
|
}
|
}
|
permissions = systemPermissionService.findByUserId(user.getId());
|
}else{
|
Integer selfCompanyId = user.getCompanyId();
|
Company company = companyService.findById(selfCompanyId);
|
if(company == null){
|
throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"对不起,企业账号信息不正确!");
|
}
|
user.setCompany(company);
|
user.setShowCompany(company);
|
if(authenticationToken.getUserType() == 1){
|
List<CompanyPermission> pList = companyPermissionService.getUserCompanyPermission(user.getId());
|
//加入自己的默认企业
|
CompanyPermission companyPermission = new CompanyPermission();
|
companyPermission.setUserId(user.getId());
|
companyPermission.setCompanyId(company.getId());
|
companyPermission.setType(Constants.ONE);
|
companyPermission.setId(Constants.ONE);
|
companyPermission.setIsSelfCompany(Constants.ONE);
|
companyPermission.setIsShow(Constants.ONE);
|
companyPermission.setCompanyName(company.getName());
|
pList.add(companyPermission);
|
if(Objects.nonNull(authenticationToken.getCompanyId())){
|
for (CompanyPermission c:pList) {
|
if(Constants.equalsInteger(c.getCompanyId(),authenticationToken.getCompanyId())){
|
c.setIsShow(Constants.ONE);
|
Company showCompany = companyService.findById(authenticationToken.getCompanyId());
|
user.setShowCompany(showCompany);
|
}else{
|
c.setIsShow(Constants.ZERO);
|
}
|
}
|
}
|
if(CollectionUtils.isNotEmpty(pList)) {
|
user.setCompanyPermissionList(pList);
|
}
|
}
|
//如果用户与企业超管账号相同 或者 企业主键与当前切换后的主键不相同时 给超管权限
|
if(StringUtils.equals(company.getUsername(),user.getUsername())
|
||( Objects.nonNull(authenticationToken.getCompanyId()) && !Constants.equalsInteger(company.getId(),authenticationToken.getCompanyId()) )){
|
if(Objects.nonNull(authenticationToken.getCompanyId())){
|
user.setCompanyId(authenticationToken.getCompanyId());
|
}
|
//如果是超管,
|
SystemRole role = new SystemRole();
|
role.setType(Constants.ONE);
|
role.setDeleted(Boolean.FALSE);
|
roles = systemRoleService.findList(role);
|
SystemPermission p = new SystemPermission();
|
permissions = systemPermissionService.findList(p,user.getType());
|
}else{
|
roles = systemRoleService.findByUserId(user.getId());
|
permissions = systemPermissionService.findByUserId(user.getId());
|
}
|
}
|
|
SystemRole rt = new SystemRole();
|
rt.setDeleted(Boolean.FALSE);
|
//数据部门权限集合
|
if(Constants.equalsInteger(user.getType(),Constants.ONE) && Constants.equalsInteger(user.getCompany().getId(),user.getCompanyId())){
|
user.setDepartIdList(null);
|
}else{
|
user.setDepartIdList(systemDataPermissionService.selectHighRole(new SystemDataPermission(),rt,user));
|
}
|
|
LoginUserInfo userInfo = LoginUserInfo.from(user, roles, permissions);
|
// 验证用户
|
return new SimpleAuthenticationInfo(userInfo, user.getPassword(), this.getName());
|
}
|
|
}
|
