| | |
|---|
| | | import doumeemes.core.exception.BusinessException; |
|---|
| | | import doumeemes.core.model.LoginUserInfo; |
|---|
| | | import doumeemes.core.utils.Constants; |
|---|
| | | import doumeemes.dao.business.model.Company; |
|---|
| | | import doumeemes.dao.business.model.CompanyUser; |
|---|
| | | import doumeemes.dao.business.model.Department; |
|---|
| | | import doumeemes.dao.ext.dto.QueryCompanyUserExtDTO; |
|---|
| | | import doumeemes.dao.ext.vo.CompanyExtListVO; |
|---|
| | | import doumeemes.dao.ext.vo.CompanyUserExtListVO; |
|---|
| | |
|---|
| | | import doumeemes.dao.system.model.SystemPermission; |
|---|
| | | import doumeemes.dao.system.model.SystemRole; |
|---|
| | | import doumeemes.dao.system.model.SystemUser; |
|---|
| | | import doumeemes.service.business.CompanyUserService; |
|---|
| | | import doumeemes.service.ext.CompanyExtService; |
|---|
| | | import doumeemes.service.ext.CompanyUserExtService; |
|---|
| | | import doumeemes.service.ext.DepartmentExtService; |
|---|
| | |
|---|
| | | |
|---|
| | | import java.util.Date; |
|---|
| | | import java.util.List; |
|---|
| | | import java.util.Objects; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 自定义Realm,处理认证和权限 |
|---|
| | | * @author Eva.Caesar Liu |
|---|
| | | * @date 2022/04/18 18:12 |
|---|
| | | * @date 2022/03/15 09:54 |
|---|
| | | */ |
|---|
| | | @Component |
|---|
| | | public class ShiroRealm extends AuthorizingRealm { |
|---|
| | |
|---|
| | | private DepartmentExtService departmentExtService; |
|---|
| | | @Lazy |
|---|
| | | @Autowired |
|---|
| | | private SystemDataPermissionService systemDataPermissionService; |
|---|
| | | private SystemDataPermissionService systemDataPermissionService; |
|---|
| | | @Lazy |
|---|
| | | @Autowired |
|---|
| | | private CompanyExtService companyExtService; |
|---|
| | |
|---|
| | | @Lazy |
|---|
| | | @Autowired |
|---|
| | | private SystemPermissionService systemPermissionService; |
|---|
| | | /** |
|---|
| | | * 重写supports方法,使 Shiro 能够识别自定义的 Token |
|---|
| | | * @param token |
|---|
| | | * @return |
|---|
| | | */ |
|---|
| | | @Override |
|---|
| | | public boolean supports(AuthenticationToken token) { |
|---|
| | | return token instanceof ShiroToken; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 权限处理 |
|---|
| | | * @author Eva.Caesar Liu |
|---|
| | | * @date 2022/04/18 18:12 |
|---|
| | | * @date 2022/03/15 09:54 |
|---|
| | | */ |
|---|
| | | @Override |
|---|
| | | protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { |
|---|
| | |
|---|
| | | /** |
|---|
| | | * 认证处理 |
|---|
| | | * @author Eva.Caesar Liu |
|---|
| | | * @date 2022/04/18 18:12 |
|---|
| | | * @date 2022/03/15 09:54 |
|---|
| | | */ |
|---|
| | | @Override |
|---|
| | | protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException,BusinessException { |
|---|
| | | protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { |
|---|
| | | // 获取用户名 |
|---|
| | | ShiroToken authenticationToken =(ShiroToken) token; |
|---|
| | | String username = authenticationToken.getPrincipal().toString(); |
|---|
| | | boolean isDdLogin = authenticationToken.getDdLogin(); |
|---|
| | | // 根据用户名查询用户对象 |
|---|
| | | SystemUser queryDto = new SystemUser(); |
|---|
| | | queryDto.setUsername(username); |
|---|
| | | queryDto.setDeleted(Boolean.FALSE); |
|---|
| | | SystemUser user = systemUserService.findOne(queryDto); |
|---|
| | | if (user == null) { |
|---|
| | | return null; |
|---|
| | | } |
|---|
| | | SystemRole role = new SystemRole(); |
|---|
| | | SystemPermission per = new SystemPermission(); |
|---|
| | | DepartmentExtListVO rootDepart = null,comDepart=null, depart = null; |
|---|
| | | List<Integer> dpList = null; |
|---|
| | | CompanyExtListVO com = null; |
|---|
| | | CompanyUserExtListVO cu =null; |
|---|
| | | if(Constants.equalsInteger(user.getType(),Constants.PlatType.admin)){ |
|---|
| | | //如果是平台用户 |
|---|
| | | role.setType(Constants.ROLETYPE.plat); |
|---|
| | | per.setType(Constants.PlatType.admin); |
|---|
| | | if(authenticationToken .getUpdateFlag() == 1){ |
|---|
| | | //如果是更新session |
|---|
| | | return new SimpleAuthenticationInfo(authenticationToken.getUpdateUser(), authenticationToken.getPassword(), this.getName()); |
|---|
| | | }else{ |
|---|
| | | if(authenticationToken.getCompanyId() == null){ |
|---|
| | | throw new BusinessException(ResponseStatus.BAD_REQUEST.getCode(),"对不起,该账户异常!"); |
|---|
| | | String username = authenticationToken.getPrincipal().toString(); |
|---|
| | | boolean isDdLogin = authenticationToken.getDdLogin(); |
|---|
| | | // 根据用户名查询用户对象 |
|---|
| | | SystemUser queryDto = new SystemUser(); |
|---|
| | | queryDto.setUsername(username); |
|---|
| | | queryDto.setDeleted(Boolean.FALSE); |
|---|
| | | SystemUser user = systemUserService.findOne(queryDto); |
|---|
| | | if (user == null) { |
|---|
| | | return null; |
|---|
| | | } |
|---|
| | | com = companyExtService.getModelById(authenticationToken.getCompanyId()); |
|---|
| | | if(com == null){ |
|---|
| | | throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"对不起,该账户异常!"); |
|---|
| | | } |
|---|
| | | if(Constants.equalsInteger( com.getStatus(),Constants.ZERO) ){ |
|---|
| | | throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"对不起,该企业已过禁用!"); |
|---|
| | | } |
|---|
| | | if(com.getOepnValidDate() != null && com.getOepnValidDate().before(new Date())){ |
|---|
| | | throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"对不起,该企业已过使用有效期!"); |
|---|
| | | } |
|---|
| | | //如果是企业用户 |
|---|
| | | QueryCompanyUserExtDTO c =new QueryCompanyUserExtDTO(); |
|---|
| | | c.setUserId(user.getId()); |
|---|
| | | c.setDeleted(Constants.ZERO); |
|---|
| | | c.setCompanyId(authenticationToken.getCompanyId()); |
|---|
| | | cu = companyUserExtService.selectOne(c); |
|---|
| | | if(cu == null){ |
|---|
| | | throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"对不起,该企业用户不存在!"); |
|---|
| | | } |
|---|
| | | if(Constants.equalsInteger(cu.getStatus(),Constants.ONE)){ |
|---|
| | | throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"对不起,该企业用户已禁用!"); |
|---|
| | | } |
|---|
| | | rootDepart = departmentExtService.getModelById(c.getCompanyId(),cu.getRootDepartId()); |
|---|
| | | comDepart = departmentExtService.getModelById(c.getCompanyId(),cu.getComDepartId()); |
|---|
| | | depart = departmentExtService.getModelById(c.getCompanyId(),cu.getDepartmentId()); |
|---|
| | | if(rootDepart == null || comDepart == null || depart==null){ |
|---|
| | | throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"对不起,该企业用户账户异常!"); |
|---|
| | | } |
|---|
| | | role.setCompanyId(authenticationToken.getCompanyId()); |
|---|
| | | role.setType(Constants.ROLETYPE.com); |
|---|
| | | per.setType(Constants.PlatType.company); |
|---|
| | | per.setRoleType(Constants.ROLETYPE.com); |
|---|
| | | per.setCompanyId(authenticationToken.getCompanyId()); |
|---|
| | | SystemRole rt = new SystemRole(); |
|---|
| | | rt.setType(Constants.ROLETYPE.com); |
|---|
| | | rt.setCompanyId(c.getCompanyId()); |
|---|
| | | //数据部门权限集合 |
|---|
| | | dpList =systemDataPermissionService.selectHighRole(new SystemDataPermission(),rt,user,depart); |
|---|
| | | SystemRole role = new SystemRole(); |
|---|
| | | SystemPermission per = new SystemPermission(); |
|---|
| | | DepartmentExtListVO rootDepart = null,comDepart=null, depart = null; |
|---|
| | | List<Integer> dpList = null; |
|---|
| | | CompanyExtListVO com = null; |
|---|
| | | CompanyUserExtListVO cu =null; |
|---|
| | | if(Constants.equalsInteger(user.getType(),Constants.PlatType.admin)){ |
|---|
| | | //如果是平台用户 |
|---|
| | | role.setType(Constants.ROLETYPE.plat); |
|---|
| | | per.setType(Constants.PlatType.admin); |
|---|
| | | }else{ |
|---|
| | | if(authenticationToken.getCompanyId() == null){ |
|---|
| | | throw new BusinessException(ResponseStatus.BAD_REQUEST.getCode(),"对不起,该账户删除!"); |
|---|
| | | } |
|---|
| | | com = companyExtService.getModelById(authenticationToken.getCompanyId()); |
|---|
| | | if(com == null || Constants.equalsInteger( com.getDeleted(),Constants.ONE)){ |
|---|
| | | throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"对不起,该账户删除!请联系管理员"); |
|---|
| | | } |
|---|
| | | if(Constants.equalsInteger( com.getStatus(),Constants.ZERO) ){ |
|---|
| | | throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"对不起,该企业已禁用!"); |
|---|
| | | } |
|---|
| | | if(com.getOepnValidDate() != null && com.getOepnValidDate().before(new Date())){ |
|---|
| | | throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"对不起,该企业已过使用有效期!"); |
|---|
| | | } |
|---|
| | | //如果是企业用户 |
|---|
| | | QueryCompanyUserExtDTO c =new QueryCompanyUserExtDTO(); |
|---|
| | | c.setUserId(user.getId()); |
|---|
| | | c.setDeleted(Constants.ZERO); |
|---|
| | | c.setCompanyId(authenticationToken.getCompanyId()); |
|---|
| | | cu = companyUserExtService.selectOne(c); |
|---|
| | | if(cu == null){ |
|---|
| | | throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"对不起,该企业用户不存在!"); |
|---|
| | | } |
|---|
| | | if(Constants.equalsInteger(cu.getStatus(),Constants.ONE)){ |
|---|
| | | throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"对不起,该企业用户已禁用!"); |
|---|
| | | } |
|---|
| | | rootDepart = departmentExtService.getModelById(c.getCompanyId(),cu.getRootDepartId()); |
|---|
| | | comDepart = departmentExtService.getModelById(c.getCompanyId(),cu.getComDepartId()); |
|---|
| | | depart = departmentExtService.getModelById(c.getCompanyId(),cu.getDepartmentId()); |
|---|
| | | if(rootDepart == null || comDepart == null || depart==null){ |
|---|
| | | throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"对不起,该企业用户账户异常!"); |
|---|
| | | } |
|---|
| | | role.setCompanyId(authenticationToken.getCompanyId()); |
|---|
| | | role.setType(Constants.ROLETYPE.com); |
|---|
| | | per.setType(Constants.PlatType.company); |
|---|
| | | per.setRoleType(Constants.ROLETYPE.com); |
|---|
| | | per.setCompanyId(authenticationToken.getCompanyId()); |
|---|
| | | SystemRole rt = new SystemRole(); |
|---|
| | | rt.setType(Constants.ROLETYPE.com); |
|---|
| | | rt.setCompanyId(c.getCompanyId()); |
|---|
| | | //数据部门权限集合 |
|---|
| | | dpList =systemDataPermissionService.selectHighRole(new SystemDataPermission(),rt,user,depart); |
|---|
| | | |
|---|
| | | } |
|---|
| | | // 获取登录用户信息 |
|---|
| | | List<SystemRole> roles = systemRoleService.findByUserModel(user.getId(),role); |
|---|
| | | List<SystemPermission> permissions = systemPermissionService.findByUserModel(user.getId(),per); |
|---|
| | | LoginUserInfo userInfo = LoginUserInfo.from(user, roles, permissions,com,rootDepart,comDepart,depart,dpList,cu); |
|---|
| | | // 验证用户 |
|---|
| | | return new SimpleAuthenticationInfo(userInfo, user.getPassword(), this.getName()); |
|---|
| | | } |
|---|
| | | // 获取登录用户信息 |
|---|
| | | List<SystemRole> roles = systemRoleService.findByUserModel(user.getId(),role); |
|---|
| | | List<SystemPermission> permissions = systemPermissionService.findByUserModel(user.getId(),per); |
|---|
| | | LoginUserInfo userInfo = LoginUserInfo.from(user, roles, permissions,com,rootDepart,comDepart,depart,dpList,cu); |
|---|
| | | // 验证用户 |
|---|
| | | return new SimpleAuthenticationInfo(userInfo, user.getPassword(), this.getName()); |
|---|
| | | |
|---|
| | | } |
|---|
| | | |
|---|
| | | } |
|---|
