productDev/dmvisit.git

			@@ -7,6 +7,8 @@
			import com.doumee.core.model.LoginUserInfo;
			import com.doumee.core.utils.Constants;
			import org.apache.commons.lang3.StringUtils;
			import org.apache.shiro.authz.UnauthorizedException;
			import org.apache.shiro.authz.annotation.RequiresPermissions;
			import org.springframework.data.redis.core.RedisTemplate;
			import org.springframework.web.method.HandlerMethod;
			import org.springframework.web.servlet.HandlerInterceptor;
			@@ -32,7 +34,28 @@
			//获取token
			String token = request.getHeader(Constants.HEADER_USER_TOKEN); // 从 http 请求头中取出 token
			if (StringUtils.isNotBlank(token)) {
			checkLogin(request,response);
			LoginUserInfo user = checkLogin(request,response);
			if (!handlerMethod.hasMethodAnnotation(RequiresPermissions.class)) {
			RequiresPermissions p = handlerMethod.getMethodAnnotation(RequiresPermissions.class);
			if(p.value()!=null && p.value().length>0){
			boolean hasPermission = false;
			for(String s :p.value()){
			if(user.getPermissions()!=null){
			for(String t :user.getPermissions()){
			if(StringUtils.equals(t,s)){
			hasPermission = true;
			break;
			}
			}
			}
			}
			if(!hasPermission) {
			//没有操作权限
			throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"没有该操作权限");
			}
			}

			}
			} else {
			throw new BusinessException(ResponseStatus.NO_LOGIN.getCode(),"未登录");
			}
			@@ -40,7 +63,7 @@
			return true;
			}

			private void checkLogin(HttpServletRequest request, HttpServletResponse response) {
			private LoginUserInfo checkLogin(HttpServletRequest request, HttpServletResponse response) {
			String token = request.getHeader(Constants.HEADER_USER_TOKEN);
			if (token == null \|\| token.isEmpty()) {
			throw new BusinessException(ResponseStatus.NO_LOGIN.getCode(),"未登录");
			@@ -53,6 +76,8 @@
			if(user ==null ){
			throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"用户登陆已失效，请重新登陆！");
			}
			//权限判断------------
			return user;
			}

			// @Override