实现权限校验

2025-07-17 20:43:00 +08:00 · 2024-08-21 21:21:48 +08:00 · 2024-08-21 21:21:48 +08:00 · 68ef028a1b
commit 68ef028a1b
parent a04c901b04
4 changed files with 69 additions and 15 deletions
--- a/src/main/java/top/suyiiyii/sims/common/InterceptorConfig.java
+++ b/src/main/java/top/suyiiyii/sims/common/InterceptorConfig.java
@ -1,9 +1,16 @@
 package top.suyiiyii.sims.common;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.servlet.HandlerInterceptor;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport;
 import top.suyiiyii.sims.service.RoleService;
 import top.suyiiyii.sims.service.UserService;
 import top.suyiiyii.sims.utils.JwtUtils;
 /**
 * @Author tortoise
@ -15,13 +22,23 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupp
 */
    @Configuration
    public class InterceptorConfig extends WebMvcConfigurationSupport {
    @Autowired
    private  RoleService roleService;
    //UserService userService;
        @Override
        protected void addInterceptors(InterceptorRegistry registry) {
-//            registry.addInterceptor(jwtInterceptor())
+           registry.addInterceptor(jwtInterceptor())
-//                    .addPathPatterns("/**")
+                   .addPathPatterns("/**")
-//                    .excludePathPatterns("/user/login") // 排除不需要验证的路径
+                   .excludePathPatterns("/user/login") // 排除不需要验证的路径
-//                    .excludePathPatterns("/user/register")
+                   .excludePathPatterns("/user/register")
-//                    .excludePathPatterns("/v3/api-docs/**");
+                   .excludePathPatterns("/v3/api-docs/**");
            // 注册AdminInterceptor，只拦截以admin/开头的路径
            registry.addInterceptor(new AdminInterceptor())
                    .addPathPatterns("/admin/**");
            super.addInterceptors(registry);
        }
@ -30,5 +47,36 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupp
            return new JwtInterceptor();
        }
    // AdminInterceptor的实现
    public class AdminInterceptor implements HandlerInterceptor {
        @Override
        public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
            String path = request.getRequestURI();
            if (path.startsWith("/admin/") && !hasAdminPermission(request)) {
                // 如果用户没有管理员权限，返回403 Forbidden
                response.setStatus(HttpServletResponse.SC_FORBIDDEN);
                return false;
            }
            return true;
        }
        private boolean hasAdminPermission(HttpServletRequest request) {
            // 这里应该实现检查用户权限的逻辑
            // 例如，从session、token或者数据库中获取用户信息并判断权限
            // 以下仅为示例
            String token = (String) request.getAttribute("token");
            //非空
            if (token == null) {
                return false;
            }
            try {
                Integer userId = Integer.valueOf(JwtUtils.extractUserId(token));
                return roleService.isRoleNameAdmin(userId);
            } catch (Exception e) {
                // 处理令牌解析过程中可能出现的异常
                return false;
            }
        }
    }
    }
--- a/src/main/java/top/suyiiyii/sims/controller/RecordController.java
+++ b/src/main/java/top/suyiiyii/sims/controller/RecordController.java
@ -66,7 +66,7 @@ RecordController {
    public Result<List<RecordDto>> record(@RequestParam(defaultValue = "0") int page,
                                          @RequestParam(defaultValue = "10") int size,
                                          HttpServletRequest request) {
-        String token = request.getHeader("Authorization").replace("Bearer ", "");
+        String token = (String) request.getAttribute("token");
        String userId= JwtUtils.extractUserId(token);
        List<RecordDto> recordDtos=new ArrayList<>();
@ -104,6 +104,7 @@ RecordController {
    @PostMapping("/admin/record")
    public Result<CommonResponse> adminAddRecord(@RequestBody RecordDto recordDto) {
        Integer categoryId = categoryService.getIdBySubCategoryName(recordDto.getSubCategoryName());
        Record record = modelMapper.map(recordDto, Record.class);
        if (categoryId == null) {
            Result.error("请选择奖惩类别，以及类型");
--- a/src/main/java/top/suyiiyii/sims/mapper/RoleMapper.java
+++ b/src/main/java/top/suyiiyii/sims/mapper/RoleMapper.java
@ -55,4 +55,6 @@ public interface RoleMapper {
@Select("SELECT role_name FROM role WHERE role_id=#{roleId}")
    List<String> selectRoleNamesByRoleId(Integer roleId);
 }
--- a/src/main/java/top/suyiiyii/sims/service/RoleService.java
+++ b/src/main/java/top/suyiiyii/sims/service/RoleService.java
@ -22,15 +22,7 @@ import java.util.List;
 public class RoleService {
    @Autowired
    RoleMapper roleMapper;
-    public void addRole(String name){
+
        roleMapper.addRole(name);
    }
    public void deleteRole(String name){
        roleMapper.deleteRole(name);
    }
    public void updateRole(String name,String newName){
        roleMapper.updateRole(name,newName);
    }
    public List<User> findAllUsersWithRoles(){
        return roleMapper.selectAllUsersWithRoles();
    }
@ -46,4 +38,15 @@ public class RoleService {
    }
    public boolean isRoleNameAdmin(Integer id) {
        List<Role> roles = roleMapper.selectRolesById(id);
        for (Role role : roles) {
            if (role.getRoleName().equals("admin")) {
                return true;
            }
        }
        return false;
    }
 }