From 0885d9388bdb9498ec0e12e02852f17692f35f9e Mon Sep 17 00:00:00 2001
From: xyli <dev12102@linx-info.com>
Date: Fri, 3 Mar 2023 17:45:54 +0800
Subject: [PATCH] =?UTF-8?q?=E6=9D=83=E9=99=90=E6=8B=A6=E6=88=AA=E5=99=A8?=
 =?UTF-8?q?=E5=AE=9E=E7=8E=B0preHandle=E6=96=B9=E6=B3=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../interceptor/PermissionInterceptor.java    | 57 +++++++++++++++++++
 1 file changed, 57 insertions(+)

diff --git a/src/main/java/mpms/common/interceptor/PermissionInterceptor.java b/src/main/java/mpms/common/interceptor/PermissionInterceptor.java
index 9fc8d53..7bc1bd5 100644
--- a/src/main/java/mpms/common/interceptor/PermissionInterceptor.java
+++ b/src/main/java/mpms/common/interceptor/PermissionInterceptor.java
@@ -54,6 +54,63 @@ public class PermissionInterceptor extends BaseLinxInterceptor {
 		}
 	}
 
+	@Override
+	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, HandlerMethod handlerMethod) throws Exception {
+		this.init();
+		this.addNode(request);
+		UserModel userModel = BaseServerController.getUserModel();
+		if (userModel == null || userModel.isSystemUser()) {
+			// 没有登录、或者超级管理自己放过
+			return true;
+		}
+		SystemPermission systemPermission = handlerMethod.getMethodAnnotation(SystemPermission.class);
+		if (systemPermission != null && !userModel.isSystemUser()) {
+			// 系统管理员权限
+			this.errorMsg(request, response);
+			return false;
+		}
+		//
+		Feature feature = handlerMethod.getBeanType().getAnnotation(Feature.class);
+		if (feature == null || feature.cls() == ClassFeature.NULL) {
+			return true;
+		}
+		ClassFeature classFeature = feature.cls();
+		feature = handlerMethod.getMethodAnnotation(Feature.class);
+		if (feature == null || feature.method() == MethodFeature.NULL) {
+			return true;
+		}
+		MethodFeature method = feature.method();
+//		 判断方法
+		if (roleService.errorMethodPermission(userModel, classFeature, method)) {
+			this.errorMsg(request, response);
+			return false;
+		}
+//		 判断动态权限
+		DynamicData dynamicData = DynamicData.getDynamicData(classFeature);
+		if (dynamicData != null) {
+			// 排除的方法
+			MethodFeature[] excludeMethod = dynamicData.getExcludeMethod();
+			if (excludeMethod != null) {
+				for (MethodFeature methodFeature : excludeMethod) {
+					if (methodFeature == method) {
+						// 排除方法
+						return true;
+					}
+				}
+			}
+			// 动态参数
+			String parameterName = dynamicData.getParameterName();
+			String parameter = request.getParameter(parameterName);
+
+			//新增操作不需要校验是否有动态权限
+			String type = request.getParameter(TYPE);
+			if (TYPE_ADD.equalsIgnoreCase(type) && roleService.canAdd(userModel)) {
+				return true;
+			}
+		}
+
+		return true;
+	}
 
 
 
-- 
Gitee