FEAT: 直播订单新增权限

fs-admin/src/main/java/com/fs/core/config/LoginContextCallback.java

@@ -61,6 +61,9 @@ public class LoginContextCallback implements com.fs.common.config.LoginContextCa
     public boolean hasPermission(String permission){
         LoginUser loginUser = SecurityUtils.getLoginUser();
         Set<String> permissions = loginUser.getPermissions();
+        if(loginUser.getUser().isAdmin()){
+            return true;
+        }
         return permissions.contains(ALL_PERMISSION) || permissions.contains(StringUtils.trim(permission));
     }
 

fs-admin/src/main/java/com/fs/core/security/filter/JwtAuthenticationTokenFilter.java

@@ -6,7 +6,9 @@ import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import com.fs.common.config.LoginContextManager;
 import com.fs.common.core.redis.RedisCache;
+import com.fs.core.config.LoginContextCallback;
 import com.fs.core.exception.FSException;
 import com.fs.core.security.LoginUser;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -49,7 +51,15 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter
             UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(loginUser, null, loginUser.getAuthorities());
             authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
             SecurityContextHolder.getContext().setAuthentication(authenticationToken);
+
+            // 设置上下文回调
+            LoginContextCallback callback = new LoginContextCallback();
+            LoginContextManager.setContextCallback(callback);
+        }
+        try{
+            chain.doFilter(request, response);
+        }finally {
+            LoginContextManager.clearContext();
         }
-        chain.doFilter(request, response);
     }
 }

fs-company/src/main/java/com/fs/core/config/LoginContextCallback.java

@@ -0,0 +1,110 @@
+// fs-company模块
+package com.fs.core.config;
+
+import com.fs.common.core.domain.entity.SysUser;
+import com.fs.common.enums.DataScopeEnum;
+import com.fs.common.utils.StringUtils;
+import com.fs.company.domain.CompanyUser;
+import com.fs.company.mapper.CompanyRoleMapper;
+import com.fs.core.security.LoginUser;
+import com.fs.core.security.SecurityUtils;
+import org.springframework.beans.BeansException;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.ApplicationContextAware;
+import org.springframework.stereotype.Component;
+
+import java.util.Arrays;
+import java.util.List;
+import java.util.Set;
+import java.util.TreeSet;
+
+/**
+ * 登录上下文回调实现
+ */
+@Component
+public class LoginContextCallback implements com.fs.common.config.LoginContextCallback, ApplicationContextAware {
+
+    private static ApplicationContext applicationContext;
+    /** 所有权限标识 */
+    private static final String ALL_PERMISSION = "*:*:*";
+    @Override
+    public Long getUserId() {
+        LoginUser loginUser = SecurityUtils.getLoginUser();
+        return loginUser != null ? loginUser.getUser().getUserId() : null;
+    }
+
+    @Override
+    public Long getCompanyUserId() {
+        LoginUser loginUser = SecurityUtils.getLoginUser();
+        CompanyUser user = loginUser.getUser();
+        return user != null ? user.getUserId() : null;
+    }
+
+    @Override
+    public String getUsername() {
+        throw new UnsupportedOperationException("Not supported yet.");
+    }
+
+    @Override
+    public String getCompanyUserName() {
+        LoginUser loginUser = SecurityUtils.getLoginUser();
+        return loginUser.getUsername();
+    }
+
+    @Override
+    public Long getCompanyId() {
+        LoginUser loginUser = SecurityUtils.getLoginUser();
+        return loginUser.getUser().getCompanyId();
+    }
+
+    @Override
+    public Long getDeptId() {
+        LoginUser loginUser = SecurityUtils.getLoginUser();
+        CompanyUser user = loginUser.getUser();
+        return user.getDeptId();
+    }
+
+
+    @Override
+    public boolean hasPermission(String permission){
+        LoginUser loginUser = SecurityUtils.getLoginUser();
+        Set<String> permissions = loginUser.getPermissions();
+        if(loginUser.getUser().isAdmin()){
+            return true;
+        }
+        return permissions.contains(ALL_PERMISSION) || permissions.contains(StringUtils.trim(permission));
+    }
+
+
+    @Override
+    public DataScopeEnum getDataScope(){
+        CompanyRoleMapper companyRoleMapper = applicationContext.getBean(CompanyRoleMapper.class);
+        List<String> dataScope = companyRoleMapper.queryCompanyUserDataScope(getCompanyUserId());
+        if (dataScope == null || dataScope.isEmpty()) {
+            return null;
+        }
+        Set<String> dataScopeSet = new TreeSet<>(dataScope);
+
+        // 按优先级顺序检查
+        for (DataScopeEnum scope : Arrays.asList(
+                DataScopeEnum.ALL,
+                DataScopeEnum.CUSTOM,
+                DataScopeEnum.DEPARTMENT,
+                DataScopeEnum.DEPARTMENT_AND_BELOW,
+                DataScopeEnum.SELF_ONLY
+        )) {
+            if (dataScopeSet.contains(scope.getCode())) {
+                return scope;
+            }
+        }
+        return null;
+    }
+
+
+
+
+    @Override
+    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
+        LoginContextCallback.applicationContext = applicationContext;
+    }
+}

fs-company/src/main/java/com/fs/core/security/filter/JwtAuthenticationTokenFilter.java

@@ -6,7 +6,9 @@ import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import com.fs.common.config.LoginContextManager;
 import com.fs.common.core.redis.RedisCache;
+import com.fs.core.config.LoginContextCallback;
 import com.fs.core.exception.FSException;
 import com.fs.core.security.LoginUser;
 import com.fs.core.web.service.TokenService;
@@ -22,8 +24,8 @@ import com.fs.common.utils.StringUtils;
 
 /**
  * token过滤器 验证token有效性
- * 
- 
+ *
+
  */
 @Component
 public class JwtAuthenticationTokenFilter extends OncePerRequestFilter
@@ -43,7 +45,16 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter
             UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(loginUser, null, loginUser.getAuthorities());
             authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
             SecurityContextHolder.getContext().setAuthentication(authenticationToken);
+
+            // 设置上下文回调
+            LoginContextCallback callback = new LoginContextCallback();
+            LoginContextManager.setContextCallback(callback);
+
+        }
+        try{
+            chain.doFilter(request, response);
+        }finally {
+            LoginContextManager.clearContext();
         }
-        chain.doFilter(request, response);
     }
 }

fs-service-system/src/main/java/com/fs/company/mapper/CompanyRoleMapper.java

@@ -1,20 +1,22 @@
 package com.fs.company.mapper;
 
 import com.fs.company.domain.CompanyRole;
+import org.apache.ibatis.annotations.Param;
+import org.apache.ibatis.annotations.Select;
 
 import java.util.List;
 
 /**
  * 角色信息Mapper接口
- * 
+ *
  * @author fs
  * @date 2021-05-25
  */
-public interface CompanyRoleMapper 
+public interface CompanyRoleMapper
 {
     /**
      * 查询角色信息
-     * 
+     *
      * @param roleId 角色信息ID
      * @return 角色信息
      */
@@ -22,7 +24,7 @@ public interface CompanyRoleMapper
 
     /**
      * 查询角色信息列表
-     * 
+     *
      * @param companyRole 角色信息
      * @return 角色信息集合
      */
@@ -30,7 +32,7 @@ public interface CompanyRoleMapper
 
     /**
      * 新增角色信息
-     * 
+     *
      * @param companyRole 角色信息
      * @return 结果
      */
@@ -38,7 +40,7 @@ public interface CompanyRoleMapper
 
     /**
      * 修改角色信息
-     * 
+     *
      * @param companyRole 角色信息
      * @return 结果
      */
@@ -46,7 +48,7 @@ public interface CompanyRoleMapper
 
     /**
      * 删除角色信息
-     * 
+     *
      * @param roleId 角色信息ID
      * @return 结果
      */
@@ -54,7 +56,7 @@ public interface CompanyRoleMapper
 
     /**
      * 批量删除角色信息
-     * 
+     *
      * @param roleIds 需要删除的数据ID
      * @return 结果
      */
@@ -69,4 +71,9 @@ public interface CompanyRoleMapper
     CompanyRole checkRoleKeyUnique(String roleKey);
 
     List<Integer> selectRoleListByUserId(Long userId);
+
+    @Select("select distinct cr.data_scope from company_user_role cur\n" +
+            "          inner join company_role cr on cur.role_id=cr.role_id\n" +
+            "        where cur.user_id = #{companyUserId}")
+    List<String> queryCompanyUserDataScope(@Param("companyUserId") Long companyUserId);
 }