|
|
@@ -1,17 +1,24 @@
|
|
|
package com.uas.platform.b2c.common.account.service.impl;
|
|
|
|
|
|
-import java.util.Iterator;
|
|
|
-import java.util.List;
|
|
|
+import java.util.*;
|
|
|
|
|
|
import com.uas.platform.b2c.common.account.dao.ResourceDao;
|
|
|
+import com.uas.platform.b2c.common.account.dao.ResourceItemDao;
|
|
|
import com.uas.platform.b2c.common.account.model.Resource;
|
|
|
+import com.uas.platform.b2c.common.account.model.ResourceItem;
|
|
|
+import com.uas.platform.b2c.common.account.model.Role;
|
|
|
+import com.uas.platform.b2c.common.account.model.User;
|
|
|
import com.uas.platform.b2c.common.account.service.ResourceService;
|
|
|
+import com.uas.platform.b2c.common.account.service.UserService;
|
|
|
import com.uas.platform.b2c.core.support.SystemSession;
|
|
|
+import com.uas.platform.b2c.trade.support.ResultMap;
|
|
|
import org.apache.commons.collections.CollectionUtils;
|
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
|
import org.springframework.beans.factory.annotation.Value;
|
|
|
import org.springframework.stereotype.Service;
|
|
|
|
|
|
+import javax.servlet.http.HttpServletRequest;
|
|
|
+
|
|
|
|
|
|
@Service
|
|
|
public class ResourceServiceImpl implements ResourceService {
|
|
|
@@ -19,6 +26,11 @@ public class ResourceServiceImpl implements ResourceService {
|
|
|
@Autowired
|
|
|
private ResourceDao resourceDao;
|
|
|
|
|
|
+ @Autowired
|
|
|
+ private UserService userService;
|
|
|
+ @Autowired
|
|
|
+ private ResourceItemDao resourceItemDao;
|
|
|
+
|
|
|
/**
|
|
|
* 商城运营商企业UU号
|
|
|
*/
|
|
|
@@ -53,4 +65,46 @@ public class ResourceServiceImpl implements ResourceService {
|
|
|
return resourceList;
|
|
|
}
|
|
|
|
|
|
+ @Override
|
|
|
+ public ResultMap getAccessResources(HttpServletRequest request, String currUrl, String method) {
|
|
|
+ HashMap<String, Boolean> dataMap = new HashMap<>();
|
|
|
+ dataMap.put("isManager", Boolean.FALSE);
|
|
|
+ dataMap.put("isOpenApi", Boolean.FALSE);
|
|
|
+ dataMap.put("access", Boolean.FALSE);
|
|
|
+ ResultMap resultMap = new ResultMap();
|
|
|
+ resultMap.setData(dataMap);
|
|
|
+ //判断当前用户是否是管理员isManager;
|
|
|
+ User user = (User) request.getSession().getAttribute("user");
|
|
|
+ Long enAdminuu = user.getEnterprise().getEnAdminuu();
|
|
|
+ if (enAdminuu.equals(user.getUserUU()) ) {
|
|
|
+ dataMap.put("isManager", Boolean.TRUE);
|
|
|
+ dataMap.put("access", Boolean.TRUE);
|
|
|
+ return resultMap;
|
|
|
+ }
|
|
|
+ //根据当前权限的url和访问方法到resources表中查询是否有受权限控制
|
|
|
+ List<ResourceItem> currResourceItems = resourceItemDao.findByMethodAndUrl(method, currUrl);
|
|
|
+ if (currResourceItems == null || currResourceItems.size() == 0) {
|
|
|
+ dataMap.put("isOpenApi", Boolean.TRUE);
|
|
|
+ resultMap.setSuccess(true);
|
|
|
+ return resultMap;
|
|
|
+ }
|
|
|
+ ResourceItem currResourceItem = currResourceItems.get(0);
|
|
|
+ //查找用户是否拥有当前资源
|
|
|
+ User curUser = userService.findUserByUserUU(user.getUserUU());
|
|
|
+ Set<Role> roles = curUser.getRoles();
|
|
|
+ HashMap<String, ResourceItem> authItems = new HashMap<>();
|
|
|
+ for (Role role : roles) {
|
|
|
+ if (role.getEnUU().equals(user.getEnterprise().getUu())) {
|
|
|
+ Set<ResourceItem> resourceItems = role.getResourceItems();
|
|
|
+ for (ResourceItem resourceItem : resourceItems) {
|
|
|
+ authItems.put(resourceItem.getDesc(), resourceItem);
|
|
|
+ if (currResourceItem.getMethod().equals(resourceItem.getMethod()) && currResourceItem.getDesc().equals(resourceItem.getDesc())) {
|
|
|
+ dataMap.put("access", Boolean.TRUE);
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+ resultMap.setSuccess(true);
|
|
|
+ return resultMap;
|
|
|
+ }
|
|
|
}
|
zhaohongpeng