From 32e76cdf82782b88b926d95e3dba65772b92db40 Mon Sep 17 00:00:00 2001 From: fit2cloud-chenyw Date: Tue, 21 Jun 2022 14:39:40 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20api=E6=9D=83=E9=99=90=E9=94=99=E8=AF=AF?= =?UTF-8?q?=E6=8F=90=E7=A4=BA=E5=9B=BD=E9=99=85=E5=8C=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../aop/DePermissionAnnotationHandler.java | 128 ++++++++++-------- .../auth/aop/DePermissionProxyHandler.java | 1 - .../resources/i18n/messages_en_US.properties | 25 ++++ .../resources/i18n/messages_zh_CN.properties | 25 +++- .../resources/i18n/messages_zh_TW.properties | 27 +++- 5 files changed, 150 insertions(+), 56 deletions(-) diff --git a/backend/src/main/java/io/dataease/auth/aop/DePermissionAnnotationHandler.java b/backend/src/main/java/io/dataease/auth/aop/DePermissionAnnotationHandler.java index 8756836a95..7e3e722c7a 100644 --- a/backend/src/main/java/io/dataease/auth/aop/DePermissionAnnotationHandler.java +++ b/backend/src/main/java/io/dataease/auth/aop/DePermissionAnnotationHandler.java @@ -4,9 +4,13 @@ import io.dataease.auth.annotation.DePermission; import io.dataease.auth.annotation.DePermissions; import io.dataease.auth.entity.AuthItem; import io.dataease.auth.util.ReflectUtil; +import io.dataease.commons.constants.DePermissionType; import io.dataease.commons.utils.AuthUtils; -import io.dataease.commons.utils.LogUtil; +import io.dataease.dto.log.FolderItem; +import io.dataease.i18n.Translator; +import io.dataease.service.sys.log.LogManager; import org.apache.commons.lang3.ObjectUtils; +import org.apache.commons.lang3.StringUtils; import org.apache.shiro.authz.UnauthorizedException; import org.apache.shiro.authz.annotation.Logical; import org.aspectj.lang.ProceedingJoinPoint; @@ -15,6 +19,7 @@ import org.aspectj.lang.annotation.Aspect; import org.aspectj.lang.reflect.MethodSignature; import org.springframework.stereotype.Component; +import javax.annotation.Resource; import java.lang.reflect.Array; import java.lang.reflect.Method; import java.util.*; @@ -24,6 +29,9 @@ import java.util.stream.Collectors; @Component public class DePermissionAnnotationHandler { + @Resource + private LogManager logManager; + @Around(value = "@annotation(io.dataease.auth.annotation.DePermissions)") public Object PermissionsAround(ProceedingJoinPoint point) throws Throwable { @@ -31,66 +39,59 @@ public class DePermissionAnnotationHandler { return point.proceed(point.getArgs()); } Boolean access = false; - try { - MethodSignature ms = (MethodSignature) point.getSignature(); - Method method = ms.getMethod(); - DePermissions annotation = method.getAnnotation(DePermissions.class); - Logical logical = annotation.logical(); - DePermission[] dePermissions = annotation.value(); - Object[] args = point.getArgs(); - if (logical == Logical.AND) { - access = true; - for (int i = 0; i < dePermissions.length; i++) { - DePermission permission = dePermissions[i]; - boolean currentAccess = access(args[permission.paramIndex()], permission, 0); - if (!currentAccess) { - access = false; - break; - } - } - } else { - List exceptions = new ArrayList<>(); - for (int i = 0; i < dePermissions.length; i++) { - DePermission permission = dePermissions[i]; - try { - boolean currentAccess = access(args[permission.paramIndex()], permission, 0); - if (currentAccess) { - access = true; - break; - } - } catch (Exception e) { - exceptions.add(e); - } - } - if (!access && exceptions.size() > 0) { - throw exceptions.get(0); + MethodSignature ms = (MethodSignature) point.getSignature(); + Method method = ms.getMethod(); + DePermissions annotation = method.getAnnotation(DePermissions.class); + Logical logical = annotation.logical(); + DePermission[] dePermissions = annotation.value(); + Object[] args = point.getArgs(); + if (logical == Logical.AND) { + access = true; + for (int i = 0; i < dePermissions.length; i++) { + DePermission permission = dePermissions[i]; + boolean currentAccess = access(args[permission.paramIndex()], permission, 0); + if (!currentAccess) { + access = false; + break; } } - } catch (Throwable throwable) { - LogUtil.error(throwable.getMessage(), throwable); - throw new RuntimeException(throwable.getMessage()); + } else { + List exceptions = new ArrayList<>(); + for (int i = 0; i < dePermissions.length; i++) { + DePermission permission = dePermissions[i]; + try { + boolean currentAccess = access(args[permission.paramIndex()], permission, 0); + if (currentAccess) { + access = true; + break; + } + } catch (Exception e) { + exceptions.add(e); + } + } + if (!access && exceptions.size() > 0) { + throw exceptions.get(0); + } } + return access ? point.proceed(point.getArgs()) : null; } @Around(value = "@annotation(io.dataease.auth.annotation.DePermission)") public Object PermissionAround(ProceedingJoinPoint point) throws Throwable { Boolean access = false; - try { - if (AuthUtils.getUser().getIsAdmin()) { - return point.proceed(point.getArgs()); - } - MethodSignature ms = (MethodSignature) point.getSignature(); - Method method = ms.getMethod(); - DePermission annotation = method.getAnnotation(DePermission.class); - Object arg = point.getArgs()[annotation.paramIndex()]; - if (access(arg, annotation, 0)) { - access = true; - } - } catch (Throwable throwable) { - LogUtil.error(throwable.getMessage(), throwable); - throw new RuntimeException(throwable.getMessage()); + + if (AuthUtils.getUser().getIsAdmin()) { + return point.proceed(point.getArgs()); } + MethodSignature ms = (MethodSignature) point.getSignature(); + Method method = ms.getMethod(); + DePermission annotation = method.getAnnotation(DePermission.class); + Object arg = point.getArgs()[annotation.paramIndex()]; + if (access(arg, annotation, 0)) { + access = true; + } + return access ? point.proceed(point.getArgs()) : null; } @@ -107,8 +108,7 @@ public class DePermissionAnnotationHandler { boolean permissionValid = resourceIds.contains(arg); if (permissionValid) return true; - throw new UnauthorizedException("Subject does not have permission[" + annotation.level().name() + ":" - + annotation.type() + ":" + arg + "]"); + throw new UnauthorizedException(msgI18n(arg, annotation)); } else if (ReflectUtil.isArray(parameterType)) { for (int i = 0; i < Array.getLength(arg); i++) { Object o = Array.get(arg, i); @@ -139,4 +139,26 @@ public class DePermissionAnnotationHandler { } return true; } + + private String msgI18n(Object arg, DePermission annotation) { + int sourceTypeValue = 0; + DePermissionType type = annotation.type(); + if (type == DePermissionType.DATASOURCE) { + sourceTypeValue = 1; + } + if (type == DePermissionType.DATASET) { + sourceTypeValue = 2; + } + if (type == DePermissionType.PANEL) { + sourceTypeValue = 3; + } + String name = arg.toString(); + if (sourceTypeValue > 0) { + FolderItem sourceInfo = logManager.nameWithId(arg.toString(), sourceTypeValue); + if (ObjectUtils.isNotEmpty(sourceInfo)) + name = StringUtils.isNotBlank(sourceInfo.getName()) ? sourceInfo.getName() : arg.toString(); + } + String msg = Translator.get("I18N_NO_PERMISSION") + "[" + Translator.get("I18N_" + annotation.level().name()) + ": " + Translator.get("SOURCE_TYPE_" + annotation.type().name()) + ": " + name + "]," + Translator.get("I18N_PLEASE_CONCAT_ADMIN"); + return msg; + } } diff --git a/backend/src/main/java/io/dataease/auth/aop/DePermissionProxyHandler.java b/backend/src/main/java/io/dataease/auth/aop/DePermissionProxyHandler.java index b37dc86f11..386bd8e98c 100644 --- a/backend/src/main/java/io/dataease/auth/aop/DePermissionProxyHandler.java +++ b/backend/src/main/java/io/dataease/auth/aop/DePermissionProxyHandler.java @@ -44,7 +44,6 @@ public class DePermissionProxyHandler { return point.proceed(args); } catch (Throwable throwable) { LogUtil.error(throwable.getMessage(), throwable); - /* throw new RuntimeException(throwable.getMessage()); */ DataEaseException.throwException(throwable); } finally { AuthUtils.cleanProxyUser(); diff --git a/backend/src/main/resources/i18n/messages_en_US.properties b/backend/src/main/resources/i18n/messages_en_US.properties index 511fc52823..58413830be 100644 --- a/backend/src/main/resources/i18n/messages_en_US.properties +++ b/backend/src/main/resources/i18n/messages_en_US.properties @@ -163,3 +163,28 @@ i18n_user_not_exist=user does not exist i18n_default_login_reset=Switched back to default login mode + +I18N_COMMON_LEVEL_USE=Consult + +I18N_PANNEL_LEVEL_VIEW=Consult +I18N_PANNEL_LEVEL_EXPORT=Export +I18N_PANNEL_LEVEL_MANAGE=Manage +I18N_PANNEL_LEVEL_GRANT=Grant + +I18N_DATASET_LEVEL_USE=Consult +I18N_DATASET_LEVEL_MANAGE=Manage +I18N_DATASET_LEVEL_GRANT=Grant + +I18N_LINK_LEVEL_USE=Consult +I18N_LINK_LEVEL_MANAGE=Manage +I18N_LINK_LEVEL_GRANT=Grant + +I18N_DATASOURCE_LEVEL_USE=Consult +I18N_DATASOURCE_LEVEL_MANAGE=Manage +I18N_DATASOURCE_LEVEL_GRANT=Grant + +I18N_NO_PERMISSION=You do not have permission to + +I18N_PLEASE_CONCAT_ADMIN=Please contact the administrator for authorization + + diff --git a/backend/src/main/resources/i18n/messages_zh_CN.properties b/backend/src/main/resources/i18n/messages_zh_CN.properties index eacdf7fdc1..a79c70d0b5 100644 --- a/backend/src/main/resources/i18n/messages_zh_CN.properties +++ b/backend/src/main/resources/i18n/messages_zh_CN.properties @@ -166,4 +166,27 @@ i18n_not_admin_error=不是管理员账号 i18n_user_not_exist=用户不存在 -i18n_default_login_reset=已切换回默认登录方式 \ No newline at end of file +i18n_default_login_reset=已切换回默认登录方式 + +I18N_COMMON_LEVEL_USE=查看 + +I18N_PANNEL_LEVEL_VIEW=查看 +I18N_PANNEL_LEVEL_EXPORT=导出 +I18N_PANNEL_LEVEL_MANAGE=管理 +I18N_PANNEL_LEVEL_GRANT=授权 + +I18N_DATASET_LEVEL_USE=查看 +I18N_DATASET_LEVEL_MANAGE=管理 +I18N_DATASET_LEVEL_GRANT=授权 + +I18N_LINK_LEVEL_USE=查看 +I18N_LINK_LEVEL_MANAGE=管理 +I18N_LINK_LEVEL_GRANT=授权 + +I18N_DATASOURCE_LEVEL_USE=查看 +I18N_DATASOURCE_LEVEL_MANAGE=管理 +I18N_DATASOURCE_LEVEL_GRANT=授权 + +I18N_NO_PERMISSION=当前用户没有权限 + +I18N_PLEASE_CONCAT_ADMIN=请联系管理员开通 diff --git a/backend/src/main/resources/i18n/messages_zh_TW.properties b/backend/src/main/resources/i18n/messages_zh_TW.properties index e839966095..d322edc322 100644 --- a/backend/src/main/resources/i18n/messages_zh_TW.properties +++ b/backend/src/main/resources/i18n/messages_zh_TW.properties @@ -159,4 +159,29 @@ I18N_DRIVER_NOT_FOUND=未找到驅動 i18n_not_admin_error=不是管理員賬號 i18n_user_not_exist=用戶不存在 -i18n_default_login_reset=已切換回默認登錄方式 \ No newline at end of file +i18n_default_login_reset=已切換回默認登錄方式 + + + +I18N_COMMON_LEVEL_USE=查看 + +I18N_PANNEL_LEVEL_VIEW=查看 +I18N_PANNEL_LEVEL_EXPORT=導出 +I18N_PANNEL_LEVEL_MANAGE=管理 +I18N_PANNEL_LEVEL_GRANT=授權 + +I18N_DATASET_LEVEL_USE=查看 +I18N_DATASET_LEVEL_MANAGE=管理 +I18N_DATASET_LEVEL_GRANT=授權 + +I18N_LINK_LEVEL_USE=查看 +I18N_LINK_LEVEL_MANAGE=管理 +I18N_LINK_LEVEL_GRANT=授權 + +I18N_DATASOURCE_LEVEL_USE=查看 +I18N_DATASOURCE_LEVEL_MANAGE=管理 +I18N_DATASOURCE_LEVEL_GRANT=授權 + +I18N_NO_PERMISSION=當前用戶沒有權限 + +I18N_PLEASE_CONCAT_ADMIN=請聯系管理員開通 \ No newline at end of file