package com.fdkankan.scene.Interceptor; import cn.hutool.core.collection.CollUtil; import cn.hutool.core.util.StrUtil; import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; import com.fdkankan.common.constant.CommonStatus; import com.fdkankan.common.constant.ErrorCode; import com.fdkankan.common.constant.SceneStatus; import com.fdkankan.common.exception.BusinessException; import com.fdkankan.redis.constant.RedisKey; import com.fdkankan.redis.util.RedisUtil; import com.fdkankan.scene.entity.*; import com.fdkankan.scene.service.*; import com.fdkankan.web.user.SSOLoginHelper; import com.fdkankan.web.user.SSOUser; import com.fdkankan.web.util.WebUtil; import java.io.IOException; import java.util.List; import java.util.Objects; import java.util.Set; import java.util.stream.Collectors; import javax.servlet.http.HttpServletRequest; import lombok.extern.log4j.Log4j2; import org.aspectj.lang.JoinPoint; import org.aspectj.lang.annotation.Aspect; import org.aspectj.lang.annotation.Before; import org.aspectj.lang.annotation.Pointcut; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.core.annotation.Order; import org.springframework.stereotype.Component; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; @Log4j2 @Aspect @Component @Order(101) public class CheckPermitAspect { @Autowired private SSOLoginHelper ssoLoginHelper; @Autowired private RedisUtil redisUtil; @Autowired private IScenePlusService scenePlusService; @Autowired private ISceneCooperationService sceneCooperationService; @Autowired private IRoleService roleService; @Autowired private IUserRoleService userRoleService; @Autowired private IUserService userService; @Autowired private ICameraDetailService cameraDetailService; @Autowired private ISysRoleService sysRoleService; @Pointcut("@annotation(com.fdkankan.scene.annotation.CheckPermit)") public void checkCooperationPermit() { } /** * 前置通知 用于判断用户协作场景是否有协作权限 * * @param joinPoint * 切点 * @throws IOException */ @Before("checkCooperationPermit()") public void doBefore(JoinPoint joinPoint) throws Exception { HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest(); // 读取session中的用户 log.info("token:{}", request.getHeader("token")); SSOUser user = ssoLoginHelper.getSsoUser(request.getHeader("token")); if(Objects.isNull(user)){ throw new BusinessException(ErrorCode.TOKEN_NOT_FOUND); } String num = WebUtil.getParameter("num", joinPoint, request); if(StrUtil.isEmpty(num)){ throw new BusinessException(ErrorCode.PARAM_REQUIRED); } ScenePlus scenePlus= scenePlusService.getScenePlusByNum(num); if(Objects.isNull(scenePlus)){ throw new BusinessException(ErrorCode.FAILURE_CODE_5005); } //如果是计算中或者计算出错,返回计算中 if(SceneStatus.wait.code().equals(scenePlus.getSceneStatus()) || SceneStatus.FAILD.code().equals(scenePlus.getSceneStatus())){ throw new BusinessException(ErrorCode.FAILURE_CODE_5033); } //判断场景的userid是否与当前登录用户id相等,如果相等,则有编辑权限 if(Objects.nonNull(scenePlus.getUserId()) && scenePlus.getUserId().equals(user.getId())){ return; } //如果上面场景用户与当前用户不匹配,需要校验当前用户是否拥有管理员角色,管理员角色可以访问任何场景 List list = userRoleService.list(new LambdaQueryWrapper().eq(UserRole::getUserId, user.getId())); Set roleIdSet = null; if(CollUtil.isNotEmpty(list)){ roleIdSet = list.stream().map(ur -> ur.getRoleId()).collect(Collectors.toSet()); } if(CollUtil.isEmpty(roleIdSet)){ throw new BusinessException(ErrorCode.FAILURE_CODE_5014); } List validRoleList = sysRoleService.getValidRoleByRoleIds(roleIdSet); if(CollUtil.isEmpty(validRoleList)){ throw new BusinessException(ErrorCode.FAILURE_CODE_5014); } boolean isAdmin = validRoleList.stream().anyMatch(sysRole -> sysRole.getRoleType().contains("admin")); if(!isAdmin){ throw new BusinessException(ErrorCode.FAILURE_CODE_5014); } } }