4dkankan-center-scene/src/main/java/com/fdkankan/scene/Interceptor/CheckPermitAspect.java

package com.fdkankan.scene.Interceptor;

import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.util.StrUtil;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.fdkankan.common.constant.CommonStatus;
import com.fdkankan.common.constant.ErrorCode;
import com.fdkankan.common.constant.SceneStatus;
import com.fdkankan.common.exception.BusinessException;
import com.fdkankan.redis.constant.RedisKey;
import com.fdkankan.redis.util.RedisUtil;
import com.fdkankan.scene.entity.*;
import com.fdkankan.scene.service.*;
import com.fdkankan.web.user.SSOLoginHelper;
import com.fdkankan.web.user.SSOUser;
import com.fdkankan.web.util.WebUtil;
import java.io.IOException;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import lombok.extern.log4j.Log4j2;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.aspectj.lang.annotation.Pointcut;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

@Log4j2
@Aspect
@Component
@Order(101)
public class CheckPermitAspect {

	@Autowired
	private SSOLoginHelper ssoLoginHelper;
	@Autowired
	private RedisUtil redisUtil;
	@Autowired
	private IScenePlusService scenePlusService;
	@Autowired
	private ISceneCooperationService sceneCooperationService;
	@Autowired
	private IRoleService roleService;
	@Autowired
	private IUserRoleService userRoleService;
	@Autowired
	private IUserService userService;
	@Autowired
	private ICameraDetailService cameraDetailService;
	@Autowired
	private ISysRoleService sysRoleService;


	@Pointcut("@annotation(com.fdkankan.scene.annotation.CheckPermit)")
	public void checkCooperationPermit() {
	}

	/**
	 * 前置通知 用于判断用户协作场景是否有协作权限
	 *
	 * @param joinPoint
	 *            切点
	 * @throws IOException
	 */
	@Before("checkCooperationPermit()")
	public void doBefore(JoinPoint joinPoint) throws Exception {
		HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
		// 读取session中的用户
		log.info("token:{}", request.getHeader("token"));
		SSOUser user = ssoLoginHelper.getSsoUser(request.getHeader("token"));
		if(Objects.isNull(user)){
			throw new BusinessException(ErrorCode.TOKEN_NOT_FOUND);
		}
		String num = WebUtil.getParameter("num", joinPoint, request);
		if(StrUtil.isEmpty(num)){
			throw new BusinessException(ErrorCode.PARAM_REQUIRED);
		}

		ScenePlus scenePlus= scenePlusService.getScenePlusByNum(num);
		if(Objects.isNull(scenePlus)){
			throw new BusinessException(ErrorCode.FAILURE_CODE_5005);
		}
		//如果是计算中或者计算出错，返回计算中
		if(SceneStatus.wait.code().equals(scenePlus.getSceneStatus())
				|| SceneStatus.FAILD.code().equals(scenePlus.getSceneStatus())){
			throw new BusinessException(ErrorCode.FAILURE_CODE_5033);
		}

		//判断场景的userid是否与当前登录用户id相等，如果相等，则有编辑权限
		if(Objects.nonNull(scenePlus.getUserId()) && scenePlus.getUserId().equals(user.getId())){
			return;
		}

		//如果上面场景用户与当前用户不匹配，需要校验当前用户是否拥有管理员角色，管理员角色可以访问任何场景
		List<UserRole> list = userRoleService.list(new LambdaQueryWrapper<UserRole>().eq(UserRole::getUserId, user.getId()));
		Set<Long> roleIdSet = null;
		if(CollUtil.isNotEmpty(list)){
			roleIdSet = list.stream().map(ur -> ur.getRoleId()).collect(Collectors.toSet());
		}
		if(CollUtil.isEmpty(roleIdSet)){
			throw new BusinessException(ErrorCode.FAILURE_CODE_5014);
		}

		List<SysRole> validRoleList = sysRoleService.getValidRoleByRoleIds(roleIdSet);
		if(CollUtil.isEmpty(validRoleList)){
			throw new BusinessException(ErrorCode.FAILURE_CODE_5014);
		}

		boolean isAdmin = validRoleList.stream().anyMatch(sysRole -> sysRole.getRoleType().contains("admin"));
		if(!isAdmin){
			throw new BusinessException(ErrorCode.FAILURE_CODE_5014);
		}
	}

}