code-image-backup-public/lilishop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: 用户被禁用、店铺被禁用、管理员被禁用,token未被清除问题处理。

Browse Source
This commit is contained in:
Chopper711
2023-04-19 12:08:47 +08:00
parent 1f21d80dc0
commit 7b6a150bd2
13 changed files with 122 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
seller-api/src/main/java/cn/lili/security/StoreAuthenticationFilter.java
View File

@@ -51,7 +51,8 @@ public class StoreAuthenticationFilter extends BasicAuthenticationFilter {
@SneakyThrows
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException,
ServletException {
//从header中获取jwt
String jwt = request.getHeader(SecurityEnum.HEADER_TOKEN.getValue());
//如果没有token 则return
@@ -89,7 +90,7 @@ public class StoreAuthenticationFilter extends BasicAuthenticationFilter {
AuthUser authUser = new Gson().fromJson(json, AuthUser.class);
//校验redis中是否有权限
if (cache.hasKey(CachePrefix.ACCESS_TOKEN.getPrefix(UserEnums.STORE) + jwt)) {
if (cache.hasKey(CachePrefix.ACCESS_TOKEN.getPrefix(UserEnums.STORE, authUser.getId()) + jwt)) {
//用户角色
List<GrantedAuthority> auths = new ArrayList<>();
auths.add(new SimpleGrantedAuthority("ROLE_" + authUser.getRole().name()));
@@ -124,13 +125,14 @@ public class StoreAuthenticationFilter extends BasicAuthenticationFilter {
//如果不是超级管理员, 则鉴权
if (!authUser.getIsSuper()) {
//获取缓存中的权限
Map<String, List<String>> permission = (Map<String, List<String>>) cache.get(CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.STORE) + authUser.getId());
Map<String, List<String>> permission =
(Map<String, List<String>>) cache.get(CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.STORE) + authUser.getId());
//获取数据(GET 请求)权限
if (request.getMethod().equals(RequestMethod.GET.name())) {
//如果用户的超级权限和查阅权限都不包含当前请求的api
if (match(permission.get(PermissionEnum.SUPER.name()), requestUrl)
||match(permission.get(PermissionEnum.QUERY.name()), requestUrl)) {
|| match(permission.get(PermissionEnum.QUERY.name()), requestUrl)) {
} else {
ResponseUtil.output(response, ResponseUtil.resultMap(false, 400, "权限不足"));
log.error("当前请求路径:{},所拥有权限:{}", requestUrl, JSONUtil.toJsonStr(permission));