优化响应式数据权限

2026-06-04 11:52:41 +08:00 · 2019-11-16 12:18:26 +08:00
parent 4c220f7139
commit 343e2bed9b
12 changed files with 249 additions and 169 deletions
--- a/hsweb-authorization/hsweb-authorization-basic/src/test/java/org/hswebframework/web/authorization/basic/aop/AopAuthorizingControllerTest.java
+++ b/hsweb-authorization/hsweb-authorization-basic/src/test/java/org/hswebframework/web/authorization/basic/aop/AopAuthorizingControllerTest.java
@@ -1,13 +1,17 @@
 package org.hswebframework.web.authorization.basic.aop;

+import org.hswebframework.ezorm.core.param.Param;
+import org.hswebframework.ezorm.core.param.QueryParam;
 import org.hswebframework.web.authorization.Authentication;
 import org.hswebframework.web.authorization.ReactiveAuthenticationHolder;
 import org.hswebframework.web.authorization.ReactiveAuthenticationSupplier;
 import org.hswebframework.web.authorization.User;
+import org.hswebframework.web.authorization.basic.handler.access.FieldFilterDataAccessHandler;
 import org.hswebframework.web.authorization.basic.web.ReactiveUserTokenParser;
 import org.hswebframework.web.authorization.exception.AccessDenyException;
 import org.hswebframework.web.authorization.exception.UnAuthorizedException;
 import org.hswebframework.web.authorization.simple.SimpleAuthentication;
+import org.hswebframework.web.authorization.simple.SimpleFieldFilterDataAccessConfig;
 import org.hswebframework.web.authorization.simple.SimplePermission;
 import org.hswebframework.web.authorization.simple.SimpleUser;
 import org.hswebframework.web.authorization.token.ParsedToken;
@@ -25,6 +29,7 @@ import reactor.test.StepVerifier;

 import java.util.Arrays;
 import java.util.Collections;
+import java.util.HashSet;

 import static org.junit.Assert.*;

@@ -69,4 +74,43 @@ public class AopAuthorizingControllerTest {
                .expectNext("403")
                .verifyComplete();
    }
+
+    @Test
+    public void testFiledDeny(){
+        SimpleAuthentication authentication = new SimpleAuthentication();
+
+        SimpleFieldFilterDataAccessConfig config=new SimpleFieldFilterDataAccessConfig();
+        config.setAction("query");
+        config.setFields(new HashSet<>(Arrays.asList("name")));
+
+        authentication.setUser(SimpleUser.builder().id("test").username("test").build());
+        authentication.setPermissions(Arrays.asList(SimplePermission.builder()
+                .actions(Collections.singleton("query"))
+                .dataAccesses(Collections.singleton(config))
+                .id("test").build()));
+
+        ReactiveAuthenticationHolder.addSupplier(new ReactiveAuthenticationSupplier() {
+            @Override
+            public Mono<Authentication> get(String userId) {
+                return Mono.empty();
+            }
+
+            @Override
+            public Mono<Authentication> get() {
+                return Mono.just(authentication);
+            }
+        });
+
+        testController.queryUser(new QueryParam())
+                .map(Param::getExcludes)
+                .as(StepVerifier::create)
+                .expectNextMatches(f->f.contains("name"))
+                .verifyComplete();
+
+        testController.queryUser(Mono.just(new QueryParam()))
+                .map(Param::getExcludes)
+                .as(StepVerifier::create)
+                .expectNextMatches(f->f.contains("name"))
+                .verifyComplete();
+    }
 }
--- a/hsweb-authorization/hsweb-authorization-basic/src/test/java/org/hswebframework/web/authorization/basic/aop/TestController.java
+++ b/hsweb-authorization/hsweb-authorization-basic/src/test/java/org/hswebframework/web/authorization/basic/aop/TestController.java
@@ -1,10 +1,10 @@
 package org.hswebframework.web.authorization.basic.aop;

+import org.hswebframework.ezorm.core.param.QueryParam;
 import org.hswebframework.web.authorization.Authentication;
 import org.hswebframework.web.authorization.User;
-import org.hswebframework.web.authorization.annotation.Authorize;
-import org.hswebframework.web.authorization.annotation.QueryAction;
-import org.hswebframework.web.authorization.annotation.Resource;
+import org.hswebframework.web.authorization.access.DataAccessConfig;
+import org.hswebframework.web.authorization.annotation.*;
 import org.hswebframework.web.authorization.define.Phased;
 import org.hswebframework.web.authorization.exception.UnAuthorizedException;
 import org.springframework.web.bind.annotation.RestController;
@@ -27,4 +27,16 @@ public class TestController {
                .switchIfEmpty(Mono.error(new UnAuthorizedException()))
                .map(Authentication::getUser);
    }
+
+    @QueryAction(dataAccess = @DataAccess(type = @DataAccessType(id= DataAccessConfig.DefaultType.DENY_FIELDS,name = "禁止访问字段")))
+    public Mono<QueryParam> queryUser(QueryParam queryParam) {
+        return Mono.just(queryParam);
+    }
+
+    @QueryAction(dataAccess = @DataAccess(type = @DataAccessType(id= DataAccessConfig.DefaultType.DENY_FIELDS,name = "禁止访问字段")))
+    public Mono<QueryParam> queryUser(Mono<QueryParam> queryParam) {
+        return queryParam;
+    }
+
+
 }