From 87f374d184541dcb901260d1f2a657a3ec12e266 Mon Sep 17 00:00:00 2001 From: zhouhao Date: Wed, 22 Aug 2018 15:48:34 +0800 Subject: [PATCH] =?UTF-8?q?=E7=A9=BA=E7=9A=84=E6=9D=83=E9=99=90=E9=85=8D?= =?UTF-8?q?=E7=BD=AE=E4=B9=9F=E8=BF=9B=E8=A1=8C=E6=9D=83=E9=99=90=E6=8E=A7?= =?UTF-8?q?=E5=88=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../basic/aop/AopAuthorizingController.java | 71 ++++++++++--------- 1 file changed, 36 insertions(+), 35 deletions(-) diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/AopAuthorizingController.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/AopAuthorizingController.java index 14116886c..9fd9e5d4d 100644 --- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/AopAuthorizingController.java +++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/AopAuthorizingController.java @@ -56,51 +56,52 @@ public class AopAuthorizingController extends StaticMethodMatcherPointcutAdvisor boolean isControl = false; if (null != definition) { Authentication authentication = Authentication.current().orElseThrow(UnAuthorizedException::new); - if (!definition.isEmpty()) { + //空配置也进行权限控制 +// if (!definition.isEmpty()) { - AuthorizingContext context = new AuthorizingContext(); - context.setAuthentication(authentication); - context.setDefinition(definition); - context.setParamContext(paramContext); - isControl = true; + AuthorizingContext context = new AuthorizingContext(); + context.setAuthentication(authentication); + context.setDefinition(definition); + context.setParamContext(paramContext); + isControl = true; - Phased dataAccessPhased = null; - if (definition.getDataAccessDefinition() != null) { - dataAccessPhased = definition.getDataAccessDefinition().getPhased(); + Phased dataAccessPhased = null; + if (definition.getDataAccessDefinition() != null) { + dataAccessPhased = definition.getDataAccessDefinition().getPhased(); + } + if (definition.getPhased() == Phased.before) { + //RDAC before + authorizingHandler.handRBAC(context); + + //方法调用前验证数据权限 + if (dataAccessPhased == Phased.before) { + authorizingHandler.handleDataAccess(context); } - if (definition.getPhased() == Phased.before) { - //RDAC before - authorizingHandler.handRBAC(context); - //方法调用前验证数据权限 - if (dataAccessPhased == Phased.before) { - authorizingHandler.handleDataAccess(context); - } + result = methodInvocation.proceed(); - result = methodInvocation.proceed(); - - //方法调用后验证数据权限 - if (dataAccessPhased == Phased.after) { - context.setParamContext(holder.createParamContext(result)); - authorizingHandler.handleDataAccess(context); - } - } else { - //方法调用前验证数据权限 - if (dataAccessPhased == Phased.before) { - authorizingHandler.handleDataAccess(context); - } - - result = methodInvocation.proceed(); + //方法调用后验证数据权限 + if (dataAccessPhased == Phased.after) { context.setParamContext(holder.createParamContext(result)); + authorizingHandler.handleDataAccess(context); + } + } else { + //方法调用前验证数据权限 + if (dataAccessPhased == Phased.before) { + authorizingHandler.handleDataAccess(context); + } - authorizingHandler.handRBAC(context); + result = methodInvocation.proceed(); + context.setParamContext(holder.createParamContext(result)); - //方法调用后验证数据权限 - if (dataAccessPhased == Phased.after) { - authorizingHandler.handleDataAccess(context); - } + authorizingHandler.handRBAC(context); + + //方法调用后验证数据权限 + if (dataAccessPhased == Phased.after) { + authorizingHandler.handleDataAccess(context); } } +// } } if (!isControl) { result = methodInvocation.proceed();