修复权限merge无效的问题

2026-06-02 02:43:59 +08:00 · 2017-08-19 17:36:11 +08:00
parent 921ae0a3d4
commit 88f70fe3d4
5 changed files with 36 additions and 18 deletions
--- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/AopAuthorizingController.java
+++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/AopAuthorizingController.java
@@ -30,11 +30,15 @@ public class AopAuthorizingController extends StaticMethodMatcherPointcutAdvisor
            AuthorizeDefinition definition = aopMethodAuthorizeDefinitionParser.parse(paramContext);

            if (null != definition) {
-                AuthorizingContext context = new AuthorizingContext();
-                context.setAuthentication(Authentication.current().orElseThrow(UnAuthorizedException::new));
-                context.setDefinition(definition);
-                context.setParamContext(paramContext);
-                authorizingHandler.handle(context);
+                Authentication authentication = Authentication.current().orElseThrow(UnAuthorizedException::new);
+
+                if (!definition.isEmpty()) {
+                    AuthorizingContext context = new AuthorizingContext();
+                    context.setAuthentication(authentication);
+                    context.setDefinition(definition);
+                    context.setParamContext(paramContext);
+                    authorizingHandler.handle(context);
+                }
            }
            return methodInvocation.proceed();
        });
--- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/DefaultAopMethodAuthorizeDefinitionParser.java
+++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/DefaultAopMethodAuthorizeDefinitionParser.java
@@ -42,14 +42,13 @@ public class DefaultAopMethodAuthorizeDefinitionParser implements AopMethodAutho

        AuthorizeDefinition definition = cache.get(paramContext.getMethod());
        if (definition != null) return definition instanceof EmptyAuthorizeDefinition ? null : definition;
-
        //使用自定义
-        if(!CollectionUtils.isEmpty(parserCustomers)){
-            definition=parserCustomers.stream()
-                    .map(customer->customer.parse(paramContext))
+        if (!CollectionUtils.isEmpty(parserCustomers)) {
+            definition = parserCustomers.stream()
+                    .map(customer -> customer.parse(paramContext))
                    .findAny().orElse(null);
-            if(definition!=null){
-               // cache.put(paramContext.getMethod(), definition);
+            if (definition != null) {
+                // cache.put(paramContext.getMethod(), definition);
                return definition;
            }
        }
@@ -66,24 +65,25 @@ public class DefaultAopMethodAuthorizeDefinitionParser implements AopMethodAutho
            return null;
        }

-        if (methodAuth != null && methodAuth.ignore()) {
+        if ((methodAuth != null && methodAuth.ignore()) || (classAuth != null && classAuth.ignore())) {
            cache.put(paramContext.getMethod(), EmptyAuthorizeDefinition.instance);
            return null;
        }

-
        DefaultBasicAuthorizeDefinition authorizeDefinition = new DefaultBasicAuthorizeDefinition();

-        authorizeDefinition.put(classAuth);
+        if (methodAuth == null || !methodAuth.ignore())
+            authorizeDefinition.put(classAuth);
+
        authorizeDefinition.put(methodAuth);

        authorizeDefinition.put(expression);

        authorizeDefinition.put(classDataAccess);
+
        authorizeDefinition.put(methodDataAccess);

        cache.put(paramContext.getMethod(), authorizeDefinition);
-
        return authorizeDefinition;
    }

--- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/define/DefaultBasicAuthorizeDefinition.java
+++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/define/DefaultBasicAuthorizeDefinition.java
@@ -80,6 +80,10 @@ public class DefaultBasicAuthorizeDefinition implements AuthorizeDefinition {
        return logical;
    }

+    public boolean isEmpty() {
+        return permissions.isEmpty() && roles.isEmpty() && user.isEmpty() && script == null && dataAccessDefinition == null;
+    }
+
    @Override
    public DataAccessDefinition getDataAccessDefinition() {
        return dataAccessDefinition;
--- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/define/EmptyAuthorizeDefinition.java
+++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/define/EmptyAuthorizeDefinition.java
@@ -12,11 +12,14 @@ import java.util.Set;
 */
 public class EmptyAuthorizeDefinition implements AuthorizeDefinition {

-    public static final EmptyAuthorizeDefinition instance=new EmptyAuthorizeDefinition();
-    private EmptyAuthorizeDefinition(){}
+    public static final EmptyAuthorizeDefinition instance = new EmptyAuthorizeDefinition();
+
+    private EmptyAuthorizeDefinition() {
+    }
+
    @Override
    public int getPriority() {
-       throw new UnsupportedOperationException();
+        throw new UnsupportedOperationException();
    }

    @Override
@@ -59,6 +62,11 @@ public class EmptyAuthorizeDefinition implements AuthorizeDefinition {
        throw new UnsupportedOperationException();
    }

+    @Override
+    public boolean isEmpty() {
+        return true;
+    }
+
    @Override
    public DataAccessDefinition getDataAccessDefinition() {
        throw new UnsupportedOperationException();