优化同时存在角色和权限控制的逻辑

2026-05-22 17:07:12 +08:00 · 2019-06-26 16:25:08 +08:00
parent 117c168574
commit 95d0409f1f
1 changed files with 8 additions and 2 deletions
--- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/DefaultAuthorizingHandler.java
+++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/DefaultAuthorizingHandler.java
@@ -201,7 +201,10 @@ public class DefaultAuthorizingHandler implements AuthorizingHandler {
            Function<Predicate<Role>, Boolean> func = logicalIsOr
                    ? authentication.getRoles().stream()::anyMatch
                    : authentication.getRoles().stream()::allMatch;
-            access = func.apply(role -> rolesDef.contains(role.getId()));
+
+            access = logicalIsOr
+                    ? access || func.apply(role -> rolesDef.contains(role.getId()))
+                    : access && func.apply(role -> rolesDef.contains(role.getId()));
        }
        //控制用户
        if (!usersDef.isEmpty()) {
@@ -211,7 +214,10 @@ public class DefaultAuthorizingHandler implements AuthorizingHandler {
            Function<Predicate<String>, Boolean> func = logicalIsOr
                    ? usersDef.stream()::anyMatch
                    : usersDef.stream()::allMatch;
-            access = func.apply(authentication.getUser().getUsername()::equals);
+            access = logicalIsOr
+                    ? access || func.apply(authentication.getUser().getUsername()::equals)
+                    : access && func.apply(authentication.getUser().getUsername()::equals);
+
        }
        if (!access) {
            throw new AccessDenyException(definition.getMessage());