From dba67fa0c02477958bf3846cfbc352feb2a74ac4 Mon Sep 17 00:00:00 2001
From: zhouhao <zh.sqy@qq.com>
Date: Tue, 25 Sep 2018 11:24:13 +0800
Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E9=80=9A=E8=BF=87=E9=85=8D?=
 =?UTF-8?q?=E7=BD=AE=E6=96=87=E4=BB=B6=E8=BF=9B=E8=A1=8C=E8=87=AA=E5=AE=9A?=
 =?UTF-8?q?=E4=B9=89=E6=8E=88=E6=9D=83=E6=8E=A7=E5=88=B6:=20hsweb.authoriz?=
 =?UTF-8?q?e.allows.users.admin:=20**.*=20(=E8=A1=A8=E8=BE=BE=E5=BC=8F?=
 =?UTF-8?q?=E4=B8=BAantPathMatcher,=E5=8C=B9=E9=85=8D=E5=AF=B9=E5=BA=94?=
 =?UTF-8?q?=E7=9A=84controller=E7=B1=BB=E5=85=A8=E5=90=8D+=E6=96=B9?=
 =?UTF-8?q?=E6=B3=95=E5=90=8D)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../AuthorizingHandlerAutoConfiguration.java  |  7 ++
 .../handler/UserAllowPermissionHandler.java   | 75 +++++++++++++++++++
 2 files changed, 82 insertions(+)
 create mode 100644 hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/UserAllowPermissionHandler.java

diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/configuration/AuthorizingHandlerAutoConfiguration.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/configuration/AuthorizingHandlerAutoConfiguration.java
index 4deacff3d..9b4bc08b6 100644
--- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/configuration/AuthorizingHandlerAutoConfiguration.java
+++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/configuration/AuthorizingHandlerAutoConfiguration.java
@@ -6,6 +6,7 @@ import org.hswebframework.web.authorization.access.DataAccessHandler;
 import org.hswebframework.web.authorization.basic.aop.AopMethodAuthorizeDefinitionParser;
 import org.hswebframework.web.authorization.basic.embed.EmbedAuthenticationManager;
 import org.hswebframework.web.authorization.basic.handler.DefaultAuthorizingHandler;
+import org.hswebframework.web.authorization.basic.handler.UserAllowPermissionHandler;
 import org.hswebframework.web.authorization.basic.handler.access.DefaultDataAccessController;
 import org.hswebframework.web.authorization.basic.web.*;
 import org.hswebframework.web.authorization.basic.web.session.UserTokenAutoExpiredListener;
@@ -76,6 +77,12 @@ public class AuthorizingHandlerAutoConfiguration {
         return new EmbedAuthenticationManager();
     }
 
+    @Bean
+    @ConditionalOnProperty("hsweb.authorize.allows")
+    public UserAllowPermissionHandler userAllowPermissionHandler() {
+        return new UserAllowPermissionHandler();
+    }
+
     @Bean
     public UserOnSignIn userOnSignIn(UserTokenManager userTokenManager) {
         return new UserOnSignIn(userTokenManager);
diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/UserAllowPermissionHandler.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/UserAllowPermissionHandler.java
new file mode 100644
index 000000000..920f7f8da
--- /dev/null
+++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/UserAllowPermissionHandler.java
@@ -0,0 +1,75 @@
+package org.hswebframework.web.authorization.basic.handler;
+
+import lombok.Getter;
+import lombok.Setter;
+import org.hswebframework.web.authorization.define.AuthorizingContext;
+import org.hswebframework.web.authorization.listener.event.AuthorizingHandleBeforeEvent;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.event.EventListener;
+import org.springframework.util.AntPathMatcher;
+import org.springframework.util.ClassUtils;
+import org.springframework.util.PathMatcher;
+
+import java.util.*;
+
+/**
+ * <pre>
+ *     hsweb:
+ *        authorize:
+ *            allows:
+ *               users:
+ *                  admin: *
+ *                  guest: **.query*
+ *               roles:
+ *                  admin: *
+ *
+ * </pre>
+ *
+ * @author zhouhao
+ * @since 3.0.1
+ */
+@ConfigurationProperties("hsweb.authorize")
+public class UserAllowPermissionHandler {
+
+    @Getter
+    @Setter
+    private Map<String, Map<String, String>> allows = new HashMap<>();
+
+    private PathMatcher pathMatcher = new AntPathMatcher(".");
+
+    @EventListener
+    public void handEvent(AuthorizingHandleBeforeEvent event) {
+        AuthorizingContext context = event.getContext();
+        if (allows.isEmpty()) {
+            return;
+        }
+        // package.method
+        String path = ClassUtils.getUserClass(context.getParamContext()
+                .getTarget())
+                .getName().concat(".")
+                .concat(context.getParamContext()
+                        .getMethod().getName());
+
+        String userId = context.getAuthentication().getUser().getId();
+        boolean allow;
+        allow = Optional.ofNullable(allows.get("users"))
+                .map(users -> users.get(userId))
+                .filter(pattern -> "*".equals(pattern) || pathMatcher.match(pattern, path))
+                .isPresent();
+        if (allow) {
+            event.setAllow(true);
+            return;
+        }
+        allow = context.getAuthentication()
+                .getRoles()
+                .stream()
+                .map(role -> allows.getOrDefault("roles", Collections.emptyMap()).get(role.getId()))
+                .filter(Objects::nonNull)
+                .anyMatch(pattern -> "*".equals(pattern) || pathMatcher.match(pattern, path));
+        if (allow) {
+            event.setAllow(true);
+            return;
+        }
+    }
+
+}