From a780869dd3e29dff83881d7d776258f060efbf4b Mon Sep 17 00:00:00 2001 From: tancong <130981800+tancongsir@users.noreply.github.com> Date: Tue, 12 Dec 2023 17:39:32 +0800 Subject: [PATCH] =?UTF-8?q?fix(=E8=AE=A2=E9=98=85=E6=A8=A1=E5=9D=97):=20?= =?UTF-8?q?=E5=85=B6=E4=BB=96=E7=94=A8=E6=88=B7=E6=97=A0=E6=B3=95=E8=AE=A2?= =?UTF-8?q?=E9=98=85=E6=B6=88=E6=81=AF=E4=BF=AE=E5=A4=8D=20(#455)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../authorize/AuthenticationSpec.java | 66 +++++++++++++++++++ .../entity/NotifySubscriberChannelEntity.java | 7 ++ .../NotifySubscriberProviderEntity.java | 6 ++ .../service/NotifySubscriberService.java | 7 +- .../manager/web/NotifyChannelController.java | 7 +- 5 files changed, 90 insertions(+), 3 deletions(-) create mode 100644 jetlinks-components/common-component/src/main/java/org/jetlinks/community/authorize/AuthenticationSpec.java diff --git a/jetlinks-components/common-component/src/main/java/org/jetlinks/community/authorize/AuthenticationSpec.java b/jetlinks-components/common-component/src/main/java/org/jetlinks/community/authorize/AuthenticationSpec.java new file mode 100644 index 00000000..83911f1e --- /dev/null +++ b/jetlinks-components/common-component/src/main/java/org/jetlinks/community/authorize/AuthenticationSpec.java @@ -0,0 +1,66 @@ +package org.jetlinks.community.authorize; + +import lombok.Getter; +import lombok.Setter; +import org.hswebframework.web.authorization.Authentication; +import org.hswebframework.web.authorization.DefaultDimensionType; + +import java.io.Serializable; +import java.util.ArrayList; +import java.util.List; +import java.util.function.Predicate; + +@Getter +@Setter +public class AuthenticationSpec implements Serializable { + + private static final long serialVersionUID = 3512105446265694264L; + + private RoleSpec role; + + private List permissions; + + @Getter + @Setter + public static class RoleSpec { + private List idList; + } + + @Getter + @Setter + public static class PermissionSpec implements Serializable { + private static final long serialVersionUID = 7188197046015343251L; + private String id; + private List actions; + } + + public boolean isGranted(Authentication auth) { + return createFilter().test(auth); + } + + public Predicate createFilter() { + RoleSpec role = this.role; + List permissions = this.permissions; + List> all = new ArrayList<>(); + + if (null != role && role.getIdList() != null) { + all.add(auth -> auth.hasDimension(DefaultDimensionType.role.getId(), role.getIdList())); + } + + if (null != permissions) { + for (PermissionSpec permission : permissions) { + all.add(auth -> auth.hasPermission(permission.getId(), permission.getActions())); + } + } + + Predicate temp = null; + for (Predicate predicate : all) { + if (temp == null) { + temp = predicate; + } else { + temp = temp.and(predicate); + } + } + return temp == null ? auth -> true : temp; + } +} diff --git a/jetlinks-manager/notify-manager/src/main/java/org/jetlinks/community/notify/manager/entity/NotifySubscriberChannelEntity.java b/jetlinks-manager/notify-manager/src/main/java/org/jetlinks/community/notify/manager/entity/NotifySubscriberChannelEntity.java index 3f1bba7c..efce2dcf 100644 --- a/jetlinks-manager/notify-manager/src/main/java/org/jetlinks/community/notify/manager/entity/NotifySubscriberChannelEntity.java +++ b/jetlinks-manager/notify-manager/src/main/java/org/jetlinks/community/notify/manager/entity/NotifySubscriberChannelEntity.java @@ -11,6 +11,7 @@ import org.hswebframework.web.api.crud.entity.GenericEntity; import org.hswebframework.web.api.crud.entity.RecordCreationEntity; import org.hswebframework.web.crud.annotation.EnableEntityEvent; import org.hswebframework.web.validator.CreateGroup; +import org.jetlinks.community.authorize.AuthenticationSpec; import org.jetlinks.community.notify.manager.enums.NotifyChannelState; import javax.persistence.Column; @@ -50,6 +51,12 @@ public class NotifySubscriberChannelEntity extends GenericEntity impleme @Schema(description = "通知类型") private String channelProvider; + @Column + @JsonCodec + @ColumnType(jdbcType = JDBCType.LONGVARCHAR, javaType = String.class) + @Schema(description = "权限范围") + private AuthenticationSpec grant; + @Column @JsonCodec @ColumnType(jdbcType = JDBCType.LONGVARCHAR, javaType = String.class) diff --git a/jetlinks-manager/notify-manager/src/main/java/org/jetlinks/community/notify/manager/entity/NotifySubscriberProviderEntity.java b/jetlinks-manager/notify-manager/src/main/java/org/jetlinks/community/notify/manager/entity/NotifySubscriberProviderEntity.java index d42b3c18..071e50a1 100644 --- a/jetlinks-manager/notify-manager/src/main/java/org/jetlinks/community/notify/manager/entity/NotifySubscriberProviderEntity.java +++ b/jetlinks-manager/notify-manager/src/main/java/org/jetlinks/community/notify/manager/entity/NotifySubscriberProviderEntity.java @@ -11,6 +11,7 @@ import org.hswebframework.web.api.crud.entity.GenericEntity; import org.hswebframework.web.api.crud.entity.RecordCreationEntity; import org.hswebframework.web.crud.annotation.EnableEntityEvent; import org.hswebframework.web.validator.CreateGroup; +import org.jetlinks.community.authorize.AuthenticationSpec; import org.jetlinks.community.notify.manager.enums.NotifyChannelState; import javax.persistence.Column; @@ -43,6 +44,11 @@ public class NotifySubscriberProviderEntity extends GenericEntity implem @Schema(description = "配置信息") private Map configuration; + @Column + @JsonCodec + @ColumnType(jdbcType = JDBCType.LONGVARCHAR, javaType = String.class) + @Schema(description = "权限范围") + private AuthenticationSpec grant; @Column(length = 32) @EnumCodec diff --git a/jetlinks-manager/notify-manager/src/main/java/org/jetlinks/community/notify/manager/service/NotifySubscriberService.java b/jetlinks-manager/notify-manager/src/main/java/org/jetlinks/community/notify/manager/service/NotifySubscriberService.java index d3778035..514c545a 100644 --- a/jetlinks-manager/notify-manager/src/main/java/org/jetlinks/community/notify/manager/service/NotifySubscriberService.java +++ b/jetlinks-manager/notify-manager/src/main/java/org/jetlinks/community/notify/manager/service/NotifySubscriberService.java @@ -551,7 +551,7 @@ public class NotifySubscriberService extends GenericReactiveCrudService newChannels = new HashSet<>(effectNotifyChannel); //通道被禁用或者没有权限则删除此通道 if (e.getState() == NotifyChannelState.disabled - || (!properties.isAllowAllNotify(auth))) { + || (!properties.isAllowAllNotify(auth) && e.getGrant() != null && !e.getGrant().isGranted(auth))) { newChannels.remove(e.getId()); } else { if (userConfigureNotifyChannels.contains(e.getId())) { @@ -610,6 +610,9 @@ public class NotifySubscriberService extends GenericReactiveCrudService configuration; + private AuthenticationSpec grant; + private NotifyChannelState state; private List channels = new ArrayList<>(); @@ -224,7 +227,7 @@ public class NotifyChannelController { channels .stream() .filter(e -> e.getId() != null && - (properties.isAllowAllNotify(auth))) + (properties.isAllowAllNotify(auth) || e.getGrant() == null || e.getGrant().isGranted(auth))) .collect(Collectors.toList()) ); return info; @@ -236,6 +239,7 @@ public class NotifyChannelController { info.getName(), info.getId(), null, + null, NotifyChannelState.disabled, new ArrayList<>()); } @@ -270,6 +274,7 @@ public class NotifyChannelController { this.id = provider.getId(); this.name = provider.getName(); this.provider = provider.getProvider(); + this.grant = provider.getGrant(); this.configuration = provider.getConfiguration(); this.state = provider.getState(); return this;