fix(订阅模块): 其他用户无法订阅消息修复 (#455)
This commit is contained in:
tancong
GitHub
parent
51f7afc9e1
commit
a780869dd3
|
|
@ -0,0 +1,66 @@
|
|||
package org.jetlinks.community.authorize;
|
||||
|
||||
import lombok.Getter;
|
||||
import lombok.Setter;
|
||||
import org.hswebframework.web.authorization.Authentication;
|
||||
import org.hswebframework.web.authorization.DefaultDimensionType;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.function.Predicate;
|
||||
|
||||
@Getter
|
||||
@Setter
|
||||
public class AuthenticationSpec implements Serializable {
|
||||
|
||||
private static final long serialVersionUID = 3512105446265694264L;
|
||||
|
||||
private RoleSpec role;
|
||||
|
||||
private List<PermissionSpec> permissions;
|
||||
|
||||
@Getter
|
||||
@Setter
|
||||
public static class RoleSpec {
|
||||
private List<String> idList;
|
||||
}
|
||||
|
||||
@Getter
|
||||
@Setter
|
||||
public static class PermissionSpec implements Serializable {
|
||||
private static final long serialVersionUID = 7188197046015343251L;
|
||||
private String id;
|
||||
private List<String> actions;
|
||||
}
|
||||
|
||||
public boolean isGranted(Authentication auth) {
|
||||
return createFilter().test(auth);
|
||||
}
|
||||
|
||||
public Predicate<Authentication> createFilter() {
|
||||
RoleSpec role = this.role;
|
||||
List<PermissionSpec> permissions = this.permissions;
|
||||
List<Predicate<Authentication>> all = new ArrayList<>();
|
||||
|
||||
if (null != role && role.getIdList() != null) {
|
||||
all.add(auth -> auth.hasDimension(DefaultDimensionType.role.getId(), role.getIdList()));
|
||||
}
|
||||
|
||||
if (null != permissions) {
|
||||
for (PermissionSpec permission : permissions) {
|
||||
all.add(auth -> auth.hasPermission(permission.getId(), permission.getActions()));
|
||||
}
|
||||
}
|
||||
|
||||
Predicate<Authentication> temp = null;
|
||||
for (Predicate<Authentication> predicate : all) {
|
||||
if (temp == null) {
|
||||
temp = predicate;
|
||||
} else {
|
||||
temp = temp.and(predicate);
|
||||
}
|
||||
}
|
||||
return temp == null ? auth -> true : temp;
|
||||
}
|
||||
}
|
||||
|
|
@ -11,6 +11,7 @@ import org.hswebframework.web.api.crud.entity.GenericEntity;
|
|||
import org.hswebframework.web.api.crud.entity.RecordCreationEntity;
|
||||
import org.hswebframework.web.crud.annotation.EnableEntityEvent;
|
||||
import org.hswebframework.web.validator.CreateGroup;
|
||||
import org.jetlinks.community.authorize.AuthenticationSpec;
|
||||
import org.jetlinks.community.notify.manager.enums.NotifyChannelState;
|
||||
|
||||
import javax.persistence.Column;
|
||||
|
|
@ -50,6 +51,12 @@ public class NotifySubscriberChannelEntity extends GenericEntity<String> impleme
|
|||
@Schema(description = "通知类型")
|
||||
private String channelProvider;
|
||||
|
||||
@Column
|
||||
@JsonCodec
|
||||
@ColumnType(jdbcType = JDBCType.LONGVARCHAR, javaType = String.class)
|
||||
@Schema(description = "权限范围")
|
||||
private AuthenticationSpec grant;
|
||||
|
||||
@Column
|
||||
@JsonCodec
|
||||
@ColumnType(jdbcType = JDBCType.LONGVARCHAR, javaType = String.class)
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ import org.hswebframework.web.api.crud.entity.GenericEntity;
|
|||
import org.hswebframework.web.api.crud.entity.RecordCreationEntity;
|
||||
import org.hswebframework.web.crud.annotation.EnableEntityEvent;
|
||||
import org.hswebframework.web.validator.CreateGroup;
|
||||
import org.jetlinks.community.authorize.AuthenticationSpec;
|
||||
import org.jetlinks.community.notify.manager.enums.NotifyChannelState;
|
||||
|
||||
import javax.persistence.Column;
|
||||
|
|
@ -43,6 +44,11 @@ public class NotifySubscriberProviderEntity extends GenericEntity<String> implem
|
|||
@Schema(description = "配置信息")
|
||||
private Map<String, Object> configuration;
|
||||
|
||||
@Column
|
||||
@JsonCodec
|
||||
@ColumnType(jdbcType = JDBCType.LONGVARCHAR, javaType = String.class)
|
||||
@Schema(description = "权限范围")
|
||||
private AuthenticationSpec grant;
|
||||
|
||||
@Column(length = 32)
|
||||
@EnumCodec
|
||||
|
|
|
|||
|
|
@ -551,7 +551,7 @@ public class NotifySubscriberService extends GenericReactiveCrudService<NotifySu
|
|||
|
||||
public synchronized void resubscribe(NotifySubscriberProviderEntity e, Authentication auth) {
|
||||
if (e.getState() == NotifyChannelState.disabled
|
||||
|| (!properties.isAllowAllNotify(auth))) {
|
||||
|| (!properties.isAllowAllNotify(auth) && e.getGrant() != null && !e.getGrant().isGranted(auth))) {
|
||||
removeChannels();
|
||||
} else {
|
||||
//重新设置通知通道
|
||||
|
|
@ -575,7 +575,7 @@ public class NotifySubscriberService extends GenericReactiveCrudService<NotifySu
|
|||
Set<String> newChannels = new HashSet<>(effectNotifyChannel);
|
||||
//通道被禁用或者没有权限则删除此通道
|
||||
if (e.getState() == NotifyChannelState.disabled
|
||||
|| (!properties.isAllowAllNotify(auth))) {
|
||||
|| (!properties.isAllowAllNotify(auth) && e.getGrant() != null && !e.getGrant().isGranted(auth))) {
|
||||
newChannels.remove(e.getId());
|
||||
} else {
|
||||
if (userConfigureNotifyChannels.contains(e.getId())) {
|
||||
|
|
@ -610,6 +610,9 @@ public class NotifySubscriberService extends GenericReactiveCrudService<NotifySu
|
|||
if (channel == null || channel.getState() == NotifyChannelState.disabled) {
|
||||
return false;
|
||||
}
|
||||
if (!properties.isAllowAllNotify(auth) && channel.getGrant() != null) {
|
||||
return channel.getGrant().isGranted(auth);
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ import org.hswebframework.web.authorization.annotation.Resource;
|
|||
|
||||
import org.hswebframework.web.authorization.annotation.SaveAction;
|
||||
import org.hswebframework.web.id.IDGenerator;
|
||||
import org.jetlinks.community.authorize.AuthenticationSpec;
|
||||
import org.jetlinks.community.notify.manager.configuration.NotifySubscriberProperties;
|
||||
import org.jetlinks.community.notify.manager.entity.NotifySubscriberChannelEntity;
|
||||
import org.jetlinks.community.notify.manager.entity.NotifySubscriberProviderEntity;
|
||||
|
|
@ -210,6 +211,8 @@ public class NotifyChannelController {
|
|||
|
||||
private Map<String, Object> configuration;
|
||||
|
||||
private AuthenticationSpec grant;
|
||||
|
||||
private NotifyChannelState state;
|
||||
|
||||
private List<NotifySubscriberChannelEntity> channels = new ArrayList<>();
|
||||
|
|
@ -224,7 +227,7 @@ public class NotifyChannelController {
|
|||
channels
|
||||
.stream()
|
||||
.filter(e -> e.getId() != null &&
|
||||
(properties.isAllowAllNotify(auth)))
|
||||
(properties.isAllowAllNotify(auth) || e.getGrant() == null || e.getGrant().isGranted(auth)))
|
||||
.collect(Collectors.toList())
|
||||
);
|
||||
return info;
|
||||
|
|
@ -236,6 +239,7 @@ public class NotifyChannelController {
|
|||
info.getName(),
|
||||
info.getId(),
|
||||
null,
|
||||
null,
|
||||
NotifyChannelState.disabled,
|
||||
new ArrayList<>());
|
||||
}
|
||||
|
|
@ -270,6 +274,7 @@ public class NotifyChannelController {
|
|||
this.id = provider.getId();
|
||||
this.name = provider.getName();
|
||||
this.provider = provider.getProvider();
|
||||
this.grant = provider.getGrant();
|
||||
this.configuration = provider.getConfiguration();
|
||||
this.state = provider.getState();
|
||||
return this;
|
||||
|
|
|
|||
Loading…
Reference in New Issue