ContiNew/continew-admin
1
1
Fork 0
mirror of https://github.com/continew-org/continew-admin.git synced 2025-11-04 10:57:10 +08:00
Code Issues Packages Projects Releases Wiki Activity

refactor: CRUD Api 忽略排除(放行)路径的权限校验

Browse Source
This commit is contained in:
Charles7c
2025-07-25 22:08:27 +08:00
parent 24f233e2b5
commit 3af43ef6c7
1 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
continew-common/src/main/java/top/continew/admin/common/base/controller/BaseController.java
View File

@@ -22,8 +22,12 @@ import cn.dev33.satoken.context.model.SaRequest;
import cn.dev33.satoken.sign.template.SaSignTemplate; import cn.dev33.satoken.sign.template.SaSignTemplate;
import cn.dev33.satoken.stp.StpUtil; import cn.dev33.satoken.stp.StpUtil;
import cn.hutool.core.annotation.AnnotationUtil; import cn.hutool.core.annotation.AnnotationUtil;
import cn.hutool.extra.spring.SpringUtil;
import top.continew.admin.common.base.service.BaseService; import top.continew.admin.common.base.service.BaseService;
import top.continew.admin.common.config.crud.CrudApiPermissionPrefixCache; import top.continew.admin.common.config.crud.CrudApiPermissionPrefixCache;
import top.continew.starter.auth.satoken.autoconfigure.SaTokenExtensionProperties;
import top.continew.starter.core.util.ServletUtils;
import top.continew.starter.core.util.SpringWebUtils;
import top.continew.starter.extension.crud.annotation.CrudApi; import top.continew.starter.extension.crud.annotation.CrudApi;
import top.continew.starter.extension.crud.controller.AbstractCrudController; import top.continew.starter.extension.crud.controller.AbstractCrudController;
import top.continew.starter.extension.crud.enums.Api; import top.continew.starter.extension.crud.enums.Api;
@@ -61,6 +65,14 @@ public class BaseController<S extends BaseService<L, D, Q, C>, L, D, Q, C> exten
.hasAnnotation(targetClass, SaIgnore.class)) { .hasAnnotation(targetClass, SaIgnore.class)) {
return; return;
} }
// 忽略排除(放行)路径
SaTokenExtensionProperties saTokenExtensionProperties = SpringUtil.getBean(SaTokenExtensionProperties.class);
if (saTokenExtensionProperties.isEnabled()) {
String[] excludePatterns = saTokenExtensionProperties.getSecurity().getExcludes();
if (SpringWebUtils.isMatch(ServletUtils.getRequestPath(), excludePatterns)) {
return;
}
}
// 校验权限例如创建用户接口POST /system/user => 校验 system:user:create 权限 // 校验权限例如创建用户接口POST /system/user => 校验 system:user:create 权限
String permissionPrefix = CrudApiPermissionPrefixCache.get(targetClass); String permissionPrefix = CrudApiPermissionPrefixCache.get(targetClass);
String apiName = getApiName(crudApi.value()); String apiName = getApiName(crudApi.value());