feat: 重构 CRUD API 权限控制，新增 CrudApiPermissionPrefixCache 缓存权限前缀

- 新增 CrudApiPermissionPrefixCache 类用于缓存 CRUD API权限前缀 - 修改 SaTokenConfiguration，为使用 @CrudRequestMapping 注解的 Controller缓存权限前缀 - 重构 BaseController 中的权限校验逻辑，使用缓存的权限前缀 - 更新 SmsConfigController 和 SmsLogController 中的 @CrudRequestMapping 注解路径
2025-09-08 12:57:13 +08:00 · 2025-07-24 22:34:34 +08:00
parent 5fded43b7a
commit 83514b9251
5 changed files with 98 additions and 12 deletions
--- a/continew-common/src/main/java/top/continew/admin/common/base/controller/BaseController.java
+++ b/continew-common/src/main/java/top/continew/admin/common/base/controller/BaseController.java
@@ -22,11 +22,9 @@ import cn.dev33.satoken.context.model.SaRequest;
 import cn.dev33.satoken.sign.template.SaSignTemplate;
 import cn.dev33.satoken.stp.StpUtil;
 import cn.hutool.core.annotation.AnnotationUtil;
-import cn.hutool.core.text.CharSequenceUtil;
 import top.continew.admin.common.base.service.BaseService;
-import top.continew.starter.core.constant.StringConstants;
+import top.continew.admin.common.config.crud.CrudApiPermissionPrefixCache;
 import top.continew.starter.extension.crud.annotation.CrudApi;
-import top.continew.starter.extension.crud.annotation.CrudRequestMapping;
 import top.continew.starter.extension.crud.controller.AbstractCrudController;
 import top.continew.starter.extension.crud.enums.Api;

@@ -64,11 +62,9 @@ public class BaseController<S extends BaseService<L, D, Q, C>, L, D, Q, C> exten
            return;
        }
        // 校验权限，例如：创建用户接口（POST /system/user） => 校验 system:user:create 权限
-        CrudRequestMapping crudRequestMapping = targetClass.getDeclaredAnnotation(CrudRequestMapping.class);
-        String path = crudRequestMapping.value();
-        String prefix = String.join(StringConstants.COLON, CharSequenceUtil.splitTrim(path, StringConstants.SLASH));
+        String permissionPrefix = CrudApiPermissionPrefixCache.get(targetClass);
        String apiName = getApiName(crudApi.value());
-        StpUtil.checkPermission("%s:%s".formatted(prefix, apiName.toLowerCase()));
+        StpUtil.checkPermission("%s:%s".formatted(permissionPrefix, apiName.toLowerCase()));
    }

    /**
--- a/continew-common/src/main/java/top/continew/admin/common/config/crud/CrudApiPermissionPrefixCache.java
+++ b/continew-common/src/main/java/top/continew/admin/common/config/crud/CrudApiPermissionPrefixCache.java
@@ -0,0 +1,85 @@
+/*
+ * Copyright (c) 2022-present Charles7c Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package top.continew.admin.common.config.crud;
+
+import cn.hutool.core.util.StrUtil;
+import top.continew.starter.core.constant.StringConstants;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * CRUD API 权限前缀缓存
+ *
+ * @author Charles7c
+ * @since 2025/7/24 22:14
+ */
+public class CrudApiPermissionPrefixCache {
+
+    private static final Map<Class<?>, String> PERMISSION_PREFIX_CACHE = new HashMap<>();
+
+    /**
+     * 存储CRUD API权限前缀
+     *
+     * @param controllerClazz 控制器类
+     * @param path            路径
+     */
+    public static void put(Class<?> controllerClazz, String path) {
+        String permissionPrefix = parsePermissionPrefix(path);
+        PERMISSION_PREFIX_CACHE.put(controllerClazz, permissionPrefix);
+    }
+
+    /**
+     * 获取CRUD API权限前缀
+     *
+     * @param controllerClazz 控制器类
+     * @return 权限前缀
+     */
+    public static String get(Class<?> controllerClazz) {
+        return PERMISSION_PREFIX_CACHE.get(controllerClazz);
+    }
+
+    /**
+     * 清空缓存
+     */
+    public static void clear() {
+        PERMISSION_PREFIX_CACHE.clear();
+    }
+
+    /**
+     * 解析权限前缀（解析路径获取模块名和资源名）
+     *
+     * <p>
+     * 例如：/system/user => system:user <br>
+     * /system/dict/item => system:dictItem
+     * </p>
+     *
+     * @param path 路径
+     * @return 权限前缀
+     */
+    private static String parsePermissionPrefix(String path) {
+        List<String> pathSegmentList = StrUtil.splitTrim(path, StringConstants.SLASH);
+        if (pathSegmentList.size() < 2) {
+            throw new IllegalArgumentException("无效的 @CrudRequestMapping 路径配置：" + path);
+        }
+        String moduleName = pathSegmentList.get(0);
+        String resourceName = StrUtil.toCamelCase(String.join(StringConstants.UNDERLINE, pathSegmentList
+            .subList(1, pathSegmentList.size())));
+        return "%s:%s".formatted(moduleName, resourceName);
+    }
+}
--- a/continew-server/src/main/java/top/continew/admin/config/satoken/SaTokenConfiguration.java
+++ b/continew-server/src/main/java/top/continew/admin/config/satoken/SaTokenConfiguration.java
@@ -35,6 +35,7 @@ import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.event.EventListener;
 import org.springframework.core.annotation.AnnotationUtils;
+import top.continew.admin.common.config.crud.CrudApiPermissionPrefixCache;
 import top.continew.admin.common.context.UserContext;
 import top.continew.admin.common.context.UserContextHolder;
 import top.continew.admin.open.sign.OpenApiSignTemplate;
@@ -113,11 +114,15 @@ public class SaTokenConfiguration {
            if (AopUtils.isAopProxy(bean)) {
                clazz = AopProxyUtils.ultimateTargetClass(bean);
            }
-            // 使用 @CrudRequestMapping 的 Controller，如果使用了 @SaIgnore 注解，则表示忽略校验
+            // 使用 @CrudRequestMapping 的 Controller，如果使用了 @SaIgnore 注解，则表示忽略认证和权限校验
            CrudRequestMapping crudRequestMapping = AnnotationUtils.findAnnotation(clazz, CrudRequestMapping.class);
            SaIgnore saIgnore = AnnotationUtils.findAnnotation(clazz, SaIgnore.class);
-            if (crudRequestMapping != null && saIgnore != null) {
-                return crudRequestMapping.value() + StringConstants.PATH_PATTERN;
+            if (crudRequestMapping != null) {
+                if (saIgnore != null) {
+                    return crudRequestMapping.value() + StringConstants.PATH_PATTERN;
+                }
+                // 缓存权限前缀
+                CrudApiPermissionPrefixCache.put(clazz, crudRequestMapping.value());
            }
            return null;
        }).filter(Objects::nonNull).toList();
--- a/continew-system/src/main/java/top/continew/admin/system/controller/SmsConfigController.java
+++ b/continew-system/src/main/java/top/continew/admin/system/controller/SmsConfigController.java
@@ -41,7 +41,7 @@ import top.continew.starter.extension.crud.enums.Api;
 */
@Tag(name = "短信配置管理 API")
@RestController
-@CrudRequestMapping(value = "/system/smsConfig", api = {Api.PAGE, Api.GET, Api.CREATE, Api.UPDATE, Api.BATCH_DELETE})
+@CrudRequestMapping(value = "/system/sms/config", api = {Api.PAGE, Api.GET, Api.CREATE, Api.UPDATE, Api.BATCH_DELETE})
 public class SmsConfigController extends BaseController<SmsConfigService, SmsConfigResp, SmsConfigResp, SmsConfigQuery, SmsConfigReq> {

    @Operation(summary = "设为默认配置", description = "设为默认配置")
--- a/continew-system/src/main/java/top/continew/admin/system/controller/SmsLogController.java
+++ b/continew-system/src/main/java/top/continew/admin/system/controller/SmsLogController.java
@@ -35,6 +35,6 @@ import top.continew.starter.extension.crud.enums.Api;
 */
@Tag(name = "短信日志管理 API")
@RestController
-@CrudRequestMapping(value = "/system/smsLog", api = {Api.PAGE, Api.GET, Api.BATCH_DELETE, Api.EXPORT})
+@CrudRequestMapping(value = "/system/sms/log", api = {Api.PAGE, Api.GET, Api.BATCH_DELETE, Api.EXPORT})
 public class SmsLogController extends BaseController<SmsLogService, SmsLogResp, SmsLogResp, SmsLogQuery, SmsLogReq> {
 }