feat: 重构 CRUD API 权限控制，新增 CrudApiPermissionPrefixCache 缓存权限前缀

- 新增 CrudApiPermissionPrefixCache 类用于缓存 CRUD API权限前缀 - 修改 SaTokenConfiguration，为使用 @CrudRequestMapping 注解的 Controller缓存权限前缀 - 重构 BaseController 中的权限校验逻辑，使用缓存的权限前缀 - 更新 SmsConfigController 和 SmsLogController 中的 @CrudRequestMapping 注解路径
2025-09-18 04:57:15 +08:00 · 2025-07-24 22:34:34 +08:00
parent 5fded43b7a
commit 83514b9251
5 changed files with 98 additions and 12 deletions
--- a/continew-common/src/main/java/top/continew/admin/common/base/controller/BaseController.java
+++ b/continew-common/src/main/java/top/continew/admin/common/base/controller/BaseController.java
@@ -22,11 +22,9 @@ import cn.dev33.satoken.context.model.SaRequest;
 import cn.dev33.satoken.sign.template.SaSignTemplate;
 import cn.dev33.satoken.stp.StpUtil;
 import cn.hutool.core.annotation.AnnotationUtil;
-import cn.hutool.core.text.CharSequenceUtil;
 import top.continew.admin.common.base.service.BaseService;
-import top.continew.starter.core.constant.StringConstants;
+import top.continew.admin.common.config.crud.CrudApiPermissionPrefixCache;
 import top.continew.starter.extension.crud.annotation.CrudApi;
-import top.continew.starter.extension.crud.annotation.CrudRequestMapping;
 import top.continew.starter.extension.crud.controller.AbstractCrudController;
 import top.continew.starter.extension.crud.enums.Api;

@@ -64,11 +62,9 @@ public class BaseController<S extends BaseService<L, D, Q, C>, L, D, Q, C> exten
            return;
        }
        // 校验权限，例如：创建用户接口（POST /system/user） => 校验 system:user:create 权限
-        CrudRequestMapping crudRequestMapping = targetClass.getDeclaredAnnotation(CrudRequestMapping.class);
-        String path = crudRequestMapping.value();
-        String prefix = String.join(StringConstants.COLON, CharSequenceUtil.splitTrim(path, StringConstants.SLASH));
+        String permissionPrefix = CrudApiPermissionPrefixCache.get(targetClass);
        String apiName = getApiName(crudApi.value());
-        StpUtil.checkPermission("%s:%s".formatted(prefix, apiName.toLowerCase()));
+        StpUtil.checkPermission("%s:%s".formatted(permissionPrefix, apiName.toLowerCase()));
    }

    /**
--- a/continew-common/src/main/java/top/continew/admin/common/config/crud/CrudApiPermissionPrefixCache.java
+++ b/continew-common/src/main/java/top/continew/admin/common/config/crud/CrudApiPermissionPrefixCache.java
@@ -0,0 +1,85 @@
+/*
+ * Copyright (c) 2022-present Charles7c Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package top.continew.admin.common.config.crud;
+
+import cn.hutool.core.util.StrUtil;
+import top.continew.starter.core.constant.StringConstants;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * CRUD API 权限前缀缓存
+ *
+ * @author Charles7c
+ * @since 2025/7/24 22:14
+ */
+public class CrudApiPermissionPrefixCache {
+
+    private static final Map<Class<?>, String> PERMISSION_PREFIX_CACHE = new HashMap<>();
+
+    /**
+     * 存储CRUD API权限前缀
+     *
+     * @param controllerClazz 控制器类
+     * @param path            路径
+     */
+    public static void put(Class<?> controllerClazz, String path) {
+        String permissionPrefix = parsePermissionPrefix(path);
+        PERMISSION_PREFIX_CACHE.put(controllerClazz, permissionPrefix);
+    }
+
+    /**
+     * 获取CRUD API权限前缀
+     *
+     * @param controllerClazz 控制器类
+     * @return 权限前缀
+     */
+    public static String get(Class<?> controllerClazz) {
+        return PERMISSION_PREFIX_CACHE.get(controllerClazz);
+    }
+
+    /**
+     * 清空缓存
+     */
+    public static void clear() {
+        PERMISSION_PREFIX_CACHE.clear();
+    }
+
+    /**
+     * 解析权限前缀（解析路径获取模块名和资源名）
+     *
+     * <p>
+     * 例如：/system/user => system:user <br>
+     * /system/dict/item => system:dictItem
+     * </p>
+     *
+     * @param path 路径
+     * @return 权限前缀
+     */
+    private static String parsePermissionPrefix(String path) {
+        List<String> pathSegmentList = StrUtil.splitTrim(path, StringConstants.SLASH);
+        if (pathSegmentList.size() < 2) {
+            throw new IllegalArgumentException("无效的 @CrudRequestMapping 路径配置：" + path);
+        }
+        String moduleName = pathSegmentList.get(0);
+        String resourceName = StrUtil.toCamelCase(String.join(StringConstants.UNDERLINE, pathSegmentList
+            .subList(1, pathSegmentList.size())));
+        return "%s:%s".formatted(moduleName, resourceName);
+    }
+}