增加配置文件配置用户权限方式,可通过: hsweb.users.userId.permissions-simple.permissionId: action1,action2 方式进行配置

hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/embed/EmbedAuthenticationManager.java

@@ -11,6 +11,8 @@ import org.hswebframework.web.authorization.simple.builder.SimpleDataAccessConfi
 import org.hswebframework.web.validate.ValidationException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.core.Ordered;
+import org.springframework.core.annotation.Order;
 import org.springframework.util.StringUtils;
 
 import javax.annotation.PostConstruct;
@@ -22,6 +24,7 @@ import java.util.Map;
  * @since 3.0.0-RC
  */
 @ConfigurationProperties(prefix = "hsweb")
+@Order(Ordered.HIGHEST_PRECEDENCE)
 public class EmbedAuthenticationManager implements AuthenticationManager {
 
     private Map<String, Authentication> authentications = new HashMap<>();

hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/embed/EmbedAuthenticationProperties.java

@@ -58,6 +58,8 @@ public class EmbedAuthenticationProperties {
 
     private List<PermissionInfo> permissions = new ArrayList<>();
 
+    private Map<String, List<String>> permissionsSimple = new HashMap<>();
+
     @Getter
     @Setter
     public static class PermissionInfo {
@@ -77,7 +79,9 @@ public class EmbedAuthenticationProperties {
         user.setType(type);
         authentication.setUser(user);
         authentication.setRoles((List) roles);
-        List<Permission> permissionList = permissions.stream()
+        List<Permission> permissionList = new ArrayList<>();
+
+        permissionList.addAll(permissions.stream()
                 .map(info -> {
                     SimplePermission permission = new SimplePermission();
                     permission.setId(info.getId());
@@ -88,7 +92,16 @@ public class EmbedAuthenticationProperties {
                                     .build()).collect(Collectors.toSet()));
                     return permission;
 
-                }).collect(Collectors.toList());
+                })
+                .collect(Collectors.toList()));
+
+        permissionList.addAll(permissionsSimple.entrySet().stream()
+                .map(entry -> {
+                    SimplePermission permission = new SimplePermission();
+                    permission.setId(entry.getKey());
+                    permission.setActions(new HashSet<>(entry.getValue()));
+                    return permission;
+                }).collect(Collectors.toList()));
 
         authentication.setPermissions(permissionList);
         return authentication;

hsweb-authorization/hsweb-authorization-basic/src/test/java/org/hswebframework/web/authorization/basic/embed/EmbedAuthenticationManagerTest.groovy

@@ -30,6 +30,7 @@ class EmbedAuthenticationManagerTest extends Specification {
         authentication.getUser() != null
         authentication.getUser().getName() == "超级管理员"
         authentication.hasPermission("user-manager", "query")
+        authentication.hasPermission("test", "query")
         authentication.getPermission("user-manager") != null
         authentication.hasRole("user")
         authentication.getPermission("user-manager")

hsweb-authorization/hsweb-authorization-basic/src/test/resources/application.yml

@@ -25,6 +25,8 @@ hsweb:
               name: 管理员
             - id: user
               name: 用户
+          permissions-simple:
+              test: query,get
           permissions:
             - id: user-manager
               actions: query,get,update,delete