Sākums Izpētīt Palīdzība
Pierakstīties
iot
/
hsweb-framework
4
0
Atdalīts 0
Faili Problēmas 0 Izmaiņu pieprasījumi 0 Vikivietne
Pārlūkot izejas kodu

修复未获取方法权限

zhouhao 7 gadi atpakaļ
vecāks
68dbdbe66b
revīzija
a110c505a3
1 mainītis faili ar 18 papildinājumiem un 8 dzēšanām
Dalītais skats Rādīt salīdzināšanas statistiku
  1. 18 8
      hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/boost/DataAccessAnnotationMethodInterceptor.java

+ 18 - 8
hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/boost/DataAccessAnnotationMethodInterceptor.java
Parādīt failu 

@@ -101,19 +101,29 @@ public class DataAccessAnnotationMethodInterceptor extends AuthorizingAnnotation
 
                 accessController = ApplicationContextHolder.get().getBean(accessAnn.controllerBeanName(), DataAccessController.class);
 
             }
 
             DataAccessController finalAccessController = accessController;
 
-            Authorize authorize = holder.findAnnotation(Authorize.class);
 
+            Authorize classAnnotation = holder.findClassAnnotation(Authorize.class);
 
+            Authorize methodAnnotation = holder.findMethodAnnotation(Authorize.class);
 
+            Set<String> permissions = new HashSet<>();
 
+            List<String> actionList = new ArrayList<>(Arrays.asList(accessAnn.action()));
 
+
 
+            if (classAnnotation != null) {
 
+                permissions.addAll(Arrays.asList(classAnnotation.permission()));
 
+                if (actionList.isEmpty())
 
+                    actionList.addAll(Arrays.asList(classAnnotation.action()));
 
+            }
 
+            if (methodAnnotation != null) {
 
+                permissions.addAll(Arrays.asList(methodAnnotation.permission()));
 
+                if (actionList.isEmpty())
 
+                    actionList.addAll(Arrays.asList(methodAnnotation.action()));
 
+            }
 
 
             String permission = accessAnn.permission();
 
-            List<String> actionList = new ArrayList<>(Arrays.asList(accessAnn.action()));
 
 
             if ("".equals(permission)) {
 
-                if (null == authorize) {
 
-                    throw new NullPointerException("permission setting can not be null");
 
+                if (permissions.size() != 1) {
 
+                    throw new IndexOutOfBoundsException("permission setting size must be 1");
 
                 }
 
-                permission = authorize.permission()[0];
 
-            }
 
-            if (actionList.isEmpty()) {
 
-                actionList.addAll(Arrays.asList(authorize.action()));
 
+                permission = permissions.iterator().next();
 
             }
 
             MethodInterceptorParamContext context = holder.createParamContext();
 
             Permission permissionInfo = authentication.getPermission(permission).orElseThrow(AuthenticationException::new);