优化权限解析

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/define/AopAuthorizeDefinition.java

@@ -0,0 +1,13 @@
+package org.hswebframework.web.authorization.define;
+
+import java.lang.reflect.Method;
+
+/**
+ * @author zhouhao
+ * @since 1.0
+ */
+public interface AopAuthorizeDefinition extends AuthorizeDefinition {
+    Class getTargetClass();
+
+    Method getTargetMethod();
+}

hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/DefaultAopMethodAuthorizeDefinitionParser.java

@@ -55,7 +55,7 @@ public class DefaultAopMethodAuthorizeDefinitionParser implements AopMethodAutho
         if ((definition instanceof EmptyAuthorizeDefinition)) {
             return null;
         }
-        if(null!=definition){
+        if (null != definition) {
             return definition;
         }
         //使用自定义
@@ -88,7 +88,8 @@ public class DefaultAopMethodAuthorizeDefinitionParser implements AopMethodAutho
             return null;
         }
         DefaultBasicAuthorizeDefinition authorizeDefinition = new DefaultBasicAuthorizeDefinition();
-
+        authorizeDefinition.setTargetClass(target);
+        authorizeDefinition.setTargetMethod(method);
         if (methodAuth == null || methodAuth.merge()) {
             authorizeDefinition.put(classAuth);
         }
@@ -137,7 +138,7 @@ public class DefaultAopMethodAuthorizeDefinitionParser implements AopMethodAutho
     }
 
     class CacheKey {
-        private Class type;
+        private Class  type;
         private Method method;
 
         public CacheKey(Class type, Method method) {

hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/configuration/AuthorizingHandlerAutoConfiguration.java

@@ -1,21 +1,15 @@
 package org.hswebframework.web.authorization.basic.configuration;
 
-import org.hswebframework.web.authorization.AuthenticationHolder;
-import org.hswebframework.web.authorization.AuthenticationManager;
-import org.hswebframework.web.authorization.AuthenticationSupplier;
 import org.hswebframework.web.authorization.access.DataAccessController;
 import org.hswebframework.web.authorization.access.DataAccessHandler;
 import org.hswebframework.web.authorization.basic.handler.DefaultAuthorizingHandler;
 import org.hswebframework.web.authorization.basic.handler.access.DefaultDataAccessController;
 import org.hswebframework.web.authorization.basic.web.*;
 import org.hswebframework.web.authorization.basic.web.session.UserTokenAutoExpiredListener;
-import org.hswebframework.web.authorization.token.DefaultUserTokenManager;
-import org.hswebframework.web.authorization.token.UserTokenAuthenticationSupplier;
 import org.hswebframework.web.authorization.token.UserTokenManager;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.config.BeanPostProcessor;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
-import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;

hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/configuration/EnableAopAuthorize.java

@@ -11,7 +11,7 @@ import java.lang.annotation.*;
 @Retention(RetentionPolicy.RUNTIME)
 @Documented
 @Inherited
-@ImportAutoConfiguration(AopAuthorizeAutoConfiguration.class)
+@ImportAutoConfiguration({AopAuthorizeAutoConfiguration.class, AuthorizingHandlerAutoConfiguration.class})
 public @interface EnableAopAuthorize {
 
 }

hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/define/DefaultBasicAuthorizeDefinition.java

@@ -6,11 +6,9 @@ import org.hswebframework.web.authorization.annotation.Authorize;
 import org.hswebframework.web.authorization.annotation.Logical;
 import org.hswebframework.web.authorization.annotation.RequiresDataAccess;
 import org.hswebframework.web.authorization.annotation.RequiresExpression;
-import org.hswebframework.web.authorization.define.AuthorizeDefinition;
-import org.hswebframework.web.authorization.define.DataAccessDefinition;
-import org.hswebframework.web.authorization.define.Phased;
-import org.hswebframework.web.authorization.define.Script;
+import org.hswebframework.web.authorization.define.*;
 
+import java.lang.reflect.Method;
 import java.util.Arrays;
 import java.util.HashSet;
 import java.util.LinkedHashSet;
@@ -27,7 +25,7 @@ import java.util.Set;
 @NoArgsConstructor
 @AllArgsConstructor
 @ToString
-public class DefaultBasicAuthorizeDefinition implements AuthorizeDefinition {
+public class DefaultBasicAuthorizeDefinition implements AopAuthorizeDefinition {
     private boolean dataAccessControl;
 
     private String[] permissionDescription = {};
@@ -52,6 +50,10 @@ public class DefaultBasicAuthorizeDefinition implements AuthorizeDefinition {
 
     private Phased phased = Phased.before;
 
+    private Class targetClass;
+
+    private Method targetMethod;
+
     @Override
     public Phased getPhased() {
         return phased;

hsweb-authorization/hsweb-authorization-basic/src/main/resources/META-INF/spring.factories

@@ -1,5 +0,0 @@
-# Auto Configure
-org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
-org.hswebframework.web.authorization.basic.configuration.CorsAutoConfiguration,\
-org.hswebframework.web.authorization.basic.configuration.AopAuthorizeAutoConfiguration,\
-org.hswebframework.web.authorization.basic.configuration.AuthorizingHandlerAutoConfiguration

hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/configuration/CorsAutoConfiguration.java

@@ -1,4 +1,4 @@
-package org.hswebframework.web.authorization.basic.configuration;
+package org.hswebframework.web.starter;
 
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.context.properties.ConfigurationProperties;

hsweb-starter/hsweb-spring-boot-starter/src/main/resources/META-INF/spring.factories

@@ -1,4 +1,5 @@
 # Auto Configure
 org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
 org.hswebframework.web.starter.HswebAutoConfiguration,\
-org.hswebframework.web.starter.SystemInitializeAutoConfiguration
+org.hswebframework.web.starter.SystemInitializeAutoConfiguration,\
+org.hswebframework.web.starter.CorsAutoConfiguration

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-starter/pom.xml

@@ -72,12 +72,12 @@
             <scope>test</scope>
         </dependency>
 
-        <!--<dependency>-->
-            <!--<groupId>org.hswebframework.web</groupId>-->
-            <!--<artifactId>hsweb-authorization-basic</artifactId>-->
-            <!--<version>${project.version}</version>-->
-            <!--<scope>test</scope>-->
-        <!--</dependency>-->
+        <dependency>
+            <groupId>org.hswebframework.web</groupId>
+            <artifactId>hsweb-authorization-basic</artifactId>
+            <version>${project.version}</version>
+            <scope>test</scope>
+        </dependency>
 
         <dependency>
             <groupId>org.hswebframework.web</groupId>

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-starter/src/main/java/org/hswebframework/web/authorization/starter/AutoSyncPermission.java

@@ -1,17 +1,24 @@
 package org.hswebframework.web.authorization.starter;
 
+import io.swagger.annotations.ApiModelProperty;
 import lombok.extern.slf4j.Slf4j;
+import org.hswebframework.utils.ClassUtils;
 import org.hswebframework.web.authorization.Permission;
+import org.hswebframework.web.authorization.define.AopAuthorizeDefinition;
 import org.hswebframework.web.authorization.define.AuthorizeDefinition;
 import org.hswebframework.web.authorization.define.AuthorizeDefinitionInitializedEvent;
 import org.hswebframework.web.commons.entity.DataStatus;
 import org.hswebframework.web.commons.entity.factory.EntityFactory;
+import org.hswebframework.web.controller.GenericEntityController;
+import org.hswebframework.web.controller.authorization.UserController;
 import org.hswebframework.web.entity.authorization.ActionEntity;
+import org.hswebframework.web.entity.authorization.OptionalField;
 import org.hswebframework.web.entity.authorization.PermissionEntity;
 import org.hswebframework.web.service.authorization.PermissionService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationListener;
 
+import java.lang.reflect.Field;
 import java.util.*;
 import java.util.function.Function;
 import java.util.stream.Collectors;
@@ -20,10 +27,10 @@ import java.util.stream.Stream;
 @Slf4j
 public class AutoSyncPermission implements ApplicationListener<AuthorizeDefinitionInitializedEvent> {
 
-    @Autowired
+
     private PermissionService permissionService;
 
-    @Autowired
+
     private EntityFactory entityFactory;
 
     private static Map<String, String> actionDescMapping = new HashMap<>();
@@ -41,6 +48,16 @@ public class AutoSyncPermission implements ApplicationListener<AuthorizeDefiniti
 
     }
 
+    @Autowired
+    public void setPermissionService(PermissionService permissionService) {
+        this.permissionService = permissionService;
+    }
+
+    @Autowired
+    public void setEntityFactory(EntityFactory entityFactory) {
+        this.entityFactory = entityFactory;
+    }
+
     @Override
     public void onApplicationEvent(AuthorizeDefinitionInitializedEvent event) {
         List<AuthorizeDefinition> definitions = event.getAllDefinition();
@@ -91,6 +108,31 @@ public class AutoSyncPermission implements ApplicationListener<AuthorizeDefiniti
             }
             //创建permission
             PermissionEntity entity = entityFactory.newInstance(PermissionEntity.class);
+            if (tmp instanceof AopAuthorizeDefinition) {
+                AopAuthorizeDefinition aopAuthorizeDefinition = ((AopAuthorizeDefinition) tmp);
+                Class type = aopAuthorizeDefinition.getTargetClass();
+                Class genType = ClassUtils.getGenericType(type);
+                List<OptionalField> optionalFields = new ArrayList<>();
+                entity.setOptionalFields(optionalFields);
+                if (genType != Object.class) {
+                    Field[] fields = genType.getDeclaredFields();
+                    for (Field field : fields) {
+                        if ("id".equals(field.getName())) {
+                            continue;
+                        }
+                        ApiModelProperty property = field.getAnnotation(ApiModelProperty.class);
+                        OptionalField optionalField = new OptionalField();
+                        optionalField.setName(field.getName());
+                        if (null != property) {
+                            if (property.hidden()) {
+                                continue;
+                            }
+                            optionalField.setDescribe(property.value());
+                        }
+                        optionalFields.add(optionalField);
+                    }
+                }
+            }
             entity.setId(permissionId);
             entity.setName(tmp.getPermissionDescription().length > 0 ? tmp.getPermissionDescription()[0] : permissionId);
             entity.setActions(new ArrayList<>(actionEntities));
@@ -140,4 +182,5 @@ public class AutoSyncPermission implements ApplicationListener<AuthorizeDefiniti
         definitions.clear();
         grouping.clear();
     }
+
 }

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-starter/src/test/java/org/hswebframework/web/starter/authorization/AuthorizationSettingTests.java

@@ -16,7 +16,7 @@
  *
  */
 
-package org.hswebframework.web.starter.authorization;
+package org.hswebframework.web.authorization.starter;
 
 import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONObject;

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-starter/src/test/java/org/hswebframework/web/authorization/starter/AutoSyncPermissionTest.java

@@ -0,0 +1,110 @@
+package org.hswebframework.web.authorization.starter;
+
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+import org.hswebframework.web.authorization.annotation.Authorize;
+import org.hswebframework.web.authorization.basic.aop.AopMethodAuthorizeDefinitionParser;
+import org.hswebframework.web.authorization.basic.aop.DefaultAopMethodAuthorizeDefinitionParser;
+import org.hswebframework.web.authorization.define.AuthorizeDefinition;
+import org.hswebframework.web.authorization.define.AuthorizeDefinitionInitializedEvent;
+import org.hswebframework.web.commons.entity.GenericEntity;
+import org.hswebframework.web.commons.entity.SimpleGenericEntity;
+import org.hswebframework.web.commons.entity.factory.EntityFactory;
+import org.hswebframework.web.commons.entity.factory.MapperEntityFactory;
+import org.hswebframework.web.commons.entity.param.QueryParamEntity;
+import org.hswebframework.web.controller.GenericEntityController;
+import org.hswebframework.web.controller.SimpleGenericEntityController;
+import org.hswebframework.web.controller.authorization.UserController;
+import org.hswebframework.web.entity.authorization.PermissionEntity;
+import org.hswebframework.web.service.CrudService;
+import org.hswebframework.web.service.authorization.PermissionService;
+import org.hswebframework.web.tests.SimpleWebApplicationTests;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.invocation.InvocationOnMock;
+import org.mockito.runners.MockitoJUnitRunner;
+import org.mockito.stubbing.Answer;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationEventPublisher;
+
+import java.lang.reflect.Method;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Objects;
+import java.util.stream.Collectors;
+
+import static org.junit.Assert.*;
+import static org.mockito.Mockito.*;
+
+/**
+ * @author zhouhao
+ * @since 1.0
+ */
+@RunWith(MockitoJUnitRunner.class)
+public class AutoSyncPermissionTest {
+    @Mock
+    private PermissionService permissionService;
+
+    @InjectMocks
+    private AutoSyncPermission autoSyncPermission = new AutoSyncPermission();
+
+    private List<PermissionEntity> newPermissionEntity = new ArrayList<>();
+
+    @Before
+    public void init() throws NoSuchMethodException {
+        when(permissionService.selectByPk(anyString())).thenReturn(null);
+        when(permissionService.insert(any())).then(invocationOnMock -> {
+            newPermissionEntity.add(invocationOnMock.getArgumentAt(0, PermissionEntity.class));
+            return "new Id";
+        });
+        autoSyncPermission.setEntityFactory(new MapperEntityFactory());
+    }
+
+    @Test
+    public void test() throws NoSuchMethodException {
+        AopMethodAuthorizeDefinitionParser parser = new DefaultAopMethodAuthorizeDefinitionParser();
+        List<AuthorizeDefinition> definition = Arrays.stream(TestController.class.getMethods())
+                .map(method -> parser.parse(TestController.class, method))
+                .filter(Objects::nonNull)
+                .collect(Collectors.toList());
+
+
+        autoSyncPermission.onApplicationEvent(new AuthorizeDefinitionInitializedEvent(definition));
+
+        Assert.assertTrue(!newPermissionEntity.isEmpty());
+        PermissionEntity permissionEntity = newPermissionEntity.get(0);
+        Assert.assertEquals(permissionEntity.getId(), "test");
+        Assert.assertEquals(permissionEntity.getName(), "测试权限");
+        Assert.assertTrue(!permissionEntity.getActions().isEmpty());
+
+        Assert.assertEquals(permissionEntity.getOptionalFields().size(), 2);
+    }
+
+    @Authorize(permission = "test", description = "测试权限")
+    @Api(value = "测试", tags = "测试")
+    public static class TestController implements SimpleGenericEntityController<TestEntity, String, QueryParamEntity> {
+
+        @Override
+        public CrudService<TestEntity, String> getService() {
+            return null;
+        }
+    }
+
+    @Data
+    public static class TestEntity extends SimpleGenericEntity<String> {
+        @ApiModelProperty("姓名")
+        private String name;
+
+        @ApiModelProperty("用户名")
+        private String username;
+
+        @ApiModelProperty(value = "密码", hidden = true)
+        private String password;
+    }
+}

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-starter/src/test/java/org/hswebframework/web/starter/authorization/LoginTests.java

@@ -15,7 +15,7 @@
  *
  */
 
-package org.hswebframework.web.starter.authorization;
+package org.hswebframework.web.authorization.starter;
 
 import com.alibaba.fastjson.JSONObject;
 import org.hswebframework.web.entity.authorization.UserEntity;

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-starter/src/test/java/org/hswebframework/web/starter/authorization/PermissionTests.java

@@ -15,7 +15,7 @@
  *
  */
 
-package org.hswebframework.web.starter.authorization;
+package org.hswebframework.web.authorization.starter;
 
 import org.hswebframework.ezorm.rdb.executor.SqlExecutor;
 import org.hswebframework.web.authorization.Permission;

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-starter/src/test/java/org/hswebframework/web/starter/authorization/UserTests.java

@@ -15,7 +15,7 @@
  *
  */
 
-package org.hswebframework.web.starter.authorization;
+package org.hswebframework.web.authorization.starter;
 
 import org.hswebframework.web.authorization.Authentication;
 import org.hswebframework.web.authorization.AuthenticationInitializeService;

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-starter/src/test/resources/application.yml

@@ -10,4 +10,7 @@ spring:
 hsweb:
     app:
       name: 权限管理测试
-      version: 3.0.0
+      version: 3.0.0
+    authorize:
+      sync: true
+      auto-parse: true