加入后台权限校验

Api/src/main/java/com/java110/api/listener/CheckUserHasPrivilegeListener.java

@@ -0,0 +1,77 @@
+package com.java110.api.listener;
+
+import com.alibaba.fastjson.JSONArray;
+import com.alibaba.fastjson.JSONObject;
+import com.java110.api.listener.users.QueryStaffByUserNameServiceListener;
+import com.java110.common.constant.ServiceCodeConstant;
+import com.java110.common.util.Assert;
+import com.java110.common.util.StringUtil;
+import com.java110.core.annotation.Java110Listener;
+import com.java110.core.context.DataFlowContext;
+import com.java110.entity.center.AppService;
+import com.java110.event.service.api.ServiceDataFlowEvent;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * 检查用户是否有权限
+ */
+@Java110Listener("checkUserHasPrivilegeListener")
+public class CheckUserHasPrivilegeListener extends AbstractServiceApiDataFlowListener{
+
+    private final static Logger logger = LoggerFactory.getLogger(CheckUserHasPrivilegeListener.class);
+
+    @Override
+    public String getServiceCode() {
+        return ServiceCodeConstant.SERVICE_CODE_CHECK_USER_HAS_PRIVILEGE;
+    }
+
+    @Override
+    public HttpMethod getHttpMethod() {
+        return HttpMethod.GET;
+    }
+
+    @Override
+    public void soService(ServiceDataFlowEvent event) {
+        DataFlowContext dataFlowContext = event.getDataFlowContext();
+        AppService service = event.getAppService();
+        JSONObject data = dataFlowContext.getReqJson();
+        logger.debug("请求信息：{}",JSONObject.toJSONString(dataFlowContext));
+        Assert.hasKeyAndValue(data,"storeId","请求报文中未包含userId节点");
+        Assert.hasKeyAndValue(data,"pId","请求报文中未包含pId节点");
+        ResponseEntity<String> responseEntity = null;
+
+        //根据名称查询用户信息
+        responseEntity = super.callService(event);
+
+        if(responseEntity.getStatusCode() != HttpStatus.OK){
+            dataFlowContext.setResponseEntity(responseEntity);
+            return ;
+        }
+
+        JSONObject resultInfo = JSONObject.parseObject(responseEntity.getBody().toString());
+
+        JSONArray _privileges = resultInfo.getJSONArray("privileges");
+
+        if(_privileges.size() == 0 ){
+            responseEntity = new ResponseEntity<String>("没有权限操作",HttpStatus.UNAUTHORIZED);
+        }else{
+
+            responseEntity = new ResponseEntity<String>("成功",HttpStatus.OK);
+
+        }
+
+        dataFlowContext.setResponseEntity(responseEntity);
+    }
+
+    @Override
+    public int getOrder() {
+        return 0;
+    }
+}

WebService/src/main/java/com/java110/web/core/BaseComponentSMO.java

@@ -3,6 +3,7 @@ package com.java110.web.core;
 import com.alibaba.fastjson.JSONObject;
 import com.java110.common.constant.CommonConstant;
 import com.java110.common.constant.ServiceConstant;
+import com.java110.common.exception.SMOException;
 import com.java110.common.factory.ApplicationContextFactory;
 import com.java110.common.util.Assert;
 import com.java110.core.base.smo.BaseServiceSMO;
@@ -87,4 +88,18 @@ public class BaseComponentSMO extends BaseServiceSMO {
 
         return responseEntity;
     }
+
+    /**
+     * 检查用户是否有权限
+     * @param pd
+     * @param restTemplate
+     * @param privilegeCode
+     */
+    protected void checkUserHasPrivilege(IPageData pd,RestTemplate restTemplate,String privilegeCode){
+        ResponseEntity<String> responseEntity = null;
+        responseEntity = this.callCenterService(restTemplate,pd,"", ServiceConstant.SERVICE_API_URL+"/api/check.user.hasPrivilege?userId="+pd.getUserId()+"&pId="+privilegeCode, HttpMethod.GET);
+        if(responseEntity.getStatusCode() != HttpStatus.OK){
+            throw new SMOException(1999,"用户没有权限操作权限"+privilegeCode);
+        }
+    }
 }

WebService/src/main/java/com/java110/web/smo/impl/CommunityServiceSMOImpl.java

@@ -5,6 +5,7 @@ import com.alibaba.fastjson.JSONObject;
 import com.java110.common.cache.MappingCache;
 import com.java110.common.constant.AttrCdConstant;
 import com.java110.common.constant.MappingConstant;
+import com.java110.common.constant.PrivilegeCodeConstant;
 import com.java110.common.constant.ServiceConstant;
 import com.java110.common.util.Assert;
 import com.java110.core.context.IPageData;
@@ -35,6 +36,8 @@ public class CommunityServiceSMOImpl extends BaseComponentSMO implements ICommun
     public ResponseEntity<String> listMyCommunity(IPageData pd) {
         ResponseEntity<String> responseEntity = null;
         JSONObject _paramObj = JSONObject.parseObject(pd.getReqData());
+        //权限校验
+        checkUserHasPrivilege(pd,restTemplate, PrivilegeCodeConstant.PRIVILEGE_ENTER_COMMUNITY);
         responseEntity = super.getStoreInfo(pd,restTemplate);
         if(responseEntity.getStatusCode() != HttpStatus.OK){
             return responseEntity;
@@ -69,6 +72,8 @@ public class CommunityServiceSMOImpl extends BaseComponentSMO implements ICommun
     public ResponseEntity<String> listNoEnterCommunity(IPageData pd) {
         ResponseEntity<String> responseEntity = null;
         JSONObject _paramObj = JSONObject.parseObject(pd.getReqData());
+        //权限校验
+        checkUserHasPrivilege(pd,restTemplate, PrivilegeCodeConstant.PRIVILEGE_ENTER_COMMUNITY);
         responseEntity = super.getStoreInfo(pd,restTemplate);
         if(responseEntity.getStatusCode() != HttpStatus.OK){
             return responseEntity;

docs/_sidebar.md

@@ -38,3 +38,4 @@
 * 二次开发教程
 
   * [添加服务](develop/addService)
+  * [用户权限校验](develop/checkPrivilege.md)

docs/api/user/checkUserHasPrivilege.md

@@ -0,0 +1,56 @@
+
+
+**1\. 检查用户是否有权限**
+###### 接口功能
+> 用户通过web端或APP判断是否有权限操作相应操作接口
+
+###### URL
+> [http://api.java110.com:8008/api/check.user.hasPrivilege](http://api.java110.com:8008/api/check.user.hasPrivilege)
+
+###### 支持格式
+> JSON
+
+###### HTTP请求方式
+> POST
+
+###### 请求参数(header部分)
+|参数名称|约束|类型|长度|描述|取值说明|
+| :-: | :-: | :-: | :-: | :-: | :-:|
+|app_id|1|String|30|应用ID|Api服务分配                      |
+|transaction_id|1|String|30|请求流水号|不能重复 1000000000+YYYYMMDDhhmmss+6位序列 |
+|sign|1|String|-|签名|请参考签名说明|
+|req_time|1|String|-|请求时间|YYYYMMDDhhmmss|
+
+###### 请求参数(body部分)
+|参数名称|约束|类型|长度|描述|取值说明|
+| :-: | :-: | :-: | :-: | :-: | :-: |
+|userId|1|String|30|用户ID|-|
+|pId|1|String|30|权限ID|-|
+
+###### 返回协议
+
+当http返回状态不为200 时请求处理失败 body内容为失败的原因
+
+当http返回状态为200时请求处理成功，body内容为返回内容，
+
+
+
+
+###### 举例
+> 地址：[http://api.java110.com:8008/api/check.user.hasPrivilege?userId=123&pId=123](http://api.java110.com:8008/api/check.user.hasPrivilege?userId=123&pId=123)
+
+``` javascript
+请求头信息：
+Content-Type:application/json
+USER_ID:1234
+APP_ID:8000418002
+TRANSACTION_ID:10029082726
+REQ_TIME:20181113225612
+SIGN:aabdncdhdbd878sbdudn898
+请求报文：
+无
+
+返回报文：
+成功
+
+```

docs/develop/checkPrivilege.md

@@ -0,0 +1,42 @@
+## 用户权限校验
+
+    前台服务开发时必须要校验当前用户是否有权限操作数据，只需在SMO实现类方法中加入如下代码：
+
+    > //权限校验
+    > checkUserHasPrivilege(pd,restTemplate, PrivilegeCodeConstant.PRIVILEGE_ENTER_COMMUNITY);
+
+
+    举例：
+
+    ```
+        @Override
+        public ResponseEntity<String> listMyCommunity(IPageData pd) {
+            ResponseEntity<String> responseEntity = null;
+            JSONObject _paramObj = JSONObject.parseObject(pd.getReqData());
+            //权限校验
+            checkUserHasPrivilege(pd,restTemplate, PrivilegeCodeConstant.PRIVILEGE_ENTER_COMMUNITY);
+            responseEntity = super.getStoreInfo(pd,restTemplate);
+            if(responseEntity.getStatusCode() != HttpStatus.OK){
+                return responseEntity;
+            }
+            Assert.jsonObjectHaveKey(responseEntity.getBody().toString(),"storeId","根据用户ID查询商户ID失败，未包含storeId节点");
+
+            String storeId = JSONObject.parseObject(responseEntity.getBody().toString()).getString("storeId");
+            String storeTypeCd = JSONObject.parseObject(responseEntity.getBody().toString()).getString("storeTypeCd");
+
+            //修改用户信息
+            responseEntity = this.callCenterService(restTemplate,pd,"",
+                    ServiceConstant.SERVICE_API_URL+"/api/query.myCommunity.byMember?memberId="+storeId+
+                            "&memberTypeCd="+MappingCache.getValue(MappingConstant.DOMAIN_STORE_TYPE_2_COMMUNITY_MEMBER_TYPE,storeTypeCd),
+                    HttpMethod.GET);
+
+            if(responseEntity.getStatusCode() != HttpStatus.OK){
+                return responseEntity;
+            }
+            JSONArray tmpCommunitys = JSONObject.parseObject(responseEntity.getBody().toString()).getJSONArray("communitys");
+            freshCommunityAttr(tmpCommunitys);
+            responseEntity = new ResponseEntity<String>(tmpCommunitys.toJSONString(),
+                    HttpStatus.OK);
+            return responseEntity;
+        }
+    ```

java110-common/src/main/java/com/java110/common/constant/PrivilegeCodeConstant.java

@@ -0,0 +1,11 @@
+package com.java110.common.constant;
+
+
+/**
+ * 权限编码常量类
+ */
+public class PrivilegeCodeConstant {
+
+    //入驻小区
+    public final static String PRIVILEGE_ENTER_COMMUNITY = "500201904008";
+}

java110-common/src/main/java/com/java110/common/constant/ServiceCodeConstant.java

@@ -352,4 +352,9 @@ public class ServiceCodeConstant {
 
 
 
+    //检查用户是否有权限
+    public static final String SERVICE_CODE_CHECK_USER_HAS_PRIVILEGE = "check.user.hasPrivilege";
+
+
+
 }