用户模块：用户权限控制

2025-06-30 16:04:23 +08:00 · 2025-06-30 16:04:23 +08:00 · b11350f61b
commit b11350f61b
parent 43bcec3cc0
2 changed files with 89 additions and 0 deletions
--- a/src/main/java/com/huangge1199/picture/annotation/AuthCheck.java
+++ b/src/main/java/com/huangge1199/picture/annotation/AuthCheck.java
@ -0,0 +1,23 @@
+package com.huangge1199.picture.annotation;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+/**
+ * annotation
+ *
+ * @author huangge1199
+ * @since 2025/6/30 15:58:45
+ */
+@Target(ElementType.METHOD)
+@Retention(RetentionPolicy.RUNTIME)
+public @interface AuthCheck {
+
+    /**
+     * 必须有某个角色
+     */
+    String mustRole() default "";
+}
+
--- a/src/main/java/com/huangge1199/picture/aop/AuthInterceptor.java
+++ b/src/main/java/com/huangge1199/picture/aop/AuthInterceptor.java
@ -0,0 +1,66 @@
+package com.huangge1199.picture.aop;
+
+import com.huangge1199.picture.annotation.AuthCheck;
+import com.huangge1199.picture.exception.ErrorCode;
+import com.huangge1199.picture.exception.MyException;
+import com.huangge1199.picture.model.entity.User;
+import com.huangge1199.picture.model.enums.UserRoleEnum;
+import com.huangge1199.picture.service.UserService;
+import org.aspectj.lang.ProceedingJoinPoint;
+import org.aspectj.lang.annotation.Around;
+import org.aspectj.lang.annotation.Aspect;
+import org.springframework.stereotype.Component;
+import org.springframework.web.context.request.RequestAttributes;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import javax.annotation.Resource;
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * AuthInterceptor
+ *
+ * @author huangge1199
+ * @since 2025/6/30 15:59:56
+ */
+@Aspect
+@Component
+public class AuthInterceptor {
+
+    @Resource
+    private UserService userService;
+
+    /**
+     * 执行拦截
+     *
+     * @param joinPoint 切入点
+     * @param authCheck 权限校验注解
+     */
+    @Around("@annotation(authCheck)")
+    public Object doInterceptor(ProceedingJoinPoint joinPoint, AuthCheck authCheck) throws Throwable {
+        String mustRole = authCheck.mustRole();
+        RequestAttributes requestAttributes = RequestContextHolder.currentRequestAttributes();
+        HttpServletRequest request = ((ServletRequestAttributes) requestAttributes).getRequest();
+        // 当前登录用户
+        User loginUser = userService.getLoginUser(request);
+        UserRoleEnum mustRoleEnum = UserRoleEnum.getEnumByValue(mustRole);
+        // 不需要权限，放行
+        if (mustRoleEnum == null) {
+            return joinPoint.proceed();
+        }
+        // 以下为：必须有该权限才通过
+        // 获取当前用户具有的权限
+        UserRoleEnum userRoleEnum = UserRoleEnum.getEnumByValue(loginUser.getUserRole());
+        // 没有权限，拒绝
+        if (userRoleEnum == null) {
+            throw new MyException(ErrorCode.NO_AUTH_ERROR);
+        }
+        // 要求必须有管理员权限，但用户没有管理员权限，拒绝
+        if (UserRoleEnum.ADMIN.equals(mustRoleEnum) && !UserRoleEnum.ADMIN.equals(userRoleEnum)) {
+            throw new MyException(ErrorCode.NO_AUTH_ERROR);
+        }
+        // 通过权限校验，放行
+        return joinPoint.proceed();
+    }
+}
+