权限中台

client/src/main/java/com/pica/cloud/permission/permission/aop/AuthAspect.java

@@ -63,6 +63,10 @@ public class AuthAspect {
         ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
         HttpServletRequest request = attributes.getRequest();
         String token = request.getHeader("token");
+        //是否需要校验token
+        if ((token == null || "".equals(token.trim())) && !authentication.tokenRequired()) {
+            return joinPoint.proceed();
+        }
         int userId = 0;
         try {
             if (authentication.productType() == ProductTypeEnum.DOCTOR.code()) {  //获取云鹊医doctorId

common/src/main/java/com/pica/cloud/permission/permission/common/annotation/Authentication.java

@@ -12,5 +12,6 @@ public @interface Authentication {
     int productType() default 1;
     String[] roleCodes() default {};
     boolean dataAuth() default false;
+    boolean tokenRequired() default true;
 
 }

common/src/main/java/com/pica/cloud/permission/permission/common/constants/GrantCodeEnum.java

@@ -10,10 +10,6 @@ public enum  GrantCodeEnum {
     REGISTER,  //注册
     JOIN_HOSPITAL,  //加入机构
     QUIT_HOSPITAL,  //退出（移除）机构
-    MAIN_ADMIN,  //成为机构主管理员
-    ADMIN,  //成为机构管理员
-    REMOVE_MAIN_ADMIN,  //移除机构主管理员
-    REMOVE_ADMIN,  //移除机构管理员
     CERTIFY  //认证通过
 
 }

common/src/main/java/com/pica/cloud/permission/permission/common/dto/UserRoleDto.java

@@ -11,17 +11,17 @@ public class UserRoleDto {
     private Integer userId;
     private Integer roleId;
     private String roleCode;
-    private String roleName;
     private Integer createdId;
     private Integer modifiedId;
 
     public UserRoleDto() {}
 
-    public UserRoleDto(Integer productType, Integer userId, String roleCode, Integer createdId) {
+    public UserRoleDto(Integer productType, Integer userId, String roleCode, Integer createdId, Integer modifiedId) {
         this.productType = productType;
         this.userId = userId;
         this.roleCode = roleCode;
         this.createdId = createdId;
+        this.modifiedId = modifiedId;
     }
 
     public Integer getId() {
@@ -64,14 +64,6 @@ public class UserRoleDto {
         this.roleCode = roleCode;
     }
 
-    public String getRoleName() {
-        return roleName;
-    }
-
-    public void setRoleName(String roleName) {
-        this.roleName = roleName;
-    }
-
     public Integer getCreatedId() {
         return createdId;
     }

server/src/main/java/com/pica/cloud/permission/permission/server/controller/PermissionController.java

@@ -37,17 +37,23 @@ public class PermissionController {
     }
 
     @GetMapping("/cache")
-    public PicaResponse cache(@RequestParam("key") String key) {
+    public PicaResponse getCache(@RequestParam("key") String key) {
         Set<String> set = cacheClient.smembers(key);
         return PicaResponse.toResponse(set);
     }
 
     @PostMapping("/cache")
-    public PicaResponse cache(@RequestParam("key") String key, @RequestParam("value") String value) {
+    public PicaResponse saveCache(@RequestParam("key") String key, @RequestParam("value") String value) {
         cacheClient.set(key, value);
         return PicaResponse.toResponse();
     }
 
+    @DeleteMapping("/cache")
+    public PicaResponse deleteCache(@RequestParam("key") String key) {
+        cacheClient.del(key);
+        return PicaResponse.toResponse();
+    }
+
     @ApiOperation("授权")
     @PostMapping("/grant")
     public PicaResponse grant(@RequestBody GrantDto grantDto) {

server/src/main/java/com/pica/cloud/permission/permission/server/service/impl/PermissionCacheServiceImpl.java

@@ -102,12 +102,9 @@ public class PermissionCacheServiceImpl implements PermissionCacheService {
         if (userRole.getProductType().intValue() != ProductTypeEnum.DOCTOR.code()) {
             return;
         }
-        Role role = roleMapper.selectByPrimaryKey(userRole.getRoleId());
-        try {
-            cacheClient.sadd(Constants.KEY_DOCTOR_ROLE + userRole.getUserId(), role.getCode());
-        } catch (Exception ex) {
-            logger.error(ex.getMessage(), ex);
-        }
+        //Role role = roleMapper.selectByPrimaryKey(userRole.getRoleId());
+        //cacheClient.sadd(Constants.KEY_DOCTOR_ROLE + userRole.getUserId(), role.getCode());
+        this.initUserRole(userRole.getUserId());
     }
 
     //删除用户-角色
@@ -116,12 +113,9 @@ public class PermissionCacheServiceImpl implements PermissionCacheService {
         if (userRole.getProductType().intValue() != ProductTypeEnum.DOCTOR.code()) {
             return;
         }
-        Role role = roleMapper.selectByPrimaryKey(userRole.getRoleId());
-        try {
-            cacheClient.srem(Constants.KEY_DOCTOR_ROLE + userRole.getUserId(), role.getCode());
-        } catch (Exception ex) {
-            logger.error(ex.getMessage(), ex);
-        }
+        //Role role = roleMapper.selectByPrimaryKey(userRole.getRoleId());
+        //cacheClient.srem(Constants.KEY_DOCTOR_ROLE + userRole.getUserId(), role.getCode());
+        this.initUserRole(userRole.getUserId());
     }
 
     //修改资源
@@ -214,9 +208,10 @@ public class PermissionCacheServiceImpl implements PermissionCacheService {
 
     //初始化用户-角色（云鹊医用户）
     public void initUserRole(int userId) {
-        List<UserRoleDto> list = userRoleMapper.getByUserId(userId, ProductTypeEnum.DOCTOR.code());
-        String key = Constants.KEY_DOCTOR_ROLE + userId;
         try {
+            List<UserRoleDto> list = userRoleMapper.getByUserId(userId, ProductTypeEnum.DOCTOR.code());
+            String key = Constants.KEY_DOCTOR_ROLE + userId;
+            cacheClient.del(key);  //先删除，后新增
             for (UserRoleDto dto : list) {
                 cacheClient.sadd(key, dto.getRoleCode());
             }

server/src/main/java/com/pica/cloud/permission/permission/server/service/impl/PermissionServiceImpl.java

@@ -3,11 +3,10 @@ package com.pica.cloud.permission.permission.server.service.impl;
 import com.pica.cloud.foundation.redis.ICacheClient;
 import com.pica.cloud.permission.permission.common.constants.AuthTypeEnum;
 import com.pica.cloud.permission.permission.common.constants.ProductTypeEnum;
-import com.pica.cloud.permission.permission.common.constants.RoleCodeEnum;
 import com.pica.cloud.permission.permission.common.dto.*;
 import com.pica.cloud.permission.permission.server.constants.Constants;
+import com.pica.cloud.permission.permission.server.service.PermissionCacheService;
 import com.pica.cloud.permission.permission.server.service.PermissionService;
-import com.pica.cloud.permission.permission.server.service.UserRoleService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.util.CollectionUtils;
@@ -25,11 +24,10 @@ public class PermissionServiceImpl implements PermissionService {
     @Autowired
     private ICacheClient cacheClient;
     @Autowired
-    private UserRoleService userRoleService;
+    private PermissionCacheService permissionCacheService;
 
     @Override
     public void grant(GrantDto grantDto) {
-        UserRoleDto userRoleDto = new UserRoleDto(ProductTypeEnum.DOCTOR.code(), grantDto.getUserId(), null, grantDto.getCreatedId());
         String grantCode = grantDto.getGrantCode();
         switch (grantCode) {
             case "REGISTER" :
@@ -38,22 +36,6 @@ public class PermissionServiceImpl implements PermissionService {
                 break;
             case "QUIT_HOSPITAL" :
                 break;
-            case "MAIN_ADMIN" :
-                userRoleDto.setRoleCode(RoleCodeEnum.MAIN_ADMIN.code());
-                userRoleService.addUserRole(userRoleDto);
-                break;
-            case "ADMIN" :
-                userRoleDto.setRoleCode(RoleCodeEnum.ADMIN.code());
-                userRoleService.addUserRole(userRoleDto);
-                break;
-            case "REMOVE_MAIN_ADMIN" :
-                userRoleDto.setRoleCode(RoleCodeEnum.MAIN_ADMIN.code());
-                userRoleService.deleteUserRole(userRoleDto);
-                break;
-            case "REMOVE_ADMIN" :
-                userRoleDto.setRoleCode(RoleCodeEnum.ADMIN.code());
-                userRoleService.deleteUserRole(userRoleDto);
-                break;
             case "CERTIFY" :
                 break;
         }
@@ -79,6 +61,10 @@ public class PermissionServiceImpl implements PermissionService {
 
     //医生角色鉴权
     private AuthResultDto doctorRoleAuth(AuthDto authDto) {
+        long count = cacheClient.scard(Constants.KEY_DOCTOR_ROLE + authDto.getUserId());
+        if (count == 0) {
+            permissionCacheService.initUserRole(authDto.getUserId());
+        }
         for (String roleCode : authDto.getRoleCodes()) {
             boolean access = cacheClient.sismember(Constants.KEY_DOCTOR_ROLE + authDto.getUserId(), roleCode);
             if (access) {
@@ -90,6 +76,10 @@ public class PermissionServiceImpl implements PermissionService {
 
     //医生url鉴权
     private AuthResultDto doctorUrlAuth(AuthDto authDto) {
+        long count = cacheClient.scard(Constants.KEY_DOCTOR_ROLE + authDto.getUserId());
+        if (count == 0) {
+            permissionCacheService.initUserRole(authDto.getUserId());
+        }
         Set<String> roleCodes = cacheClient.smembers(Constants.KEY_DOCTOR_ROLE + authDto.getUserId());
         if (CollectionUtils.isEmpty(roleCodes)) {  //用户无任何角色
             return new AuthResultDto(false, null);