Skip to content

Commit 46ccade

Browse files
TommyLemonTommyLemon
committed
权限控制:分拆对角色的校验的代码为多个方法,方便灵活重写部分代码
1 parent 544a869 commit 46ccade

File tree

2 files changed

+67
-38
lines changed

2 files changed

+67
-38
lines changed

APIJSONORM/src/main/java/apijson/orm/AbstractVerifier.java

Lines changed: 62 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -240,6 +240,7 @@ public AbstractVerifier<T> setVisitor(Visitor<T> visitor) {
240240
* @return
241241
* @throws Exception
242242
*/
243+
@Override
243244
public boolean verifyAccess(SQLConfig config) throws Exception {
244245
String table = config == null ? null : config.getTable();
245246
if (table == null) {
@@ -249,7 +250,7 @@ public boolean verifyAccess(SQLConfig config) throws Exception {
249250
String role = config.getRole();
250251
if (role == null) {
251252
role = UNKNOWN;
252-
}
253+
}
253254
else {
254255
if (ROLE_MAP.containsKey(role) == false) {
255256
Set<String> NAMES = ROLE_MAP.keySet();
@@ -262,14 +263,72 @@ public boolean verifyAccess(SQLConfig config) throws Exception {
262263
}
263264

264265
RequestMethod method = config.getMethod();
266+
verifyRole(config, table, method, role);
267+
268+
return true;
269+
}
270+
271+
@Override
272+
public void verifyRole(SQLConfig config, String table, RequestMethod method, String role) throws Exception {
273+
verifyAllowRole(config, table, method, role); //验证允许的角色
274+
verifyUseRole(config, table, method, role); //验证使用的角色
275+
}
265276

266-
verifyRole(table, method, role);//验证允许的角色
277+
/**允许请求使用的所以可能角色
278+
* @param config
279+
* @param table
280+
* @param method
281+
* @param role
282+
* @return
283+
* @throws Exception
284+
* @see {@link apijson.JSONObject#KEY_ROLE}
285+
*/
286+
public void verifyAllowRole(SQLConfig config, String table, RequestMethod method, String role) throws Exception {
287+
Log.d(TAG, "verifyAllowRole table = " + table + "; method = " + method + "; role = " + role);
288+
if (table == null) {
289+
table = config == null ? null : config.getTable();
290+
}
291+
292+
if (table != null) {
293+
if (method == null) {
294+
method = config == null ? GET : config.getMethod();
295+
}
296+
if (role == null) {
297+
role = config == null ? UNKNOWN : config.getRole();
298+
}
299+
300+
Map<RequestMethod, String[]> map = ACCESS_MAP.get(table);
267301

302+
if (map == null || Arrays.asList(map.get(method)).contains(role) == false) {
303+
throw new IllegalAccessException(table + " 不允许 " + role + " 用户的 " + method.name() + " 请求!");
304+
}
305+
}
306+
}
268307

308+
/**校验请求使用的角色,角色不好判断,让访问者发过来角色名,OWNER,CONTACT,ADMIN等
309+
* @param config
310+
* @param table
311+
* @param method
312+
* @param role
313+
* @return
314+
* @throws Exception
315+
* @see {@link apijson.JSONObject#KEY_ROLE}
316+
*/
317+
public void verifyUseRole(SQLConfig config, String table, RequestMethod method, String role) throws Exception {
318+
Log.d(TAG, "verifyUseRole table = " + table + "; method = " + method + "; role = " + role);
269319
//验证角色,假定真实强制匹配<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
270320

271321
String visitorIdKey = getVisitorIdKey(config);
272-
322+
if (table == null) {
323+
table = config == null ? null : config.getTable();
324+
}
325+
if (method == null) {
326+
method = config == null ? GET : config.getMethod();
327+
}
328+
if (role == null) {
329+
role = config == null ? UNKNOWN : config.getRole();
330+
}
331+
273332
Object requestId;
274333
switch (role) {
275334
case LOGIN://verifyRole通过就行
@@ -366,39 +425,6 @@ public boolean verifyAccess(SQLConfig config) throws Exception {
366425
}
367426

368427
//验证角色,假定真实强制匹配>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
369-
370-
371-
return true;
372-
}
373-
374-
375-
376-
377-
378-
/**允许请求,角色不好判断,让访问者发过来角色名,OWNER,CONTACT,ADMIN等
379-
* @param table
380-
* @param method
381-
* @param role
382-
* @return
383-
* @throws Exception
384-
* @see {@link apijson.JSONObject#KEY_ROLE}
385-
*/
386-
public void verifyRole(String table, RequestMethod method, String role) throws Exception {
387-
Log.d(TAG, "verifyRole table = " + table + "; method = " + method + "; role = " + role);
388-
if (table != null) {
389-
if (method == null) {
390-
method = GET;
391-
}
392-
if (role == null) {
393-
role = UNKNOWN;
394-
}
395-
396-
Map<RequestMethod, String[]> map = ACCESS_MAP.get(table);
397-
398-
if (map == null || Arrays.asList(map.get(method)).contains(role) == false) {
399-
throw new IllegalAccessException(table + " 不允许 " + role + " 用户的 " + method.name() + " 请求!");
400-
}
401-
}
402428
}
403429

404430

APIJSONORM/src/main/java/apijson/orm/Verifier.java

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,15 +24,17 @@ public interface Verifier<T> {
2424
*/
2525
boolean verifyAccess(SQLConfig config) throws Exception;
2626

27-
/**允许请求,角色不好判断,让访问者发过来角色名,OWNER,CONTACT,ADMIN等
27+
28+
/**校验请求使用的角色,角色不好判断,让访问者发过来角色名,OWNER,CONTACT,ADMIN等
29+
* @param config
2830
* @param table
2931
* @param method
3032
* @param role
3133
* @return
3234
* @throws Exception
3335
* @see {@link apijson.JSONObject#KEY_ROLE}
3436
*/
35-
void verifyRole(String table, RequestMethod method, String role) throws Exception;
37+
void verifyRole(SQLConfig config, String table, RequestMethod method, String role) throws Exception;
3638

3739
/**登录校验
3840
* @param config
@@ -94,4 +96,5 @@ JSONObject verifyResponse(RequestMethod method, String name, JSONObject target,
9496

9597
String getVisitorIdKey(SQLConfig config);
9698

99+
97100
}

0 commit comments

Comments
 (0)