mirror of
https://github.com/tencentmusic/supersonic.git
synced 2025-12-15 14:36:47 +00:00
(improvement)(auth) support super admin configuration
This commit is contained in:
jolunoluo
@@ -12,6 +12,8 @@ public class UserConstants {
|
||||
|
||||
public static final String TOKEN_USER_EMAIL = "token_user_email";
|
||||
|
||||
public static final String TOKEN_IS_ADMIN = "token_is_admin";
|
||||
|
||||
public static final String TOKEN_ALGORITHM = "HS512";
|
||||
|
||||
public static final String TOKEN_CREATE_TIME = "token_create_time";
|
||||
|
||||
@@ -18,17 +18,22 @@ public class User {
|
||||
|
||||
private String email;
|
||||
|
||||
public static User get(Long id, String name, String displayName, String email) {
|
||||
return new User(id, name, displayName, email);
|
||||
private Integer isAdmin;
|
||||
|
||||
public static User get(Long id, String name, String displayName, String email, Integer isAdmin) {
|
||||
return new User(id, name, displayName, email, isAdmin);
|
||||
}
|
||||
|
||||
public static User getFakeUser() {
|
||||
return new User(1L, "admin", "admin", "admin@email");
|
||||
return new User(1L, "admin", "admin", "admin@email", 1);
|
||||
}
|
||||
|
||||
public String getDisplayName() {
|
||||
return StringUtils.isBlank(displayName) ? name : displayName;
|
||||
}
|
||||
|
||||
public boolean isSuperAdmin() {
|
||||
return isAdmin != null && isAdmin == 1;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -9,13 +9,14 @@ public class UserWithPassword extends User {
|
||||
|
||||
private String password;
|
||||
|
||||
public UserWithPassword(Long id, String name, String displayName, String email, String password) {
|
||||
super(id, name, displayName, email);
|
||||
public UserWithPassword(Long id, String name, String displayName, String email, String password, Integer isAdmin) {
|
||||
super(id, name, displayName, email, isAdmin);
|
||||
this.password = password;
|
||||
}
|
||||
|
||||
public static UserWithPassword get(Long id, String name, String displayName, String email, String password) {
|
||||
return new UserWithPassword(id, name, displayName, email, password);
|
||||
public static UserWithPassword get(Long id, String name, String displayName,
|
||||
String email, String password, Integer isAdmin) {
|
||||
return new UserWithPassword(id, name, displayName, email, password, isAdmin);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -71,7 +71,7 @@ public class DefaultUserAdaptor implements UserAdaptor {
|
||||
}
|
||||
if (userDO.getPassword().equals(userReq.getPassword())) {
|
||||
UserWithPassword user = UserWithPassword.get(userDO.getId(), userDO.getName(), userDO.getDisplayName(),
|
||||
userDO.getEmail(), userDO.getPassword());
|
||||
userDO.getEmail(), userDO.getPassword(), userDO.getIsAdmin());
|
||||
return userTokenUtils.generateToken(user);
|
||||
}
|
||||
throw new RuntimeException("password not correct, please try again");
|
||||
|
||||
@@ -1,99 +1,129 @@
|
||||
package com.tencent.supersonic.auth.authentication.persistence.dataobject;
|
||||
|
||||
public class UserDO {
|
||||
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
private Long id;
|
||||
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
private String name;
|
||||
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
private String password;
|
||||
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
private String displayName;
|
||||
|
||||
/**
|
||||
*
|
||||
*
|
||||
*/
|
||||
private String email;
|
||||
|
||||
/**
|
||||
* @return id
|
||||
*
|
||||
*/
|
||||
private Integer isAdmin;
|
||||
|
||||
/**
|
||||
*
|
||||
* @return id
|
||||
*/
|
||||
public Long getId() {
|
||||
return id;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param id
|
||||
*
|
||||
* @param id
|
||||
*/
|
||||
public void setId(Long id) {
|
||||
this.id = id;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return name
|
||||
*
|
||||
* @return name
|
||||
*/
|
||||
public String getName() {
|
||||
return name;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param name
|
||||
*
|
||||
* @param name
|
||||
*/
|
||||
public void setName(String name) {
|
||||
this.name = name == null ? null : name.trim();
|
||||
}
|
||||
|
||||
/**
|
||||
* @return password
|
||||
*
|
||||
* @return password
|
||||
*/
|
||||
public String getPassword() {
|
||||
return password;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param password
|
||||
*
|
||||
* @param password
|
||||
*/
|
||||
public void setPassword(String password) {
|
||||
this.password = password == null ? null : password.trim();
|
||||
}
|
||||
|
||||
/**
|
||||
* @return display_name
|
||||
*
|
||||
* @return display_name
|
||||
*/
|
||||
public String getDisplayName() {
|
||||
return displayName;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param displayName
|
||||
*
|
||||
* @param displayName
|
||||
*/
|
||||
public void setDisplayName(String displayName) {
|
||||
this.displayName = displayName == null ? null : displayName.trim();
|
||||
}
|
||||
|
||||
/**
|
||||
* @return email
|
||||
*
|
||||
* @return email
|
||||
*/
|
||||
public String getEmail() {
|
||||
return email;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param email
|
||||
*
|
||||
* @param email
|
||||
*/
|
||||
public void setEmail(String email) {
|
||||
this.email = email == null ? null : email.trim();
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @return is_admin
|
||||
*/
|
||||
public Integer getIsAdmin() {
|
||||
return isAdmin;
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param isAdmin
|
||||
*/
|
||||
public void setIsAdmin(Integer isAdmin) {
|
||||
this.isAdmin = isAdmin;
|
||||
}
|
||||
}
|
||||
@@ -4,7 +4,6 @@ import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
public class UserDOExample {
|
||||
|
||||
/**
|
||||
* s2_user
|
||||
*/
|
||||
@@ -31,6 +30,7 @@ public class UserDOExample {
|
||||
protected Integer limitEnd;
|
||||
|
||||
/**
|
||||
*
|
||||
* @mbg.generated
|
||||
*/
|
||||
public UserDOExample() {
|
||||
@@ -38,13 +38,7 @@ public class UserDOExample {
|
||||
}
|
||||
|
||||
/**
|
||||
* @mbg.generated
|
||||
*/
|
||||
public String getOrderByClause() {
|
||||
return orderByClause;
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @mbg.generated
|
||||
*/
|
||||
public void setOrderByClause(String orderByClause) {
|
||||
@@ -52,13 +46,15 @@ public class UserDOExample {
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @mbg.generated
|
||||
*/
|
||||
public boolean isDistinct() {
|
||||
return distinct;
|
||||
public String getOrderByClause() {
|
||||
return orderByClause;
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @mbg.generated
|
||||
*/
|
||||
public void setDistinct(boolean distinct) {
|
||||
@@ -66,6 +62,15 @@ public class UserDOExample {
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @mbg.generated
|
||||
*/
|
||||
public boolean isDistinct() {
|
||||
return distinct;
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @mbg.generated
|
||||
*/
|
||||
public List<Criteria> getOredCriteria() {
|
||||
@@ -73,6 +78,7 @@ public class UserDOExample {
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @mbg.generated
|
||||
*/
|
||||
public void or(Criteria criteria) {
|
||||
@@ -80,6 +86,7 @@ public class UserDOExample {
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @mbg.generated
|
||||
*/
|
||||
public Criteria or() {
|
||||
@@ -89,6 +96,7 @@ public class UserDOExample {
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @mbg.generated
|
||||
*/
|
||||
public Criteria createCriteria() {
|
||||
@@ -100,6 +108,7 @@ public class UserDOExample {
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @mbg.generated
|
||||
*/
|
||||
protected Criteria createCriteriaInternal() {
|
||||
@@ -108,6 +117,7 @@ public class UserDOExample {
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @mbg.generated
|
||||
*/
|
||||
public void clear() {
|
||||
@@ -117,6 +127,15 @@ public class UserDOExample {
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @mbg.generated
|
||||
*/
|
||||
public void setLimitStart(Integer limitStart) {
|
||||
this.limitStart=limitStart;
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @mbg.generated
|
||||
*/
|
||||
public Integer getLimitStart() {
|
||||
@@ -124,31 +143,25 @@ public class UserDOExample {
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @mbg.generated
|
||||
*/
|
||||
public void setLimitStart(Integer limitStart) {
|
||||
this.limitStart = limitStart;
|
||||
public void setLimitEnd(Integer limitEnd) {
|
||||
this.limitEnd=limitEnd;
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @mbg.generated
|
||||
*/
|
||||
public Integer getLimitEnd() {
|
||||
return limitEnd;
|
||||
}
|
||||
|
||||
/**
|
||||
* @mbg.generated
|
||||
*/
|
||||
public void setLimitEnd(Integer limitEnd) {
|
||||
this.limitEnd = limitEnd;
|
||||
}
|
||||
|
||||
/**
|
||||
* s2_user null
|
||||
*/
|
||||
protected abstract static class GeneratedCriteria {
|
||||
|
||||
protected List<Criterion> criteria;
|
||||
|
||||
protected GeneratedCriteria() {
|
||||
@@ -528,6 +541,66 @@ public class UserDOExample {
|
||||
addCriterion("email not between", value1, value2, "email");
|
||||
return (Criteria) this;
|
||||
}
|
||||
|
||||
public Criteria andIsAdminIsNull() {
|
||||
addCriterion("is_admin is null");
|
||||
return (Criteria) this;
|
||||
}
|
||||
|
||||
public Criteria andIsAdminIsNotNull() {
|
||||
addCriterion("is_admin is not null");
|
||||
return (Criteria) this;
|
||||
}
|
||||
|
||||
public Criteria andIsAdminEqualTo(Integer value) {
|
||||
addCriterion("is_admin =", value, "isAdmin");
|
||||
return (Criteria) this;
|
||||
}
|
||||
|
||||
public Criteria andIsAdminNotEqualTo(Integer value) {
|
||||
addCriterion("is_admin <>", value, "isAdmin");
|
||||
return (Criteria) this;
|
||||
}
|
||||
|
||||
public Criteria andIsAdminGreaterThan(Integer value) {
|
||||
addCriterion("is_admin >", value, "isAdmin");
|
||||
return (Criteria) this;
|
||||
}
|
||||
|
||||
public Criteria andIsAdminGreaterThanOrEqualTo(Integer value) {
|
||||
addCriterion("is_admin >=", value, "isAdmin");
|
||||
return (Criteria) this;
|
||||
}
|
||||
|
||||
public Criteria andIsAdminLessThan(Integer value) {
|
||||
addCriterion("is_admin <", value, "isAdmin");
|
||||
return (Criteria) this;
|
||||
}
|
||||
|
||||
public Criteria andIsAdminLessThanOrEqualTo(Integer value) {
|
||||
addCriterion("is_admin <=", value, "isAdmin");
|
||||
return (Criteria) this;
|
||||
}
|
||||
|
||||
public Criteria andIsAdminIn(List<Integer> values) {
|
||||
addCriterion("is_admin in", values, "isAdmin");
|
||||
return (Criteria) this;
|
||||
}
|
||||
|
||||
public Criteria andIsAdminNotIn(List<Integer> values) {
|
||||
addCriterion("is_admin not in", values, "isAdmin");
|
||||
return (Criteria) this;
|
||||
}
|
||||
|
||||
public Criteria andIsAdminBetween(Integer value1, Integer value2) {
|
||||
addCriterion("is_admin between", value1, value2, "isAdmin");
|
||||
return (Criteria) this;
|
||||
}
|
||||
|
||||
public Criteria andIsAdminNotBetween(Integer value1, Integer value2) {
|
||||
addCriterion("is_admin not between", value1, value2, "isAdmin");
|
||||
return (Criteria) this;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -544,7 +617,6 @@ public class UserDOExample {
|
||||
* s2_user null
|
||||
*/
|
||||
public static class Criterion {
|
||||
|
||||
private String condition;
|
||||
|
||||
private Object value;
|
||||
@@ -561,6 +633,38 @@ public class UserDOExample {
|
||||
|
||||
private String typeHandler;
|
||||
|
||||
public String getCondition() {
|
||||
return condition;
|
||||
}
|
||||
|
||||
public Object getValue() {
|
||||
return value;
|
||||
}
|
||||
|
||||
public Object getSecondValue() {
|
||||
return secondValue;
|
||||
}
|
||||
|
||||
public boolean isNoValue() {
|
||||
return noValue;
|
||||
}
|
||||
|
||||
public boolean isSingleValue() {
|
||||
return singleValue;
|
||||
}
|
||||
|
||||
public boolean isBetweenValue() {
|
||||
return betweenValue;
|
||||
}
|
||||
|
||||
public boolean isListValue() {
|
||||
return listValue;
|
||||
}
|
||||
|
||||
public String getTypeHandler() {
|
||||
return typeHandler;
|
||||
}
|
||||
|
||||
protected Criterion(String condition) {
|
||||
super();
|
||||
this.condition = condition;
|
||||
@@ -596,37 +700,5 @@ public class UserDOExample {
|
||||
protected Criterion(String condition, Object value, Object secondValue) {
|
||||
this(condition, value, secondValue, null);
|
||||
}
|
||||
|
||||
public String getCondition() {
|
||||
return condition;
|
||||
}
|
||||
|
||||
public Object getValue() {
|
||||
return value;
|
||||
}
|
||||
|
||||
public Object getSecondValue() {
|
||||
return secondValue;
|
||||
}
|
||||
|
||||
public boolean isNoValue() {
|
||||
return noValue;
|
||||
}
|
||||
|
||||
public boolean isSingleValue() {
|
||||
return singleValue;
|
||||
}
|
||||
|
||||
public boolean isBetweenValue() {
|
||||
return betweenValue;
|
||||
}
|
||||
|
||||
public boolean isListValue() {
|
||||
return listValue;
|
||||
}
|
||||
|
||||
public String getTypeHandler() {
|
||||
return typeHandler;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -2,6 +2,7 @@ package com.tencent.supersonic.auth.authentication.utils;
|
||||
|
||||
import static com.tencent.supersonic.auth.api.authentication.constant.UserConstants.TOKEN_ALGORITHM;
|
||||
import static com.tencent.supersonic.auth.api.authentication.constant.UserConstants.TOKEN_CREATE_TIME;
|
||||
import static com.tencent.supersonic.auth.api.authentication.constant.UserConstants.TOKEN_IS_ADMIN;
|
||||
import static com.tencent.supersonic.auth.api.authentication.constant.UserConstants.TOKEN_PREFIX;
|
||||
import static com.tencent.supersonic.auth.api.authentication.constant.UserConstants.TOKEN_TIME_OUT;
|
||||
import static com.tencent.supersonic.auth.api.authentication.constant.UserConstants.TOKEN_USER_DISPLAY_NAME;
|
||||
@@ -42,6 +43,7 @@ public class UserTokenUtils {
|
||||
claims.put(TOKEN_USER_PASSWORD, StringUtils.isEmpty(user.getPassword()) ? "" : user.getPassword());
|
||||
claims.put(TOKEN_USER_DISPLAY_NAME, user.getDisplayName());
|
||||
claims.put(TOKEN_CREATE_TIME, System.currentTimeMillis());
|
||||
claims.put(TOKEN_IS_ADMIN, user.getIsAdmin());
|
||||
return generate(claims);
|
||||
}
|
||||
|
||||
@@ -52,6 +54,7 @@ public class UserTokenUtils {
|
||||
claims.put(TOKEN_USER_PASSWORD, "admin");
|
||||
claims.put(TOKEN_USER_DISPLAY_NAME, "admin");
|
||||
claims.put(TOKEN_CREATE_TIME, System.currentTimeMillis());
|
||||
claims.put(TOKEN_IS_ADMIN, 1);
|
||||
return generate(claims);
|
||||
}
|
||||
|
||||
@@ -63,7 +66,9 @@ public class UserTokenUtils {
|
||||
String userName = String.valueOf(claims.get(TOKEN_USER_NAME));
|
||||
String email = String.valueOf(claims.get(TOKEN_USER_EMAIL));
|
||||
String displayName = String.valueOf(claims.get(TOKEN_USER_DISPLAY_NAME));
|
||||
return User.get(userId, userName, displayName, email);
|
||||
Integer isAdmin = claims.get(TOKEN_IS_ADMIN) == null
|
||||
? 0 : Integer.parseInt(claims.get(TOKEN_IS_ADMIN).toString());
|
||||
return User.get(userId, userName, displayName, email, isAdmin);
|
||||
}
|
||||
|
||||
public UserWithPassword getUserWithPassword(HttpServletRequest request) {
|
||||
@@ -79,7 +84,9 @@ public class UserTokenUtils {
|
||||
String email = String.valueOf(claims.get(TOKEN_USER_EMAIL));
|
||||
String displayName = String.valueOf(claims.get(TOKEN_USER_DISPLAY_NAME));
|
||||
String password = String.valueOf(claims.get(TOKEN_USER_PASSWORD));
|
||||
return UserWithPassword.get(userId, userName, displayName, email, password);
|
||||
Integer isAdmin = claims.get(TOKEN_IS_ADMIN) == null
|
||||
? 0 : Integer.parseInt(claims.get(TOKEN_IS_ADMIN).toString());
|
||||
return UserWithPassword.get(userId, userName, displayName, email, password, isAdmin);
|
||||
}
|
||||
|
||||
private Claims getClaims(String token) {
|
||||
|
||||
@@ -2,11 +2,12 @@
|
||||
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
|
||||
<mapper namespace="com.tencent.supersonic.auth.authentication.persistence.mapper.UserDOMapper">
|
||||
<resultMap id="BaseResultMap" type="com.tencent.supersonic.auth.authentication.persistence.dataobject.UserDO">
|
||||
<id column="id" jdbcType="BIGINT" property="id" />
|
||||
<result column="id" jdbcType="BIGINT" property="id" />
|
||||
<result column="name" jdbcType="VARCHAR" property="name" />
|
||||
<result column="password" jdbcType="VARCHAR" property="password" />
|
||||
<result column="display_name" jdbcType="VARCHAR" property="displayName" />
|
||||
<result column="email" jdbcType="VARCHAR" property="email" />
|
||||
<result column="is_admin" jdbcType="INTEGER" property="isAdmin" />
|
||||
</resultMap>
|
||||
<sql id="Example_Where_Clause">
|
||||
<where>
|
||||
@@ -38,7 +39,7 @@
|
||||
</where>
|
||||
</sql>
|
||||
<sql id="Base_Column_List">
|
||||
id, name, password, display_name, email
|
||||
id, name, password, display_name, email, is_admin
|
||||
</sql>
|
||||
<select id="selectByExample" parameterType="com.tencent.supersonic.auth.authentication.persistence.dataobject.UserDOExample" resultMap="BaseResultMap">
|
||||
select
|
||||
@@ -57,21 +58,13 @@
|
||||
limit #{limitStart} , #{limitEnd}
|
||||
</if>
|
||||
</select>
|
||||
<select id="selectByPrimaryKey" parameterType="java.lang.Long" resultMap="BaseResultMap">
|
||||
select
|
||||
<include refid="Base_Column_List" />
|
||||
from s2_user
|
||||
where id = #{id,jdbcType=BIGINT}
|
||||
</select>
|
||||
<delete id="deleteByPrimaryKey" parameterType="java.lang.Long">
|
||||
delete from s2_user
|
||||
where id = #{id,jdbcType=BIGINT}
|
||||
</delete>
|
||||
<insert id="insert" parameterType="com.tencent.supersonic.auth.authentication.persistence.dataobject.UserDO">
|
||||
insert into s2_user (id, name, password,
|
||||
display_name, email)
|
||||
display_name, email, is_admin
|
||||
)
|
||||
values (#{id,jdbcType=BIGINT}, #{name,jdbcType=VARCHAR}, #{password,jdbcType=VARCHAR},
|
||||
#{displayName,jdbcType=VARCHAR}, #{email,jdbcType=VARCHAR})
|
||||
#{displayName,jdbcType=VARCHAR}, #{email,jdbcType=VARCHAR}, #{isAdmin,jdbcType=INTEGER}
|
||||
)
|
||||
</insert>
|
||||
<insert id="insertSelective" parameterType="com.tencent.supersonic.auth.authentication.persistence.dataobject.UserDO">
|
||||
insert into s2_user
|
||||
@@ -91,6 +84,9 @@
|
||||
<if test="email != null">
|
||||
email,
|
||||
</if>
|
||||
<if test="isAdmin != null">
|
||||
is_admin,
|
||||
</if>
|
||||
</trim>
|
||||
<trim prefix="values (" suffix=")" suffixOverrides=",">
|
||||
<if test="id != null">
|
||||
@@ -108,6 +104,9 @@
|
||||
<if test="email != null">
|
||||
#{email,jdbcType=VARCHAR},
|
||||
</if>
|
||||
<if test="isAdmin != null">
|
||||
#{isAdmin,jdbcType=INTEGER},
|
||||
</if>
|
||||
</trim>
|
||||
</insert>
|
||||
<select id="countByExample" parameterType="com.tencent.supersonic.auth.authentication.persistence.dataobject.UserDOExample" resultType="java.lang.Long">
|
||||
@@ -116,30 +115,4 @@
|
||||
<include refid="Example_Where_Clause" />
|
||||
</if>
|
||||
</select>
|
||||
<update id="updateByPrimaryKeySelective" parameterType="com.tencent.supersonic.auth.authentication.persistence.dataobject.UserDO">
|
||||
update s2_user
|
||||
<set>
|
||||
<if test="name != null">
|
||||
name = #{name,jdbcType=VARCHAR},
|
||||
</if>
|
||||
<if test="password != null">
|
||||
password = #{password,jdbcType=VARCHAR},
|
||||
</if>
|
||||
<if test="displayName != null">
|
||||
display_name = #{displayName,jdbcType=VARCHAR},
|
||||
</if>
|
||||
<if test="email != null">
|
||||
email = #{email,jdbcType=VARCHAR},
|
||||
</if>
|
||||
</set>
|
||||
where id = #{id,jdbcType=BIGINT}
|
||||
</update>
|
||||
<update id="updateByPrimaryKey" parameterType="com.tencent.supersonic.auth.authentication.persistence.dataobject.UserDO">
|
||||
update s2_user
|
||||
set name = #{name,jdbcType=VARCHAR},
|
||||
password = #{password,jdbcType=VARCHAR},
|
||||
display_name = #{displayName,jdbcType=VARCHAR},
|
||||
email = #{email,jdbcType=VARCHAR}
|
||||
where id = #{id,jdbcType=BIGINT}
|
||||
</update>
|
||||
</mapper>
|
||||
@@ -1,4 +1,4 @@
|
||||
insert into s2_user (id, `name`, password, display_name, email) values (1, 'admin','admin','admin','admin@xx.com');
|
||||
insert into s2_user (id, `name`, password, display_name, email, is_admin) values (1, 'admin','admin','admin','admin@xx.com', 1);
|
||||
insert into s2_user (id, `name`, password, display_name, email) values (2, 'jack','123456','jack','jack@xx.com');
|
||||
insert into s2_user (id, `name`, password, display_name, email) values (3, 'tom','123456','tom','tom@xx.com');
|
||||
insert into s2_user (id, `name`, password, display_name, email) values (4, 'lucy','123456','lucy','lucy@xx.com');
|
||||
|
||||
@@ -87,6 +87,7 @@ create table s2_user
|
||||
display_name varchar(100) null,
|
||||
password varchar(100) null,
|
||||
email varchar(100) null,
|
||||
is_admin INT null,
|
||||
PRIMARY KEY (`id`)
|
||||
);
|
||||
COMMENT ON TABLE s2_user IS 'user information table';
|
||||
|
||||
@@ -36,7 +36,7 @@ insert into s2_auth_groups (group_id, config)
|
||||
values (2, '{"domainId":"1","name":"tom_sales_permission","groupId":2,"authRules":[{"metrics":["stay_hours"],"dimensions":["page"]}],"dimensionFilters":["department in (''sales'')"],"dimensionFilterDescription":"开通 tom sales部门权限", "authorizedUsers":["tom"],"authorizedDepartmentIds":[]}');
|
||||
|
||||
|
||||
insert into s2_user (id, `name`, password, display_name, email) values (1, 'admin','admin','admin','admin@xx.com');
|
||||
insert into s2_user (id, `name`, password, display_name, email, is_admin) values (1, 'admin','admin','admin','admin@xx.com', 1);
|
||||
insert into s2_user (id, `name`, password, display_name, email) values (2, 'jack','123456','jack','jack@xx.com');
|
||||
insert into s2_user (id, `name`, password, display_name, email) values (3, 'tom','123456','tom','tom@xx.com');
|
||||
insert into s2_user (id, `name`, password, display_name, email) values (4, 'lucy','123456','lucy','lucy@xx.com');
|
||||
|
||||
@@ -80,6 +80,7 @@ create table s2_user
|
||||
display_name varchar(100) null,
|
||||
password varchar(100) null,
|
||||
email varchar(100) null,
|
||||
is_admin INT null,
|
||||
PRIMARY KEY (`id`)
|
||||
);
|
||||
COMMENT ON TABLE s2_user IS 'user information table';
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
-- sample user
|
||||
insert into s2_user (id, `name`, password, display_name, email) values (1, 'admin','admin','admin','admin@xx.com');
|
||||
insert into s2_user (id, `name`, password, display_name, email, is_admin) values (1, 'admin','admin','admin','admin@xx.com', 1);
|
||||
insert into s2_user (id, `name`, password, display_name, email) values (2, 'jack','123456','jack','jack@xx.com');
|
||||
insert into s2_user (id, `name`, password, display_name, email) values (3, 'tom','123456','tom','tom@xx.com');
|
||||
insert into s2_user (id, `name`, password, display_name, email) values (4, 'lucy','123456','lucy','lucy@xx.com');
|
||||
insert into s2_user (id, `name`, password, display_name, email, is_admin) values (4, 'lucy','123456','lucy','lucy@xx.com', 1);
|
||||
insert into s2_user (id, `name`, password, display_name, email) values (5, 'alice','123456','alice','alice@xx.com');
|
||||
|
||||
-- sample models
|
||||
|
||||
@@ -87,6 +87,7 @@ create table s2_user
|
||||
display_name varchar(100) null,
|
||||
password varchar(100) null,
|
||||
email varchar(100) null,
|
||||
is_admin INT null,
|
||||
PRIMARY KEY (`id`)
|
||||
);
|
||||
COMMENT ON TABLE s2_user IS 'user information table';
|
||||
|
||||
@@ -369,7 +369,8 @@ create table s2_user
|
||||
display_name varchar(100) null,
|
||||
password varchar(100) null,
|
||||
email varchar(100) null,
|
||||
is_admin int(11) null,
|
||||
PRIMARY KEY (`id`)
|
||||
);
|
||||
|
||||
insert into s2_user (id, `name`, password, display_name, email) values (1, 'admin','admin','admin','admin@xx.com');
|
||||
insert into s2_user (id, `name`, password, display_name, email, is_admin) values (1, 'admin','admin','admin','admin@xx.com', 1);
|
||||
|
||||
@@ -51,4 +51,7 @@ alter table s2_chat add column agent_id int after chat_id;
|
||||
ALTER TABLE s2_model add alias varchar(200) default null after domain_id;
|
||||
|
||||
--20230919
|
||||
alter table s2_metric add tags varchar(500) null;
|
||||
alter table s2_metric add tags varchar(500) null;
|
||||
|
||||
--20230920
|
||||
alter table s2_user add is_admin int null;
|
||||
@@ -23,7 +23,7 @@ import static java.time.LocalDate.now;
|
||||
|
||||
public class DataUtils {
|
||||
|
||||
private static final User user_test = new User(1L, "admin", "admin", "admin@email");
|
||||
private static final User user_test = User.getFakeUser();
|
||||
|
||||
public static User getUser() {
|
||||
return user_test;
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
-- sample user
|
||||
insert into s2_user (id, `name`, password, display_name, email) values (1, 'admin','admin','admin','admin@xx.com');
|
||||
insert into s2_user (id, `name`, password, display_name, email, is_admin) values (1, 'admin','admin','admin','admin@xx.com', 1);
|
||||
insert into s2_user (id, `name`, password, display_name, email) values (2, 'jack','123456','jack','jack@xx.com');
|
||||
insert into s2_user (id, `name`, password, display_name, email) values (3, 'tom','123456','tom','tom@xx.com');
|
||||
insert into s2_user (id, `name`, password, display_name, email) values (4, 'lucy','123456','lucy','lucy@xx.com');
|
||||
|
||||
@@ -102,6 +102,7 @@ create table s2_user
|
||||
display_name varchar(100) null,
|
||||
password varchar(100) null,
|
||||
email varchar(100) null,
|
||||
is_admin INT null,
|
||||
PRIMARY KEY (`id`)
|
||||
);
|
||||
COMMENT ON TABLE s2_user IS 'user information table';
|
||||
|
||||
@@ -72,7 +72,8 @@ public class DatabaseServiceImpl implements DatabaseService {
|
||||
private void fillPermission(List<DatabaseResp> databaseResps, User user) {
|
||||
databaseResps.forEach(databaseResp -> {
|
||||
if (databaseResp.getAdmins().contains(user.getName())
|
||||
|| user.getName().equalsIgnoreCase(databaseResp.getCreatedBy())) {
|
||||
|| user.getName().equalsIgnoreCase(databaseResp.getCreatedBy())
|
||||
|| user.isSuperAdmin()) {
|
||||
databaseResp.setHasPermission(true);
|
||||
databaseResp.setHasEditPermission(true);
|
||||
databaseResp.setHasUsePermission(true);
|
||||
@@ -111,7 +112,8 @@ public class DatabaseServiceImpl implements DatabaseService {
|
||||
List<String> viewers = databaseResp.getViewers();
|
||||
if (!admins.contains(user.getName())
|
||||
&& !viewers.contains(user.getName())
|
||||
&& !databaseResp.getCreatedBy().equalsIgnoreCase(user.getName())) {
|
||||
&& !databaseResp.getCreatedBy().equalsIgnoreCase(user.getName())
|
||||
&& !user.isSuperAdmin()) {
|
||||
String message = String.format("您暂无当前数据库%s权限, 请联系数据库管理员%s开通",
|
||||
databaseResp.getName(),
|
||||
String.join(",", admins));
|
||||
|
||||
@@ -96,12 +96,12 @@ public class DomainServiceImpl implements DomainService {
|
||||
|
||||
@Override
|
||||
public List<DomainResp> getDomainListWithAdminAuth(User user) {
|
||||
Set<DomainResp> domainWithAuthAll = getDomainAuthSet(user.getName(), AuthType.ADMIN);
|
||||
Set<DomainResp> domainWithAuthAll = getDomainAuthSet(user, AuthType.ADMIN);
|
||||
if (!CollectionUtils.isEmpty(domainWithAuthAll)) {
|
||||
List<Long> domainIds = domainWithAuthAll.stream().map(DomainResp::getId).collect(Collectors.toList());
|
||||
domainWithAuthAll.addAll(getParentDomain(domainIds));
|
||||
}
|
||||
List<ModelResp> modelResps = modelService.getModelAuthList(user.getName(), AuthType.ADMIN);
|
||||
List<ModelResp> modelResps = modelService.getModelAuthList(user, AuthType.ADMIN);
|
||||
if (!CollectionUtils.isEmpty(modelResps)) {
|
||||
List<Long> domainIds = modelResps.stream().map(ModelResp::getDomainId).collect(Collectors.toList());
|
||||
domainWithAuthAll.addAll(getParentDomain(domainIds));
|
||||
@@ -111,18 +111,18 @@ public class DomainServiceImpl implements DomainService {
|
||||
}
|
||||
|
||||
@Override
|
||||
public Set<DomainResp> getDomainAuthSet(String userName, AuthType authTypeEnum) {
|
||||
public Set<DomainResp> getDomainAuthSet(User user, AuthType authTypeEnum) {
|
||||
List<DomainResp> domainResps = getDomainList();
|
||||
Set<String> orgIds = userService.getUserAllOrgId(userName);
|
||||
Set<String> orgIds = userService.getUserAllOrgId(user.getName());
|
||||
List<DomainResp> domainWithAuth = Lists.newArrayList();
|
||||
if (authTypeEnum.equals(AuthType.ADMIN)) {
|
||||
domainWithAuth = domainResps.stream()
|
||||
.filter(domainResp -> checkAdminPermission(orgIds, userName, domainResp))
|
||||
.filter(domainResp -> checkAdminPermission(orgIds, user, domainResp))
|
||||
.collect(Collectors.toList());
|
||||
}
|
||||
if (authTypeEnum.equals(AuthType.VISIBLE)) {
|
||||
domainWithAuth = domainResps.stream()
|
||||
.filter(domainResp -> checkViewerPermission(orgIds, userName, domainResp))
|
||||
.filter(domainResp -> checkViewerPermission(orgIds, user, domainResp))
|
||||
.collect(Collectors.toList());
|
||||
}
|
||||
List<Long> domainIds = domainWithAuth.stream().map(DomainResp::getId)
|
||||
@@ -240,11 +240,13 @@ public class DomainServiceImpl implements DomainService {
|
||||
}
|
||||
|
||||
|
||||
private boolean checkAdminPermission(Set<String> orgIds, String userName, DomainResp domainResp) {
|
||||
|
||||
private boolean checkAdminPermission(Set<String> orgIds, User user, DomainResp domainResp) {
|
||||
List<String> admins = domainResp.getAdmins();
|
||||
List<String> adminOrgs = domainResp.getAdminOrgs();
|
||||
if (admins.contains(userName) || domainResp.getCreatedBy().equals(userName)) {
|
||||
if (user.isSuperAdmin()) {
|
||||
return true;
|
||||
}
|
||||
if (admins.contains(user.getName()) || domainResp.getCreatedBy().equals(user.getName())) {
|
||||
return true;
|
||||
}
|
||||
if (CollectionUtils.isEmpty(adminOrgs)) {
|
||||
@@ -258,12 +260,17 @@ public class DomainServiceImpl implements DomainService {
|
||||
return false;
|
||||
}
|
||||
|
||||
private boolean checkViewerPermission(Set<String> orgIds, String userName, DomainResp domainDesc) {
|
||||
private boolean checkViewerPermission(Set<String> orgIds, User user, DomainResp domainDesc) {
|
||||
List<String> admins = domainDesc.getAdmins();
|
||||
List<String> viewers = domainDesc.getViewers();
|
||||
List<String> adminOrgs = domainDesc.getAdminOrgs();
|
||||
List<String> viewOrgs = domainDesc.getViewOrgs();
|
||||
if (admins.contains(userName) || viewers.contains(userName) || domainDesc.getCreatedBy().equals(userName)) {
|
||||
if (user.isSuperAdmin()) {
|
||||
return true;
|
||||
}
|
||||
if (admins.contains(user.getName())
|
||||
|| viewers.contains(user.getName())
|
||||
|| domainDesc.getCreatedBy().equals(user.getName())) {
|
||||
return true;
|
||||
}
|
||||
if (CollectionUtils.isEmpty(adminOrgs) && CollectionUtils.isEmpty(viewOrgs)) {
|
||||
|
||||
@@ -97,10 +97,10 @@ public class ModelServiceImpl implements ModelService {
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<ModelResp> getModelListWithAuth(String userName, Long domainId, AuthType authType) {
|
||||
List<ModelResp> modelResps = getModelAuthList(userName, authType);
|
||||
public List<ModelResp> getModelListWithAuth(User user, Long domainId, AuthType authType) {
|
||||
List<ModelResp> modelResps = getModelAuthList(user, authType);
|
||||
Set<ModelResp> modelRespSet = new HashSet<>(modelResps);
|
||||
List<ModelResp> modelRespsAuthInheritDomain = getModelRespAuthInheritDomain(userName, authType);
|
||||
List<ModelResp> modelRespsAuthInheritDomain = getModelRespAuthInheritDomain(user, authType);
|
||||
modelRespSet.addAll(modelRespsAuthInheritDomain);
|
||||
if (domainId != null && domainId > 0) {
|
||||
modelRespSet = modelRespSet.stream().filter(modelResp ->
|
||||
@@ -109,8 +109,8 @@ public class ModelServiceImpl implements ModelService {
|
||||
return fillMetricInfo(new ArrayList<>(modelRespSet));
|
||||
}
|
||||
|
||||
public List<ModelResp> getModelRespAuthInheritDomain(String userName, AuthType authType) {
|
||||
Set<DomainResp> domainResps = domainService.getDomainAuthSet(userName, authType);
|
||||
public List<ModelResp> getModelRespAuthInheritDomain(User user, AuthType authType) {
|
||||
Set<DomainResp> domainResps = domainService.getDomainAuthSet(user, authType);
|
||||
if (CollectionUtils.isEmpty(domainResps)) {
|
||||
return Lists.newArrayList();
|
||||
}
|
||||
@@ -121,18 +121,18 @@ public class ModelServiceImpl implements ModelService {
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<ModelResp> getModelAuthList(String userName, AuthType authTypeEnum) {
|
||||
public List<ModelResp> getModelAuthList(User user, AuthType authTypeEnum) {
|
||||
List<ModelResp> modelResps = getModelList();
|
||||
Set<String> orgIds = userService.getUserAllOrgId(userName);
|
||||
Set<String> orgIds = userService.getUserAllOrgId(user.getName());
|
||||
List<ModelResp> modelWithAuth = Lists.newArrayList();
|
||||
if (authTypeEnum.equals(AuthType.ADMIN)) {
|
||||
modelWithAuth = modelResps.stream()
|
||||
.filter(modelResp -> checkAdminPermission(orgIds, userName, modelResp))
|
||||
.filter(modelResp -> checkAdminPermission(orgIds, user, modelResp))
|
||||
.collect(Collectors.toList());
|
||||
}
|
||||
if (authTypeEnum.equals(AuthType.VISIBLE)) {
|
||||
modelWithAuth = modelResps.stream()
|
||||
.filter(domainResp -> checkViewerPermission(orgIds, userName, domainResp))
|
||||
.filter(domainResp -> checkViewerPermission(orgIds, user, domainResp))
|
||||
.collect(Collectors.toList());
|
||||
}
|
||||
return modelWithAuth;
|
||||
@@ -325,9 +325,13 @@ public class ModelServiceImpl implements ModelService {
|
||||
return new ArrayList<>(getModelMap().keySet());
|
||||
}
|
||||
|
||||
public static boolean checkAdminPermission(Set<String> orgIds, String userName, ModelResp modelResp) {
|
||||
public static boolean checkAdminPermission(Set<String> orgIds, User user, ModelResp modelResp) {
|
||||
List<String> admins = modelResp.getAdmins();
|
||||
List<String> adminOrgs = modelResp.getAdminOrgs();
|
||||
if (user.isSuperAdmin()) {
|
||||
return true;
|
||||
}
|
||||
String userName = user.getName();
|
||||
if (admins.contains(userName) || modelResp.getCreatedBy().equals(userName)) {
|
||||
return true;
|
||||
}
|
||||
@@ -342,14 +346,18 @@ public class ModelServiceImpl implements ModelService {
|
||||
return false;
|
||||
}
|
||||
|
||||
public static boolean checkViewerPermission(Set<String> orgIds, String userName, ModelResp modelResp) {
|
||||
public static boolean checkViewerPermission(Set<String> orgIds, User user, ModelResp modelResp) {
|
||||
List<String> admins = modelResp.getAdmins();
|
||||
List<String> viewers = modelResp.getViewers();
|
||||
List<String> adminOrgs = modelResp.getAdminOrgs();
|
||||
List<String> viewOrgs = modelResp.getViewOrgs();
|
||||
if (user.isSuperAdmin()) {
|
||||
return true;
|
||||
}
|
||||
if (modelResp.openToAll()) {
|
||||
return true;
|
||||
}
|
||||
String userName = user.getName();
|
||||
if (admins.contains(userName) || viewers.contains(userName) || modelResp.getCreatedBy().equals(userName)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
@@ -30,7 +30,7 @@ public interface DomainService {
|
||||
|
||||
List<DomainResp> getDomainListWithAdminAuth(User user);
|
||||
|
||||
Set<DomainResp> getDomainAuthSet(String userName, AuthType authTypeEnum);
|
||||
Set<DomainResp> getDomainAuthSet(User user, AuthType authTypeEnum);
|
||||
|
||||
Set<DomainResp> getDomainChildren(List<Long> domainId);
|
||||
|
||||
|
||||
@@ -13,9 +13,9 @@ import java.util.Map;
|
||||
|
||||
public interface ModelService {
|
||||
|
||||
List<ModelResp> getModelListWithAuth(String userName, Long domainId, AuthType authType);
|
||||
List<ModelResp> getModelListWithAuth(User user, Long domainId, AuthType authType);
|
||||
|
||||
List<ModelResp> getModelAuthList(String userName, AuthType authTypeEnum);
|
||||
List<ModelResp> getModelAuthList(User user, AuthType authTypeEnum);
|
||||
|
||||
List<ModelResp> getModelByDomainIds(List<Long> domainIds);
|
||||
|
||||
|
||||
@@ -60,7 +60,7 @@ public class ModelController {
|
||||
HttpServletRequest request,
|
||||
HttpServletResponse response) {
|
||||
User user = UserHolder.findUser(request, response);
|
||||
return modelService.getModelListWithAuth(user.getName(), domainId, AuthType.ADMIN);
|
||||
return modelService.getModelListWithAuth(user, domainId, AuthType.ADMIN);
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -126,7 +126,7 @@ public class SchemaServiceImpl implements SchemaService {
|
||||
|
||||
@Override
|
||||
public List<ModelResp> getModelList(User user, AuthType authTypeEnum, Long domainId) {
|
||||
return modelService.getModelListWithAuth(user.getName(), domainId, authTypeEnum);
|
||||
return modelService.getModelListWithAuth(user, domainId, authTypeEnum);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -140,7 +140,7 @@ public class DataPermissionAOP {
|
||||
|
||||
private boolean doModelAdmin(User user, QueryStructReq queryStructReq) {
|
||||
Long modelId = queryStructReq.getModelId();
|
||||
List<ModelResp> modelListAdmin = modelService.getModelListWithAuth(user.getName(), null, AuthType.ADMIN);
|
||||
List<ModelResp> modelListAdmin = modelService.getModelListWithAuth(user, null, AuthType.ADMIN);
|
||||
if (CollectionUtils.isEmpty(modelListAdmin)) {
|
||||
return false;
|
||||
} else {
|
||||
@@ -153,7 +153,7 @@ public class DataPermissionAOP {
|
||||
private void doModelVisible(User user, QueryStructReq queryStructReq) {
|
||||
Boolean visible = true;
|
||||
Long modelId = queryStructReq.getModelId();
|
||||
List<ModelResp> modelListVisible = modelService.getModelListWithAuth(user.getName(), null, AuthType.VISIBLE);
|
||||
List<ModelResp> modelListVisible = modelService.getModelListWithAuth(user, null, AuthType.VISIBLE);
|
||||
if (CollectionUtils.isEmpty(modelListVisible)) {
|
||||
visible = false;
|
||||
} else {
|
||||
|
||||
Reference in New Issue
Block a user