|
|
@@ -33,11 +33,7 @@ import java.security.NoSuchAlgorithmException;
|
|
|
import java.text.ParseException;
|
|
|
import java.time.LocalDateTime;
|
|
|
import java.time.format.DateTimeFormatter;
|
|
|
-import java.util.ArrayList;
|
|
|
-import java.util.Arrays;
|
|
|
-import java.util.List;
|
|
|
-import java.util.Map;
|
|
|
-import java.util.Objects;
|
|
|
+import java.util.*;
|
|
|
import java.util.stream.Collectors;
|
|
|
|
|
|
/**
|
|
|
@@ -152,17 +148,25 @@ public class WebFluxUserRequestInfoFilter implements GlobalFilter {
|
|
|
String urlRealOrg = Objects.isNull(urlOrg) ? urlTenant : urlOrg;
|
|
|
log.info("[url信息] urlTenant:{}, urlOrg:{}, urlRealTenant:{}, urlRealOrg:{}", urlTenant, urlOrg, urlRealTenant, urlRealOrg);
|
|
|
|
|
|
- // 3、根据用户角色去做判断
|
|
|
- if (!userHasRole(userId, ROLE_SUPER_ADMIN) && userHasRole(userId, ROLE_ADMIN)) {
|
|
|
+// // 3、根据用户角色去做判断
|
|
|
+// if (!userHasRole(userId, ROLE_SUPER_ADMIN) && userHasRole(userId, ROLE_ADMIN)) {
|
|
|
+// if (!urlRealTenant.equalsIgnoreCase(userRealTenant)) {
|
|
|
+// return getErrorResponse(exchange);
|
|
|
+// }
|
|
|
+// } else if (!userHasRole(userId, ROLE_SUPER_ADMIN) && !userHasRole(userId, ROLE_ADMIN)) {
|
|
|
+// String[] userArray = userRealOrg.split("/");
|
|
|
+// String[] urlOrgArray = urlRealOrg.split("/");
|
|
|
+// if (urlOrgArray.length < userArray.length || !isLegal(userArray, urlOrgArray)) {
|
|
|
+// return getErrorResponse(exchange);
|
|
|
+// }
|
|
|
+// }
|
|
|
+
|
|
|
+
|
|
|
+ // 不是超管时校验
|
|
|
+ if (!userHasRole(userId, ROLE_SUPER_ADMIN)) {
|
|
|
if (!urlRealTenant.equalsIgnoreCase(userRealTenant)) {
|
|
|
return getErrorResponse(exchange);
|
|
|
}
|
|
|
- } else if (!userHasRole(userId, ROLE_SUPER_ADMIN) && !userHasRole(userId, ROLE_ADMIN)) {
|
|
|
- String[] userArray = userRealOrg.split("/");
|
|
|
- String[] urlOrgArray = urlRealOrg.split("/");
|
|
|
- if (urlOrgArray.length < userArray.length || !isLegal(userArray, urlOrgArray)) {
|
|
|
- return getErrorResponse(exchange);
|
|
|
- }
|
|
|
}
|
|
|
}
|
|
|
|
|
|
@@ -250,17 +254,25 @@ public class WebFluxUserRequestInfoFilter implements GlobalFilter {
|
|
|
String userRealOrg = "null".equalsIgnoreCase(userOrg) ? userTenant : userOrg ;
|
|
|
log.info("[用户信息] userOrg:{}, userTenant:{}, userRealTenant:{}, userRealOrg:{}", userOrg, userTenant, userRealTenant, userRealOrg);
|
|
|
|
|
|
- // 2、根据用户角色去做判断(tenant一定有,org不一定有)
|
|
|
- if (Boolean.FALSE.equals(roles.contains(ROLE_SUPER_ADMIN)) && Boolean.TRUE.equals(roles.contains(ROLE_ADMIN))) {
|
|
|
+// // 2、根据用户角色去做判断(tenant一定有,org不一定有)
|
|
|
+// if (Boolean.FALSE.equals(roles.contains(ROLE_SUPER_ADMIN)) && Boolean.TRUE.equals(roles.contains(ROLE_ADMIN))) {
|
|
|
+// if (!urlRealTenant.equalsIgnoreCase(userRealTenant)) {
|
|
|
+// return getErrorResponse(exchange);
|
|
|
+// }
|
|
|
+// } else if (Boolean.FALSE.equals(roles.contains(ROLE_SUPER_ADMIN)) && Boolean.FALSE.equals(roles.contains(ROLE_ADMIN))) {
|
|
|
+// String[] userArray = userRealOrg.split("/");
|
|
|
+// String[] urlOrgArray = urlRealOrg.split("/");
|
|
|
+// if (urlOrgArray.length < userArray.length || !isLegal(userArray, urlOrgArray)) {
|
|
|
+// return getErrorResponse(exchange);
|
|
|
+// }
|
|
|
+// }
|
|
|
+
|
|
|
+ // 不是超管时才权限校验
|
|
|
+ if (Boolean.FALSE.equals(roles.contains(ROLE_SUPER_ADMIN))) {
|
|
|
+ // 禁止跨越tenant访问
|
|
|
if (!urlRealTenant.equalsIgnoreCase(userRealTenant)) {
|
|
|
return getErrorResponse(exchange);
|
|
|
}
|
|
|
- } else if (Boolean.FALSE.equals(roles.contains(ROLE_SUPER_ADMIN)) && Boolean.FALSE.equals(roles.contains(ROLE_ADMIN))) {
|
|
|
- String[] userArray = userRealOrg.split("/");
|
|
|
- String[] urlOrgArray = urlRealOrg.split("/");
|
|
|
- if (urlOrgArray.length < userArray.length || !isLegal(userArray, urlOrgArray)) {
|
|
|
- return getErrorResponse(exchange);
|
|
|
- }
|
|
|
}
|
|
|
}
|
|
|
|
fantingwei