修复创建租户报错的问题
parent
9dfe6d273c
commit
0f66390a2a
|
@ -4,7 +4,6 @@ import cn.hutool.core.collection.CollUtil;
|
||||||
import cn.hutool.core.util.ObjectUtil;
|
import cn.hutool.core.util.ObjectUtil;
|
||||||
import cn.hutool.core.util.StrUtil;
|
import cn.hutool.core.util.StrUtil;
|
||||||
import cn.iocoder.yudao.framework.common.enums.UserTypeEnum;
|
import cn.iocoder.yudao.framework.common.enums.UserTypeEnum;
|
||||||
import cn.iocoder.yudao.framework.common.pojo.CommonResult;
|
|
||||||
import cn.iocoder.yudao.framework.common.util.collection.CollectionUtils;
|
import cn.iocoder.yudao.framework.common.util.collection.CollectionUtils;
|
||||||
import cn.iocoder.yudao.framework.common.util.json.JsonUtils;
|
import cn.iocoder.yudao.framework.common.util.json.JsonUtils;
|
||||||
import cn.iocoder.yudao.framework.datapermission.core.rule.DataPermissionRule;
|
import cn.iocoder.yudao.framework.datapermission.core.rule.DataPermissionRule;
|
||||||
|
@ -106,7 +105,7 @@ public class DeptDataPermissionRule implements DataPermissionRule {
|
||||||
DeptDataPermissionRespDTO deptDataPermission = loginUser.getContext(CONTEXT_KEY, DeptDataPermissionRespDTO.class);
|
DeptDataPermissionRespDTO deptDataPermission = loginUser.getContext(CONTEXT_KEY, DeptDataPermissionRespDTO.class);
|
||||||
// 从上下文中拿不到,则调用逻辑进行获取
|
// 从上下文中拿不到,则调用逻辑进行获取
|
||||||
if (deptDataPermission == null) {
|
if (deptDataPermission == null) {
|
||||||
deptDataPermission = permissionApi.getDeptDataPermission(loginUser.getId()).getData();
|
deptDataPermission = permissionApi.getDeptDataPermission(loginUser.getId()).getCheckedData();
|
||||||
if (deptDataPermission == null) {
|
if (deptDataPermission == null) {
|
||||||
log.error("[getExpression][LoginUser({}) 获取数据权限为 null]", JsonUtils.toJsonString(loginUser));
|
log.error("[getExpression][LoginUser({}) 获取数据权限为 null]", JsonUtils.toJsonString(loginUser));
|
||||||
throw new NullPointerException(String.format("LoginUser(%d) Table(%s/%s) 未返回数据权限",
|
throw new NullPointerException(String.format("LoginUser(%d) Table(%s/%s) 未返回数据权限",
|
||||||
|
|
|
@ -14,6 +14,7 @@ import cn.iocoder.yudao.framework.tenant.core.service.TenantFrameworkService;
|
||||||
import cn.iocoder.yudao.framework.web.config.WebProperties;
|
import cn.iocoder.yudao.framework.web.config.WebProperties;
|
||||||
import cn.iocoder.yudao.framework.web.core.filter.ApiRequestFilter;
|
import cn.iocoder.yudao.framework.web.core.filter.ApiRequestFilter;
|
||||||
import cn.iocoder.yudao.framework.web.core.handler.GlobalExceptionHandler;
|
import cn.iocoder.yudao.framework.web.core.handler.GlobalExceptionHandler;
|
||||||
|
import cn.iocoder.yudao.framework.web.core.util.WebFrameworkUtils;
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
import org.springframework.util.AntPathMatcher;
|
import org.springframework.util.AntPathMatcher;
|
||||||
|
|
||||||
|
@ -65,6 +66,7 @@ public class TenantSecurityWebFilter extends ApiRequestFilter {
|
||||||
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
|
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
|
||||||
throws ServletException, IOException {
|
throws ServletException, IOException {
|
||||||
Long tenantId = TenantContextHolder.getTenantId();
|
Long tenantId = TenantContextHolder.getTenantId();
|
||||||
|
boolean isRpcRequest = !WebFrameworkUtils.isRpcRequest(request);
|
||||||
// 1. 登陆的用户,校验是否有权限访问该租户,避免越权问题。
|
// 1. 登陆的用户,校验是否有权限访问该租户,避免越权问题。
|
||||||
LoginUser user = SecurityFrameworkUtils.getLoginUser();
|
LoginUser user = SecurityFrameworkUtils.getLoginUser();
|
||||||
if (user != null) {
|
if (user != null) {
|
||||||
|
@ -73,7 +75,8 @@ public class TenantSecurityWebFilter extends ApiRequestFilter {
|
||||||
tenantId = user.getTenantId();
|
tenantId = user.getTenantId();
|
||||||
TenantContextHolder.setTenantId(tenantId);
|
TenantContextHolder.setTenantId(tenantId);
|
||||||
// 如果传递了租户编号,则进行比对租户编号,避免越权问题
|
// 如果传递了租户编号,则进行比对租户编号,避免越权问题
|
||||||
} else if (!Objects.equals(user.getTenantId(), TenantContextHolder.getTenantId())) {
|
} else if (!Objects.equals(user.getTenantId(), TenantContextHolder.getTenantId())
|
||||||
|
&& !isRpcRequest) { // Cloud 特殊逻辑:如果是 RPC 请求,就不校验了。主要考虑,一些场景下,会调用 TenantUtils 去切换租户
|
||||||
log.error("[doFilterInternal][租户({}) User({}/{}) 越权访问租户({}) URL({}/{})]",
|
log.error("[doFilterInternal][租户({}) User({}/{}) 越权访问租户({}) URL({}/{})]",
|
||||||
user.getTenantId(), user.getId(), user.getUserType(),
|
user.getTenantId(), user.getId(), user.getUserType(),
|
||||||
TenantContextHolder.getTenantId(), request.getRequestURI(), request.getMethod());
|
TenantContextHolder.getTenantId(), request.getRequestURI(), request.getMethod());
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
package cn.iocoder.yudao.framework.web.core.util;
|
package cn.iocoder.yudao.framework.web.core.util;
|
||||||
|
|
||||||
import cn.hutool.core.util.StrUtil;
|
import cn.hutool.core.util.StrUtil;
|
||||||
|
import cn.iocoder.yudao.framework.common.enums.RpcConstants;
|
||||||
import cn.iocoder.yudao.framework.common.enums.UserTypeEnum;
|
import cn.iocoder.yudao.framework.common.enums.UserTypeEnum;
|
||||||
import cn.iocoder.yudao.framework.common.pojo.CommonResult;
|
import cn.iocoder.yudao.framework.common.pojo.CommonResult;
|
||||||
import cn.iocoder.yudao.framework.web.config.WebProperties;
|
import cn.iocoder.yudao.framework.web.config.WebProperties;
|
||||||
|
@ -124,4 +125,14 @@ public class WebFrameworkUtils {
|
||||||
return servletRequestAttributes.getRequest();
|
return servletRequestAttributes.getRequest();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 判断是否为 RPC 请求
|
||||||
|
*
|
||||||
|
* @param request 请求
|
||||||
|
* @return 是否为 RPC 请求
|
||||||
|
*/
|
||||||
|
public static boolean isRpcRequest(HttpServletRequest request) {
|
||||||
|
return request.getRequestURI().startsWith(RpcConstants.RPC_API_PREFIX);
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,6 +7,7 @@ import cn.iocoder.yudao.framework.common.enums.CommonStatusEnum;
|
||||||
import cn.iocoder.yudao.framework.common.pojo.PageResult;
|
import cn.iocoder.yudao.framework.common.pojo.PageResult;
|
||||||
import cn.iocoder.yudao.framework.common.util.collection.CollectionUtils;
|
import cn.iocoder.yudao.framework.common.util.collection.CollectionUtils;
|
||||||
import cn.iocoder.yudao.framework.common.util.date.DateUtils;
|
import cn.iocoder.yudao.framework.common.util.date.DateUtils;
|
||||||
|
import cn.iocoder.yudao.framework.datapermission.core.annotation.DataPermission;
|
||||||
import cn.iocoder.yudao.framework.tenant.config.TenantProperties;
|
import cn.iocoder.yudao.framework.tenant.config.TenantProperties;
|
||||||
import cn.iocoder.yudao.framework.tenant.core.context.TenantContextHolder;
|
import cn.iocoder.yudao.framework.tenant.core.context.TenantContextHolder;
|
||||||
import cn.iocoder.yudao.framework.tenant.core.util.TenantUtils;
|
import cn.iocoder.yudao.framework.tenant.core.util.TenantUtils;
|
||||||
|
@ -96,6 +97,7 @@ public class TenantServiceImpl implements TenantService {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Transactional(rollbackFor = Exception.class)
|
@Transactional(rollbackFor = Exception.class)
|
||||||
|
@DataPermission(enable = false) // 租户创建,不需要数据权限,避免出现被数据权限拦截
|
||||||
public Long createTenant(TenantCreateReqVO createReqVO) {
|
public Long createTenant(TenantCreateReqVO createReqVO) {
|
||||||
// 校验套餐被禁用
|
// 校验套餐被禁用
|
||||||
TenantPackageDO tenantPackage = tenantPackageService.validTenantPackage(createReqVO.getPackageId());
|
TenantPackageDO tenantPackage = tenantPackageService.validTenantPackage(createReqVO.getPackageId());
|
||||||
|
|
Loading…
Reference in New Issue