【功能优化】全局:支持数据权限在 RPC 调用时,传递忽略数据权限的能力
parent
825be64d6d
commit
e18069d45f
|
@ -34,6 +34,13 @@
|
||||||
<artifactId>yudao-spring-boot-starter-mybatis</artifactId>
|
<artifactId>yudao-spring-boot-starter-mybatis</artifactId>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
|
||||||
|
<!-- RPC 远程调用相关 -->
|
||||||
|
<dependency>
|
||||||
|
<groupId>cn.iocoder.cloud</groupId>
|
||||||
|
<artifactId>yudao-spring-boot-starter-rpc</artifactId>
|
||||||
|
<optional>true</optional>
|
||||||
|
</dependency>
|
||||||
|
|
||||||
<!-- 业务组件 -->
|
<!-- 业务组件 -->
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>cn.iocoder.cloud</groupId>
|
<groupId>cn.iocoder.cloud</groupId>
|
||||||
|
|
|
@ -0,0 +1,34 @@
|
||||||
|
package cn.iocoder.yudao.framework.datapermission.config;
|
||||||
|
|
||||||
|
import cn.iocoder.yudao.framework.datapermission.core.rpc.DataPermissionRequestInterceptor;
|
||||||
|
import cn.iocoder.yudao.framework.datapermission.core.rpc.DataPermissionRpcWebFilter;
|
||||||
|
import org.springframework.boot.autoconfigure.AutoConfiguration;
|
||||||
|
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
|
||||||
|
import org.springframework.boot.web.servlet.FilterRegistrationBean;
|
||||||
|
import org.springframework.context.annotation.Bean;
|
||||||
|
|
||||||
|
import static cn.iocoder.yudao.framework.common.enums.WebFilterOrderEnum.TENANT_CONTEXT_FILTER;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 数据权限针对 RPC 的自动配置类
|
||||||
|
*
|
||||||
|
* @author 芋道源码
|
||||||
|
*/
|
||||||
|
@AutoConfiguration
|
||||||
|
@ConditionalOnClass(name = "feign.RequestInterceptor")
|
||||||
|
public class YudaoDataPermissionRpcAutoConfiguration {
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
public DataPermissionRequestInterceptor dataPermissionRequestInterceptor() {
|
||||||
|
return new DataPermissionRequestInterceptor();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
public FilterRegistrationBean<DataPermissionRpcWebFilter> dataPermissionRpcFilter() {
|
||||||
|
FilterRegistrationBean<DataPermissionRpcWebFilter> registrationBean = new FilterRegistrationBean<>();
|
||||||
|
registrationBean.setFilter(new DataPermissionRpcWebFilter());
|
||||||
|
registrationBean.setOrder(TENANT_CONTEXT_FILTER - 1); // 顺序没有绝对的要求,在租户 Filter 前面稳妥点
|
||||||
|
return registrationBean;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,27 @@
|
||||||
|
package cn.iocoder.yudao.framework.datapermission.core.rpc;
|
||||||
|
|
||||||
|
import cn.iocoder.yudao.framework.datapermission.core.annotation.DataPermission;
|
||||||
|
import cn.iocoder.yudao.framework.datapermission.core.aop.DataPermissionContextHolder;
|
||||||
|
import feign.RequestInterceptor;
|
||||||
|
import feign.RequestTemplate;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* DataPermission 的 RequestInterceptor 实现类:Feign 请求时,将 {@link DataPermission} 设置到 header 中,继续透传给被调用的服务
|
||||||
|
*
|
||||||
|
* 注意:由于 {@link DataPermission} 不支持序列化和反序列化,所以暂时只能传递它的 enable 属性
|
||||||
|
*
|
||||||
|
* @author 芋道源码
|
||||||
|
*/
|
||||||
|
public class DataPermissionRequestInterceptor implements RequestInterceptor {
|
||||||
|
|
||||||
|
public static final String ENABLE_HEADER_NAME = "data-permission-enable";
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void apply(RequestTemplate requestTemplate) {
|
||||||
|
DataPermission dataPermission = DataPermissionContextHolder.get();
|
||||||
|
if (dataPermission != null && Boolean.FALSE.equals(dataPermission.enable())) {
|
||||||
|
requestTemplate.header(ENABLE_HEADER_NAME, "false");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,38 @@
|
||||||
|
package cn.iocoder.yudao.framework.datapermission.core.rpc;
|
||||||
|
|
||||||
|
import cn.iocoder.yudao.framework.datapermission.core.aop.DataPermissionContextHolder;
|
||||||
|
import cn.iocoder.yudao.framework.datapermission.core.util.DataPermissionUtils;
|
||||||
|
import jakarta.servlet.FilterChain;
|
||||||
|
import jakarta.servlet.ServletException;
|
||||||
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
|
import jakarta.servlet.http.HttpServletResponse;
|
||||||
|
import org.springframework.web.filter.OncePerRequestFilter;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.util.Objects;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 针对 {@link DataPermissionRequestInterceptor} 的 RPC 调用,设置 {@link DataPermissionContextHolder} 的上下文
|
||||||
|
*
|
||||||
|
* @author 芋道源码
|
||||||
|
*/
|
||||||
|
public class DataPermissionRpcWebFilter extends OncePerRequestFilter {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
|
||||||
|
throws ServletException, IOException {
|
||||||
|
String enable = request.getHeader(DataPermissionRequestInterceptor.ENABLE_HEADER_NAME);
|
||||||
|
if (Objects.equals(enable, Boolean.FALSE.toString())) {
|
||||||
|
DataPermissionUtils.executeIgnore(() -> {
|
||||||
|
try {
|
||||||
|
chain.doFilter(request, response);
|
||||||
|
} catch (IOException | ServletException e) {
|
||||||
|
throw new RuntimeException(e);
|
||||||
|
}
|
||||||
|
});
|
||||||
|
} else {
|
||||||
|
chain.doFilter(request, response);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -1,2 +1,3 @@
|
||||||
cn.iocoder.yudao.framework.datapermission.config.YudaoDataPermissionAutoConfiguration
|
cn.iocoder.yudao.framework.datapermission.config.YudaoDataPermissionAutoConfiguration
|
||||||
cn.iocoder.yudao.framework.datapermission.config.YudaoDeptDataPermissionAutoConfiguration
|
cn.iocoder.yudao.framework.datapermission.config.YudaoDeptDataPermissionAutoConfiguration
|
||||||
|
cn.iocoder.yudao.framework.datapermission.config.YudaoDataPermissionRpcAutoConfiguration
|
||||||
|
|
Loading…
Reference in New Issue