权限控制:分拆对角色的校验的代码为多个方法,方便灵活重写部分代码

This commit is contained in:
TommyLemon 2022-03-27 02:42:33 +08:00
parent 544a869416
commit 46ccadec08
2 changed files with 67 additions and 38 deletions

View File

@ -240,6 +240,7 @@ public abstract class AbstractVerifier<T> implements Verifier<T>, IdCallback {
* @return
* @throws Exception
*/
@Override
public boolean verifyAccess(SQLConfig config) throws Exception {
String table = config == null ? null : config.getTable();
if (table == null) {
@ -262,13 +263,71 @@ public abstract class AbstractVerifier<T> implements Verifier<T>, IdCallback {
}
RequestMethod method = config.getMethod();
verifyRole(config, table, method, role);
verifyRole(table, method, role);//验证允许的角色
return true;
}
@Override
public void verifyRole(SQLConfig config, String table, RequestMethod method, String role) throws Exception {
verifyAllowRole(config, table, method, role); //验证允许的角色
verifyUseRole(config, table, method, role); //验证使用的角色
}
/**允许请求使用的所以可能角色
* @param config
* @param table
* @param method
* @param role
* @return
* @throws Exception
* @see {@link apijson.JSONObject#KEY_ROLE}
*/
public void verifyAllowRole(SQLConfig config, String table, RequestMethod method, String role) throws Exception {
Log.d(TAG, "verifyAllowRole table = " + table + "; method = " + method + "; role = " + role);
if (table == null) {
table = config == null ? null : config.getTable();
}
if (table != null) {
if (method == null) {
method = config == null ? GET : config.getMethod();
}
if (role == null) {
role = config == null ? UNKNOWN : config.getRole();
}
Map<RequestMethod, String[]> map = ACCESS_MAP.get(table);
if (map == null || Arrays.asList(map.get(method)).contains(role) == false) {
throw new IllegalAccessException(table + " 不允许 " + role + " 用户的 " + method.name() + " 请求!");
}
}
}
/**校验请求使用的角色角色不好判断让访问者发过来角色名OWNER,CONTACT,ADMIN等
* @param config
* @param table
* @param method
* @param role
* @return
* @throws Exception
* @see {@link apijson.JSONObject#KEY_ROLE}
*/
public void verifyUseRole(SQLConfig config, String table, RequestMethod method, String role) throws Exception {
Log.d(TAG, "verifyUseRole table = " + table + "; method = " + method + "; role = " + role);
//验证角色假定真实强制匹配<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
String visitorIdKey = getVisitorIdKey(config);
if (table == null) {
table = config == null ? null : config.getTable();
}
if (method == null) {
method = config == null ? GET : config.getMethod();
}
if (role == null) {
role = config == null ? UNKNOWN : config.getRole();
}
Object requestId;
switch (role) {
@ -366,39 +425,6 @@ public abstract class AbstractVerifier<T> implements Verifier<T>, IdCallback {
}
//验证角色假定真实强制匹配>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
return true;
}
/**允许请求角色不好判断让访问者发过来角色名OWNER,CONTACT,ADMIN等
* @param table
* @param method
* @param role
* @return
* @throws Exception
* @see {@link apijson.JSONObject#KEY_ROLE}
*/
public void verifyRole(String table, RequestMethod method, String role) throws Exception {
Log.d(TAG, "verifyRole table = " + table + "; method = " + method + "; role = " + role);
if (table != null) {
if (method == null) {
method = GET;
}
if (role == null) {
role = UNKNOWN;
}
Map<RequestMethod, String[]> map = ACCESS_MAP.get(table);
if (map == null || Arrays.asList(map.get(method)).contains(role) == false) {
throw new IllegalAccessException(table + " 不允许 " + role + " 用户的 " + method.name() + " 请求!");
}
}
}

View File

@ -24,7 +24,9 @@ public interface Verifier<T> {
*/
boolean verifyAccess(SQLConfig config) throws Exception;
/**允许请求角色不好判断让访问者发过来角色名OWNER,CONTACT,ADMIN等
/**校验请求使用的角色角色不好判断让访问者发过来角色名OWNER,CONTACT,ADMIN等
* @param config
* @param table
* @param method
* @param role
@ -32,7 +34,7 @@ public interface Verifier<T> {
* @throws Exception
* @see {@link apijson.JSONObject#KEY_ROLE}
*/
void verifyRole(String table, RequestMethod method, String role) throws Exception;
void verifyRole(SQLConfig config, String table, RequestMethod method, String role) throws Exception;
/**登录校验
* @param config
@ -94,4 +96,5 @@ public interface Verifier<T> {
String getVisitorIdKey(SQLConfig config);
}