!444 @Sensitive脱敏增加角色和权限校验

* update 优化脱敏增加角色及权限校验
2023-11-09 09:37:56 +00:00 · 2023-11-09 09:37:56 +00:00 · c93b666140
commit c93b666140
parent 0f16051024
5 changed files with 32 additions and 7 deletions
--- a/ruoyi-common/ruoyi-common-sensitive/src/main/java/org/dromara/common/sensitive/annotation/Sensitive.java
+++ b/ruoyi-common/ruoyi-common-sensitive/src/main/java/org/dromara/common/sensitive/annotation/Sensitive.java
@ -21,4 +21,8 @@ import java.lang.annotation.Target;
@JsonSerialize(using = SensitiveHandler.class)
 public @interface Sensitive {
    SensitiveStrategy strategy();
+
+    String roleKey() default "";
+
+    String perms() default "";
 }
--- a/ruoyi-common/ruoyi-common-sensitive/src/main/java/org/dromara/common/sensitive/core/SensitiveService.java
+++ b/ruoyi-common/ruoyi-common-sensitive/src/main/java/org/dromara/common/sensitive/core/SensitiveService.java
@ -13,6 +13,6 @@ public interface SensitiveService {
    /**
     * 是否脱敏
     */
-    boolean isSensitive();
+    boolean isSensitive(String roleKey, String perms);

 }
--- a/ruoyi-common/ruoyi-common-sensitive/src/main/java/org/dromara/common/sensitive/handler/SensitiveHandler.java
+++ b/ruoyi-common/ruoyi-common-sensitive/src/main/java/org/dromara/common/sensitive/handler/SensitiveHandler.java
@ -26,12 +26,14 @@ import java.util.Objects;
 public class SensitiveHandler extends JsonSerializer<String> implements ContextualSerializer {

    private SensitiveStrategy strategy;
+    private String roleKey;
+    private String perms;

    @Override
    public void serialize(String value, JsonGenerator gen, SerializerProvider serializers) throws IOException {
        try {
            SensitiveService sensitiveService = SpringUtils.getBean(SensitiveService.class);
-            if (ObjectUtil.isNotNull(sensitiveService) && sensitiveService.isSensitive()) {
+            if (ObjectUtil.isNotNull(sensitiveService) && sensitiveService.isSensitive(roleKey, perms)) {
                gen.writeString(strategy.desensitizer().apply(value));
            } else {
                gen.writeString(value);
@ -47,6 +49,8 @@ public class SensitiveHandler extends JsonSerializer<String> implements Contextu
        Sensitive annotation = property.getAnnotation(Sensitive.class);
        if (Objects.nonNull(annotation) && Objects.equals(String.class, property.getType().getRawClass())) {
            this.strategy = annotation.strategy();
+            this.roleKey = annotation.roleKey();
+            this.perms = annotation.perms();
            return this;
        }
        return prov.findValueSerializer(property.getType(), property);
--- a/ruoyi-modules/ruoyi-demo/src/main/java/org/dromara/demo/controller/TestSensitiveController.java
+++ b/ruoyi-modules/ruoyi-demo/src/main/java/org/dromara/demo/controller/TestSensitiveController.java
@ -50,25 +50,25 @@ public class TestSensitiveController extends BaseController {
        /**
         * 电话
         */
-        @Sensitive(strategy = SensitiveStrategy.PHONE)
+        @Sensitive(strategy = SensitiveStrategy.PHONE, roleKey = "common")
        private String phone;

        /**
         * 地址
         */
-        @Sensitive(strategy = SensitiveStrategy.ADDRESS)
+        @Sensitive(strategy = SensitiveStrategy.ADDRESS, perms = "system:user:query")
        private String address;

        /**
         * 邮箱
         */
-        @Sensitive(strategy = SensitiveStrategy.EMAIL)
+        @Sensitive(strategy = SensitiveStrategy.EMAIL, roleKey = "common", perms = "system:user:query1")
        private String email;

        /**
         * 银行卡
         */
-        @Sensitive(strategy = SensitiveStrategy.BANK_CARD)
+        @Sensitive(strategy = SensitiveStrategy.BANK_CARD, roleKey = "common1", perms = "system:user:query")
        private String bankCard;

    }
--- a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysSensitiveServiceImpl.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysSensitiveServiceImpl.java
@ -1,5 +1,7 @@
 package org.dromara.system.service.impl;

+import cn.dev33.satoken.stp.StpUtil;
+import org.dromara.common.core.utils.StringUtils;
 import org.dromara.common.satoken.utils.LoginHelper;
 import org.dromara.common.sensitive.core.SensitiveService;
 import org.dromara.common.tenant.helper.TenantHelper;
@ -20,7 +22,22 @@ public class SysSensitiveServiceImpl implements SensitiveService {
     * 是否脱敏
     */
    @Override
-    public boolean isSensitive() {
+    public boolean isSensitive(String roleKey, String perms) {
+        if (!StpUtil.isLogin()) {
+            return true;
+        }
+        boolean roleExist = StringUtils.isNotEmpty(roleKey);
+        boolean permsExist = StringUtils.isNotEmpty(perms);
+        if (roleExist && permsExist) {
+            if (StpUtil.hasRole(roleKey) && StpUtil.hasPermission(perms)) {
+                return false;
+            }
+        } else if (roleExist && StpUtil.hasRole(roleKey)) {
+            return false;
+        } else if (permsExist && StpUtil.hasPermission(perms)) {
+            return false;
+        }
+
        if (TenantHelper.isEnable()) {
            return !LoginHelper.isSuperAdmin() && !LoginHelper.isTenantAdmin();
        }