package com.ibeetl.admin.core.conf; import java.lang.reflect.Method; import java.util.Date; import org.apache.commons.lang3.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.aspectj.lang.ProceedingJoinPoint; import org.aspectj.lang.annotation.Aspect; import org.aspectj.lang.reflect.MethodSignature; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.core.env.Environment; import org.springframework.stereotype.Component; import com.fasterxml.jackson.databind.ObjectMapper; import com.ibeetl.admin.core.annotation.Function; import com.ibeetl.admin.core.entity.CoreAudit; import com.ibeetl.admin.core.entity.CoreFunction; import com.ibeetl.admin.core.entity.CoreUser; import com.ibeetl.admin.core.service.CoreAuditService; import com.ibeetl.admin.core.service.CorePlatformService; import com.ibeetl.admin.core.util.FunctionLocal; import com.ibeetl.admin.core.util.HttpRequestLocal; import com.ibeetl.admin.core.util.PlatformException; @Aspect @Component public class RbacAnnotationConfig { @Autowired CorePlatformService platformService; @Autowired CoreAuditService sysAuditService; @Autowired HttpRequestLocal httpRequestLocal; @Autowired Environment env; ObjectMapper jsonMapper = new ObjectMapper(); private final Log log = LogFactory.getLog(this.getClass()); @org.aspectj.lang.annotation.Around("within(@org.springframework.stereotype.Controller *) && @annotation(function)") public Object functionAccessCheck(final ProceedingJoinPoint pjp, Function function) throws Throwable { // debug String funCode = null; CoreUser user = null; Method m = null; try { if (function != null) { funCode = function.value(); user = platformService.getCurrentUser(); Long orgId = platformService.getCurrentOrgId(); boolean access = platformService.canAcessFunction(user.getId(), orgId, funCode); if (!access) { log.warn(jsonMapper.writeValueAsString(user) + "试图访问未授权功能 " + funCode); throw new PlatformException("试图访问未授权功能"); } FunctionLocal.set(funCode); } Object o = pjp.proceed(); if (function != null) { MethodSignature ms = (MethodSignature)pjp.getSignature(); m = ms.getMethod(); createAudit(funCode,function.name(), user, true, "",m); } return o; } catch (Throwable e) { if (function != null) { createAudit(funCode, function.name(),user, false, e.getMessage(),m); } throw e; } } private void createAudit(String functionCode, String functionName,CoreUser user, boolean success, String msg, Method m) { boolean enable = env.getProperty("audit.enable", Boolean.class, false); if (!enable) { return; } if(filter(m,functionCode)){ return ; } CoreAudit audit = new CoreAudit(); if(StringUtils.isEmpty(functionName)) { CoreFunction fun = this.platformService.getFunction(functionCode); if (fun == null) { // 没有在数据库定义,但写在代码里了 log.warn(functionCode + " 未在数据库里定义"); functionName = "未定义"; } else { functionName = fun.getName(); } } audit.setCreateTime(new Date()); audit.setFunctionCode(functionCode); audit.setFunctionName(functionName); audit.setUserId(user.getId()); audit.setSuccess(success ? 1 : 0); audit.setUserName(user.getName()); audit.setMessage(msg); audit.setIp(httpRequestLocal.getRequestIP()); sysAuditService.save(audit); } private boolean filter(Method m,String functionCode){ if(functionCode.startsWith("audit.")){ return true; } String uri = httpRequestLocal.getRequestURI(); if(uri!=null&&uri.endsWith("/index/condition.json")){ return true ; }else{ return false; } } }