refactor: 优化权限控制

Author: zhou-hao

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/Authentication.java

@@ -17,6 +17,7 @@
 
 package org.hswebframework.web.authorization;
 
+import org.hswebframework.web.authorization.annotation.Logical;
 import org.springframework.util.StringUtils;
 import reactor.core.publisher.Mono;
 
@@ -93,18 +94,37 @@ static Optional<Authentication> current() {
      * @return 用户持有的权限集合
      */
     List<Permission> getPermissions();
-    
+
     default boolean hasDimension(String type, String... id) {
-        return hasDimension(type, Arrays.asList(id));
+        return hasAnyDimension(type, Arrays.asList(id));
+    }
+
+    default boolean hasAllDimension(String type, Collection<String> id) {
+        if (id.isEmpty()) {
+            return !getDimensions(type).isEmpty();
+        }
+        return getDimensions(type)
+            .stream()
+            .allMatch(p -> id.contains(p.getId()));
+    }
+
+    default boolean hasAnyDimension(String type, Collection<String> id) {
+        if (id.isEmpty()) {
+            return !getDimensions(type).isEmpty();
+        }
+        return getDimensions(type)
+            .stream()
+            .anyMatch(p -> id.contains(p.getId()));
     }
 
+    @Deprecated
     default boolean hasDimension(String type, Collection<String> id) {
         if (id.isEmpty()) {
             return !getDimensions(type).isEmpty();
         }
         return getDimensions(type)
-                .stream()
-                .anyMatch(p -> id.contains(p.getId()));
+            .stream()
+            .anyMatch(p -> id.contains(p.getId()));
     }
 
     default boolean hasDimension(DimensionType type, String id) {
@@ -116,19 +136,19 @@ default Optional<Dimension> getDimension(String type, String id) {
             return Optional.empty();
         }
         return getDimensions()
-                .stream()
-                .filter(dimension -> dimension.getId().equals(id) && type.equalsIgnoreCase(dimension.getType().getId()))
-                .findFirst();
+            .stream()
+            .filter(dimension -> dimension.getId().equals(id) && type.equalsIgnoreCase(dimension.getType().getId()))
+            .findFirst();
     }
 
     default Optional<Dimension> getDimension(DimensionType type, String id) {
         if (type == null) {
             return Optional.empty();
         }
         return getDimensions()
-                .stream()
-                .filter(dimension -> dimension.getId().equals(id) && type.isSameType(dimension.getType()))
-                .findFirst();
+            .stream()
+            .filter(dimension -> dimension.getId().equals(id) && type.isSameType(dimension.getType()))
+            .findFirst();
     }
 
 
@@ -137,19 +157,19 @@ default List<Dimension> getDimensions(String type) {
             return Collections.emptyList();
         }
         return getDimensions()
-                .stream()
-                .filter(dimension -> dimension.getType().isSameType(type))
-                .collect(Collectors.toList());
+            .stream()
+            .filter(dimension -> dimension.getType().isSameType(type))
+            .collect(Collectors.toList());
     }
 
     default List<Dimension> getDimensions(DimensionType type) {
         if (type == null) {
             return Collections.emptyList();
         }
         return getDimensions()
-                .stream()
-                .filter(dimension -> dimension.getType().isSameType(type))
-                .collect(Collectors.toList());
+            .stream()
+            .filter(dimension -> dimension.getType().isSameType(type))
+            .collect(Collectors.toList());
     }
 
 
@@ -164,9 +184,9 @@ default Optional<Permission> getPermission(String id) {
             return Optional.empty();
         }
         return getPermissions()
-                .stream()
-                .filter(permission -> permission.getId().equals(id))
-                .findAny();
+            .stream()
+            .filter(permission -> permission.getId().equals(id))
+            .findAny();
     }
 
     /**
@@ -179,8 +199,8 @@ default Optional<Permission> getPermission(String id) {
     default boolean hasPermission(String permissionId, String... actions) {
         return hasPermission(permissionId,
                              actions.length == 0
-                                     ? Collections.emptyList()
-                                     : Arrays.asList(actions));
+                                 ? Collections.emptyList()
+                                 : Arrays.asList(actions));
     }
 
     default boolean hasPermission(String permissionId, Collection<String> actions) {
@@ -190,8 +210,8 @@ default boolean hasPermission(String permissionId, Collection<String> actions) {
             }
             if (Objects.equals(permissionId, permission.getId())) {
                 return actions.isEmpty()
-                        || permission.getActions().containsAll(actions)
-                        || permission.getActions().contains("*");
+                    || permission.getActions().containsAll(actions)
+                    || permission.getActions().contains("*");
             }
         }
         return false;

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/AuthenticationPredicate.java

@@ -18,7 +18,7 @@ static AuthenticationPredicate has(String permissionString) {
     }
 
     static AuthenticationPredicate dimension(String dimension, String... id) {
-        return autz -> autz.hasDimension(dimension, Arrays.asList(id));
+        return autz -> autz.hasAnyDimension(dimension, Arrays.asList(id));
     }
 
     static AuthenticationPredicate permission(String permissionId, String... actions) {

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/annotation/Dimension.java

@@ -1,20 +1,67 @@
 package org.hswebframework.web.authorization.annotation;
 
+import org.hswebframework.web.authorization.DimensionType;
+
 import java.lang.annotation.*;
 
+import static java.lang.annotation.ElementType.*;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+/**
+ * 请使用注解继承方式使用此注解
+ *
+ * @author zhouhao
+ * @see RequiresRoles
+ * @since 4.0
+ */
 @Target({ElementType.ANNOTATION_TYPE})
 @Retention(RetentionPolicy.RUNTIME)
 @Inherited
 @Documented
+@Repeatable(value = Dimension.List.class)
 public @interface Dimension {
 
+    /**
+     * 维度类型标识,如: role,org
+     *
+     * @return 维度类型
+     * @see org.hswebframework.web.authorization.Dimension#getType()
+     * @see DimensionType#getId()
+     * @see org.hswebframework.web.authorization.Authentication#hasDimension(String, String...)
+     */
     String type();
 
+    /**
+     * 具体的维度ID,如: 角色ID,组织ID
+     *
+     * @return 维度ID
+     * @see org.hswebframework.web.authorization.Dimension#getId()
+     * @see org.hswebframework.web.authorization.Authentication#hasDimension(String, String...)
+     */
     String[] id() default {};
 
+    /**
+     * 配置了多个ID时的判断逻辑,默认为任意满足则认为有权限.
+     *
+     * @return Logical
+     */
     Logical logical() default Logical.DEFAULT;
 
+    /**
+     * @return 说明
+     */
     String[] description() default {};
 
+    /**
+     * @return 是否忽略
+     */
     boolean ignore() default false;
+
+    @Target({ANNOTATION_TYPE})
+    @Retention(RUNTIME)
+    @Documented
+    @Inherited
+    @interface List {
+        Dimension[] value() default {};
+    }
 }

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/annotation/Dimensions.java

@@ -0,0 +1,32 @@
+package org.hswebframework.web.authorization.annotation;
+
+import java.lang.annotation.*;
+
+import static java.lang.annotation.ElementType.*;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+/**
+ * 标记多个维度的权限控制相关配置
+ *
+ * @author zhouhao
+ * @since 5.0.1
+ */
+@Target({ElementType.METHOD, TYPE, ANNOTATION_TYPE, FIELD})
+@Retention(RetentionPolicy.RUNTIME)
+@Inherited
+@Documented
+public @interface Dimensions {
+
+    /**
+     * 存在多个维度时的判断逻辑,默认任意一个满足则认为有权限
+     *
+     * @return Logical
+     */
+    Logical logical() default Logical.DEFAULT;
+
+    /**
+     * @return 针对当前配置的说明信息
+     */
+    String[] description() default {};
+
+}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/annotation/RequiresRoles.java

@@ -5,17 +5,49 @@
 
 import java.lang.annotation.*;
 
-@Target({ElementType.METHOD})
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+/**
+ * 注解根据角色维度进行权限控制,具有权限的用户才可访问对应的方法.
+ *
+ * <pre>{@code
+ *    @RequiresRoles("admin")
+ *    public Mono<Void> handleRequest(){
+ *
+ *    }
+ * }</pre>
+ *
+ * @author zhouhao
+ * @see Dimension
+ * @since 4.0
+ */
+@Target({ElementType.METHOD, ElementType.TYPE, ElementType.FIELD})
 @Retention(RetentionPolicy.RUNTIME)
 @Inherited
 @Documented
-@Dimension(type = "role", description = "控制角色")
+@Dimension(type = "role")
+@Repeatable(RequiresRoles.List.class)
 public @interface RequiresRoles {
 
+    /**
+     * @return 角色ID
+     */
     @AliasFor(annotation = Dimension.class, attribute = "id")
     String[] value() default {};
 
+    /**
+     * 多个角色时的判断逻辑
+     * @return Logical
+     */
     @AliasFor(annotation = Dimension.class, attribute = "logical")
     Logical logical() default Logical.DEFAULT;
 
+    @Target({ElementType.METHOD, ElementType.TYPE, ElementType.FIELD})
+    @Retention(RUNTIME)
+    @Documented
+    @Inherited
+    @Dimension.List()
+    @interface List {
+        RequiresRoles[] value();
+    }
 }

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/annotation/Resource.java

@@ -6,6 +6,9 @@
 
 import java.lang.annotation.*;
 
+import static java.lang.annotation.ElementType.ANNOTATION_TYPE;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
 /**
  * 接口资源声明注解,声明Controller的资源相关信息,用于进行权限控制。
  * <br>
@@ -53,6 +56,7 @@
 @Retention(RetentionPolicy.RUNTIME)
 @Inherited
 @Documented
+@Repeatable(Resource.List.class)
 public @interface Resource {
 
     /**
@@ -98,4 +102,12 @@
      * @return 是否合并
      */
     boolean merge() default true;
+
+    @Target({ANNOTATION_TYPE})
+    @Retention(RUNTIME)
+    @Documented
+    @Inherited
+    @interface List {
+        Resource[] value();
+    }
 }

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/define/DimensionDefinition.java

@@ -6,9 +6,14 @@
 import org.hswebframework.web.authorization.DimensionType;
 import org.hswebframework.web.authorization.annotation.Logical;
 import org.hswebframework.web.bean.FastBeanCopier;
+import reactor.function.Predicate3;
 
+import java.util.Collection;
+import java.util.Collections;
 import java.util.HashSet;
 import java.util.Set;
+import java.util.function.BiPredicate;
+import java.util.function.Predicate;
 
 @Getter
 @Setter
@@ -23,10 +28,27 @@ public class DimensionDefinition {
 
     private Logical logical = Logical.DEFAULT;
 
+    public boolean hasDimension(Predicate3<String,Logical, Set<String>> filter) {
+        return filter.test(typeId,logical, Collections.unmodifiableSet(dimensionId));
+    }
+
+    public boolean hasDimension(Set<String> dimensionIdPredicate) {
+        if (logical == Logical.AND) {
+            return dimensionIdPredicate.containsAll(dimensionId);
+        }
+        return dimensionId
+            .stream()
+            .anyMatch(dimensionIdPredicate::contains);
+    }
+
     public boolean hasDimension(String id) {
         return dimensionId.contains(id);
     }
 
+    public void addDimensionI(Set<String> id) {
+        dimensionId.addAll(id);
+    }
+
     public DimensionDefinition copy() {
         return FastBeanCopier.copy(this, DimensionDefinition::new);
     }