简单数据权限控制—AOP注解方式

某些数据需要只给某个角色的用户展示，所以使用AOP方式最方便了，

1、首先我们维护了这个角色的人员，简易的管理员表：

2、新建一个注解

@Target(ElementType.TYPE)
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface CheckAdmin {
}

3、某些方法不需要验证，建一个跳过检测的注解

@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface SkipCheckAdmin {
    String authorities() default "跳过检测";
}

4.我们定义一个切面类，来实现方法层面的拦截

@Aspect
@Component
public class CheckAdminAspect {
    private static final Logger logger = LoggerFactory.getLogger(CheckAdminAspect.class);

    @Autowired
    private ManagerService managerService;

    @Pointcut("@within(com.zhao.interest.aspect.CheckAdmin)")
    public void adminAspect(){

    }

    @ResponseBody
    @Around("adminAspect()")
    public Object checkAdmin(ProceedingJoinPoint joinPoint) throws Throwable {

        MethodSignature methodSignature = (MethodSignature) joinPoint.getSignature();
        Method targetMethod = methodSignature.getMethod();

        final String methodAccess = privilegeParse(targetMethod);
        //获取登录用户
        String empId = "20190929001";
        //查询登录人是否是我们维护的管理员
        Boolean isAdmin = managerService.checkAdmin(empId);
        //如果是跳过检测或管理员
        if (methodAccess != null || isAdmin){
            return joinPoint.proceed();
        } else {
            logger.info("{}不是管理员", empId);
            return "当前登录人不是有效的管理员，不可操作。";
        }
    }

    /***
     * 解析权限注解
     * @return 返回注解的authorities值
     * @throws Exception
     */
    private static String privilegeParse(Method method) {
        //获取该方法
        if(method.isAnnotationPresent(SkipCheckAdmin.class)){
            SkipCheckAdmin annotation = method.getAnnotation(SkipCheckAdmin.class);
            return annotation.authorities();
        }
        return null;
    }
}

5.在方法层面直接在方法上加注解就ok了

@Service
@CheckAdmin
public class SolutionServiceImpl implements SolutionService{


    @Autowired
    private SysUserMapper userMapper;
    
    /**
     *需跳过角色权限
    */
    @Override
    @SkipCheckAdmin()
    public SysUser getUser(long id) {
        return userMapper.getId(id);
    }

    @Override
    public List userList() {
        return userMapper.getList();
    }
}