【修改】删除权限，增加白名单，修改mac地址的校验方式

2025-10-29 12:07:56 +08:00
parent 3c77645ca6
commit 9c456f2fa8
21 changed files with 258 additions and 152 deletions
--- a/exam-module-system/exam-module-system-biz/src/main/java/pc/exam/pp/module/system/controller/admin/permission/PermissionController.java
+++ b/exam-module-system/exam-module-system-biz/src/main/java/pc/exam/pp/module/system/controller/admin/permission/PermissionController.java
@@ -38,7 +38,7 @@ public class PermissionController {
    @Operation(summary = "获得角色拥有的菜单编号")
    @Parameter(name = "roleId", description = "角色编号", required = true)
    @GetMapping("/list-role-menus")
-    @PreAuthorize("@ss.hasPermission('system:permission:assign-role-menu')")
+//    @PreAuthorize("@ss.hasPermission('system:permission:assign-role-menu')")
    public CommonResult<Set<Long>> getRoleMenuList(Long roleId) {
        return success(permissionService.getRoleMenuListByRoleId(roleId));
    }
@@ -52,7 +52,7 @@ public class PermissionController {

    @PostMapping("/assign-role-menu")
    @Operation(summary = "赋予角色菜单")
-    @PreAuthorize("@ss.hasPermission('system:permission:assign-role-menu')")
+//    @PreAuthorize("@ss.hasPermission('system:permission:assign-role-menu')")
    public CommonResult<Boolean> assignRoleMenu(@Validated @RequestBody PermissionAssignRoleMenuReqVO reqVO) {
        // 开启多租户的情况下，需要过滤掉未开通的菜单
        tenantService.handleTenantMenu(menuIds -> reqVO.getMenuIds().removeIf(menuId -> !CollUtil.contains(menuIds, menuId)));
@@ -64,7 +64,7 @@ public class PermissionController {

    @PostMapping("/assign-role-data-scope")
    @Operation(summary = "赋予角色数据权限")
-    @PreAuthorize("@ss.hasPermission('system:permission:assign-role-data-scope')")
+//    @PreAuthorize("@ss.hasPermission('system:permission:assign-role-data-scope')")
    public CommonResult<Boolean> assignRoleDataScope(@Valid @RequestBody PermissionAssignRoleDataScopeReqVO reqVO) {
        permissionService.assignRoleDataScope(reqVO.getRoleId(), reqVO.getDataScope(), reqVO.getDataScopeDeptIds());
        return success(true);
@@ -73,14 +73,14 @@ public class PermissionController {
    @Operation(summary = "获得管理员拥有的角色编号列表")
    @Parameter(name = "userId", description = "用户编号", required = true)
    @GetMapping("/list-user-roles")
-    @PreAuthorize("@ss.hasPermission('system:permission:assign-user-role')")
+//    @PreAuthorize("@ss.hasPermission('system:permission:assign-user-role')")
    public CommonResult<Set<Long>> listAdminRoles(@RequestParam("userId") Long userId) {
        return success(permissionService.getUserRoleIdListByUserId(userId));
    }

    @Operation(summary = "赋予用户角色")
    @PostMapping("/assign-user-role")
-    @PreAuthorize("@ss.hasPermission('system:permission:assign-user-role')")
+//    @PreAuthorize("@ss.hasPermission('system:permission:assign-user-role')")
    public CommonResult<Boolean> assignUserRole(@Validated @RequestBody PermissionAssignUserRoleReqVO reqVO) {
        permissionService.assignUserRole(reqVO.getUserId(), reqVO.getRoleIds());
        return success(true);
--- a/exam-module-system/exam-module-system-biz/src/main/java/pc/exam/pp/module/system/controller/admin/user/UserController.java
+++ b/exam-module-system/exam-module-system-biz/src/main/java/pc/exam/pp/module/system/controller/admin/user/UserController.java
@@ -60,7 +60,7 @@ public class UserController {

    @PostMapping("/create")
    @Operation(summary = "新增用户")
-    @PreAuthorize("@ss.hasPermission('system:user:create')")
+//    @PreAuthorize("@ss.hasPermission('system:user:create')")
    public CommonResult<Long> createUser(@Valid @RequestBody UserSaveReqVO reqVO) {
        Long id = userService.createUser(reqVO);
        return success(id);
@@ -82,7 +82,7 @@ public class UserController {

    @PutMapping("update")
    @Operation(summary = "修改用户")
-    @PreAuthorize("@ss.hasPermission('system:user:update')")
+//    @PreAuthorize("@ss.hasPermission('system:user:update')")
    public CommonResult<Boolean> updateUser(@Valid @RequestBody UserSaveReqVO reqVO) {
        userService.updateUser(reqVO);
        return success(true);
@@ -106,7 +106,7 @@ public class UserController {
    @DeleteMapping("/delete")
    @Operation(summary = "删除用户")
    @Parameter(name = "id", description = "编号", required = true, example = "1024")
-    @PreAuthorize("@ss.hasPermission('system:user:delete')")
+//    @PreAuthorize("@ss.hasPermission('system:user:delete')")
    public CommonResult<Boolean> deleteUser(@RequestParam("id") Long id) {
        userService.deleteUser(id);
        return success(true);
@@ -114,7 +114,7 @@ public class UserController {

    @PutMapping("/update-password")
    @Operation(summary = "重置用户密码")
-    @PreAuthorize("@ss.hasPermission('system:user:update-password')")
+//    @PreAuthorize("@ss.hasPermission('system:user:update-password')")
    public CommonResult<Boolean> updateUserPassword(@Valid @RequestBody UserUpdatePasswordReqVO reqVO) {
        userService.updateUserPassword(reqVO.getId(), reqVO.getPassword());
        return success(true);
@@ -122,7 +122,7 @@ public class UserController {

    @PutMapping("/update-status")
    @Operation(summary = "修改用户状态")
-    @PreAuthorize("@ss.hasPermission('system:user:update')")
+//    @PreAuthorize("@ss.hasPermission('system:user:update')")
    public CommonResult<Boolean> updateUserStatus(@Valid @RequestBody UserUpdateStatusReqVO reqVO) {
        userService.updateUserStatus(reqVO.getId(), reqVO.getStatus());
        return success(true);
@@ -172,7 +172,7 @@ public class UserController {
    @GetMapping("/get")
    @Operation(summary = "获得用户详情")
    @Parameter(name = "id", description = "编号", required = true, example = "1024")
-    @PreAuthorize("@ss.hasPermission('system:user:query')")
+//    @PreAuthorize("@ss.hasPermission('system:user:query')")
    public CommonResult<UserRespVO> getUser(@RequestParam("id") Long id) {
        AdminUserDO user = userService.getUser(id);
        if (user == null) {
@@ -199,7 +199,7 @@ public class UserController {

    @GetMapping("/export")
    @Operation(summary = "导出用户")
-    @PreAuthorize("@ss.hasPermission('system:user:export')")
+//    @PreAuthorize("@ss.hasPermission('system:user:export')")
    @ApiAccessLog(operateType = EXPORT)
    public void exportUserList(@Validated UserPageReqVO exportReqVO,
                               HttpServletResponse response) throws IOException {
@@ -262,7 +262,7 @@ public class UserController {
            @Parameter(name = "file", description = "Excel 文件", required = true),
            @Parameter(name = "updateSupport", description = "是否支持更新，默认为 false", example = "true")
    })
-    @PreAuthorize("@ss.hasPermission('system:user:import')")
+//    @PreAuthorize("@ss.hasPermission('system:user:import')")
    public CommonResult<UserImportRespVO> importExcel(@RequestParam("file") MultipartFile file,
                                                      @RequestParam(value = "updateSupport", required = false, defaultValue = "false") Boolean updateSupport) throws Exception {
        List<UserImportExcelVO> list = ExcelUtils.read(file, UserImportExcelVO.class);
--- a/exam-module-system/exam-module-system-biz/src/main/java/pc/exam/pp/module/system/dal/mysql/tenant/TenantMapper.java
+++ b/exam-module-system/exam-module-system-biz/src/main/java/pc/exam/pp/module/system/dal/mysql/tenant/TenantMapper.java
@@ -47,4 +47,8 @@ public interface TenantMapper extends BaseMapperX<TenantDO> {
        return selectList(TenantDO::getStatus, status);
    }

+
+    default  TenantDO selectMacByTenantId(Long tenantId) {
+        return selectOne(TenantDO::getId, tenantId);
+    }
 }
--- a/exam-module-system/exam-module-system-biz/src/main/java/pc/exam/pp/module/system/service/auth/AdminAuthServiceImpl.java
+++ b/exam-module-system/exam-module-system-biz/src/main/java/pc/exam/pp/module/system/service/auth/AdminAuthServiceImpl.java
@@ -16,7 +16,9 @@ import pc.exam.pp.module.system.api.social.dto.SocialUserRespDTO;
 import pc.exam.pp.module.system.controller.admin.auth.vo.*;
 import pc.exam.pp.module.system.convert.auth.AuthConvert;
 import pc.exam.pp.module.system.dal.dataobject.oauth2.OAuth2AccessTokenDO;
+import pc.exam.pp.module.system.dal.dataobject.tenant.TenantDO;
 import pc.exam.pp.module.system.dal.dataobject.user.AdminUserDO;
+import pc.exam.pp.module.system.dal.mysql.tenant.TenantMapper;
 import pc.exam.pp.module.system.enums.logger.LoginLogTypeEnum;
 import pc.exam.pp.module.system.enums.logger.LoginResultEnum;
 import pc.exam.pp.module.system.enums.oauth2.OAuth2ClientConstants;
@@ -37,6 +39,7 @@ import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
+import pc.exam.pp.module.system.util.oauth2.MacUtils;

 import java.util.Objects;

@@ -71,6 +74,8 @@ public class AdminAuthServiceImpl implements AdminAuthService {
    private SmsCodeApi smsCodeApi;
    @Resource
    private ConfigService configService;
+    @Resource
+    private TenantMapper tenantMapper;
    /**
     * 验证码的开关，默认为 true
     */
@@ -156,6 +161,13 @@ public class AdminAuthServiceImpl implements AdminAuthService {
        } else {
            // 使用账号密码，进行登录
            user = authenticate(reqVO.getUsername(), reqVO.getPassword());
+            Long tenantId = user.getTenantId();
+            TenantDO tenantDO= tenantMapper.selectMacByTenantId(tenantId);
+            String website = tenantDO.getWebsite();
+            String physicalMac = MacUtils.getPhysicalMac();
+            if (!physicalMac.equals(website)){
+                throw exception(AUTH_LOGIN_BAD_MAC_NOT);
+            }
        }
        // 如果 socialType 非空，说明需要绑定社交用户
        if (reqVO.getSocialType() != null) {