SimpleAuthorizeValidator.java

package org.hsweb.web.core.authorize.validator;

import org.hsweb.commons.StringUtils;
import org.hsweb.expands.script.engine.DynamicScriptEngine;
import org.hsweb.expands.script.engine.DynamicScriptEngineFactory;
import org.hsweb.web.bean.po.user.User;
import org.hsweb.web.core.authorize.AuthorizeValidator;
import org.hsweb.web.core.authorize.AuthorizeValidatorConfig;
import org.hsweb.web.core.authorize.ExpressionScopeBean;
import org.hsweb.web.core.authorize.annotation.Authorize;
import org.springframework.beans.factory.annotation.Autowired;

import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.function.Predicate;

/**
 * 权限验证器
 * Created by zhouhao on 16-4-28.
 */
public class SimpleAuthorizeValidator implements AuthorizeValidator {

    @Autowired(required = false)
    private Map<String, ExpressionScopeBean> expressionScopeBeanMap;

    @Override
    public boolean validate(User user, Map<String, Object> param, AuthorizeValidatorConfig config) {
        SimpleAuthorizeValidatorConfig validatorConfig = ((SimpleAuthorizeValidatorConfig) config);
        Set<String> modules = validatorConfig.getModules();
        Set<String> roles = validatorConfig.getRoles();
        Set<String> actions = validatorConfig.getActions();
        Set<SimpleAuthorizeValidatorConfig.Expression> expressions = validatorConfig.getExpressions();
        Authorize.MOD mod = validatorConfig.getMod();
        boolean access = false;
        //验证模块
        if (!modules.isEmpty()) {
            if (mod == Authorize.MOD.AND)
                access = modules.stream().allMatch(module ->
                        user.hasAccessModuleAction(module, actions.toArray(new String[actions.size()])));
            else access = modules.stream().anyMatch(module ->
                    user.hasAccessModuleAction(module, actions.toArray(new String[actions.size()])));
        }
        //验证角色
        if (!roles.isEmpty()) {
            if (mod == Authorize.MOD.AND)
                access = roles.stream().allMatch(user::hasAccessRole);
            else
                access = roles.stream().anyMatch(user::hasAccessRole);
        }
        //验证表达式
        if (!expressions.isEmpty()) {
            if (mod == Authorize.MOD.AND)
                access = expressions.stream().allMatch(expression -> {
                    DynamicScriptEngine engine = DynamicScriptEngineFactory.getEngine(expression.getLanguage());
                    Map<String, Object> var = getExpressionRoot(user);
                    var.putAll(param);
                    return StringUtils.isTrue(engine.execute(expression.getId(), var).get());
                });
            else
                access = expressions.stream().anyMatch(expression -> {
                    DynamicScriptEngine engine = DynamicScriptEngineFactory.getEngine(expression.getLanguage());
                    Map<String, Object> var = getExpressionRoot(user);
                    var.putAll(param);
                    return StringUtils.isTrue(engine.execute(expression.getId(), var).get());
                });
        }

        return access;
    }


    public Map<String, Object> getExpressionRoot(User user) {
        Map<String, Object> root = new HashMap<>();
        if (expressionScopeBeanMap != null)
            root.putAll(expressionScopeBeanMap);
        root.put("user", user);
        return root;
    }

    @Override
    public AuthorizeValidatorConfig createConfig() {
        return new SimpleAuthorizeValidatorConfig();
    }

}