final RequiresPermissions rps = method.getAnnotation(RequiresPermissions.class);
if (rps == null) {
return true;
}
Logical logical = rps.logical();
String[] pv = rps.value();
// 假如验证逻辑为OR,并且有些权限不需要做数据权限检查的,直接返回true。
if (logical.equals(Logical.OR)) {
for (String p : pv) {
if (p.split(PART_DIVIDER_TOKEN).length < 3) {
return true;
}
}
}
boolean firstPermitted = false;
for (String p : pv) {
String[] v = p.split(PART_DIVIDER_TOKEN);
if (v.length == 3) {
// 进行初次验证,确保shiro中用户的权限被初始化。
if (!firstPermitted) {
Subject subject = SecurityUtils.getSubject();
if (!subject.isPermitted(p)){
throw new UnauthorizedException("数据权限验证失败!");
}
firstPermitted = true;
}
try {
// 把内部动态查询参数常量,logical放入request
request.setAttribute(SecurityConstants.NEST_DYNAMIC_SEARCH_LOGICAL, logical);
boolean checkResult = (check(request, response, method, v[0], v[2]) == true) ? true : false;
if (!checkResult) {
throw new UnauthorizedException("数据权限验证失败!");
}
if (checkResult == true && logical.equals(Logical.OR)) {
return true;
}
} catch (Exception e) {
logger.error(Exceptions.getStackTraceAsString(e));
throw new UnauthorizedException("数据权限验证失败!");