项目开发需求,会员有不同的角色,不同的角色被赋予不同的权限,这就需要对会员的操作进行鉴权处理。
采用aop,可实现满足这种需求,创建匿名类。对外提供接口的时候都会拦截,这种会有弊端,当并发量大时,会存在瓶颈。
@Configuration
@Aspect
public class BusyAop {
@Autowired
private DdMemberRolesMapper ddMemberRolesMapper;
@Pointcut("@annotation(com.ruoyi.shop.api.aop.BusyOperatorRole)")
private void permissionCheck() {}
@Around("permissionCheck()")
public Object around(ProceedingJoinPoint p) throws Throwable{
WxLoginUser user=(WxLoginUser) getAuthentication().getPrincipal();
//建议采用redis缓存方案,更好
List<MemberRolesDo> list = getUserPermissions(user);
if(CollUtil.size(list)==0){
return AjaxResult.warn("无权访问");
}
Map<String, Object> response = (Map<String, Object>) p.proceed();
return response;
}
private List<MemberRolesDo> getUserPermissions(WxLoginUser user) {
MPJLambdaWrapper<MemberRolesDo> wrapper = new MPJLambdaWrapper<MemberRolesDo>()
.selectAll(MemberRolesDo.class)
.leftJoin(BusyMerchDto.class, BusyMerchDto::getMemberId, MemberRolesDo::getMemberId)
.leftJoin(BusyGroupDto.class, BusyGroupDto::getBusyMerchId, BusyMerchDto::getBusyMerchId)
.eq(MemberRolesDo::getRolesType, 6)
.eq(BusyGroupDto::getMemberId, user.getUserId());
return ddMemberRolesMapper.selectJoinList(MemberRolesDo.class, wrapper);
}
}如果有更好的方案,请评论私聊我。