java aop 重置返回值
文章目录
- 场景
- 例子
- 过滤返回值
场景
A同学是领导,可以看到表格内所有记录
B同学是助理,只能看到编号、名称、分类
C同学是后勤,价值和折旧没权限看,其他都可以
例子
接口返回值:
{"code": "200","msg": "查询成功","data": [{"name": "name部门","id": "1566623676155715586","msg": "a"},{"name": "name行政后勤","id": "1566623680589094913","msg": "b"}]}
通过权限控制,改变返回值,删除 msg
{"code": "200","msg": "查询成功","data": [{"name": "name部门","id": "1566623676155715586"},{"name": "name行政后勤","id": "1566623680589094913"}]}
过滤返回值
配置切面 RespPermissionAop
- 配置权限开关
- 结果为抛出异常,则直接返回
- 判断方法名是否包含 list 或者 page
- listPermissionLabel:有权限的列
- objToList:把 data 从Object 转成 JSONObject List
- permissionColumns:按需展示有权限的列,如把 id、name、msg,转换成 id、name
切面aop,对 controller 进行统一过滤
@Slf4j@Aspect@Componentpublic class RespPermissionAop {private static final String METHOD_EXCEPTION = "Exception";private static final String METHOD_lIST = "list";private static final String METHOD_PAGE = "page";private static final String PERMISSION_Y = "y";@ResourceIPermissionService permissionService;@ResourcePermissionProperty permissionProperty;@Pointcut("execution (* com.njc.java.controller.*.*(..))")public void point() {}@Around("point()")public Object around(ProceedingJoinPoint joinPoint) throws Throwable {Object obj = joinPoint.proceed();log.info("obj: {}", obj);if(!PERMISSION_Y.toLowerCase().equals(permissionProperty.getInterfaces().toLowerCase())){log.info("interface 权限未开启");return obj;}MethodSignature signature = (MethodSignature) joinPoint.getSignature();String controllerName = joinPoint.getTarget().getClass().getName();controllerName = controllerName.substring(controllerName.lastIndexOf(".") + 1);String methodName = signature.getName();log.info("controllerName: {}, methodName: {}", controllerName, methodName);if (methodName.lastIndexOf(METHOD_EXCEPTION) > 0) {log.error("exception");return obj;}if (methodName.toLowerCase().lastIndexOf(METHOD_lIST) > -1 || methodName.toLowerCase().lastIndexOf(METHOD_PAGE) > -1) {List<String> labels = listPermissionLabel(UserUtil.getUserId(), controllerName, methodName);if (CollectionUtils.isEmpty(labels)) {log.info("无数据权限控制列,返回全部列");return obj;}NjcResponseEntity njcResponseEntity = BeanUtil.toBean(obj, NjcResponseEntity.class);Object data = njcResponseEntity.getData();if (methodName.lastIndexOf(METHOD_lIST) > -1) {log.info("列表查询");if (data instanceof List<?>) {List<JSONObject> list = objToList(data);log.info("list:{}", list);List<JSONObject> respList = permissionColumns(list, labels);log.info("respList:{}", respList);njcResponseEntity.setData(respList);return njcResponseEntity;} else {log.info("instanceof 判断类型失败,返回全部列");}}if (methodName.lastIndexOf(METHOD_PAGE) > -1) {log.info("分页查询");if (data instanceof IPage<?>) {IPage<?> ipage = (IPage<?>) data;List<JSONObject> list = objToList(ipage.getRecords());log.info("list:{}", list);List<JSONObject> respList = permissionColumns(list, labels);log.info("respList:{}", respList);IPage<JSONObject> page = TransformUtil.page(ipage, JSONObject.class);page.setRecords(respList);njcResponseEntity.setData(page);return njcResponseEntity;} else {log.info("instanceof 判断类型失败,返回全部列");}}} else {log.info("非分页查询 and 非列表查询");}return obj;}}
对象转list
private static List<JSONObject> objToList(Object obj) {List<JSONObject> result = new ArrayList<>();if (obj instanceof List<?>) {for (Object o : (List<?>) obj) {result.add(JSONUtil.parseObj(o));}return result;}return null;}
转换有权限的列
private static List<JSONObject> permissionColumns(List<JSONObject> list, List<String> columns) {List<JSONObject> respList = new ArrayList<>();for (JSONObject s : list) {JSONObject newObj = new JSONObject();JSONObject obj = JSONUtil.parseObj(s);for (String column : columns) {newObj.putOnce(column, obj.get(column));}respList.add(newObj);}return respList;}
获取有权限的列
private List<String> listPermissionLabel(Long userId, String controllerName, String methodName) {List<String> list = new ArrayList<>();list.add("id");list.add("name");return list;}
今天药忘吃喽~
不念不忘少年蓝@
布满荆棘的人生
傷城~
ゞ 浴缸里的玫瑰
超、凢脫俗
系统管理员
还没有评论,来说两句吧...