前言
项目开发需求,会员有不同的角色,不同的角色被赋予不同的权限,这就需要对会员的操作进行鉴权处理。
方案
采用aop,可实现满足这种需求,创建匿名类。对外提供接口的时候都会拦截,这种会有弊端,当并发量大时,会存在瓶颈。
@Configuration
@Aspect
public class BusyAop {@Autowiredprivate DdMemberRolesMapper ddMemberRolesMapper;@Pointcut("@annotation(com.ruoyi.shop.api.aop.BusyOperatorRole)")private void permissionCheck() {}@Around("permissionCheck()")public Object around(ProceedingJoinPoint p) throws Throwable{WxLoginUser user=(WxLoginUser) getAuthentication().getPrincipal();//建议采用redis缓存方案,更好List<MemberRolesDo> list = getUserPermissions(user);if(CollUtil.size(list)==0){return AjaxResult.warn("无权访问");}Map<String, Object> response = (Map<String, Object>) p.proceed();return response;}private List<MemberRolesDo> getUserPermissions(WxLoginUser user) {MPJLambdaWrapper<MemberRolesDo> wrapper = new MPJLambdaWrapper<MemberRolesDo>().selectAll(MemberRolesDo.class).leftJoin(BusyMerchDto.class, BusyMerchDto::getMemberId, MemberRolesDo::getMemberId).leftJoin(BusyGroupDto.class, BusyGroupDto::getBusyMerchId, BusyMerchDto::getBusyMerchId).eq(MemberRolesDo::getRolesType, 6).eq(BusyGroupDto::getMemberId, user.getUserId());return ddMemberRolesMapper.selectJoinList(MemberRolesDo.class, wrapper);}}
如果有更好的方案,请评论私聊我。