Compare commits
No commits in common. "fc5967b213ae856b9541379a0f105ce1ac644461" and "e93bbcf259d9cde483583051760c02eba1a1d49c" have entirely different histories.
fc5967b213
...
e93bbcf259
|
|
@ -31,11 +31,6 @@ local function isExistRole(id)
|
|||
end
|
||||
|
||||
-- 查询数据表中的所有角色信息
|
||||
function _M.getAllSystemRoles()
|
||||
return roleModel:all()
|
||||
end
|
||||
|
||||
-- 根据页码和数量查询数据表中的角色信息
|
||||
function _M.getSystemRoles(pageNum, pageSize)
|
||||
return roleModel:paginate(pageNum, pageSize)
|
||||
end
|
||||
|
|
@ -102,7 +97,7 @@ function _M:getPermission2roleId(role_id, status)
|
|||
if status ~= nil then
|
||||
sql = sql.." AND \"A\".status='"..status.."'"
|
||||
end
|
||||
return roleModel:exec(sql)
|
||||
return roleModel.exec(sql)
|
||||
end
|
||||
|
||||
return _M
|
||||
75
src/init.lua
75
src/init.lua
|
|
@ -7,11 +7,9 @@
|
|||
在"ngx_lua"模块的"init_by_lua_file"命令中执行;
|
||||
只在启动nginx时初始化一次。
|
||||
--]]
|
||||
--只在第一个worker进程中执行一次
|
||||
if ngx.worker.id() ~= 0 then
|
||||
return
|
||||
end
|
||||
require("config")
|
||||
|
||||
print("init application...")
|
||||
--判断程序是否加载权限数据
|
||||
--local dict = ngx.shared.dict
|
||||
--local load = dict:get("RBAC")
|
||||
|
|
@ -19,12 +17,28 @@ end
|
|||
-- return
|
||||
--end
|
||||
|
||||
require("config")
|
||||
print("init application woker id:", ngx.worker.id())
|
||||
--只在第一个worker进程中执行一次
|
||||
if ngx.worker.id() ~= 0 then
|
||||
return
|
||||
end
|
||||
|
||||
--初始化,获取系统默认的用户权限,为实现RBAC框架做权限数据准备
|
||||
local function handler()
|
||||
--与redis进行连接
|
||||
--读取用户表、角色表和权限表中配置的权限数据
|
||||
local roleDao = require("dao.role")
|
||||
--获取数据表中的记录数
|
||||
local code, res = roleDao:all()
|
||||
if res == nil then return end
|
||||
ngx.log(ngx.INFO, "user count:"..res)
|
||||
--读取角色id和角色名称
|
||||
for _, row in pairs(res) do
|
||||
for key, value in pairs(row) do
|
||||
ngx.say(key .. ":" .. tostring(value))
|
||||
end
|
||||
end
|
||||
--“admin-system::users::edit“ ”1“
|
||||
|
||||
--将取到的数据存储到redis中,后续进行验证使用
|
||||
local redis = require("resty.redis")
|
||||
local red = redis:new()
|
||||
-- 设置超时时间
|
||||
|
|
@ -48,33 +62,42 @@ local function handler()
|
|||
-- 从连接池中获取连接
|
||||
--red:set_keepalive(SYSTEM_CONFIG.REDIS.POOL_MAX_IDLE_TIME, SYSTEM_CONFIG.REDIS.POOL_SIZE)
|
||||
|
||||
--读取用户表、角色表和权限表中配置的权限数据
|
||||
local roleDao = require("dao.role")
|
||||
--获取数据表中的记录数
|
||||
local code, res = roleDao:getAllSystemRoles()
|
||||
if res == nil then return end
|
||||
--读取角色id和角色名称
|
||||
for _, row in pairs(res) do
|
||||
local id = row.id --:1
|
||||
local name = row.role_name --:admin
|
||||
--row.status:0,
|
||||
local code, rest = roleDao:getPermission2roleId(id)
|
||||
for _, ret in pairs(rest) do
|
||||
--获取数据表中的数据
|
||||
local permid = ret.permission_id
|
||||
local perm = ret.permission_code
|
||||
local key = name.."-"..perm
|
||||
--role_name-permission_code 组成key进行验证 存储到redis中
|
||||
local ok, err = red:set(key, "1")
|
||||
-- 设置 key-value
|
||||
local ok, err = red:set("admin-system:user:add", "1")
|
||||
if not ok then
|
||||
ngx.log(ngx.ERR, "redis failed to set key: "..err)
|
||||
return
|
||||
end
|
||||
|
||||
local ok, err = red:set("admin-system:user:edit", "1")
|
||||
if not ok then
|
||||
ngx.log(ngx.ERR, "failed to set key: "..err)
|
||||
return
|
||||
end
|
||||
|
||||
local ok, err = red:set("admin-system:user:delete", "1")
|
||||
if not ok then
|
||||
ngx.log(ngx.ERR, "failed to set key: "..err)
|
||||
return
|
||||
end
|
||||
|
||||
local ok, err = red:set("admin-system:user:view", "1")
|
||||
if not ok then
|
||||
ngx.log(ngx.ERR, "failed to set key: "..err)
|
||||
return
|
||||
end
|
||||
|
||||
local ok, err = red:set("admin-system:user:list", "1")
|
||||
if not ok then
|
||||
ngx.log(ngx.ERR, "failed to set key: "..err)
|
||||
return
|
||||
end
|
||||
|
||||
ngx.log(ngx.INFO, "set key successfully")
|
||||
|
||||
--关闭redis连接
|
||||
red:close()
|
||||
|
||||
--共享数据字典进行数据存储
|
||||
--dict:set("RBAC", "1")
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -59,8 +59,4 @@ function _M:ttl(key)
|
|||
return self.red:ttl(key)
|
||||
end
|
||||
|
||||
function _M:call(key, ...)
|
||||
return self.red:call(key, ...)
|
||||
end
|
||||
|
||||
return _M
|
||||
|
|
@ -333,30 +333,17 @@ else
|
|||
end
|
||||
--]]
|
||||
|
||||
local perm = require("util.permissionfilter")
|
||||
|
||||
local rest = perm.getRolePermissions("admin")
|
||||
for _, row in pairs(rest) do
|
||||
print(row.key)
|
||||
end
|
||||
|
||||
perm.clearRolePermissions("admin")
|
||||
|
||||
--读取用户表、角色表和权限表中配置的权限数据
|
||||
local roleDao = require("dao.role")
|
||||
--获取数据表中的记录数
|
||||
local code, res = roleDao:getAllSystemRoles()
|
||||
if res == nil then return end
|
||||
--读取角色id和角色名称
|
||||
local userModel = require("dao.user")
|
||||
local code, res = userModel:userRole("1")
|
||||
--显示查询到的数据记录
|
||||
if res ~= nil then
|
||||
print("id value: -- ", res[1].id)
|
||||
for _, row in pairs(res) do
|
||||
--row.id:1
|
||||
--row.create_by:admin
|
||||
--row.create_time:
|
||||
--row.role_name:admin
|
||||
--row.status:0,
|
||||
--row.remark:超级管理员
|
||||
--row.role_key:超级管理员
|
||||
print(row.id..row.create_by..row.role_name)
|
||||
for key, value in pairs(row) do
|
||||
ngx.say(key .. ":" .. tostring(value))
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
--[[
|
||||
|
|
|
|||
|
|
@ -1,79 +0,0 @@
|
|||
---
|
||||
--- Generated by EmmyLua(https://github.com/EmmyLua)
|
||||
--- Created by admin.
|
||||
--- DateTime: 2025/11/8 11:15
|
||||
--- 权限过滤器,用于验证用户是否有权限进行接口访问,通过redis进行权限获取
|
||||
|
||||
local red = require("share.redis")
|
||||
local _M = {}
|
||||
|
||||
-- 为角色增加权限
|
||||
function _M:addRolePerms(role_name, permissions, description)
|
||||
local key = role_name.."-"..permissions
|
||||
local res, err = red:get(key)
|
||||
if res ~= nil then return end
|
||||
--键值不存在则增加到redis中
|
||||
res, err = red:set(key, "1")
|
||||
end
|
||||
|
||||
-- 检查角色是否拥有指定权限
|
||||
function _M:hasPermission(role_name, permission)
|
||||
if role_name == nil or permission == nil then
|
||||
return false
|
||||
end
|
||||
|
||||
-- 检查直接权限
|
||||
local key = role_name.."-"..permission
|
||||
local res, err = red:get(key)
|
||||
if res ~= nil then
|
||||
return true
|
||||
end
|
||||
return false
|
||||
end
|
||||
|
||||
-- 检查多角色是否拥有所有指定权限
|
||||
function _M:hasMultiRoleNamePermission(rolenameTable, permission)
|
||||
if rolenameTable == nil or permission == nil then
|
||||
return false
|
||||
end
|
||||
|
||||
-- 检查直接权限
|
||||
for i = 1, #rolenameTable do
|
||||
local role_name = rolenameTable[i]
|
||||
local key = role_name.."-"..permission
|
||||
local res, err = red:get(key)
|
||||
if res ~= nil then
|
||||
return true
|
||||
end
|
||||
end
|
||||
return false
|
||||
end
|
||||
|
||||
-- 获取角色的所有权限
|
||||
function _M:getRolePermissions(role_name)
|
||||
local allPermissions = {}
|
||||
if role_name == nil then
|
||||
return allPermissions
|
||||
end
|
||||
--获取redis中所有匹配的数据内容
|
||||
local prefix = role_name.."-"
|
||||
local cursor = "0"
|
||||
local result = red:call('SCAN', cursor, 'MATCH', prefix .. '*', 'COUNT')
|
||||
cursor = result[1]
|
||||
for _, key in ipairs(result[2]) do
|
||||
table.insert(allPermissions, key)
|
||||
end
|
||||
return allPermissions
|
||||
end
|
||||
|
||||
-- 清除角色的所有权限
|
||||
function _M:clearRolePermissions(role_name)
|
||||
--将redis中角色相关的键值去掉
|
||||
local keys = red:call("KEYS", role_name.."-*")
|
||||
if #keys > 0 then
|
||||
red:call("DEL", unpack(keys))
|
||||
end
|
||||
end
|
||||
|
||||
-- 导出模块
|
||||
return _M
|
||||
Loading…
Reference in New Issue
Block a user