~qirong/qyksxt.git

			@@ -2,11 +2,15 @@


			import com.mindskip.xzs.context.WebContext;
			import com.mindskip.xzs.domain.Department;
			import com.mindskip.xzs.domain.enums.DeptAdminEnum;
			import com.mindskip.xzs.domain.enums.RoleEnum;
			import com.mindskip.xzs.domain.enums.UserStatusEnum;
			import com.mindskip.xzs.domain.vo.CascaderDataVO;
			import com.mindskip.xzs.repository.DepartmentMapper;
			import com.mindskip.xzs.service.AuthenticationService;
			import com.mindskip.xzs.service.UserService;
			import org.springframework.beans.factory.annotation.Autowired;
			import lombok.RequiredArgsConstructor;
			import org.springframework.security.authentication.AuthenticationProvider;
			import org.springframework.security.authentication.BadCredentialsException;
			import org.springframework.security.authentication.LockedException;
			@@ -15,11 +19,14 @@
			import org.springframework.security.core.AuthenticationException;
			import org.springframework.security.core.GrantedAuthority;
			import org.springframework.security.core.authority.SimpleGrantedAuthority;
			import org.springframework.security.core.userdetails.User;
			import org.springframework.security.core.userdetails.UsernameNotFoundException;
			import org.springframework.stereotype.Component;
			import org.springframework.util.CollectionUtils;

			import java.util.ArrayList;
			import java.util.List;
			import java.util.Objects;
			import java.util.stream.Collectors;


			/**
			@@ -29,25 +36,13 @@
			* @date 2021/12/25 9:45
			*/
			@Component
			@RequiredArgsConstructor
			public class RestAuthenticationProvider implements AuthenticationProvider {

			private final AuthenticationService authenticationService;
			private final UserService userService;
			private final WebContext webContext;

			/**
			* Instantiates a new Rest authentication provider.
			*
			* @param authenticationService the authentication service
			* @param userService the user service
			* @param webContext the web context
			*/
			@Autowired
			public RestAuthenticationProvider(AuthenticationService authenticationService, UserService userService, WebContext webContext) {
			this.authenticationService = authenticationService;
			this.userService = userService;
			this.webContext = webContext;
			}
			private final DepartmentMapper departmentMapper;

			@Override
			public Authentication authenticate(Authentication authentication) throws AuthenticationException {
			@@ -70,9 +65,28 @@
			}

			ArrayList<GrantedAuthority> grantedAuthorities = new ArrayList<>();
			// 赋予部门管理员角色
			if (new Integer(-1).equals(user.getRole())) {
			grantedAuthorities.add(new SimpleGrantedAuthority(RoleEnum.DEPT_ADMIN.getRoleName()));
			}
			grantedAuthorities.add(new SimpleGrantedAuthority(RoleEnum.fromCode(user.getRole()).getRoleName()));

			User authUser = new User(user.getUserName(), user.getPassword(), grantedAuthorities);
			// 获取该用户管理部门及其下级deptAdminIds
			List<Department> deptList = userService.getDeptAdminIdAndInfo(user.getId());
			List<Integer> deptIds = deptList.stream().map(dept -> dept.getId()).collect(Collectors.toList());
			if (! CollectionUtils.isEmpty(deptIds)) {
			deptIds = departmentMapper.getChilds(deptIds); // 查询子部门
			// 如果该部门还被赋予了管理三级单位的的权限，则查出来
			if (deptList.stream().anyMatch(dept -> Objects.nonNull(dept.getSpecial()) && dept.getSpecial())) {
			List<CascaderDataVO> levelDeptList = departmentMapper.getLevelDeptList(3);
			List<Integer> level3DeptIds = levelDeptList.stream().map(CascaderDataVO::getValue).collect(Collectors.toList());
			deptIds.addAll(level3DeptIds);
			}
			}
			else if (CollectionUtils.isEmpty(deptIds)) {
			// 如果是普通学员，查出所在部门
			deptIds = userService.getDeptIds(user.getId());
			}
			MyUser authUser = new MyUser(user.getUserName(), user.getPassword(), grantedAuthorities, user.getRole(), deptIds);
			return new UsernamePasswordAuthenticationToken(authUser, authUser.getPassword(), authUser.getAuthorities());
			}