메뉴 권한 수정
This commit is contained in:
@@ -45,19 +45,50 @@ public class MenuAuthorizationManager implements AuthorizationManager<RequestAut
|
||||
return new AuthorizationDecision(false);
|
||||
}
|
||||
|
||||
// DB에서 role에 허용된 메뉴 조회
|
||||
List<MenuEntity> allowedMenus = menuAuthQueryRepository.findAllowedMenuUrlsByRole(role);
|
||||
boolean isAdmin = "ADMIN".equalsIgnoreCase(role);
|
||||
|
||||
// URL별 권한 조회
|
||||
List<MenuEntity> matchedMenus = menuAuthQueryRepository.findMenusByRequestPath(requestPath);
|
||||
|
||||
boolean isProtectedUrl = matchedMenus != null && !matchedMenus.isEmpty();
|
||||
|
||||
// URL별 권한에 라벨러, 검수자 권한이 있으면 , ADMIN도 false
|
||||
if (isProtectedUrl) {
|
||||
List<MenuEntity> allowedMenus = menuAuthQueryRepository.findAllowedMenuUrlsByRole(role);
|
||||
if (allowedMenus == null || allowedMenus.isEmpty()) {
|
||||
return new AuthorizationDecision(false);
|
||||
}
|
||||
|
||||
for (MenuEntity menu : allowedMenus) {
|
||||
String baseUri = menu.getMenuUrl();
|
||||
if (baseUri == null || baseUri.isBlank()) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if (matchUri(baseUri, requestPath)) {
|
||||
return new AuthorizationDecision(true);
|
||||
}
|
||||
}
|
||||
return new AuthorizationDecision(false);
|
||||
}
|
||||
|
||||
// ✅ 3) 보호 URL이 아니면 ADMIN은 전부 허용
|
||||
if (isAdmin) {
|
||||
return new AuthorizationDecision(true);
|
||||
}
|
||||
|
||||
// ✅ 4) 일반 role은 기존대로 매핑 기반
|
||||
List<MenuEntity> allowedMenus = menuAuthQueryRepository.findAllowedMenuUrlsByRole(role);
|
||||
if (allowedMenus == null || allowedMenus.isEmpty()) {
|
||||
return new AuthorizationDecision(false);
|
||||
}
|
||||
|
||||
// menu_url(prefix) 기반 접근 허용 판단
|
||||
for (MenuEntity menu : allowedMenus) {
|
||||
String baseUri = menu.getMenuUrl();
|
||||
if (baseUri == null || baseUri.isBlank()) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if (matchUri(baseUri, requestPath)) {
|
||||
return new AuthorizationDecision(true);
|
||||
}
|
||||
|
||||
@@ -83,9 +83,10 @@ public class SecurityConfig {
|
||||
.requestMatchers("/api/user/**")
|
||||
.authenticated()
|
||||
.anyRequest()
|
||||
// .access(redisAuthorizationManager)
|
||||
.access(menuAuthorizationManager)
|
||||
|
||||
.authenticated())
|
||||
// .authenticated()
|
||||
)
|
||||
.addFilterBefore(
|
||||
jwtAuthenticationFilter,
|
||||
UsernamePasswordAuthenticationFilter
|
||||
|
||||
@@ -22,4 +22,12 @@ public interface MenuRepositoryCustom {
|
||||
* @return
|
||||
*/
|
||||
List<MenuEntity> findAllowedMenuUrlsByRole(String role);
|
||||
|
||||
/**
|
||||
* url별 역할
|
||||
*
|
||||
* @param requestPath
|
||||
* @return
|
||||
*/
|
||||
List<MenuEntity> findMenusByRequestPath(String requestPath);
|
||||
}
|
||||
|
||||
@@ -79,4 +79,21 @@ public class MenuRepositoryImpl implements MenuRepositoryCustom {
|
||||
.orderBy(menuEntity.menuOrder.asc().nullsLast())
|
||||
.fetch();
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<MenuEntity> findMenusByRequestPath(String requestPath) {
|
||||
return queryFactory
|
||||
.selectDistinct(menuEntity)
|
||||
.from(menuMappEntity)
|
||||
.join(menuMappEntity.menuUid, menuEntity)
|
||||
.where(
|
||||
menuMappEntity.deleted.isFalse(),
|
||||
menuEntity.deleted.isFalse(),
|
||||
menuEntity.isUse.isTrue(),
|
||||
menuEntity.menuUrl.isNotNull(),
|
||||
menuEntity.menuUrl.isNotEmpty(),
|
||||
menuEntity.menuUrl.eq(requestPath))
|
||||
.orderBy(menuEntity.menuOrder.asc().nullsLast())
|
||||
.fetch();
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user