修复权限返回template的bug

src/main/java/com/yaoxiang/diagnosis/authority/AuthCheckAspect.java

@@ -2,6 +2,7 @@ package com.yaoxiang.diagnosis.authority;
 
 import com.yaoxiang.diagnosis.model.Result;
 import com.yaoxiang.diagnosis.util.CommonUtil;
+import com.yaoxiang.diagnosis.util.SecurityUtil;
 import org.apache.commons.lang3.StringUtils;
 import org.aspectj.lang.JoinPoint;
 import org.aspectj.lang.ProceedingJoinPoint;
@@ -47,30 +48,22 @@ public class AuthCheckAspect {
         String role = authCheck.role();
         String authority = authCheck.authority();
         boolean access = authService.check(principal, role, authority);
-        logger.info("check auth for principal={},role={},authority={}", principal, role, authority);
+        logger.info("check auth for principal={},role={},authority={},access={}", principal, role, authority, access);
+        if (!access) {
+            throw new AuthCheckException("权限检测失败");
+        }
         Object result = null;
         try {
-            if (access) {
-                result = joinPoint.proceed();
-            }
+            result = joinPoint.proceed();
         } catch (Exception e) {
-            logger.error("Something wrong with Server. ", e);
+            logger.error("Server error,message={}.", e.getMessage());
+            throw e;
         }
-        return access ? result : "Auth check fail";
+        return result;
     }
 
     private String getPrincipal() {
-        String principal = "";
-        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-        if (authentication != null && authentication.getPrincipal() != null) {
-            Object principalObj = authentication.getPrincipal();
-            if (principalObj instanceof UserDetails) {
-                principal = ((UserDetails) principalObj).getUsername();
-            } else {
-                principal = principalObj.toString();
-            }
-        }
-        return principal;
+        return SecurityUtil.getCurrentUser().getUsername();
     }
 
     /**

src/main/java/com/yaoxiang/diagnosis/authority/AuthServiceImpl.java

@@ -21,25 +21,25 @@ public class AuthServiceImpl implements AuthService {
 
     @Override
     public boolean check(String principal, String role, String authority) {
-        boolean hasRole = StringUtils.isNotBlank(role);
         boolean hasAuthority = StringUtils.isNotBlank(authority);
         if (hasAuthority) {
             return checkAuthority(principal, authority);
         }
+        boolean hasRole = StringUtils.isNotBlank(role);
         if (hasRole) {
             return checkRole(principal, role);
         }
         return true;
     }
 
-    public boolean checkRole(String principal, String role) {
-        UserInfo info = userService.findByUsername(principal);
+    private boolean checkRole(String principal, String role) {
+        UserInfo info = userService.getSimpleUser(principal);
         String roleIds = info.getRoleIds();
         List<Role> roles = roleService.listRoles(roleIds);
         return roles.stream().anyMatch(r -> role.equals(r.getName()));
     }
 
-    public boolean checkAuthority(String principal, String authority) {
+    private boolean checkAuthority(String principal, String authority) {
         UserInfo info = userService.findByUsername(principal);
         List<String> authorities = info.getAuthorities();
         return authorities.contains(authority);

src/main/java/com/yaoxiang/diagnosis/authority/ResultHandler.java

@@ -5,12 +5,14 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.web.bind.annotation.ControllerAdvice;
 import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.bind.annotation.ResponseBody;
 
 @ControllerAdvice
 public class ResultHandler {
 
     private static final Logger logger = LoggerFactory.getLogger(ResultHandler.class);
 
+    @ResponseBody
     @ExceptionHandler(value = Exception.class)
     public Result exceptionHandler(Exception e) {
         logger.error("发生业务异常！原因是：{}", e.getMessage());

src/main/java/com/yaoxiang/diagnosis/service/RoleService.java

@@ -143,8 +143,8 @@ public class RoleService {
         if (CommonUtil.isEmpty(ids)) {
             return result;
         }
-        List<Long> roleIds = ids.stream().map(Long::valueOf).collect(Collectors.toList());
-        return roleRepo.findAllById(roleIds).stream().map(Role::getName).collect(Collectors.toList());
+        List<Role> roles = listRoles(ids);
+        return roles.stream().map(Role::getName).collect(Collectors.toList());
     }
 
     public List<Role> listRoles(List<String> ids) {

src/main/java/com/yaoxiang/diagnosis/service/UserService.java

@@ -124,6 +124,10 @@ public class UserService {
         return userRepo.getOne(id);
     }
 
+    public UserInfo getSimpleUser(String username) {
+        return userRepo.findByUsername(username);
+    }
+
     public boolean updatePassword(Long id, String password) {
         UserInfo info = getSimpleUser(id);
         info.setPassword(MD5Util.INSTANCE.md5(password));

src/main/java/com/yaoxiang/diagnosis/util/SecurityUtil.java

@@ -5,7 +5,6 @@ import org.springframework.security.core.context.SecurityContextHolder;
 
 public class SecurityUtil {
     public static AuthUser getCurrentUser() {
-        AuthUser user = (AuthUser) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
-        return user;
+        return (AuthUser) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
     }
 }