From 977ab3ed408f92c8de2f763b06151d2523f0a8c0 Mon Sep 17 00:00:00 2001
From: click33 <2393584716@qq.com>
Date: Sat, 2 Oct 2021 18:26:13 +0800
Subject: [PATCH] =?UTF-8?q?@SaCheckPermission=20=E5=A2=9E=E5=8A=A0=20orRol?=
 =?UTF-8?q?e=20=E5=AD=97=E6=AE=B5=EF=BC=8C=E7=94=A8=E4=BA=8E=E6=9D=83?=
 =?UTF-8?q?=E9=99=90=E8=A7=92=E8=89=B2=E2=80=9C=E5=8F=8C=E9=87=8Dor?=
 =?UTF-8?q?=E2=80=9D=E5=8C=B9=E9=85=8D?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../satoken/annotation/SaCheckPermission.java | 15 +++++++++
 .../dev33/satoken/config/SaTokenConfig.java   | 31 +++++--------------
 .../cn/dev33/satoken/sso/SaSsoTemplate.java   |  2 +-
 .../java/cn/dev33/satoken/stp/StpLogic.java   | 22 ++++++++++---
 .../java/cn/dev33/satoken/stp/StpUtil.java    |  2 ++
 .../dev33/satoken/temp/SaTempInterface.java   |  2 +-
 .../java/cn/dev33/satoken/util/SaFoxUtil.java | 24 ++++++++++++--
 .../main/java/com/pj/test/TestController.java |  5 ++-
 sa-token-doc/doc/plugin/temp-token.md         |  2 +-
 .../dev33/satoken/temp/jwt/SaTempForJwt.java  |  8 ++---
 10 files changed, 74 insertions(+), 39 deletions(-)

diff --git a/sa-token-core/src/main/java/cn/dev33/satoken/annotation/SaCheckPermission.java b/sa-token-core/src/main/java/cn/dev33/satoken/annotation/SaCheckPermission.java
index c97883b9..b507bd95 100644
--- a/sa-token-core/src/main/java/cn/dev33/satoken/annotation/SaCheckPermission.java
+++ b/sa-token-core/src/main/java/cn/dev33/satoken/annotation/SaCheckPermission.java
@@ -33,4 +33,19 @@ public @interface SaCheckPermission {
      */
 	String type() default "";
 
+	/**
+	 * 在权限认证不通过时的次要选择，两者只要其一认证成功即可通过校验  
+	 * 
+	 * <p> 
+	 * 	例1：@SaCheckPermission(value="user-add", orRole="admin")，
+	 * 	代表本次请求只要具有 user-add权限 或 admin角色 其一即可通过校验 
+	 * </p>
+	 * 
+	 * <p> 
+	 * 	例2： orRole={"admin", "manager", "staff"}，具有三个角色其一即可 <br> 
+	 * 	例3： orRole={"admin, manager, staff"}，必须三个角色同时具备 
+	 * </p>
+	 */
+	String[] orRole() default {};
+	
 }
diff --git a/sa-token-core/src/main/java/cn/dev33/satoken/config/SaTokenConfig.java b/sa-token-core/src/main/java/cn/dev33/satoken/config/SaTokenConfig.java
index 7aeb5e83..3799a192 100644
--- a/sa-token-core/src/main/java/cn/dev33/satoken/config/SaTokenConfig.java
+++ b/sa-token-core/src/main/java/cn/dev33/satoken/config/SaTokenConfig.java
@@ -74,7 +74,7 @@ public class SaTokenConfig implements Serializable {
 	/**
 	 * jwt秘钥 (只有集成 sa-token-temp-jwt 模块时此参数才会生效) 
 	 */
-	private String jwtSecretkey;
+	private String jwtSecretKey;
 	
 	/**
 	 * Id-Token的有效期 (单位: 秒)
@@ -391,16 +391,16 @@ public class SaTokenConfig implements Serializable {
 	/**
 	 * @return jwt秘钥 (只有集成 sa-token-temp-jwt 模块时此参数才会生效)  
 	 */
-	public String getJwtSecretkey() {
-		return jwtSecretkey;
+	public String getJwtSecretKey() {
+		return jwtSecretKey;
 	}
 
 	/**
-	 * @param jwtSecretkey jwt秘钥 (只有集成 sa-token-temp-jwt 模块时此参数才会生效)  
+	 * @param jwtSecretKey jwt秘钥 (只有集成 sa-token-temp-jwt 模块时此参数才会生效)  
 	 * @return 对象自身
 	 */
-	public SaTokenConfig setJwtSecretkey(String jwtSecretkey) {
-		this.jwtSecretkey = jwtSecretkey;
+	public SaTokenConfig setJwtSecretKey(String jwtSecretKey) {
+		this.jwtSecretKey = jwtSecretKey;
 		return this;
 	}
 
@@ -476,7 +476,7 @@ public class SaTokenConfig implements Serializable {
 				+ ", tokenStyle=" + tokenStyle
 				+ ", dataRefreshPeriod=" + dataRefreshPeriod + ", tokenSessionCheckLogin=" + tokenSessionCheckLogin
 				+ ", autoRenew=" + autoRenew + ", cookieDomain=" + cookieDomain + ", tokenPrefix=" + tokenPrefix
-				+ ", isPrint=" + isPrint + ", isLog=" + isLog + ", jwtSecretkey=" + jwtSecretkey + ", idTokenTimeout="
+				+ ", isPrint=" + isPrint + ", isLog=" + isLog + ", jwtSecretKey=" + jwtSecretKey + ", idTokenTimeout="
 				+ idTokenTimeout + ", basic=" + basic + ", currDomain=" + currDomain + ", sso=" + sso + "]";
 	}
 
@@ -497,25 +497,10 @@ public class SaTokenConfig implements Serializable {
 	 * @param isV see note
 	 * @return see note
 	 */
+	@Deprecated
 	public SaTokenConfig setIsV(Boolean isV) {
 		this.isPrint = isV;
 		return this;
 	}
 
-	/**
-	 * @return <h1> 本函数设计已过时，未来版本可能移除此函数，请及时更换为 getJwtSecretkey() ，使用方式保持不变 </h1>
-	 */
-	public String getJwtSecretKey() {
-		return jwtSecretkey;
-	}
-
-	/**
-	 * @param <h1> 本函数设计已过时，未来版本可能移除此函数，请及时更换为 setJwtSecretkey() ，使用方式保持不变 </h1>
-	 * @return 对象自身
-	 */
-	public SaTokenConfig setJwtSecretKey(String jwtSecretKey) {
-		this.jwtSecretkey = jwtSecretKey;
-		return this;
-	}
-
 }
diff --git a/sa-token-core/src/main/java/cn/dev33/satoken/sso/SaSsoTemplate.java b/sa-token-core/src/main/java/cn/dev33/satoken/sso/SaSsoTemplate.java
index e7736cf4..30d94884 100644
--- a/sa-token-core/src/main/java/cn/dev33/satoken/sso/SaSsoTemplate.java
+++ b/sa-token-core/src/main/java/cn/dev33/satoken/sso/SaSsoTemplate.java
@@ -409,7 +409,7 @@ public class SaSsoTemplate {
 	 * @author kong
 	 */
 	@FunctionalInterface
-	static interface CallSloUrlFunction{
+	public static interface CallSloUrlFunction{
 		/**
 		 * 调用function 
 		 * @param url 注销回调URL
diff --git a/sa-token-core/src/main/java/cn/dev33/satoken/stp/StpLogic.java b/sa-token-core/src/main/java/cn/dev33/satoken/stp/StpLogic.java
index c358a6c4..e47dd322 100644
--- a/sa-token-core/src/main/java/cn/dev33/satoken/stp/StpLogic.java
+++ b/sa-token-core/src/main/java/cn/dev33/satoken/stp/StpLogic.java
@@ -1313,10 +1313,24 @@ public class StpLogic {
 	 */
 	public void checkByAnnotation(SaCheckPermission at) {
 		String[] permissionArray = at.value();
-		if(at.mode() == SaMode.AND) {
-			this.checkPermissionAnd(permissionArray);	
-		} else {
-			this.checkPermissionOr(permissionArray);	
+		try {
+			if(at.mode() == SaMode.AND) {
+				this.checkPermissionAnd(permissionArray);	
+			} else {
+				this.checkPermissionOr(permissionArray);	
+			}
+		} catch (NotPermissionException e) {
+			// 权限认证未通过，再开始角色认证 
+			if(at.orRole().length > 0) {
+				for (String role : at.orRole()) {
+					String[] rArr = SaFoxUtil.convertStringToArray(role);
+					// 某一项role认证通过，则可以提前退出了，代表通过 
+					if(hasRoleAnd(rArr)) {
+						return;
+					}
+				}
+			}
+			throw e;
 		}
 	}
 
diff --git a/sa-token-core/src/main/java/cn/dev33/satoken/stp/StpUtil.java b/sa-token-core/src/main/java/cn/dev33/satoken/stp/StpUtil.java
index d2c69e51..a405e63c 100644
--- a/sa-token-core/src/main/java/cn/dev33/satoken/stp/StpUtil.java
+++ b/sa-token-core/src/main/java/cn/dev33/satoken/stp/StpUtil.java
@@ -812,6 +812,7 @@ public class StpUtil {
 	 * <p> 当对方再次访问系统时，会抛出NotLoginException异常，场景值=-2
 	 * @param loginId 账号id 
 	 */
+	@Deprecated
 	public static void logoutByLoginId(Object loginId) {
 		stpLogic.kickout(loginId);
 	}
@@ -824,6 +825,7 @@ public class StpUtil {
 	 * @param loginId 账号id 
 	 * @param device 设备标识 (填null代表所有注销设备) 
 	 */
+	@Deprecated
 	public static void logoutByLoginId(Object loginId, String device) {
 		stpLogic.kickout(loginId, device);
 	}
diff --git a/sa-token-core/src/main/java/cn/dev33/satoken/temp/SaTempInterface.java b/sa-token-core/src/main/java/cn/dev33/satoken/temp/SaTempInterface.java
index fe727dae..942bd705 100644
--- a/sa-token-core/src/main/java/cn/dev33/satoken/temp/SaTempInterface.java
+++ b/sa-token-core/src/main/java/cn/dev33/satoken/temp/SaTempInterface.java
@@ -83,7 +83,7 @@ public interface SaTempInterface {
 	/**
 	 * @return jwt秘钥 (只有集成 sa-token-temp-jwt 模块时此参数才会生效)  
 	 */
-	public default String getJwtSecretkey() {
+	public default String getJwtSecretKey() {
 		return null;
 	}
 	
diff --git a/sa-token-core/src/main/java/cn/dev33/satoken/util/SaFoxUtil.java b/sa-token-core/src/main/java/cn/dev33/satoken/util/SaFoxUtil.java
index 3d8ec42a..cd524aea 100644
--- a/sa-token-core/src/main/java/cn/dev33/satoken/util/SaFoxUtil.java
+++ b/sa-token-core/src/main/java/cn/dev33/satoken/util/SaFoxUtil.java
@@ -404,6 +404,26 @@ public class SaFoxUtil {
 		return str;
 	}
 	
-	
-	
+    /**
+     * String 转 Array，按照逗号切割 
+     * @param str 字符串 
+     * @return 数组 
+     */
+    public static String[] convertStringToArray(String str) {
+    	List<String> list = convertStringToList(str);
+    	return list.toArray(new String[list.size()]);
+    }
+
+    /**
+     * Array 转 String，按照逗号切割 
+     * @param arr 数组 
+     * @return 字符串 
+     */
+    public static String convertArrayToString(String[] arr) {
+    	if(arr == null || arr.length == 0) {
+    		return "";
+    	}
+    	return String.join(",", arr);
+    }
+    
 }
diff --git a/sa-token-demo/sa-token-demo-springboot/src/main/java/com/pj/test/TestController.java b/sa-token-demo/sa-token-demo-springboot/src/main/java/com/pj/test/TestController.java
index 90862294..554081b6 100644
--- a/sa-token-demo/sa-token-demo-springboot/src/main/java/com/pj/test/TestController.java
+++ b/sa-token-demo/sa-token-demo-springboot/src/main/java/com/pj/test/TestController.java
@@ -239,9 +239,8 @@ public class TestController {
 	// 测试   浏览器访问： http://localhost:8081/test/test
 	@RequestMapping("test")
 	public AjaxJson test() {
-		System.out.println("进来了");
-		StpUtil.checkLogin();
-		return AjaxJson.getSuccess();
+		System.out.println("进来了"); 
+		return AjaxJson.getSuccess(); 
 	}
 	
 	// 测试   浏览器访问： http://localhost:8081/test/test2
diff --git a/sa-token-doc/doc/plugin/temp-token.md b/sa-token-doc/doc/plugin/temp-token.md
index 3b847ca9..88a483e6 100644
--- a/sa-token-doc/doc/plugin/temp-token.md
+++ b/sa-token-doc/doc/plugin/temp-token.md
@@ -71,5 +71,5 @@ SaTempUtil.deleteToken(token);
 ``` java
 sa-token: 
 	# sa-token-temp-jwt 模块的秘钥 （随便乱摁几个字母就行了） 
-	jwt-secretkey: JfdDSgfCmPsDfmsAaQwnXk
+	jwt-secret-key: JfdDSgfCmPsDfmsAaQwnXk
 ```
diff --git a/sa-token-plugin/sa-token-temp-jwt/src/main/java/cn/dev33/satoken/temp/jwt/SaTempForJwt.java b/sa-token-plugin/sa-token-temp-jwt/src/main/java/cn/dev33/satoken/temp/jwt/SaTempForJwt.java
index 3255ff31..5af64684 100644
--- a/sa-token-plugin/sa-token-temp-jwt/src/main/java/cn/dev33/satoken/temp/jwt/SaTempForJwt.java
+++ b/sa-token-plugin/sa-token-temp-jwt/src/main/java/cn/dev33/satoken/temp/jwt/SaTempForJwt.java
@@ -17,7 +17,7 @@ public class SaTempForJwt implements SaTempInterface {
 	 */
 	@Override
 	public String createToken(Object value, long timeout) {
-		String token = SaJwtUtil.createToken(value, timeout, getJwtSecretkey());
+		String token = SaJwtUtil.createToken(value, timeout, getJwtSecretKey());
 		return token;
 	}
 	
@@ -26,7 +26,7 @@ public class SaTempForJwt implements SaTempInterface {
 	 */
 	@Override
 	public Object parseToken(String token) {
-		Object value = SaJwtUtil.getValue(token, getJwtSecretkey());
+		Object value = SaJwtUtil.getValue(token, getJwtSecretKey());
 		return value;
 	}
 	
@@ -35,7 +35,7 @@ public class SaTempForJwt implements SaTempInterface {
 	 */
 	@Override
 	public long getTimeout(String token) {
-		long timeout = SaJwtUtil.getTimeout(token, getJwtSecretkey());
+		long timeout = SaJwtUtil.getTimeout(token, getJwtSecretKey());
 		return timeout;
 	}
 
@@ -52,7 +52,7 @@ public class SaTempForJwt implements SaTempInterface {
 	 * @return jwt秘钥 
 	 */
 	@Override
-	public String getJwtSecretkey() {
+	public String getJwtSecretKey() {
 		String jwtSecretKey = SaManager.getConfig().getJwtSecretKey();
 		if(SaFoxUtil.isEmpty(jwtSecretKey)) {
 			throw new SaTokenException("请配置：jwtSecretKey");