# 权限校验 ## 核心理念 建立用户-组-权限资源的关系,对用户进行鉴权 [![o4WeAI.png](https://s1.ax1x.com/2021/12/10/o4WeAI.png)](https://imgtu.com/i/o4WeAI) ## 鉴权流程 ### 在权限表(permission)中插入资源信息 ```sql INSERT INTO permission (id, res_type, area, res_full_path, res_full_name, operation_bit, expire_date, created_time, updated_time, created_by, updated_by) VALUES (101, 'hive', 'china', '/test.db/test', '/测试库/测试表', 'select', '2099-12-26 10:45:26', now(), now(), 'system', 'system'), (102, 'hive', 'china', '/test.db/test1', '/测试库/测试表1', 'select', '2099-12-26 10:45:26', now(), now(), 'system', 'system'), (103, 'hive', 'china', '/test.db', '/测试库', 'select', '2099-12-26 10:45:26', now(), now(), 'system', 'system'); ``` ### 在组-权限表建立连接 ```sql INSERT INTO group_permission_relation (id, group_id, permission_id, created_time, updated_time, created_by, updated_by) VALUES (1, 101, 101, now(), now(), 'system', 'system'), (2, 101, 102, now(), now(), 'system', 'system'), (3, 101, 103, now(), now(), 'system', 'system'), (4, 102, 101, now(), now(), 'system', 'system'), (5, 102, 102, now(), now(), 'system', 'system'), (6, 103, 101, now(), now(), 'system', 'system'), (7, 103, 102, now(), now(), 'system', 'system'), (8, 103, 103, now(), now(), 'system', 'system'); ``` ### 访问接口进行鉴权 ```shell curl --location --request POST 'http://127.0.0.1:8443/authentication-server/auth/data/permission' \ --header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX25hbWUiOiJhZG1pbiIsInNjb3BlIjpbInJlYWQiXSwib3JnYW5pemF0aW9uIjoiYWRtaW4iLCJleHAiOjE2MzkwNzQ1MTMsImF1dGhvcml0aWVzIjpbIkFETUlOIl0sImp0aSI6IllsVVhlV2d1VFBRbGdmSHYyY0VGOC1seEVGRSIsImNsaWVudF9pZCI6InRlc3RfY2xpZW50In0.1JqUvfv5i9wd9F7hWYW-Xafoc5bh9tFEupIoVYW09nU' \ --header 'User-Agent: apifox/1.0.0 (https://www.apifox.cn)' \ --header 'Content-Type: application/json' \ --data-raw '{ "resFullName": "/测试库/测试表", "area": "china", "resType": "hive", "operationBit": "select", "resFullPath": "/test.db/test", "groupCode": "101" }' ``` [![o4WzrQ.png](https://s1.ax1x.com/2021/12/10/o4WzrQ.png)](https://imgtu.com/i/o4WzrQ)