当前位置: 首页 > 图灵资讯 > 技术篇> SpringCloud微服务实战——搭建企业级开发框架(二十一):基于RBAC模型的系统权限设计

SpringCloud微服务实战——搭建企业级开发框架(二十一):基于RBAC模型的系统权限设计

来源:图灵教育
时间:2023-10-20 17:57:03

  RBAC(基于角色的权限控制)模型的核心是在用户和权限之间引入角色的概念。RBAC介绍了原始链接,取消了用户与权限的直接关联,改为间接赋予用户权限,从而达到用户与权限解耦的目的。

RABC的好处
  1. 功能划分更加谨慎。角色的权限调整不仅会影响单个用户,还会影响所有与角色相关的用户。管理员将更加谨慎地发布/回收权限;
  2. 便于权限管理。对于批量用户权限调整,只需调整用户相关的角色权限,无需调整每个用户的权限,不仅大大提高了权限调整的效率,而且降低了泄露权限的可能性;
RBAC在不断发展的过程中,也因需求不同而演变出不同的版本,目前主要有以下版本:
  1. RBAC0是RBAC的初始形式,也是RBAC最原始、最简单的版本;
  2. 基于RBAC0的优化,RBAC1增加了角色的分层(即子角色),子角色可以继承父角色的所有权限;
  3. 基于RBAC0的另一种优化,RBAC2增加了对角色的一些限制:角色互斥、角色容量等;
  4. RBAC3,最复杂、最全面的RBAC模型,在RBAC0的基础上,整合了RBAC1和RBAC2的优化部分;
RBAC权限基本功能模块:

RBAC功能模块

RBAC权限基础表:
  1. 用户表:t_sys_user
CREATE TABLE `t_sys_user`  (  `id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT '主键',  `tenant_id` bigint(20) NOT NULL DEFAULT 0 COMMENT “租户id”,  `account` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '账号',  `nickname` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '昵称',  `real_name` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT 真实姓名,  `gender` char(1) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT '2' COMMENT '1 : 男,0 : 女',  `email` varchar(64) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '邮箱',  `mobile` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '电话',  `password` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '密码',  `status` tinyint(1) NULL DEFAULT 1 COMMENT \''0\' 启用, \'2\' 密码过期或首次未修改,  `avatar` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '头像',  `country` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '国家',  `province` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '省',  `city` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '市',  `area` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '区',  `street` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT 街道详细地址,  `comments` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '备注',  `create_time` datetime(0) NULL DEFAULT NULL COMMENT 创造时间,  `creator` bigint(20) NULL DEFAULT NULL COMMENT 创造者,  `update_time` datetime(0) NULL DEFAULT NULL COMMENT 更新时间,  `operator` bigint(20) NULL DEFAULT NULL COMMENT "更新者",  `del_flag` tinyint(1) NULL DEFAULT 0 COMMENT '1:删除 0:不删除',  PRIMARY KEY (`id`) USING BTREE,  INDEX `INDEX_USER_NAME`(`real_name`) USING BTREE,  INDEX `INDEX_USER_PHONE`(`mobile`) USING BTREE,  INDEX `INDEX_USER_EMAIL`(`email`) USING BTREE) ENGINE = InnoDB AUTO_INCREMENT = 1 CHARACTER SET = utf8 COLLATE = utf8_general_ci COMMENT = '用户表' ROW_FORMAT = Dynamic;
  1. 角色表:t_sys_role
CREATE TABLE `t_sys_role`  (  `id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT '主键',  `tenant_id` bigint(20) NOT NULL DEFAULT 0 COMMENT “租户id”,  `parent_id` bigint(20) NULL DEFAULT 0 COMMENT "父亲id",  `role_name` varchar(40) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT 角色名称,  `role_key` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT 角色标识,  `role_level` int(11) NULL DEFAULT NULL COMMENT 角色级别,  `role_status` tinyint(1) NULL DEFAULT 1 COMMENT 有效,0禁用,  `comments` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '描述',  `create_time` datetime(0) NULL DEFAULT NULL COMMENT 创造时间,  `creator` bigint(20) NULL DEFAULT NULL COMMENT 创造者,  `update_time` datetime(0) NULL DEFAULT NULL COMMENT 更新时间,  `operator` bigint(20) NULL DEFAULT NULL COMMENT "更新者",  `del_flag` tinyint(1) NULL DEFAULT 0 COMMENT '1:删除 0:不删除',  PRIMARY KEY (`id`) USING BTREE,  INDEX `INDEX_ROLE_NAME`(`role_name`) USING BTREE) ENGINE = InnoDB AUTO_INCREMENT = 1 CHARACTER SET = utf8 COLLATE = utf8_general_ci COMMENT = '角色表' ROW_FORMAT = Dynamic;
  1. 权限表(资源表):t_sys_resource
CREATE TABLE `t_sys_resource`  (  `id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT '主键',  `parent_id` bigint(20) NULL DEFAULT NULL COMMENT "父亲id",  `tenant_id` bigint(20) NOT NULL DEFAULT 0 COMMENT “租户id”,  `ancestors` varchar(100) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT 所有上级组织的id集合,方便机构查找,  `resource_name` varchar(40) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT “资源名称”,  `resource_key` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT "资源标识",  `resource_type` char(1) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '资源类型 1、模块 2、菜单 3、按钮 4、链接',  `resource_icon` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT "资源图标",  `resource_path` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT “资源路径”,  `resource_url` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT "数据链接",  `resource_level` int(11) NULL DEFAULT NULL COMMENT “资源水平”,  `resource_show` tinyint(1) NULL DEFAULT NULL COMMENT "是否显示",  `resource_cache` tinyint(1) NULL DEFAULT NULL COMMENT "是否缓存",  `resource_page_name` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT 资源页面名称,  `resource_status` tinyint(1) NULL DEFAULT 1 COMMENT 有效,0禁用,  `comments` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '备注',  `create_time` datetime(0) NULL DEFAULT NULL COMMENT 创造时间,  `creator` bigint(20) NULL DEFAULT NULL COMMENT 创造者,  `update_time` datetime(0) NULL DEFAULT NULL COMMENT 更新时间,  `operator` bigint(20) NULL DEFAULT NULL COMMENT "更新者",  `del_flag` tinyint(1) NOT NULL DEFAULT 0 COMMENT '1:删除 0:不删除',  PRIMARY KEY (`id`) USING BTREE,  INDEX `INDEX_PERM_NAME`(`resource_name`) USING BTREE,  INDEX `INDEX_PERM_PID`(`parent_id`) USING BTREE) ENGINE = InnoDB AUTO_INCREMENT = 1 CHARACTER SET = utf8 COLLATE = utf8_general_ci COMMENT = '权限表' ROW_FORMAT = Dynamic;
  1. 组织机构表:t_sys_organization
CREATE TABLE `t_sys_organization`  (  `id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT 'id',  `tenant_id` bigint(20) NOT NULL DEFAULT 0 COMMENT “租户id”,  `parent_id` bigint(20) NULL DEFAULT NULL COMMENT "父组织id",  `ancestors` varchar(100) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT 所有上级组织的id集合,方便机构查找,  `organization_type` char(1) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT 组织类型:1:事业部  2:机构  3:盐城',  `organization_name` varchar(40) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT 组织名称,  `organization_key` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT 组织编码,  `organization_icon` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT "组织图标",  `organization_level` int(11) NULL DEFAULT NULL COMMENT 组织级别(排序),  `organization_status` tinyint(1) NULL DEFAULT 1 COMMENT 有效,0禁用,  `province` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '省',  `city` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '市',  `area` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '区',  `street` varchar(120) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '街道',  `comments` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '描述',  `create_time` datetime(0) NULL DEFAULT NULL COMMENT 创建日期,  `creator` bigint(20) NULL DEFAULT NULL COMMENT 创造者,  `update_time` datetime(0) NULL DEFAULT NULL COMMENT "更新日期",  `operator` bigint(20) NULL DEFAULT NULL COMMENT "更新者",  `del_flag` tinyint(1) NULL DEFAULT 0 COMMENT '1:删除 0:不删除',  PRIMARY KEY (`id`) USING BTREE,  INDEX `INDEX_ORG_NAME`(`organization_name`) USING BTREE) ENGINE = InnoDB AUTO_INCREMENT = 1 CHARACTER SET = utf8 COLLATE = utf8_general_ci COMMENT = '组织表' ROW_FORMAT = Dynamic;
  1. 用户及角色关联表:t_sys_user_role(多对多)
CREATE TABLE `t_sys_user_role`  (  `id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT '主键',  `tenant_id` bigint(20) NOT NULL DEFAULT 0 COMMENT “租户id”,  `user_id` bigint(20) NOT NULL COMMENT 用户id,  `role_id` bigint(20) NOT NULL COMMENT 角色id,  `create_time` datetime(0) NULL DEFAULT NULL COMMENT 创造时间,  `creator` bigint(20) NULL DEFAULT NULL COMMENT "创造人",  `update_time` datetime(0) NULL DEFAULT NULL COMMENT 更新时间,  `operator` bigint(20) NULL DEFAULT NULL COMMENT "更新人",  `del_flag` tinyint(1) NULL DEFAULT 0 COMMENT '1:删除 0:不删除',  PRIMARY KEY (`id`) USING BTREE,  INDEX `INDEX_USER_ID`(`user_id`) USING BTREE,  INDEX `INDEX_ROLE_ID`(`role_id`) USING BTREE) ENGINE = InnoDB AUTO_INCREMENT = 1 CHARACTER SET = utf8 COLLATE = utf8_general_ci COMMENT = “用户与角色关联表” ROW_FORMAT = Dynamic;
  1. 机构与用户关联表:t_sys_organization_user(一对多)
CREATE TABLE `t_sys_organization_user`  (  `id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT '主键',  `tenant_id` bigint(20) NOT NULL DEFAULT 0 COMMENT “租户id”,  `organization_id` bigint(20) NOT NULL COMMENT 机构id,  `user_id` bigint(20) NOT NULL COMMENT 用户id,  `create_time` datetime(0) NULL DEFAULT NULL COMMENT 创造时间,  `creator` bigint(20) NULL DEFAULT NULL COMMENT 创造者,  `update_time` datetime(0) NULL DEFAULT NULL COMMENT “更新时间”,  `operator` bigint(20) NULL DEFAULT NULL COMMENT 更新者','更新者',  `del_flag` tinyint(1) NULL DEFAULT 0 COMMENT '1:删除 0:不删除',  PRIMARY KEY (`id`) USING BTREE) ENGINE = InnoDB AUTO_INCREMENT = 1 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;
  1. 角色与权限(资源)关联表:t_sys_role_resource(多对多)
CREATE TABLE `t_sys_role_resource`  (  `id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT '主键',  `tenant_id` bigint(20) NOT NULL DEFAULT 0 COMMENT “租户id”,  `role_id` bigint(20) NOT NULL COMMENT 角色id,  `resource_id` bigint(20) NOT NULL COMMENT 资源id,  `create_time` datetime(0) NULL DEFAULT NULL COMMENT 创造时间,  `creator` bigint(20) NULL DEFAULT NULL COMMENT 创造者,  `update_time` datetime(0) NULL DEFAULT NULL COMMENT 更新时间,  `operator` bigint(20) NULL DEFAULT NULL COMMENT "更新者",  `del_flag` tinyint(1) NOT NULL DEFAULT 0 COMMENT '1:删除 0:不删除',  PRIMARY KEY (`id`) USING BTREE) ENGINE = InnoDB AUTO_INCREMENT = 1 CHARACTER SET = utf8 COLLATE = utf8_general_ci COMMENT = 角色与权限的关联表 ROW_FORMAT = Dynamic;
权限扩展表:
  1. 组织角色表:t_sys_organization_role(某个机构下的所有人员都有某个角色的权限)
CREATE TABLE `t_sys_organization_role`  (  `id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT '主键',  `tenant_id` bigint(20) NOT NULL DEFAULT 0 COMMENT “租户id”,  `organization_id` bigint(20) NOT NULL COMMENT 组织机构id,  `role_id` bigint(20) NOT NULL COMMENT 角色id,  `create_time` datetime(0) NULL DEFAULT NULL COMMENT 创造时间,  `creator` bigint(20) NULL DEFAULT NULL COMMENT 创造者,  `update_time` datetime(0) NULL DEFAULT NULL COMMENT 更新时间,  `operator` bigint(20) NULL DEFAULT NULL COMMENT "更新者",  `del_flag` tinyint(1) NULL DEFAULT 0 COMMENT '1:删除 0:不删除',  PRIMARY KEY (`id`) USING BTREE) ENGINE = InnoDB AUTO_INCREMENT = 1 CHARACTER SET = utf8 COLLATE = utf8_general_ci COMMENT = 可以给组织权限,这个组织下的所有用户都有这个权限 ROW_FORMAT = Dynamic;
  1. 数据权限配置表:t_sys_data_permission
CREATE TABLE `t_sys_data_permission`  (  `id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT '主键',  `tenant_id` bigint(20) NOT NULL DEFAULT 0 COMMENT “租户id”,  `user_id` bigint(20) NOT NULL COMMENT 用户id,  `organization_id` bigint(20) NOT NULL COMMENT 机构id,  `create_time` datetime(0) NULL DEFAULT NULL COMMENT 创造时间,  `creator` bigint(20) NULL DEFAULT NULL COMMENT 创造者,  `update_time` datetime(0) NULL DEFAULT NULL COMMENT “更新时间”,  `operator` bigint(20) NULL DEFAULT NULL COMMENT "更新者",  `del_flag` tinyint(1) NULL DEFAULT 0 COMMENT '1:删除 0:不删除',  PRIMARY KEY (`id`) USING BTREE) ENGINE = InnoDB AUTO_INCREMENT = 1 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;
  1. 用户信息扩展表:t_sys_user_info
CREEATEEE根据自己业务的具体需求进行扩展 TABLE `t_sys_user_info`  (  `id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT '主键',  `tenant_id` bigint(20) NOT NULL DEFAULT 0 COMMENT “租户id”,  `parent_id` bigint(20) NULL DEFAULT 0 COMMENT 上级ID,  `user_id` bigint(20) NULL DEFAULT NULL COMMENT 系统用户表用户ID,  `wechat_open_id` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT '' COMMENT openid,小程序用户,  `wechat_platform_open_id` varchar(64) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT '' COMMENT 公众号用户openid,  `wechat_union_id` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT '' COMMENT Union微信用户 id',  `telephone` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT “固定电话”,  `wechat_number` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT "微信号",  `qq_number` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT QQ号,  `user_type` smallint(1) NULL DEFAULT 1 COMMENT '用户类型1、普通用户,  `member_points` bigint(20) NULL DEFAULT 60 COMMENT 会员积分,  `work_unit` varchar(100) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT "工作单位",  `duties` varchar(50) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '职务',  `education` varchar(10) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '学历',  `card_type` varchar(1) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT "证件类型",  `card_number` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT "证件号",  `card_front` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT 正面照片,  `card_reverse` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT “反面照片”,  `graduated` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT "毕业院校",  `gender` int(1) NULL DEFAULT NULL COMMENT '性别',  `birthday` datetime(0) NULL DEFAULT NULL COMMENT 出生日期,  `graduated_date` date NULL DEFAULT NULL COMMENT "毕业时间",  `register_time` datetime(0) NULL DEFAULT NULL COMMENT "注册日期",  `register_ip` varchar(45) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT 注册ip,  `last_login_time` datetime(0) NULL DEFAULT NULL COMMENT 最后登录日期,  `last_login_ip` varchar(45) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT 最后登录ip',  `create_time` datetime(0) NULL DEFAULT NULL COMMENT 创造时间,  `creator` bigint(20) NULL DEFAULT NULL COMMENT "创造人",  `update_time` datetime(0) NULL DEFAULT NULL COMMENT 最后修改时间,  `operator` bigint(20) NULL DEFAULT NULL COMMENT "最后修改人",  `del_flag` tinyint(1) NOT NULL DEFAULT 0 COMMENT 是否删除,  PRIMARY KEY (`id`) USING BTREE) ENGINE = InnoDB AUTO_INCREMENT = 1 CHARACTER SET = utf8mb4 COLLATE = utf8mb4_general_ci COMMENT = “微信注册会员表” ROW_FORMAT = DYNAMIC;
  可以使用mybatis-plus代码生成这些表的实体类和mapper方法。这里不详细介绍,集成代码生成模块将单独介绍。 这些表数据的管理代码存储在giteggg中,因为它们是与系统权限相关的功能。-service-在system子工程中。这里只介绍权限的配置和设计,系统权限的具体使用将介绍SpringCloud 具体介绍OAuth2和Gateway的使用情况。