lbwa
diff --git a/‎src/pages/Private/index.vue‎
Lines changed: 3 additions & 3 deletions b/‎src/pages/Private/index.vue‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎src/permission/__roles_filter__/index.js‎
Lines changed: 152 additions & 0 deletions b/‎src/permission/__roles_filter__/index.js‎
Lines changed: 152 additions & 0 deletions
diff --git a/‎src/permission/filter-routes.js‎
Lines changed: 69 additions & 0 deletions b/‎src/permission/filter-routes.js‎
Lines changed: 69 additions & 0 deletions
diff --git a/‎src/permission/index.js‎
Lines changed: 36 additions & 38 deletions b/‎src/permission/index.js‎
Lines changed: 36 additions & 38 deletions
@@ -1,12 +1,12 @@
 <template>
   <section class="access__static">
-    Current user role is <strong>{{$store.getters['login/role']}}</strong>
+    Current route is
+    <strong>{{$route.path}}</strong>
   </section>
 </template>
 
 <script>
-export default {
-}
+export default {}
 </script>
 
 <style lang='scss' scoped>
 
@@ -0,0 +1,152 @@
+import router from 'ROUTER'
+import store from 'STORE'
+import loginTypes from 'STORE/modules/login/mutations/types'
+import NProgress from 'nprogress'
+import 'nprogress/nprogress.css'
+import { tokenFromStorage, userInfoFromStorage } from 'UTILS/storage'
+import { MessageBox } from 'element-ui'
+import createDynamicRoutes from '../create-routes'
+import constantRoutes from 'ROUTER/routes/constant'
+
+NProgress.configure({ showSpinner: false })
+
+const WHITELIST = ['/login']
+
+// Used to determine whether private routes has been added
+let HAS_ROUTES_ADDED = false
+
+function setDynamicRoutesToStorage (roles) {
+  const currentRole = Array.isArray(roles) ? roles[0] : roles
+  store.commit(
+    `login/${loginTypes.SET_DYNAMIC_ROUTES}`,
+    createDynamicRoutes(currentRole)
+  )
+}
+
+function setGlobalRoutesToStorage () {
+  store.commit(`login/${loginTypes.SET_ALL_ROUTES}`, [
+    ...constantRoutes,
+    ...store.getters['login/dynamicRoutes']
+  ])
+}
+
+function errorHandler (e, next, redirectPath) {
+  MessageBox({
+    title: 'Error',
+    message: 'We got a error when fetching user access.',
+    type: 'error',
+    showClose: false
+  })
+    .then(() => store.dispatch('login/userLogout'))
+    .then(() =>
+      next({
+        path: `/login?redirect=${redirectPath}`,
+        replace: true
+      })
+    )
+  NProgress.done()
+  console.error(e)
+}
+
+function addRoutesToRouter () {
+  router.addRoutes(store.getters['login/dynamicRoutes'])
+  console.log(
+    '%c[Routes creation]: routes has been added!',
+    'color: yellow',
+    store.getters['login/dynamicRoutes']
+  )
+}
+
+function createRoutesMap (to, next) {
+  setDynamicRoutesToStorage(store.getters['login/role'])
+  setGlobalRoutesToStorage()
+  addRoutesToRouter()
+  HAS_ROUTES_ADDED = true
+  // 1. MUST invoke `next({ ...to, replace: true })` to prevent route matching
+  // from occurring before route is added
+  // 2. use `to` route to replace routes occurring before private routes is added
+  return next({ ...to, replace: true })
+}
+
+/**
+ * @description Login state validation
+ */
+router.beforeEach((to, from, next) => {
+  NProgress.start()
+
+  // Jump to target path directly If target path has been included by white list
+  if (WHITELIST.includes(to.path)) {
+    return next()
+  }
+
+  // ! State: User has been logged in (local token).
+  if (tokenFromStorage.getItem()) {
+    // 1. fetch RolesMap if necessary (when RolesMap stored by back-end)
+
+    // local storage has a accessToken record, but current `login/accessToken`
+    // vuex state is empty string when user activate a new session (eg. new
+    // browser tab)
+    if (!store.getters['login/accessToken']) {
+      return store
+        .dispatch('login/fetchUserAccess', tokenFromStorage.getItem())
+        .then(() => {
+          // fill vuex state with user information to prevent infinity loop.
+          store.commit(
+            `login/${loginTypes.SET_ACCESS_TOKEN}`,
+            tokenFromStorage.getItem()
+          )
+          store.commit(
+            `login/${loginTypes.SET_USER_INFO}`,
+            JSON.parse(userInfoFromStorage.getItem())
+          )
+        })
+        .then(() => createRoutesMap(to, next))
+        .catch(e => errorHandler(e, next, to.path))
+    }
+
+    // 2. confirm route access by user role, including global routes creation.
+    if (!store.getters['login/role']) {
+      // 2.1 fetch user role, then routes creation based on user role.
+      return store
+        .dispatch('login/fetchUserAccess', tokenFromStorage.getItem())
+        .then(() => createRoutesMap(to, next))
+        .catch(e => errorHandler(e, next, to.path))
+    }
+
+    // (2.2 optional) Regenerate private routes based on user role when page
+    // reload, because vuex state will be preserved by vuex-persistedstate when
+    // page reload.
+    if (store.getters['login/role'] && !HAS_ROUTES_ADDED) {
+      console.log(
+        '%c[Routes creation]: Activate private routes regeneration process !',
+        'color: yellow;'
+      )
+      return createRoutesMap(to, next)
+    }
+
+    // 2.2 filter route
+    if (
+      !to.meta.roles ||
+      to.meta.roles.includes(store.getters['login/role'][0])
+    ) {
+      next()
+    } else {
+      next({
+        path: `/403?redirect=${to.path}`,
+        replace: true
+      })
+    }
+  } else {
+    // ! State: user logout
+    next({
+      path: `/login?redirect=${to.path}`,
+      replace: true
+    })
+  }
+})
+
+router.afterEach((to, from) => {
+  NProgress.done()
+})
+
+export default router
@@ -0,0 +1,69 @@
+import routes from 'ROUTER/routes/dynamic'
+
+/**
+ * @description 根据后端回传的当前用户权限表创建一个用于过滤 routes 的 hashmap
+ * @param {Array} accesses 后端回传的当前用户权限表
+ */
+export function createAccessMap (accesses) {
+  return accesses.reduce((accessMap, access) => {
+    const accessNameList = access.access.split('.')
+    // accessNameList[1] 表示某个模块的名称，如 device
+    // accessNameList[2] 表示某个模块下的某个特定权限。如 read，write 等
+    accessMap[accessNameList[1]] = (accessMap[accessNameList[1]] || []).concat(
+      accessNameList[2]
+    )
+    return accessMap
+  }, {})
+}
+
+/**
+ * @description 根据重建的当前用户各个模块权限的 hashmap 过滤所有私有路由，得到当前用
+ * 户可访问的私有路由
+ * @param {Array} routes 所有的私有路由表
+ * @param {Object} accessMap 一个对应当前用户各个模块权限的 hashmap
+ */
+function filterRoutes (routes, accessMap) {
+  return routes.reduce((filteredRoutes, route) => {
+    const routeCopy = { ...route } // shallow copy
+    // 2.1 validate private route access
+    // determine whether private route is added to global routes map.
+    if (validateAccess(route, accessMap)) {
+      if (routeCopy.children) {
+        // recursive filter
+        routeCopy.children = filterRoutes(routeCopy.children, accessMap)
+      }
+
+      if (!(routeCopy.children && !routeCopy.children.length)) {
+        filteredRoutes.push(routeCopy)
+      }
+    }
+    return filteredRoutes
+  }, [])
+}
+
+/**
+ * @description 验证用户是否有权限访问某个私有路由
+ * @param {Object} route 某个私有路由对象
+ * @param {Array} accessMap 一个对应当前用户各个模块权限的 hashmap
+ */
+// ! 本质问题: 如何确定两个数组是否存在交集
+function validateAccess (route, accessMap) {
+  if (route.meta && route.meta.access) {
+    return Object.keys(route.meta.access).every(accessName => {
+      // 在后端回传的权限表中不存在对应 route 所需的最低权限中的一项，
+      // 即不满足 private route 的最低权限需求
+      if (!accessMap[accessName]) return false
+
+      return route.meta.access[accessName].every(routeAccess =>
+        accessMap[accessName].includes(routeAccess)
+      )
+    })
+  }
+
+  // situation: preset private route has no 'access' field
+  return true
+}
+
+export default function createPrivateRoutes (accessMap) {
+  return filterRoutes(routes, accessMap)
+}
@@ -5,23 +5,21 @@ import NProgress from 'nprogress'
 import 'nprogress/nprogress.css'
 import { tokenFromStorage, userInfoFromStorage } from 'UTILS/storage'
 import { MessageBox } from 'element-ui'
-import createDynamicRoutes from './create-routes'
+// import createDynamicRoutes from './create-routes'
+import createDynamicRoutes from './filter-routes'
 import constantRoutes from 'ROUTER/routes/constant'
 
 NProgress.configure({ showSpinner: false })
 
-const WHITELIST = [
-  '/login'
-]
+const WHITELIST = ['/login']
 
 // Used to determine whether private routes has been added
 let HAS_ROUTES_ADDED = false
 
-function setDynamicRoutesToStorage (roles) {
-  const currentRole = Array.isArray(roles) ? roles[0] : roles
+function setDynamicRoutesToStorage () {
   store.commit(
     `login/${loginTypes.SET_DYNAMIC_ROUTES}`,
-    createDynamicRoutes(currentRole)
+    createDynamicRoutes(store.getters['login/accessMap'])
   )
 }
 
@@ -40,24 +38,27 @@ function errorHandler (e, next, redirectPath) {
     showClose: false
   })
     .then(() => store.dispatch('login/userLogout'))
-    .then(() => next({
-      path: `/login?redirect=${redirectPath}`,
-      replace: true
-    }))
+    .then(() =>
+      next({
+        path: `/login?redirect=${redirectPath}`,
+        replace: true
+      })
+    )
   NProgress.done()
   console.error(e)
 }
 
 function addRoutesToRouter () {
   router.addRoutes(store.getters['login/dynamicRoutes'])
   console.log(
-    '%c[Routes creation]: routes has been added!', 'color: yellow',
+    '%c[Routes creation]: routes has been added!',
+    'color: yellow',
     store.getters['login/dynamicRoutes']
   )
 }
 
 function createRoutesMap (to, next) {
-  setDynamicRoutesToStorage(store.getters['login/role'])
+  setDynamicRoutesToStorage()
   setGlobalRoutesToStorage()
   addRoutesToRouter()
   HAS_ROUTES_ADDED = true
@@ -80,16 +81,13 @@ router.beforeEach((to, from, next) => {
 
   // ! State: User has been logged in (local token).
   if (tokenFromStorage.getItem()) {
-    // 1. fetch RolesMap if necessary (when RolesMap stored by back-end)
-
-    // local storage has a accessToken record, but current `login/accessToken`
+    // (Optional) local storage has a accessToken record, but current `login/accessToken`
     // vuex state is empty string when user activate a new session (eg. new
     // browser tab)
+
     if (!store.getters['login/accessToken']) {
-      return store.dispatch(
-        'login/fetchUserAccess',
-        tokenFromStorage.getItem()
-      )
+      return store
+        .dispatch('login/fetchUserAccess', tokenFromStorage.getItem())
         .then(() => {
           // fill vuex state with user information to prevent infinity loop.
           store.commit(
@@ -105,38 +103,38 @@ router.beforeEach((to, from, next) => {
         .catch(e => errorHandler(e, next, to.path))
     }
 
-    // 2. confirm route access by user role, including global routes creation.
-    if (!store.getters['login/role']) {
+    // step: 1. confirm route access by user access, including global routes creation.
+    if (!store.getters['login/accesses'].length) {
       // 2.1 fetch user role, then routes creation based on user role.
-      return store.dispatch(
-        'login/fetchUserAccess',
-        tokenFromStorage.getItem()
-      )
+      return store
+        .dispatch('login/fetchUserAccess', tokenFromStorage.getItem())
         .then(() => createRoutesMap(to, next))
         .catch(e => errorHandler(e, next, to.path))
     }
 
-    // (2.2 optional) Regenerate private routes based on user role when page
+    // (step 1.2 optional) Regenerate private routes based on user role when page
     // reload, because vuex state will be preserved by vuex-persistedstate when
     // page reload.
-    if (store.getters['login/role'] && !HAS_ROUTES_ADDED) {
+    if (store.getters['login/accesses'].length && !HAS_ROUTES_ADDED) {
       console.log(
         '%c[Routes creation]: Activate private routes regeneration process !',
         'color: yellow;'
       )
       return createRoutesMap(to, next)
     }
 
-    // 2.2 filter route
-    if (!to.meta.roles ||
-      to.meta.roles.includes(store.getters['login/role'][0])) {
-      next()
-    } else {
-      next({
-        path: `/403?redirect=${to.path}`,
-        replace: true
-      })
-    }
+    next()
+
+    // step:  real-time routes filter
+    // ! 如有动态权限验证的需求
+    // if (!to.meta.access || validateAccess(route, to.meta.access)) {
+    //   next()
+    // } else {
+    //   next({
+    //     path: `/403?redirect=${to.path}`,
+    //     replace: true
+    //   })
+    // }
   } else {
     // ! State: user logout
     next({