用户权限

zhanzhiqin

2022-04-15 42190b82f67483e3db3b5b1a66ddc8bdbd22a3ca

 ximon-admin/src/main/java/com/sandu/ximon/admin/controller/AdminController.java

@@ -1,5 +1,6 @@
package com.sandu.ximon.admin.controller;

import cn.hutool.core.bean.BeanUtil;
import cn.hutool.core.collection.CollectionUtil;
import cn.hutool.core.map.MapBuilder;
import cn.hutool.core.map.MapUtil;
@@ -7,8 +8,10 @@
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import com.github.pagehelper.PageHelper;
import com.sandu.common.domain.ResponseVO;
import com.sandu.common.enums.AdminStatusStatus;
import com.sandu.common.enums.ResponseStatusEnums;
import com.sandu.common.execption.BusinessException;
import com.sandu.common.log.Log;
import com.sandu.common.object.BaseConditionVO;
import com.sandu.common.security.LoginUserInfo;
import com.sandu.common.security.annotation.AnonymousAccess;
@@ -16,33 +19,33 @@
import com.sandu.common.security.token.TokenProvider;
import com.sandu.common.util.IpUtil;
import com.sandu.common.util.ResponseUtil;
import com.sandu.ximon.admin.dto.AdminJwtUser;
import com.sandu.ximon.admin.dto.AdminDto;
import com.sandu.ximon.admin.dto.ClientDto;
import com.sandu.ximon.admin.param.AdminLoginParam;
import com.sandu.ximon.admin.param.AdminParam;
import com.sandu.ximon.admin.param.PwdParam;
import com.sandu.ximon.admin.param.ReceiveParam;
import com.sandu.ximon.admin.security.PermissionConfig;
import com.sandu.ximon.admin.security.SecurityUtils;
import com.sandu.ximon.admin.service.AdminService;
import com.sandu.ximon.admin.service.MenuService;
import com.sandu.ximon.admin.service.RoleService;
import com.sandu.ximon.dao.domain.Admin;
import com.sandu.ximon.dao.domain.Menu;
import com.sandu.ximon.dao.domain.Role;
import com.sandu.ximon.admin.service.*;
import com.sandu.ximon.dao.domain.*;
import com.sandu.ximon.dao.enums.AdministratorEnums;
import com.sandu.ximon.dao.enums.MenuEnum;
import lombok.AllArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.*;

import java.time.LocalDateTime;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.*;
import java.util.stream.Collectors;

/**
 * @author hupeng
 * @date 2018-11-23
 * 授权、根据token获取用户详细信息
 * @author chenjiantian
 * @date 2022/1/18 16:04
 * 管理员控制类
 */
@Slf4j
@RestController
@@ -54,10 +57,13 @@
    private final MenuService menuService;
    private final PasswordEncoder passwordEncoder;
    private final AdminService adminService;
    private final ClientService clientService;
    private final RoleService roleService;
    private final TokenProvider tokenProvider;
    private final AdminRoleRelationService adminRoleRelationService;
    private PermissionConfig permissionConfig;


    @Log("后台用户登录")
    @AnonymousAccess
    @PostMapping(value = "/login")
    public ResponseVO<Object> login(@RequestBody AdminLoginParam loginParam) {
@@ -68,10 +74,11 @@
        if (!passwordEncoder.matches(loginParam.getPassword(), admin.getPassword())) {
            return ResponseUtil.error(ResponseStatusEnums.BAD_CREDENTIALS.getCode(), ResponseStatusEnums.BAD_CREDENTIALS.getMessage());
        }
        UserDetails userJwtUser = new AdminJwtUser(admin, roleService.mapToGrantedAuthorities(admin.getId()));
        if (!userJwtUser.isEnabled()) {
        if (AdminStatusStatus.DISABLE.getCode().equals(admin.getStatus())) {
            return ResponseUtil.error(ResponseStatusEnums.DISABLE_ACCOUNT.getCode(), ResponseStatusEnums.DISABLE_ACCOUNT.getMessage());
        }

        Collection<GrantedAuthority> grantedAuthorities = roleService.mapToGrantedAuthorities(admin.getId(), true);

        LoginUserInfo loginUserInfo = new LoginUserInfo();
        loginUserInfo.setUserId(admin.getId());
@@ -80,8 +87,7 @@
        loginUserInfo.setStatus(admin.getStatus());
        loginUserInfo.setIp(IpUtil.getRealIp());
        loginUserInfo.setAdministratorType(AdministratorEnums.ADMIN.getCode());
        loginUserInfo.setPermission("tenant");

        loginUserInfo.setPermission(grantedAuthorities.stream().map(GrantedAuthority::getAuthority).collect(Collectors.joining(",")));

        // 生成令牌
        String token = tokenProvider.createToken(loginUserInfo);
@@ -100,22 +106,41 @@
        return ResponseUtil.success(authInfo);
    }

    //    @Log("后台用户信息")
    @GetMapping(value = "/info")
    public ResponseVO<Object> getUserInfo() {
        Long userId = SecurityUtils.getUserId();
        Admin admin = adminService.getById(userId);
        List<Role> roles = roleService.listByAdminId(admin.getId());
        List<Role> roles;
        MapBuilder<Object, Object> builder;
        if (AdministratorEnums.ADMIN.getCode().equals(SecurityUtils.getAdministratorIdentity())
                || AdministratorEnums.CUSTOMER.getCode().equals(SecurityUtils.getAdministratorIdentity())) {
            Admin admin = adminService.getById(userId);
            roles = roleService.listByAdminId(admin.getId());
            builder = MapUtil.builder().put("admin", admin);

        } else {
            Client client = clientService.getById(userId);
            roles = roleService.listByClientId(client.getId());
            builder = MapUtil.builder().put("admin", client);

        }
        if (CollectionUtil.isEmpty(roles)) {
            return ResponseUtil.fail("用户没有角色，无法获取数据");
        }
        List<Menu> menus = menuService.listByRoleIds(roles.stream().map(Role::getId).collect(Collectors.toList()));
        MapBuilder<Object, Object> builder = MapUtil.builder().put("info", admin);
        if (CollectionUtil.isNotEmpty(menus)) {
            List<Menu> collect = menus.stream().filter(menu -> menu.getType() == 0).collect(Collectors.toList());
            List<Menu> collect = menus.stream().filter(menu -> menu.getType() == 0 || menu.getType() == 1).collect(Collectors.toList());
            builder.put("menus", collect);
        }
        return ResponseUtil.success(builder.build());
    }

    @Log("后台用户列表")
    @GetMapping(value = "/list")
    public ResponseVO<Object> listAdmin(BaseConditionVO baseConditionVO, @RequestParam(value = "keyword", required = false) String keyword) {
        if (!permissionConfig.check(MenuEnum.ADMIN_LIST.getCode())) {
            return ResponseUtil.fail("缺少对应用户权限");
        }
        PageHelper.startPage(baseConditionVO.getPageNo(), baseConditionVO.getPageSize());
        LambdaQueryWrapper<Admin> wrapper = Wrappers.lambdaQuery(Admin.class);
        if (keyword != null) {
@@ -125,36 +150,63 @@
                    });
        }
        List<Admin> list = adminService.list(wrapper);
        return ResponseUtil.successPage(list);

        List<AdminDto> adminDtoList = new ArrayList<>();
        for (Admin demo : list) {
            AdminDto adminDto = new AdminDto();
            BeanUtil.copyProperties(demo, adminDto);
            AdminRoleRelation one = adminRoleRelationService.getOne(Wrappers.lambdaQuery(AdminRoleRelation.class)
                    .eq(AdminRoleRelation::getAdminId, demo.getId()));

            if (one != null) {
                adminDto.setRoleId(one.getRoleId());
            }
            adminDtoList.add(adminDto);

        }
        return ResponseUtil.successPage(adminDtoList);
    }

//    @PreAuthorize("@el.check('admin:add')")
//    @PostMapping("/register")
//    public ResponseVO<Object> register(@Validated @RequestBody AdminParam adminParam) {
//        Admin admin = adminService.register(adminParam);
//        return ResponseUtil.success(admin);
//    }
    @Log("后台用户注册")
    @PostMapping("/register")
    public ResponseVO<Object> register(@Validated @RequestBody AdminParam param) {
        boolean result = adminService.register(param);
        if (result) {
            return ResponseUtil.success("注册用户成功");
        } else {
            return ResponseUtil.fail("注册用户失败");
        }
    }

//    /**
//     * 修改管理员信息
//     *
//     * @param resources
//     * @return
//     */
//    @PutMapping("/{id}")
//    @PreAuthorize("@el.check('admin:edit')")
//    public ResponseVO<Object> update(@RequestBody AdminParam resources, @PathVariable Long id) {
//        checkLevel(id);
//        adminService.updateAdmin(id, resources);
//        return ResponseUtil.success(null);
//    }
//
//    @PutMapping("/updatePassword")
//    public ResponseVO<Object> updatePassword(@Validated @RequestBody PwdParam param) {
//        Long userId = SecurityUtils.getUserId();
//        adminService.updatePassword(userId, param);
//        return ResponseUtil.success(null);
//    }

    /**
     * 修改管理员信息
     */
    @Log("后台用户修改信息")
    @PostMapping("/update/{adminId}")
    public ResponseVO<Object> updateAdmin(@RequestBody AdminParam param, @PathVariable Long adminId) {
        boolean result = adminService.updateAdmin(adminId, param);
        if (result) {
            return ResponseUtil.success("修改成功");
        } else {
            return ResponseUtil.fail("修改失败");
        }
    }

    /**
     * 修改我的密码
     */
    @Log("后台用户修改密码")
    @PutMapping("/updateMyPassword")
    public ResponseVO<Object> updateMyPassword(@Validated @RequestBody PwdParam param) {
        boolean result = adminService.updateMyPassword(param);
        if (result) {
            return ResponseUtil.success("修改成功");
        } else {
            return ResponseUtil.fail("修改失败");
        }
    }

//    @PutMapping("/updateStatus/{id}")
//    public ResponseVO<Object> updateStatus(@PathVariable Long id, @RequestParam(value = "status") Integer status) {
@@ -166,13 +218,38 @@
//        return ResponseUtil.success(null);
//    }

//    @DeleteMapping("/{id}")
//    @PreAuthorize("@el.check('admin:del')")
//    public ResponseVO<Object> delete(@PathVariable Long id) {
//        checkLevel(id);
//        adminService.deleteAdmin(id);
//        return ResponseUtil.success(null);
//    }
    @Log("后台用户删除")
    @PostMapping("/del/{adminId}")
    public ResponseVO<Object> deleteAdmin(@PathVariable Long adminId) {
        boolean result = adminService.deleteAdmin(adminId);
        if (result) {
            return ResponseUtil.success("修改成功");
        } else {
            return ResponseUtil.fail("修改失败");
        }
    }

    @Log("用户修改头像")
    @PostMapping("/updateIcon")
    public ResponseVO<Object> updateIcon(@RequestBody ReceiveParam receiveParam) {
        if (receiveParam.getIconUrl().trim() == null) {
            throw new BusinessException("头像URL不能为空！");
        }
        boolean result;
        //普通用户修改头像
        if (SecurityUtils.getAdministratorIdentity().equals(AdministratorEnums.NORMAL.getCode())) {
            result = clientService.updateIcon(SecurityUtils.getUserId(), receiveParam.getIconUrl());
        } else {
            //超级管理员、管理员修改头像
            result = adminService.updateIcon(SecurityUtils.getUserId(), receiveParam.getIconUrl());
        }

        if (result) {
            return ResponseUtil.success("修改成功");
        } else {
            return ResponseUtil.fail("修改失败");
        }
    }

//    /**
//     * 给管理员分配角色
@@ -188,28 +265,6 @@
//        return ResponseUtil.success("");
//    }

    /**
     * 如果当前用户的角色级别低于创建用户的角色级别，则抛出权限不足的错误
     *
     * @param updateId 被操作人的id
     */
    private void checkLevel(Long updateId) {
        Admin admin = adminService.findByUserName(SecurityUtils.getUsername());
        // 获取操作者最大权限
        Integer currentLevel = Collections.min(roleService.listByAdminId(admin.getId()).stream().map(Role::getLevel).collect(Collectors.toList()));
        // 获取被编辑人的最大权限
        List<Integer> optList = roleService.listByAdminId(updateId).stream().map(Role::getLevel).collect(Collectors.toList());
        // 没权限 随便操作
        if (CollectionUtil.isEmpty(optList)) {
            return;
        }
        Integer optLevel = Collections.min(optList);
        if (optLevel != null) {
            if (currentLevel > optLevel) {
                throw new BusinessException("权限不足，你的角色级别：" + currentLevel + "，低于操作的角色级别：" + optLevel);
            }
        }
    }

//    /**
//     * 编辑我的信息