权限管理

chenjiantian

2022-01-18 a98228c5e829bff75969b51a37652d7dbd6bee7e

 ximon-admin/src/main/java/com/sandu/ximon/admin/controller/AdminController.java

@@ -17,8 +17,9 @@
import com.sandu.common.security.token.TokenProvider;
import com.sandu.common.util.IpUtil;
import com.sandu.common.util.ResponseUtil;
import com.sandu.ximon.admin.dto.AdminJwtUser;
import com.sandu.ximon.admin.param.AdminLoginParam;
import com.sandu.ximon.admin.param.AdminParam;
import com.sandu.ximon.admin.param.PwdParam;
import com.sandu.ximon.admin.security.SecurityUtils;
import com.sandu.ximon.admin.service.AdminService;
import com.sandu.ximon.admin.service.MenuService;
@@ -30,8 +31,8 @@
import lombok.AllArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.*;

import java.time.LocalDateTime;
@@ -39,9 +40,9 @@
import java.util.stream.Collectors;

/**
 * @author hupeng
 * @date 2018-11-23
 * 授权、根据token获取用户详细信息
 * @author chenjiantian
 * @date 2022/1/18 16:04
 * 管理员控制类
 */
@Slf4j
@RestController
@@ -81,7 +82,7 @@
        loginUserInfo.setIp(IpUtil.getRealIp());
        loginUserInfo.setAdministratorType(AdministratorEnums.ADMIN.getCode());
        loginUserInfo.setPermission(grantedAuthorities.stream().map(GrantedAuthority::getAuthority).collect(Collectors.joining(",")));
        

        // 生成令牌
        String token = tokenProvider.createToken(loginUserInfo);

@@ -104,7 +105,7 @@
        Long userId = SecurityUtils.getUserId();
        Admin admin = adminService.getById(userId);
        List<Role> roles = roleService.listByAdminId(admin.getId());
        if(CollectionUtil.isEmpty(roles)){
        if (CollectionUtil.isEmpty(roles)) {
            return ResponseUtil.fail("用户没有角色，无法获取数据");
        }
        List<Menu> menus = menuService.listByRoleIds(roles.stream().map(Role::getId).collect(Collectors.toList()));
@@ -130,33 +131,45 @@
        return ResponseUtil.successPage(list);
    }

//    @PreAuthorize("@el.check('admin:add')")
//    @PostMapping("/register")
//    public ResponseVO<Object> register(@Validated @RequestBody AdminParam adminParam) {
//        Admin admin = adminService.register(adminParam);
//        return ResponseUtil.success(admin);
//    }
    @PostMapping("/register")
    public ResponseVO<Object> register(@Validated @RequestBody AdminParam param) {
        boolean result = adminService.register(param);
        if (result) {
            return ResponseUtil.success("注册用户成功");
        } else {
            return ResponseUtil.fail("注册用户失败");
        }
    }

//    /**
//     * 修改管理员信息
//     *
//     * @param resources
//     * @return
//     */
//    @PutMapping("/{id}")
//    @PreAuthorize("@el.check('admin:edit')")
//    public ResponseVO<Object> update(@RequestBody AdminParam resources, @PathVariable Long id) {
//        checkLevel(id);
//        adminService.updateAdmin(id, resources);
//        return ResponseUtil.success(null);
//    }
//
//    @PutMapping("/updatePassword")
//    public ResponseVO<Object> updatePassword(@Validated @RequestBody PwdParam param) {
//        Long userId = SecurityUtils.getUserId();
//        adminService.updatePassword(userId, param);
//        return ResponseUtil.success(null);
//    }
    /**
     * 修改管理员信息
     *
     */
    @PostMapping("/update/{adminId}")
    public ResponseVO<Object> updateAdmin(@RequestBody AdminParam param, @PathVariable Long adminId) {
        boolean result = adminService.updateAdmin(adminId, param);
        if (result) {
            return ResponseUtil.success("修改成功");
        } else {
            return ResponseUtil.fail("修改失败");
        }
    }

    /**
     * 修改我的密码
     * @param param
     * @return
     */
    @PutMapping("/updateMyPassword")
    public ResponseVO<Object> updateMyPassword(@Validated @RequestBody PwdParam param) {
        boolean result = adminService.updateMyPassword(param);
        if (result) {
            return ResponseUtil.success("修改成功");
        } else {
            return ResponseUtil.fail("修改失败");
        }
    }

//    @PutMapping("/updateStatus/{id}")
//    public ResponseVO<Object> updateStatus(@PathVariable Long id, @RequestParam(value = "status") Integer status) {
@@ -190,28 +203,6 @@
//        return ResponseUtil.success("");
//    }

    /**
     * 如果当前用户的角色级别低于创建用户的角色级别，则抛出权限不足的错误
     *
     * @param updateId 被操作人的id
     */
    private void checkLevel(Long updateId) {
        Admin admin = adminService.findByUserName(SecurityUtils.getUsername());
        // 获取操作者最大权限
        Integer currentLevel = Collections.min(roleService.listByAdminId(admin.getId()).stream().map(Role::getLevel).collect(Collectors.toList()));
        // 获取被编辑人的最大权限
        List<Integer> optList = roleService.listByAdminId(updateId).stream().map(Role::getLevel).collect(Collectors.toList());
        // 没权限 随便操作
        if (CollectionUtil.isEmpty(optList)) {
            return;
        }
        Integer optLevel = Collections.min(optList);
        if (optLevel != null) {
            if (currentLevel > optLevel) {
                throw new BusinessException("权限不足，你的角色级别：" + currentLevel + "，低于操作的角色级别：" + optLevel);
            }
        }
    }

//    /**
//     * 编辑我的信息