package com.sandu.ximon.admin.controller; import cn.hutool.core.collection.CollectionUtil; import cn.hutool.core.map.MapBuilder; import cn.hutool.core.map.MapUtil; import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; import com.baomidou.mybatisplus.core.toolkit.Wrappers; import com.github.pagehelper.PageHelper; import com.sandu.common.domain.ResponseVO; import com.sandu.common.enums.ResponseStatusEnums; import com.sandu.common.execption.BusinessException; import com.sandu.common.object.BaseConditionVO; import com.sandu.common.security.annotation.AnonymousAccess; import com.sandu.common.security.config.SecurityProperties; import com.sandu.common.security.jwt.JwtTokenProvider; import com.sandu.common.util.ResponseUtil; import com.sandu.ximon.admin.dto.AdminJwtUser; import com.sandu.ximon.admin.param.AdminLoginParam; import com.sandu.ximon.admin.security.SecurityUtils; import com.sandu.ximon.admin.service.AdminService; import com.sandu.ximon.admin.service.MenuService; import com.sandu.ximon.admin.service.RoleService; import com.sandu.ximon.dao.domain.Admin; import com.sandu.ximon.dao.domain.Menu; import com.sandu.ximon.dao.domain.Role; import com.sandu.ximon.dao.enums.AdministratorEnums; import lombok.AllArgsConstructor; import lombok.extern.slf4j.Slf4j; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.web.bind.annotation.*; import java.time.LocalDateTime; import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.stream.Collectors; /** * @author hupeng * @date 2018-11-23 * 授权、根据token获取用户详细信息 */ @Slf4j @RestController @AllArgsConstructor @RequestMapping("v1/admin") public class AdminController { private final SecurityProperties properties; private final MenuService menuService; private final PasswordEncoder passwordEncoder; private final AdminService adminService; private final RoleService roleService; private final JwtTokenProvider tokenProvider; @AnonymousAccess @PostMapping(value = "/login") public ResponseVO login(@RequestBody AdminLoginParam loginParam) { Admin admin = adminService.getOne(Wrappers.lambdaQuery(Admin.class).eq(Admin::getUsername, loginParam.getUsername()).last("limit 1")); if (admin == null) { return ResponseUtil.error(ResponseStatusEnums.BAD_CREDENTIALS.getCode(), ResponseStatusEnums.BAD_CREDENTIALS.getMessage()); } if (!passwordEncoder.matches(loginParam.getPassword(), admin.getPassword())) { return ResponseUtil.error(ResponseStatusEnums.BAD_CREDENTIALS.getCode(), ResponseStatusEnums.BAD_CREDENTIALS.getMessage()); } UserDetails userJwtUser = new AdminJwtUser(admin, roleService.mapToGrantedAuthorities(admin.getId())); if(!userJwtUser.isEnabled()){ return ResponseUtil.error(ResponseStatusEnums.DISABLE_ACCOUNT.getCode(), ResponseStatusEnums.DISABLE_ACCOUNT.getMessage()); } UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userJwtUser, AdministratorEnums.ADMIN.getCode(), userJwtUser.getAuthorities()); SecurityContextHolder.getContext().setAuthentication(authentication); // 生成令牌 String token = tokenProvider.createToken(authentication); final AdminJwtUser jwtUser = (AdminJwtUser) authentication.getPrincipal(); // 更新最后登录时间 Admin update = new Admin(); update.setId(admin.getId()); update.setLoginTime(LocalDateTime.now()); adminService.updateById(update); // 返回 token 与 用户信息 Map authInfo = new HashMap(2) {{ put("token", properties.getTokenStartWith() + token); put("user", jwtUser); }}; // if (singleLogin) { // //踢掉之前已经登录的token // onlineUserService.checkLoginOnUser(authUser.getUsername(), token); // } return ResponseUtil.success(authInfo); } @GetMapping(value = "/info") public ResponseVO getUserInfo() { Integer administratorIdentity = SecurityUtils.getAdministratorIdentity(); Long userId = SecurityUtils.getUserId(); Admin admin = adminService.getById(userId); List roles = roleService.listByAdminId(admin.getId()); List menus = menuService.listByRoleIds(roles.stream().map(Role::getId).collect(Collectors.toList())); MapBuilder builder = MapUtil.builder().put("info", admin); if(CollectionUtil.isNotEmpty(menus)){ List collect = menus.stream().filter(menu -> menu.getType() == 0).collect(Collectors.toList()); builder.put("menus", collect); } return ResponseUtil.success(builder.build()); } @GetMapping(value = "/list") public ResponseVO listAdmin(BaseConditionVO baseConditionVO, @RequestParam(value = "keyword", required = false) String keyword) { PageHelper.startPage(baseConditionVO.getPageNo(), baseConditionVO.getPageSize()); LambdaQueryWrapper wrapper = Wrappers.lambdaQuery(Admin.class); if (keyword != null) { wrapper.like(Admin::getNickName, keyword) .or(adminLambdaQueryWrapper -> { adminLambdaQueryWrapper.like(Admin::getUsername, keyword); }); } List list = adminService.list(wrapper); return ResponseUtil.successPage(list); } // @PreAuthorize("@el.check('admin:add')") // @PostMapping("/register") // public ResponseVO register(@Validated @RequestBody AdminParam adminParam) { // Admin admin = adminService.register(adminParam); // return ResponseUtil.success(admin); // } // /** // * 修改管理员信息 // * // * @param resources // * @return // */ // @PutMapping("/{id}") // @PreAuthorize("@el.check('admin:edit')") // public ResponseVO update(@RequestBody AdminParam resources, @PathVariable Long id) { // checkLevel(id); // adminService.updateAdmin(id, resources); // return ResponseUtil.success(null); // } // // @PutMapping("/updatePassword") // public ResponseVO updatePassword(@Validated @RequestBody PwdParam param) { // Long userId = SecurityUtils.getUserId(); // adminService.updatePassword(userId, param); // return ResponseUtil.success(null); // } // @PutMapping("/updateStatus/{id}") // public ResponseVO updateStatus(@PathVariable Long id, @RequestParam(value = "status") Integer status) { // checkLevel(id); // Admin update = new Admin(); // update.setId(id); // update.setStatus(status); // adminService.updateById(update); // return ResponseUtil.success(null); // } // @DeleteMapping("/{id}") // @PreAuthorize("@el.check('admin:del')") // public ResponseVO delete(@PathVariable Long id) { // checkLevel(id); // adminService.deleteAdmin(id); // return ResponseUtil.success(null); // } // /** // * 给管理员分配角色 // * // * @return // */ // @PostMapping("/updateAdminRole") // @PreAuthorize("@el.check('admin:edit')") // public ResponseVO updateAdminRole(@RequestParam("adminId") Long adminId, // @RequestParam("roleIds") List roleIds) { // checkLevel(adminId); // adminsRolesService.updateAdminRole(adminId, roleIds); // return ResponseUtil.success(""); // } /** * 如果当前用户的角色级别低于创建用户的角色级别,则抛出权限不足的错误 * * @param updateId 被操作人的id */ private void checkLevel(Long updateId) { Admin admin = adminService.findByUserName(SecurityUtils.getUsername()); // 获取操作者最大权限 Integer currentLevel = Collections.min(roleService.listByAdminId(admin.getId()).stream().map(Role::getLevel).collect(Collectors.toList())); // 获取被编辑人的最大权限 List optList = roleService.listByAdminId(updateId).stream().map(Role::getLevel).collect(Collectors.toList()); // 没权限 随便操作 if (CollectionUtil.isEmpty(optList)) { return; } Integer optLevel = Collections.min(optList); if (optLevel != null) { if (currentLevel > optLevel) { throw new BusinessException("权限不足,你的角色级别:" + currentLevel + ",低于操作的角色级别:" + optLevel); } } } // /** // * 编辑我的信息 // * // * @param resources // * @return // */ // @PutMapping("/editUserInfo") // public ResponseVO editUserInfo(@RequestBody AdminParam resources) { // Long userId = SecurityUtils.getUserId(); // Admin admin = new Admin(); // admin.setId(userId); // admin.setMobile(resources.getMobile()); // admin.setEmail(resources.getEmail()); // admin.setNickName(resources.getNickName()); // adminService.updateById(admin); // return ResponseUtil.success(null); // } }