Skip to content
GitLab
Commit 835fd6f8 authored by Junling Bu's avatar Junling Bu
Browse files

feat[litemall-admin-api]:后端API访问需要校验权限

parent 457b7ad9
Hide whitespace changes
Inline Side-by-side
litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminIssueController.java
View file @ 835fd6f8
......@@ -2,7 +2,7 @@ package org.linlinjava.litemall.admin.web;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.linlinjava.litemall.admin.annotation.LoginAdmin;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.linlinjava.litemall.core.util.ResponseUtil;
import org.linlinjava.litemall.core.validator.Order;
import org.linlinjava.litemall.core.validator.Sort;
......@@ -27,9 +27,9 @@ public class AdminIssueController {
@Autowired
private LitemallIssueService issueService;
@RequiresPermissions("admin:issue:list")
@GetMapping("/list")
public Object list(@LoginAdmin Integer adminId,
String question,
public Object list(String question,
@RequestParam(defaultValue = "1") Integer page,
@RequestParam(defaultValue = "10") Integer limit,
@Sort @RequestParam(defaultValue = "add_time") String sort,
......@@ -55,8 +55,9 @@ public class AdminIssueController {
return null;
}
@RequiresPermissions("admin:issue:create")
@PostMapping("/create")
public Object create(@LoginAdmin Integer adminId, @RequestBody LitemallIssue issue) {
public Object create(@RequestBody LitemallIssue issue) {
Object error = validate(issue);
if (error != null) {
return error;
......@@ -65,14 +66,16 @@ public class AdminIssueController {
return ResponseUtil.ok(issue);
}
@RequiresPermissions("admin:issue:read")
@GetMapping("/read")
public Object read(@LoginAdmin Integer adminId, @NotNull Integer id) {
public Object read(@NotNull Integer id) {
LitemallIssue issue = issueService.findById(id);
return ResponseUtil.ok(issue);
}
@RequiresPermissions("admin:issue:update")
@PostMapping("/update")
public Object update(@LoginAdmin Integer adminId, @RequestBody LitemallIssue issue) {
public Object update(@RequestBody LitemallIssue issue) {
Object error = validate(issue);
if (error != null) {
return error;
......@@ -84,8 +87,9 @@ public class AdminIssueController {
return ResponseUtil.ok(issue);
}
@RequiresPermissions("admin:issue:delete")
@PostMapping("/delete")
public Object delete(@LoginAdmin Integer adminId, @RequestBody LitemallIssue issue) {
public Object delete(@RequestBody LitemallIssue issue) {
Integer id = issue.getId();
if (id == null) {
return ResponseUtil.badArgument();
......
litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminKeywordController.java
View file @ 835fd6f8
......@@ -2,7 +2,7 @@ package org.linlinjava.litemall.admin.web;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.linlinjava.litemall.admin.annotation.LoginAdmin;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.linlinjava.litemall.core.util.ResponseUtil;
import org.linlinjava.litemall.core.validator.Order;
import org.linlinjava.litemall.core.validator.Sort;
......@@ -27,9 +27,9 @@ public class AdminKeywordController {
@Autowired
private LitemallKeywordService keywordService;
@RequiresPermissions("admin:keyword:list")
@GetMapping("/list")
public Object list(@LoginAdmin Integer adminId,
String keyword, String url,
public Object list(String keyword, String url,
@RequestParam(defaultValue = "1") Integer page,
@RequestParam(defaultValue = "10") Integer limit,
@Sort @RequestParam(defaultValue = "add_time") String sort,
......@@ -55,8 +55,9 @@ public class AdminKeywordController {
return null;
}
@RequiresPermissions("admin:keyword:create")
@PostMapping("/create")
public Object create(@LoginAdmin Integer adminId, @RequestBody LitemallKeyword keywords) {
public Object create(@RequestBody LitemallKeyword keywords) {
Object error = validate(keywords);
if (error != null) {
return error;
......@@ -65,14 +66,16 @@ public class AdminKeywordController {
return ResponseUtil.ok(keywords);
}
@RequiresPermissions("admin:keyword:read")
@GetMapping("/read")
public Object read(@LoginAdmin Integer adminId, @NotNull Integer id) {
public Object read(@NotNull Integer id) {
LitemallKeyword brand = keywordService.findById(id);
return ResponseUtil.ok(brand);
}
@RequiresPermissions("admin:keyword:update")
@PostMapping("/update")
public Object update(@LoginAdmin Integer adminId, @RequestBody LitemallKeyword keywords) {
public Object update(@RequestBody LitemallKeyword keywords) {
Object error = validate(keywords);
if (error != null) {
return error;
......@@ -83,8 +86,9 @@ public class AdminKeywordController {
return ResponseUtil.ok(keywords);
}
@RequiresPermissions("admin:keyword:delete")
@PostMapping("/delete")
public Object delete(@LoginAdmin Integer adminId, @RequestBody LitemallKeyword keyword) {
public Object delete(@RequestBody LitemallKeyword keyword) {
Integer id = keyword.getId();
if (id == null) {
return ResponseUtil.badArgument();
......
litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminOrderController.java
View file @ 835fd6f8
......@@ -6,19 +6,20 @@ import com.github.binarywang.wxpay.exception.WxPayException;
import com.github.binarywang.wxpay.service.WxPayService;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.linlinjava.litemall.admin.annotation.LoginAdmin;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.linlinjava.litemall.core.notify.NotifyService;
import org.linlinjava.litemall.core.notify.NotifyType;
import org.linlinjava.litemall.core.util.CharUtil;
import org.linlinjava.litemall.core.util.JacksonUtil;
import org.linlinjava.litemall.core.util.ResponseUtil;
import org.linlinjava.litemall.core.validator.Order;
import org.linlinjava.litemall.core.validator.Sort;
import org.linlinjava.litemall.db.domain.*;
import org.linlinjava.litemall.db.domain.LitemallComment;
import org.linlinjava.litemall.db.domain.LitemallOrder;
import org.linlinjava.litemall.db.domain.LitemallOrderGoods;
import org.linlinjava.litemall.db.domain.UserVo;
import org.linlinjava.litemall.db.service.*;
import org.linlinjava.litemall.db.util.OrderUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.scheduling.annotation.Scheduled;
import org.springframework.transaction.PlatformTransactionManager;
import org.springframework.transaction.TransactionDefinition;
import org.springframework.transaction.TransactionStatus;
......@@ -60,9 +61,9 @@ public class AdminOrderController {
@Autowired
private NotifyService notifyService;
@RequiresPermissions("admin:order:list")
@GetMapping("/list")
public Object list(@LoginAdmin Integer adminId,
Integer userId, String orderSn,
public Object list(Integer userId, String orderSn,
@RequestParam(required = false) List<Short> orderStatusArray,
@RequestParam(defaultValue = "1") Integer page,
@RequestParam(defaultValue = "10") Integer limit,
......@@ -78,8 +79,9 @@ public class AdminOrderController {
return ResponseUtil.ok(data);
}
@RequiresPermissions("admin:order:read")
@GetMapping("/detail")
public Object detail(@LoginAdmin Integer adminId, @NotNull Integer id) {
public Object detail(@NotNull Integer id) {
LitemallOrder order = orderService.findById(id);
List<LitemallOrderGoods> orderGoods = orderGoodsService.queryByOid(id);
UserVo user = userService.findUserVoById(order.getUserId());
......@@ -108,8 +110,9 @@ public class AdminOrderController {
* @param body 订单信息,{ orderId:xxx }
* @return 订单退款操作结果
*/
@RequiresPermissions("admin:order:refund")
@PostMapping("refund")
public Object refund(@LoginAdmin Integer adminId, @RequestBody String body) {
public Object refund(@RequestBody String body) {
Integer orderId = JacksonUtil.parseInteger(body, "orderId");
String refundMoney = JacksonUtil.parseString(body, "refundMoney");
if (orderId == null) {
......@@ -205,8 +208,9 @@ public class AdminOrderController {
* 成功则 { errno: 0, errmsg: '成功' }
* 失败则 { errno: XXX, errmsg: XXX }
*/
@RequiresPermissions("admin:order:ship")
@PostMapping("ship")
public Object ship(@LoginAdmin Integer adminId, @RequestBody String body) {
public Object ship(@RequestBody String body) {
Integer orderId = JacksonUtil.parseInteger(body, "orderId");
String shipSn = JacksonUtil.parseString(body, "shipSn");
String shipChannel = JacksonUtil.parseString(body, "shipChannel");
......@@ -250,8 +254,9 @@ public class AdminOrderController {
* 成功则 { errno: 0, errmsg: '成功' }
* 失败则 { errno: XXX, errmsg: XXX }
*/
@RequiresPermissions("admin:order:reply")
@PostMapping("reply")
public Object reply(@LoginAdmin Integer adminId, @RequestBody String body) {
public Object reply(@RequestBody String body) {
Integer commentId = JacksonUtil.parseInteger(body, "commentId");
if (commentId == null || commentId == 0) {
return ResponseUtil.badArgument();
......
litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminProfileController.java
View file @ 835fd6f8
......@@ -2,7 +2,9 @@ package org.linlinjava.litemall.admin.web;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.linlinjava.litemall.admin.annotation.LoginAdmin;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.annotation.RequiresAuthentication;
import org.apache.shiro.subject.Subject;
import org.linlinjava.litemall.core.util.JacksonUtil;
import org.linlinjava.litemall.core.util.ResponseUtil;
import org.linlinjava.litemall.core.util.bcrypt.BCryptPasswordEncoder;
......@@ -16,7 +18,6 @@ import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import static org.linlinjava.litemall.admin.util.AdminResponseCode.ADMIN_ALTER_NOT_ALLOWED;
import static org.linlinjava.litemall.admin.util.AdminResponseCode.ADMIN_INVALID_ACCOUNT;
@RestController
......@@ -28,8 +29,9 @@ public class AdminProfileController {
@Autowired
private LitemallAdminService adminService;
@RequiresAuthentication
@PostMapping("/password")
public Object create(@LoginAdmin Integer adminId, @RequestBody String body) {
public Object create(@RequestBody String body) {
String oldPassword = JacksonUtil.parseString(body, "oldPassword");
String newPassword = JacksonUtil.parseString(body, "newPassword");
if (StringUtils.isEmpty(oldPassword)) {
......@@ -39,7 +41,8 @@ public class AdminProfileController {
return ResponseUtil.badArgument();
}
LitemallAdmin admin = adminService.findAdmin(adminId);
Subject currentUser = SecurityUtils.getSubject();
LitemallAdmin admin = (LitemallAdmin) currentUser.getPrincipal();
BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
if (!encoder.matches(oldPassword, admin.getPassword())) {
......
litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminRegionController.java
View file @ 835fd6f8
......@@ -2,7 +2,6 @@ package org.linlinjava.litemall.admin.web;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.linlinjava.litemall.admin.annotation.LoginAdmin;
import org.linlinjava.litemall.core.util.ResponseUtil;
import org.linlinjava.litemall.core.validator.Order;
import org.linlinjava.litemall.core.validator.Sort;
......@@ -30,14 +29,13 @@ public class AdminRegionController {
private LitemallRegionService regionService;
@GetMapping("/clist")
public Object clist(@LoginAdmin Integer adminId, @NotNull Integer id) {
public Object clist(@NotNull Integer id) {
List<LitemallRegion> regionList = regionService.queryByPid(id);
return ResponseUtil.ok(regionList);
}
@GetMapping("/list")
public Object list(@LoginAdmin Integer adminId,
String name, Integer code,
public Object list(String name, Integer code,
@RequestParam(defaultValue = "1") Integer page,
@RequestParam(defaultValue = "10") Integer limit,
@Sort(accepts = {"id"}) @RequestParam(defaultValue = "id") String sort,
......
litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminStatController.java
View file @ 835fd6f8
......@@ -2,7 +2,7 @@ package org.linlinjava.litemall.admin.web;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.linlinjava.litemall.admin.annotation.LoginAdmin;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.linlinjava.litemall.admin.util.StatVo;
import org.linlinjava.litemall.core.util.ResponseUtil;
import org.linlinjava.litemall.db.service.StatService;
......@@ -24,8 +24,9 @@ public class AdminStatController {
@Autowired
private StatService statService;
@RequiresPermissions("admin:stat:user")
@GetMapping("/user")
public Object statUser(@LoginAdmin Integer adminId) {
public Object statUser() {
List<Map> rows = statService.statUser();
String[] columns = new String[]{"day", "users"};
StatVo statVo = new StatVo();
......@@ -34,8 +35,9 @@ public class AdminStatController {
return ResponseUtil.ok(statVo);
}
@RequiresPermissions("admin:stat:order")
@GetMapping("/order")
public Object statOrder(@LoginAdmin Integer adminId) {
public Object statOrder() {
List<Map> rows = statService.statOrder();
String[] columns = new String[]{"day", "orders", "customers", "amount", "pcr"};
StatVo statVo = new StatVo();
......@@ -45,8 +47,9 @@ public class AdminStatController {
return ResponseUtil.ok(statVo);
}
@RequiresPermissions("admin:stat:goods")
@GetMapping("/goods")
public Object statGoods(@LoginAdmin Integer adminId) {
public Object statGoods() {
List<Map> rows = statService.statGoods();
String[] columns = new String[]{"day", "orders", "products", "amount"};
StatVo statVo = new StatVo();
......
litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminStorageController.java
View file @ 835fd6f8
......@@ -2,7 +2,7 @@ package org.linlinjava.litemall.admin.web;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.linlinjava.litemall.admin.annotation.LoginAdmin;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.linlinjava.litemall.core.storage.StorageService;
import org.linlinjava.litemall.core.util.ResponseUtil;
import org.linlinjava.litemall.core.validator.Order;
......@@ -32,9 +32,9 @@ public class AdminStorageController {
@Autowired
private LitemallStorageService litemallStorageService;
@RequiresPermissions("admin:storage:list")
@GetMapping("/list")
public Object list(@LoginAdmin Integer adminId,
String key, String name,
public Object list(String key, String name,
@RequestParam(defaultValue = "1") Integer page,
@RequestParam(defaultValue = "10") Integer limit,
@Sort @RequestParam(defaultValue = "add_time") String sort,
......@@ -48,8 +48,9 @@ public class AdminStorageController {
return ResponseUtil.ok(data);
}
@RequiresPermissions("admin:storage:create")
@PostMapping("/create")
public Object create(@LoginAdmin Integer adminId, @RequestParam("file") MultipartFile file) throws IOException {
public Object create(@RequestParam("file") MultipartFile file) throws IOException {
String originalFilename = file.getOriginalFilename();
String url = storageService.store(file.getInputStream(), file.getSize(), file.getContentType(), originalFilename);
Map<String, Object> data = new HashMap<>();
......@@ -57,8 +58,9 @@ public class AdminStorageController {
return ResponseUtil.ok(data);
}
@RequiresPermissions("admin:storage:read")
@PostMapping("/read")
public Object read(@LoginAdmin Integer adminId, @NotNull Integer id) {
public Object read(@NotNull Integer id) {
LitemallStorage storageInfo = litemallStorageService.findById(id);
if (storageInfo == null) {
return ResponseUtil.badArgumentValue();
......@@ -66,16 +68,18 @@ public class AdminStorageController {
return ResponseUtil.ok(storageInfo);
}
@RequiresPermissions("admin:storage:delete")
@PostMapping("/update")
public Object update(@LoginAdmin Integer adminId, @RequestBody LitemallStorage litemallStorage) {
public Object update(@RequestBody LitemallStorage litemallStorage) {
if (litemallStorageService.update(litemallStorage) == 0) {
return ResponseUtil.updatedDataFailed();
}
return ResponseUtil.ok(litemallStorage);
}
@RequiresPermissions("admin:storage:delete")
@PostMapping("/delete")
public Object delete(@LoginAdmin Integer adminId, @RequestBody LitemallStorage litemallStorage) {
public Object delete(@RequestBody LitemallStorage litemallStorage) {
String key = litemallStorage.getKey();
if (StringUtils.isEmpty(key)) {
return ResponseUtil.badArgument();
......
litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminTopicController.java
View file @ 835fd6f8
......@@ -2,7 +2,7 @@ package org.linlinjava.litemall.admin.web;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.linlinjava.litemall.admin.annotation.LoginAdmin;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.linlinjava.litemall.core.util.ResponseUtil;
import org.linlinjava.litemall.core.validator.Order;
import org.linlinjava.litemall.core.validator.Sort;
......@@ -28,9 +28,9 @@ public class AdminTopicController {
@Autowired
private LitemallTopicService topicService;
@RequiresPermissions("admin:topic:list")
@GetMapping("/list")
public Object list(@LoginAdmin Integer adminId,
String title, String subtitle,
public Object list(String title, String subtitle,
@RequestParam(defaultValue = "1") Integer page,
@RequestParam(defaultValue = "10") Integer limit,
@Sort @RequestParam(defaultValue = "add_time") String sort,
......@@ -60,8 +60,9 @@ public class AdminTopicController {
return null;
}
@RequiresPermissions("admin:topic:create")
@PostMapping("/create")
public Object create(@LoginAdmin Integer adminId, @RequestBody LitemallTopic topic) {
public Object create(@RequestBody LitemallTopic topic) {
Object error = validate(topic);
if (error != null) {
return error;
......@@ -70,14 +71,16 @@ public class AdminTopicController {
return ResponseUtil.ok(topic);
}
@RequiresPermissions("admin:topic:read")
@GetMapping("/read")
public Object read(@LoginAdmin Integer adminId, @NotNull Integer id) {
public Object read(@NotNull Integer id) {
LitemallTopic topic = topicService.findById(id);
return ResponseUtil.ok(topic);
}
@RequiresPermissions("admin:topic:update")
@PostMapping("/update")
public Object update(@LoginAdmin Integer adminId, @RequestBody LitemallTopic topic) {
public Object update(@RequestBody LitemallTopic topic) {
Object error = validate(topic);
if (error != null) {
return error;
......@@ -88,8 +91,9 @@ public class AdminTopicController {
return ResponseUtil.ok(topic);
}
@RequiresPermissions("admin:topic:delete")
@PostMapping("/delete")
public Object delete(@LoginAdmin Integer adminId, @RequestBody LitemallTopic topic) {
public Object delete(@RequestBody LitemallTopic topic) {
topicService.deleteById(topic.getId());
return ResponseUtil.ok();
}
......
litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminUserController.java
View file @ 835fd6f8
......@@ -2,7 +2,7 @@ package org.linlinjava.litemall.admin.web;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.linlinjava.litemall.admin.annotation.LoginAdmin;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.linlinjava.litemall.core.util.RegexUtil;
import org.linlinjava.litemall.core.util.ResponseUtil;
import org.linlinjava.litemall.core.util.bcrypt.BCryptPasswordEncoder;
......@@ -31,9 +31,9 @@ public class AdminUserController {
@Autowired
private LitemallUserService userService;
@RequiresPermissions("admin:user:list")
@GetMapping("/list")
public Object list(@LoginAdmin Integer adminId,
String username, String mobile,
public Object list(String username, String mobile,
@RequestParam(defaultValue = "1") Integer page,
@RequestParam(defaultValue = "10") Integer limit,
@Sort @RequestParam(defaultValue = "add_time") String sort,
......@@ -47,8 +47,9 @@ public class AdminUserController {
return ResponseUtil.ok(data);
}
@RequiresPermissions("admin:user:list")
@GetMapping("/username")
public Object username(@LoginAdmin Integer adminId, @NotEmpty String username) {
public Object username(@NotEmpty String username) {
int total = userService.countSeletive(username, null, null, null, null, null);
if (total == 0) {
return ResponseUtil.ok("不存在");
......@@ -78,8 +79,9 @@ public class AdminUserController {
return null;
}
@RequiresPermissions("admin:user:create")
@PostMapping("/create")
public Object create(@LoginAdmin Integer adminId, @RequestBody LitemallUser user) {
public Object create(@RequestBody LitemallUser user) {
Object error = validate(user);
if (error != null) {
return error;
......@@ -107,8 +109,9 @@ public class AdminUserController {
return ResponseUtil.ok(user);
}
@RequiresPermissions("admin:user:update")
@PostMapping("/update")
public Object update(@LoginAdmin Integer adminId, @RequestBody LitemallUser user) {
public Object update(@RequestBody LitemallUser user) {
Object error = validate(user);
if (error != null) {
return error;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment