Skip to content
GitLab
Commit b89d0c48 authored by Junling Bu's avatar Junling Bu
Browse files

chore[litemall-admin-api]: 权限代码微调

parent a310c5ed
Hide whitespace changes
Inline Side-by-side
litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/util/PermissionUtil.java
View file @ b89d0c48
......@@ -13,32 +13,33 @@ import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import java.lang.reflect.Method;
import java.util.*;
import java.util.stream.Collectors;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
public class PermissionUtil {
public static List<PermVo> listPermissions(ApplicationContext context, String basicPackage) {
List<PermVo> root = new ArrayList<>();
List<Permission> permissions = findPermissions(context, basicPackage);
for(Permission permission : permissions) {
for (Permission permission : permissions) {
RequiresPermissions requiresPermissions = permission.getRequiresPermissions();
RequiresPermissionsDesc requiresPermissionsDesc = permission.getRequiresPermissionsDesc();
String api = permission.getApi();
String[] menus = requiresPermissionsDesc.menu();
if(menus.length != 2){
if (menus.length != 2) {
throw new RuntimeException("目前只支持两级菜单");
}
String menu1 = menus[0];
PermVo perm1 = null;
for(PermVo permVo : root){
if(permVo.getLabel().equals(menu1)){
for (PermVo permVo : root) {
if (permVo.getLabel().equals(menu1)) {
perm1 = permVo;
break;
}
}
if(perm1 == null){
if (perm1 == null) {
perm1 = new PermVo();
perm1.setId(menu1);
perm1.setLabel(menu1);
......@@ -47,13 +48,13 @@ public class PermissionUtil {
}
String menu2 = menus[1];
PermVo perm2 = null;
for(PermVo permVo : perm1.getChildren()){
if(permVo.getLabel().equals(menu2)){
for (PermVo permVo : perm1.getChildren()) {
if (permVo.getLabel().equals(menu2)) {
perm2 = permVo;
break;
}
}
if(perm2 == null){
if (perm2 == null) {
perm2 = new PermVo();
perm2.setId(menu2);
perm2.setLabel(menu2);
......@@ -61,12 +62,28 @@ public class PermissionUtil {
perm1.getChildren().add(perm2);
}
PermVo leftPerm = new PermVo();
leftPerm.setId(requiresPermissions.value()[0]);
leftPerm.setLabel(requiresPermissionsDesc.button());
leftPerm.setApi(api);
String button = requiresPermissionsDesc.button();
PermVo leftPerm = null;
for (PermVo permVo : perm2.getChildren()) {
if (permVo.getLabel().equals(button)) {
leftPerm = permVo;
break;
}
}
if (leftPerm == null) {
leftPerm = new PermVo();
leftPerm.setId(requiresPermissions.value()[0]);
leftPerm.setLabel(requiresPermissionsDesc.button());
leftPerm.setApi(api);
perm2.getChildren().add(leftPerm);
}
else{
// TODO
// 目前限制Controller里面每个方法的RequiresPermissionsDesc注解是唯一的
// 如果允许相同,可能会造成内部权限不一致。
throw new RuntimeException("权限已经存在,不能添加新权限");
}
perm2.getChildren().add(leftPerm);
}
return root;
}
......@@ -74,9 +91,9 @@ public class PermissionUtil {
public static List<Permission> findPermissions(ApplicationContext context, String basicPackage) {
Map<String, Object> map = context.getBeansWithAnnotation(Controller.class);
List<Permission> permissions = new ArrayList<>();
for(Map.Entry<String, Object> entry : map.entrySet()){
for (Map.Entry<String, Object> entry : map.entrySet()) {
Object bean = entry.getValue();
if(!StringUtils.contains(ClassUtils.getPackageName(bean.getClass()), basicPackage)){
if (!StringUtils.contains(ClassUtils.getPackageName(bean.getClass()), basicPackage)) {
continue;
}
......@@ -84,21 +101,21 @@ public class PermissionUtil {
Class controllerClz = clz.getSuperclass();
RequestMapping clazzRequestMapping = AnnotationUtils.findAnnotation(controllerClz, RequestMapping.class);
List<Method> methods = MethodUtils.getMethodsListWithAnnotation(controllerClz, RequiresPermissions.class);
for(Method method : methods){
for (Method method : methods) {
RequiresPermissions requiresPermissions = AnnotationUtils.getAnnotation(method, RequiresPermissions.class);
RequiresPermissionsDesc requiresPermissionsDesc = AnnotationUtils.getAnnotation(method, RequiresPermissionsDesc.class);
if(requiresPermissions == null || requiresPermissionsDesc == null){
if (requiresPermissions == null || requiresPermissionsDesc == null) {
continue;
}
String api = "";
if(clazzRequestMapping != null){
if (clazzRequestMapping != null) {
api = clazzRequestMapping.value()[0];
}
PostMapping postMapping = AnnotationUtils.getAnnotation(method, PostMapping.class);
if(postMapping != null){
if (postMapping != null) {
api = "POST " + api + postMapping.value()[0];
Permission permission = new Permission();
......@@ -109,7 +126,7 @@ public class PermissionUtil {
continue;
}
GetMapping getMapping = AnnotationUtils.getAnnotation(method, GetMapping.class);
if(getMapping != null){
if (getMapping != null) {
api = "GET " + api + getMapping.value()[0];
Permission permission = new Permission();
permission.setRequiresPermissions(requiresPermissions);
......
litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminCouponController.java
View file @ b89d0c48
......@@ -51,7 +51,7 @@ public class AdminCouponController {
}
@RequiresPermissions("admin:coupon:list")
@RequiresPermissionsDesc(menu={"推广管理" , "优惠券管理"}, button="查询")
@RequiresPermissionsDesc(menu={"推广管理" , "优惠券管理"}, button="查询用户")
@GetMapping("/listuser")
public Object listuser(Integer userId, Integer couponId, Short status,
@RequestParam(defaultValue = "1") Integer page,
......
litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminGoodsController.java
View file @ b89d0c48
......@@ -36,7 +36,7 @@ public class AdminGoodsController {
* @return
*/
@RequiresPermissions("admin:goods:list")
@RequiresPermissionsDesc(menu = {"商品管理", "商品列表"}, button = "查询")
@RequiresPermissionsDesc(menu = {"商品管理", "商品管理"}, button = "查询")
@GetMapping("/list")
public Object list(String goodsSn, String name,
@RequestParam(defaultValue = "1") Integer page,
......@@ -46,6 +46,11 @@ public class AdminGoodsController {
return adminGoodsService.list(goodsSn, name, page, limit, sort, order);
}
@GetMapping("/catAndBrand")
public Object list2() {
return adminGoodsService.list2();
}
/**
* 编辑商品
*
......@@ -53,7 +58,7 @@ public class AdminGoodsController {
* @return
*/
@RequiresPermissions("admin:goods:update")
@RequiresPermissionsDesc(menu = {"商品管理", "商品列表"}, button = "编辑")
@RequiresPermissionsDesc(menu = {"商品管理", "商品管理"}, button = "编辑")
@PostMapping("/update")
public Object update(@RequestBody GoodsAllinone goodsAllinone) {
return adminGoodsService.update(goodsAllinone);
......@@ -66,7 +71,7 @@ public class AdminGoodsController {
* @return
*/
@RequiresPermissions("admin:goods:delete")
@RequiresPermissionsDesc(menu = {"商品管理", "商品列表"}, button = "删除")
@RequiresPermissionsDesc(menu = {"商品管理", "商品管理"}, button = "删除")
@PostMapping("/delete")
public Object delete(@RequestBody LitemallGoods goods) {
return adminGoodsService.delete(goods);
......@@ -79,19 +84,12 @@ public class AdminGoodsController {
* @return
*/
@RequiresPermissions("admin:goods:create")
@RequiresPermissionsDesc(menu = {"商品管理", "商品上架"}, button = "上架")
@RequiresPermissionsDesc(menu = {"商品管理", "商品管理"}, button = "上架")
@PostMapping("/create")
public Object create(@RequestBody GoodsAllinone goodsAllinone) {
return adminGoodsService.create(goodsAllinone);
}
@RequiresPermissions("admin:goods:list")
@RequiresPermissionsDesc(menu = {"商品管理", "商品列表"}, button = "查询")
@GetMapping("/catAndBrand")
public Object list2() {
return adminGoodsService.list2();
}
/**
* 商品详情
*
......@@ -99,7 +97,7 @@ public class AdminGoodsController {
* @return
*/
@RequiresPermissions("admin:goods:read")
@RequiresPermissionsDesc(menu = {"商品管理", "商品列表"}, button = "编辑")
@RequiresPermissionsDesc(menu = {"商品管理", "商品管理"}, button = "详情")
@GetMapping("/detail")
public Object detail(@NotNull Integer id) {
return adminGoodsService.detail(id);
......
litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminGrouponController.java
View file @ b89d0c48
......@@ -38,7 +38,7 @@ public class AdminGrouponController {
private LitemallGrouponService grouponService;
@RequiresPermissions("admin:groupon:read")
@RequiresPermissionsDesc(menu={"推广管理" , "团购管理"}, button="查询")
@RequiresPermissionsDesc(menu={"推广管理" , "团购管理"}, button="详情")
@GetMapping("/listRecord")
public Object listRecord(String grouponId,
@RequestParam(defaultValue = "1") Integer page,
......
litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminIssueController.java
View file @ b89d0c48
......@@ -29,7 +29,7 @@ public class AdminIssueController {
private LitemallIssueService issueService;
@RequiresPermissions("admin:issue:list")
@RequiresPermissionsDesc(menu={"商管理" , "通用问题"}, button="查询")
@RequiresPermissionsDesc(menu={"商管理" , "通用问题"}, button="查询")
@GetMapping("/list")
public Object list(String question,
@RequestParam(defaultValue = "1") Integer page,
......@@ -58,7 +58,7 @@ public class AdminIssueController {
}
@RequiresPermissions("admin:issue:create")
@RequiresPermissionsDesc(menu={"商管理" , "通用问题"}, button="添加")
@RequiresPermissionsDesc(menu={"商管理" , "通用问题"}, button="添加")
@PostMapping("/create")
public Object create(@RequestBody LitemallIssue issue) {
Object error = validate(issue);
......@@ -77,7 +77,7 @@ public class AdminIssueController {
}
@RequiresPermissions("admin:issue:update")
@RequiresPermissionsDesc(menu={"商管理" , "通用问题"}, button="编辑")
@RequiresPermissionsDesc(menu={"商管理" , "通用问题"}, button="编辑")
@PostMapping("/update")
public Object update(@RequestBody LitemallIssue issue) {
Object error = validate(issue);
......@@ -92,7 +92,7 @@ public class AdminIssueController {
}
@RequiresPermissions("admin:issue:delete")
@RequiresPermissionsDesc(menu={"商管理" , "通用问题"}, button="删除")
@RequiresPermissionsDesc(menu={"商管理" , "通用问题"}, button="删除")
@PostMapping("/delete")
public Object delete(@RequestBody LitemallIssue issue) {
Integer id = issue.getId();
......
litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminKeywordController.java
View file @ b89d0c48
......@@ -29,7 +29,7 @@ public class AdminKeywordController {
private LitemallKeywordService keywordService;
@RequiresPermissions("admin:keyword:list")
@RequiresPermissionsDesc(menu={"商管理" , "关键词"}, button="查询")
@RequiresPermissionsDesc(menu={"商管理" , "关键词"}, button="查询")
@GetMapping("/list")
public Object list(String keyword, String url,
@RequestParam(defaultValue = "1") Integer page,
......@@ -58,7 +58,7 @@ public class AdminKeywordController {
}
@RequiresPermissions("admin:keyword:create")
@RequiresPermissionsDesc(menu={"商管理" , "关键词"}, button="添加")
@RequiresPermissionsDesc(menu={"商管理" , "关键词"}, button="添加")
@PostMapping("/create")
public Object create(@RequestBody LitemallKeyword keywords) {
Object error = validate(keywords);
......@@ -70,7 +70,7 @@ public class AdminKeywordController {
}
@RequiresPermissions("admin:keyword:read")
@RequiresPermissionsDesc(menu={"商管理" , "关键词"}, button="详情")
@RequiresPermissionsDesc(menu={"商管理" , "关键词"}, button="详情")
@GetMapping("/read")
public Object read(@NotNull Integer id) {
LitemallKeyword brand = keywordService.findById(id);
......@@ -78,7 +78,7 @@ public class AdminKeywordController {
}
@RequiresPermissions("admin:keyword:update")
@RequiresPermissionsDesc(menu={"商管理" , "关键词"}, button="编辑")
@RequiresPermissionsDesc(menu={"商管理" , "关键词"}, button="编辑")
@PostMapping("/update")
public Object update(@RequestBody LitemallKeyword keywords) {
Object error = validate(keywords);
......@@ -92,7 +92,7 @@ public class AdminKeywordController {
}
@RequiresPermissions("admin:keyword:delete")
@RequiresPermissionsDesc(menu={"商管理" , "关键词"}, button="删除")
@RequiresPermissionsDesc(menu={"商管理" , "关键词"}, button="删除")
@PostMapping("/delete")
public Object delete(@RequestBody LitemallKeyword keyword) {
Integer id = keyword.getId();
......
litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminOrderController.java
View file @ b89d0c48
......@@ -36,7 +36,7 @@ public class AdminOrderController {
* @return
*/
@RequiresPermissions("admin:order:list")
@RequiresPermissionsDesc(menu = {"商管理", "订单管理"}, button = "查询")
@RequiresPermissionsDesc(menu = {"商管理", "订单管理"}, button = "查询")
@GetMapping("/list")
public Object list(Integer userId, String orderSn,
@RequestParam(required = false) List<Short> orderStatusArray,
......@@ -54,7 +54,7 @@ public class AdminOrderController {
* @return
*/
@RequiresPermissions("admin:order:read")
@RequiresPermissionsDesc(menu = {"商管理", "订单管理"}, button = "详情")
@RequiresPermissionsDesc(menu = {"商管理", "订单管理"}, button = "详情")
@GetMapping("/detail")
public Object detail(@NotNull Integer id) {
return adminOrderService.detail(id);
......@@ -67,7 +67,7 @@ public class AdminOrderController {
* @return 订单退款操作结果
*/
@RequiresPermissions("admin:order:refund")
@RequiresPermissionsDesc(menu = {"商管理", "订单管理"}, button = "订单退款")
@RequiresPermissionsDesc(menu = {"商管理", "订单管理"}, button = "订单退款")
@PostMapping("refund")
public Object refund(@RequestBody String body) {
return adminOrderService.refund(body);
......@@ -80,7 +80,7 @@ public class AdminOrderController {
* @return 订单操作结果
*/
@RequiresPermissions("admin:order:ship")
@RequiresPermissionsDesc(menu = {"商管理", "订单管理"}, button = "订单发货")
@RequiresPermissionsDesc(menu = {"商管理", "订单管理"}, button = "订单发货")
@PostMapping("ship")
public Object ship(@RequestBody String body) {
return adminOrderService.ship(body);
......@@ -94,7 +94,7 @@ public class AdminOrderController {
* @return 订单操作结果
*/
@RequiresPermissions("admin:order:reply")
@RequiresPermissionsDesc(menu = {"商管理", "订单管理"}, button = "订单商品回复")
@RequiresPermissionsDesc(menu = {"商管理", "订单管理"}, button = "订单商品回复")
@PostMapping("reply")
public Object reply(@RequestBody String body) {
return adminOrderService.reply(body);
......
litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminRoleController.java
View file @ b89d0c48
......@@ -42,7 +42,7 @@ public class AdminRoleController {
private LitemallPermissionService permissionService;
@RequiresPermissions("admin:role:list")
@RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="查询")
@RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="角色查询")
@GetMapping("/list")
public Object list(String name,
@RequestParam(defaultValue = "1") Integer page,
......@@ -58,8 +58,6 @@ public class AdminRoleController {
return ResponseUtil.ok(data);
}
@RequiresPermissions("admin:role:list")
@RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="查询")
@GetMapping("/options")
public Object options(){
List<LitemallRole> roleList = roleService.queryAll();
......@@ -76,7 +74,7 @@ public class AdminRoleController {
}
@RequiresPermissions("admin:role:read")
@RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="详情")
@RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="角色详情")
@GetMapping("/read")
public Object read(@NotNull Integer id) {
LitemallRole role = roleService.findById(id);
......@@ -94,7 +92,7 @@ public class AdminRoleController {
}
@RequiresPermissions("admin:role:create")
@RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="添加")
@RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="角色添加")
@PostMapping("/create")
public Object create(@RequestBody LitemallRole role) {
Object error = validate(role);
......@@ -112,7 +110,7 @@ public class AdminRoleController {
}
@RequiresPermissions("admin:role:update")
@RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="编辑")
@RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="角色编辑")
@PostMapping("/update")
public Object update(@RequestBody LitemallRole role) {
Object error = validate(role);
......@@ -125,7 +123,7 @@ public class AdminRoleController {
}
@RequiresPermissions("admin:role:delete")
@RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="删除")
@RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="角色删除")
@PostMapping("/delete")
public Object delete(@RequestBody LitemallRole role) {
Integer id = role.getId();
......@@ -178,7 +176,7 @@ public class AdminRoleController {
* @return 系统所有权限列表和管理员已分配权限
*/
@RequiresPermissions("admin:role:permission")
@RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="权")
@RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="权限详情")
@GetMapping("/permissions")
public Object getPermissions(Integer roleId) {
List<PermVo> systemPermissions = getSystemPermissions();
......@@ -198,11 +196,14 @@ public class AdminRoleController {
* @return
*/
@RequiresPermissions("admin:role:permission")
@RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="权")
@RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="权限变更")
@PostMapping("/permissions")
public Object updatePermissions(@RequestBody String body) {
Integer roleId = JacksonUtil.parseInteger(body, "roleId");
List<String> permissions = JacksonUtil.parseStringList(body, "permissions");
if(roleId == null || permissions == null){
return ResponseUtil.badArgument();
}
// 如果修改的角色是超级权限,则拒绝修改。
if(permissionService.checkSuperPermission(roleId)){
......
litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminUserController.java
View file @ b89d0c48
......@@ -49,8 +49,6 @@ public class AdminUserController {
return ResponseUtil.ok(data);
}
@RequiresPermissions("admin:user:list")
@RequiresPermissionsDesc(menu={"用户管理" , "会员管理"}, button="查询")
@GetMapping("/username")
public Object username(@NotEmpty String username) {
int total = userService.countSeletive(username, null, null, null, null, null);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment