chore[litemall-admin-api]：权限代码微调

b89d0c48 · Junling Bu · a310c5ed · b89d0c48 · b89d0c48 · b89d0c48
Commit b89d0c48 authored Jan 31, 2019 by Junling Bu
--- a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/util/PermissionUtil.java
+++ b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/util/PermissionUtil.java
@@ -13,32 +13,33 @@ import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import java.lang.reflect.Method;
-import java.util.*;
+import java.util.ArrayList;
-import java.util.stream.Collectors;
+import java.util.List;
+import java.util.Map;
 public class PermissionUtil {
    public static List<PermVo> listPermissions(ApplicationContext context, String basicPackage) {
        List<PermVo> root = new ArrayList<>();
        List<Permission> permissions = findPermissions(context, basicPackage);
-        for(Permission permission : permissions) {
+        for (Permission permission : permissions) {
            RequiresPermissions requiresPermissions = permission.getRequiresPermissions();
            RequiresPermissionsDesc requiresPermissionsDesc = permission.getRequiresPermissionsDesc();
            String api = permission.getApi();
            String[] menus = requiresPermissionsDesc.menu();
-            if(menus.length != 2){
+            if (menus.length != 2) {
                throw new RuntimeException("目前只支持两级菜单");
            }
            String menu1 = menus[0];
            PermVo perm1 = null;
-            for(PermVo permVo : root){
+            for (PermVo permVo : root) {
-                if(permVo.getLabel().equals(menu1)){
+                if (permVo.getLabel().equals(menu1)) {
                    perm1 = permVo;
                    break;
                }
            }
-            if(perm1 == null){
+            if (perm1 == null) {
                perm1 = new PermVo();
                perm1.setId(menu1);
                perm1.setLabel(menu1);
@@ -47,13 +48,13 @@ public class PermissionUtil {
            }
            String menu2 = menus[1];
            PermVo perm2 = null;
-            for(PermVo permVo : perm1.getChildren()){
+            for (PermVo permVo : perm1.getChildren()) {
-                if(permVo.getLabel().equals(menu2)){
+                if (permVo.getLabel().equals(menu2)) {
                    perm2 = permVo;
                    break;
                }
            }
-            if(perm2 == null){
+            if (perm2 == null) {
                perm2 = new PermVo();
                perm2.setId(menu2);
                perm2.setLabel(menu2);
@@ -61,12 +62,28 @@ public class PermissionUtil {
                perm1.getChildren().add(perm2);
            }
-            PermVo leftPerm = new PermVo();
+            String button = requiresPermissionsDesc.button();
-            leftPerm.setId(requiresPermissions.value()[0]);
+            PermVo leftPerm = null;
-            leftPerm.setLabel(requiresPermissionsDesc.button());
+            for (PermVo permVo : perm2.getChildren()) {
-            leftPerm.setApi(api);
+                if (permVo.getLabel().equals(button)) {
+                    leftPerm = permVo;
+                    break;
+                }
+            }
+            if (leftPerm == null) {
+                leftPerm = new PermVo();
+                leftPerm.setId(requiresPermissions.value()[0]);
+                leftPerm.setLabel(requiresPermissionsDesc.button());
+                leftPerm.setApi(api);
+                perm2.getChildren().add(leftPerm);
+            }
+            else{
+                // TODO
+                // 目前限制Controller里面每个方法的RequiresPermissionsDesc注解是唯一的
+                // 如果允许相同，可能会造成内部权限不一致。
+                throw new RuntimeException("权限已经存在，不能添加新权限");
+            }
-            perm2.getChildren().add(leftPerm);
        }
        return root;
    }
@@ -74,9 +91,9 @@ public class PermissionUtil {
    public static List<Permission> findPermissions(ApplicationContext context, String basicPackage) {
        Map<String, Object> map = context.getBeansWithAnnotation(Controller.class);
        List<Permission> permissions = new ArrayList<>();
-        for(Map.Entry<String, Object> entry : map.entrySet()){
+        for (Map.Entry<String, Object> entry : map.entrySet()) {
            Object bean = entry.getValue();
-            if(!StringUtils.contains(ClassUtils.getPackageName(bean.getClass()), basicPackage)){
+            if (!StringUtils.contains(ClassUtils.getPackageName(bean.getClass()), basicPackage)) {
                continue;
            }
@@ -84,21 +101,21 @@ public class PermissionUtil {
            Class controllerClz = clz.getSuperclass();
            RequestMapping clazzRequestMapping = AnnotationUtils.findAnnotation(controllerClz, RequestMapping.class);
            List<Method> methods = MethodUtils.getMethodsListWithAnnotation(controllerClz, RequiresPermissions.class);
-            for(Method method : methods){
+            for (Method method : methods) {
                RequiresPermissions requiresPermissions = AnnotationUtils.getAnnotation(method, RequiresPermissions.class);
                RequiresPermissionsDesc requiresPermissionsDesc = AnnotationUtils.getAnnotation(method, RequiresPermissionsDesc.class);
-                if(requiresPermissions == null || requiresPermissionsDesc == null){
+                if (requiresPermissions == null || requiresPermissionsDesc == null) {
                    continue;
                }
                String api = "";
-                if(clazzRequestMapping != null){
+                if (clazzRequestMapping != null) {
                    api = clazzRequestMapping.value()[0];
                }
                PostMapping postMapping = AnnotationUtils.getAnnotation(method, PostMapping.class);
-                if(postMapping != null){
+                if (postMapping != null) {
                    api = "POST " + api + postMapping.value()[0];
                    Permission permission = new Permission();
@@ -109,7 +126,7 @@ public class PermissionUtil {
                    continue;
                }
                GetMapping getMapping = AnnotationUtils.getAnnotation(method, GetMapping.class);
-                if(getMapping != null){
+                if (getMapping != null) {
                    api = "GET " + api + getMapping.value()[0];
                    Permission permission = new Permission();
                    permission.setRequiresPermissions(requiresPermissions);

--- a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminCouponController.java
+++ b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminCouponController.java
@@ -51,7 +51,7 @@ public class AdminCouponController {
    }
    @RequiresPermissions("admin:coupon:list")
-    @RequiresPermissionsDesc(menu={"推广管理" , "优惠券管理"}, button="查询")
+    @RequiresPermissionsDesc(menu={"推广管理" , "优惠券管理"}, button="查询用户")
    @GetMapping("/listuser")
    public Object listuser(Integer userId, Integer couponId, Short status,
                       @RequestParam(defaultValue = "1") Integer page,

--- a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminGoodsController.java
+++ b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminGoodsController.java
@@ -36,7 +36,7 @@ public class AdminGoodsController {
     * @return
     */
    @RequiresPermissions("admin:goods:list")
-    @RequiresPermissionsDesc(menu = {"商品管理", "商品列表"}, button = "查询")
+    @RequiresPermissionsDesc(menu = {"商品管理", "商品管理"}, button = "查询")
    @GetMapping("/list")
    public Object list(String goodsSn, String name,
                       @RequestParam(defaultValue = "1") Integer page,
@@ -46,6 +46,11 @@ public class AdminGoodsController {
        return adminGoodsService.list(goodsSn, name, page, limit, sort, order);
    }
+    @GetMapping("/catAndBrand")
+    public Object list2() {
+        return adminGoodsService.list2();
+    }
    /**
     * 编辑商品
     *
@@ -53,7 +58,7 @@ public class AdminGoodsController {
     * @return
     */
    @RequiresPermissions("admin:goods:update")
-    @RequiresPermissionsDesc(menu = {"商品管理", "商品列表"}, button = "编辑")
+    @RequiresPermissionsDesc(menu = {"商品管理", "商品管理"}, button = "编辑")
    @PostMapping("/update")
    public Object update(@RequestBody GoodsAllinone goodsAllinone) {
        return adminGoodsService.update(goodsAllinone);
@@ -66,7 +71,7 @@ public class AdminGoodsController {
     * @return
     */
    @RequiresPermissions("admin:goods:delete")
-    @RequiresPermissionsDesc(menu = {"商品管理", "商品列表"}, button = "删除")
+    @RequiresPermissionsDesc(menu = {"商品管理", "商品管理"}, button = "删除")
    @PostMapping("/delete")
    public Object delete(@RequestBody LitemallGoods goods) {
        return adminGoodsService.delete(goods);
@@ -79,19 +84,12 @@ public class AdminGoodsController {
     * @return
     */
    @RequiresPermissions("admin:goods:create")
-    @RequiresPermissionsDesc(menu = {"商品管理", "商品上架"}, button = "上架")
+    @RequiresPermissionsDesc(menu = {"商品管理", "商品管理"}, button = "上架")
    @PostMapping("/create")
    public Object create(@RequestBody GoodsAllinone goodsAllinone) {
        return adminGoodsService.create(goodsAllinone);
    }
-    @RequiresPermissions("admin:goods:list")
-    @RequiresPermissionsDesc(menu = {"商品管理", "商品列表"}, button = "查询")
-    @GetMapping("/catAndBrand")
-    public Object list2() {
-        return adminGoodsService.list2();
-    }
    /**
     * 商品详情
     *
@@ -99,7 +97,7 @@ public class AdminGoodsController {
     * @return
     */
    @RequiresPermissions("admin:goods:read")
-    @RequiresPermissionsDesc(menu = {"商品管理", "商品列表"}, button = "编辑")
+    @RequiresPermissionsDesc(menu = {"商品管理", "商品管理"}, button = "详情")
    @GetMapping("/detail")
    public Object detail(@NotNull Integer id) {
        return adminGoodsService.detail(id);

--- a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminGrouponController.java
+++ b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminGrouponController.java
@@ -38,7 +38,7 @@ public class AdminGrouponController {
    private LitemallGrouponService grouponService;
    @RequiresPermissions("admin:groupon:read")
-    @RequiresPermissionsDesc(menu={"推广管理" , "团购管理"}, button="查询")
+    @RequiresPermissionsDesc(menu={"推广管理" , "团购管理"}, button="详情")
    @GetMapping("/listRecord")
    public Object listRecord(String grouponId,
                             @RequestParam(defaultValue = "1") Integer page,

--- a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminIssueController.java
+++ b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminIssueController.java
@@ -29,7 +29,7 @@ public class AdminIssueController {
    private LitemallIssueService issueService;
    @RequiresPermissions("admin:issue:list")
-    @RequiresPermissionsDesc(menu={"商城管理" , "通用问题"}, button="查询")
+    @RequiresPermissionsDesc(menu={"商场管理" , "通用问题"}, button="查询")
    @GetMapping("/list")
    public Object list(String question,
                       @RequestParam(defaultValue = "1") Integer page,
@@ -58,7 +58,7 @@ public class AdminIssueController {
    }
    @RequiresPermissions("admin:issue:create")
-    @RequiresPermissionsDesc(menu={"商城管理" , "通用问题"}, button="添加")
+    @RequiresPermissionsDesc(menu={"商场管理" , "通用问题"}, button="添加")
    @PostMapping("/create")
    public Object create(@RequestBody LitemallIssue issue) {
        Object error = validate(issue);
@@ -77,7 +77,7 @@ public class AdminIssueController {
    }
    @RequiresPermissions("admin:issue:update")
-    @RequiresPermissionsDesc(menu={"商城管理" , "通用问题"}, button="编辑")
+    @RequiresPermissionsDesc(menu={"商场管理" , "通用问题"}, button="编辑")
    @PostMapping("/update")
    public Object update(@RequestBody LitemallIssue issue) {
        Object error = validate(issue);
@@ -92,7 +92,7 @@ public class AdminIssueController {
    }
    @RequiresPermissions("admin:issue:delete")
-    @RequiresPermissionsDesc(menu={"商城管理" , "通用问题"}, button="删除")
+    @RequiresPermissionsDesc(menu={"商场管理" , "通用问题"}, button="删除")
    @PostMapping("/delete")
    public Object delete(@RequestBody LitemallIssue issue) {
        Integer id = issue.getId();

--- a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminKeywordController.java
+++ b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminKeywordController.java
@@ -29,7 +29,7 @@ public class AdminKeywordController {
    private LitemallKeywordService keywordService;
    @RequiresPermissions("admin:keyword:list")
-    @RequiresPermissionsDesc(menu={"商城管理" , "关键词"}, button="查询")
+    @RequiresPermissionsDesc(menu={"商场管理" , "关键词"}, button="查询")
    @GetMapping("/list")
    public Object list(String keyword, String url,
                       @RequestParam(defaultValue = "1") Integer page,
@@ -58,7 +58,7 @@ public class AdminKeywordController {
    }
    @RequiresPermissions("admin:keyword:create")
-    @RequiresPermissionsDesc(menu={"商城管理" , "关键词"}, button="添加")
+    @RequiresPermissionsDesc(menu={"商场管理" , "关键词"}, button="添加")
    @PostMapping("/create")
    public Object create(@RequestBody LitemallKeyword keywords) {
        Object error = validate(keywords);
@@ -70,7 +70,7 @@ public class AdminKeywordController {
    }
    @RequiresPermissions("admin:keyword:read")
-    @RequiresPermissionsDesc(menu={"商城管理" , "关键词"}, button="详情")
+    @RequiresPermissionsDesc(menu={"商场管理" , "关键词"}, button="详情")
    @GetMapping("/read")
    public Object read(@NotNull Integer id) {
        LitemallKeyword brand = keywordService.findById(id);
@@ -78,7 +78,7 @@ public class AdminKeywordController {
    }
    @RequiresPermissions("admin:keyword:update")
-    @RequiresPermissionsDesc(menu={"商城管理" , "关键词"}, button="编辑")
+    @RequiresPermissionsDesc(menu={"商场管理" , "关键词"}, button="编辑")
    @PostMapping("/update")
    public Object update(@RequestBody LitemallKeyword keywords) {
        Object error = validate(keywords);
@@ -92,7 +92,7 @@ public class AdminKeywordController {
    }
    @RequiresPermissions("admin:keyword:delete")
-    @RequiresPermissionsDesc(menu={"商城管理" , "关键词"}, button="删除")
+    @RequiresPermissionsDesc(menu={"商场管理" , "关键词"}, button="删除")
    @PostMapping("/delete")
    public Object delete(@RequestBody LitemallKeyword keyword) {
        Integer id = keyword.getId();

--- a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminOrderController.java
+++ b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminOrderController.java
@@ -36,7 +36,7 @@ public class AdminOrderController {
     * @return
     */
    @RequiresPermissions("admin:order:list")
-    @RequiresPermissionsDesc(menu = {"商城管理", "订单管理"}, button = "查询")
+    @RequiresPermissionsDesc(menu = {"商场管理", "订单管理"}, button = "查询")
    @GetMapping("/list")
    public Object list(Integer userId, String orderSn,
                       @RequestParam(required = false) List<Short> orderStatusArray,
@@ -54,7 +54,7 @@ public class AdminOrderController {
     * @return
     */
    @RequiresPermissions("admin:order:read")
-    @RequiresPermissionsDesc(menu = {"商城管理", "订单管理"}, button = "详情")
+    @RequiresPermissionsDesc(menu = {"商场管理", "订单管理"}, button = "详情")
    @GetMapping("/detail")
    public Object detail(@NotNull Integer id) {
        return adminOrderService.detail(id);
@@ -67,7 +67,7 @@ public class AdminOrderController {
     * @return 订单退款操作结果
     */
    @RequiresPermissions("admin:order:refund")
-    @RequiresPermissionsDesc(menu = {"商城管理", "订单管理"}, button = "订单退款")
+    @RequiresPermissionsDesc(menu = {"商场管理", "订单管理"}, button = "订单退款")
    @PostMapping("refund")
    public Object refund(@RequestBody String body) {
        return adminOrderService.refund(body);
@@ -80,7 +80,7 @@ public class AdminOrderController {
     * @return 订单操作结果
     */
    @RequiresPermissions("admin:order:ship")
-    @RequiresPermissionsDesc(menu = {"商城管理", "订单管理"}, button = "订单发货")
+    @RequiresPermissionsDesc(menu = {"商场管理", "订单管理"}, button = "订单发货")
    @PostMapping("ship")
    public Object ship(@RequestBody String body) {
        return adminOrderService.ship(body);
@@ -94,7 +94,7 @@ public class AdminOrderController {
     * @return 订单操作结果
     */
    @RequiresPermissions("admin:order:reply")
-    @RequiresPermissionsDesc(menu = {"商城管理", "订单管理"}, button = "订单商品回复")
+    @RequiresPermissionsDesc(menu = {"商场管理", "订单管理"}, button = "订单商品回复")
    @PostMapping("reply")
    public Object reply(@RequestBody String body) {
        return adminOrderService.reply(body);

--- a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminRoleController.java
+++ b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminRoleController.java
@@ -42,7 +42,7 @@ public class AdminRoleController {
    private LitemallPermissionService permissionService;
    @RequiresPermissions("admin:role:list")
-    @RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="查询")
+    @RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="角色查询")
    @GetMapping("/list")
    public Object list(String name,
                       @RequestParam(defaultValue = "1") Integer page,
@@ -58,8 +58,6 @@ public class AdminRoleController {
        return ResponseUtil.ok(data);
    }
-    @RequiresPermissions("admin:role:list")
-    @RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="查询")
    @GetMapping("/options")
    public Object options(){
        List<LitemallRole> roleList = roleService.queryAll();
@@ -76,7 +74,7 @@ public class AdminRoleController {
    }
    @RequiresPermissions("admin:role:read")
-    @RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="详情")
+    @RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="角色详情")
    @GetMapping("/read")
    public Object read(@NotNull Integer id) {
        LitemallRole role = roleService.findById(id);
@@ -94,7 +92,7 @@ public class AdminRoleController {
    }
    @RequiresPermissions("admin:role:create")
-    @RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="添加")
+    @RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="角色添加")
    @PostMapping("/create")
    public Object create(@RequestBody LitemallRole role) {
        Object error = validate(role);
@@ -112,7 +110,7 @@ public class AdminRoleController {
    }
    @RequiresPermissions("admin:role:update")
-    @RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="编辑")
+    @RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="角色编辑")
    @PostMapping("/update")
    public Object update(@RequestBody LitemallRole role) {
        Object error = validate(role);
@@ -125,7 +123,7 @@ public class AdminRoleController {
    }
    @RequiresPermissions("admin:role:delete")
-    @RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="删除")
+    @RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="角色删除")
    @PostMapping("/delete")
    public Object delete(@RequestBody LitemallRole role) {
        Integer id = role.getId();
@@ -178,7 +176,7 @@ public class AdminRoleController {
     * @return 系统所有权限列表和管理员已分配权限
     */
    @RequiresPermissions("admin:role:permission")
-    @RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="授权")
+    @RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="权限详情")
    @GetMapping("/permissions")
    public Object getPermissions(Integer roleId) {
        List<PermVo> systemPermissions = getSystemPermissions();
@@ -198,11 +196,14 @@ public class AdminRoleController {
     * @return
     */
    @RequiresPermissions("admin:role:permission")
-    @RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="授权")
+    @RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="权限变更")
    @PostMapping("/permissions")
    public Object updatePermissions(@RequestBody String body) {
        Integer roleId = JacksonUtil.parseInteger(body, "roleId");
        List<String> permissions = JacksonUtil.parseStringList(body, "permissions");
+        if(roleId == null || permissions == null){
+            return ResponseUtil.badArgument();
+        }
        // 如果修改的角色是超级权限，则拒绝修改。
        if(permissionService.checkSuperPermission(roleId)){

--- a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminUserController.java
+++ b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminUserController.java
@@ -49,8 +49,6 @@ public class AdminUserController {
        return ResponseUtil.ok(data);
    }
-    @RequiresPermissions("admin:user:list")
-    @RequiresPermissionsDesc(menu={"用户管理" , "会员管理"}, button="查询")
    @GetMapping("/username")
    public Object username(@NotEmpty String username) {
        int total = userService.countSeletive(username, null, null, null, null, null);