Skip to content
GitLab
Commit 2d6521c8 authored by zhh's avatar zhh
Browse files

商品、分类、品牌接口添加权限控制

parent ddbdfbdf
Hide whitespace changes
Inline Side-by-side
README.md
View file @ 2d6521c8
......@@ -61,9 +61,8 @@ docker容器化部署 | ✔
ELK日志收集功能 | ✔
RabbitMq异步通信 | ✔
RestTemplate服务间调用 | ✔
SpringSecurity权限管理功能 |
SpringSecurity权限管理功能 |
集成SpringCloud |
集成SpringCloudSecurity |
### 使用工具
......@@ -235,7 +234,7 @@ Linux远程连接工具 | http://www.netsarang.com/download/software.html
#### 订单管理
#### 权限管理
#### 权限管理
> **权限管理**
......
mall-admin/src/main/java/com/macro/mall/bo/AdminUserDetails.java
View file @ 2d6521c8
package com.macro.mall.bo;
import com.macro.mall.model.UmsAdmin;
import com.macro.mall.model.UmsPermission;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.stream.Collectors;
/**
* SpringSecurity需要的用户详情
......@@ -14,15 +16,19 @@ import java.util.Collection;
*/
public class AdminUserDetails implements UserDetails {
private UmsAdmin umsAdmin;
public AdminUserDetails(UmsAdmin umsAdmin) {
private List<UmsPermission> permissionList;
public AdminUserDetails(UmsAdmin umsAdmin,List<UmsPermission> permissionList) {
this.umsAdmin = umsAdmin;
this.permissionList = permissionList;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
//返回当前用户的权限
return Arrays.asList(new SimpleGrantedAuthority("TEST"));
return permissionList.stream()
.filter(permission -> permission.getValue()!=null)
.map(permission ->new SimpleGrantedAuthority(permission.getValue()))
.collect(Collectors.toList());
}
@Override
......
mall-admin/src/main/java/com/macro/mall/config/SecurityConfig.java
View file @ 2d6521c8
......@@ -5,6 +5,7 @@ import com.macro.mall.component.JwtAuthenticationTokenFilter;
import com.macro.mall.component.RestAuthenticationEntryPoint;
import com.macro.mall.component.RestfulAccessDeniedHandler;
import com.macro.mall.model.UmsAdmin;
import com.macro.mall.model.UmsPermission;
import com.macro.mall.service.UmsAdminService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
......@@ -14,11 +15,11 @@ import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.encoding.Md5PasswordEncoder;
import org.springframework.security.authentication.encoding.PasswordEncoder;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
......@@ -26,6 +27,8 @@ import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;
import java.util.List;
/**
* SpringSecurity的配置
......@@ -33,6 +36,7 @@ import org.springframework.web.filter.CorsFilter;
*/
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled=true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UmsAdminService adminService;
......@@ -92,15 +96,13 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public UserDetailsService userDetailsService() {
//获取登录用户信息
return new UserDetailsService() {
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
UmsAdmin admin = adminService.getAdminByUsername(username);
if (admin != null) {
return new AdminUserDetails(admin);
}
throw new UsernameNotFoundException("用户名或密码错误");
return username -> {
UmsAdmin admin = adminService.getAdminByUsername(username);
if (admin != null) {
List<UmsPermission> permissionList = adminService.getPermissionList(admin.getId());
return new AdminUserDetails(admin,permissionList);
}
throw new UsernameNotFoundException("用户名或密码错误");
};
}
......
mall-admin/src/main/java/com/macro/mall/controller/PmsBrandController.java
View file @ 2d6521c8
......@@ -3,12 +3,10 @@ package com.macro.mall.controller;
import com.macro.mall.dto.CommonResult;
import com.macro.mall.dto.PmsBrandParam;
import com.macro.mall.service.PmsBrandService;
import com.macro.mall.validator.FlagValidator;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.validation.BindingResult;
import org.springframework.validation.annotation.Validated;
......@@ -30,6 +28,7 @@ public class PmsBrandController {
@ApiOperation(value = "获取全部品牌列表")
@RequestMapping(value = "/listAll", method = RequestMethod.GET)
@ResponseBody
@PreAuthorize("hasAuthority('pms:brand:read')")
public Object getList() {
return new CommonResult().success(brandService.listAllBrand());
}
......@@ -37,6 +36,7 @@ public class PmsBrandController {
@ApiOperation(value = "添加品牌")
@RequestMapping(value = "/create", method = RequestMethod.POST)
@ResponseBody
@PreAuthorize("hasAuthority('pms:brand:create')")
public Object create(@Validated @RequestBody PmsBrandParam pmsBrand, BindingResult result) {
CommonResult commonResult;
int count = brandService.createBrand(pmsBrand);
......@@ -51,6 +51,7 @@ public class PmsBrandController {
@ApiOperation(value = "更新品牌")
@RequestMapping(value = "/update/{id}", method = RequestMethod.POST)
@ResponseBody
@PreAuthorize("hasAuthority('pms:brand:update')")
public Object update(@PathVariable("id") Long id,
@Validated @RequestBody PmsBrandParam pmsBrandParam,
BindingResult result) {
......@@ -67,6 +68,7 @@ public class PmsBrandController {
@ApiOperation(value = "删除品牌")
@RequestMapping(value = "/delete/{id}", method = RequestMethod.GET)
@ResponseBody
@PreAuthorize("hasAuthority('pms:brand:delete')")
public Object delete(@PathVariable("id") Long id) {
int count = brandService.deleteBrand(id);
if (count == 1) {
......@@ -79,6 +81,7 @@ public class PmsBrandController {
@ApiOperation(value = "根据品牌名称分页获取品牌列表")
@RequestMapping(value = "/list", method = RequestMethod.GET)
@ResponseBody
@PreAuthorize("hasAuthority('pms:brand:read')")
public Object getList(@RequestParam(value = "keyword", required = false) String keyword,
@RequestParam(value = "pageNum", defaultValue = "1") Integer pageNum,
@RequestParam(value = "pageSize", defaultValue = "5") Integer pageSize) {
......@@ -88,6 +91,7 @@ public class PmsBrandController {
@ApiOperation(value = "根据编号查询品牌信息")
@RequestMapping(value = "/{id}", method = RequestMethod.GET)
@ResponseBody
@PreAuthorize("hasAuthority('pms:brand:read')")
public Object getItem(@PathVariable("id") Long id) {
return new CommonResult().success(brandService.getBrand(id));
}
......@@ -95,6 +99,7 @@ public class PmsBrandController {
@ApiOperation(value = "批量删除品牌")
@RequestMapping(value = "/delete/batch", method = RequestMethod.POST)
@ResponseBody
@PreAuthorize("hasAuthority('pms:brand:delete')")
public Object deleteBatch(@RequestParam("ids") List<Long> ids) {
int count = brandService.deleteBrand(ids);
if (count > 0) {
......@@ -107,6 +112,7 @@ public class PmsBrandController {
@ApiOperation(value = "批量更新显示状态")
@RequestMapping(value = "/update/showStatus", method = RequestMethod.POST)
@ResponseBody
@PreAuthorize("hasAuthority('pms:brand:update')")
public Object updateShowStatus(@RequestParam("ids") List<Long> ids,
@RequestParam("showStatus") Integer showStatus) {
int count = brandService.updateShowStatus(ids, showStatus);
......@@ -120,6 +126,7 @@ public class PmsBrandController {
@ApiOperation(value = "批量更新厂家制造商状态")
@RequestMapping(value = "/update/factoryStatus", method = RequestMethod.POST)
@ResponseBody
@PreAuthorize("hasAuthority('pms:brand:update')")
public Object updateFactoryStatus(@RequestParam("ids") List<Long> ids,
@RequestParam("factoryStatus") Integer factoryStatus) {
int count = brandService.updateFactoryStatus(ids, factoryStatus);
......
mall-admin/src/main/java/com/macro/mall/controller/PmsProductCategoryController.java
View file @ 2d6521c8
......@@ -8,6 +8,7 @@ import com.macro.mall.service.PmsProductCategoryService;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.validation.BindingResult;
import org.springframework.validation.annotation.Validated;
......@@ -29,6 +30,7 @@ public class PmsProductCategoryController {
@ApiOperation("添加产品分类")
@RequestMapping(value = "/create", method = RequestMethod.POST)
@ResponseBody
@PreAuthorize("hasAuthority('pms:productCategory:create')")
public Object create(@Validated @RequestBody PmsProductCategoryParam productCategoryParam,
BindingResult result) {
int count = productCategoryService.create(productCategoryParam);
......@@ -42,6 +44,7 @@ public class PmsProductCategoryController {
@ApiOperation("修改商品分类")
@RequestMapping(value = "/update/{id}", method = RequestMethod.POST)
@ResponseBody
@PreAuthorize("hasAuthority('pms:productCategory:update')")
public Object update(@PathVariable Long id,
@Validated
@RequestBody PmsProductCategoryParam productCategoryParam,
......@@ -57,6 +60,7 @@ public class PmsProductCategoryController {
@ApiOperation("分页查询商品分类")
@RequestMapping(value = "/list/{parentId}", method = RequestMethod.GET)
@ResponseBody
@PreAuthorize("hasAuthority('pms:productCategory:read')")
public Object getList(@PathVariable Long parentId,
@RequestParam(value = "pageSize", defaultValue = "5") Integer pageSize,
@RequestParam(value = "pageNum", defaultValue = "1") Integer pageNum) {
......@@ -67,6 +71,7 @@ public class PmsProductCategoryController {
@ApiOperation("根据id获取商品分类")
@RequestMapping(value = "/{id}", method = RequestMethod.GET)
@ResponseBody
@PreAuthorize("hasAuthority('pms:productCategory:read')")
public Object getItem(@PathVariable Long id) {
PmsProductCategory productCategory = productCategoryService.getItem(id);
return new CommonResult().success(productCategory);
......@@ -75,6 +80,7 @@ public class PmsProductCategoryController {
@ApiOperation("删除商品分类")
@RequestMapping(value = "/delete/{id}", method = RequestMethod.POST)
@ResponseBody
@PreAuthorize("hasAuthority('pms:productCategory:delete')")
public Object delete(@PathVariable Long id) {
int count = productCategoryService.delete(id);
if (count > 0) {
......@@ -87,6 +93,7 @@ public class PmsProductCategoryController {
@ApiOperation("修改导航栏显示状态")
@RequestMapping(value = "/update/navStatus", method = RequestMethod.POST)
@ResponseBody
@PreAuthorize("hasAuthority('pms:productCategory:update')")
public Object updateNavStatus(@RequestParam("ids") List<Long> ids, @RequestParam("navStatus") Integer navStatus) {
int count = productCategoryService.updateNavStatus(ids, navStatus);
if (count > 0) {
......@@ -99,6 +106,7 @@ public class PmsProductCategoryController {
@ApiOperation("修改显示状态")
@RequestMapping(value = "/update/showStatus", method = RequestMethod.POST)
@ResponseBody
@PreAuthorize("hasAuthority('pms:productCategory:update')")
public Object updateShowStatus(@RequestParam("ids") List<Long> ids, @RequestParam("showStatus") Integer showStatus) {
int count = productCategoryService.updateShowStatus(ids, showStatus);
if (count > 0) {
......@@ -111,6 +119,7 @@ public class PmsProductCategoryController {
@ApiOperation("查询所有一级分类及子分类")
@RequestMapping(value = "/list/withChildren", method = RequestMethod.GET)
@ResponseBody
@PreAuthorize("hasAuthority('pms:productCategory:read')")
public Object listWithChildren() {
List<PmsProductCategoryWithChildrenItem> list = productCategoryService.listWithChildren();
return new CommonResult().success(list);
......
mall-admin/src/main/java/com/macro/mall/controller/PmsProductController.java
View file @ 2d6521c8
......@@ -9,6 +9,7 @@ import com.macro.mall.service.PmsProductService;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.annotation.*;
......@@ -29,6 +30,7 @@ public class PmsProductController {
@ApiOperation("创建商品")
@RequestMapping(value = "/create", method = RequestMethod.POST)
@ResponseBody
@PreAuthorize("hasAuthority('pms:product:create')")
public Object create(@RequestBody PmsProductParam productParam, BindingResult bindingResult) {
int count = productService.create(productParam);
if (count > 0) {
......@@ -41,6 +43,7 @@ public class PmsProductController {
@ApiOperation("根据商品id获取商品编辑信息")
@RequestMapping(value = "/updateInfo/{id}", method = RequestMethod.GET)
@ResponseBody
@PreAuthorize("hasAuthority('pms:product:read')")
public Object getUpdateInfo(@PathVariable Long id) {
PmsProductResult productResult = productService.getUpdateInfo(id);
return new CommonResult().success(productResult);
......@@ -49,6 +52,7 @@ public class PmsProductController {
@ApiOperation("更新商品")
@RequestMapping(value = "/update/{id}", method = RequestMethod.POST)
@ResponseBody
@PreAuthorize("hasAuthority('pms:product:update')")
public Object update(@PathVariable Long id, @RequestBody PmsProductParam productParam, BindingResult bindingResult) {
int count = productService.update(id, productParam);
if (count > 0) {
......@@ -61,6 +65,7 @@ public class PmsProductController {
@ApiOperation("查询商品")
@RequestMapping(value = "/list", method = RequestMethod.GET)
@ResponseBody
@PreAuthorize("hasAuthority('pms:product:read')")
public Object getList(PmsProductQueryParam productQueryParam,
@RequestParam(value = "pageSize", defaultValue = "5") Integer pageSize,
@RequestParam(value = "pageNum", defaultValue = "1") Integer pageNum) {
......@@ -71,6 +76,7 @@ public class PmsProductController {
@ApiOperation("批量修改审核状态")
@RequestMapping(value = "/update/verifyStatus",method = RequestMethod.POST)
@ResponseBody
@PreAuthorize("hasAuthority('pms:product:update')")
public Object updateVerifyStatus(@RequestParam("ids") List<Long> ids,
@RequestParam("verifyStatus") Integer verifyStatus,
@RequestParam("detail") String detail) {
......@@ -85,6 +91,7 @@ public class PmsProductController {
@ApiOperation("批量上下架")
@RequestMapping(value = "/update/publishStatus",method = RequestMethod.POST)
@ResponseBody
@PreAuthorize("hasAuthority('pms:product:update')")
public Object updatePublishStatus(@RequestParam("ids") List<Long> ids,
@RequestParam("publishStatus") Integer publishStatus) {
int count = productService.updatePublishStatus(ids, publishStatus);
......@@ -98,6 +105,7 @@ public class PmsProductController {
@ApiOperation("批量推荐商品")
@RequestMapping(value = "/update/recommendStatus",method = RequestMethod.POST)
@ResponseBody
@PreAuthorize("hasAuthority('pms:product:update')")
public Object updateRecommendStatus(@RequestParam("ids") List<Long> ids,
@RequestParam("recommendStatus") Integer recommendStatus) {
int count = productService.updateRecommendStatus(ids, recommendStatus);
......@@ -111,6 +119,7 @@ public class PmsProductController {
@ApiOperation("批量设为新品")
@RequestMapping(value = "/update/newStatus",method = RequestMethod.POST)
@ResponseBody
@PreAuthorize("hasAuthority('pms:product:update')")
public Object updateNewStatus(@RequestParam("ids") List<Long> ids,
@RequestParam("newStatus") Integer newStatus) {
int count = productService.updateNewStatus(ids, newStatus);
......@@ -124,6 +133,7 @@ public class PmsProductController {
@ApiOperation("批量修改删除状态")
@RequestMapping(value = "/update/deleteStatus",method = RequestMethod.POST)
@ResponseBody
@PreAuthorize("hasAuthority('pms:product:delete')")
public Object updateDeleteStatus(@RequestParam("ids") List<Long> ids,
@RequestParam("deleteStatus") Integer deleteStatus) {
int count = productService.updateDeleteStatus(ids, deleteStatus);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment