diff --git a/doc/admin.md b/doc/admin.md index 089e2b85..c8318292 100644 --- a/doc/admin.md +++ b/doc/admin.md @@ -80,39 +80,9 @@ ### 4.1.8 安全 -#### 4.1.8.1 Token +这里的安全基于Shiro。 -管理员登录成功以后,后端会返回token,之后管理员的请求都会携带token。 - -见AdminWebMvcConfiguration类、LoginAdmin和LoginAdminHandlerMethodArgumentResolver类。 - -管理后台后端服务每次请求都会检测是否存在HTTP头部域`X-Litemall-Admin-Token`。 -如果存在,则内部查询转换成LoginAdmin,然后作为请求参数。 -如果不存在,则作为null请求参数。 - -而具体的后端服务controller中,则可以利用LoginAdmin来检查。 - -例如管理员地址服务中: -``` -@RestController -@RequestMapping("/admin/address") -@Validated -public class AdminAddressController { - @GetMapping("/list") - public Object list(@LoginAdmin Integer adminId, - Integer userId, String name, - @RequestParam(defaultValue = "1") Integer page, - @RequestParam(defaultValue = "10") Integer limit, - @Sort @RequestParam(defaultValue = "add_time") String sort, - @Order @RequestParam(defaultValue = "desc") String order) { - if (adminId == null) { - return ResponseUtil.unlogin(); - } - - ... - } -``` -如果检测`adminId`是null,则返回错误信息“管理员未登录”。 +#### 4.1.8.1 认证 #### 4.1.8.2 账号密码加盐 @@ -120,12 +90,17 @@ public class AdminAddressController { 而如果用户采用了账号和密码的形式登录,那么后端需要把用户密码加盐。 +#### 4.1.8.3 权限管理 + ### 4.1.9 定时任务 -AdminOrderController类存在以下三个方法,其实是三个定时任务: -* checkOrderUnpaid -* checkOrderUnconfirm -* checkOrderComment +job子包存在以下定时任务: +* OrderJob类 + * checkOrderUnpaid + * checkOrderUnconfirm + * checkOrderComment +* CouponJob类 + * checkCouponExpired 注意: > 虽然定时任务放在AdminOrderController类中,但是可能这里不是很合适, diff --git a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/annotation/LoginAdmin.java b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/annotation/LoginAdmin.java deleted file mode 100644 index 76b30d22..00000000 --- a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/annotation/LoginAdmin.java +++ /dev/null @@ -1,13 +0,0 @@ -package org.linlinjava.litemall.admin.annotation; - -import java.lang.annotation.ElementType; -import java.lang.annotation.Retention; -import java.lang.annotation.RetentionPolicy; -import java.lang.annotation.Target; - - -@Target(ElementType.PARAMETER) -@Retention(RetentionPolicy.RUNTIME) -public @interface LoginAdmin { - -} diff --git a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/annotation/support/LoginAdminHandlerMethodArgumentResolver.java b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/annotation/support/LoginAdminHandlerMethodArgumentResolver.java deleted file mode 100644 index b68eb06d..00000000 --- a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/annotation/support/LoginAdminHandlerMethodArgumentResolver.java +++ /dev/null @@ -1,33 +0,0 @@ -package org.linlinjava.litemall.admin.annotation.support; - -import org.apache.shiro.SecurityUtils; -import org.apache.shiro.authc.AuthenticationException; -import org.apache.shiro.subject.Subject; -import org.linlinjava.litemall.admin.annotation.LoginAdmin; -import org.linlinjava.litemall.db.domain.LitemallAdmin; -import org.springframework.core.MethodParameter; -import org.springframework.web.bind.support.WebDataBinderFactory; -import org.springframework.web.context.request.NativeWebRequest; -import org.springframework.web.method.support.HandlerMethodArgumentResolver; -import org.springframework.web.method.support.ModelAndViewContainer; - - -public class LoginAdminHandlerMethodArgumentResolver implements HandlerMethodArgumentResolver { - - @Override - public boolean supportsParameter(MethodParameter parameter) { - return parameter.getParameterType().isAssignableFrom(Integer.class) && parameter.hasParameterAnnotation(LoginAdmin.class); - } - - @Override - public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer container, - NativeWebRequest request, WebDataBinderFactory factory) throws Exception { - Subject currentUser = SecurityUtils.getSubject(); - LitemallAdmin admin = (LitemallAdmin) currentUser.getPrincipal(); - if (admin == null) { - throw new AuthenticationException(); - } - - return admin.getId(); - } -} diff --git a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/config/AdminWebMvcConfigurer.java b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/config/AdminWebMvcConfigurer.java deleted file mode 100644 index 9c3b720a..00000000 --- a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/config/AdminWebMvcConfigurer.java +++ /dev/null @@ -1,16 +0,0 @@ -package org.linlinjava.litemall.admin.config; - -import org.linlinjava.litemall.admin.annotation.support.LoginAdminHandlerMethodArgumentResolver; -import org.springframework.context.annotation.Configuration; -import org.springframework.web.method.support.HandlerMethodArgumentResolver; -import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; - -import java.util.List; - -@Configuration -public class AdminWebMvcConfigurer implements WebMvcConfigurer { - @Override - public void addArgumentResolvers(List argumentResolvers) { - argumentResolvers.add(new LoginAdminHandlerMethodArgumentResolver()); - } -} diff --git a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/config/ShiroConfig.java b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/config/ShiroConfig.java index 28ad822b..ebf93ca1 100644 --- a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/config/ShiroConfig.java +++ b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/config/ShiroConfig.java @@ -11,6 +11,7 @@ import org.linlinjava.litemall.admin.shiro.AdminWebSessionManager; import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.DependsOn; import java.util.LinkedHashMap; import java.util.Map; @@ -72,9 +73,9 @@ public class ShiroConfig { } @Bean - public static DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator() { + @DependsOn("lifecycleBeanPostProcessor") + public static DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() { DefaultAdvisorAutoProxyCreator creator = new DefaultAdvisorAutoProxyCreator(); - creator.setUsePrefix(true); return creator; } } diff --git a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminAdController.java b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminAdController.java index a9bd7ddc..58f48d4a 100644 --- a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminAdController.java +++ b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminAdController.java @@ -2,7 +2,7 @@ package org.linlinjava.litemall.admin.web; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.linlinjava.litemall.admin.annotation.LoginAdmin; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.linlinjava.litemall.core.util.ResponseUtil; import org.linlinjava.litemall.core.validator.Order; import org.linlinjava.litemall.core.validator.Sort; @@ -27,9 +27,9 @@ public class AdminAdController { @Autowired private LitemallAdService adService; - @GetMapping("/list") - public Object list(@LoginAdmin Integer adminId, - String name, String content, + @RequiresPermissions("admin:ad:list") + @RequestMapping("/list") + public Object list(String name, String content, @RequestParam(defaultValue = "1") Integer page, @RequestParam(defaultValue = "10") Integer limit, @Sort @RequestParam(defaultValue = "add_time") String sort, @@ -55,8 +55,9 @@ public class AdminAdController { return null; } + @RequiresPermissions("admin:ad:create") @PostMapping("/create") - public Object create(@LoginAdmin Integer adminId, @RequestBody LitemallAd ad) { + public Object create(@RequestBody LitemallAd ad) { Object error = validate(ad); if (error != null) { return error; @@ -65,14 +66,16 @@ public class AdminAdController { return ResponseUtil.ok(ad); } + @RequiresPermissions("admin:ad:read") @GetMapping("/read") - public Object read(@LoginAdmin Integer adminId, @NotNull Integer id) { + public Object read(@NotNull Integer id) { LitemallAd brand = adService.findById(id); return ResponseUtil.ok(brand); } + @RequiresPermissions("admin:ad:update") @PostMapping("/update") - public Object update(@LoginAdmin Integer adminId, @RequestBody LitemallAd ad) { + public Object update(@RequestBody LitemallAd ad) { Object error = validate(ad); if (error != null) { return error; @@ -84,8 +87,9 @@ public class AdminAdController { return ResponseUtil.ok(ad); } + @RequiresPermissions("admin:ad:delete") @PostMapping("/delete") - public Object delete(@LoginAdmin Integer adminId, @RequestBody LitemallAd ad) { + public Object delete(@RequestBody LitemallAd ad) { Integer id = ad.getId(); if (id == null) { return ResponseUtil.badArgument(); diff --git a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminAddressController.java b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminAddressController.java index 18ea2e73..8bc17613 100644 --- a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminAddressController.java +++ b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminAddressController.java @@ -2,7 +2,7 @@ package org.linlinjava.litemall.admin.web; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.linlinjava.litemall.admin.annotation.LoginAdmin; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.linlinjava.litemall.core.util.ResponseUtil; import org.linlinjava.litemall.core.validator.Order; import org.linlinjava.litemall.core.validator.Sort; @@ -52,9 +52,9 @@ public class AdminAddressController { return addressVo; } + @RequiresPermissions("admin:address:list") @GetMapping("/list") - public Object list(@LoginAdmin Integer adminId, - Integer userId, String name, + public Object list(Integer userId, String name, @RequestParam(defaultValue = "1") Integer page, @RequestParam(defaultValue = "10") Integer limit, @Sort @RequestParam(defaultValue = "add_time") String sort, diff --git a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminAdminController.java b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminAdminController.java index 04f34dff..a16abab4 100644 --- a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminAdminController.java +++ b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminAdminController.java @@ -2,7 +2,7 @@ package org.linlinjava.litemall.admin.web; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.linlinjava.litemall.admin.annotation.LoginAdmin; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.linlinjava.litemall.core.util.RegexUtil; import org.linlinjava.litemall.core.util.ResponseUtil; import org.linlinjava.litemall.core.util.bcrypt.BCryptPasswordEncoder; @@ -16,7 +16,6 @@ import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.*; import javax.validation.constraints.NotNull; -import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -32,9 +31,9 @@ public class AdminAdminController { @Autowired private LitemallAdminService adminService; + @RequiresPermissions("admin:admin:list") @GetMapping("/list") - public Object list(@LoginAdmin Integer adminId, - String username, + public Object list(String username, @RequestParam(defaultValue = "1") Integer page, @RequestParam(defaultValue = "10") Integer limit, @Sort @RequestParam(defaultValue = "add_time") String sort, @@ -63,8 +62,9 @@ public class AdminAdminController { return null; } + @RequiresPermissions("admin:admin:create") @PostMapping("/create") - public Object create(@LoginAdmin Integer adminId, @RequestBody LitemallAdmin admin) { + public Object create(@RequestBody LitemallAdmin admin) { Object error = validate(admin); if (error != null) { return error; @@ -84,14 +84,16 @@ public class AdminAdminController { return ResponseUtil.ok(admin); } + @RequiresPermissions("admin:admin:read") @GetMapping("/read") - public Object read(@LoginAdmin Integer adminId, @NotNull Integer id) { + public Object read(@NotNull Integer id) { LitemallAdmin admin = adminService.findById(id); return ResponseUtil.ok(admin); } + @RequiresPermissions("admin:admin:update") @PostMapping("/update") - public Object update(@LoginAdmin Integer adminId, @RequestBody LitemallAdmin admin) { + public Object update(@RequestBody LitemallAdmin admin) { Object error = validate(admin); if (error != null) { return error; @@ -114,8 +116,9 @@ public class AdminAdminController { return ResponseUtil.ok(admin); } + @RequiresPermissions("admin:admin:delete") @PostMapping("/delete") - public Object delete(@LoginAdmin Integer adminId, @RequestBody LitemallAdmin admin) { + public Object delete(@RequestBody LitemallAdmin admin) { Integer anotherAdminId = admin.getId(); if (anotherAdminId == null) { return ResponseUtil.badArgument(); diff --git a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminAuthController.java b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminAuthController.java index 5570cfbc..461f5aea 100644 --- a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminAuthController.java +++ b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminAuthController.java @@ -3,9 +3,12 @@ package org.linlinjava.litemall.admin.web; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.shiro.SecurityUtils; -import org.apache.shiro.authc.*; +import org.apache.shiro.authc.AuthenticationException; +import org.apache.shiro.authc.LockedAccountException; +import org.apache.shiro.authc.UnknownAccountException; +import org.apache.shiro.authc.UsernamePasswordToken; +import org.apache.shiro.authz.annotation.RequiresAuthentication; import org.apache.shiro.subject.Subject; -import org.linlinjava.litemall.admin.annotation.LoginAdmin; import org.linlinjava.litemall.core.util.JacksonUtil; import org.linlinjava.litemall.core.util.ResponseUtil; import org.linlinjava.litemall.db.domain.LitemallAdmin; @@ -60,20 +63,20 @@ public class AdminAuthController { /* * */ + @RequiresAuthentication @PostMapping("/logout") - public Object login(@LoginAdmin Integer adminId) { + public Object login() { Subject currentUser = SecurityUtils.getSubject(); currentUser.logout(); return ResponseUtil.ok(); } + @RequiresAuthentication @GetMapping("/info") - public Object info(@LoginAdmin Integer adminId) { - LitemallAdmin admin = adminService.findById(adminId); - if (admin == null) { - return ResponseUtil.badArgumentValue(); - } + public Object info() { + Subject currentUser = SecurityUtils.getSubject(); + LitemallAdmin admin = (LitemallAdmin) currentUser.getPrincipal(); Map data = new HashMap<>(); data.put("name", admin.getUsername()); @@ -83,6 +86,7 @@ public class AdminAuthController { List roles = new ArrayList<>(); roles.add("admin"); data.put("roles", roles); + data.put("perms", "*"); data.put("introduction", "admin introduction"); return ResponseUtil.ok(data); } diff --git a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminBrandController.java b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminBrandController.java index 43ac1a01..08abd37a 100644 --- a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminBrandController.java +++ b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminBrandController.java @@ -2,7 +2,7 @@ package org.linlinjava.litemall.admin.web; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.linlinjava.litemall.admin.annotation.LoginAdmin; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.linlinjava.litemall.core.util.ResponseUtil; import org.linlinjava.litemall.core.validator.Order; import org.linlinjava.litemall.core.validator.Sort; @@ -28,9 +28,9 @@ public class AdminBrandController { @Autowired private LitemallBrandService brandService; + @RequiresPermissions("admin:brand:list") @GetMapping("/list") - public Object list(@LoginAdmin Integer adminId, - String id, String name, + public Object list(String id, String name, @RequestParam(defaultValue = "1") Integer page, @RequestParam(defaultValue = "10") Integer limit, @Sort @RequestParam(defaultValue = "add_time") String sort, @@ -62,8 +62,9 @@ public class AdminBrandController { return null; } + @RequiresPermissions("admin:brand:create") @PostMapping("/create") - public Object create(@LoginAdmin Integer adminId, @RequestBody LitemallBrand brand) { + public Object create(@RequestBody LitemallBrand brand) { Object error = validate(brand); if (error != null) { return error; @@ -72,14 +73,16 @@ public class AdminBrandController { return ResponseUtil.ok(brand); } + @RequiresPermissions("admin:brand:read") @GetMapping("/read") - public Object read(@LoginAdmin Integer adminId, @NotNull Integer id) { + public Object read(@NotNull Integer id) { LitemallBrand brand = brandService.findById(id); return ResponseUtil.ok(brand); } + @RequiresPermissions("admin:brand:update") @PostMapping("/update") - public Object update(@LoginAdmin Integer adminId, @RequestBody LitemallBrand brand) { + public Object update(@RequestBody LitemallBrand brand) { Object error = validate(brand); if (error != null) { return error; @@ -90,8 +93,9 @@ public class AdminBrandController { return ResponseUtil.ok(brand); } + @RequiresPermissions("admin:brand:delete") @PostMapping("/delete") - public Object delete(@LoginAdmin Integer adminId, @RequestBody LitemallBrand brand) { + public Object delete(@RequestBody LitemallBrand brand) { Integer id = brand.getId(); if (id == null) { return ResponseUtil.badArgument(); diff --git a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminCategoryController.java b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminCategoryController.java index 4f566729..7a1e22ce 100644 --- a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminCategoryController.java +++ b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminCategoryController.java @@ -2,7 +2,7 @@ package org.linlinjava.litemall.admin.web; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.linlinjava.litemall.admin.annotation.LoginAdmin; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.linlinjava.litemall.core.util.ResponseUtil; import org.linlinjava.litemall.core.validator.Order; import org.linlinjava.litemall.core.validator.Sort; @@ -28,9 +28,9 @@ public class AdminCategoryController { @Autowired private LitemallCategoryService categoryService; + @RequiresPermissions("admin:category:list") @GetMapping("/list") - public Object list(@LoginAdmin Integer adminId, - String id, String name, + public Object list(String id, String name, @RequestParam(defaultValue = "1") Integer page, @RequestParam(defaultValue = "10") Integer limit, @Sort @RequestParam(defaultValue = "add_time") String sort, @@ -66,8 +66,9 @@ public class AdminCategoryController { return null; } + @RequiresPermissions("admin:category:create") @PostMapping("/create") - public Object create(@LoginAdmin Integer adminId, @RequestBody LitemallCategory category) { + public Object create(@RequestBody LitemallCategory category) { Object error = validate(category); if (error != null) { return error; @@ -76,14 +77,16 @@ public class AdminCategoryController { return ResponseUtil.ok(category); } + @RequiresPermissions("admin:category:read") @GetMapping("/read") - public Object read(@LoginAdmin Integer adminId, @NotNull Integer id) { + public Object read(@NotNull Integer id) { LitemallCategory category = categoryService.findById(id); return ResponseUtil.ok(category); } + @RequiresPermissions("admin:category:update") @PostMapping("/update") - public Object update(@LoginAdmin Integer adminId, @RequestBody LitemallCategory category) { + public Object update(@RequestBody LitemallCategory category) { Object error = validate(category); if (error != null) { return error; @@ -95,8 +98,9 @@ public class AdminCategoryController { return ResponseUtil.ok(); } + @RequiresPermissions("admin:category:delete") @PostMapping("/delete") - public Object delete(@LoginAdmin Integer adminId, @RequestBody LitemallCategory category) { + public Object delete(@RequestBody LitemallCategory category) { Integer id = category.getId(); if (id == null) { return ResponseUtil.badArgument(); @@ -105,8 +109,9 @@ public class AdminCategoryController { return ResponseUtil.ok(); } + @RequiresPermissions("admin:category:list") @GetMapping("/l1") - public Object catL1(@LoginAdmin Integer adminId) { + public Object catL1() { // 所有一级分类目录 List l1CatList = categoryService.queryL1(); List> data = new ArrayList<>(l1CatList.size()); diff --git a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminCollectController.java b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminCollectController.java index e500024c..5fe0a7d2 100644 --- a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminCollectController.java +++ b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminCollectController.java @@ -2,7 +2,7 @@ package org.linlinjava.litemall.admin.web; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.linlinjava.litemall.admin.annotation.LoginAdmin; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.linlinjava.litemall.core.util.ResponseUtil; import org.linlinjava.litemall.core.validator.Order; import org.linlinjava.litemall.core.validator.Sort; @@ -28,9 +28,10 @@ public class AdminCollectController { @Autowired private LitemallCollectService collectService; + + @RequiresPermissions("admin:collect:list") @GetMapping("/list") - public Object list(@LoginAdmin Integer adminId, - String userId, String valueId, + public Object list(String userId, String valueId, @RequestParam(defaultValue = "1") Integer page, @RequestParam(defaultValue = "10") Integer limit, @Sort @RequestParam(defaultValue = "add_time") String sort, diff --git a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminCommentController.java b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminCommentController.java index b6070032..3925e180 100644 --- a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminCommentController.java +++ b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminCommentController.java @@ -2,7 +2,7 @@ package org.linlinjava.litemall.admin.web; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.linlinjava.litemall.admin.annotation.LoginAdmin; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.linlinjava.litemall.core.util.ResponseUtil; import org.linlinjava.litemall.core.validator.Order; import org.linlinjava.litemall.core.validator.Sort; @@ -25,9 +25,9 @@ public class AdminCommentController { @Autowired private LitemallCommentService commentService; + @RequiresPermissions("admin:comment:list") @GetMapping("/list") - public Object list(@LoginAdmin Integer adminId, - String userId, String valueId, + public Object list(String userId, String valueId, @RequestParam(defaultValue = "1") Integer page, @RequestParam(defaultValue = "10") Integer limit, @Sort @RequestParam(defaultValue = "add_time") String sort, @@ -41,8 +41,9 @@ public class AdminCommentController { return ResponseUtil.ok(data); } + @RequiresPermissions("admin:comment:delete") @PostMapping("/delete") - public Object delete(@LoginAdmin Integer adminId, @RequestBody LitemallComment comment) { + public Object delete(@RequestBody LitemallComment comment) { Integer id = comment.getId(); if (id == null) { return ResponseUtil.badArgument(); diff --git a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminCouponController.java b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminCouponController.java index 0b889a45..93796817 100644 --- a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminCouponController.java +++ b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminCouponController.java @@ -2,16 +2,14 @@ package org.linlinjava.litemall.admin.web; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.linlinjava.litemall.admin.annotation.LoginAdmin; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.linlinjava.litemall.core.util.ResponseUtil; import org.linlinjava.litemall.core.validator.Order; import org.linlinjava.litemall.core.validator.Sort; import org.linlinjava.litemall.db.domain.LitemallCoupon; import org.linlinjava.litemall.db.domain.LitemallCouponUser; -import org.linlinjava.litemall.db.domain.LitemallTopic; import org.linlinjava.litemall.db.service.LitemallCouponService; import org.linlinjava.litemall.db.service.LitemallCouponUserService; -import org.linlinjava.litemall.db.service.LitemallTopicService; import org.linlinjava.litemall.db.util.CouponConstant; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.util.StringUtils; @@ -34,9 +32,9 @@ public class AdminCouponController { @Autowired private LitemallCouponUserService couponUserService; + @RequiresPermissions("admin:coupon:list") @GetMapping("/list") - public Object list(@LoginAdmin Integer adminId, - String name, Short type, Short status, + public Object list(String name, Short type, Short status, @RequestParam(defaultValue = "1") Integer page, @RequestParam(defaultValue = "10") Integer limit, @Sort @RequestParam(defaultValue = "add_time") String sort, @@ -50,9 +48,9 @@ public class AdminCouponController { return ResponseUtil.ok(data); } + @RequiresPermissions("admin:coupon:list") @GetMapping("/listuser") - public Object listuser(@LoginAdmin Integer adminId, - Integer userId, Integer couponId, Short status, + public Object listuser(Integer userId, Integer couponId, Short status, @RequestParam(defaultValue = "1") Integer page, @RequestParam(defaultValue = "10") Integer limit, @Sort @RequestParam(defaultValue = "add_time") String sort, @@ -74,8 +72,9 @@ public class AdminCouponController { return null; } + @RequiresPermissions("admin:coupon:create") @PostMapping("/create") - public Object create(@LoginAdmin Integer adminId, @RequestBody LitemallCoupon coupon) { + public Object create(@RequestBody LitemallCoupon coupon) { Object error = validate(coupon); if (error != null) { return error; @@ -91,14 +90,16 @@ public class AdminCouponController { return ResponseUtil.ok(coupon); } + @RequiresPermissions("admin:coupon:read") @GetMapping("/read") - public Object read(@LoginAdmin Integer adminId, @NotNull Integer id) { + public Object read(@NotNull Integer id) { LitemallCoupon coupon = couponService.findById(id); return ResponseUtil.ok(coupon); } + @RequiresPermissions("admin:coupon:update") @PostMapping("/update") - public Object update(@LoginAdmin Integer adminId, @RequestBody LitemallCoupon coupon) { + public Object update(@RequestBody LitemallCoupon coupon) { Object error = validate(coupon); if (error != null) { return error; @@ -109,8 +110,9 @@ public class AdminCouponController { return ResponseUtil.ok(coupon); } + @RequiresPermissions("admin:coupon:delete") @PostMapping("/delete") - public Object delete(@LoginAdmin Integer adminId, @RequestBody LitemallCoupon coupon) { + public Object delete(@RequestBody LitemallCoupon coupon) { couponService.deleteById(coupon.getId()); return ResponseUtil.ok(); } diff --git a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminDashbordController.java b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminDashbordController.java index 97b078f9..50fe9218 100644 --- a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminDashbordController.java +++ b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminDashbordController.java @@ -2,7 +2,7 @@ package org.linlinjava.litemall.admin.web; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.linlinjava.litemall.admin.annotation.LoginAdmin; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.linlinjava.litemall.core.util.ResponseUtil; import org.linlinjava.litemall.db.service.LitemallGoodsProductService; import org.linlinjava.litemall.db.service.LitemallGoodsService; @@ -32,8 +32,9 @@ public class AdminDashbordController { @Autowired private LitemallOrderService orderService; + @RequiresPermissions("admin:dashboard:info") @GetMapping("") - public Object info(@LoginAdmin Integer adminId) { + public Object info() { int userTotal = userService.count(); int goodsTotal = goodsService.count(); int productTotal = productService.count(); diff --git a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminFeedbackController.java b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminFeedbackController.java index 7a6c61c4..70646796 100644 --- a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminFeedbackController.java +++ b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminFeedbackController.java @@ -2,7 +2,7 @@ package org.linlinjava.litemall.admin.web; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.linlinjava.litemall.admin.annotation.LoginAdmin; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.linlinjava.litemall.core.util.ResponseUtil; import org.linlinjava.litemall.core.validator.Order; import org.linlinjava.litemall.core.validator.Sort; @@ -32,9 +32,9 @@ public class AdminFeedbackController { @Autowired private LitemallFeedbackService feedbackService; + @RequiresPermissions("admin:feedback:list") @GetMapping("/list") - public Object list(@LoginAdmin Integer adminId, - Integer userId, String username, + public Object list(Integer userId, String username, @RequestParam(defaultValue = "1") Integer page, @RequestParam(defaultValue = "10") Integer limit, @Sort @RequestParam(defaultValue = "add_time") String sort, diff --git a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminFootprintController.java b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminFootprintController.java index a7cc21db..62226e78 100644 --- a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminFootprintController.java +++ b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminFootprintController.java @@ -2,7 +2,7 @@ package org.linlinjava.litemall.admin.web; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.linlinjava.litemall.admin.annotation.LoginAdmin; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.linlinjava.litemall.core.util.ResponseUtil; import org.linlinjava.litemall.core.validator.Order; import org.linlinjava.litemall.core.validator.Sort; @@ -28,9 +28,9 @@ public class AdminFootprintController { @Autowired private LitemallFootprintService footprintService; + @RequiresPermissions("admin:footprint:list") @GetMapping("/list") - public Object list(@LoginAdmin Integer adminId, - String userId, String goodsId, + public Object list(String userId, String goodsId, @RequestParam(defaultValue = "1") Integer page, @RequestParam(defaultValue = "10") Integer limit, @Sort @RequestParam(defaultValue = "add_time") String sort, diff --git a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminGoodsController.java b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminGoodsController.java index 6966c99f..4b9e37f8 100644 --- a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminGoodsController.java +++ b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminGoodsController.java @@ -2,7 +2,7 @@ package org.linlinjava.litemall.admin.web; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.linlinjava.litemall.admin.annotation.LoginAdmin; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.linlinjava.litemall.admin.dao.GoodsAllinone; import org.linlinjava.litemall.admin.util.CatVo; import org.linlinjava.litemall.core.qcode.QCodeService; @@ -59,9 +59,9 @@ public class AdminGoodsController { @Autowired private QCodeService qCodeService; + @RequiresPermissions("admin:goods:list") @GetMapping("/list") - public Object list(@LoginAdmin Integer adminId, - String goodsSn, String name, + public Object list(String goodsSn, String name, @RequestParam(defaultValue = "1") Integer page, @RequestParam(defaultValue = "10") Integer limit, @Sort @RequestParam(defaultValue = "add_time") String sort, @@ -161,8 +161,9 @@ public class AdminGoodsController { * 因此这里会拒绝管理员编辑商品,如果订单或购物车中存在商品。 * 所以这里可能需要重新设计。 */ + @RequiresPermissions("admin:goods:update") @PostMapping("/update") - public Object update(@LoginAdmin Integer adminId, @RequestBody GoodsAllinone goodsAllinone) { + public Object update(@RequestBody GoodsAllinone goodsAllinone) { Object error = validate(goodsAllinone); if (error != null) { return error; @@ -232,8 +233,9 @@ public class AdminGoodsController { return ResponseUtil.ok(); } + @RequiresPermissions("admin:goods:delete") @PostMapping("/delete") - public Object delete(@LoginAdmin Integer adminId, @RequestBody LitemallGoods goods) { + public Object delete(@RequestBody LitemallGoods goods) { Integer id = goods.getId(); if (id == null) { return ResponseUtil.badArgument(); @@ -259,8 +261,9 @@ public class AdminGoodsController { return ResponseUtil.ok(); } + @RequiresPermissions("admin:goods:create") @PostMapping("/create") - public Object create(@LoginAdmin Integer adminId, @RequestBody GoodsAllinone goodsAllinone) { + public Object create(@RequestBody GoodsAllinone goodsAllinone) { Object error = validate(goodsAllinone); if (error != null) { return error; @@ -321,9 +324,9 @@ public class AdminGoodsController { return ResponseUtil.ok(); } - + @RequiresPermissions("admin:goods:list") @GetMapping("/catAndBrand") - public Object list2(@LoginAdmin Integer adminId) { + public Object list2() { // http://element-cn.eleme.io/#/zh-CN/component/cascader // 管理员设置“所属分类” List l1CatList = categoryService.queryL1(); @@ -364,8 +367,9 @@ public class AdminGoodsController { return ResponseUtil.ok(data); } + @RequiresPermissions("admin:goods:read") @GetMapping("/detail") - public Object detail(@LoginAdmin Integer adminId, @NotNull Integer id) { + public Object detail(@NotNull Integer id) { LitemallGoods goods = goodsService.findById(id); List products = productService.queryByGid(id); List specifications = specificationService.queryByGid(id); diff --git a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminGrouponController.java b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminGrouponController.java index 37cc1d69..e03d79a9 100644 --- a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminGrouponController.java +++ b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminGrouponController.java @@ -2,7 +2,7 @@ package org.linlinjava.litemall.admin.web; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.linlinjava.litemall.admin.annotation.LoginAdmin; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.linlinjava.litemall.core.util.ResponseUtil; import org.linlinjava.litemall.core.validator.Order; import org.linlinjava.litemall.core.validator.Sort; @@ -36,9 +36,9 @@ public class AdminGrouponController { @Autowired private LitemallGrouponService grouponService; + @RequiresPermissions("admin:groupon:read") @GetMapping("/listRecord") - public Object listRecord(@LoginAdmin Integer adminId, - String grouponId, + public Object listRecord(String grouponId, @RequestParam(defaultValue = "1") Integer page, @RequestParam(defaultValue = "10") Integer limit, @Sort @RequestParam(defaultValue = "add_time") String sort, @@ -72,9 +72,9 @@ public class AdminGrouponController { return ResponseUtil.ok(data); } + @RequiresPermissions("admin:groupon:delete") @GetMapping("/list") - public Object list(@LoginAdmin Integer adminId, - String goodsId, + public Object list(String goodsId, @RequestParam(defaultValue = "1") Integer page, @RequestParam(defaultValue = "10") Integer limit, @Sort @RequestParam(defaultValue = "add_time") String sort, @@ -109,8 +109,9 @@ public class AdminGrouponController { return null; } + @RequiresPermissions("admin:groupon:update") @PostMapping("/update") - public Object update(@LoginAdmin Integer adminId, @RequestBody LitemallGrouponRules grouponRules) { + public Object update(@RequestBody LitemallGrouponRules grouponRules) { Object error = validate(grouponRules); if (error != null) { return error; @@ -132,9 +133,9 @@ public class AdminGrouponController { return ResponseUtil.ok(); } - + @RequiresPermissions("admin:groupon:create") @PostMapping("/create") - public Object create(@LoginAdmin Integer adminId, @RequestBody LitemallGrouponRules grouponRules) { + public Object create(@RequestBody LitemallGrouponRules grouponRules) { Object error = validate(grouponRules); if (error != null) { return error; @@ -154,9 +155,9 @@ public class AdminGrouponController { return ResponseUtil.ok(grouponRules); } - + @RequiresPermissions("admin:groupon:delete") @PostMapping("/delete") - public Object delete(@LoginAdmin Integer adminId, @RequestBody LitemallGrouponRules grouponRules) { + public Object delete(@RequestBody LitemallGrouponRules grouponRules) { Integer id = grouponRules.getId(); if (id == null) { return ResponseUtil.badArgument(); diff --git a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminHistoryController.java b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminHistoryController.java index 32d6555d..65cd59bc 100644 --- a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminHistoryController.java +++ b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminHistoryController.java @@ -2,7 +2,7 @@ package org.linlinjava.litemall.admin.web; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.linlinjava.litemall.admin.annotation.LoginAdmin; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.linlinjava.litemall.core.util.ResponseUtil; import org.linlinjava.litemall.core.validator.Order; import org.linlinjava.litemall.core.validator.Sort; @@ -26,9 +26,9 @@ public class AdminHistoryController { @Autowired private LitemallSearchHistoryService searchHistoryService; + @RequiresPermissions("admin:history:list") @GetMapping("/list") - public Object list(@LoginAdmin Integer adminId, - String userId, String keyword, + public Object list(String userId, String keyword, @RequestParam(defaultValue = "1") Integer page, @RequestParam(defaultValue = "10") Integer limit, @Sort @RequestParam(defaultValue = "add_time") String sort, diff --git a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminIssueController.java b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminIssueController.java index 76595add..fcdafd12 100644 --- a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminIssueController.java +++ b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminIssueController.java @@ -2,7 +2,7 @@ package org.linlinjava.litemall.admin.web; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.linlinjava.litemall.admin.annotation.LoginAdmin; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.linlinjava.litemall.core.util.ResponseUtil; import org.linlinjava.litemall.core.validator.Order; import org.linlinjava.litemall.core.validator.Sort; @@ -27,9 +27,9 @@ public class AdminIssueController { @Autowired private LitemallIssueService issueService; + @RequiresPermissions("admin:issue:list") @GetMapping("/list") - public Object list(@LoginAdmin Integer adminId, - String question, + public Object list(String question, @RequestParam(defaultValue = "1") Integer page, @RequestParam(defaultValue = "10") Integer limit, @Sort @RequestParam(defaultValue = "add_time") String sort, @@ -55,8 +55,9 @@ public class AdminIssueController { return null; } + @RequiresPermissions("admin:issue:create") @PostMapping("/create") - public Object create(@LoginAdmin Integer adminId, @RequestBody LitemallIssue issue) { + public Object create(@RequestBody LitemallIssue issue) { Object error = validate(issue); if (error != null) { return error; @@ -65,14 +66,16 @@ public class AdminIssueController { return ResponseUtil.ok(issue); } + @RequiresPermissions("admin:issue:read") @GetMapping("/read") - public Object read(@LoginAdmin Integer adminId, @NotNull Integer id) { + public Object read(@NotNull Integer id) { LitemallIssue issue = issueService.findById(id); return ResponseUtil.ok(issue); } + @RequiresPermissions("admin:issue:update") @PostMapping("/update") - public Object update(@LoginAdmin Integer adminId, @RequestBody LitemallIssue issue) { + public Object update(@RequestBody LitemallIssue issue) { Object error = validate(issue); if (error != null) { return error; @@ -84,8 +87,9 @@ public class AdminIssueController { return ResponseUtil.ok(issue); } + @RequiresPermissions("admin:issue:delete") @PostMapping("/delete") - public Object delete(@LoginAdmin Integer adminId, @RequestBody LitemallIssue issue) { + public Object delete(@RequestBody LitemallIssue issue) { Integer id = issue.getId(); if (id == null) { return ResponseUtil.badArgument(); diff --git a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminKeywordController.java b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminKeywordController.java index fe72a48b..7435cc29 100644 --- a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminKeywordController.java +++ b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminKeywordController.java @@ -2,7 +2,7 @@ package org.linlinjava.litemall.admin.web; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.linlinjava.litemall.admin.annotation.LoginAdmin; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.linlinjava.litemall.core.util.ResponseUtil; import org.linlinjava.litemall.core.validator.Order; import org.linlinjava.litemall.core.validator.Sort; @@ -27,9 +27,9 @@ public class AdminKeywordController { @Autowired private LitemallKeywordService keywordService; + @RequiresPermissions("admin:keyword:list") @GetMapping("/list") - public Object list(@LoginAdmin Integer adminId, - String keyword, String url, + public Object list(String keyword, String url, @RequestParam(defaultValue = "1") Integer page, @RequestParam(defaultValue = "10") Integer limit, @Sort @RequestParam(defaultValue = "add_time") String sort, @@ -55,8 +55,9 @@ public class AdminKeywordController { return null; } + @RequiresPermissions("admin:keyword:create") @PostMapping("/create") - public Object create(@LoginAdmin Integer adminId, @RequestBody LitemallKeyword keywords) { + public Object create(@RequestBody LitemallKeyword keywords) { Object error = validate(keywords); if (error != null) { return error; @@ -65,14 +66,16 @@ public class AdminKeywordController { return ResponseUtil.ok(keywords); } + @RequiresPermissions("admin:keyword:read") @GetMapping("/read") - public Object read(@LoginAdmin Integer adminId, @NotNull Integer id) { + public Object read(@NotNull Integer id) { LitemallKeyword brand = keywordService.findById(id); return ResponseUtil.ok(brand); } + @RequiresPermissions("admin:keyword:update") @PostMapping("/update") - public Object update(@LoginAdmin Integer adminId, @RequestBody LitemallKeyword keywords) { + public Object update(@RequestBody LitemallKeyword keywords) { Object error = validate(keywords); if (error != null) { return error; @@ -83,8 +86,9 @@ public class AdminKeywordController { return ResponseUtil.ok(keywords); } + @RequiresPermissions("admin:keyword:delete") @PostMapping("/delete") - public Object delete(@LoginAdmin Integer adminId, @RequestBody LitemallKeyword keyword) { + public Object delete(@RequestBody LitemallKeyword keyword) { Integer id = keyword.getId(); if (id == null) { return ResponseUtil.badArgument(); diff --git a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminOrderController.java b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminOrderController.java index f0a63f0c..843bfd9d 100644 --- a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminOrderController.java +++ b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminOrderController.java @@ -6,19 +6,20 @@ import com.github.binarywang.wxpay.exception.WxPayException; import com.github.binarywang.wxpay.service.WxPayService; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.linlinjava.litemall.admin.annotation.LoginAdmin; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.linlinjava.litemall.core.notify.NotifyService; import org.linlinjava.litemall.core.notify.NotifyType; -import org.linlinjava.litemall.core.util.CharUtil; import org.linlinjava.litemall.core.util.JacksonUtil; import org.linlinjava.litemall.core.util.ResponseUtil; import org.linlinjava.litemall.core.validator.Order; import org.linlinjava.litemall.core.validator.Sort; -import org.linlinjava.litemall.db.domain.*; +import org.linlinjava.litemall.db.domain.LitemallComment; +import org.linlinjava.litemall.db.domain.LitemallOrder; +import org.linlinjava.litemall.db.domain.LitemallOrderGoods; +import org.linlinjava.litemall.db.domain.UserVo; import org.linlinjava.litemall.db.service.*; import org.linlinjava.litemall.db.util.OrderUtil; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.scheduling.annotation.Scheduled; import org.springframework.transaction.PlatformTransactionManager; import org.springframework.transaction.TransactionDefinition; import org.springframework.transaction.TransactionStatus; @@ -60,9 +61,9 @@ public class AdminOrderController { @Autowired private NotifyService notifyService; + @RequiresPermissions("admin:order:list") @GetMapping("/list") - public Object list(@LoginAdmin Integer adminId, - Integer userId, String orderSn, + public Object list(Integer userId, String orderSn, @RequestParam(required = false) List orderStatusArray, @RequestParam(defaultValue = "1") Integer page, @RequestParam(defaultValue = "10") Integer limit, @@ -78,8 +79,9 @@ public class AdminOrderController { return ResponseUtil.ok(data); } + @RequiresPermissions("admin:order:read") @GetMapping("/detail") - public Object detail(@LoginAdmin Integer adminId, @NotNull Integer id) { + public Object detail(@NotNull Integer id) { LitemallOrder order = orderService.findById(id); List orderGoods = orderGoodsService.queryByOid(id); UserVo user = userService.findUserVoById(order.getUserId()); @@ -108,8 +110,9 @@ public class AdminOrderController { * @param body 订单信息,{ orderId:xxx } * @return 订单退款操作结果 */ + @RequiresPermissions("admin:order:refund") @PostMapping("refund") - public Object refund(@LoginAdmin Integer adminId, @RequestBody String body) { + public Object refund(@RequestBody String body) { Integer orderId = JacksonUtil.parseInteger(body, "orderId"); String refundMoney = JacksonUtil.parseString(body, "refundMoney"); if (orderId == null) { @@ -205,8 +208,9 @@ public class AdminOrderController { * 成功则 { errno: 0, errmsg: '成功' } * 失败则 { errno: XXX, errmsg: XXX } */ + @RequiresPermissions("admin:order:ship") @PostMapping("ship") - public Object ship(@LoginAdmin Integer adminId, @RequestBody String body) { + public Object ship(@RequestBody String body) { Integer orderId = JacksonUtil.parseInteger(body, "orderId"); String shipSn = JacksonUtil.parseString(body, "shipSn"); String shipChannel = JacksonUtil.parseString(body, "shipChannel"); @@ -250,8 +254,9 @@ public class AdminOrderController { * 成功则 { errno: 0, errmsg: '成功' } * 失败则 { errno: XXX, errmsg: XXX } */ + @RequiresPermissions("admin:order:reply") @PostMapping("reply") - public Object reply(@LoginAdmin Integer adminId, @RequestBody String body) { + public Object reply(@RequestBody String body) { Integer commentId = JacksonUtil.parseInteger(body, "commentId"); if (commentId == null || commentId == 0) { return ResponseUtil.badArgument(); diff --git a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminProfileController.java b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminProfileController.java index cf6cd2e9..d9f5f6ae 100644 --- a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminProfileController.java +++ b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminProfileController.java @@ -2,7 +2,9 @@ package org.linlinjava.litemall.admin.web; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.linlinjava.litemall.admin.annotation.LoginAdmin; +import org.apache.shiro.SecurityUtils; +import org.apache.shiro.authz.annotation.RequiresAuthentication; +import org.apache.shiro.subject.Subject; import org.linlinjava.litemall.core.util.JacksonUtil; import org.linlinjava.litemall.core.util.ResponseUtil; import org.linlinjava.litemall.core.util.bcrypt.BCryptPasswordEncoder; @@ -16,7 +18,6 @@ import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; -import static org.linlinjava.litemall.admin.util.AdminResponseCode.ADMIN_ALTER_NOT_ALLOWED; import static org.linlinjava.litemall.admin.util.AdminResponseCode.ADMIN_INVALID_ACCOUNT; @RestController @@ -28,8 +29,9 @@ public class AdminProfileController { @Autowired private LitemallAdminService adminService; + @RequiresAuthentication @PostMapping("/password") - public Object create(@LoginAdmin Integer adminId, @RequestBody String body) { + public Object create(@RequestBody String body) { String oldPassword = JacksonUtil.parseString(body, "oldPassword"); String newPassword = JacksonUtil.parseString(body, "newPassword"); if (StringUtils.isEmpty(oldPassword)) { @@ -39,7 +41,8 @@ public class AdminProfileController { return ResponseUtil.badArgument(); } - LitemallAdmin admin = adminService.findAdmin(adminId); + Subject currentUser = SecurityUtils.getSubject(); + LitemallAdmin admin = (LitemallAdmin) currentUser.getPrincipal(); BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(); if (!encoder.matches(oldPassword, admin.getPassword())) { diff --git a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminRegionController.java b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminRegionController.java index bb5600c9..25c3f3cb 100644 --- a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminRegionController.java +++ b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminRegionController.java @@ -2,7 +2,6 @@ package org.linlinjava.litemall.admin.web; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.linlinjava.litemall.admin.annotation.LoginAdmin; import org.linlinjava.litemall.core.util.ResponseUtil; import org.linlinjava.litemall.core.validator.Order; import org.linlinjava.litemall.core.validator.Sort; @@ -30,14 +29,13 @@ public class AdminRegionController { private LitemallRegionService regionService; @GetMapping("/clist") - public Object clist(@LoginAdmin Integer adminId, @NotNull Integer id) { + public Object clist(@NotNull Integer id) { List regionList = regionService.queryByPid(id); return ResponseUtil.ok(regionList); } @GetMapping("/list") - public Object list(@LoginAdmin Integer adminId, - String name, Integer code, + public Object list(String name, Integer code, @RequestParam(defaultValue = "1") Integer page, @RequestParam(defaultValue = "10") Integer limit, @Sort(accepts = {"id"}) @RequestParam(defaultValue = "id") String sort, diff --git a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminStatController.java b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminStatController.java index 0a7b7d0d..9d7e2aa8 100644 --- a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminStatController.java +++ b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminStatController.java @@ -2,7 +2,7 @@ package org.linlinjava.litemall.admin.web; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.linlinjava.litemall.admin.annotation.LoginAdmin; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.linlinjava.litemall.admin.util.StatVo; import org.linlinjava.litemall.core.util.ResponseUtil; import org.linlinjava.litemall.db.service.StatService; @@ -24,8 +24,9 @@ public class AdminStatController { @Autowired private StatService statService; + @RequiresPermissions("admin:stat:user") @GetMapping("/user") - public Object statUser(@LoginAdmin Integer adminId) { + public Object statUser() { List rows = statService.statUser(); String[] columns = new String[]{"day", "users"}; StatVo statVo = new StatVo(); @@ -34,8 +35,9 @@ public class AdminStatController { return ResponseUtil.ok(statVo); } + @RequiresPermissions("admin:stat:order") @GetMapping("/order") - public Object statOrder(@LoginAdmin Integer adminId) { + public Object statOrder() { List rows = statService.statOrder(); String[] columns = new String[]{"day", "orders", "customers", "amount", "pcr"}; StatVo statVo = new StatVo(); @@ -45,8 +47,9 @@ public class AdminStatController { return ResponseUtil.ok(statVo); } + @RequiresPermissions("admin:stat:goods") @GetMapping("/goods") - public Object statGoods(@LoginAdmin Integer adminId) { + public Object statGoods() { List rows = statService.statGoods(); String[] columns = new String[]{"day", "orders", "products", "amount"}; StatVo statVo = new StatVo(); diff --git a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminStorageController.java b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminStorageController.java index 600dd2dd..b8f1e95f 100644 --- a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminStorageController.java +++ b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminStorageController.java @@ -2,7 +2,7 @@ package org.linlinjava.litemall.admin.web; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.linlinjava.litemall.admin.annotation.LoginAdmin; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.linlinjava.litemall.core.storage.StorageService; import org.linlinjava.litemall.core.util.ResponseUtil; import org.linlinjava.litemall.core.validator.Order; @@ -32,9 +32,9 @@ public class AdminStorageController { @Autowired private LitemallStorageService litemallStorageService; + @RequiresPermissions("admin:storage:list") @GetMapping("/list") - public Object list(@LoginAdmin Integer adminId, - String key, String name, + public Object list(String key, String name, @RequestParam(defaultValue = "1") Integer page, @RequestParam(defaultValue = "10") Integer limit, @Sort @RequestParam(defaultValue = "add_time") String sort, @@ -48,8 +48,9 @@ public class AdminStorageController { return ResponseUtil.ok(data); } + @RequiresPermissions("admin:storage:create") @PostMapping("/create") - public Object create(@LoginAdmin Integer adminId, @RequestParam("file") MultipartFile file) throws IOException { + public Object create(@RequestParam("file") MultipartFile file) throws IOException { String originalFilename = file.getOriginalFilename(); String url = storageService.store(file.getInputStream(), file.getSize(), file.getContentType(), originalFilename); Map data = new HashMap<>(); @@ -57,8 +58,9 @@ public class AdminStorageController { return ResponseUtil.ok(data); } + @RequiresPermissions("admin:storage:read") @PostMapping("/read") - public Object read(@LoginAdmin Integer adminId, @NotNull Integer id) { + public Object read(@NotNull Integer id) { LitemallStorage storageInfo = litemallStorageService.findById(id); if (storageInfo == null) { return ResponseUtil.badArgumentValue(); @@ -66,16 +68,18 @@ public class AdminStorageController { return ResponseUtil.ok(storageInfo); } + @RequiresPermissions("admin:storage:delete") @PostMapping("/update") - public Object update(@LoginAdmin Integer adminId, @RequestBody LitemallStorage litemallStorage) { + public Object update(@RequestBody LitemallStorage litemallStorage) { if (litemallStorageService.update(litemallStorage) == 0) { return ResponseUtil.updatedDataFailed(); } return ResponseUtil.ok(litemallStorage); } + @RequiresPermissions("admin:storage:delete") @PostMapping("/delete") - public Object delete(@LoginAdmin Integer adminId, @RequestBody LitemallStorage litemallStorage) { + public Object delete(@RequestBody LitemallStorage litemallStorage) { String key = litemallStorage.getKey(); if (StringUtils.isEmpty(key)) { return ResponseUtil.badArgument(); diff --git a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminTopicController.java b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminTopicController.java index 5d9d0c54..daa3804b 100644 --- a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminTopicController.java +++ b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminTopicController.java @@ -2,7 +2,7 @@ package org.linlinjava.litemall.admin.web; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.linlinjava.litemall.admin.annotation.LoginAdmin; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.linlinjava.litemall.core.util.ResponseUtil; import org.linlinjava.litemall.core.validator.Order; import org.linlinjava.litemall.core.validator.Sort; @@ -28,9 +28,9 @@ public class AdminTopicController { @Autowired private LitemallTopicService topicService; + @RequiresPermissions("admin:topic:list") @GetMapping("/list") - public Object list(@LoginAdmin Integer adminId, - String title, String subtitle, + public Object list(String title, String subtitle, @RequestParam(defaultValue = "1") Integer page, @RequestParam(defaultValue = "10") Integer limit, @Sort @RequestParam(defaultValue = "add_time") String sort, @@ -60,8 +60,9 @@ public class AdminTopicController { return null; } + @RequiresPermissions("admin:topic:create") @PostMapping("/create") - public Object create(@LoginAdmin Integer adminId, @RequestBody LitemallTopic topic) { + public Object create(@RequestBody LitemallTopic topic) { Object error = validate(topic); if (error != null) { return error; @@ -70,14 +71,16 @@ public class AdminTopicController { return ResponseUtil.ok(topic); } + @RequiresPermissions("admin:topic:read") @GetMapping("/read") - public Object read(@LoginAdmin Integer adminId, @NotNull Integer id) { + public Object read(@NotNull Integer id) { LitemallTopic topic = topicService.findById(id); return ResponseUtil.ok(topic); } + @RequiresPermissions("admin:topic:update") @PostMapping("/update") - public Object update(@LoginAdmin Integer adminId, @RequestBody LitemallTopic topic) { + public Object update(@RequestBody LitemallTopic topic) { Object error = validate(topic); if (error != null) { return error; @@ -88,8 +91,9 @@ public class AdminTopicController { return ResponseUtil.ok(topic); } + @RequiresPermissions("admin:topic:delete") @PostMapping("/delete") - public Object delete(@LoginAdmin Integer adminId, @RequestBody LitemallTopic topic) { + public Object delete(@RequestBody LitemallTopic topic) { topicService.deleteById(topic.getId()); return ResponseUtil.ok(); } diff --git a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminUserController.java b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminUserController.java index 19a23bc3..015fd567 100644 --- a/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminUserController.java +++ b/litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminUserController.java @@ -2,7 +2,7 @@ package org.linlinjava.litemall.admin.web; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.linlinjava.litemall.admin.annotation.LoginAdmin; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.linlinjava.litemall.core.util.RegexUtil; import org.linlinjava.litemall.core.util.ResponseUtil; import org.linlinjava.litemall.core.util.bcrypt.BCryptPasswordEncoder; @@ -31,9 +31,9 @@ public class AdminUserController { @Autowired private LitemallUserService userService; + @RequiresPermissions("admin:user:list") @GetMapping("/list") - public Object list(@LoginAdmin Integer adminId, - String username, String mobile, + public Object list(String username, String mobile, @RequestParam(defaultValue = "1") Integer page, @RequestParam(defaultValue = "10") Integer limit, @Sort @RequestParam(defaultValue = "add_time") String sort, @@ -47,8 +47,9 @@ public class AdminUserController { return ResponseUtil.ok(data); } + @RequiresPermissions("admin:user:list") @GetMapping("/username") - public Object username(@LoginAdmin Integer adminId, @NotEmpty String username) { + public Object username(@NotEmpty String username) { int total = userService.countSeletive(username, null, null, null, null, null); if (total == 0) { return ResponseUtil.ok("不存在"); @@ -78,8 +79,9 @@ public class AdminUserController { return null; } + @RequiresPermissions("admin:user:create") @PostMapping("/create") - public Object create(@LoginAdmin Integer adminId, @RequestBody LitemallUser user) { + public Object create(@RequestBody LitemallUser user) { Object error = validate(user); if (error != null) { return error; @@ -107,8 +109,9 @@ public class AdminUserController { return ResponseUtil.ok(user); } + @RequiresPermissions("admin:user:update") @PostMapping("/update") - public Object update(@LoginAdmin Integer adminId, @RequestBody LitemallUser user) { + public Object update(@RequestBody LitemallUser user) { Object error = validate(user); if (error != null) { return error;