chore[litemall-admin-api]: 权限代码微调
This commit is contained in:
Junling Bu
@@ -13,32 +13,33 @@ import org.springframework.web.bind.annotation.PostMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.*;
|
||||
import java.util.stream.Collectors;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
public class PermissionUtil {
|
||||
|
||||
public static List<PermVo> listPermissions(ApplicationContext context, String basicPackage) {
|
||||
List<PermVo> root = new ArrayList<>();
|
||||
List<Permission> permissions = findPermissions(context, basicPackage);
|
||||
for(Permission permission : permissions) {
|
||||
for (Permission permission : permissions) {
|
||||
RequiresPermissions requiresPermissions = permission.getRequiresPermissions();
|
||||
RequiresPermissionsDesc requiresPermissionsDesc = permission.getRequiresPermissionsDesc();
|
||||
String api = permission.getApi();
|
||||
|
||||
String[] menus = requiresPermissionsDesc.menu();
|
||||
if(menus.length != 2){
|
||||
if (menus.length != 2) {
|
||||
throw new RuntimeException("目前只支持两级菜单");
|
||||
}
|
||||
String menu1 = menus[0];
|
||||
PermVo perm1 = null;
|
||||
for(PermVo permVo : root){
|
||||
if(permVo.getLabel().equals(menu1)){
|
||||
for (PermVo permVo : root) {
|
||||
if (permVo.getLabel().equals(menu1)) {
|
||||
perm1 = permVo;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if(perm1 == null){
|
||||
if (perm1 == null) {
|
||||
perm1 = new PermVo();
|
||||
perm1.setId(menu1);
|
||||
perm1.setLabel(menu1);
|
||||
@@ -47,13 +48,13 @@ public class PermissionUtil {
|
||||
}
|
||||
String menu2 = menus[1];
|
||||
PermVo perm2 = null;
|
||||
for(PermVo permVo : perm1.getChildren()){
|
||||
if(permVo.getLabel().equals(menu2)){
|
||||
for (PermVo permVo : perm1.getChildren()) {
|
||||
if (permVo.getLabel().equals(menu2)) {
|
||||
perm2 = permVo;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if(perm2 == null){
|
||||
if (perm2 == null) {
|
||||
perm2 = new PermVo();
|
||||
perm2.setId(menu2);
|
||||
perm2.setLabel(menu2);
|
||||
@@ -61,12 +62,28 @@ public class PermissionUtil {
|
||||
perm1.getChildren().add(perm2);
|
||||
}
|
||||
|
||||
PermVo leftPerm = new PermVo();
|
||||
leftPerm.setId(requiresPermissions.value()[0]);
|
||||
leftPerm.setLabel(requiresPermissionsDesc.button());
|
||||
leftPerm.setApi(api);
|
||||
String button = requiresPermissionsDesc.button();
|
||||
PermVo leftPerm = null;
|
||||
for (PermVo permVo : perm2.getChildren()) {
|
||||
if (permVo.getLabel().equals(button)) {
|
||||
leftPerm = permVo;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (leftPerm == null) {
|
||||
leftPerm = new PermVo();
|
||||
leftPerm.setId(requiresPermissions.value()[0]);
|
||||
leftPerm.setLabel(requiresPermissionsDesc.button());
|
||||
leftPerm.setApi(api);
|
||||
perm2.getChildren().add(leftPerm);
|
||||
}
|
||||
else{
|
||||
// TODO
|
||||
// 目前限制Controller里面每个方法的RequiresPermissionsDesc注解是唯一的
|
||||
// 如果允许相同,可能会造成内部权限不一致。
|
||||
throw new RuntimeException("权限已经存在,不能添加新权限");
|
||||
}
|
||||
|
||||
perm2.getChildren().add(leftPerm);
|
||||
}
|
||||
return root;
|
||||
}
|
||||
@@ -74,9 +91,9 @@ public class PermissionUtil {
|
||||
public static List<Permission> findPermissions(ApplicationContext context, String basicPackage) {
|
||||
Map<String, Object> map = context.getBeansWithAnnotation(Controller.class);
|
||||
List<Permission> permissions = new ArrayList<>();
|
||||
for(Map.Entry<String, Object> entry : map.entrySet()){
|
||||
for (Map.Entry<String, Object> entry : map.entrySet()) {
|
||||
Object bean = entry.getValue();
|
||||
if(!StringUtils.contains(ClassUtils.getPackageName(bean.getClass()), basicPackage)){
|
||||
if (!StringUtils.contains(ClassUtils.getPackageName(bean.getClass()), basicPackage)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
@@ -84,21 +101,21 @@ public class PermissionUtil {
|
||||
Class controllerClz = clz.getSuperclass();
|
||||
RequestMapping clazzRequestMapping = AnnotationUtils.findAnnotation(controllerClz, RequestMapping.class);
|
||||
List<Method> methods = MethodUtils.getMethodsListWithAnnotation(controllerClz, RequiresPermissions.class);
|
||||
for(Method method : methods){
|
||||
for (Method method : methods) {
|
||||
RequiresPermissions requiresPermissions = AnnotationUtils.getAnnotation(method, RequiresPermissions.class);
|
||||
RequiresPermissionsDesc requiresPermissionsDesc = AnnotationUtils.getAnnotation(method, RequiresPermissionsDesc.class);
|
||||
|
||||
if(requiresPermissions == null || requiresPermissionsDesc == null){
|
||||
if (requiresPermissions == null || requiresPermissionsDesc == null) {
|
||||
continue;
|
||||
}
|
||||
|
||||
String api = "";
|
||||
if(clazzRequestMapping != null){
|
||||
if (clazzRequestMapping != null) {
|
||||
api = clazzRequestMapping.value()[0];
|
||||
}
|
||||
|
||||
PostMapping postMapping = AnnotationUtils.getAnnotation(method, PostMapping.class);
|
||||
if(postMapping != null){
|
||||
if (postMapping != null) {
|
||||
api = "POST " + api + postMapping.value()[0];
|
||||
|
||||
Permission permission = new Permission();
|
||||
@@ -109,7 +126,7 @@ public class PermissionUtil {
|
||||
continue;
|
||||
}
|
||||
GetMapping getMapping = AnnotationUtils.getAnnotation(method, GetMapping.class);
|
||||
if(getMapping != null){
|
||||
if (getMapping != null) {
|
||||
api = "GET " + api + getMapping.value()[0];
|
||||
Permission permission = new Permission();
|
||||
permission.setRequiresPermissions(requiresPermissions);
|
||||
|
||||
@@ -51,7 +51,7 @@ public class AdminCouponController {
|
||||
}
|
||||
|
||||
@RequiresPermissions("admin:coupon:list")
|
||||
@RequiresPermissionsDesc(menu={"推广管理" , "优惠券管理"}, button="查询")
|
||||
@RequiresPermissionsDesc(menu={"推广管理" , "优惠券管理"}, button="查询用户")
|
||||
@GetMapping("/listuser")
|
||||
public Object listuser(Integer userId, Integer couponId, Short status,
|
||||
@RequestParam(defaultValue = "1") Integer page,
|
||||
|
||||
@@ -36,7 +36,7 @@ public class AdminGoodsController {
|
||||
* @return
|
||||
*/
|
||||
@RequiresPermissions("admin:goods:list")
|
||||
@RequiresPermissionsDesc(menu = {"商品管理", "商品列表"}, button = "查询")
|
||||
@RequiresPermissionsDesc(menu = {"商品管理", "商品管理"}, button = "查询")
|
||||
@GetMapping("/list")
|
||||
public Object list(String goodsSn, String name,
|
||||
@RequestParam(defaultValue = "1") Integer page,
|
||||
@@ -46,6 +46,11 @@ public class AdminGoodsController {
|
||||
return adminGoodsService.list(goodsSn, name, page, limit, sort, order);
|
||||
}
|
||||
|
||||
@GetMapping("/catAndBrand")
|
||||
public Object list2() {
|
||||
return adminGoodsService.list2();
|
||||
}
|
||||
|
||||
/**
|
||||
* 编辑商品
|
||||
*
|
||||
@@ -53,7 +58,7 @@ public class AdminGoodsController {
|
||||
* @return
|
||||
*/
|
||||
@RequiresPermissions("admin:goods:update")
|
||||
@RequiresPermissionsDesc(menu = {"商品管理", "商品列表"}, button = "编辑")
|
||||
@RequiresPermissionsDesc(menu = {"商品管理", "商品管理"}, button = "编辑")
|
||||
@PostMapping("/update")
|
||||
public Object update(@RequestBody GoodsAllinone goodsAllinone) {
|
||||
return adminGoodsService.update(goodsAllinone);
|
||||
@@ -66,7 +71,7 @@ public class AdminGoodsController {
|
||||
* @return
|
||||
*/
|
||||
@RequiresPermissions("admin:goods:delete")
|
||||
@RequiresPermissionsDesc(menu = {"商品管理", "商品列表"}, button = "删除")
|
||||
@RequiresPermissionsDesc(menu = {"商品管理", "商品管理"}, button = "删除")
|
||||
@PostMapping("/delete")
|
||||
public Object delete(@RequestBody LitemallGoods goods) {
|
||||
return adminGoodsService.delete(goods);
|
||||
@@ -79,19 +84,12 @@ public class AdminGoodsController {
|
||||
* @return
|
||||
*/
|
||||
@RequiresPermissions("admin:goods:create")
|
||||
@RequiresPermissionsDesc(menu = {"商品管理", "商品上架"}, button = "上架")
|
||||
@RequiresPermissionsDesc(menu = {"商品管理", "商品管理"}, button = "上架")
|
||||
@PostMapping("/create")
|
||||
public Object create(@RequestBody GoodsAllinone goodsAllinone) {
|
||||
return adminGoodsService.create(goodsAllinone);
|
||||
}
|
||||
|
||||
@RequiresPermissions("admin:goods:list")
|
||||
@RequiresPermissionsDesc(menu = {"商品管理", "商品列表"}, button = "查询")
|
||||
@GetMapping("/catAndBrand")
|
||||
public Object list2() {
|
||||
return adminGoodsService.list2();
|
||||
}
|
||||
|
||||
/**
|
||||
* 商品详情
|
||||
*
|
||||
@@ -99,7 +97,7 @@ public class AdminGoodsController {
|
||||
* @return
|
||||
*/
|
||||
@RequiresPermissions("admin:goods:read")
|
||||
@RequiresPermissionsDesc(menu = {"商品管理", "商品列表"}, button = "编辑")
|
||||
@RequiresPermissionsDesc(menu = {"商品管理", "商品管理"}, button = "详情")
|
||||
@GetMapping("/detail")
|
||||
public Object detail(@NotNull Integer id) {
|
||||
return adminGoodsService.detail(id);
|
||||
|
||||
@@ -38,7 +38,7 @@ public class AdminGrouponController {
|
||||
private LitemallGrouponService grouponService;
|
||||
|
||||
@RequiresPermissions("admin:groupon:read")
|
||||
@RequiresPermissionsDesc(menu={"推广管理" , "团购管理"}, button="查询")
|
||||
@RequiresPermissionsDesc(menu={"推广管理" , "团购管理"}, button="详情")
|
||||
@GetMapping("/listRecord")
|
||||
public Object listRecord(String grouponId,
|
||||
@RequestParam(defaultValue = "1") Integer page,
|
||||
|
||||
@@ -29,7 +29,7 @@ public class AdminIssueController {
|
||||
private LitemallIssueService issueService;
|
||||
|
||||
@RequiresPermissions("admin:issue:list")
|
||||
@RequiresPermissionsDesc(menu={"商城管理" , "通用问题"}, button="查询")
|
||||
@RequiresPermissionsDesc(menu={"商场管理" , "通用问题"}, button="查询")
|
||||
@GetMapping("/list")
|
||||
public Object list(String question,
|
||||
@RequestParam(defaultValue = "1") Integer page,
|
||||
@@ -58,7 +58,7 @@ public class AdminIssueController {
|
||||
}
|
||||
|
||||
@RequiresPermissions("admin:issue:create")
|
||||
@RequiresPermissionsDesc(menu={"商城管理" , "通用问题"}, button="添加")
|
||||
@RequiresPermissionsDesc(menu={"商场管理" , "通用问题"}, button="添加")
|
||||
@PostMapping("/create")
|
||||
public Object create(@RequestBody LitemallIssue issue) {
|
||||
Object error = validate(issue);
|
||||
@@ -77,7 +77,7 @@ public class AdminIssueController {
|
||||
}
|
||||
|
||||
@RequiresPermissions("admin:issue:update")
|
||||
@RequiresPermissionsDesc(menu={"商城管理" , "通用问题"}, button="编辑")
|
||||
@RequiresPermissionsDesc(menu={"商场管理" , "通用问题"}, button="编辑")
|
||||
@PostMapping("/update")
|
||||
public Object update(@RequestBody LitemallIssue issue) {
|
||||
Object error = validate(issue);
|
||||
@@ -92,7 +92,7 @@ public class AdminIssueController {
|
||||
}
|
||||
|
||||
@RequiresPermissions("admin:issue:delete")
|
||||
@RequiresPermissionsDesc(menu={"商城管理" , "通用问题"}, button="删除")
|
||||
@RequiresPermissionsDesc(menu={"商场管理" , "通用问题"}, button="删除")
|
||||
@PostMapping("/delete")
|
||||
public Object delete(@RequestBody LitemallIssue issue) {
|
||||
Integer id = issue.getId();
|
||||
|
||||
@@ -29,7 +29,7 @@ public class AdminKeywordController {
|
||||
private LitemallKeywordService keywordService;
|
||||
|
||||
@RequiresPermissions("admin:keyword:list")
|
||||
@RequiresPermissionsDesc(menu={"商城管理" , "关键词"}, button="查询")
|
||||
@RequiresPermissionsDesc(menu={"商场管理" , "关键词"}, button="查询")
|
||||
@GetMapping("/list")
|
||||
public Object list(String keyword, String url,
|
||||
@RequestParam(defaultValue = "1") Integer page,
|
||||
@@ -58,7 +58,7 @@ public class AdminKeywordController {
|
||||
}
|
||||
|
||||
@RequiresPermissions("admin:keyword:create")
|
||||
@RequiresPermissionsDesc(menu={"商城管理" , "关键词"}, button="添加")
|
||||
@RequiresPermissionsDesc(menu={"商场管理" , "关键词"}, button="添加")
|
||||
@PostMapping("/create")
|
||||
public Object create(@RequestBody LitemallKeyword keywords) {
|
||||
Object error = validate(keywords);
|
||||
@@ -70,7 +70,7 @@ public class AdminKeywordController {
|
||||
}
|
||||
|
||||
@RequiresPermissions("admin:keyword:read")
|
||||
@RequiresPermissionsDesc(menu={"商城管理" , "关键词"}, button="详情")
|
||||
@RequiresPermissionsDesc(menu={"商场管理" , "关键词"}, button="详情")
|
||||
@GetMapping("/read")
|
||||
public Object read(@NotNull Integer id) {
|
||||
LitemallKeyword brand = keywordService.findById(id);
|
||||
@@ -78,7 +78,7 @@ public class AdminKeywordController {
|
||||
}
|
||||
|
||||
@RequiresPermissions("admin:keyword:update")
|
||||
@RequiresPermissionsDesc(menu={"商城管理" , "关键词"}, button="编辑")
|
||||
@RequiresPermissionsDesc(menu={"商场管理" , "关键词"}, button="编辑")
|
||||
@PostMapping("/update")
|
||||
public Object update(@RequestBody LitemallKeyword keywords) {
|
||||
Object error = validate(keywords);
|
||||
@@ -92,7 +92,7 @@ public class AdminKeywordController {
|
||||
}
|
||||
|
||||
@RequiresPermissions("admin:keyword:delete")
|
||||
@RequiresPermissionsDesc(menu={"商城管理" , "关键词"}, button="删除")
|
||||
@RequiresPermissionsDesc(menu={"商场管理" , "关键词"}, button="删除")
|
||||
@PostMapping("/delete")
|
||||
public Object delete(@RequestBody LitemallKeyword keyword) {
|
||||
Integer id = keyword.getId();
|
||||
|
||||
@@ -36,7 +36,7 @@ public class AdminOrderController {
|
||||
* @return
|
||||
*/
|
||||
@RequiresPermissions("admin:order:list")
|
||||
@RequiresPermissionsDesc(menu = {"商城管理", "订单管理"}, button = "查询")
|
||||
@RequiresPermissionsDesc(menu = {"商场管理", "订单管理"}, button = "查询")
|
||||
@GetMapping("/list")
|
||||
public Object list(Integer userId, String orderSn,
|
||||
@RequestParam(required = false) List<Short> orderStatusArray,
|
||||
@@ -54,7 +54,7 @@ public class AdminOrderController {
|
||||
* @return
|
||||
*/
|
||||
@RequiresPermissions("admin:order:read")
|
||||
@RequiresPermissionsDesc(menu = {"商城管理", "订单管理"}, button = "详情")
|
||||
@RequiresPermissionsDesc(menu = {"商场管理", "订单管理"}, button = "详情")
|
||||
@GetMapping("/detail")
|
||||
public Object detail(@NotNull Integer id) {
|
||||
return adminOrderService.detail(id);
|
||||
@@ -67,7 +67,7 @@ public class AdminOrderController {
|
||||
* @return 订单退款操作结果
|
||||
*/
|
||||
@RequiresPermissions("admin:order:refund")
|
||||
@RequiresPermissionsDesc(menu = {"商城管理", "订单管理"}, button = "订单退款")
|
||||
@RequiresPermissionsDesc(menu = {"商场管理", "订单管理"}, button = "订单退款")
|
||||
@PostMapping("refund")
|
||||
public Object refund(@RequestBody String body) {
|
||||
return adminOrderService.refund(body);
|
||||
@@ -80,7 +80,7 @@ public class AdminOrderController {
|
||||
* @return 订单操作结果
|
||||
*/
|
||||
@RequiresPermissions("admin:order:ship")
|
||||
@RequiresPermissionsDesc(menu = {"商城管理", "订单管理"}, button = "订单发货")
|
||||
@RequiresPermissionsDesc(menu = {"商场管理", "订单管理"}, button = "订单发货")
|
||||
@PostMapping("ship")
|
||||
public Object ship(@RequestBody String body) {
|
||||
return adminOrderService.ship(body);
|
||||
@@ -94,7 +94,7 @@ public class AdminOrderController {
|
||||
* @return 订单操作结果
|
||||
*/
|
||||
@RequiresPermissions("admin:order:reply")
|
||||
@RequiresPermissionsDesc(menu = {"商城管理", "订单管理"}, button = "订单商品回复")
|
||||
@RequiresPermissionsDesc(menu = {"商场管理", "订单管理"}, button = "订单商品回复")
|
||||
@PostMapping("reply")
|
||||
public Object reply(@RequestBody String body) {
|
||||
return adminOrderService.reply(body);
|
||||
|
||||
@@ -42,7 +42,7 @@ public class AdminRoleController {
|
||||
private LitemallPermissionService permissionService;
|
||||
|
||||
@RequiresPermissions("admin:role:list")
|
||||
@RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="查询")
|
||||
@RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="角色查询")
|
||||
@GetMapping("/list")
|
||||
public Object list(String name,
|
||||
@RequestParam(defaultValue = "1") Integer page,
|
||||
@@ -58,8 +58,6 @@ public class AdminRoleController {
|
||||
return ResponseUtil.ok(data);
|
||||
}
|
||||
|
||||
@RequiresPermissions("admin:role:list")
|
||||
@RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="查询")
|
||||
@GetMapping("/options")
|
||||
public Object options(){
|
||||
List<LitemallRole> roleList = roleService.queryAll();
|
||||
@@ -76,7 +74,7 @@ public class AdminRoleController {
|
||||
}
|
||||
|
||||
@RequiresPermissions("admin:role:read")
|
||||
@RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="详情")
|
||||
@RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="角色详情")
|
||||
@GetMapping("/read")
|
||||
public Object read(@NotNull Integer id) {
|
||||
LitemallRole role = roleService.findById(id);
|
||||
@@ -94,7 +92,7 @@ public class AdminRoleController {
|
||||
}
|
||||
|
||||
@RequiresPermissions("admin:role:create")
|
||||
@RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="添加")
|
||||
@RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="角色添加")
|
||||
@PostMapping("/create")
|
||||
public Object create(@RequestBody LitemallRole role) {
|
||||
Object error = validate(role);
|
||||
@@ -112,7 +110,7 @@ public class AdminRoleController {
|
||||
}
|
||||
|
||||
@RequiresPermissions("admin:role:update")
|
||||
@RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="编辑")
|
||||
@RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="角色编辑")
|
||||
@PostMapping("/update")
|
||||
public Object update(@RequestBody LitemallRole role) {
|
||||
Object error = validate(role);
|
||||
@@ -125,7 +123,7 @@ public class AdminRoleController {
|
||||
}
|
||||
|
||||
@RequiresPermissions("admin:role:delete")
|
||||
@RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="删除")
|
||||
@RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="角色删除")
|
||||
@PostMapping("/delete")
|
||||
public Object delete(@RequestBody LitemallRole role) {
|
||||
Integer id = role.getId();
|
||||
@@ -178,7 +176,7 @@ public class AdminRoleController {
|
||||
* @return 系统所有权限列表和管理员已分配权限
|
||||
*/
|
||||
@RequiresPermissions("admin:role:permission")
|
||||
@RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="授权")
|
||||
@RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="权限详情")
|
||||
@GetMapping("/permissions")
|
||||
public Object getPermissions(Integer roleId) {
|
||||
List<PermVo> systemPermissions = getSystemPermissions();
|
||||
@@ -198,11 +196,14 @@ public class AdminRoleController {
|
||||
* @return
|
||||
*/
|
||||
@RequiresPermissions("admin:role:permission")
|
||||
@RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="授权")
|
||||
@RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="权限变更")
|
||||
@PostMapping("/permissions")
|
||||
public Object updatePermissions(@RequestBody String body) {
|
||||
Integer roleId = JacksonUtil.parseInteger(body, "roleId");
|
||||
List<String> permissions = JacksonUtil.parseStringList(body, "permissions");
|
||||
if(roleId == null || permissions == null){
|
||||
return ResponseUtil.badArgument();
|
||||
}
|
||||
|
||||
// 如果修改的角色是超级权限,则拒绝修改。
|
||||
if(permissionService.checkSuperPermission(roleId)){
|
||||
|
||||
@@ -49,8 +49,6 @@ public class AdminUserController {
|
||||
return ResponseUtil.ok(data);
|
||||
}
|
||||
|
||||
@RequiresPermissions("admin:user:list")
|
||||
@RequiresPermissionsDesc(menu={"用户管理" , "会员管理"}, button="查询")
|
||||
@GetMapping("/username")
|
||||
public Object username(@NotEmpty String username) {
|
||||
int total = userService.countSeletive(username, null, null, null, null, null);
|
||||
|
||||
Reference in New Issue
Block a user