完全权限模块的权限注册的添加
This commit is contained in:
YunaiV
parent
61e5cfe617
commit
244f248ad5
|
|
@ -10,6 +10,8 @@ import cn.iocoder.mall.security.admin.core.context.AdminSecurityContextHolder;
|
|||
import cn.iocoder.mall.systemservice.enums.SystemErrorCodeEnum;
|
||||
import cn.iocoder.mall.systemservice.rpc.oauth.OAuth2Rpc;
|
||||
import cn.iocoder.mall.systemservice.rpc.oauth.vo.OAuth2AccessTokenVO;
|
||||
import cn.iocoder.mall.systemservice.rpc.permission.PermissionRpc;
|
||||
import cn.iocoder.mall.systemservice.rpc.permission.dto.PermissionCheckDTO;
|
||||
import cn.iocoder.mall.web.core.util.CommonWebUtil;
|
||||
import cn.iocoder.security.annotations.RequiresNone;
|
||||
import cn.iocoder.security.annotations.RequiresPermissions;
|
||||
|
|
@ -20,12 +22,16 @@ import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
|
|||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import java.util.Arrays;
|
||||
|
||||
import static cn.iocoder.mall.systemservice.enums.SystemErrorCodeEnum.OAUTH_USER_TYPE_ERROR;
|
||||
|
||||
public class AdminSecurityInterceptor extends HandlerInterceptorAdapter {
|
||||
|
||||
@Reference(validation = "true", version = "${dubbo.consumer.OAuth2Rpc.version}")
|
||||
private OAuth2Rpc oauth2Rpc;
|
||||
@Reference(validation = "true", version = "${dubbo.consumer.PermissionRpc.version}")
|
||||
private PermissionRpc permissionRpc;
|
||||
|
||||
@Override
|
||||
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
|
||||
|
|
@ -67,7 +73,7 @@ public class AdminSecurityInterceptor extends HandlerInterceptorAdapter {
|
|||
}
|
||||
}
|
||||
|
||||
private void checkPermission(HandlerMethod handlerMethod, Integer accountId) {
|
||||
private void checkPermission(HandlerMethod handlerMethod, Integer adminId) {
|
||||
RequiresPermissions requiresPermissions = handlerMethod.getMethodAnnotation(RequiresPermissions.class);
|
||||
if (requiresPermissions == null) {
|
||||
return;
|
||||
|
|
@ -76,13 +82,9 @@ public class AdminSecurityInterceptor extends HandlerInterceptorAdapter {
|
|||
if (CollectionUtils.isEmpty(permissions)) {
|
||||
return;
|
||||
}
|
||||
// 权限验证 TODO 待完成
|
||||
// AuthorizationCheckPermissionsRequest authorizationCheckPermissionsRequest = new AuthorizationCheckPermissionsRequest()
|
||||
// .setAccountId(accountId).setPermissions(Arrays.asList(permissions));
|
||||
// CommonResult<Boolean> authorizationCheckPermissionsResult = authorizationRPC.checkPermissions(authorizationCheckPermissionsRequest);
|
||||
// if (authorizationCheckPermissionsResult.isError()) { // TODO 有一个问题点,假设 token 认证失败,但是该 url 是无需认证的,是不是一样能够执行过去?
|
||||
// throw ServiceExceptionUtil.exception(authorizationCheckPermissionsResult);
|
||||
// }
|
||||
// 权限验证
|
||||
permissionRpc.checkPermission(new PermissionCheckDTO().setAdminId(adminId).setPermissions(Arrays.asList(permissions)))
|
||||
.checkError();
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -33,21 +33,21 @@ public class AdminController {
|
|||
|
||||
@ApiOperation(value = "管理员分页")
|
||||
@GetMapping("/page")
|
||||
@RequiresPermissions("system:page")
|
||||
@RequiresPermissions("system:admin:page")
|
||||
public CommonResult<PageResult<AdminPageItemVO>> page(AdminPageDTO adminPageDTO) {
|
||||
return success(adminManager.pageAdmin(adminPageDTO));
|
||||
}
|
||||
|
||||
@ApiOperation(value = "创建管理员")
|
||||
@PostMapping("/create")
|
||||
@RequiresPermissions("admin:create")
|
||||
@RequiresPermissions("system:admin:create")
|
||||
public CommonResult<Integer> createAdmin(AdminCreateDTO createDTO, HttpServletRequest request) {
|
||||
return success(adminManager.createAdmin(createDTO, AdminSecurityContextHolder.getAdminId(), HttpUtil.getIp(request)));
|
||||
}
|
||||
|
||||
@PostMapping("/update")
|
||||
@ApiOperation(value = "更新管理员")
|
||||
@RequiresPermissions("admin:update")
|
||||
@RequiresPermissions("system:admin:update")
|
||||
public CommonResult<Boolean> updateAdmin(AdminUpdateInfoDTO updateInfoDTO) {
|
||||
adminManager.updateAdmin(updateInfoDTO);
|
||||
return success(true);
|
||||
|
|
@ -55,7 +55,7 @@ public class AdminController {
|
|||
|
||||
@PostMapping("/update-status")
|
||||
@ApiOperation(value = "更新管理员状态")
|
||||
@RequiresPermissions("admin:update-status")
|
||||
@RequiresPermissions("system:admin:update-status")
|
||||
public CommonResult<Boolean> updateUserStatus(AdminUpdateStatusDTO updateStatusDTO) {
|
||||
adminManager.updateAdminStatus(updateStatusDTO);
|
||||
return success(true);
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ import cn.iocoder.common.framework.vo.CommonResult;
|
|||
import cn.iocoder.mall.managementweb.controller.permission.dto.PermissionAssignAdminRoleDTO;
|
||||
import cn.iocoder.mall.managementweb.controller.permission.dto.PermissionAssignRoleResourceDTO;
|
||||
import cn.iocoder.mall.managementweb.manager.permission.PermissionManager;
|
||||
import cn.iocoder.security.annotations.RequiresPermissions;
|
||||
import io.swagger.annotations.Api;
|
||||
import io.swagger.annotations.ApiImplicitParam;
|
||||
import io.swagger.annotations.ApiOperation;
|
||||
|
|
@ -33,12 +34,14 @@ public class PermissionController {
|
|||
@GetMapping("/list-role-resources")
|
||||
@ApiOperation("获得角色拥有的资源编号")
|
||||
@ApiImplicitParam(name = "roleId", value = "角色编号", required = true)
|
||||
@RequiresPermissions("system:permission:assign-role-resource")
|
||||
public CommonResult<Set<Integer>> listRoleResources(Integer roleId) {
|
||||
return success(permissionManager.listRoleResources(roleId));
|
||||
}
|
||||
|
||||
@PostMapping("/assign-role-resource")
|
||||
@ApiOperation("赋予角色资源")
|
||||
@RequiresPermissions("system:permission:assign-role-resource")
|
||||
public CommonResult<Boolean> assignRoleResource(PermissionAssignRoleResourceDTO assignRoleResourceDTO) {
|
||||
permissionManager.assignRoleResource(assignRoleResourceDTO);
|
||||
return success(true);
|
||||
|
|
@ -46,6 +49,7 @@ public class PermissionController {
|
|||
|
||||
@GetMapping("/list-admin-roles")
|
||||
@ApiOperation("获得管理员拥有的角色编号列表")
|
||||
@RequiresPermissions("system:permission:assign-admin-role")
|
||||
@ApiImplicitParam(name = "adminId", value = "管理员编号", required = true)
|
||||
public CommonResult<Set<Integer>> listAdminRoles(Integer adminId) {
|
||||
return success(permissionManager.listAdminRoles(adminId));
|
||||
|
|
@ -53,6 +57,7 @@ public class PermissionController {
|
|||
|
||||
@PostMapping("/assign-admin-role")
|
||||
@ApiOperation("赋予用户角色")
|
||||
@RequiresPermissions("system:permission:assign-admin-role")
|
||||
public CommonResult<Boolean> assignAdminRole(PermissionAssignAdminRoleDTO assignAdminRoleDTO) {
|
||||
permissionManager.assignAdminRole(assignAdminRoleDTO);
|
||||
return success(true);
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ import cn.iocoder.mall.managementweb.controller.permission.vo.ResourceTreeNodeVO
|
|||
import cn.iocoder.mall.managementweb.controller.permission.vo.ResourceVO;
|
||||
import cn.iocoder.mall.managementweb.manager.permission.ResourceManager;
|
||||
import cn.iocoder.mall.security.admin.core.context.AdminSecurityContextHolder;
|
||||
import cn.iocoder.security.annotations.RequiresPermissions;
|
||||
import io.swagger.annotations.Api;
|
||||
import io.swagger.annotations.ApiImplicitParam;
|
||||
import io.swagger.annotations.ApiOperation;
|
||||
|
|
@ -33,12 +34,14 @@ public class ResourceController {
|
|||
|
||||
@PostMapping("/create")
|
||||
@ApiOperation("创建资源")
|
||||
@RequiresPermissions("system:resource:create")
|
||||
public CommonResult<Integer> createResource(@Valid ResourceCreateDTO createDTO) {
|
||||
return success(resourceManager.createResource(createDTO, AdminSecurityContextHolder.getAdminId()));
|
||||
}
|
||||
|
||||
@PostMapping("/update")
|
||||
@ApiOperation("更新资源")
|
||||
@RequiresPermissions("system:resource:update")
|
||||
public CommonResult<Boolean> updateResource(@Valid ResourceUpdateDTO updateDTO) {
|
||||
resourceManager.updateResource(updateDTO);
|
||||
return success(true);
|
||||
|
|
@ -47,6 +50,7 @@ public class ResourceController {
|
|||
@PostMapping("/delete")
|
||||
@ApiOperation("删除资源")
|
||||
@ApiImplicitParam(name = "resourceId", value = "资源编号", required = true)
|
||||
@RequiresPermissions("system:resource:delete")
|
||||
public CommonResult<Boolean> deleteResource(@RequestParam("resourceId") Integer resourceId) {
|
||||
resourceManager.deleteResource(resourceId);
|
||||
return success(true);
|
||||
|
|
@ -54,19 +58,22 @@ public class ResourceController {
|
|||
|
||||
@GetMapping("/get")
|
||||
@ApiOperation("获得资源")
|
||||
@RequiresPermissions("system:resource:tree")
|
||||
public CommonResult<ResourceVO> getResource(@RequestParam("resourceId") Integer resourceId) {
|
||||
return success(resourceManager.getResource(resourceId));
|
||||
}
|
||||
|
||||
@GetMapping("/list")
|
||||
@ApiOperation("获得资源列表")
|
||||
@ApiImplicitParam(name = "resourceId", value = "资源编号列表", required = true)
|
||||
@ApiImplicitParam(name = "resourceIds", value = "资源编号列表", required = true)
|
||||
@RequiresPermissions("system:resource:tree")
|
||||
public CommonResult<List<ResourceVO>> listResources(@RequestParam("resourceIds") List<Integer> resourceIds) {
|
||||
return success(resourceManager.listResources(resourceIds));
|
||||
}
|
||||
|
||||
@GetMapping("/tree")
|
||||
@ApiOperation("获得资源树")
|
||||
@RequiresPermissions("system:resource:tree")
|
||||
public CommonResult<List<ResourceTreeNodeVO>> treeResource() {
|
||||
return success(resourceManager.treeResource());
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ import cn.iocoder.mall.managementweb.controller.permission.dto.RoleUpdateDTO;
|
|||
import cn.iocoder.mall.managementweb.controller.permission.vo.RoleVO;
|
||||
import cn.iocoder.mall.managementweb.manager.permission.RoleManager;
|
||||
import cn.iocoder.mall.security.admin.core.context.AdminSecurityContextHolder;
|
||||
import cn.iocoder.security.annotations.RequiresPermissions;
|
||||
import io.swagger.annotations.Api;
|
||||
import io.swagger.annotations.ApiImplicitParam;
|
||||
import io.swagger.annotations.ApiOperation;
|
||||
|
|
@ -34,12 +35,14 @@ public class RoleController {
|
|||
|
||||
@PostMapping("/create")
|
||||
@ApiOperation("创建角色")
|
||||
@RequiresPermissions("system:role:create")
|
||||
public CommonResult<Integer> createRole(@Valid RoleCreateDTO createDTO) {
|
||||
return success(roleManager.createRole(createDTO, AdminSecurityContextHolder.getAdminId()));
|
||||
}
|
||||
|
||||
@PostMapping("/update")
|
||||
@ApiOperation("更新角色")
|
||||
@RequiresPermissions("system:role:update")
|
||||
public CommonResult<Boolean> updateRole(@Valid RoleUpdateDTO updateDTO) {
|
||||
roleManager.updateRole(updateDTO);
|
||||
return success(true);
|
||||
|
|
@ -48,6 +51,7 @@ public class RoleController {
|
|||
@PostMapping("/delete")
|
||||
@ApiOperation("删除角色")
|
||||
@ApiImplicitParam(name = "roleId", value = "角色编号", required = true)
|
||||
@RequiresPermissions("system:role:delete")
|
||||
public CommonResult<Boolean> deleteRole(@RequestParam("roleId") Integer roleId) {
|
||||
roleManager.deleteRole(roleId);
|
||||
return success(true);
|
||||
|
|
@ -56,12 +60,14 @@ public class RoleController {
|
|||
@GetMapping("/get")
|
||||
@ApiOperation("获得角色")
|
||||
@ApiImplicitParam(name = "roleId", value = "角色编号", required = true)
|
||||
public CommonResult<RoleVO> getRole(@RequestParam("roleId") Integer roleId) {
|
||||
@RequiresPermissions("system:admin:page")
|
||||
public CommonResult<RoleVO> role(@RequestParam("roleId") Integer roleId) {
|
||||
return success(roleManager.getRole(roleId));
|
||||
}
|
||||
|
||||
@GetMapping("/list-all")
|
||||
@ApiOperation("获得所有角色列表")
|
||||
@RequiresPermissions("system:role:page")
|
||||
public CommonResult<List<RoleVO>> listAllRoles() {
|
||||
return success(roleManager.listAllRoles());
|
||||
}
|
||||
|
|
@ -69,12 +75,14 @@ public class RoleController {
|
|||
@GetMapping("/list")
|
||||
@ApiOperation("获得角色列表")
|
||||
@ApiImplicitParam(name = "roleIds", value = "角色编号列表", required = true)
|
||||
@RequiresPermissions("system:role:page")
|
||||
public CommonResult<List<RoleVO>> listRoles(@RequestParam("roleIds") List<Integer> roleIds) {
|
||||
return success(roleManager.listRoles(roleIds));
|
||||
}
|
||||
|
||||
@GetMapping("/page")
|
||||
@ApiOperation("获得角色分页")
|
||||
@RequiresPermissions("system:role:page")
|
||||
public CommonResult<PageResult<RoleVO>> pageRole(RolePageDTO pageDTO) {
|
||||
return success(roleManager.pageRole(pageDTO));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ package cn.iocoder.mall.systemservice.rpc.permission;
|
|||
import cn.iocoder.common.framework.vo.CommonResult;
|
||||
import cn.iocoder.mall.systemservice.rpc.permission.dto.PermissionAssignAdminRoleDTO;
|
||||
import cn.iocoder.mall.systemservice.rpc.permission.dto.PermissionAssignRoleResourceDTO;
|
||||
import cn.iocoder.mall.systemservice.rpc.permission.dto.PermissionCheckDTO;
|
||||
|
||||
import java.util.Set;
|
||||
|
||||
|
|
@ -43,4 +44,14 @@ public interface PermissionRpc {
|
|||
*/
|
||||
CommonResult<Boolean> assignAdminRole(PermissionAssignAdminRoleDTO assignAdminRoleDTO);
|
||||
|
||||
/**
|
||||
* 校验管理员是否拥有指定权限。
|
||||
*
|
||||
* 如果没有,则抛出 {@link cn.iocoder.common.framework.exception.ServiceException} 异常
|
||||
*
|
||||
* @param checkDTO 校验权限 DTO
|
||||
* @return 成功
|
||||
*/
|
||||
CommonResult<Boolean> checkPermission(PermissionCheckDTO checkDTO);
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,20 +1,21 @@
|
|||
package cn.iocoder.mall.system.biz.dto.authorization;
|
||||
package cn.iocoder.mall.systemservice.rpc.permission.dto;
|
||||
|
||||
import lombok.Data;
|
||||
import lombok.experimental.Accessors;
|
||||
|
||||
import javax.validation.constraints.NotNull;
|
||||
import java.io.Serializable;
|
||||
import java.util.Collection;
|
||||
|
||||
/**
|
||||
* 授权模块 - 校验账号是否有权限 DTO
|
||||
* 权限校验 DTO
|
||||
*/
|
||||
@Data
|
||||
@Accessors(chain = true)
|
||||
public class AuthorizationCheckPermissionsDTO {
|
||||
public class PermissionCheckDTO implements Serializable {
|
||||
|
||||
@NotNull(message = "账号编号不能为空")
|
||||
private Integer accountId;
|
||||
@NotNull(message = "管理员编号不能为空")
|
||||
private Integer adminId;
|
||||
@NotNull(message = "权限不能为空")
|
||||
private Collection<String> permissions;
|
||||
|
||||
|
|
@ -1,8 +1,11 @@
|
|||
package cn.iocoder.mall.systemservice.manager.permission;
|
||||
|
||||
import cn.hutool.core.collection.CollectionUtil;
|
||||
import cn.iocoder.common.framework.util.CollectionUtils;
|
||||
import cn.iocoder.common.framework.util.ServiceExceptionUtil;
|
||||
import cn.iocoder.mall.systemservice.rpc.permission.dto.PermissionAssignAdminRoleDTO;
|
||||
import cn.iocoder.mall.systemservice.rpc.permission.dto.PermissionAssignRoleResourceDTO;
|
||||
import cn.iocoder.mall.systemservice.rpc.permission.dto.PermissionCheckDTO;
|
||||
import cn.iocoder.mall.systemservice.service.permission.PermissionService;
|
||||
import cn.iocoder.mall.systemservice.service.permission.ResourceService;
|
||||
import cn.iocoder.mall.systemservice.service.permission.RoleService;
|
||||
|
|
@ -13,6 +16,8 @@ import org.springframework.stereotype.Service;
|
|||
import java.util.Collections;
|
||||
import java.util.Set;
|
||||
|
||||
import static cn.iocoder.mall.systemservice.enums.SystemErrorCodeEnum.AUTHORIZATION_PERMISSION_DENY;
|
||||
|
||||
/**
|
||||
* 权限 Manager
|
||||
*/
|
||||
|
|
@ -69,5 +74,25 @@ public class PermissionManager {
|
|||
permissionService.assignAdminRole(assignAdminRoleDTO.getAdminId(), assignAdminRoleDTO.getRoleIds());
|
||||
}
|
||||
|
||||
/**
|
||||
* 校验管理员是否拥有指定权限。
|
||||
*
|
||||
* 如果没有,则抛出 {@link cn.iocoder.common.framework.exception.ServiceException} 异常
|
||||
*
|
||||
* @param checkDTO 校验权限 DTO
|
||||
*/
|
||||
public void checkPermission(PermissionCheckDTO checkDTO) {
|
||||
// 查询管理员拥有的角色关联数据
|
||||
Set<Integer> roleIds = permissionService.listAdminRoleIds(checkDTO.getAdminId());
|
||||
if (CollectionUtil.isEmpty(roleIds)) { // 如果没有角色,默认无法访问
|
||||
throw ServiceExceptionUtil.exception(AUTHORIZATION_PERMISSION_DENY);
|
||||
}
|
||||
// 判断是否为超管。若是超管,默认有所有权限
|
||||
if (roleService.hasSuperAdmin(roleIds)) {
|
||||
return;
|
||||
}
|
||||
// 校验权限
|
||||
permissionService.checkPermission(roleIds, checkDTO.getPermissions());
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ import cn.iocoder.common.framework.vo.CommonResult;
|
|||
import cn.iocoder.mall.systemservice.manager.permission.PermissionManager;
|
||||
import cn.iocoder.mall.systemservice.rpc.permission.dto.PermissionAssignAdminRoleDTO;
|
||||
import cn.iocoder.mall.systemservice.rpc.permission.dto.PermissionAssignRoleResourceDTO;
|
||||
import cn.iocoder.mall.systemservice.rpc.permission.dto.PermissionCheckDTO;
|
||||
import org.apache.dubbo.config.annotation.Service;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
|
||||
|
|
@ -42,4 +43,10 @@ public class PermissionRpcImpl implements PermissionRpc {
|
|||
return success(true);
|
||||
}
|
||||
|
||||
@Override
|
||||
public CommonResult<Boolean> checkPermission(PermissionCheckDTO checkDTO) {
|
||||
permissionManager.checkPermission(checkDTO);
|
||||
return success(true);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ import cn.iocoder.common.framework.util.CollectionUtils;
|
|||
import cn.iocoder.common.framework.util.ServiceExceptionUtil;
|
||||
import cn.iocoder.mall.systemservice.dal.mysql.dataobject.admin.AdminDO;
|
||||
import cn.iocoder.mall.systemservice.dal.mysql.dataobject.permission.AdminRoleDO;
|
||||
import cn.iocoder.mall.systemservice.dal.mysql.dataobject.permission.ResourceDO;
|
||||
import cn.iocoder.mall.systemservice.dal.mysql.dataobject.permission.RoleDO;
|
||||
import cn.iocoder.mall.systemservice.dal.mysql.dataobject.permission.RoleResourceDO;
|
||||
import cn.iocoder.mall.systemservice.dal.mysql.mapper.admin.AdminMapper;
|
||||
|
|
@ -12,11 +13,14 @@ import cn.iocoder.mall.systemservice.dal.mysql.mapper.permission.AdminRoleMapper
|
|||
import cn.iocoder.mall.systemservice.dal.mysql.mapper.permission.ResourceMapper;
|
||||
import cn.iocoder.mall.systemservice.dal.mysql.mapper.permission.RoleMapper;
|
||||
import cn.iocoder.mall.systemservice.dal.mysql.mapper.permission.RoleResourceMapper;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
|
|
@ -26,6 +30,7 @@ import static cn.iocoder.mall.systemservice.enums.SystemErrorCodeEnum.*;
|
|||
* 权限 Service
|
||||
*/
|
||||
@Service
|
||||
@Slf4j
|
||||
public class PermissionService {
|
||||
|
||||
@Autowired
|
||||
|
|
@ -122,4 +127,26 @@ public class PermissionService {
|
|||
return CollectionUtils.convertSet(adminRoleDOs, AdminRoleDO::getRoleId);
|
||||
}
|
||||
|
||||
public void checkPermission(Collection<Integer> roleIds, Collection<String> permissions) {
|
||||
// 查询权限对应资源
|
||||
List<ResourceDO> resourceBOs = resourceMapper.selectListByPermissions(permissions);
|
||||
if (CollectionUtil.isEmpty(resourceBOs)) { // 无对应资源,则认为无需权限验证
|
||||
log.warn("[checkPermission][permission({}) 未配置对应资源]", permissions);
|
||||
return;
|
||||
}
|
||||
Set<Integer> permissionIds = CollectionUtils.convertSet(resourceBOs, ResourceDO::getId);
|
||||
// 权限验证
|
||||
List<RoleResourceDO> roleResourceDOs = roleResourceMapper.selectListByResourceIds(permissionIds);
|
||||
if (CollectionUtil.isEmpty(roleResourceDOs)) { // 资源未授予任何角色,必然权限验证不通过
|
||||
throw ServiceExceptionUtil.exception(AUTHORIZATION_PERMISSION_DENY);
|
||||
}
|
||||
Map<Integer, List<Integer>> resourceRoleMap = CollectionUtils.convertMultiMap(roleResourceDOs,
|
||||
RoleResourceDO::getResourceId, RoleResourceDO::getRoleId);
|
||||
for (Map.Entry<Integer, List<Integer>> entry : resourceRoleMap.entrySet()) {
|
||||
if (!CollectionUtil.containsAny(roleIds, entry.getValue())) { // 所以有任一不满足,就验证失败,抛出异常
|
||||
throw ServiceExceptionUtil.exception(AUTHORIZATION_PERMISSION_DENY);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,14 +1,6 @@
|
|||
package cn.iocoder.mall.system.biz.service.authorization;
|
||||
|
||||
import cn.iocoder.common.framework.exception.ServiceException;
|
||||
import cn.iocoder.mall.system.biz.bo.authorization.ResourceBO;
|
||||
import cn.iocoder.mall.system.biz.bo.authorization.ResourceTreeNodeBO;
|
||||
import cn.iocoder.mall.system.biz.bo.authorization.RoleBO;
|
||||
import cn.iocoder.mall.system.biz.dto.authorization.*;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
import cn.iocoder.mall.system.biz.dto.authorization.AuthorizationCheckPermissionsDTO;
|
||||
|
||||
/**
|
||||
* 授权模块 - Service 接口
|
||||
|
|
@ -22,41 +14,4 @@ public interface AuthorizationService {
|
|||
*/
|
||||
void checkPermissions(AuthorizationCheckPermissionsDTO checkPermissionsDTO);
|
||||
|
||||
/**
|
||||
* 获得指定账号的资源列表
|
||||
*
|
||||
* 如果该账号为超级管理员,则返回所有资源
|
||||
*
|
||||
* @param getResourcesByAccountIdDTO 查询条件 DTO
|
||||
* @return 资源列表
|
||||
*/
|
||||
List<ResourceBO> getResourcesByAccountId(AuthorizationGetResourcesByAccountIdDTO getResourcesByAccountIdDTO);
|
||||
|
||||
/**
|
||||
* 获得每个账号拥有的角色集合
|
||||
*
|
||||
* @param getRoleMapByAccountIdsDTO 查询条件 DTO
|
||||
* @return <账号编号, <RoleBO>>
|
||||
*/
|
||||
Map<Integer, Set<RoleBO>> getRoleMapByAccountIds(AuthorizationGetRoleMapByAccountIdsDTO getRoleMapByAccountIdsDTO);
|
||||
|
||||
/**
|
||||
* 获得指定账号的资源树
|
||||
*
|
||||
* 如果该账号为超级管理员,则返回所有资源
|
||||
*
|
||||
* @param getResourceTreeByAccountIdDTO 查询条件 DTO
|
||||
* @return 资源树
|
||||
*/
|
||||
List<ResourceTreeNodeBO> getResourceTreeByAccountId(AuthorizationGetResourcesByAccountIdDTO getResourceTreeByAccountIdDTO);
|
||||
|
||||
/**
|
||||
* 获得指定角色拥有的资源编号集合
|
||||
*
|
||||
* @param getRoleResourcesDTO 查询条件 DTO
|
||||
* @return 资源编号数集合
|
||||
*/
|
||||
Set<Integer> getRoleResources(AuthorizationGetRoleResourcesDTO getRoleResourcesDTO);
|
||||
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -30,48 +30,6 @@ import static cn.iocoder.mall.system.biz.enums.SystemErrorCodeEnum.AUTHORIZATION
|
|||
@Slf4j
|
||||
public class AuthorizationServiceImpl implements AuthorizationService {
|
||||
|
||||
@Autowired
|
||||
private AccountRoleMapper accountRoleMapper;
|
||||
@Autowired
|
||||
private RoleResourceMapper roleResourceMapper;
|
||||
|
||||
@Autowired
|
||||
private RoleService roleService;
|
||||
@Autowired
|
||||
private ResourceService resourceService;
|
||||
|
||||
@Override
|
||||
public void checkPermissions(AuthorizationCheckPermissionsDTO checkPermissionsDTO) {
|
||||
// 查询管理员拥有的角色关联数据
|
||||
List<AccountRoleDO> accountRoleDOs = accountRoleMapper.selectByAccountId(checkPermissionsDTO.getAccountId());
|
||||
if (CollectionUtil.isEmpty(accountRoleDOs)) { // 如果没有角色,默认无法访问
|
||||
throw ServiceExceptionUtil.exception(AUTHORIZATION_PERMISSION_DENY);
|
||||
}
|
||||
Set<Integer> roleIds = CollectionUtil.convertSet(accountRoleDOs, AccountRoleDO::getRoleId);
|
||||
// 判断是否为超管。若是超管,默认有所有权限
|
||||
if (roleService.hasSuperAdmin(roleIds)) {
|
||||
return;
|
||||
}
|
||||
// 查询权限对应资源
|
||||
List<ResourceBO> resourceBOs = resourceService.getResourcesByPermissions(checkPermissionsDTO.getPermissions());
|
||||
if (CollectionUtil.isEmpty(resourceBOs)) { // 无对应资源,则认为无需权限验证
|
||||
log.warn("[checkPermissions][permission({}) 未配置对应资源]", checkPermissionsDTO.getPermissions());
|
||||
return;
|
||||
}
|
||||
Set<Integer> permissionIds = CollectionUtil.convertSet(resourceBOs, ResourceBO::getId);
|
||||
// 权限验证
|
||||
List<RoleResourceDO> roleResourceDOs = roleResourceMapper.selectListByResourceIds(permissionIds);
|
||||
if (CollectionUtil.isEmpty(roleResourceDOs)) { // 资源未授予任何角色,必然权限验证不通过
|
||||
throw ServiceExceptionUtil.exception(AUTHORIZATION_PERMISSION_DENY);
|
||||
}
|
||||
Map<Integer, List<Integer>> resourceRoleMap = CollectionUtil.convertMultiMap(roleResourceDOs,
|
||||
RoleResourceDO::getResourceId, RoleResourceDO::getRoleId);
|
||||
for (Map.Entry<Integer, List<Integer>> entry : resourceRoleMap.entrySet()) {
|
||||
if (!CollectionUtil.containsAny(roleIds, entry.getValue())) { // 所以有任一不满足,就验证失败,抛出异常
|
||||
throw ServiceExceptionUtil.exception(AUTHORIZATION_PERMISSION_DENY);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@EventListener
|
||||
public void handleResourceDeleteEvent(ResourceDeleteEvent event) {
|
||||
|
|
|
|||
|
|
@ -1,10 +0,0 @@
|
|||
package cn.iocoder.mall.system.rpc.api.authorization;
|
||||
|
||||
import cn.iocoder.common.framework.vo.CommonResult;
|
||||
import cn.iocoder.mall.system.rpc.request.authorization.AuthorizationCheckPermissionsRequest;
|
||||
|
||||
public interface AuthorizationRPC {
|
||||
|
||||
CommonResult<Boolean> checkPermissions(AuthorizationCheckPermissionsRequest checkPermissionsRequest);
|
||||
|
||||
}
|
||||
|
|
@ -1,22 +0,0 @@
|
|||
package cn.iocoder.mall.system.rpc.request.authorization;
|
||||
|
||||
import lombok.Data;
|
||||
import lombok.experimental.Accessors;
|
||||
|
||||
import javax.validation.constraints.NotNull;
|
||||
import java.io.Serializable;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* 授权模块 - 校验账号是否有权限 Request
|
||||
*/
|
||||
@Data
|
||||
@Accessors(chain = true)
|
||||
public class AuthorizationCheckPermissionsRequest implements Serializable {
|
||||
|
||||
@NotNull(message = "账号不能为空")
|
||||
private Integer accountId;
|
||||
@NotNull(message = "校验的权限不能为空")
|
||||
private List<String> permissions;
|
||||
|
||||
}
|
||||
|
|
@ -1,52 +0,0 @@
|
|||
package cn.iocoder.mall.system.api;
|
||||
|
||||
import cn.iocoder.common.framework.vo.PageResult;
|
||||
import cn.iocoder.mall.system.api.bo.admin.AdminBO;
|
||||
import cn.iocoder.mall.system.api.bo.role.RoleBO;
|
||||
import cn.iocoder.mall.system.api.dto.admin.*;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* 管理员 Service 接口
|
||||
*/
|
||||
public interface AdminService {
|
||||
|
||||
PageResult<AdminBO> getAdminPage(AdminPageDTO adminPageDTO);
|
||||
|
||||
AdminBO addAdmin(Integer adminId, AdminAddDTO adminAddDTO);
|
||||
|
||||
Boolean updateAdmin(Integer adminId, AdminUpdateDTO adminUpdateDTO);
|
||||
|
||||
Boolean updateAdminStatus(Integer adminId, AdminUpdateStatusDTO adminUpdateStatusDTO);
|
||||
|
||||
Boolean deleteAdmin(Integer adminId, Integer updateAdminId);
|
||||
|
||||
/**
|
||||
* 批量查询每个管理员拥有的角色
|
||||
*
|
||||
* @param adminIds 管理员编号数组
|
||||
* @return 每个管理员拥有的角色
|
||||
*/
|
||||
Map<Integer, Collection<RoleBO>> getAdminRolesMap(Collection<Integer> adminIds);
|
||||
|
||||
/**
|
||||
* 获得指定管理员拥有的角色数组
|
||||
*
|
||||
* @param adminId 指定管理员
|
||||
* @return 角色编号数组
|
||||
*/
|
||||
List<RoleBO> getRoleList(Integer adminId);
|
||||
|
||||
/**
|
||||
* 分配管理员角色
|
||||
*
|
||||
* @param adminId 操作管理员编号
|
||||
* @param adminAssignRoleDTO 分配信息
|
||||
* @return 是否成功。目前,默认返回 true
|
||||
*/
|
||||
Boolean assignAdminRole(Integer adminId, AdminAssignRoleDTO adminAssignRoleDTO);
|
||||
|
||||
}
|
||||
|
|
@ -1,14 +0,0 @@
|
|||
package cn.iocoder.mall.system.api;
|
||||
|
||||
import cn.iocoder.mall.system.api.bo.role.RoleBO;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
public interface RoleService {
|
||||
|
||||
/**
|
||||
* @return 返回角色列表
|
||||
*/
|
||||
List<RoleBO> getRoleList();
|
||||
|
||||
}
|
||||
|
|
@ -1,22 +0,0 @@
|
|||
package cn.iocoder.mall.system.api.bo.admin;
|
||||
|
||||
import cn.iocoder.mall.system.api.bo.oauth2.OAuth2AccessTokenBO;
|
||||
import io.swagger.annotations.ApiModel;
|
||||
import io.swagger.annotations.ApiModelProperty;
|
||||
import lombok.Data;
|
||||
import lombok.experimental.Accessors;
|
||||
|
||||
@ApiModel("管理员认证 BO")
|
||||
@Data
|
||||
@Accessors(chain = true)
|
||||
public class AdminAuthenticationBO {
|
||||
|
||||
@ApiModelProperty(value = "管理员编号", required = true, example = "1")
|
||||
private Integer id;
|
||||
|
||||
@ApiModelProperty(value = "昵称", required = true, example = "小王")
|
||||
private String nickname;
|
||||
|
||||
private OAuth2AccessTokenBO token;
|
||||
|
||||
}
|
||||
|
|
@ -1,25 +0,0 @@
|
|||
package cn.iocoder.mall.system.api.bo.admin;
|
||||
|
||||
import io.swagger.annotations.ApiModel;
|
||||
import io.swagger.annotations.ApiModelProperty;
|
||||
import lombok.Data;
|
||||
import lombok.experimental.Accessors;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.util.Set;
|
||||
|
||||
@ApiModel("管理员授权 BO")
|
||||
@Data
|
||||
@Accessors(chain = true)
|
||||
public class AdminAuthorizationBO implements Serializable {
|
||||
|
||||
@ApiModelProperty(value = "管理员编号", required = true, example = "1")
|
||||
private Integer id;
|
||||
|
||||
@ApiModelProperty(value = "登陆账号", required = true, example = "1")
|
||||
private String username;
|
||||
|
||||
@ApiModelProperty(value = "角色编号数组", required = true, example = "1")
|
||||
private Set<Integer> roleIds;
|
||||
|
||||
}
|
||||
|
|
@ -1,35 +0,0 @@
|
|||
package cn.iocoder.mall.system.api.bo.admin;
|
||||
|
||||
import io.swagger.annotations.ApiModel;
|
||||
import io.swagger.annotations.ApiModelProperty;
|
||||
import lombok.Data;
|
||||
import lombok.experimental.Accessors;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.util.Date;
|
||||
|
||||
@ApiModel("管理员 BO")
|
||||
@Data
|
||||
@Accessors(chain = true)
|
||||
public class AdminBO implements Serializable {
|
||||
|
||||
@ApiModelProperty(value = "管理员编号", required = true, example = "1")
|
||||
private Integer id;
|
||||
|
||||
@ApiModelProperty(value = "登陆账号", required = true, example = "15601691300")
|
||||
private String username;
|
||||
|
||||
@ApiModelProperty(value = "昵称", required = true, example = "小王")
|
||||
private String nickname;
|
||||
|
||||
@ApiModelProperty(value = "账号状态", required = true, example = "1", notes = "见 CommonStatusEnum 枚举")
|
||||
private Integer status;
|
||||
|
||||
@ApiModelProperty(value = "创建时间", required = true, example = "时间戳格式")
|
||||
private Date createTime;
|
||||
|
||||
// TODO FROM 芋艿 to :参数命名不正确。
|
||||
@ApiModelProperty(value = "部门ID", required = true, example = "1")
|
||||
private Integer deptmentId;
|
||||
|
||||
}
|
||||
|
|
@ -1,25 +0,0 @@
|
|||
package cn.iocoder.mall.system.api.bo.admin;
|
||||
|
||||
import lombok.Data;
|
||||
import lombok.experimental.Accessors;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* 管理员分页 BO
|
||||
*/
|
||||
@Data
|
||||
@Accessors(chain = true)
|
||||
public class AdminPageBO implements Serializable {
|
||||
|
||||
/**
|
||||
* 管理员数组
|
||||
*/
|
||||
private List<AdminBO> list;
|
||||
/**
|
||||
* 总量
|
||||
*/
|
||||
private Integer total;
|
||||
|
||||
}
|
||||
|
|
@ -1,24 +0,0 @@
|
|||
package cn.iocoder.mall.system.api.bo.oauth2;
|
||||
|
||||
import io.swagger.annotations.ApiModel;
|
||||
import io.swagger.annotations.ApiModelProperty;
|
||||
import lombok.Data;
|
||||
import lombok.experimental.Accessors;
|
||||
|
||||
import java.io.Serializable;
|
||||
|
||||
@ApiModel("OAuth2 Token 信息 BO")
|
||||
@Data
|
||||
@Accessors(chain = true)
|
||||
public class OAuth2AccessTokenBO implements Serializable {
|
||||
|
||||
@ApiModelProperty(value = "accessToken", required = true, example = "001e8f49b20e47f7b3a2de774497cd50")
|
||||
private String accessToken;
|
||||
|
||||
@ApiModelProperty(value = "refreshToken", required = true, example = "001e8f49b20e47f7b3a2de774497cd50")
|
||||
private String refreshToken;
|
||||
|
||||
@ApiModelProperty(value = "过期时间,单位:秒", required = true, example = "1024")
|
||||
private Integer expiresIn;
|
||||
|
||||
}
|
||||
|
|
@ -1,21 +0,0 @@
|
|||
package cn.iocoder.mall.system.api.bo.oauth2;
|
||||
|
||||
import io.swagger.annotations.ApiModel;
|
||||
import io.swagger.annotations.ApiModelProperty;
|
||||
import lombok.Data;
|
||||
import lombok.experimental.Accessors;
|
||||
|
||||
import java.io.Serializable;
|
||||
|
||||
@ApiModel("OAUTH2 认证 BO")
|
||||
@Data
|
||||
@Accessors(chain = true)
|
||||
public class OAuth2AuthenticationBO implements Serializable {
|
||||
|
||||
@ApiModelProperty(value = "用户编号", required = true, example = "1")
|
||||
private Integer userId;
|
||||
|
||||
@ApiModelProperty(value = "用户类型", required = true, example = "1", notes = "参考 UserTypeEnum 枚举")
|
||||
private Integer userType;
|
||||
|
||||
}
|
||||
|
|
@ -1,44 +0,0 @@
|
|||
package cn.iocoder.mall.system.api.bo.resource;
|
||||
|
||||
import io.swagger.annotations.ApiModel;
|
||||
import io.swagger.annotations.ApiModelProperty;
|
||||
import lombok.Data;
|
||||
import lombok.experimental.Accessors;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.util.Date;
|
||||
import java.util.List;
|
||||
|
||||
@ApiModel("资源 BO")
|
||||
@Data
|
||||
@Accessors(chain = true)
|
||||
public class ResourceBO implements Serializable {
|
||||
|
||||
@ApiModelProperty(value = "资源编号", required = true, example = "1")
|
||||
private Integer id;
|
||||
|
||||
@ApiModelProperty(value = "资源类型", required = true, example = "1")
|
||||
private Integer type;
|
||||
|
||||
@ApiModelProperty(value = "排序", required = true, example = "1")
|
||||
private Integer sort;
|
||||
|
||||
@ApiModelProperty(value = "菜单展示名", required = true, example = "商品管理")
|
||||
private String displayName;
|
||||
|
||||
@ApiModelProperty(value = "父级资源编号", required = true, example = "1", notes = "如果无父资源,则值为 0")
|
||||
private Integer pid;
|
||||
|
||||
@ApiModelProperty(value = "操作", required = true, example = "/order/list")
|
||||
private String handler;
|
||||
|
||||
@ApiModelProperty(value = "图标", example = "add")
|
||||
private String icon;
|
||||
|
||||
@ApiModelProperty(value = "权限标识数组", example = "system.order.add,system.order.update")
|
||||
private List<String> permissions;
|
||||
|
||||
@ApiModelProperty(value = "创建时间", required = true, example = "时间戳格式")
|
||||
private Date createTime;
|
||||
|
||||
}
|
||||
|
|
@ -1,29 +0,0 @@
|
|||
package cn.iocoder.mall.system.api.bo.role;
|
||||
|
||||
import lombok.Data;
|
||||
import lombok.experimental.Accessors;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.util.Date;
|
||||
|
||||
/**
|
||||
* 角色 BO
|
||||
*/
|
||||
@Data
|
||||
@Accessors(chain = true)
|
||||
public class RoleBO implements Serializable {
|
||||
|
||||
/**
|
||||
* 角色编号
|
||||
*/
|
||||
private Integer id;
|
||||
/**
|
||||
* 角色名字
|
||||
*/
|
||||
private String name;
|
||||
/**
|
||||
* 添加时间
|
||||
*/
|
||||
private Date createTime;
|
||||
|
||||
}
|
||||
|
|
@ -1,23 +0,0 @@
|
|||
package cn.iocoder.mall.system.api.dto.admin;
|
||||
|
||||
import io.swagger.annotations.ApiModel;
|
||||
import io.swagger.annotations.ApiModelProperty;
|
||||
import lombok.Data;
|
||||
import lombok.experimental.Accessors;
|
||||
|
||||
import javax.validation.constraints.NotNull;
|
||||
import java.util.Set;
|
||||
|
||||
@ApiModel("管理员分配角色 DTO")
|
||||
@Data
|
||||
@Accessors(chain = true)
|
||||
public class AdminAssignRoleDTO {
|
||||
|
||||
@ApiModelProperty(value = "管理员编号", required = true, example = "1")
|
||||
@NotNull(message = "管理员编号不能为空")
|
||||
private Integer id;
|
||||
|
||||
@ApiModelProperty(value = "角色编号数组", example = "1")
|
||||
private Set<Integer> roleIds;
|
||||
|
||||
}
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
package cn.iocoder.mall.system.api.dto.oauth2;
|
||||
|
||||
import cn.iocoder.common.framework.validator.InEnum;
|
||||
import cn.iocoder.mall.system.api.constant.ResourceTypeEnum;
|
||||
import io.swagger.annotations.ApiModel;
|
||||
import io.swagger.annotations.ApiModelProperty;
|
||||
import lombok.Data;
|
||||
import lombok.experimental.Accessors;
|
||||
|
||||
import javax.validation.constraints.NotNull;
|
||||
import java.io.Serializable;
|
||||
|
||||
@ApiModel("OAuth2 创建 Token DTO")
|
||||
@Data
|
||||
@Accessors(chain = true)
|
||||
public class OAuth2CreateTokenDTO implements Serializable {
|
||||
|
||||
@ApiModelProperty(value = "用户编号", required = true, example = "1")
|
||||
@NotNull(message = "用户编号不能为空")
|
||||
private Integer userId;
|
||||
|
||||
@ApiModelProperty(value = "用户类型", required = true, example = "1", notes = "参见 ResourceTypeEnum 枚举")
|
||||
@NotNull(message = "用户类型不能为空")
|
||||
@InEnum(value = ResourceTypeEnum.class, message = "用户类型必须是 {value}")
|
||||
private Integer userType;
|
||||
|
||||
}
|
||||
|
|
@ -1,28 +0,0 @@
|
|||
package cn.iocoder.mall.system.api.dto.oauth2;
|
||||
|
||||
import cn.iocoder.common.framework.validator.InEnum;
|
||||
import cn.iocoder.mall.system.api.constant.ResourceTypeEnum;
|
||||
import io.swagger.annotations.ApiModel;
|
||||
import io.swagger.annotations.ApiModelProperty;
|
||||
import lombok.Data;
|
||||
import lombok.experimental.Accessors;
|
||||
|
||||
import javax.validation.constraints.NotEmpty;
|
||||
import javax.validation.constraints.NotNull;
|
||||
import java.io.Serializable;
|
||||
|
||||
@ApiModel("OAuth2 身份验证 DTO")
|
||||
@Data
|
||||
@Accessors(chain = true)
|
||||
public class OAuth2GetTokenDTO implements Serializable {
|
||||
|
||||
@ApiModelProperty(value = "accessToken", required = true, example = "001e8f49b20e47f7b3a2de774497cd50")
|
||||
@NotEmpty(message = "accessToken 不能为空")
|
||||
private String accessToken;
|
||||
|
||||
@ApiModelProperty(value = "用户类型", required = true, example = "1", notes = "参见 ResourceTypeEnum 枚举")
|
||||
@NotNull(message = "用户类型不能为空")
|
||||
@InEnum(value = ResourceTypeEnum.class, message = "用户类型必须是 {value}")
|
||||
private Integer userType;
|
||||
|
||||
}
|
||||
|
|
@ -1,28 +0,0 @@
|
|||
package cn.iocoder.mall.system.api.dto.oauth2;
|
||||
|
||||
import cn.iocoder.common.framework.validator.InEnum;
|
||||
import cn.iocoder.mall.system.api.constant.ResourceTypeEnum;
|
||||
import io.swagger.annotations.ApiModel;
|
||||
import io.swagger.annotations.ApiModelProperty;
|
||||
import lombok.Data;
|
||||
import lombok.experimental.Accessors;
|
||||
|
||||
import javax.validation.constraints.NotEmpty;
|
||||
import javax.validation.constraints.NotNull;
|
||||
import java.io.Serializable;
|
||||
|
||||
@ApiModel("OAuth2 刷新 Token DTO")
|
||||
@Data
|
||||
@Accessors(chain = true)
|
||||
public class OAuth2RefreshTokenDTO implements Serializable {
|
||||
|
||||
@ApiModelProperty(value = "refreshToken", required = true, example = "001e8f49b20e47f7b3a2de774497cd50")
|
||||
@NotEmpty(message = "refreshToken 不能为空")
|
||||
private String refreshToken;
|
||||
|
||||
@ApiModelProperty(value = "用户类型", required = true, example = "1", notes = "参见 ResourceTypeEnum 枚举")
|
||||
@NotNull(message = "用户类型不能为空")
|
||||
@InEnum(value = ResourceTypeEnum.class, message = "用户类型必须是 {value}")
|
||||
private Integer userType;
|
||||
|
||||
}
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
package cn.iocoder.mall.system.api.dto.oauth2;
|
||||
|
||||
import cn.iocoder.common.framework.validator.InEnum;
|
||||
import cn.iocoder.mall.system.api.constant.ResourceTypeEnum;
|
||||
import io.swagger.annotations.ApiModel;
|
||||
import io.swagger.annotations.ApiModelProperty;
|
||||
import lombok.Data;
|
||||
import lombok.experimental.Accessors;
|
||||
|
||||
import javax.validation.constraints.NotNull;
|
||||
import java.io.Serializable;
|
||||
|
||||
@ApiModel("OAuth2 移除 Token DTO")
|
||||
@Data
|
||||
@Accessors(chain = true)
|
||||
public class OAuth2RemoveTokenByUserDTO implements Serializable {
|
||||
|
||||
@ApiModelProperty(value = "用户编号", required = true, example = "1")
|
||||
@NotNull(message = "用户编号不能为空")
|
||||
private Integer userId;
|
||||
|
||||
@ApiModelProperty(value = "用户类型", required = true, example = "1", notes = "参见 ResourceTypeEnum 枚举")
|
||||
@NotNull(message = "用户类型不能为空")
|
||||
@InEnum(value = ResourceTypeEnum.class, message = "用户类型必须是 {value}")
|
||||
private Integer userType;
|
||||
|
||||
}
|
||||
|
|
@ -1,20 +0,0 @@
|
|||
package cn.iocoder.mall.system.api.dto.role;
|
||||
|
||||
import io.swagger.annotations.ApiModel;
|
||||
import io.swagger.annotations.ApiModelProperty;
|
||||
import lombok.Data;
|
||||
import lombok.experimental.Accessors;
|
||||
|
||||
import javax.validation.constraints.NotEmpty;
|
||||
import java.io.Serializable;
|
||||
|
||||
@ApiModel("角色添加 DTO")
|
||||
@Data
|
||||
@Accessors(chain = true)
|
||||
public class RoleAddDTO implements Serializable {
|
||||
|
||||
@ApiModelProperty(name = "name", value = "角色名字(标识)", required = true, example = "系统管理员")
|
||||
@NotEmpty(message = "角色名字不能为空")
|
||||
private String name;
|
||||
|
||||
}
|
||||
|
|
@ -1,23 +0,0 @@
|
|||
package cn.iocoder.mall.system.api.dto.role;
|
||||
|
||||
import io.swagger.annotations.ApiModel;
|
||||
import io.swagger.annotations.ApiModelProperty;
|
||||
import lombok.Data;
|
||||
import lombok.experimental.Accessors;
|
||||
|
||||
import javax.validation.constraints.NotNull;
|
||||
import java.util.Set;
|
||||
|
||||
@ApiModel("角色分配资源 DTO")
|
||||
@Data
|
||||
@Accessors(chain = true)
|
||||
public class RoleAssignResourceDTO {
|
||||
|
||||
@ApiModelProperty(value = "角色编号", required = true, example = "1")
|
||||
@NotNull(message = "角色编号不能为空")
|
||||
private Integer id;
|
||||
|
||||
@ApiModelProperty(value = "资源编号数组", example = "1,2")
|
||||
private Set<Integer> resourceIds;
|
||||
|
||||
}
|
||||
|
|
@ -1,25 +0,0 @@
|
|||
package cn.iocoder.mall.system.api.dto.role;
|
||||
|
||||
import io.swagger.annotations.ApiModel;
|
||||
import io.swagger.annotations.ApiModelProperty;
|
||||
import lombok.Data;
|
||||
import lombok.experimental.Accessors;
|
||||
|
||||
import javax.validation.constraints.NotEmpty;
|
||||
import javax.validation.constraints.NotNull;
|
||||
import java.io.Serializable;
|
||||
|
||||
@ApiModel("角色添加 DTO")
|
||||
@Data
|
||||
@Accessors(chain = true)
|
||||
public class RoleUpdateDTO implements Serializable {
|
||||
|
||||
@ApiModelProperty(value = "角色编号", required = true, example = "1")
|
||||
@NotNull(message = "角色编号不能为空")
|
||||
private Integer id;
|
||||
|
||||
@ApiModelProperty(value = "角色名", required = true, example = "系统管理员")
|
||||
@NotEmpty(message = "角色名字不能为空")
|
||||
private String name;
|
||||
|
||||
}
|
||||
|
|
@ -1,55 +0,0 @@
|
|||
package cn.iocoder.mall.system.application.controller.admins;
|
||||
|
||||
import cn.iocoder.common.framework.enums.MallConstants;
|
||||
import cn.iocoder.common.framework.util.CollectionUtil;
|
||||
import cn.iocoder.common.framework.vo.CommonResult;
|
||||
import cn.iocoder.common.framework.vo.PageResult;
|
||||
import cn.iocoder.mall.system.api.AdminService;
|
||||
import cn.iocoder.mall.system.api.DeptmentService;
|
||||
import cn.iocoder.mall.system.api.ResourceService;
|
||||
import cn.iocoder.mall.system.api.RoleService;
|
||||
import cn.iocoder.mall.system.api.bo.deptment.DeptmentBO;
|
||||
import cn.iocoder.mall.system.api.bo.resource.ResourceBO;
|
||||
import cn.iocoder.mall.system.api.bo.role.RoleBO;
|
||||
import cn.iocoder.mall.system.api.bo.admin.AdminBO;
|
||||
import cn.iocoder.mall.system.api.constant.ResourceConstants;
|
||||
import cn.iocoder.mall.system.api.dto.admin.*;
|
||||
import cn.iocoder.mall.system.application.convert.AdminConvert;
|
||||
import cn.iocoder.mall.system.application.convert.ResourceConvert;
|
||||
import cn.iocoder.mall.system.application.vo.admin.AdminMenuTreeNodeVO;
|
||||
import cn.iocoder.mall.system.application.vo.admin.AdminRoleVO;
|
||||
import cn.iocoder.mall.system.application.vo.admin.AdminVO;
|
||||
import cn.iocoder.mall.system.sdk.annotation.RequiresPermissions;
|
||||
import cn.iocoder.mall.system.sdk.context.AdminSecurityContextHolder;
|
||||
import io.swagger.annotations.Api;
|
||||
import io.swagger.annotations.ApiImplicitParam;
|
||||
import io.swagger.annotations.ApiOperation;
|
||||
import org.apache.dubbo.config.annotation.Reference;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
|
||||
import java.util.*;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import static cn.iocoder.common.framework.vo.CommonResult.success;
|
||||
|
||||
@RestController
|
||||
@RequestMapping(MallConstants.ROOT_PATH_ADMIN + "/admin")
|
||||
@Api("管理员模块")
|
||||
public class AdminController {
|
||||
|
||||
@Reference(validation = "true", version = "${dubbo.provider.ResourceService.version}")
|
||||
private ResourceService resourceService;
|
||||
|
||||
@Reference(validation = "true", version = "${dubbo.provider.AdminService.version}")
|
||||
private AdminService adminService;
|
||||
|
||||
@Reference(validation = "true", version = "${dubbo.provider.RoleService.version}")
|
||||
private RoleService roleService;
|
||||
|
||||
@Autowired
|
||||
private DeptmentService deptmentService;
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
|
@ -1,40 +0,0 @@
|
|||
package cn.iocoder.mall.system.application.convert;
|
||||
|
||||
import cn.iocoder.common.framework.vo.CommonResult;
|
||||
import cn.iocoder.common.framework.vo.PageResult;
|
||||
import cn.iocoder.mall.system.api.bo.role.RoleBO;
|
||||
import cn.iocoder.mall.system.api.bo.admin.AdminBO;
|
||||
import cn.iocoder.mall.system.application.vo.admin.AdminInfoVO;
|
||||
import cn.iocoder.mall.system.application.vo.admin.AdminRoleVO;
|
||||
import cn.iocoder.mall.system.application.vo.admin.AdminVO;
|
||||
import cn.iocoder.mall.system.sdk.context.AdminSecurityContext;
|
||||
import org.mapstruct.Mapper;
|
||||
import org.mapstruct.Mappings;
|
||||
import org.mapstruct.factory.Mappers;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
|
||||
@Mapper
|
||||
public interface AdminConvert {
|
||||
|
||||
AdminConvert INSTANCE = Mappers.getMapper(AdminConvert.class);
|
||||
|
||||
@Mappings({})
|
||||
AdminInfoVO convert(AdminSecurityContext adminSecurityContext);
|
||||
|
||||
@Mappings({})
|
||||
AdminVO convert(AdminBO adminBO);
|
||||
|
||||
@Mappings({})
|
||||
CommonResult<AdminVO> convert2(CommonResult<AdminBO> result);
|
||||
|
||||
@Mappings({})
|
||||
List<AdminRoleVO> convert(List<RoleBO> roleList);
|
||||
|
||||
@Mappings({})
|
||||
PageResult<AdminVO> convertAdminVOPage(PageResult<AdminBO> page);
|
||||
|
||||
List<AdminVO.Role> convertAdminVORoleList(Collection<RoleBO> list);
|
||||
|
||||
}
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
/**
|
||||
* @author Sin
|
||||
* @time 2019/5/26 12:36 PM
|
||||
*/
|
||||
package cn.iocoder.mall.system.application.po;
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
package cn.iocoder.mall.system.application.vo;
|
||||
|
||||
import io.swagger.annotations.ApiModel;
|
||||
import io.swagger.annotations.ApiModelProperty;
|
||||
import lombok.Data;
|
||||
import lombok.experimental.Accessors;
|
||||
|
||||
@ApiModel("登陆结果 VO")
|
||||
@Data
|
||||
@Accessors(chain = true)
|
||||
public class PassportLoginVO {
|
||||
|
||||
@ApiModelProperty(value = "访问令牌", required = true, example = "2e3d7635c15e47e997611707a237859f")
|
||||
private String accessToken;
|
||||
@ApiModelProperty(value = "刷新令牌", required = true, example = "d091e7c35bbb4313b0f557a6ef23d033")
|
||||
private String refreshToken;
|
||||
@ApiModelProperty(value = "过期时间,单位:秒", required = true, example = "2879")
|
||||
private Integer expiresIn;
|
||||
}
|
||||
|
|
@ -1,20 +0,0 @@
|
|||
package cn.iocoder.mall.system.application.vo.admin;
|
||||
|
||||
import io.swagger.annotations.ApiModel;
|
||||
import io.swagger.annotations.ApiModelProperty;
|
||||
import lombok.Data;
|
||||
import lombok.experimental.Accessors;
|
||||
|
||||
import java.util.Set;
|
||||
|
||||
@ApiModel("管理员信息 VO")
|
||||
@Data
|
||||
@Accessors(chain = true)
|
||||
public class AdminInfoVO {
|
||||
|
||||
@ApiModelProperty(value = "管理员编号", required = true, example = "1")
|
||||
private Integer adminId;
|
||||
@ApiModelProperty(value = "角色编号的数组", required = true, example = "[1, 2]")
|
||||
private Set<Integer> roleIds;
|
||||
|
||||
}
|
||||
|
|
@ -1,20 +0,0 @@
|
|||
package cn.iocoder.mall.system.application.vo.admin;
|
||||
|
||||
import io.swagger.annotations.ApiModel;
|
||||
import io.swagger.annotations.ApiModelProperty;
|
||||
import lombok.Data;
|
||||
import lombok.experimental.Accessors;
|
||||
|
||||
@ApiModel("管理员拥有的角色 VO")
|
||||
@Data
|
||||
@Accessors(chain = true)
|
||||
public class AdminRoleVO {
|
||||
|
||||
@ApiModelProperty(value = "角色编号", required = true, example = "1")
|
||||
private Integer id;
|
||||
@ApiModelProperty(value = "角色名字", required = true, example = "系统管理员")
|
||||
private String name;
|
||||
@ApiModelProperty(value = "是否授权", required = true, example = "true")
|
||||
private Boolean assigned;
|
||||
|
||||
}
|
||||
|
|
@ -1,49 +0,0 @@
|
|||
package cn.iocoder.mall.system.application.vo.admin;
|
||||
|
||||
import cn.iocoder.mall.system.api.bo.admin.AdminBO;
|
||||
import io.swagger.annotations.ApiModel;
|
||||
import io.swagger.annotations.ApiModelProperty;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Data;
|
||||
import lombok.experimental.Accessors;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
@ApiModel("管理员 VO")
|
||||
@Data
|
||||
@Accessors(chain = true)
|
||||
public class AdminVO extends AdminBO {
|
||||
|
||||
private List<Role> roles;
|
||||
|
||||
private Deptment deptment;
|
||||
|
||||
@ApiModel("管理员 VO - 角色")
|
||||
@Data
|
||||
@Accessors(chain = true)
|
||||
public static class Role {
|
||||
|
||||
@ApiModelProperty(value = "角色编号", required = true, example = "1")
|
||||
private Integer id;
|
||||
|
||||
@ApiModelProperty(value = "角色名", required = true, example = "码神")
|
||||
private String name;
|
||||
|
||||
}
|
||||
|
||||
@ApiModel("管理员 VO - 部门")
|
||||
@Data
|
||||
@Accessors(chain = true)
|
||||
@AllArgsConstructor
|
||||
public static class Deptment {
|
||||
|
||||
@ApiModelProperty(value = "部门编号", required = true, example = "1")
|
||||
private Integer id;
|
||||
|
||||
@ApiModelProperty(value = "部门名称", required = true, example = "研发部")
|
||||
private String name;
|
||||
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
package cn.iocoder.mall.system.application.vo.resource;
|
||||
|
||||
import cn.iocoder.mall.system.api.bo.resource.ResourceBO;
|
||||
import io.swagger.annotations.ApiModel;
|
||||
import io.swagger.annotations.ApiModelProperty;
|
||||
import lombok.Data;
|
||||
import lombok.experimental.Accessors;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
@ApiModel("资源树结构 VO")
|
||||
@Data
|
||||
@Accessors(chain = true)
|
||||
public class ResourceTreeNodeVO extends ResourceBO {
|
||||
|
||||
@ApiModelProperty(value = "子节点数组")
|
||||
private List<ResourceTreeNodeVO> children;
|
||||
|
||||
}
|
||||
|
|
@ -1,32 +0,0 @@
|
|||
package cn.iocoder.mall.system.application.vo.resource;
|
||||
|
||||
import io.swagger.annotations.ApiModel;
|
||||
import io.swagger.annotations.ApiModelProperty;
|
||||
import lombok.Data;
|
||||
import lombok.experimental.Accessors;
|
||||
|
||||
import java.util.Date;
|
||||
|
||||
@ApiModel("资源 VO")
|
||||
@Data
|
||||
@Accessors(chain = true)
|
||||
public class ResourceVO {
|
||||
|
||||
@ApiModelProperty(value = "资源编号", required = true, example = "1")
|
||||
private Integer id;
|
||||
@ApiModelProperty(value = "资源名字(标识)", required = true, example = "商品管理")
|
||||
private String name;
|
||||
@ApiModelProperty(value = "资源类型", required = true, example = "1")
|
||||
private Integer type;
|
||||
@ApiModelProperty(value = "排序", required = true, example = "1")
|
||||
private Integer sort;
|
||||
@ApiModelProperty(value = "菜单展示名", required = true, example = "商品管理")
|
||||
private String displayName;
|
||||
@ApiModelProperty(value = "创建时间", required = true, example = "时间戳格式")
|
||||
private Date createTime;
|
||||
@ApiModelProperty(value = "父级资源编号", required = true, example = "1", notes = "如果无父资源,则值为 0")
|
||||
private Integer pid;
|
||||
@ApiModelProperty(value = "操作", required = true, example = "/order/list")
|
||||
private String handler;
|
||||
|
||||
}
|
||||
|
|
@ -1,33 +0,0 @@
|
|||
package cn.iocoder.mall.system.application.vo.role;
|
||||
|
||||
import io.swagger.annotations.ApiModel;
|
||||
import io.swagger.annotations.ApiModelProperty;
|
||||
import lombok.Data;
|
||||
import lombok.experimental.Accessors;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
@ApiModel("角色拥有的资源 VO")
|
||||
@Data
|
||||
@Accessors(chain = true)
|
||||
public class RoleResourceTreeNodeVO {
|
||||
|
||||
@ApiModelProperty(value = "菜单编号", required = true, example = "1")
|
||||
private Integer id;
|
||||
// @ApiModelProperty(value = "菜单名", required = true, example = "商品管理")
|
||||
// private String name;
|
||||
@ApiModelProperty(value = "菜单操作", required = true, example = "/order/list")
|
||||
private String handler;
|
||||
@ApiModelProperty(value = "父菜单编号", required = true, example = "1", notes = "如果无父菜单,则值为 0")
|
||||
private Integer pid;
|
||||
@ApiModelProperty(value = "排序", required = true, example = "1")
|
||||
private Integer sort;
|
||||
@ApiModelProperty(value = "菜单展示名", required = true, example = "商品管理")
|
||||
private String displayName;
|
||||
@ApiModelProperty(value = "子节点数组")
|
||||
private List<RoleResourceTreeNodeVO> children;
|
||||
|
||||
@ApiModelProperty(value = "是否授权", required = true, example = "true")
|
||||
private Boolean assigned;
|
||||
|
||||
}
|
||||
Loading…
Reference in New Issue