完全权限模块的权限注册的添加

This commit is contained in:
YunaiV 2020-07-13 22:45:31 +08:00
parent 61e5cfe617
commit 244f248ad5
42 changed files with 113 additions and 923 deletions

View File

@ -10,6 +10,8 @@ import cn.iocoder.mall.security.admin.core.context.AdminSecurityContextHolder;
import cn.iocoder.mall.systemservice.enums.SystemErrorCodeEnum; import cn.iocoder.mall.systemservice.enums.SystemErrorCodeEnum;
import cn.iocoder.mall.systemservice.rpc.oauth.OAuth2Rpc; import cn.iocoder.mall.systemservice.rpc.oauth.OAuth2Rpc;
import cn.iocoder.mall.systemservice.rpc.oauth.vo.OAuth2AccessTokenVO; import cn.iocoder.mall.systemservice.rpc.oauth.vo.OAuth2AccessTokenVO;
import cn.iocoder.mall.systemservice.rpc.permission.PermissionRpc;
import cn.iocoder.mall.systemservice.rpc.permission.dto.PermissionCheckDTO;
import cn.iocoder.mall.web.core.util.CommonWebUtil; import cn.iocoder.mall.web.core.util.CommonWebUtil;
import cn.iocoder.security.annotations.RequiresNone; import cn.iocoder.security.annotations.RequiresNone;
import cn.iocoder.security.annotations.RequiresPermissions; import cn.iocoder.security.annotations.RequiresPermissions;
@ -20,12 +22,16 @@ import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import java.util.Arrays;
import static cn.iocoder.mall.systemservice.enums.SystemErrorCodeEnum.OAUTH_USER_TYPE_ERROR; import static cn.iocoder.mall.systemservice.enums.SystemErrorCodeEnum.OAUTH_USER_TYPE_ERROR;
public class AdminSecurityInterceptor extends HandlerInterceptorAdapter { public class AdminSecurityInterceptor extends HandlerInterceptorAdapter {
@Reference(validation = "true", version = "${dubbo.consumer.OAuth2Rpc.version}") @Reference(validation = "true", version = "${dubbo.consumer.OAuth2Rpc.version}")
private OAuth2Rpc oauth2Rpc; private OAuth2Rpc oauth2Rpc;
@Reference(validation = "true", version = "${dubbo.consumer.PermissionRpc.version}")
private PermissionRpc permissionRpc;
@Override @Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) { public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
@ -67,7 +73,7 @@ public class AdminSecurityInterceptor extends HandlerInterceptorAdapter {
} }
} }
private void checkPermission(HandlerMethod handlerMethod, Integer accountId) { private void checkPermission(HandlerMethod handlerMethod, Integer adminId) {
RequiresPermissions requiresPermissions = handlerMethod.getMethodAnnotation(RequiresPermissions.class); RequiresPermissions requiresPermissions = handlerMethod.getMethodAnnotation(RequiresPermissions.class);
if (requiresPermissions == null) { if (requiresPermissions == null) {
return; return;
@ -76,13 +82,9 @@ public class AdminSecurityInterceptor extends HandlerInterceptorAdapter {
if (CollectionUtils.isEmpty(permissions)) { if (CollectionUtils.isEmpty(permissions)) {
return; return;
} }
// 权限验证 TODO 待完成 // 权限验证
// AuthorizationCheckPermissionsRequest authorizationCheckPermissionsRequest = new AuthorizationCheckPermissionsRequest() permissionRpc.checkPermission(new PermissionCheckDTO().setAdminId(adminId).setPermissions(Arrays.asList(permissions)))
// .setAccountId(accountId).setPermissions(Arrays.asList(permissions)); .checkError();
// CommonResult<Boolean> authorizationCheckPermissionsResult = authorizationRPC.checkPermissions(authorizationCheckPermissionsRequest);
// if (authorizationCheckPermissionsResult.isError()) { // TODO 有一个问题点假设 token 认证失败但是该 url 是无需认证的是不是一样能够执行过去
// throw ServiceExceptionUtil.exception(authorizationCheckPermissionsResult);
// }
} }
@Override @Override

View File

@ -33,21 +33,21 @@ public class AdminController {
@ApiOperation(value = "管理员分页") @ApiOperation(value = "管理员分页")
@GetMapping("/page") @GetMapping("/page")
@RequiresPermissions("system:page") @RequiresPermissions("system:admin:page")
public CommonResult<PageResult<AdminPageItemVO>> page(AdminPageDTO adminPageDTO) { public CommonResult<PageResult<AdminPageItemVO>> page(AdminPageDTO adminPageDTO) {
return success(adminManager.pageAdmin(adminPageDTO)); return success(adminManager.pageAdmin(adminPageDTO));
} }
@ApiOperation(value = "创建管理员") @ApiOperation(value = "创建管理员")
@PostMapping("/create") @PostMapping("/create")
@RequiresPermissions("admin:create") @RequiresPermissions("system:admin:create")
public CommonResult<Integer> createAdmin(AdminCreateDTO createDTO, HttpServletRequest request) { public CommonResult<Integer> createAdmin(AdminCreateDTO createDTO, HttpServletRequest request) {
return success(adminManager.createAdmin(createDTO, AdminSecurityContextHolder.getAdminId(), HttpUtil.getIp(request))); return success(adminManager.createAdmin(createDTO, AdminSecurityContextHolder.getAdminId(), HttpUtil.getIp(request)));
} }
@PostMapping("/update") @PostMapping("/update")
@ApiOperation(value = "更新管理员") @ApiOperation(value = "更新管理员")
@RequiresPermissions("admin:update") @RequiresPermissions("system:admin:update")
public CommonResult<Boolean> updateAdmin(AdminUpdateInfoDTO updateInfoDTO) { public CommonResult<Boolean> updateAdmin(AdminUpdateInfoDTO updateInfoDTO) {
adminManager.updateAdmin(updateInfoDTO); adminManager.updateAdmin(updateInfoDTO);
return success(true); return success(true);
@ -55,7 +55,7 @@ public class AdminController {
@PostMapping("/update-status") @PostMapping("/update-status")
@ApiOperation(value = "更新管理员状态") @ApiOperation(value = "更新管理员状态")
@RequiresPermissions("admin:update-status") @RequiresPermissions("system:admin:update-status")
public CommonResult<Boolean> updateUserStatus(AdminUpdateStatusDTO updateStatusDTO) { public CommonResult<Boolean> updateUserStatus(AdminUpdateStatusDTO updateStatusDTO) {
adminManager.updateAdminStatus(updateStatusDTO); adminManager.updateAdminStatus(updateStatusDTO);
return success(true); return success(true);

View File

@ -4,6 +4,7 @@ import cn.iocoder.common.framework.vo.CommonResult;
import cn.iocoder.mall.managementweb.controller.permission.dto.PermissionAssignAdminRoleDTO; import cn.iocoder.mall.managementweb.controller.permission.dto.PermissionAssignAdminRoleDTO;
import cn.iocoder.mall.managementweb.controller.permission.dto.PermissionAssignRoleResourceDTO; import cn.iocoder.mall.managementweb.controller.permission.dto.PermissionAssignRoleResourceDTO;
import cn.iocoder.mall.managementweb.manager.permission.PermissionManager; import cn.iocoder.mall.managementweb.manager.permission.PermissionManager;
import cn.iocoder.security.annotations.RequiresPermissions;
import io.swagger.annotations.Api; import io.swagger.annotations.Api;
import io.swagger.annotations.ApiImplicitParam; import io.swagger.annotations.ApiImplicitParam;
import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiOperation;
@ -33,12 +34,14 @@ public class PermissionController {
@GetMapping("/list-role-resources") @GetMapping("/list-role-resources")
@ApiOperation("获得角色拥有的资源编号") @ApiOperation("获得角色拥有的资源编号")
@ApiImplicitParam(name = "roleId", value = "角色编号", required = true) @ApiImplicitParam(name = "roleId", value = "角色编号", required = true)
@RequiresPermissions("system:permission:assign-role-resource")
public CommonResult<Set<Integer>> listRoleResources(Integer roleId) { public CommonResult<Set<Integer>> listRoleResources(Integer roleId) {
return success(permissionManager.listRoleResources(roleId)); return success(permissionManager.listRoleResources(roleId));
} }
@PostMapping("/assign-role-resource") @PostMapping("/assign-role-resource")
@ApiOperation("赋予角色资源") @ApiOperation("赋予角色资源")
@RequiresPermissions("system:permission:assign-role-resource")
public CommonResult<Boolean> assignRoleResource(PermissionAssignRoleResourceDTO assignRoleResourceDTO) { public CommonResult<Boolean> assignRoleResource(PermissionAssignRoleResourceDTO assignRoleResourceDTO) {
permissionManager.assignRoleResource(assignRoleResourceDTO); permissionManager.assignRoleResource(assignRoleResourceDTO);
return success(true); return success(true);
@ -46,6 +49,7 @@ public class PermissionController {
@GetMapping("/list-admin-roles") @GetMapping("/list-admin-roles")
@ApiOperation("获得管理员拥有的角色编号列表") @ApiOperation("获得管理员拥有的角色编号列表")
@RequiresPermissions("system:permission:assign-admin-role")
@ApiImplicitParam(name = "adminId", value = "管理员编号", required = true) @ApiImplicitParam(name = "adminId", value = "管理员编号", required = true)
public CommonResult<Set<Integer>> listAdminRoles(Integer adminId) { public CommonResult<Set<Integer>> listAdminRoles(Integer adminId) {
return success(permissionManager.listAdminRoles(adminId)); return success(permissionManager.listAdminRoles(adminId));
@ -53,6 +57,7 @@ public class PermissionController {
@PostMapping("/assign-admin-role") @PostMapping("/assign-admin-role")
@ApiOperation("赋予用户角色") @ApiOperation("赋予用户角色")
@RequiresPermissions("system:permission:assign-admin-role")
public CommonResult<Boolean> assignAdminRole(PermissionAssignAdminRoleDTO assignAdminRoleDTO) { public CommonResult<Boolean> assignAdminRole(PermissionAssignAdminRoleDTO assignAdminRoleDTO) {
permissionManager.assignAdminRole(assignAdminRoleDTO); permissionManager.assignAdminRole(assignAdminRoleDTO);
return success(true); return success(true);

View File

@ -7,6 +7,7 @@ import cn.iocoder.mall.managementweb.controller.permission.vo.ResourceTreeNodeVO
import cn.iocoder.mall.managementweb.controller.permission.vo.ResourceVO; import cn.iocoder.mall.managementweb.controller.permission.vo.ResourceVO;
import cn.iocoder.mall.managementweb.manager.permission.ResourceManager; import cn.iocoder.mall.managementweb.manager.permission.ResourceManager;
import cn.iocoder.mall.security.admin.core.context.AdminSecurityContextHolder; import cn.iocoder.mall.security.admin.core.context.AdminSecurityContextHolder;
import cn.iocoder.security.annotations.RequiresPermissions;
import io.swagger.annotations.Api; import io.swagger.annotations.Api;
import io.swagger.annotations.ApiImplicitParam; import io.swagger.annotations.ApiImplicitParam;
import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiOperation;
@ -33,12 +34,14 @@ public class ResourceController {
@PostMapping("/create") @PostMapping("/create")
@ApiOperation("创建资源") @ApiOperation("创建资源")
@RequiresPermissions("system:resource:create")
public CommonResult<Integer> createResource(@Valid ResourceCreateDTO createDTO) { public CommonResult<Integer> createResource(@Valid ResourceCreateDTO createDTO) {
return success(resourceManager.createResource(createDTO, AdminSecurityContextHolder.getAdminId())); return success(resourceManager.createResource(createDTO, AdminSecurityContextHolder.getAdminId()));
} }
@PostMapping("/update") @PostMapping("/update")
@ApiOperation("更新资源") @ApiOperation("更新资源")
@RequiresPermissions("system:resource:update")
public CommonResult<Boolean> updateResource(@Valid ResourceUpdateDTO updateDTO) { public CommonResult<Boolean> updateResource(@Valid ResourceUpdateDTO updateDTO) {
resourceManager.updateResource(updateDTO); resourceManager.updateResource(updateDTO);
return success(true); return success(true);
@ -47,6 +50,7 @@ public class ResourceController {
@PostMapping("/delete") @PostMapping("/delete")
@ApiOperation("删除资源") @ApiOperation("删除资源")
@ApiImplicitParam(name = "resourceId", value = "资源编号", required = true) @ApiImplicitParam(name = "resourceId", value = "资源编号", required = true)
@RequiresPermissions("system:resource:delete")
public CommonResult<Boolean> deleteResource(@RequestParam("resourceId") Integer resourceId) { public CommonResult<Boolean> deleteResource(@RequestParam("resourceId") Integer resourceId) {
resourceManager.deleteResource(resourceId); resourceManager.deleteResource(resourceId);
return success(true); return success(true);
@ -54,19 +58,22 @@ public class ResourceController {
@GetMapping("/get") @GetMapping("/get")
@ApiOperation("获得资源") @ApiOperation("获得资源")
@RequiresPermissions("system:resource:tree")
public CommonResult<ResourceVO> getResource(@RequestParam("resourceId") Integer resourceId) { public CommonResult<ResourceVO> getResource(@RequestParam("resourceId") Integer resourceId) {
return success(resourceManager.getResource(resourceId)); return success(resourceManager.getResource(resourceId));
} }
@GetMapping("/list") @GetMapping("/list")
@ApiOperation("获得资源列表") @ApiOperation("获得资源列表")
@ApiImplicitParam(name = "resourceId", value = "资源编号列表", required = true) @ApiImplicitParam(name = "resourceIds", value = "资源编号列表", required = true)
@RequiresPermissions("system:resource:tree")
public CommonResult<List<ResourceVO>> listResources(@RequestParam("resourceIds") List<Integer> resourceIds) { public CommonResult<List<ResourceVO>> listResources(@RequestParam("resourceIds") List<Integer> resourceIds) {
return success(resourceManager.listResources(resourceIds)); return success(resourceManager.listResources(resourceIds));
} }
@GetMapping("/tree") @GetMapping("/tree")
@ApiOperation("获得资源树") @ApiOperation("获得资源树")
@RequiresPermissions("system:resource:tree")
public CommonResult<List<ResourceTreeNodeVO>> treeResource() { public CommonResult<List<ResourceTreeNodeVO>> treeResource() {
return success(resourceManager.treeResource()); return success(resourceManager.treeResource());
} }

View File

@ -8,6 +8,7 @@ import cn.iocoder.mall.managementweb.controller.permission.dto.RoleUpdateDTO;
import cn.iocoder.mall.managementweb.controller.permission.vo.RoleVO; import cn.iocoder.mall.managementweb.controller.permission.vo.RoleVO;
import cn.iocoder.mall.managementweb.manager.permission.RoleManager; import cn.iocoder.mall.managementweb.manager.permission.RoleManager;
import cn.iocoder.mall.security.admin.core.context.AdminSecurityContextHolder; import cn.iocoder.mall.security.admin.core.context.AdminSecurityContextHolder;
import cn.iocoder.security.annotations.RequiresPermissions;
import io.swagger.annotations.Api; import io.swagger.annotations.Api;
import io.swagger.annotations.ApiImplicitParam; import io.swagger.annotations.ApiImplicitParam;
import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiOperation;
@ -34,12 +35,14 @@ public class RoleController {
@PostMapping("/create") @PostMapping("/create")
@ApiOperation("创建角色") @ApiOperation("创建角色")
@RequiresPermissions("system:role:create")
public CommonResult<Integer> createRole(@Valid RoleCreateDTO createDTO) { public CommonResult<Integer> createRole(@Valid RoleCreateDTO createDTO) {
return success(roleManager.createRole(createDTO, AdminSecurityContextHolder.getAdminId())); return success(roleManager.createRole(createDTO, AdminSecurityContextHolder.getAdminId()));
} }
@PostMapping("/update") @PostMapping("/update")
@ApiOperation("更新角色") @ApiOperation("更新角色")
@RequiresPermissions("system:role:update")
public CommonResult<Boolean> updateRole(@Valid RoleUpdateDTO updateDTO) { public CommonResult<Boolean> updateRole(@Valid RoleUpdateDTO updateDTO) {
roleManager.updateRole(updateDTO); roleManager.updateRole(updateDTO);
return success(true); return success(true);
@ -48,6 +51,7 @@ public class RoleController {
@PostMapping("/delete") @PostMapping("/delete")
@ApiOperation("删除角色") @ApiOperation("删除角色")
@ApiImplicitParam(name = "roleId", value = "角色编号", required = true) @ApiImplicitParam(name = "roleId", value = "角色编号", required = true)
@RequiresPermissions("system:role:delete")
public CommonResult<Boolean> deleteRole(@RequestParam("roleId") Integer roleId) { public CommonResult<Boolean> deleteRole(@RequestParam("roleId") Integer roleId) {
roleManager.deleteRole(roleId); roleManager.deleteRole(roleId);
return success(true); return success(true);
@ -56,12 +60,14 @@ public class RoleController {
@GetMapping("/get") @GetMapping("/get")
@ApiOperation("获得角色") @ApiOperation("获得角色")
@ApiImplicitParam(name = "roleId", value = "角色编号", required = true) @ApiImplicitParam(name = "roleId", value = "角色编号", required = true)
public CommonResult<RoleVO> getRole(@RequestParam("roleId") Integer roleId) { @RequiresPermissions("system:admin:page")
public CommonResult<RoleVO> role(@RequestParam("roleId") Integer roleId) {
return success(roleManager.getRole(roleId)); return success(roleManager.getRole(roleId));
} }
@GetMapping("/list-all") @GetMapping("/list-all")
@ApiOperation("获得所有角色列表") @ApiOperation("获得所有角色列表")
@RequiresPermissions("system:role:page")
public CommonResult<List<RoleVO>> listAllRoles() { public CommonResult<List<RoleVO>> listAllRoles() {
return success(roleManager.listAllRoles()); return success(roleManager.listAllRoles());
} }
@ -69,12 +75,14 @@ public class RoleController {
@GetMapping("/list") @GetMapping("/list")
@ApiOperation("获得角色列表") @ApiOperation("获得角色列表")
@ApiImplicitParam(name = "roleIds", value = "角色编号列表", required = true) @ApiImplicitParam(name = "roleIds", value = "角色编号列表", required = true)
@RequiresPermissions("system:role:page")
public CommonResult<List<RoleVO>> listRoles(@RequestParam("roleIds") List<Integer> roleIds) { public CommonResult<List<RoleVO>> listRoles(@RequestParam("roleIds") List<Integer> roleIds) {
return success(roleManager.listRoles(roleIds)); return success(roleManager.listRoles(roleIds));
} }
@GetMapping("/page") @GetMapping("/page")
@ApiOperation("获得角色分页") @ApiOperation("获得角色分页")
@RequiresPermissions("system:role:page")
public CommonResult<PageResult<RoleVO>> pageRole(RolePageDTO pageDTO) { public CommonResult<PageResult<RoleVO>> pageRole(RolePageDTO pageDTO) {
return success(roleManager.pageRole(pageDTO)); return success(roleManager.pageRole(pageDTO));
} }

View File

@ -3,6 +3,7 @@ package cn.iocoder.mall.systemservice.rpc.permission;
import cn.iocoder.common.framework.vo.CommonResult; import cn.iocoder.common.framework.vo.CommonResult;
import cn.iocoder.mall.systemservice.rpc.permission.dto.PermissionAssignAdminRoleDTO; import cn.iocoder.mall.systemservice.rpc.permission.dto.PermissionAssignAdminRoleDTO;
import cn.iocoder.mall.systemservice.rpc.permission.dto.PermissionAssignRoleResourceDTO; import cn.iocoder.mall.systemservice.rpc.permission.dto.PermissionAssignRoleResourceDTO;
import cn.iocoder.mall.systemservice.rpc.permission.dto.PermissionCheckDTO;
import java.util.Set; import java.util.Set;
@ -43,4 +44,14 @@ public interface PermissionRpc {
*/ */
CommonResult<Boolean> assignAdminRole(PermissionAssignAdminRoleDTO assignAdminRoleDTO); CommonResult<Boolean> assignAdminRole(PermissionAssignAdminRoleDTO assignAdminRoleDTO);
/**
* 校验管理员是否拥有指定权限
*
* 如果没有则抛出 {@link cn.iocoder.common.framework.exception.ServiceException} 异常
*
* @param checkDTO 校验权限 DTO
* @return 成功
*/
CommonResult<Boolean> checkPermission(PermissionCheckDTO checkDTO);
} }

View File

@ -1,20 +1,21 @@
package cn.iocoder.mall.system.biz.dto.authorization; package cn.iocoder.mall.systemservice.rpc.permission.dto;
import lombok.Data; import lombok.Data;
import lombok.experimental.Accessors; import lombok.experimental.Accessors;
import javax.validation.constraints.NotNull; import javax.validation.constraints.NotNull;
import java.io.Serializable;
import java.util.Collection; import java.util.Collection;
/** /**
* 授权模块 - 校验账号是否有权限 DTO * 权限校验 DTO
*/ */
@Data @Data
@Accessors(chain = true) @Accessors(chain = true)
public class AuthorizationCheckPermissionsDTO { public class PermissionCheckDTO implements Serializable {
@NotNull(message = "账号编号不能为空") @NotNull(message = "管理员编号不能为空")
private Integer accountId; private Integer adminId;
@NotNull(message = "权限不能为空") @NotNull(message = "权限不能为空")
private Collection<String> permissions; private Collection<String> permissions;

View File

@ -1,8 +1,11 @@
package cn.iocoder.mall.systemservice.manager.permission; package cn.iocoder.mall.systemservice.manager.permission;
import cn.hutool.core.collection.CollectionUtil;
import cn.iocoder.common.framework.util.CollectionUtils; import cn.iocoder.common.framework.util.CollectionUtils;
import cn.iocoder.common.framework.util.ServiceExceptionUtil;
import cn.iocoder.mall.systemservice.rpc.permission.dto.PermissionAssignAdminRoleDTO; import cn.iocoder.mall.systemservice.rpc.permission.dto.PermissionAssignAdminRoleDTO;
import cn.iocoder.mall.systemservice.rpc.permission.dto.PermissionAssignRoleResourceDTO; import cn.iocoder.mall.systemservice.rpc.permission.dto.PermissionAssignRoleResourceDTO;
import cn.iocoder.mall.systemservice.rpc.permission.dto.PermissionCheckDTO;
import cn.iocoder.mall.systemservice.service.permission.PermissionService; import cn.iocoder.mall.systemservice.service.permission.PermissionService;
import cn.iocoder.mall.systemservice.service.permission.ResourceService; import cn.iocoder.mall.systemservice.service.permission.ResourceService;
import cn.iocoder.mall.systemservice.service.permission.RoleService; import cn.iocoder.mall.systemservice.service.permission.RoleService;
@ -13,6 +16,8 @@ import org.springframework.stereotype.Service;
import java.util.Collections; import java.util.Collections;
import java.util.Set; import java.util.Set;
import static cn.iocoder.mall.systemservice.enums.SystemErrorCodeEnum.AUTHORIZATION_PERMISSION_DENY;
/** /**
* 权限 Manager * 权限 Manager
*/ */
@ -69,5 +74,25 @@ public class PermissionManager {
permissionService.assignAdminRole(assignAdminRoleDTO.getAdminId(), assignAdminRoleDTO.getRoleIds()); permissionService.assignAdminRole(assignAdminRoleDTO.getAdminId(), assignAdminRoleDTO.getRoleIds());
} }
/**
* 校验管理员是否拥有指定权限
*
* 如果没有则抛出 {@link cn.iocoder.common.framework.exception.ServiceException} 异常
*
* @param checkDTO 校验权限 DTO
*/
public void checkPermission(PermissionCheckDTO checkDTO) {
// 查询管理员拥有的角色关联数据
Set<Integer> roleIds = permissionService.listAdminRoleIds(checkDTO.getAdminId());
if (CollectionUtil.isEmpty(roleIds)) { // 如果没有角色默认无法访问
throw ServiceExceptionUtil.exception(AUTHORIZATION_PERMISSION_DENY);
}
// 判断是否为超管若是超管默认有所有权限
if (roleService.hasSuperAdmin(roleIds)) {
return;
}
// 校验权限
permissionService.checkPermission(roleIds, checkDTO.getPermissions());
}
} }

View File

@ -4,6 +4,7 @@ import cn.iocoder.common.framework.vo.CommonResult;
import cn.iocoder.mall.systemservice.manager.permission.PermissionManager; import cn.iocoder.mall.systemservice.manager.permission.PermissionManager;
import cn.iocoder.mall.systemservice.rpc.permission.dto.PermissionAssignAdminRoleDTO; import cn.iocoder.mall.systemservice.rpc.permission.dto.PermissionAssignAdminRoleDTO;
import cn.iocoder.mall.systemservice.rpc.permission.dto.PermissionAssignRoleResourceDTO; import cn.iocoder.mall.systemservice.rpc.permission.dto.PermissionAssignRoleResourceDTO;
import cn.iocoder.mall.systemservice.rpc.permission.dto.PermissionCheckDTO;
import org.apache.dubbo.config.annotation.Service; import org.apache.dubbo.config.annotation.Service;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
@ -42,4 +43,10 @@ public class PermissionRpcImpl implements PermissionRpc {
return success(true); return success(true);
} }
@Override
public CommonResult<Boolean> checkPermission(PermissionCheckDTO checkDTO) {
permissionManager.checkPermission(checkDTO);
return success(true);
}
} }

View File

@ -5,6 +5,7 @@ import cn.iocoder.common.framework.util.CollectionUtils;
import cn.iocoder.common.framework.util.ServiceExceptionUtil; import cn.iocoder.common.framework.util.ServiceExceptionUtil;
import cn.iocoder.mall.systemservice.dal.mysql.dataobject.admin.AdminDO; import cn.iocoder.mall.systemservice.dal.mysql.dataobject.admin.AdminDO;
import cn.iocoder.mall.systemservice.dal.mysql.dataobject.permission.AdminRoleDO; import cn.iocoder.mall.systemservice.dal.mysql.dataobject.permission.AdminRoleDO;
import cn.iocoder.mall.systemservice.dal.mysql.dataobject.permission.ResourceDO;
import cn.iocoder.mall.systemservice.dal.mysql.dataobject.permission.RoleDO; import cn.iocoder.mall.systemservice.dal.mysql.dataobject.permission.RoleDO;
import cn.iocoder.mall.systemservice.dal.mysql.dataobject.permission.RoleResourceDO; import cn.iocoder.mall.systemservice.dal.mysql.dataobject.permission.RoleResourceDO;
import cn.iocoder.mall.systemservice.dal.mysql.mapper.admin.AdminMapper; import cn.iocoder.mall.systemservice.dal.mysql.mapper.admin.AdminMapper;
@ -12,11 +13,14 @@ import cn.iocoder.mall.systemservice.dal.mysql.mapper.permission.AdminRoleMapper
import cn.iocoder.mall.systemservice.dal.mysql.mapper.permission.ResourceMapper; import cn.iocoder.mall.systemservice.dal.mysql.mapper.permission.ResourceMapper;
import cn.iocoder.mall.systemservice.dal.mysql.mapper.permission.RoleMapper; import cn.iocoder.mall.systemservice.dal.mysql.mapper.permission.RoleMapper;
import cn.iocoder.mall.systemservice.dal.mysql.mapper.permission.RoleResourceMapper; import cn.iocoder.mall.systemservice.dal.mysql.mapper.permission.RoleResourceMapper;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service; import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional; import org.springframework.transaction.annotation.Transactional;
import java.util.Collection;
import java.util.List; import java.util.List;
import java.util.Map;
import java.util.Set; import java.util.Set;
import java.util.stream.Collectors; import java.util.stream.Collectors;
@ -26,6 +30,7 @@ import static cn.iocoder.mall.systemservice.enums.SystemErrorCodeEnum.*;
* 权限 Service * 权限 Service
*/ */
@Service @Service
@Slf4j
public class PermissionService { public class PermissionService {
@Autowired @Autowired
@ -122,4 +127,26 @@ public class PermissionService {
return CollectionUtils.convertSet(adminRoleDOs, AdminRoleDO::getRoleId); return CollectionUtils.convertSet(adminRoleDOs, AdminRoleDO::getRoleId);
} }
public void checkPermission(Collection<Integer> roleIds, Collection<String> permissions) {
// 查询权限对应资源
List<ResourceDO> resourceBOs = resourceMapper.selectListByPermissions(permissions);
if (CollectionUtil.isEmpty(resourceBOs)) { // 无对应资源则认为无需权限验证
log.warn("[checkPermission][permission({}) 未配置对应资源]", permissions);
return;
}
Set<Integer> permissionIds = CollectionUtils.convertSet(resourceBOs, ResourceDO::getId);
// 权限验证
List<RoleResourceDO> roleResourceDOs = roleResourceMapper.selectListByResourceIds(permissionIds);
if (CollectionUtil.isEmpty(roleResourceDOs)) { // 资源未授予任何角色必然权限验证不通过
throw ServiceExceptionUtil.exception(AUTHORIZATION_PERMISSION_DENY);
}
Map<Integer, List<Integer>> resourceRoleMap = CollectionUtils.convertMultiMap(roleResourceDOs,
RoleResourceDO::getResourceId, RoleResourceDO::getRoleId);
for (Map.Entry<Integer, List<Integer>> entry : resourceRoleMap.entrySet()) {
if (!CollectionUtil.containsAny(roleIds, entry.getValue())) { // 所以有任一不满足就验证失败抛出异常
throw ServiceExceptionUtil.exception(AUTHORIZATION_PERMISSION_DENY);
}
}
}
} }

View File

@ -1,14 +1,6 @@
package cn.iocoder.mall.system.biz.service.authorization; package cn.iocoder.mall.system.biz.service.authorization;
import cn.iocoder.common.framework.exception.ServiceException; import cn.iocoder.mall.system.biz.dto.authorization.AuthorizationCheckPermissionsDTO;
import cn.iocoder.mall.system.biz.bo.authorization.ResourceBO;
import cn.iocoder.mall.system.biz.bo.authorization.ResourceTreeNodeBO;
import cn.iocoder.mall.system.biz.bo.authorization.RoleBO;
import cn.iocoder.mall.system.biz.dto.authorization.*;
import java.util.List;
import java.util.Map;
import java.util.Set;
/** /**
* 授权模块 - Service 接口 * 授权模块 - Service 接口
@ -22,41 +14,4 @@ public interface AuthorizationService {
*/ */
void checkPermissions(AuthorizationCheckPermissionsDTO checkPermissionsDTO); void checkPermissions(AuthorizationCheckPermissionsDTO checkPermissionsDTO);
/**
* 获得指定账号的资源列表
*
* 如果该账号为超级管理员则返回所有资源
*
* @param getResourcesByAccountIdDTO 查询条件 DTO
* @return 资源列表
*/
List<ResourceBO> getResourcesByAccountId(AuthorizationGetResourcesByAccountIdDTO getResourcesByAccountIdDTO);
/**
* 获得每个账号拥有的角色集合
*
* @param getRoleMapByAccountIdsDTO 查询条件 DTO
* @return <账号编号, <RoleBO>>
*/
Map<Integer, Set<RoleBO>> getRoleMapByAccountIds(AuthorizationGetRoleMapByAccountIdsDTO getRoleMapByAccountIdsDTO);
/**
* 获得指定账号的资源树
*
* 如果该账号为超级管理员则返回所有资源
*
* @param getResourceTreeByAccountIdDTO 查询条件 DTO
* @return 资源树
*/
List<ResourceTreeNodeBO> getResourceTreeByAccountId(AuthorizationGetResourcesByAccountIdDTO getResourceTreeByAccountIdDTO);
/**
* 获得指定角色拥有的资源编号集合
*
* @param getRoleResourcesDTO 查询条件 DTO
* @return 资源编号数集合
*/
Set<Integer> getRoleResources(AuthorizationGetRoleResourcesDTO getRoleResourcesDTO);
} }

View File

@ -30,48 +30,6 @@ import static cn.iocoder.mall.system.biz.enums.SystemErrorCodeEnum.AUTHORIZATION
@Slf4j @Slf4j
public class AuthorizationServiceImpl implements AuthorizationService { public class AuthorizationServiceImpl implements AuthorizationService {
@Autowired
private AccountRoleMapper accountRoleMapper;
@Autowired
private RoleResourceMapper roleResourceMapper;
@Autowired
private RoleService roleService;
@Autowired
private ResourceService resourceService;
@Override
public void checkPermissions(AuthorizationCheckPermissionsDTO checkPermissionsDTO) {
// 查询管理员拥有的角色关联数据
List<AccountRoleDO> accountRoleDOs = accountRoleMapper.selectByAccountId(checkPermissionsDTO.getAccountId());
if (CollectionUtil.isEmpty(accountRoleDOs)) { // 如果没有角色默认无法访问
throw ServiceExceptionUtil.exception(AUTHORIZATION_PERMISSION_DENY);
}
Set<Integer> roleIds = CollectionUtil.convertSet(accountRoleDOs, AccountRoleDO::getRoleId);
// 判断是否为超管若是超管默认有所有权限
if (roleService.hasSuperAdmin(roleIds)) {
return;
}
// 查询权限对应资源
List<ResourceBO> resourceBOs = resourceService.getResourcesByPermissions(checkPermissionsDTO.getPermissions());
if (CollectionUtil.isEmpty(resourceBOs)) { // 无对应资源则认为无需权限验证
log.warn("[checkPermissions][permission({}) 未配置对应资源]", checkPermissionsDTO.getPermissions());
return;
}
Set<Integer> permissionIds = CollectionUtil.convertSet(resourceBOs, ResourceBO::getId);
// 权限验证
List<RoleResourceDO> roleResourceDOs = roleResourceMapper.selectListByResourceIds(permissionIds);
if (CollectionUtil.isEmpty(roleResourceDOs)) { // 资源未授予任何角色必然权限验证不通过
throw ServiceExceptionUtil.exception(AUTHORIZATION_PERMISSION_DENY);
}
Map<Integer, List<Integer>> resourceRoleMap = CollectionUtil.convertMultiMap(roleResourceDOs,
RoleResourceDO::getResourceId, RoleResourceDO::getRoleId);
for (Map.Entry<Integer, List<Integer>> entry : resourceRoleMap.entrySet()) {
if (!CollectionUtil.containsAny(roleIds, entry.getValue())) { // 所以有任一不满足就验证失败抛出异常
throw ServiceExceptionUtil.exception(AUTHORIZATION_PERMISSION_DENY);
}
}
}
@EventListener @EventListener
public void handleResourceDeleteEvent(ResourceDeleteEvent event) { public void handleResourceDeleteEvent(ResourceDeleteEvent event) {

View File

@ -1,10 +0,0 @@
package cn.iocoder.mall.system.rpc.api.authorization;
import cn.iocoder.common.framework.vo.CommonResult;
import cn.iocoder.mall.system.rpc.request.authorization.AuthorizationCheckPermissionsRequest;
public interface AuthorizationRPC {
CommonResult<Boolean> checkPermissions(AuthorizationCheckPermissionsRequest checkPermissionsRequest);
}

View File

@ -1,22 +0,0 @@
package cn.iocoder.mall.system.rpc.request.authorization;
import lombok.Data;
import lombok.experimental.Accessors;
import javax.validation.constraints.NotNull;
import java.io.Serializable;
import java.util.List;
/**
* 授权模块 - 校验账号是否有权限 Request
*/
@Data
@Accessors(chain = true)
public class AuthorizationCheckPermissionsRequest implements Serializable {
@NotNull(message = "账号不能为空")
private Integer accountId;
@NotNull(message = "校验的权限不能为空")
private List<String> permissions;
}

View File

@ -1,52 +0,0 @@
package cn.iocoder.mall.system.api;
import cn.iocoder.common.framework.vo.PageResult;
import cn.iocoder.mall.system.api.bo.admin.AdminBO;
import cn.iocoder.mall.system.api.bo.role.RoleBO;
import cn.iocoder.mall.system.api.dto.admin.*;
import java.util.Collection;
import java.util.List;
import java.util.Map;
/**
* 管理员 Service 接口
*/
public interface AdminService {
PageResult<AdminBO> getAdminPage(AdminPageDTO adminPageDTO);
AdminBO addAdmin(Integer adminId, AdminAddDTO adminAddDTO);
Boolean updateAdmin(Integer adminId, AdminUpdateDTO adminUpdateDTO);
Boolean updateAdminStatus(Integer adminId, AdminUpdateStatusDTO adminUpdateStatusDTO);
Boolean deleteAdmin(Integer adminId, Integer updateAdminId);
/**
* 批量查询每个管理员拥有的角色
*
* @param adminIds 管理员编号数组
* @return 每个管理员拥有的角色
*/
Map<Integer, Collection<RoleBO>> getAdminRolesMap(Collection<Integer> adminIds);
/**
* 获得指定管理员拥有的角色数组
*
* @param adminId 指定管理员
* @return 角色编号数组
*/
List<RoleBO> getRoleList(Integer adminId);
/**
* 分配管理员角色
*
* @param adminId 操作管理员编号
* @param adminAssignRoleDTO 分配信息
* @return 是否成功目前默认返回 true
*/
Boolean assignAdminRole(Integer adminId, AdminAssignRoleDTO adminAssignRoleDTO);
}

View File

@ -1,14 +0,0 @@
package cn.iocoder.mall.system.api;
import cn.iocoder.mall.system.api.bo.role.RoleBO;
import java.util.List;
public interface RoleService {
/**
* @return 返回角色列表
*/
List<RoleBO> getRoleList();
}

View File

@ -1,22 +0,0 @@
package cn.iocoder.mall.system.api.bo.admin;
import cn.iocoder.mall.system.api.bo.oauth2.OAuth2AccessTokenBO;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import lombok.Data;
import lombok.experimental.Accessors;
@ApiModel("管理员认证 BO")
@Data
@Accessors(chain = true)
public class AdminAuthenticationBO {
@ApiModelProperty(value = "管理员编号", required = true, example = "1")
private Integer id;
@ApiModelProperty(value = "昵称", required = true, example = "小王")
private String nickname;
private OAuth2AccessTokenBO token;
}

View File

@ -1,25 +0,0 @@
package cn.iocoder.mall.system.api.bo.admin;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import lombok.Data;
import lombok.experimental.Accessors;
import java.io.Serializable;
import java.util.Set;
@ApiModel("管理员授权 BO")
@Data
@Accessors(chain = true)
public class AdminAuthorizationBO implements Serializable {
@ApiModelProperty(value = "管理员编号", required = true, example = "1")
private Integer id;
@ApiModelProperty(value = "登陆账号", required = true, example = "1")
private String username;
@ApiModelProperty(value = "角色编号数组", required = true, example = "1")
private Set<Integer> roleIds;
}

View File

@ -1,35 +0,0 @@
package cn.iocoder.mall.system.api.bo.admin;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import lombok.Data;
import lombok.experimental.Accessors;
import java.io.Serializable;
import java.util.Date;
@ApiModel("管理员 BO")
@Data
@Accessors(chain = true)
public class AdminBO implements Serializable {
@ApiModelProperty(value = "管理员编号", required = true, example = "1")
private Integer id;
@ApiModelProperty(value = "登陆账号", required = true, example = "15601691300")
private String username;
@ApiModelProperty(value = "昵称", required = true, example = "小王")
private String nickname;
@ApiModelProperty(value = "账号状态", required = true, example = "1", notes = "见 CommonStatusEnum 枚举")
private Integer status;
@ApiModelProperty(value = "创建时间", required = true, example = "时间戳格式")
private Date createTime;
// TODO FROM 芋艿 to 参数命名不正确
@ApiModelProperty(value = "部门ID", required = true, example = "1")
private Integer deptmentId;
}

View File

@ -1,25 +0,0 @@
package cn.iocoder.mall.system.api.bo.admin;
import lombok.Data;
import lombok.experimental.Accessors;
import java.io.Serializable;
import java.util.List;
/**
* 管理员分页 BO
*/
@Data
@Accessors(chain = true)
public class AdminPageBO implements Serializable {
/**
* 管理员数组
*/
private List<AdminBO> list;
/**
* 总量
*/
private Integer total;
}

View File

@ -1,24 +0,0 @@
package cn.iocoder.mall.system.api.bo.oauth2;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import lombok.Data;
import lombok.experimental.Accessors;
import java.io.Serializable;
@ApiModel("OAuth2 Token 信息 BO")
@Data
@Accessors(chain = true)
public class OAuth2AccessTokenBO implements Serializable {
@ApiModelProperty(value = "accessToken", required = true, example = "001e8f49b20e47f7b3a2de774497cd50")
private String accessToken;
@ApiModelProperty(value = "refreshToken", required = true, example = "001e8f49b20e47f7b3a2de774497cd50")
private String refreshToken;
@ApiModelProperty(value = "过期时间,单位:秒", required = true, example = "1024")
private Integer expiresIn;
}

View File

@ -1,21 +0,0 @@
package cn.iocoder.mall.system.api.bo.oauth2;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import lombok.Data;
import lombok.experimental.Accessors;
import java.io.Serializable;
@ApiModel("OAUTH2 认证 BO")
@Data
@Accessors(chain = true)
public class OAuth2AuthenticationBO implements Serializable {
@ApiModelProperty(value = "用户编号", required = true, example = "1")
private Integer userId;
@ApiModelProperty(value = "用户类型", required = true, example = "1", notes = "参考 UserTypeEnum 枚举")
private Integer userType;
}

View File

@ -1,44 +0,0 @@
package cn.iocoder.mall.system.api.bo.resource;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import lombok.Data;
import lombok.experimental.Accessors;
import java.io.Serializable;
import java.util.Date;
import java.util.List;
@ApiModel("资源 BO")
@Data
@Accessors(chain = true)
public class ResourceBO implements Serializable {
@ApiModelProperty(value = "资源编号", required = true, example = "1")
private Integer id;
@ApiModelProperty(value = "资源类型", required = true, example = "1")
private Integer type;
@ApiModelProperty(value = "排序", required = true, example = "1")
private Integer sort;
@ApiModelProperty(value = "菜单展示名", required = true, example = "商品管理")
private String displayName;
@ApiModelProperty(value = "父级资源编号", required = true, example = "1", notes = "如果无父资源,则值为 0")
private Integer pid;
@ApiModelProperty(value = "操作", required = true, example = "/order/list")
private String handler;
@ApiModelProperty(value = "图标", example = "add")
private String icon;
@ApiModelProperty(value = "权限标识数组", example = "system.order.add,system.order.update")
private List<String> permissions;
@ApiModelProperty(value = "创建时间", required = true, example = "时间戳格式")
private Date createTime;
}

View File

@ -1,29 +0,0 @@
package cn.iocoder.mall.system.api.bo.role;
import lombok.Data;
import lombok.experimental.Accessors;
import java.io.Serializable;
import java.util.Date;
/**
* 角色 BO
*/
@Data
@Accessors(chain = true)
public class RoleBO implements Serializable {
/**
* 角色编号
*/
private Integer id;
/**
* 角色名字
*/
private String name;
/**
* 添加时间
*/
private Date createTime;
}

View File

@ -1,23 +0,0 @@
package cn.iocoder.mall.system.api.dto.admin;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import lombok.Data;
import lombok.experimental.Accessors;
import javax.validation.constraints.NotNull;
import java.util.Set;
@ApiModel("管理员分配角色 DTO")
@Data
@Accessors(chain = true)
public class AdminAssignRoleDTO {
@ApiModelProperty(value = "管理员编号", required = true, example = "1")
@NotNull(message = "管理员编号不能为空")
private Integer id;
@ApiModelProperty(value = "角色编号数组", example = "1")
private Set<Integer> roleIds;
}

View File

@ -1,27 +0,0 @@
package cn.iocoder.mall.system.api.dto.oauth2;
import cn.iocoder.common.framework.validator.InEnum;
import cn.iocoder.mall.system.api.constant.ResourceTypeEnum;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import lombok.Data;
import lombok.experimental.Accessors;
import javax.validation.constraints.NotNull;
import java.io.Serializable;
@ApiModel("OAuth2 创建 Token DTO")
@Data
@Accessors(chain = true)
public class OAuth2CreateTokenDTO implements Serializable {
@ApiModelProperty(value = "用户编号", required = true, example = "1")
@NotNull(message = "用户编号不能为空")
private Integer userId;
@ApiModelProperty(value = "用户类型", required = true, example = "1", notes = "参见 ResourceTypeEnum 枚举")
@NotNull(message = "用户类型不能为空")
@InEnum(value = ResourceTypeEnum.class, message = "用户类型必须是 {value}")
private Integer userType;
}

View File

@ -1,28 +0,0 @@
package cn.iocoder.mall.system.api.dto.oauth2;
import cn.iocoder.common.framework.validator.InEnum;
import cn.iocoder.mall.system.api.constant.ResourceTypeEnum;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import lombok.Data;
import lombok.experimental.Accessors;
import javax.validation.constraints.NotEmpty;
import javax.validation.constraints.NotNull;
import java.io.Serializable;
@ApiModel("OAuth2 身份验证 DTO")
@Data
@Accessors(chain = true)
public class OAuth2GetTokenDTO implements Serializable {
@ApiModelProperty(value = "accessToken", required = true, example = "001e8f49b20e47f7b3a2de774497cd50")
@NotEmpty(message = "accessToken 不能为空")
private String accessToken;
@ApiModelProperty(value = "用户类型", required = true, example = "1", notes = "参见 ResourceTypeEnum 枚举")
@NotNull(message = "用户类型不能为空")
@InEnum(value = ResourceTypeEnum.class, message = "用户类型必须是 {value}")
private Integer userType;
}

View File

@ -1,28 +0,0 @@
package cn.iocoder.mall.system.api.dto.oauth2;
import cn.iocoder.common.framework.validator.InEnum;
import cn.iocoder.mall.system.api.constant.ResourceTypeEnum;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import lombok.Data;
import lombok.experimental.Accessors;
import javax.validation.constraints.NotEmpty;
import javax.validation.constraints.NotNull;
import java.io.Serializable;
@ApiModel("OAuth2 刷新 Token DTO")
@Data
@Accessors(chain = true)
public class OAuth2RefreshTokenDTO implements Serializable {
@ApiModelProperty(value = "refreshToken", required = true, example = "001e8f49b20e47f7b3a2de774497cd50")
@NotEmpty(message = "refreshToken 不能为空")
private String refreshToken;
@ApiModelProperty(value = "用户类型", required = true, example = "1", notes = "参见 ResourceTypeEnum 枚举")
@NotNull(message = "用户类型不能为空")
@InEnum(value = ResourceTypeEnum.class, message = "用户类型必须是 {value}")
private Integer userType;
}

View File

@ -1,27 +0,0 @@
package cn.iocoder.mall.system.api.dto.oauth2;
import cn.iocoder.common.framework.validator.InEnum;
import cn.iocoder.mall.system.api.constant.ResourceTypeEnum;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import lombok.Data;
import lombok.experimental.Accessors;
import javax.validation.constraints.NotNull;
import java.io.Serializable;
@ApiModel("OAuth2 移除 Token DTO")
@Data
@Accessors(chain = true)
public class OAuth2RemoveTokenByUserDTO implements Serializable {
@ApiModelProperty(value = "用户编号", required = true, example = "1")
@NotNull(message = "用户编号不能为空")
private Integer userId;
@ApiModelProperty(value = "用户类型", required = true, example = "1", notes = "参见 ResourceTypeEnum 枚举")
@NotNull(message = "用户类型不能为空")
@InEnum(value = ResourceTypeEnum.class, message = "用户类型必须是 {value}")
private Integer userType;
}

View File

@ -1,20 +0,0 @@
package cn.iocoder.mall.system.api.dto.role;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import lombok.Data;
import lombok.experimental.Accessors;
import javax.validation.constraints.NotEmpty;
import java.io.Serializable;
@ApiModel("角色添加 DTO")
@Data
@Accessors(chain = true)
public class RoleAddDTO implements Serializable {
@ApiModelProperty(name = "name", value = "角色名字(标识)", required = true, example = "系统管理员")
@NotEmpty(message = "角色名字不能为空")
private String name;
}

View File

@ -1,23 +0,0 @@
package cn.iocoder.mall.system.api.dto.role;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import lombok.Data;
import lombok.experimental.Accessors;
import javax.validation.constraints.NotNull;
import java.util.Set;
@ApiModel("角色分配资源 DTO")
@Data
@Accessors(chain = true)
public class RoleAssignResourceDTO {
@ApiModelProperty(value = "角色编号", required = true, example = "1")
@NotNull(message = "角色编号不能为空")
private Integer id;
@ApiModelProperty(value = "资源编号数组", example = "1,2")
private Set<Integer> resourceIds;
}

View File

@ -1,25 +0,0 @@
package cn.iocoder.mall.system.api.dto.role;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import lombok.Data;
import lombok.experimental.Accessors;
import javax.validation.constraints.NotEmpty;
import javax.validation.constraints.NotNull;
import java.io.Serializable;
@ApiModel("角色添加 DTO")
@Data
@Accessors(chain = true)
public class RoleUpdateDTO implements Serializable {
@ApiModelProperty(value = "角色编号", required = true, example = "1")
@NotNull(message = "角色编号不能为空")
private Integer id;
@ApiModelProperty(value = "角色名", required = true, example = "系统管理员")
@NotEmpty(message = "角色名字不能为空")
private String name;
}

View File

@ -1,55 +0,0 @@
package cn.iocoder.mall.system.application.controller.admins;
import cn.iocoder.common.framework.enums.MallConstants;
import cn.iocoder.common.framework.util.CollectionUtil;
import cn.iocoder.common.framework.vo.CommonResult;
import cn.iocoder.common.framework.vo.PageResult;
import cn.iocoder.mall.system.api.AdminService;
import cn.iocoder.mall.system.api.DeptmentService;
import cn.iocoder.mall.system.api.ResourceService;
import cn.iocoder.mall.system.api.RoleService;
import cn.iocoder.mall.system.api.bo.deptment.DeptmentBO;
import cn.iocoder.mall.system.api.bo.resource.ResourceBO;
import cn.iocoder.mall.system.api.bo.role.RoleBO;
import cn.iocoder.mall.system.api.bo.admin.AdminBO;
import cn.iocoder.mall.system.api.constant.ResourceConstants;
import cn.iocoder.mall.system.api.dto.admin.*;
import cn.iocoder.mall.system.application.convert.AdminConvert;
import cn.iocoder.mall.system.application.convert.ResourceConvert;
import cn.iocoder.mall.system.application.vo.admin.AdminMenuTreeNodeVO;
import cn.iocoder.mall.system.application.vo.admin.AdminRoleVO;
import cn.iocoder.mall.system.application.vo.admin.AdminVO;
import cn.iocoder.mall.system.sdk.annotation.RequiresPermissions;
import cn.iocoder.mall.system.sdk.context.AdminSecurityContextHolder;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiImplicitParam;
import io.swagger.annotations.ApiOperation;
import org.apache.dubbo.config.annotation.Reference;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;
import java.util.*;
import java.util.stream.Collectors;
import static cn.iocoder.common.framework.vo.CommonResult.success;
@RestController
@RequestMapping(MallConstants.ROOT_PATH_ADMIN + "/admin")
@Api("管理员模块")
public class AdminController {
@Reference(validation = "true", version = "${dubbo.provider.ResourceService.version}")
private ResourceService resourceService;
@Reference(validation = "true", version = "${dubbo.provider.AdminService.version}")
private AdminService adminService;
@Reference(validation = "true", version = "${dubbo.provider.RoleService.version}")
private RoleService roleService;
@Autowired
private DeptmentService deptmentService;
}

View File

@ -1,40 +0,0 @@
package cn.iocoder.mall.system.application.convert;
import cn.iocoder.common.framework.vo.CommonResult;
import cn.iocoder.common.framework.vo.PageResult;
import cn.iocoder.mall.system.api.bo.role.RoleBO;
import cn.iocoder.mall.system.api.bo.admin.AdminBO;
import cn.iocoder.mall.system.application.vo.admin.AdminInfoVO;
import cn.iocoder.mall.system.application.vo.admin.AdminRoleVO;
import cn.iocoder.mall.system.application.vo.admin.AdminVO;
import cn.iocoder.mall.system.sdk.context.AdminSecurityContext;
import org.mapstruct.Mapper;
import org.mapstruct.Mappings;
import org.mapstruct.factory.Mappers;
import java.util.Collection;
import java.util.List;
@Mapper
public interface AdminConvert {
AdminConvert INSTANCE = Mappers.getMapper(AdminConvert.class);
@Mappings({})
AdminInfoVO convert(AdminSecurityContext adminSecurityContext);
@Mappings({})
AdminVO convert(AdminBO adminBO);
@Mappings({})
CommonResult<AdminVO> convert2(CommonResult<AdminBO> result);
@Mappings({})
List<AdminRoleVO> convert(List<RoleBO> roleList);
@Mappings({})
PageResult<AdminVO> convertAdminVOPage(PageResult<AdminBO> page);
List<AdminVO.Role> convertAdminVORoleList(Collection<RoleBO> list);
}

View File

@ -1,5 +0,0 @@
/**
* @author Sin
* @time 2019/5/26 12:36 PM
*/
package cn.iocoder.mall.system.application.po;

View File

@ -1,19 +0,0 @@
package cn.iocoder.mall.system.application.vo;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import lombok.Data;
import lombok.experimental.Accessors;
@ApiModel("登陆结果 VO")
@Data
@Accessors(chain = true)
public class PassportLoginVO {
@ApiModelProperty(value = "访问令牌", required = true, example = "2e3d7635c15e47e997611707a237859f")
private String accessToken;
@ApiModelProperty(value = "刷新令牌", required = true, example = "d091e7c35bbb4313b0f557a6ef23d033")
private String refreshToken;
@ApiModelProperty(value = "过期时间,单位:秒", required = true, example = "2879")
private Integer expiresIn;
}

View File

@ -1,20 +0,0 @@
package cn.iocoder.mall.system.application.vo.admin;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import lombok.Data;
import lombok.experimental.Accessors;
import java.util.Set;
@ApiModel("管理员信息 VO")
@Data
@Accessors(chain = true)
public class AdminInfoVO {
@ApiModelProperty(value = "管理员编号", required = true, example = "1")
private Integer adminId;
@ApiModelProperty(value = "角色编号的数组", required = true, example = "[1, 2]")
private Set<Integer> roleIds;
}

View File

@ -1,20 +0,0 @@
package cn.iocoder.mall.system.application.vo.admin;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import lombok.Data;
import lombok.experimental.Accessors;
@ApiModel("管理员拥有的角色 VO")
@Data
@Accessors(chain = true)
public class AdminRoleVO {
@ApiModelProperty(value = "角色编号", required = true, example = "1")
private Integer id;
@ApiModelProperty(value = "角色名字", required = true, example = "系统管理员")
private String name;
@ApiModelProperty(value = "是否授权", required = true, example = "true")
private Boolean assigned;
}

View File

@ -1,49 +0,0 @@
package cn.iocoder.mall.system.application.vo.admin;
import cn.iocoder.mall.system.api.bo.admin.AdminBO;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.experimental.Accessors;
import java.util.List;
@ApiModel("管理员 VO")
@Data
@Accessors(chain = true)
public class AdminVO extends AdminBO {
private List<Role> roles;
private Deptment deptment;
@ApiModel("管理员 VO - 角色")
@Data
@Accessors(chain = true)
public static class Role {
@ApiModelProperty(value = "角色编号", required = true, example = "1")
private Integer id;
@ApiModelProperty(value = "角色名", required = true, example = "码神")
private String name;
}
@ApiModel("管理员 VO - 部门")
@Data
@Accessors(chain = true)
@AllArgsConstructor
public static class Deptment {
@ApiModelProperty(value = "部门编号", required = true, example = "1")
private Integer id;
@ApiModelProperty(value = "部门名称", required = true, example = "研发部")
private String name;
}
}

View File

@ -1,19 +0,0 @@
package cn.iocoder.mall.system.application.vo.resource;
import cn.iocoder.mall.system.api.bo.resource.ResourceBO;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import lombok.Data;
import lombok.experimental.Accessors;
import java.util.List;
@ApiModel("资源树结构 VO")
@Data
@Accessors(chain = true)
public class ResourceTreeNodeVO extends ResourceBO {
@ApiModelProperty(value = "子节点数组")
private List<ResourceTreeNodeVO> children;
}

View File

@ -1,32 +0,0 @@
package cn.iocoder.mall.system.application.vo.resource;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import lombok.Data;
import lombok.experimental.Accessors;
import java.util.Date;
@ApiModel("资源 VO")
@Data
@Accessors(chain = true)
public class ResourceVO {
@ApiModelProperty(value = "资源编号", required = true, example = "1")
private Integer id;
@ApiModelProperty(value = "资源名字(标识)", required = true, example = "商品管理")
private String name;
@ApiModelProperty(value = "资源类型", required = true, example = "1")
private Integer type;
@ApiModelProperty(value = "排序", required = true, example = "1")
private Integer sort;
@ApiModelProperty(value = "菜单展示名", required = true, example = "商品管理")
private String displayName;
@ApiModelProperty(value = "创建时间", required = true, example = "时间戳格式")
private Date createTime;
@ApiModelProperty(value = "父级资源编号", required = true, example = "1", notes = "如果无父资源,则值为 0")
private Integer pid;
@ApiModelProperty(value = "操作", required = true, example = "/order/list")
private String handler;
}

View File

@ -1,33 +0,0 @@
package cn.iocoder.mall.system.application.vo.role;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import lombok.Data;
import lombok.experimental.Accessors;
import java.util.List;
@ApiModel("角色拥有的资源 VO")
@Data
@Accessors(chain = true)
public class RoleResourceTreeNodeVO {
@ApiModelProperty(value = "菜单编号", required = true, example = "1")
private Integer id;
// @ApiModelProperty(value = "菜单名", required = true, example = "商品管理")
// private String name;
@ApiModelProperty(value = "菜单操作", required = true, example = "/order/list")
private String handler;
@ApiModelProperty(value = "父菜单编号", required = true, example = "1", notes = "如果无父菜单,则值为 0")
private Integer pid;
@ApiModelProperty(value = "排序", required = true, example = "1")
private Integer sort;
@ApiModelProperty(value = "菜单展示名", required = true, example = "商品管理")
private String displayName;
@ApiModelProperty(value = "子节点数组")
private List<RoleResourceTreeNodeVO> children;
@ApiModelProperty(value = "是否授权", required = true, example = "true")
private Boolean assigned;
}