Merge remote-tracking branch 'origin/master'

This commit is contained in:
sin 2019-02-28 13:46:46 +08:00
commit 5777e65e27
31 changed files with 573 additions and 25 deletions

View File

@ -1,4 +1,4 @@
package cn.iocoder.mall.admin;
package cn.iocoder.mall.admin.application;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

View File

@ -1,4 +1,4 @@
package cn.iocoder.mall.admin.config;
package cn.iocoder.mall.admin.application.config;
import cn.iocoder.common.framework.config.GlobalExceptionHandler;
import cn.iocoder.mall.admin.sdk.interceptor.AdminSecurityInterceptor;

View File

@ -1,4 +1,4 @@
package cn.iocoder.mall.admin.config;
package cn.iocoder.mall.admin.application.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

View File

@ -1,6 +1,9 @@
package cn.iocoder.mall.admin.controller;
package cn.iocoder.mall.admin.application.controller;
import cn.iocoder.common.framework.vo.CommonResult;
import cn.iocoder.mall.admin.sdk.context.AdminSecurityContextHolder;
import cn.iocoder.mall.admin.application.convert.AdminConvert;
import cn.iocoder.mall.admin.application.vo.AdminInfoVO;
import io.swagger.annotations.Api;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
@ -12,8 +15,8 @@ import org.springframework.web.bind.annotation.RestController;
public class AdminController {
@GetMapping("/info")
public CommonResult<Void> info() {
return null;
public CommonResult<AdminInfoVO> info() {
return CommonResult.success(AdminConvert.INSTANCE.convert(AdminSecurityContextHolder.getContext()));
}
}

View File

@ -1,10 +1,10 @@
package cn.iocoder.mall.admin.controller;
package cn.iocoder.mall.admin.application.controller;
import cn.iocoder.common.framework.vo.CommonResult;
import cn.iocoder.mall.admin.api.OAuth2Service;
import cn.iocoder.mall.admin.api.bo.OAuth2AccessTokenBO;
import cn.iocoder.mall.admin.convert.PassportConvert;
import cn.iocoder.mall.admin.vo.PassportLoginVO;
import cn.iocoder.mall.admin.application.convert.PassportConvert;
import cn.iocoder.mall.admin.application.vo.PassportLoginVO;
import com.alibaba.dubbo.config.annotation.Reference;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiImplicitParam;

View File

@ -0,0 +1,61 @@
package cn.iocoder.mall.admin.application.controller;
import cn.iocoder.common.framework.vo.CommonResult;
import cn.iocoder.mall.admin.api.ResourceService;
import cn.iocoder.mall.admin.api.bo.ResourceBO;
import cn.iocoder.mall.admin.api.constant.ResourceType;
import cn.iocoder.mall.admin.application.convert.ResourceConvert;
import cn.iocoder.mall.admin.sdk.context.AdminSecurityContextHolder;
import cn.iocoder.mall.admin.application.vo.AdminMenuTreeNodeVO;
import com.alibaba.dubbo.config.annotation.Reference;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
@RestController
@RequestMapping("admin/resource")
@Api("资源模块")
public class ResourceController {
@Reference
private ResourceService resourceService;
@GetMapping("/admin_menu_tree")
@ApiOperation(value = "获得管理员拥有的菜单权限", notes = "以树结构返回")
public CommonResult<List<AdminMenuTreeNodeVO>> adminMenuTree() {
List<ResourceBO> resources = resourceService.getResourceByTypeAndRoleIds(ResourceType.MENU, AdminSecurityContextHolder.getContext().getRoleIds());
// 创建 AdminMenuTreeNodeVO Map
Map<Integer, AdminMenuTreeNodeVO> treeNodeMap = resources.stream().collect(Collectors.toMap(ResourceBO::getId, ResourceConvert.INSTANCE::convert));
// 处理父子关系
treeNodeMap.values().stream().filter(node -> {
return node.getPid() != 0; // TODO magic number
}).forEach((childNode) -> {
// 获得父节点
AdminMenuTreeNodeVO parentNode = treeNodeMap.get(childNode.getPid());
if (parentNode.getChildren() == null) { // 初始化 children 数组
parentNode.setChildren(new ArrayList<>());
}
// 将自己添加到父节点中
parentNode.getChildren().add(childNode);
});
// 获得到所有的根节点
List<AdminMenuTreeNodeVO> rootNodes = treeNodeMap.values().stream().filter(node -> {
return node.getPid() == 0; // TODO magic number
}).collect(Collectors.toList());
return CommonResult.success(rootNodes);
}
@GetMapping("/admin_url_list")
@ApiOperation(value = "获得管理员拥有的 URL 权限列表")
public CommonResult adminUrlList() {
return null;
}
}

View File

@ -0,0 +1,17 @@
package cn.iocoder.mall.admin.application.convert;
import cn.iocoder.mall.admin.sdk.context.AdminSecurityContext;
import cn.iocoder.mall.admin.application.vo.AdminInfoVO;
import org.mapstruct.Mapper;
import org.mapstruct.Mappings;
import org.mapstruct.factory.Mappers;
@Mapper
public interface AdminConvert {
AdminConvert INSTANCE = Mappers.getMapper(AdminConvert.class);
@Mappings({})
AdminInfoVO convert(AdminSecurityContext adminSecurityContext);
}

View File

@ -1,8 +1,8 @@
package cn.iocoder.mall.admin.convert;
package cn.iocoder.mall.admin.application.convert;
import cn.iocoder.common.framework.vo.CommonResult;
import cn.iocoder.mall.admin.api.bo.OAuth2AccessTokenBO;
import cn.iocoder.mall.admin.vo.PassportLoginVO;
import cn.iocoder.mall.admin.application.vo.PassportLoginVO;
import org.mapstruct.Mapper;
import org.mapstruct.Mappings;
import org.mapstruct.factory.Mappers;

View File

@ -0,0 +1,17 @@
package cn.iocoder.mall.admin.application.convert;
import cn.iocoder.mall.admin.api.bo.ResourceBO;
import cn.iocoder.mall.admin.application.vo.AdminMenuTreeNodeVO;
import org.mapstruct.Mapper;
import org.mapstruct.Mappings;
import org.mapstruct.factory.Mappers;
@Mapper
public interface ResourceConvert {
ResourceConvert INSTANCE = Mappers.getMapper(ResourceConvert.class);
@Mappings({})
AdminMenuTreeNodeVO convert(ResourceBO resourceBO);
}

View File

@ -0,0 +1,34 @@
package cn.iocoder.mall.admin.application.vo;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import java.util.Set;
@ApiModel("管理员信息 VO")
public class AdminInfoVO {
@ApiModelProperty(value = "管理员比那好", required = true, example = "1")
private Integer adminId;
@ApiModelProperty(value = "角色编号的数组", required = true, example = "[1, 2]")
private Set<Integer> roleIds;
public Integer getAdminId() {
return adminId;
}
public AdminInfoVO setAdminId(Integer adminId) {
this.adminId = adminId;
return this;
}
public Set<Integer> getRoleIds() {
return roleIds;
}
public AdminInfoVO setRoleIds(Set<Integer> roleIds) {
this.roleIds = roleIds;
return this;
}
}

View File

@ -0,0 +1,72 @@
package cn.iocoder.mall.admin.application.vo;
import java.util.List;
public class AdminMenuTreeNodeVO {
/**
* 菜单编号
*/
private Integer id;
/**
* 彩蛋名
*/
private String name;
/**
* 操作
*/
private String handler;
/**
* 父菜单编号
*/
private Integer pid;
/**
* 子节点数组
*/
private List<AdminMenuTreeNodeVO> children;
public Integer getId() {
return id;
}
public AdminMenuTreeNodeVO setId(Integer id) {
this.id = id;
return this;
}
public String getName() {
return name;
}
public AdminMenuTreeNodeVO setName(String name) {
this.name = name;
return this;
}
public String getHandler() {
return handler;
}
public AdminMenuTreeNodeVO setHandler(String handler) {
this.handler = handler;
return this;
}
public List<AdminMenuTreeNodeVO> getChildren() {
return children;
}
public AdminMenuTreeNodeVO setChildren(List<AdminMenuTreeNodeVO> children) {
this.children = children;
return this;
}
public Integer getPid() {
return pid;
}
public AdminMenuTreeNodeVO setPid(Integer pid) {
this.pid = pid;
return this;
}
}

View File

@ -1,4 +1,4 @@
package cn.iocoder.mall.admin.vo;
package cn.iocoder.mall.admin.application.vo;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;

View File

@ -5,6 +5,7 @@ import cn.iocoder.common.framework.util.HttpUtil;
import cn.iocoder.common.framework.vo.CommonResult;
import cn.iocoder.mall.admin.api.OAuth2Service;
import cn.iocoder.mall.admin.api.bo.OAuth2AuthenticationBO;
import cn.iocoder.mall.admin.api.constant.AdminErrorCodeEnum;
import cn.iocoder.mall.admin.sdk.context.AdminSecurityContext;
import cn.iocoder.mall.admin.sdk.context.AdminSecurityContextHolder;
import com.alibaba.dubbo.config.annotation.Reference;
@ -38,6 +39,11 @@ public class AdminSecurityInterceptor extends HandlerInterceptorAdapter {
// 添加到 AdminSecurityContext
AdminSecurityContext context = new AdminSecurityContext(authentication.getAdminId(), authentication.getRoleIds());
AdminSecurityContextHolder.setContext(context);
} else {
String url = request.getRequestURI();
if (!url.equals("/admin/passport/login")) { // TODO 临时写死非登陆接口必须已经认证身份不允许匿名访问
throw new ServiceException(AdminErrorCodeEnum.OAUTH_NOT_LOGIN.getCode(), AdminErrorCodeEnum.OAUTH_NOT_LOGIN.getMessage());
}
}
// 校验是否需要已授权
checkPermission(request, authentication);

View File

@ -0,0 +1,12 @@
package cn.iocoder.mall.admin.api;
import cn.iocoder.mall.admin.api.bo.ResourceBO;
import java.util.List;
import java.util.Set;
public interface ResourceService {
List<ResourceBO> getResourceByTypeAndRoleIds(Integer type, Set<Integer> roleIds);
}

View File

@ -0,0 +1,115 @@
package cn.iocoder.mall.admin.api.bo;
import java.util.Date;
/**
* 资源 BO
*/
public class ResourceBO {
/**
* 资源编号
*/
private Integer id;
/**
* 资源名字标识
*/
private String name;
/**
* 资源类型
*/
private Integer type;
/**
* 排序
*/
private Integer sort;
/**
* 展示名
*/
private String displayName;
/**
* 添加时间
*/
private Date createTime;
/**
* 父级资源编号
*/
private Integer pid;
/**
* 操作
*/
private String handler;
public Integer getId() {
return id;
}
public ResourceBO setId(Integer id) {
this.id = id;
return this;
}
public String getName() {
return name;
}
public ResourceBO setName(String name) {
this.name = name;
return this;
}
public Integer getType() {
return type;
}
public ResourceBO setType(Integer type) {
this.type = type;
return this;
}
public Integer getSort() {
return sort;
}
public ResourceBO setSort(Integer sort) {
this.sort = sort;
return this;
}
public String getDisplayName() {
return displayName;
}
public ResourceBO setDisplayName(String displayName) {
this.displayName = displayName;
return this;
}
public Date getCreateTime() {
return createTime;
}
public ResourceBO setCreateTime(Date createTime) {
this.createTime = createTime;
return this;
}
public Integer getPid() {
return pid;
}
public ResourceBO setPid(Integer pid) {
this.pid = pid;
return this;
}
public String getHandler() {
return handler;
}
public ResourceBO setHandler(String handler) {
this.handler = handler;
return this;
}
}

View File

@ -16,6 +16,7 @@ public enum AdminErrorCodeEnum {
OAUTH_INVALID_TOKEN_EXPIRED(1002001012, "访问令牌已过期"),
OAUTH_INVALID_TOKEN_INVALID(1002001013, "访问令牌已失效"),
OAUTH_INVALID_PERMISSION(1002001014, "没有该操作权限"), // TODO 芋艿临时放在 OAUTH2 模块理论来说OAUTH2 只做认证不做鉴权
OAUTH_NOT_LOGIN(1002001015, "账号未登陆"),
OAUTH_INVALID_TOKEN(1002001020, ""), // 预留

View File

@ -0,0 +1,17 @@
package cn.iocoder.mall.admin.api.constant;
/**
* 资源类型
*/
public interface ResourceType {
/**
* 彩蛋
*/
Integer MENU = 1;
/**
* URL
*/
Integer URL = 2;
}

View File

@ -49,6 +49,12 @@
<version>${org.mapstruct.version}</version>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>27.0.1-jre</version>
</dependency>
</dependencies>
<build>

View File

@ -0,0 +1,22 @@
package cn.iocoder.mall.admin.convert;
import cn.iocoder.mall.admin.api.bo.ResourceBO;
import cn.iocoder.mall.admin.dataobject.ResourceDO;
import org.mapstruct.Mapper;
import org.mapstruct.Mappings;
import org.mapstruct.factory.Mappers;
import java.util.List;
@Mapper
public interface ResourceConvert {
ResourceConvert INSTANCE = Mappers.getMapper(ResourceConvert.class);
@Mappings({})
ResourceBO convert(ResourceDO resourceDO);
@Mappings({})
List<ResourceBO> convert(List<ResourceDO> resourceDOs);
}

View File

@ -0,0 +1,19 @@
package cn.iocoder.mall.admin.dao;
import cn.iocoder.mall.admin.dataobject.ResourceDO;
import org.apache.ibatis.annotations.Param;
import org.springframework.stereotype.Repository;
import java.util.List;
import java.util.Set;
@Repository
public interface ResourceMapper {
ResourceDO selectByTypeAndHandler(@Param("type") Integer type,
@Param("handler") String handler);
List<ResourceDO> selectListByTypeAndRoleIds(@Param("type") Integer type,
@Param("roleIds") Set<Integer> roleIds);
}

View File

@ -11,4 +11,6 @@ public interface RoleResourceMapper {
List<RoleResourceDO> selectByResourceHandler(@Param("resourceHandler") String resourceHandler);
List<RoleResourceDO> selectRoleByResourceId(@Param("resourceId") Integer resourceId);
}

View File

@ -1,21 +1,25 @@
package cn.iocoder.mall.admin.dataobject;
import cn.iocoder.common.framework.dataobject.BaseDO;
import java.util.Date;
/**
* 资源实体
*/
public class ResourceDO {
public class ResourceDO extends BaseDO {
/**
* 资源类型 - 菜单
*/
@Deprecated
public static final Integer TYPE_MENU = 1;
/**
* 资源类型 - 操作
*
* 例如按钮
*/
@Deprecated
public static final Integer TYPE_OPERATION = 2;
/**
@ -23,7 +27,7 @@ public class ResourceDO {
*/
private Integer id;
/**
* 资源名字
* 资源名字标识
*/
private String name;
/**
@ -50,7 +54,7 @@ public class ResourceDO {
* 操作
*
* 当资源类型为菜单handler 配置为界面 URL 或者前端组件名
* 当资源类型为操作handler 配置为后端 URL 举个例子如果有一个创建管理员的表单那么前端界面上的按钮可以根据这个 url 判断是否展示后端接收到该 url 的请求时会判断是否有权限
* 当资源类型为URLhandler 配置为后端 URL 举个例子如果有一个创建管理员的表单那么前端界面上的按钮可以根据这个 url 判断是否展示后端接收到该 url 的请求时会判断是否有权限
*/
private String handler;

View File

@ -4,9 +4,9 @@ import cn.iocoder.common.framework.util.ServiceExceptionUtil;
import cn.iocoder.common.framework.vo.CommonResult;
import cn.iocoder.mall.admin.api.AdminService;
import cn.iocoder.mall.admin.api.constant.AdminErrorCodeEnum;
import cn.iocoder.mall.admin.dataobject.AdminDO;
import cn.iocoder.mall.admin.dao.AdminMapper;
import cn.iocoder.mall.admin.dao.AdminRoleMapper;
import cn.iocoder.mall.admin.dataobject.AdminDO;
import cn.iocoder.mall.admin.dataobject.AdminRoleDO;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

View File

@ -14,7 +14,10 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import java.util.*;
import java.util.Date;
import java.util.List;
import java.util.Set;
import java.util.UUID;
@Service
@com.alibaba.dubbo.config.annotation.Service
@ -39,6 +42,8 @@ public class OAuth2ServiceImpl implements OAuth2Service {
private OAuth2RefreshTokenMapper oauth2RefreshTokenMapper;
@Autowired
private RoleServiceImpl roleService;
@Autowired
private ResourceServiceImpl resourceService;
@Override
public CommonResult<OAuth2AccessTokenBO> getAccessToken(String username, String password) {
@ -76,15 +81,17 @@ public class OAuth2ServiceImpl implements OAuth2Service {
@Override
public CommonResult<Boolean> checkPermission(Integer adminId, Set<Integer> roleIds, String url) {
// 避免传入的是空集合
if (roleIds == null) {
roleIds = Collections.emptySet();
}
// 校验权限
List<RoleResourceDO> roleResourceDOs = roleService.getRoleByResourceHandler(url);
if (roleResourceDOs.isEmpty()) { // 任何角色都可以访问TODO 后面调整下如果未配置的资源直接不校验权限
// 如果未配置该资源说明无需权限控制
ResourceDO resource = resourceService.getResourceByTypeAndHandler(ResourceDO.TYPE_OPERATION, url);
if (resource == null) {
return CommonResult.success(true);
}
// 资源存在结果无角色说明没有权限
if (roleIds == null || roleIds.isEmpty()) {
return ServiceExceptionUtil.error(AdminErrorCodeEnum.OAUTH_INVALID_PERMISSION.getCode());
}
// 校验是否有资源对应的角色 RBAC
List<RoleResourceDO> roleResourceDOs = roleService.getRoleByResourceId(resource.getId());
for (RoleResourceDO roleResourceDO : roleResourceDOs) {
if (roleIds.contains(roleResourceDO.getRoleId())) {
return CommonResult.success(true);

View File

@ -0,0 +1,34 @@
package cn.iocoder.mall.admin.service;
import cn.iocoder.mall.admin.api.ResourceService;
import cn.iocoder.mall.admin.api.bo.ResourceBO;
import cn.iocoder.mall.admin.convert.ResourceConvert;
import cn.iocoder.mall.admin.dao.ResourceMapper;
import cn.iocoder.mall.admin.dataobject.ResourceDO;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import java.util.Collections;
import java.util.List;
import java.util.Set;
@Service
@com.alibaba.dubbo.config.annotation.Service
public class ResourceServiceImpl implements ResourceService {
@Autowired
private ResourceMapper resourceMapper;
public ResourceDO getResourceByTypeAndHandler(Integer type, String handler) {
return resourceMapper.selectByTypeAndHandler(type, handler);
}
@Override
public List<ResourceBO> getResourceByTypeAndRoleIds(Integer type, Set<Integer> roleIds) {
if (roleIds == null || roleIds.isEmpty()) {
return Collections.emptyList();
}
return ResourceConvert.INSTANCE.convert(resourceMapper.selectListByTypeAndRoleIds(type, roleIds));
}
}

View File

@ -19,4 +19,8 @@ public class RoleServiceImpl implements RoleService {
return roleResourceMapper.selectByResourceHandler(resourceHandler);
}
public List<RoleResourceDO> getRoleByResourceId(Integer resourceId) {
return roleResourceMapper.selectRoleByResourceId(resourceId);
}
}

View File

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="cn.iocoder.mall.admin.dao.ResourceMapper">
<!--<insert id="insert" parameterType="UserDO" useGeneratedKeys="true" keyProperty="id">-->
<!--INSERT INTO users (-->
<!--id, mobile, create_time-->
<!--) VALUES (-->
<!--#{id}, #{mobile}, #{createTime}-->
<!--)-->
<!--</insert>-->
<select id="selectByTypeAndHandler" resultType="ResourceDO">
SELECT
id, name, type, sort, display_name,
create_time, pid, handler
FROM resource
WHERE type = #{type}
AND handler = #{handler}
AND deleted = 0
</select>
<select id="selectListByTypeAndRoleIds" resultType="ResourceDO">
SELECT
r.id, r.name, r.type, r.sort, r.display_name,
r.create_time, r.pid, r.handler
FROM resource r, role_resource rr
WHERE r.type = #{type}
AND deleted = 0
AND rr.role_id IN
<foreach item="roleId" collection="roleIds" separator="," open="(" close=")" index="">
#{roleId}
</foreach>
AND r.id = rr.resource_id
</select>
</mapper>

View File

@ -18,4 +18,11 @@
AND r.id = rr.resource_id
</select>
<select id="selectRoleByResourceId" parameterType="Integer" resultType="RoleResourceDO">
SELECT
id, role_id, resource_id
FROM role_resource
WHERE resource_id = #{resourceId}
</select>
</mapper>

View File

@ -44,6 +44,11 @@
<artifactId>jackson-annotations</artifactId>
<version>2.9.7</version>
</dependency>
<!--<dependency>-->
<!--<groupId>com.baomidou</groupId>-->
<!--<artifactId>mybatis-plus-support</artifactId>-->
<!--<version>2.3</version>-->
<!--</dependency>-->
</dependencies>

View File

@ -9,7 +9,6 @@ public enum SysErrorCodeEnum {
SYS_ERROR(2001001000, "服务端发生异常"),
MISSING_REQUEST_PARAM_ERROR(2001001001, "参数缺失"),
;
private final int code;

View File

@ -0,0 +1,47 @@
package cn.iocoder.common.framework.dataobject;
import java.util.Date;
/**
* 基础实体对象
*/
public class BaseDO {
/**
* 创建时间
*/
private Date createTime;
/**
* 最后更新时间
*/
private Date updateTime;
private Boolean deleted;
public Date getCreateTime() {
return createTime;
}
public BaseDO setCreateTime(Date createTime) {
this.createTime = createTime;
return this;
}
public Date getUpdateTime() {
return updateTime;
}
public BaseDO setUpdateTime(Date updateTime) {
this.updateTime = updateTime;
return this;
}
public Boolean getDeleted() {
return deleted;
}
public BaseDO setDeleted(Boolean deleted) {
this.deleted = deleted;
return this;
}
}