增加admin管理员设置
This commit is contained in:
parent
6e090ae7fb
commit
1d323d2763
@ -55,6 +55,14 @@ public interface IRoleUserBaseService {
|
||||
*/
|
||||
List<RolePO> listRolePOByUserId(String userId);
|
||||
|
||||
/**
|
||||
* 角色列表
|
||||
*
|
||||
* @param roleIds
|
||||
* @return
|
||||
*/
|
||||
List<RolePO> listRolePOByRoleIds(List<String> roleIds);
|
||||
|
||||
/**
|
||||
* 角色列表(简单)
|
||||
*
|
||||
@ -72,6 +80,14 @@ public interface IRoleUserBaseService {
|
||||
*/
|
||||
List<String> listUserIdByRoleIdAndUserIds(String roleId, List<String> userIds);
|
||||
|
||||
/**
|
||||
* 角色ID列表
|
||||
*
|
||||
* @param userId
|
||||
* @return
|
||||
*/
|
||||
List<String> listRoleIdByUserId(String userId);
|
||||
|
||||
/**
|
||||
* 用户列表
|
||||
*
|
||||
@ -104,4 +120,5 @@ public interface IRoleUserBaseService {
|
||||
* @return
|
||||
*/
|
||||
SuccessResultList<List<UserDTO>> listPageUserNoDepartmentAndNoRole(ListPage page);
|
||||
|
||||
}
|
||||
|
||||
@ -219,10 +219,7 @@ public class DefaultBaseService {
|
||||
* @return
|
||||
*/
|
||||
protected boolean isAdmin() {
|
||||
if (ISystemConstant.ADMIN.equalsIgnoreCase(securityComponent.getCurrentUsername())) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
return securityComponent.isAdmin();
|
||||
}
|
||||
|
||||
/**
|
||||
@ -298,7 +295,7 @@ public class DefaultBaseService {
|
||||
*/
|
||||
protected void setDataAuthorityInfo(Map<String, Object> params) {
|
||||
UserInfoBO currentUser = securityComponent.getCurrentUser();
|
||||
if (ISystemConstant.ADMIN.equals(securityComponent.getCurrentUser().getUserName())) {
|
||||
if (securityComponent.isAdmin()) {
|
||||
return;
|
||||
}
|
||||
String dataAuthority = currentUser.getDataRight();
|
||||
|
||||
@ -4,6 +4,7 @@ import ink.wgink.interfaces.consts.ISystemConstant;
|
||||
import ink.wgink.interfaces.expand.login.ILoginHandlerService;
|
||||
import ink.wgink.interfaces.group.IGroupUserBaseService;
|
||||
import ink.wgink.interfaces.position.IPositionUserBaseService;
|
||||
import ink.wgink.interfaces.role.IRoleBaseService;
|
||||
import ink.wgink.interfaces.role.IRoleMenuBaseService;
|
||||
import ink.wgink.interfaces.role.IRolePermissionBaseService;
|
||||
import ink.wgink.interfaces.role.IRoleUserBaseService;
|
||||
@ -54,6 +55,7 @@ public class UserAuthenticationProvider implements AuthenticationProvider {
|
||||
private UserDetailsService userDetailsService;
|
||||
private PasswordEncoder passwordEncoder;
|
||||
private UserLoginService userLoginService;
|
||||
private IRoleBaseService roleBaseService;
|
||||
private IRoleUserBaseService roleUserBaseService;
|
||||
private IRoleMenuBaseService roleMenuBaseService;
|
||||
private IRolePermissionBaseService rolePermissionService;
|
||||
@ -76,51 +78,65 @@ public class UserAuthenticationProvider implements AuthenticationProvider {
|
||||
// 清空session中的错误信息
|
||||
httpSession.removeAttribute(IUserCenterConst.ERROR_MESSAGE);
|
||||
httpSession.removeAttribute(IUserCenterConst.LOGIN_USERNAME);
|
||||
LOG.debug("设置权限权限");
|
||||
LOG.debug("set authority");
|
||||
Set<GrantedAuthority> grantedAuthorities = new LinkedHashSet<>();
|
||||
// 超管用户
|
||||
boolean isAdmin = false;
|
||||
if (StringUtils.equalsIgnoreCase(ISystemConstant.ADMIN, loginUser.getUsername())) {
|
||||
grantedAuthorities.add(new RoleGrantedAuthorityBO(ISystemConstant.ADMIN));
|
||||
} else {
|
||||
List<RolePO> rolePOs = null;
|
||||
// 先处理授权,再创建对象,否则 grantedAuthorities 中无法赋值
|
||||
if (roleUserBaseService != null) {
|
||||
LOG.debug("设置角色信息");
|
||||
rolePOs = roleUserBaseService.listRolePOByUserId(loginUser.getUserId());
|
||||
removalDuplicateRole(rolePOs);
|
||||
grantedAuthorities.addAll(loadRoleAuthority(rolePOs));
|
||||
if (grantedAuthorities.isEmpty()) {
|
||||
throw new UserAuthenticationException(loginUser.getUsername() + "用户无任何角色");
|
||||
LOG.debug("check is admin");
|
||||
List<String> roleIds = roleUserBaseService.listRoleIdByUserId(loginUser.getUserId());
|
||||
isAdmin = hasAdmin(roleIds);
|
||||
if (!isAdmin) {
|
||||
LOG.debug("set role, not admin");
|
||||
rolePOs = roleUserBaseService.listRolePOByRoleIds(roleIds);
|
||||
removalDuplicateRole(rolePOs);
|
||||
grantedAuthorities.addAll(loadRoleAuthority(rolePOs));
|
||||
if (grantedAuthorities.isEmpty()) {
|
||||
throw new UserAuthenticationException(loginUser.getUsername() + "用户无任何角色");
|
||||
}
|
||||
}
|
||||
}
|
||||
// 标记超管
|
||||
if (isAdmin) {
|
||||
LOG.debug("mark admin role");
|
||||
grantedAuthorities.add(new RoleGrantedAuthorityBO(ISystemConstant.ADMIN));
|
||||
} else {
|
||||
// 非超管设置其他信息
|
||||
if (rolePOs != null) {
|
||||
List<RoleSimpleDTO> roleSimpleDTOs = roleUserBaseService.listSimple(rolePOs);
|
||||
loginUser.setRoles(roleSimpleDTOs);
|
||||
}
|
||||
|
||||
if (rolePOs != null) {
|
||||
List<RoleSimpleDTO> roleSimpleDTOs = roleUserBaseService.listSimple(rolePOs);
|
||||
loginUser.setRoles(roleSimpleDTOs);
|
||||
}
|
||||
LOG.debug("set department");
|
||||
List<DepartmentPO> departmentPOs = departmentUserService.listDepartmentPOByUserId(loginUser.getUserId());
|
||||
List<DepartmentSimpleDTO> departmentSimpleDTOs = departmentUserService.listSimple(departmentPOs);
|
||||
loginUser.setDepartments(departmentSimpleDTOs);
|
||||
|
||||
LOG.debug("设置部门状态");
|
||||
List<DepartmentPO> departmentPOs = departmentUserService.listDepartmentPOByUserId(loginUser.getUserId());
|
||||
List<DepartmentSimpleDTO> departmentSimpleDTOs = departmentUserService.listSimple(departmentPOs);
|
||||
loginUser.setDepartments(departmentSimpleDTOs);
|
||||
|
||||
if (groupUserBaseService != null) {
|
||||
LOG.debug("设置组信息");
|
||||
List<GroupPO> groupPOs = groupUserBaseService.listGroupPOByUserId(loginUser.getUserId());
|
||||
List<GroupSimpleDTO> groupSimpleDTOs = groupUserBaseService.listSimple(groupPOs);
|
||||
loginUser.setGroups(groupSimpleDTOs);
|
||||
}
|
||||
if (positionUserBaseService != null) {
|
||||
LOG.debug("设置职位");
|
||||
List<PositionPO> positionPOs = positionUserBaseService.listPositionPOByUserId(loginUser.getUserId());
|
||||
List<PositionSimpleDTO> positionSimpleDTOs = positionUserBaseService.listSimple(positionPOs);
|
||||
loginUser.setPositions(positionSimpleDTOs);
|
||||
if (groupUserBaseService != null) {
|
||||
LOG.debug("set group");
|
||||
List<GroupPO> groupPOs = groupUserBaseService.listGroupPOByUserId(loginUser.getUserId());
|
||||
List<GroupSimpleDTO> groupSimpleDTOs = groupUserBaseService.listSimple(groupPOs);
|
||||
loginUser.setGroups(groupSimpleDTOs);
|
||||
}
|
||||
if (positionUserBaseService != null) {
|
||||
LOG.debug("set position");
|
||||
List<PositionPO> positionPOs = positionUserBaseService.listPositionPOByUserId(loginUser.getUserId());
|
||||
List<PositionSimpleDTO> positionSimpleDTOs = positionUserBaseService.listSimple(positionPOs);
|
||||
loginUser.setPositions(positionSimpleDTOs);
|
||||
}
|
||||
}
|
||||
}
|
||||
// 设置权限
|
||||
loginUser.setAuthorities(grantedAuthorities);
|
||||
loginHandler(loginUser);
|
||||
// 设置数据权限
|
||||
if (!StringUtils.equalsIgnoreCase(ISystemConstant.ADMIN, loginUser.getUsername())) {
|
||||
// 设置数据权限,排除超管
|
||||
if (!StringUtils.equalsIgnoreCase(ISystemConstant.ADMIN, loginUser.getUsername()) && !isAdmin) {
|
||||
LOG.debug("set data authority");
|
||||
userLoginService.setUserDataAuthority(loginUser);
|
||||
}
|
||||
// 更新登录信息
|
||||
@ -130,6 +146,21 @@ public class UserAuthenticationProvider implements AuthenticationProvider {
|
||||
return userAuthenticationTokenResult;
|
||||
}
|
||||
|
||||
/**
|
||||
* 是否超管
|
||||
*
|
||||
* @param roleIds
|
||||
* @return
|
||||
*/
|
||||
private boolean hasAdmin(List<String> roleIds) {
|
||||
for (String roleId : roleIds) {
|
||||
if (StringUtils.equals(ISystemConstant.ADMIN, roleId)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* 登录处理
|
||||
*
|
||||
|
||||
@ -64,7 +64,7 @@ public class IndexRouteController {
|
||||
// 先加载系统短标题,没有加载主标题,没有加载配置文件系统标题
|
||||
if (!StringUtils.isBlank(config.get(IUserCenterConst.SYSTEM_SHORT_TITLE))) {
|
||||
mv.addObject(IUserCenterConst.SYSTEM_SHORT_TITLE, config.get(IUserCenterConst.SYSTEM_SHORT_TITLE));
|
||||
} else if(!StringUtils.isBlank(config.get(IUserCenterConst.SYSTEM_TITLE))) {
|
||||
} else if (!StringUtils.isBlank(config.get(IUserCenterConst.SYSTEM_TITLE))) {
|
||||
mv.addObject(IUserCenterConst.SYSTEM_SHORT_TITLE, config.get(IUserCenterConst.SYSTEM_TITLE));
|
||||
} else {
|
||||
mv.addObject(IUserCenterConst.SYSTEM_SHORT_TITLE, serverProperties.getSystemTitle());
|
||||
@ -82,7 +82,7 @@ public class IndexRouteController {
|
||||
}
|
||||
if (menuBaseService != null) {
|
||||
List<MenuDTO> menus;
|
||||
if (StringUtils.equalsIgnoreCase(ISystemConstant.ADMIN, userInfoBO.getUserUsername())) {
|
||||
if (securityComponent.isAdmin()) {
|
||||
// 管理员
|
||||
List<String> menuIds = roleMenuBaseService.listMenuId(ISystemConstant.ADMIN);
|
||||
if (menuIds.isEmpty()) {
|
||||
|
||||
@ -64,7 +64,7 @@ public class IndexRouteController {
|
||||
mv.addObject("navPage", oAuth2ClientServerProperties.getNavPage());
|
||||
|
||||
List<MenuDTO> menus;
|
||||
if (StringUtils.equalsIgnoreCase(ISystemConstant.ADMIN, userInfoBO.getUserUsername())) {
|
||||
if (securityComponent.isAdmin()) {
|
||||
menus = menuService.listAll(oAuth2ClientProperties.getClient().getClientId(), ISystemConstant.ADMIN);
|
||||
} else {
|
||||
menus = menuService.listAll(oAuth2ClientProperties.getClient().getClientId(), securityComponent.getCurrentUser().getRoles());
|
||||
|
||||
@ -38,6 +38,12 @@ public interface IRoleUserRemoteService {
|
||||
@RemotePostMethod("/list-user-id/role-id/{roleId}/user-ids")
|
||||
List<String> listUserIdByRoleIdAndUserIds(@RemoteServerParams String userCenter, @RemotePathParams("roleId") String roleId, @RemoteQueryParams("access_token") String accessToken, @RemoteJsonBodyParams IdsVO idsVO);
|
||||
|
||||
@RemotePostMethod("/list-role-po/role-ids")
|
||||
List<RolePO> listRolePOByRoleIds(@RemoteServerParams String userCenter, @RemoteQueryParams("access_token") String accessToken, @RemoteJsonBodyParams IdsVO idsVO);
|
||||
|
||||
@RemoteGetMethod("/list-role-id/user-id/{userId}")
|
||||
List<String> listRoleIdByUserId(@RemoteServerParams String userCenter, @RemotePathParams("userId") String userId, @RemoteQueryParams("access_token") String accessToken);
|
||||
|
||||
@RemoteGetMethod("/list-user/role-id/{roleId}")
|
||||
List<UserDTO> listUserByRoleId(@RemoteServerParams String userCenter, @RemotePathParams("roleId") String roleId, @RemoteQueryParams("access_token") String accessToken);
|
||||
|
||||
@ -49,4 +55,6 @@ public interface IRoleUserRemoteService {
|
||||
|
||||
@RemoteGetMethod("/listpage-user/no-department/no-role")
|
||||
SuccessResultList<List<UserDTO>> listPageUserNoDepartmentAndNoRole(@RemoteServerParams String userCenter, @RemoteQueryParams("access_token") String accessToken, @RemoteQueryParams("page") int page, @RemoteQueryParams("rows") int rows, @RemoteQueryParamsMap Map<String, Object> params);
|
||||
|
||||
|
||||
}
|
||||
|
||||
@ -56,6 +56,16 @@ public class RoleUserServiceImpl extends DefaultBaseService implements IRoleUser
|
||||
return roleUserRemoteService.listRolePOByUserId(apiPathProperties.getUserCenter(), userId, OAuth2ClientTokenManager.getInstance().getToken().getAccessToken());
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<RolePO> listRolePOByRoleIds(List<String> roleIds) {
|
||||
if (roleIds.isEmpty()) {
|
||||
return new ArrayList<>();
|
||||
}
|
||||
IdsVO idsVO = new IdsVO();
|
||||
idsVO.setIds(roleIds);
|
||||
return roleUserRemoteService.listRolePOByRoleIds(apiPathProperties.getUserCenter(), OAuth2ClientTokenManager.getInstance().getToken().getAccessToken(), idsVO);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<RoleSimpleDTO> listSimple(List<RolePO> rolePOs) {
|
||||
if (rolePOs == null || rolePOs.isEmpty()) {
|
||||
@ -81,6 +91,11 @@ public class RoleUserServiceImpl extends DefaultBaseService implements IRoleUser
|
||||
return roleUserRemoteService.listUserIdByRoleIdAndUserIds(apiPathProperties.getUserCenter(), roleId, OAuth2ClientTokenManager.getInstance().getToken().getAccessToken(), idsVO);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<String> listRoleIdByUserId(String userId) {
|
||||
return roleUserRemoteService.listRoleIdByUserId(apiPathProperties.getUserCenter(), userId, OAuth2ClientTokenManager.getInstance().getToken().getAccessToken());
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<UserDTO> listUserByRoleId(String roleId) {
|
||||
return roleUserRemoteService.listUserByRoleId(apiPathProperties.getUserCenter(), roleId, OAuth2ClientTokenManager.getInstance().getToken().getAccessToken());
|
||||
|
||||
@ -94,6 +94,16 @@ public class RoleUserResourceController extends DefaultBaseController {
|
||||
return roleUserService.listUserIdByRoleIdAndUserIds(roleId, idsVO.getIds());
|
||||
}
|
||||
|
||||
@ApiOperation(value = "角色ID列表", notes = "通过用户ID列表获取角色ID列表")
|
||||
@ApiImplicitParams({
|
||||
@ApiImplicitParam(name = "userId", value = "用户ID", paramType = "path", dataType = "String"),
|
||||
})
|
||||
@ApiResponses({@ApiResponse(code = 400, message = "请求失败", response = ErrorResult.class)})
|
||||
@PostMapping("list-role-id/user-id/{userId}")
|
||||
public List<String> listRoleIdByUserId(@PathVariable("userId") String userId) {
|
||||
return roleUserService.listRoleIdByUserId(userId);
|
||||
}
|
||||
|
||||
@ApiOperation(value = "用户列表", notes = "通过角色ID获取用户列表接口")
|
||||
@ApiImplicitParams({
|
||||
@ApiImplicitParam(name = "roleId", value = "用户角色ID", paramType = "path"),
|
||||
|
||||
@ -130,6 +130,14 @@ public class RoleUserServiceImpl extends DefaultBaseService implements IRoleUser
|
||||
return roleService.listPO(roleIds);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<RolePO> listRolePOByRoleIds(List<String> roleIds) {
|
||||
if (roleIds.isEmpty()) {
|
||||
return new ArrayList<>();
|
||||
}
|
||||
return roleService.listPO(roleIds);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<RoleSimpleDTO> listSimple(List<RolePO> rolePOs) {
|
||||
if (rolePOs == null || rolePOs.isEmpty()) {
|
||||
@ -162,6 +170,13 @@ public class RoleUserServiceImpl extends DefaultBaseService implements IRoleUser
|
||||
return roleUserDao.listUserId(params);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<String> listRoleIdByUserId(String userId) {
|
||||
Map<String, Object> params = getHashMap(2);
|
||||
params.put("userId", userId);
|
||||
return roleUserDao.listRoleId(params);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<UserDTO> listUserByRoleId(String roleId) {
|
||||
Map<String, Object> params = getHashMap(2);
|
||||
|
||||
@ -24,8 +24,11 @@
|
||||
<button type="button" id="search" class="layui-btn layui-btn-sm">
|
||||
<i class="fa fa-lg fa-search"></i> 搜索
|
||||
</button>
|
||||
<button type="button" id="adminMenu" class="layui-btn layui-btn-normal layui-btn-sm">
|
||||
<i class="fa fa-lg fa-list"></i> 管理员菜单
|
||||
<button type="button" id="adminRole" class="layui-btn layui-btn-normal layui-btn-sm">
|
||||
<i class="fa fa-lg fa-address-card-o"></i> 超管列表
|
||||
</button>
|
||||
<button type="button" id="adminMenu" class="layui-btn layui-btn-primary layui-btn-sm">
|
||||
<i class="fa fa-lg fa-list"></i> 超管菜单
|
||||
</button>
|
||||
</div>
|
||||
</div>
|
||||
@ -191,7 +194,16 @@
|
||||
});
|
||||
// 事件 - 管理员菜单
|
||||
$(document).on('click', '#adminMenu', function() {
|
||||
roleMenu('admin', '管理员菜单(不设置显示全部)');
|
||||
roleMenu('admin', '超管菜单(不设置显示全部,慎用!!!)');
|
||||
});
|
||||
$(document).on('click', '#adminRole', function() {
|
||||
top.dialog.open({
|
||||
url: top.restAjax.path('route/role/user/list?roleId=admin', []),
|
||||
title: '【超管】用户列表:与admin有相同权限',
|
||||
width: '800px',
|
||||
height: '500px',
|
||||
onClose: function() {}
|
||||
});
|
||||
});
|
||||
// 事件 - 增删改
|
||||
table.on('toolbar(dataTable)', function(obj) {
|
||||
@ -284,7 +296,7 @@
|
||||
top.dialog.open({
|
||||
url: top.restAjax.path('route/role/menu/tree?roleId={roleId}', [roleId]),
|
||||
title: title,
|
||||
width: '300px',
|
||||
width: '400px',
|
||||
height: '500px',
|
||||
onClose: function() {}
|
||||
});
|
||||
|
||||
Loading…
Reference in New Issue
Block a user