From 1d323d276391b433693760f9371857e61a23e863 Mon Sep 17 00:00:00 2001 From: WenG <450292408@qq.com> Date: Sun, 6 Mar 2022 20:45:55 +0800 Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0admin=E7=AE=A1=E7=90=86?= =?UTF-8?q?=E5=91=98=E8=AE=BE=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../interfaces/role/IRoleUserBaseService.java | 17 ++++ .../wgink/common/base/DefaultBaseService.java | 7 +- .../user/UserAuthenticationProvider.java | 89 +++++++++++++------ .../route/IndexRouteController.java | 4 +- .../route/IndexRouteController.java | 2 +- .../remote/role/IRoleUserRemoteService.java | 8 ++ .../role/impl/RoleUserServiceImpl.java | 15 ++++ .../resources/RoleUserResourceController.java | 10 +++ .../service/impl/RoleUserServiceImpl.java | 15 ++++ .../main/resources/templates/role/list.html | 20 ++++- 10 files changed, 146 insertions(+), 41 deletions(-) diff --git a/basic-interface/src/main/java/ink/wgink/interfaces/role/IRoleUserBaseService.java b/basic-interface/src/main/java/ink/wgink/interfaces/role/IRoleUserBaseService.java index e75705cd..872efea3 100644 --- a/basic-interface/src/main/java/ink/wgink/interfaces/role/IRoleUserBaseService.java +++ b/basic-interface/src/main/java/ink/wgink/interfaces/role/IRoleUserBaseService.java @@ -55,6 +55,14 @@ public interface IRoleUserBaseService { */ List listRolePOByUserId(String userId); + /** + * 角色列表 + * + * @param roleIds + * @return + */ + List listRolePOByRoleIds(List roleIds); + /** * 角色列表(简单) * @@ -72,6 +80,14 @@ public interface IRoleUserBaseService { */ List listUserIdByRoleIdAndUserIds(String roleId, List userIds); + /** + * 角色ID列表 + * + * @param userId + * @return + */ + List listRoleIdByUserId(String userId); + /** * 用户列表 * @@ -104,4 +120,5 @@ public interface IRoleUserBaseService { * @return */ SuccessResultList> listPageUserNoDepartmentAndNoRole(ListPage page); + } diff --git a/common/src/main/java/ink/wgink/common/base/DefaultBaseService.java b/common/src/main/java/ink/wgink/common/base/DefaultBaseService.java index d31eede7..1bedb691 100644 --- a/common/src/main/java/ink/wgink/common/base/DefaultBaseService.java +++ b/common/src/main/java/ink/wgink/common/base/DefaultBaseService.java @@ -219,10 +219,7 @@ public class DefaultBaseService { * @return */ protected boolean isAdmin() { - if (ISystemConstant.ADMIN.equalsIgnoreCase(securityComponent.getCurrentUsername())) { - return true; - } - return false; + return securityComponent.isAdmin(); } /** @@ -298,7 +295,7 @@ public class DefaultBaseService { */ protected void setDataAuthorityInfo(Map params) { UserInfoBO currentUser = securityComponent.getCurrentUser(); - if (ISystemConstant.ADMIN.equals(securityComponent.getCurrentUser().getUserName())) { + if (securityComponent.isAdmin()) { return; } String dataAuthority = currentUser.getDataRight(); diff --git a/login-base/src/main/java/ink/wgink/login/base/authentication/user/UserAuthenticationProvider.java b/login-base/src/main/java/ink/wgink/login/base/authentication/user/UserAuthenticationProvider.java index 6839e089..edde1d17 100644 --- a/login-base/src/main/java/ink/wgink/login/base/authentication/user/UserAuthenticationProvider.java +++ b/login-base/src/main/java/ink/wgink/login/base/authentication/user/UserAuthenticationProvider.java @@ -4,6 +4,7 @@ import ink.wgink.interfaces.consts.ISystemConstant; import ink.wgink.interfaces.expand.login.ILoginHandlerService; import ink.wgink.interfaces.group.IGroupUserBaseService; import ink.wgink.interfaces.position.IPositionUserBaseService; +import ink.wgink.interfaces.role.IRoleBaseService; import ink.wgink.interfaces.role.IRoleMenuBaseService; import ink.wgink.interfaces.role.IRolePermissionBaseService; import ink.wgink.interfaces.role.IRoleUserBaseService; @@ -54,6 +55,7 @@ public class UserAuthenticationProvider implements AuthenticationProvider { private UserDetailsService userDetailsService; private PasswordEncoder passwordEncoder; private UserLoginService userLoginService; + private IRoleBaseService roleBaseService; private IRoleUserBaseService roleUserBaseService; private IRoleMenuBaseService roleMenuBaseService; private IRolePermissionBaseService rolePermissionService; @@ -76,51 +78,65 @@ public class UserAuthenticationProvider implements AuthenticationProvider { // 清空session中的错误信息 httpSession.removeAttribute(IUserCenterConst.ERROR_MESSAGE); httpSession.removeAttribute(IUserCenterConst.LOGIN_USERNAME); - LOG.debug("设置权限权限"); + LOG.debug("set authority"); Set grantedAuthorities = new LinkedHashSet<>(); + // 超管用户 + boolean isAdmin = false; if (StringUtils.equalsIgnoreCase(ISystemConstant.ADMIN, loginUser.getUsername())) { grantedAuthorities.add(new RoleGrantedAuthorityBO(ISystemConstant.ADMIN)); } else { List rolePOs = null; // 先处理授权,再创建对象,否则 grantedAuthorities 中无法赋值 if (roleUserBaseService != null) { - LOG.debug("设置角色信息"); - rolePOs = roleUserBaseService.listRolePOByUserId(loginUser.getUserId()); - removalDuplicateRole(rolePOs); - grantedAuthorities.addAll(loadRoleAuthority(rolePOs)); - if (grantedAuthorities.isEmpty()) { - throw new UserAuthenticationException(loginUser.getUsername() + "用户无任何角色"); + LOG.debug("check is admin"); + List roleIds = roleUserBaseService.listRoleIdByUserId(loginUser.getUserId()); + isAdmin = hasAdmin(roleIds); + if (!isAdmin) { + LOG.debug("set role, not admin"); + rolePOs = roleUserBaseService.listRolePOByRoleIds(roleIds); + removalDuplicateRole(rolePOs); + grantedAuthorities.addAll(loadRoleAuthority(rolePOs)); + if (grantedAuthorities.isEmpty()) { + throw new UserAuthenticationException(loginUser.getUsername() + "用户无任何角色"); + } } } + // 标记超管 + if (isAdmin) { + LOG.debug("mark admin role"); + grantedAuthorities.add(new RoleGrantedAuthorityBO(ISystemConstant.ADMIN)); + } else { + // 非超管设置其他信息 + if (rolePOs != null) { + List roleSimpleDTOs = roleUserBaseService.listSimple(rolePOs); + loginUser.setRoles(roleSimpleDTOs); + } - if (rolePOs != null) { - List roleSimpleDTOs = roleUserBaseService.listSimple(rolePOs); - loginUser.setRoles(roleSimpleDTOs); - } + LOG.debug("set department"); + List departmentPOs = departmentUserService.listDepartmentPOByUserId(loginUser.getUserId()); + List departmentSimpleDTOs = departmentUserService.listSimple(departmentPOs); + loginUser.setDepartments(departmentSimpleDTOs); - LOG.debug("设置部门状态"); - List departmentPOs = departmentUserService.listDepartmentPOByUserId(loginUser.getUserId()); - List departmentSimpleDTOs = departmentUserService.listSimple(departmentPOs); - loginUser.setDepartments(departmentSimpleDTOs); - - if (groupUserBaseService != null) { - LOG.debug("设置组信息"); - List groupPOs = groupUserBaseService.listGroupPOByUserId(loginUser.getUserId()); - List groupSimpleDTOs = groupUserBaseService.listSimple(groupPOs); - loginUser.setGroups(groupSimpleDTOs); - } - if (positionUserBaseService != null) { - LOG.debug("设置职位"); - List positionPOs = positionUserBaseService.listPositionPOByUserId(loginUser.getUserId()); - List positionSimpleDTOs = positionUserBaseService.listSimple(positionPOs); - loginUser.setPositions(positionSimpleDTOs); + if (groupUserBaseService != null) { + LOG.debug("set group"); + List groupPOs = groupUserBaseService.listGroupPOByUserId(loginUser.getUserId()); + List groupSimpleDTOs = groupUserBaseService.listSimple(groupPOs); + loginUser.setGroups(groupSimpleDTOs); + } + if (positionUserBaseService != null) { + LOG.debug("set position"); + List positionPOs = positionUserBaseService.listPositionPOByUserId(loginUser.getUserId()); + List positionSimpleDTOs = positionUserBaseService.listSimple(positionPOs); + loginUser.setPositions(positionSimpleDTOs); + } } } // 设置权限 loginUser.setAuthorities(grantedAuthorities); loginHandler(loginUser); - // 设置数据权限 - if (!StringUtils.equalsIgnoreCase(ISystemConstant.ADMIN, loginUser.getUsername())) { + // 设置数据权限,排除超管 + if (!StringUtils.equalsIgnoreCase(ISystemConstant.ADMIN, loginUser.getUsername()) && !isAdmin) { + LOG.debug("set data authority"); userLoginService.setUserDataAuthority(loginUser); } // 更新登录信息 @@ -130,6 +146,21 @@ public class UserAuthenticationProvider implements AuthenticationProvider { return userAuthenticationTokenResult; } + /** + * 是否超管 + * + * @param roleIds + * @return + */ + private boolean hasAdmin(List roleIds) { + for (String roleId : roleIds) { + if (StringUtils.equals(ISystemConstant.ADMIN, roleId)) { + return true; + } + } + return false; + } + /** * 登录处理 * diff --git a/login-base/src/main/java/ink/wgink/login/base/controller/route/IndexRouteController.java b/login-base/src/main/java/ink/wgink/login/base/controller/route/IndexRouteController.java index 80bdc366..1aeab112 100644 --- a/login-base/src/main/java/ink/wgink/login/base/controller/route/IndexRouteController.java +++ b/login-base/src/main/java/ink/wgink/login/base/controller/route/IndexRouteController.java @@ -64,7 +64,7 @@ public class IndexRouteController { // 先加载系统短标题,没有加载主标题,没有加载配置文件系统标题 if (!StringUtils.isBlank(config.get(IUserCenterConst.SYSTEM_SHORT_TITLE))) { mv.addObject(IUserCenterConst.SYSTEM_SHORT_TITLE, config.get(IUserCenterConst.SYSTEM_SHORT_TITLE)); - } else if(!StringUtils.isBlank(config.get(IUserCenterConst.SYSTEM_TITLE))) { + } else if (!StringUtils.isBlank(config.get(IUserCenterConst.SYSTEM_TITLE))) { mv.addObject(IUserCenterConst.SYSTEM_SHORT_TITLE, config.get(IUserCenterConst.SYSTEM_TITLE)); } else { mv.addObject(IUserCenterConst.SYSTEM_SHORT_TITLE, serverProperties.getSystemTitle()); @@ -82,7 +82,7 @@ public class IndexRouteController { } if (menuBaseService != null) { List menus; - if (StringUtils.equalsIgnoreCase(ISystemConstant.ADMIN, userInfoBO.getUserUsername())) { + if (securityComponent.isAdmin()) { // 管理员 List menuIds = roleMenuBaseService.listMenuId(ISystemConstant.ADMIN); if (menuIds.isEmpty()) { diff --git a/login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/controller/route/IndexRouteController.java b/login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/controller/route/IndexRouteController.java index 9ff00117..76a5696f 100644 --- a/login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/controller/route/IndexRouteController.java +++ b/login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/controller/route/IndexRouteController.java @@ -64,7 +64,7 @@ public class IndexRouteController { mv.addObject("navPage", oAuth2ClientServerProperties.getNavPage()); List menus; - if (StringUtils.equalsIgnoreCase(ISystemConstant.ADMIN, userInfoBO.getUserUsername())) { + if (securityComponent.isAdmin()) { menus = menuService.listAll(oAuth2ClientProperties.getClient().getClientId(), ISystemConstant.ADMIN); } else { menus = menuService.listAll(oAuth2ClientProperties.getClient().getClientId(), securityComponent.getCurrentUser().getRoles()); diff --git a/login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/remote/role/IRoleUserRemoteService.java b/login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/remote/role/IRoleUserRemoteService.java index 382def98..57aa6cfe 100644 --- a/login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/remote/role/IRoleUserRemoteService.java +++ b/login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/remote/role/IRoleUserRemoteService.java @@ -38,6 +38,12 @@ public interface IRoleUserRemoteService { @RemotePostMethod("/list-user-id/role-id/{roleId}/user-ids") List listUserIdByRoleIdAndUserIds(@RemoteServerParams String userCenter, @RemotePathParams("roleId") String roleId, @RemoteQueryParams("access_token") String accessToken, @RemoteJsonBodyParams IdsVO idsVO); + @RemotePostMethod("/list-role-po/role-ids") + List listRolePOByRoleIds(@RemoteServerParams String userCenter, @RemoteQueryParams("access_token") String accessToken, @RemoteJsonBodyParams IdsVO idsVO); + + @RemoteGetMethod("/list-role-id/user-id/{userId}") + List listRoleIdByUserId(@RemoteServerParams String userCenter, @RemotePathParams("userId") String userId, @RemoteQueryParams("access_token") String accessToken); + @RemoteGetMethod("/list-user/role-id/{roleId}") List listUserByRoleId(@RemoteServerParams String userCenter, @RemotePathParams("roleId") String roleId, @RemoteQueryParams("access_token") String accessToken); @@ -49,4 +55,6 @@ public interface IRoleUserRemoteService { @RemoteGetMethod("/listpage-user/no-department/no-role") SuccessResultList> listPageUserNoDepartmentAndNoRole(@RemoteServerParams String userCenter, @RemoteQueryParams("access_token") String accessToken, @RemoteQueryParams("page") int page, @RemoteQueryParams("rows") int rows, @RemoteQueryParamsMap Map params); + + } diff --git a/login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/service/role/impl/RoleUserServiceImpl.java b/login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/service/role/impl/RoleUserServiceImpl.java index b6fbef73..92ddae12 100644 --- a/login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/service/role/impl/RoleUserServiceImpl.java +++ b/login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/service/role/impl/RoleUserServiceImpl.java @@ -56,6 +56,16 @@ public class RoleUserServiceImpl extends DefaultBaseService implements IRoleUser return roleUserRemoteService.listRolePOByUserId(apiPathProperties.getUserCenter(), userId, OAuth2ClientTokenManager.getInstance().getToken().getAccessToken()); } + @Override + public List listRolePOByRoleIds(List roleIds) { + if (roleIds.isEmpty()) { + return new ArrayList<>(); + } + IdsVO idsVO = new IdsVO(); + idsVO.setIds(roleIds); + return roleUserRemoteService.listRolePOByRoleIds(apiPathProperties.getUserCenter(), OAuth2ClientTokenManager.getInstance().getToken().getAccessToken(), idsVO); + } + @Override public List listSimple(List rolePOs) { if (rolePOs == null || rolePOs.isEmpty()) { @@ -81,6 +91,11 @@ public class RoleUserServiceImpl extends DefaultBaseService implements IRoleUser return roleUserRemoteService.listUserIdByRoleIdAndUserIds(apiPathProperties.getUserCenter(), roleId, OAuth2ClientTokenManager.getInstance().getToken().getAccessToken(), idsVO); } + @Override + public List listRoleIdByUserId(String userId) { + return roleUserRemoteService.listRoleIdByUserId(apiPathProperties.getUserCenter(), userId, OAuth2ClientTokenManager.getInstance().getToken().getAccessToken()); + } + @Override public List listUserByRoleId(String roleId) { return roleUserRemoteService.listUserByRoleId(apiPathProperties.getUserCenter(), roleId, OAuth2ClientTokenManager.getInstance().getToken().getAccessToken()); diff --git a/service-role/src/main/java/ink/wgink/service/role/controller/resources/RoleUserResourceController.java b/service-role/src/main/java/ink/wgink/service/role/controller/resources/RoleUserResourceController.java index b1184951..b44481d2 100644 --- a/service-role/src/main/java/ink/wgink/service/role/controller/resources/RoleUserResourceController.java +++ b/service-role/src/main/java/ink/wgink/service/role/controller/resources/RoleUserResourceController.java @@ -94,6 +94,16 @@ public class RoleUserResourceController extends DefaultBaseController { return roleUserService.listUserIdByRoleIdAndUserIds(roleId, idsVO.getIds()); } + @ApiOperation(value = "角色ID列表", notes = "通过用户ID列表获取角色ID列表") + @ApiImplicitParams({ + @ApiImplicitParam(name = "userId", value = "用户ID", paramType = "path", dataType = "String"), + }) + @ApiResponses({@ApiResponse(code = 400, message = "请求失败", response = ErrorResult.class)}) + @PostMapping("list-role-id/user-id/{userId}") + public List listRoleIdByUserId(@PathVariable("userId") String userId) { + return roleUserService.listRoleIdByUserId(userId); + } + @ApiOperation(value = "用户列表", notes = "通过角色ID获取用户列表接口") @ApiImplicitParams({ @ApiImplicitParam(name = "roleId", value = "用户角色ID", paramType = "path"), diff --git a/service-role/src/main/java/ink/wgink/service/role/service/impl/RoleUserServiceImpl.java b/service-role/src/main/java/ink/wgink/service/role/service/impl/RoleUserServiceImpl.java index f433831c..d518ddfd 100644 --- a/service-role/src/main/java/ink/wgink/service/role/service/impl/RoleUserServiceImpl.java +++ b/service-role/src/main/java/ink/wgink/service/role/service/impl/RoleUserServiceImpl.java @@ -130,6 +130,14 @@ public class RoleUserServiceImpl extends DefaultBaseService implements IRoleUser return roleService.listPO(roleIds); } + @Override + public List listRolePOByRoleIds(List roleIds) { + if (roleIds.isEmpty()) { + return new ArrayList<>(); + } + return roleService.listPO(roleIds); + } + @Override public List listSimple(List rolePOs) { if (rolePOs == null || rolePOs.isEmpty()) { @@ -162,6 +170,13 @@ public class RoleUserServiceImpl extends DefaultBaseService implements IRoleUser return roleUserDao.listUserId(params); } + @Override + public List listRoleIdByUserId(String userId) { + Map params = getHashMap(2); + params.put("userId", userId); + return roleUserDao.listRoleId(params); + } + @Override public List listUserByRoleId(String roleId) { Map params = getHashMap(2); diff --git a/service-role/src/main/resources/templates/role/list.html b/service-role/src/main/resources/templates/role/list.html index 73507f16..b0255ee8 100644 --- a/service-role/src/main/resources/templates/role/list.html +++ b/service-role/src/main/resources/templates/role/list.html @@ -24,8 +24,11 @@ - + @@ -191,7 +194,16 @@ }); // 事件 - 管理员菜单 $(document).on('click', '#adminMenu', function() { - roleMenu('admin', '管理员菜单(不设置显示全部)'); + roleMenu('admin', '超管菜单(不设置显示全部,慎用!!!)'); + }); + $(document).on('click', '#adminRole', function() { + top.dialog.open({ + url: top.restAjax.path('route/role/user/list?roleId=admin', []), + title: '【超管】用户列表:与admin有相同权限', + width: '800px', + height: '500px', + onClose: function() {} + }); }); // 事件 - 增删改 table.on('toolbar(dataTable)', function(obj) { @@ -284,7 +296,7 @@ top.dialog.open({ url: top.restAjax.path('route/role/menu/tree?roleId={roleId}', [roleId]), title: title, - width: '300px', + width: '400px', height: '500px', onClose: function() {} });