商品、分类、品牌接口添加权限控制

2018-10-09 10:18:14 +08:00 · 2018-10-09 10:18:14 +08:00 · 2d6521c861
commit 2d6521c861
parent ddbdfbdf79
6 changed files with 52 additions and 19 deletions
--- a/README.md
+++ b/README.md
@ -61,9 +61,8 @@ docker容器化部署 | ✔
 ELK日志收集功能 | ✔
 RabbitMq异步通信 | ✔
 RestTemplate服务间调用 | ✔
-SpringSecurity权限管理功能 |
+SpringSecurity权限管理功能 | ✔
 集成SpringCloud |
-集成SpringCloudSecurity |

 ### 使用工具

@ -235,7 +234,7 @@ Linux远程连接工具 | http://www.netsarang.com/download/software.html

 #### 订单管理

-#### 权限管理
+#### 权限管理 ✔

 > **权限管理**

--- a/mall-admin/src/main/java/com/macro/mall/bo/AdminUserDetails.java
+++ b/mall-admin/src/main/java/com/macro/mall/bo/AdminUserDetails.java
@ -1,12 +1,14 @@
 package com.macro.mall.bo;

 import com.macro.mall.model.UmsAdmin;
+import com.macro.mall.model.UmsPermission;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;

-import java.util.Arrays;
 import java.util.Collection;
+import java.util.List;
+import java.util.stream.Collectors;

 /**
 * SpringSecurity需要的用户详情
@ -14,15 +16,19 @@ import java.util.Collection;
 */
 public class AdminUserDetails implements UserDetails {
    private UmsAdmin umsAdmin;
-
-    public AdminUserDetails(UmsAdmin umsAdmin) {
+    private List<UmsPermission> permissionList;
+    public AdminUserDetails(UmsAdmin umsAdmin,List<UmsPermission> permissionList) {
        this.umsAdmin = umsAdmin;
+        this.permissionList = permissionList;
    }

    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        //返回当前用户的权限
-        return Arrays.asList(new SimpleGrantedAuthority("TEST"));
+        return permissionList.stream()
+                .filter(permission -> permission.getValue()!=null)
+                .map(permission ->new SimpleGrantedAuthority(permission.getValue()))
+                .collect(Collectors.toList());
    }

    @Override
--- a/mall-admin/src/main/java/com/macro/mall/config/SecurityConfig.java
+++ b/mall-admin/src/main/java/com/macro/mall/config/SecurityConfig.java
@ -5,6 +5,7 @@ import com.macro.mall.component.JwtAuthenticationTokenFilter;
 import com.macro.mall.component.RestAuthenticationEntryPoint;
 import com.macro.mall.component.RestfulAccessDeniedHandler;
 import com.macro.mall.model.UmsAdmin;
+import com.macro.mall.model.UmsPermission;
 import com.macro.mall.service.UmsAdminService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
@ -14,11 +15,11 @@ import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.encoding.Md5PasswordEncoder;
 import org.springframework.security.authentication.encoding.PasswordEncoder;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@ -26,6 +27,8 @@ import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 import org.springframework.web.filter.CorsFilter;

+import java.util.List;
+

 /**
 * SpringSecurity的配置
@ -33,6 +36,7 @@ import org.springframework.web.filter.CorsFilter;
 */
@Configuration
@EnableWebSecurity
+@EnableGlobalMethodSecurity(prePostEnabled=true)
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private UmsAdminService adminService;
@ -92,15 +96,13 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Bean
    public UserDetailsService userDetailsService() {
        //获取登录用户信息
-        return new UserDetailsService() {
-            @Override
-            public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
-                UmsAdmin admin = adminService.getAdminByUsername(username);
-                if (admin != null) {
-                    return new AdminUserDetails(admin);
-                }
-                throw new UsernameNotFoundException("用户名或密码错误");
+        return username -> {
+            UmsAdmin admin = adminService.getAdminByUsername(username);
+            if (admin != null) {
+                List<UmsPermission> permissionList = adminService.getPermissionList(admin.getId());
+                return new AdminUserDetails(admin,permissionList);
            }
+            throw new UsernameNotFoundException("用户名或密码错误");
        };
    }

--- a/mall-admin/src/main/java/com/macro/mall/controller/PmsBrandController.java
+++ b/mall-admin/src/main/java/com/macro/mall/controller/PmsBrandController.java
@ -3,12 +3,10 @@ package com.macro.mall.controller;
 import com.macro.mall.dto.CommonResult;
 import com.macro.mall.dto.PmsBrandParam;
 import com.macro.mall.service.PmsBrandService;
-import com.macro.mall.validator.FlagValidator;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.validation.BindingResult;
 import org.springframework.validation.annotation.Validated;
@ -30,6 +28,7 @@ public class PmsBrandController {
    @ApiOperation(value = "获取全部品牌列表")
    @RequestMapping(value = "/listAll", method = RequestMethod.GET)
    @ResponseBody
+    @PreAuthorize("hasAuthority('pms:brand:read')")
    public Object getList() {
        return new CommonResult().success(brandService.listAllBrand());
    }
@ -37,6 +36,7 @@ public class PmsBrandController {
    @ApiOperation(value = "添加品牌")
    @RequestMapping(value = "/create", method = RequestMethod.POST)
    @ResponseBody
+    @PreAuthorize("hasAuthority('pms:brand:create')")
    public Object create(@Validated @RequestBody PmsBrandParam pmsBrand, BindingResult result) {
        CommonResult commonResult;
        int count = brandService.createBrand(pmsBrand);
@ -51,6 +51,7 @@ public class PmsBrandController {
    @ApiOperation(value = "更新品牌")
    @RequestMapping(value = "/update/{id}", method = RequestMethod.POST)
    @ResponseBody
+    @PreAuthorize("hasAuthority('pms:brand:update')")
    public Object update(@PathVariable("id") Long id,
                              @Validated @RequestBody PmsBrandParam pmsBrandParam,
                              BindingResult result) {
@ -67,6 +68,7 @@ public class PmsBrandController {
    @ApiOperation(value = "删除品牌")
    @RequestMapping(value = "/delete/{id}", method = RequestMethod.GET)
    @ResponseBody
+    @PreAuthorize("hasAuthority('pms:brand:delete')")
    public Object delete(@PathVariable("id") Long id) {
        int count = brandService.deleteBrand(id);
        if (count == 1) {
@ -79,6 +81,7 @@ public class PmsBrandController {
    @ApiOperation(value = "根据品牌名称分页获取品牌列表")
    @RequestMapping(value = "/list", method = RequestMethod.GET)
    @ResponseBody
+    @PreAuthorize("hasAuthority('pms:brand:read')")
    public Object getList(@RequestParam(value = "keyword", required = false) String keyword,
                            @RequestParam(value = "pageNum", defaultValue = "1") Integer pageNum,
                            @RequestParam(value = "pageSize", defaultValue = "5") Integer pageSize) {
@ -88,6 +91,7 @@ public class PmsBrandController {
    @ApiOperation(value = "根据编号查询品牌信息")
    @RequestMapping(value = "/{id}", method = RequestMethod.GET)
    @ResponseBody
+    @PreAuthorize("hasAuthority('pms:brand:read')")
    public Object getItem(@PathVariable("id") Long id) {
        return new CommonResult().success(brandService.getBrand(id));
    }
@ -95,6 +99,7 @@ public class PmsBrandController {
    @ApiOperation(value = "批量删除品牌")
    @RequestMapping(value = "/delete/batch", method = RequestMethod.POST)
    @ResponseBody
+    @PreAuthorize("hasAuthority('pms:brand:delete')")
    public Object deleteBatch(@RequestParam("ids") List<Long> ids) {
        int count = brandService.deleteBrand(ids);
        if (count > 0) {
@ -107,6 +112,7 @@ public class PmsBrandController {
    @ApiOperation(value = "批量更新显示状态")
    @RequestMapping(value = "/update/showStatus", method = RequestMethod.POST)
    @ResponseBody
+    @PreAuthorize("hasAuthority('pms:brand:update')")
    public Object updateShowStatus(@RequestParam("ids") List<Long> ids,
                                   @RequestParam("showStatus") Integer showStatus) {
        int count = brandService.updateShowStatus(ids, showStatus);
@ -120,6 +126,7 @@ public class PmsBrandController {
    @ApiOperation(value = "批量更新厂家制造商状态")
    @RequestMapping(value = "/update/factoryStatus", method = RequestMethod.POST)
    @ResponseBody
+    @PreAuthorize("hasAuthority('pms:brand:update')")
    public Object updateFactoryStatus(@RequestParam("ids") List<Long> ids,
                                      @RequestParam("factoryStatus") Integer factoryStatus) {
        int count = brandService.updateFactoryStatus(ids, factoryStatus);
--- a/mall-admin/src/main/java/com/macro/mall/controller/PmsProductCategoryController.java
+++ b/mall-admin/src/main/java/com/macro/mall/controller/PmsProductCategoryController.java
@ -8,6 +8,7 @@ import com.macro.mall.service.PmsProductCategoryService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.validation.BindingResult;
 import org.springframework.validation.annotation.Validated;
@ -29,6 +30,7 @@ public class PmsProductCategoryController {
    @ApiOperation("添加产品分类")
    @RequestMapping(value = "/create", method = RequestMethod.POST)
    @ResponseBody
+    @PreAuthorize("hasAuthority('pms:productCategory:create')")
    public Object create(@Validated @RequestBody PmsProductCategoryParam productCategoryParam,
                         BindingResult result) {
        int count = productCategoryService.create(productCategoryParam);
@ -42,6 +44,7 @@ public class PmsProductCategoryController {
    @ApiOperation("修改商品分类")
    @RequestMapping(value = "/update/{id}", method = RequestMethod.POST)
    @ResponseBody
+    @PreAuthorize("hasAuthority('pms:productCategory:update')")
    public Object update(@PathVariable Long id,
                         @Validated
                         @RequestBody PmsProductCategoryParam productCategoryParam,
@ -57,6 +60,7 @@ public class PmsProductCategoryController {
    @ApiOperation("分页查询商品分类")
    @RequestMapping(value = "/list/{parentId}", method = RequestMethod.GET)
    @ResponseBody
+    @PreAuthorize("hasAuthority('pms:productCategory:read')")
    public Object getList(@PathVariable Long parentId,
                          @RequestParam(value = "pageSize", defaultValue = "5") Integer pageSize,
                          @RequestParam(value = "pageNum", defaultValue = "1") Integer pageNum) {
@ -67,6 +71,7 @@ public class PmsProductCategoryController {
    @ApiOperation("根据id获取商品分类")
    @RequestMapping(value = "/{id}", method = RequestMethod.GET)
    @ResponseBody
+    @PreAuthorize("hasAuthority('pms:productCategory:read')")
    public Object getItem(@PathVariable Long id) {
        PmsProductCategory productCategory = productCategoryService.getItem(id);
        return new CommonResult().success(productCategory);
@ -75,6 +80,7 @@ public class PmsProductCategoryController {
    @ApiOperation("删除商品分类")
    @RequestMapping(value = "/delete/{id}", method = RequestMethod.POST)
    @ResponseBody
+    @PreAuthorize("hasAuthority('pms:productCategory:delete')")
    public Object delete(@PathVariable Long id) {
        int count = productCategoryService.delete(id);
        if (count > 0) {
@ -87,6 +93,7 @@ public class PmsProductCategoryController {
    @ApiOperation("修改导航栏显示状态")
    @RequestMapping(value = "/update/navStatus", method = RequestMethod.POST)
    @ResponseBody
+    @PreAuthorize("hasAuthority('pms:productCategory:update')")
    public Object updateNavStatus(@RequestParam("ids") List<Long> ids, @RequestParam("navStatus") Integer navStatus) {
        int count = productCategoryService.updateNavStatus(ids, navStatus);
        if (count > 0) {
@ -99,6 +106,7 @@ public class PmsProductCategoryController {
    @ApiOperation("修改显示状态")
    @RequestMapping(value = "/update/showStatus", method = RequestMethod.POST)
    @ResponseBody
+    @PreAuthorize("hasAuthority('pms:productCategory:update')")
    public Object updateShowStatus(@RequestParam("ids") List<Long> ids, @RequestParam("showStatus") Integer showStatus) {
        int count = productCategoryService.updateShowStatus(ids, showStatus);
        if (count > 0) {
@ -111,6 +119,7 @@ public class PmsProductCategoryController {
    @ApiOperation("查询所有一级分类及子分类")
    @RequestMapping(value = "/list/withChildren", method = RequestMethod.GET)
    @ResponseBody
+    @PreAuthorize("hasAuthority('pms:productCategory:read')")
    public Object listWithChildren() {
        List<PmsProductCategoryWithChildrenItem> list = productCategoryService.listWithChildren();
        return new CommonResult().success(list);
--- a/mall-admin/src/main/java/com/macro/mall/controller/PmsProductController.java
+++ b/mall-admin/src/main/java/com/macro/mall/controller/PmsProductController.java
@ -9,6 +9,7 @@ import com.macro.mall.service.PmsProductService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.validation.BindingResult;
 import org.springframework.web.bind.annotation.*;
@ -29,6 +30,7 @@ public class PmsProductController {
    @ApiOperation("创建商品")
    @RequestMapping(value = "/create", method = RequestMethod.POST)
    @ResponseBody
+    @PreAuthorize("hasAuthority('pms:product:create')")
    public Object create(@RequestBody PmsProductParam productParam, BindingResult bindingResult) {
        int count = productService.create(productParam);
        if (count > 0) {
@ -41,6 +43,7 @@ public class PmsProductController {
    @ApiOperation("根据商品id获取商品编辑信息")
    @RequestMapping(value = "/updateInfo/{id}", method = RequestMethod.GET)
    @ResponseBody
+    @PreAuthorize("hasAuthority('pms:product:read')")
    public Object getUpdateInfo(@PathVariable Long id) {
        PmsProductResult productResult = productService.getUpdateInfo(id);
        return new CommonResult().success(productResult);
@ -49,6 +52,7 @@ public class PmsProductController {
    @ApiOperation("更新商品")
    @RequestMapping(value = "/update/{id}", method = RequestMethod.POST)
    @ResponseBody
+    @PreAuthorize("hasAuthority('pms:product:update')")
    public Object update(@PathVariable Long id, @RequestBody PmsProductParam productParam, BindingResult bindingResult) {
        int count = productService.update(id, productParam);
        if (count > 0) {
@ -61,6 +65,7 @@ public class PmsProductController {
    @ApiOperation("查询商品")
    @RequestMapping(value = "/list", method = RequestMethod.GET)
    @ResponseBody
+    @PreAuthorize("hasAuthority('pms:product:read')")
    public Object getList(PmsProductQueryParam productQueryParam,
                       @RequestParam(value = "pageSize", defaultValue = "5") Integer pageSize,
                       @RequestParam(value = "pageNum", defaultValue = "1") Integer pageNum) {
@ -71,6 +76,7 @@ public class PmsProductController {
    @ApiOperation("批量修改审核状态")
    @RequestMapping(value = "/update/verifyStatus",method = RequestMethod.POST)
    @ResponseBody
+    @PreAuthorize("hasAuthority('pms:product:update')")
    public Object updateVerifyStatus(@RequestParam("ids") List<Long> ids,
                                     @RequestParam("verifyStatus") Integer verifyStatus,
                                     @RequestParam("detail") String detail) {
@ -85,6 +91,7 @@ public class PmsProductController {
    @ApiOperation("批量上下架")
    @RequestMapping(value = "/update/publishStatus",method = RequestMethod.POST)
    @ResponseBody
+    @PreAuthorize("hasAuthority('pms:product:update')")
    public Object updatePublishStatus(@RequestParam("ids") List<Long> ids,
                                     @RequestParam("publishStatus") Integer publishStatus) {
        int count = productService.updatePublishStatus(ids, publishStatus);
@ -98,6 +105,7 @@ public class PmsProductController {
    @ApiOperation("批量推荐商品")
    @RequestMapping(value = "/update/recommendStatus",method = RequestMethod.POST)
    @ResponseBody
+    @PreAuthorize("hasAuthority('pms:product:update')")
    public Object updateRecommendStatus(@RequestParam("ids") List<Long> ids,
                                      @RequestParam("recommendStatus") Integer recommendStatus) {
        int count = productService.updateRecommendStatus(ids, recommendStatus);
@ -111,6 +119,7 @@ public class PmsProductController {
    @ApiOperation("批量设为新品")
    @RequestMapping(value = "/update/newStatus",method = RequestMethod.POST)
    @ResponseBody
+    @PreAuthorize("hasAuthority('pms:product:update')")
    public Object updateNewStatus(@RequestParam("ids") List<Long> ids,
                                        @RequestParam("newStatus") Integer newStatus) {
        int count = productService.updateNewStatus(ids, newStatus);
@ -124,6 +133,7 @@ public class PmsProductController {
    @ApiOperation("批量修改删除状态")
    @RequestMapping(value = "/update/deleteStatus",method = RequestMethod.POST)
    @ResponseBody
+    @PreAuthorize("hasAuthority('pms:product:delete')")
    public Object updateDeleteStatus(@RequestParam("ids") List<Long> ids,
                                  @RequestParam("deleteStatus") Integer deleteStatus) {
        int count = productService.updateDeleteStatus(ids, deleteStatus);