package com.zy.common.web; import com.alibaba.fastjson.JSON; import com.baomidou.mybatisplus.mapper.EntityWrapper; import com.baomidou.mybatisplus.mapper.Wrapper; import com.zy.common.CodeRes; import com.zy.common.entity.Parameter; import com.zy.common.model.PowerDto; import com.zy.common.model.enums.HtmlNavIconType; import com.zy.common.utils.RandomValidateCodeUtil; import com.zy.system.entity.*; import com.zy.system.service.*; import com.core.annotations.ManagerAuth; import com.core.common.Cools; import com.core.common.R; import com.core.exception.CoolException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.transaction.annotation.Transactional; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RestController; import javax.servlet.http.HttpServletResponse; import java.util.*; /** * Created by vincent on 2019-07-30 */ @RestController public class AuthController extends BaseController { @Value("${super.pwd}") private String superPwd; @Autowired private UserService userService; @Autowired private RoleService roleService; @Autowired private UserLoginService userLoginService; @Autowired private ResourceService resourceService; @Autowired private RoleResourceService roleResourceService; @Autowired private PermissionService permissionService; @Autowired private RolePermissionService rolePermissionService; @RequestMapping("/login.action") @ManagerAuth(value = ManagerAuth.Auth.NONE, memo = "登录") public R loginAction(String mobile, String password){ if (mobile.equals("super") && password.equals(Cools.md5(superPwd))) { Map res = new HashMap<>(); res.put("username", mobile); res.put("token", Cools.enToken(System.currentTimeMillis() + mobile, superPwd)); return R.ok(res); } EntityWrapper userWrapper = new EntityWrapper<>(); userWrapper.eq("mobile", mobile); User user = userService.selectOne(userWrapper); if (Cools.isEmpty(user)){ return R.parse(CodeRes.USER_10001); } if (user.getStatus()!=1){ return R.parse(CodeRes.USER_10002); } if (!Cools.md5(user.getPassword()).equals(password)){ return R.parse(CodeRes.USER_10003); } String token = Cools.enToken(System.currentTimeMillis() + mobile, user.getPassword()); userLoginService.delete(new EntityWrapper().eq("user_id", user.getId())); UserLogin userLogin = new UserLogin(); userLogin.setUserId(user.getId()); userLogin.setToken(token); userLoginService.insert(userLogin); Map res = new HashMap<>(); res.put("username", user.getUsername()); res.put("token", token); return R.ok(res); } @RequestMapping("/code/switch.action") public R code() { return R.ok().add(Parameter.get().getCodeSwitch()); } @RequestMapping("/code.action") public void code(@RequestParam String sd, HttpServletResponse response) { RandomValidateCodeUtil.getRandcode(sd, response); } @RequestMapping("/code.do") public String codeDo(@RequestParam String sd) throws Exception { String code = null; int time = 0; while (time < 3000) { code = RandomValidateCodeUtil.code.get(sd); if (!Cools.isEmpty(code)){ break; } else { Thread.sleep(10); time = time + 100; } } RandomValidateCodeUtil.code.remove(sd); return code; } @RequestMapping("/user/detail/auth") @ManagerAuth public R userDetail(){ return R.ok(userService.selectById(getUserId())); } @RequestMapping("/menu/auth") @ManagerAuth(memo = "首页菜单") public R menu(){ // 获取所有一级菜单 List oneLevel = resourceService.selectList(new EntityWrapper().eq("level", 1).eq("status", 1).orderBy("sort")); User user = null; Wrapper resourceWrapper; if (getUserId() == 9527) { resourceWrapper = new EntityWrapper().eq("level", 2).eq("status", 1).orderBy("sort"); } else { // 获取当前用户的所有二级菜单 user = userService.selectById(getUserId()); List roleResources = roleResourceService.selectList(new EntityWrapper().eq("role_id", user.getRoleId())); List resourceIds = new ArrayList<>(); roleResources.forEach(roleResource -> resourceIds.add(roleResource.getResourceId())); if (resourceIds.isEmpty()){ return R.ok(); } resourceWrapper = new EntityWrapper().in("id", resourceIds).eq("level", 2).eq("status", 1).orderBy("sort"); } List twoLevel = resourceService.selectList(resourceWrapper); List> result = new ArrayList<>(); for (Resource menu : oneLevel) { Map map = new HashMap<>(); List subMenu = new ArrayList<>(); Iterator iterator = twoLevel.iterator(); while (iterator.hasNext()) { Resource resource = iterator.next(); if (resource.getResourceId() != null && resource.getResourceId().equals(menu.getId())) { // 是否拥有查看权限 if (getUserId() != 9527) { Resource view = resourceService.selectOne(new EntityWrapper().eq("resource_id", resource.getId()).like("code", "view")); if (!Cools.isEmpty(view)){ RoleResource param = new RoleResource(); param.setResourceId(view.getId()); param.setRoleId(user.getRoleId()); if (null == roleResourceService.selectOne(new EntityWrapper<>(param))){ continue; } } } subMenu.add(resource); iterator.remove(); } } if (subMenu.isEmpty()) { continue; } map.put("menuId", menu.getId()); map.put("menuCode", menu.getCode()); map.put("menuIcon", HtmlNavIconType.get(menu.getCode())); map.put("menu", menu.getName()); map.put("subMenu", subMenu); result.add(map); } return R.ok(result); } @RequestMapping("/power/list/auth") @ManagerAuth public R powerList(){ List oneLevels = resourceService.selectList(new EntityWrapper().eq("level", 1).eq("status", 1).orderBy("sort")); List result = new ArrayList<>(); // 一级 for (Resource oneLevel : oneLevels){ List twoLevelsList = new ArrayList<>(); Map oneLevelMap = new HashMap<>(); oneLevelMap.put("title", oneLevel.getName()); oneLevelMap.put("id", oneLevel.getId()); oneLevelMap.put("spread", true); oneLevelMap.put("children", twoLevelsList); List twoLevels = resourceService.selectList(new EntityWrapper().eq("resource_id", oneLevel.getId()).eq("level", 2).eq("status", 1).orderBy("sort")); // 二级 for (Resource twoLevel : twoLevels){ Map twoLevelMap = new HashMap<>(); twoLevelMap.put("title", twoLevel.getName()); twoLevelMap.put("id", twoLevel.getId()); twoLevelMap.put("spread", false); List threeLevelsList = new ArrayList<>(); twoLevelMap.put("children", threeLevelsList); // 三级 List threeLevels = resourceService.selectList(new EntityWrapper().eq("resource_id", twoLevel.getId()).eq("level", 3).eq("status", 1).orderBy("sort")); for (Resource threeLevel : threeLevels){ Map threeLevelMap = new HashMap<>(); threeLevelMap.put("title", threeLevel.getName()); threeLevelMap.put("id", threeLevel.getId()); threeLevelMap.put("checked", false); threeLevelsList.add(threeLevelMap); } twoLevelsList.add(twoLevelMap); } result.add(oneLevelMap); } // 功能模块 Map functions = new HashMap<>(); functions.put("title", "指定功能"); functions.put("id", "function"); functions.put("spread", true); List funcs = new ArrayList<>(); functions.put("children", funcs); List permissions = permissionService.selectList(new EntityWrapper().eq("status", 1)); for (Permission permission : permissions) { Map func = new HashMap<>(); func.put("title", permission.getName()); func.put("id", permission.getAction()); func.put("spread", true); funcs.add(func); } result.add(functions); return R.ok(result); } @RequestMapping(value = "/power/{roleId}/auth") @ManagerAuth public R get(@PathVariable("roleId") Long roleId) { List result = new ArrayList<>(); // 菜单 List roleResources = roleResourceService.selectList(new EntityWrapper().eq("role_id", roleId)); for (RoleResource roleResource : roleResources){ Resource resource = resourceService.selectById(roleResource.getResourceId()); if (!Cools.isEmpty(resource)){ if (resource.getLevel() == 3){ result.add(resource.getId()); } } } // 功能 List rolePermissions = rolePermissionService.selectList(new EntityWrapper().eq("role_id", roleId)); for (RolePermission rolePermission : rolePermissions){ Permission permission = permissionService.selectById(rolePermission.getPermissionId()); if (!Cools.isEmpty(permission)){ result.add(permission.getAction()); } } return R.ok(result); } @RequestMapping("/power/auth") @ManagerAuth(memo = "授权") @Transactional public R power(Long roleId, String powers){ Role role = roleService.selectById(roleId); Long leaderId = role.getLeader(); roleResourceService.delete(new EntityWrapper().eq("role_id", roleId)); rolePermissionService.delete(new EntityWrapper().eq("role_id", roleId)); if (!Cools.isEmpty(powers)){ List dtos = JSON.parseArray(powers, PowerDto.class); for (PowerDto dto : dtos) { Resource resource = resourceService.selectOne(new EntityWrapper().eq("id", dto.getTwo()).eq("level", 2)); if (!Cools.isEmpty(resource)) { // 校验上级权限 if (leaderId != null) { RoleResource roleResource = roleResourceService.selectOne(new EntityWrapper().eq("role_id", leaderId).eq("resource_id", resource.getId())); if (null == roleResource) { throw new CoolException(resource.getName().concat("无法授权给").concat(role.getName())); } } RoleResource roleResource = new RoleResource(); roleResource.setRoleId(roleId); roleResource.setResourceId(resource.getId()); roleResourceService.insert(roleResource); } else { Permission permission = permissionService.selectOne(new EntityWrapper().eq("action", dto.getTwo())); if (!Cools.isEmpty(permission)){ RolePermission rolePermission = new RolePermission(); rolePermission.setRoleId(roleId); rolePermission.setPermissionId(permission.getId()); rolePermissionService.insert(rolePermission); } } for (String three : dto.getThree()){ Resource resource1 = resourceService.selectOne(new EntityWrapper().eq("id", three).eq("level", 3)); if (!Cools.isEmpty(resource1)) { // 校验上级权限 if (leaderId != null) { RoleResource roleResource = roleResourceService.selectOne(new EntityWrapper().eq("role_id", leaderId).eq("resource_id", resource1.getId())); if (null == roleResource) { throw new CoolException(resource.getName().concat("的").concat(resource1.getName().concat("无法授权给").concat(role.getName()))); } } RoleResource roleResource = new RoleResource(); roleResource.setRoleId(roleId); roleResource.setResourceId(resource1.getId()); roleResourceService.insert(roleResource); } } } } return R.ok(); } @RequestMapping(value = "/power/menu/{resourceId}/auth") @ManagerAuth public R buttonResource(@PathVariable("resourceId") Long resourceId) { List resources; if (getUserId() == 9527) { resources = resourceService.selectList(new EntityWrapper().eq("level", 3).eq("resource_id", resourceId)); } else { resources = roleResourceService.getMenuButtomResource(resourceId, getUserId()); } for (Resource resource : resources) { resource.setCode(resource.getCode().split("#")[1]); } return R.ok(resources); } }