Merge remote-tracking branch 'origin/master'

pull/1/head
sin 2019-02-28 13:46:46 +08:00
commit 5777e65e27
31 changed files with 573 additions and 25 deletions

View File

@ -1,4 +1,4 @@
package cn.iocoder.mall.admin;
package cn.iocoder.mall.admin.application;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

View File

@ -1,4 +1,4 @@
package cn.iocoder.mall.admin.config;
package cn.iocoder.mall.admin.application.config;
import cn.iocoder.common.framework.config.GlobalExceptionHandler;
import cn.iocoder.mall.admin.sdk.interceptor.AdminSecurityInterceptor;

View File

@ -1,4 +1,4 @@
package cn.iocoder.mall.admin.config;
package cn.iocoder.mall.admin.application.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

View File

@ -1,6 +1,9 @@
package cn.iocoder.mall.admin.controller;
package cn.iocoder.mall.admin.application.controller;
import cn.iocoder.common.framework.vo.CommonResult;
import cn.iocoder.mall.admin.sdk.context.AdminSecurityContextHolder;
import cn.iocoder.mall.admin.application.convert.AdminConvert;
import cn.iocoder.mall.admin.application.vo.AdminInfoVO;
import io.swagger.annotations.Api;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
@ -12,8 +15,8 @@ import org.springframework.web.bind.annotation.RestController;
public class AdminController {
@GetMapping("/info")
public CommonResult<Void> info() {
return null;
public CommonResult<AdminInfoVO> info() {
return CommonResult.success(AdminConvert.INSTANCE.convert(AdminSecurityContextHolder.getContext()));
}
}

View File

@ -1,10 +1,10 @@
package cn.iocoder.mall.admin.controller;
package cn.iocoder.mall.admin.application.controller;
import cn.iocoder.common.framework.vo.CommonResult;
import cn.iocoder.mall.admin.api.OAuth2Service;
import cn.iocoder.mall.admin.api.bo.OAuth2AccessTokenBO;
import cn.iocoder.mall.admin.convert.PassportConvert;
import cn.iocoder.mall.admin.vo.PassportLoginVO;
import cn.iocoder.mall.admin.application.convert.PassportConvert;
import cn.iocoder.mall.admin.application.vo.PassportLoginVO;
import com.alibaba.dubbo.config.annotation.Reference;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiImplicitParam;

View File

@ -0,0 +1,61 @@
package cn.iocoder.mall.admin.application.controller;
import cn.iocoder.common.framework.vo.CommonResult;
import cn.iocoder.mall.admin.api.ResourceService;
import cn.iocoder.mall.admin.api.bo.ResourceBO;
import cn.iocoder.mall.admin.api.constant.ResourceType;
import cn.iocoder.mall.admin.application.convert.ResourceConvert;
import cn.iocoder.mall.admin.sdk.context.AdminSecurityContextHolder;
import cn.iocoder.mall.admin.application.vo.AdminMenuTreeNodeVO;
import com.alibaba.dubbo.config.annotation.Reference;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
@RestController
@RequestMapping("admin/resource")
@Api("资源模块")
public class ResourceController {
@Reference
private ResourceService resourceService;
@GetMapping("/admin_menu_tree")
@ApiOperation(value = "获得管理员拥有的菜单权限", notes = "以树结构返回")
public CommonResult<List<AdminMenuTreeNodeVO>> adminMenuTree() {
List<ResourceBO> resources = resourceService.getResourceByTypeAndRoleIds(ResourceType.MENU, AdminSecurityContextHolder.getContext().getRoleIds());
// 创建 AdminMenuTreeNodeVO Map
Map<Integer, AdminMenuTreeNodeVO> treeNodeMap = resources.stream().collect(Collectors.toMap(ResourceBO::getId, ResourceConvert.INSTANCE::convert));
// 处理父子关系
treeNodeMap.values().stream().filter(node -> {
return node.getPid() != 0; // TODO magic number
}).forEach((childNode) -> {
// 获得父节点
AdminMenuTreeNodeVO parentNode = treeNodeMap.get(childNode.getPid());
if (parentNode.getChildren() == null) { // 初始化 children 数组
parentNode.setChildren(new ArrayList<>());
}
// 将自己添加到父节点中
parentNode.getChildren().add(childNode);
});
// 获得到所有的根节点
List<AdminMenuTreeNodeVO> rootNodes = treeNodeMap.values().stream().filter(node -> {
return node.getPid() == 0; // TODO magic number
}).collect(Collectors.toList());
return CommonResult.success(rootNodes);
}
@GetMapping("/admin_url_list")
@ApiOperation(value = "获得管理员拥有的 URL 权限列表")
public CommonResult adminUrlList() {
return null;
}
}

View File

@ -0,0 +1,17 @@
package cn.iocoder.mall.admin.application.convert;
import cn.iocoder.mall.admin.sdk.context.AdminSecurityContext;
import cn.iocoder.mall.admin.application.vo.AdminInfoVO;
import org.mapstruct.Mapper;
import org.mapstruct.Mappings;
import org.mapstruct.factory.Mappers;
@Mapper
public interface AdminConvert {
AdminConvert INSTANCE = Mappers.getMapper(AdminConvert.class);
@Mappings({})
AdminInfoVO convert(AdminSecurityContext adminSecurityContext);
}

View File

@ -1,8 +1,8 @@
package cn.iocoder.mall.admin.convert;
package cn.iocoder.mall.admin.application.convert;
import cn.iocoder.common.framework.vo.CommonResult;
import cn.iocoder.mall.admin.api.bo.OAuth2AccessTokenBO;
import cn.iocoder.mall.admin.vo.PassportLoginVO;
import cn.iocoder.mall.admin.application.vo.PassportLoginVO;
import org.mapstruct.Mapper;
import org.mapstruct.Mappings;
import org.mapstruct.factory.Mappers;

View File

@ -0,0 +1,17 @@
package cn.iocoder.mall.admin.application.convert;
import cn.iocoder.mall.admin.api.bo.ResourceBO;
import cn.iocoder.mall.admin.application.vo.AdminMenuTreeNodeVO;
import org.mapstruct.Mapper;
import org.mapstruct.Mappings;
import org.mapstruct.factory.Mappers;
@Mapper
public interface ResourceConvert {
ResourceConvert INSTANCE = Mappers.getMapper(ResourceConvert.class);
@Mappings({})
AdminMenuTreeNodeVO convert(ResourceBO resourceBO);
}

View File

@ -0,0 +1,34 @@
package cn.iocoder.mall.admin.application.vo;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import java.util.Set;
@ApiModel("管理员信息 VO")
public class AdminInfoVO {
@ApiModelProperty(value = "管理员比那好", required = true, example = "1")
private Integer adminId;
@ApiModelProperty(value = "角色编号的数组", required = true, example = "[1, 2]")
private Set<Integer> roleIds;
public Integer getAdminId() {
return adminId;
}
public AdminInfoVO setAdminId(Integer adminId) {
this.adminId = adminId;
return this;
}
public Set<Integer> getRoleIds() {
return roleIds;
}
public AdminInfoVO setRoleIds(Set<Integer> roleIds) {
this.roleIds = roleIds;
return this;
}
}

View File

@ -0,0 +1,72 @@
package cn.iocoder.mall.admin.application.vo;
import java.util.List;
public class AdminMenuTreeNodeVO {
/**
*
*/
private Integer id;
/**
*
*/
private String name;
/**
*
*/
private String handler;
/**
*
*/
private Integer pid;
/**
*
*/
private List<AdminMenuTreeNodeVO> children;
public Integer getId() {
return id;
}
public AdminMenuTreeNodeVO setId(Integer id) {
this.id = id;
return this;
}
public String getName() {
return name;
}
public AdminMenuTreeNodeVO setName(String name) {
this.name = name;
return this;
}
public String getHandler() {
return handler;
}
public AdminMenuTreeNodeVO setHandler(String handler) {
this.handler = handler;
return this;
}
public List<AdminMenuTreeNodeVO> getChildren() {
return children;
}
public AdminMenuTreeNodeVO setChildren(List<AdminMenuTreeNodeVO> children) {
this.children = children;
return this;
}
public Integer getPid() {
return pid;
}
public AdminMenuTreeNodeVO setPid(Integer pid) {
this.pid = pid;
return this;
}
}

View File

@ -1,4 +1,4 @@
package cn.iocoder.mall.admin.vo;
package cn.iocoder.mall.admin.application.vo;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;

View File

@ -5,6 +5,7 @@ import cn.iocoder.common.framework.util.HttpUtil;
import cn.iocoder.common.framework.vo.CommonResult;
import cn.iocoder.mall.admin.api.OAuth2Service;
import cn.iocoder.mall.admin.api.bo.OAuth2AuthenticationBO;
import cn.iocoder.mall.admin.api.constant.AdminErrorCodeEnum;
import cn.iocoder.mall.admin.sdk.context.AdminSecurityContext;
import cn.iocoder.mall.admin.sdk.context.AdminSecurityContextHolder;
import com.alibaba.dubbo.config.annotation.Reference;
@ -38,6 +39,11 @@ public class AdminSecurityInterceptor extends HandlerInterceptorAdapter {
// 添加到 AdminSecurityContext
AdminSecurityContext context = new AdminSecurityContext(authentication.getAdminId(), authentication.getRoleIds());
AdminSecurityContextHolder.setContext(context);
} else {
String url = request.getRequestURI();
if (!url.equals("/admin/passport/login")) { // TODO 临时写死。非登陆接口,必须已经认证身份,不允许匿名访问
throw new ServiceException(AdminErrorCodeEnum.OAUTH_NOT_LOGIN.getCode(), AdminErrorCodeEnum.OAUTH_NOT_LOGIN.getMessage());
}
}
// 校验是否需要已授权
checkPermission(request, authentication);

View File

@ -0,0 +1,12 @@
package cn.iocoder.mall.admin.api;
import cn.iocoder.mall.admin.api.bo.ResourceBO;
import java.util.List;
import java.util.Set;
public interface ResourceService {
List<ResourceBO> getResourceByTypeAndRoleIds(Integer type, Set<Integer> roleIds);
}

View File

@ -0,0 +1,115 @@
package cn.iocoder.mall.admin.api.bo;
import java.util.Date;
/**
* BO
*/
public class ResourceBO {
/**
*
*/
private Integer id;
/**
*
*/
private String name;
/**
*
*/
private Integer type;
/**
*
*/
private Integer sort;
/**
*
*/
private String displayName;
/**
*
*/
private Date createTime;
/**
*
*/
private Integer pid;
/**
*
*/
private String handler;
public Integer getId() {
return id;
}
public ResourceBO setId(Integer id) {
this.id = id;
return this;
}
public String getName() {
return name;
}
public ResourceBO setName(String name) {
this.name = name;
return this;
}
public Integer getType() {
return type;
}
public ResourceBO setType(Integer type) {
this.type = type;
return this;
}
public Integer getSort() {
return sort;
}
public ResourceBO setSort(Integer sort) {
this.sort = sort;
return this;
}
public String getDisplayName() {
return displayName;
}
public ResourceBO setDisplayName(String displayName) {
this.displayName = displayName;
return this;
}
public Date getCreateTime() {
return createTime;
}
public ResourceBO setCreateTime(Date createTime) {
this.createTime = createTime;
return this;
}
public Integer getPid() {
return pid;
}
public ResourceBO setPid(Integer pid) {
this.pid = pid;
return this;
}
public String getHandler() {
return handler;
}
public ResourceBO setHandler(String handler) {
this.handler = handler;
return this;
}
}

View File

@ -16,6 +16,7 @@ public enum AdminErrorCodeEnum {
OAUTH_INVALID_TOKEN_EXPIRED(1002001012, "访问令牌已过期"),
OAUTH_INVALID_TOKEN_INVALID(1002001013, "访问令牌已失效"),
OAUTH_INVALID_PERMISSION(1002001014, "没有该操作权限"), // TODO 芋艿,临时放在 OAUTH2 模块理论来说OAUTH2 只做认证,不做鉴权。
OAUTH_NOT_LOGIN(1002001015, "账号未登陆"),
OAUTH_INVALID_TOKEN(1002001020, ""), // 预留

View File

@ -0,0 +1,17 @@
package cn.iocoder.mall.admin.api.constant;
/**
*
*/
public interface ResourceType {
/**
*
*/
Integer MENU = 1;
/**
* URL
*/
Integer URL = 2;
}

View File

@ -49,6 +49,12 @@
<version>${org.mapstruct.version}</version>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>27.0.1-jre</version>
</dependency>
</dependencies>
<build>

View File

@ -0,0 +1,22 @@
package cn.iocoder.mall.admin.convert;
import cn.iocoder.mall.admin.api.bo.ResourceBO;
import cn.iocoder.mall.admin.dataobject.ResourceDO;
import org.mapstruct.Mapper;
import org.mapstruct.Mappings;
import org.mapstruct.factory.Mappers;
import java.util.List;
@Mapper
public interface ResourceConvert {
ResourceConvert INSTANCE = Mappers.getMapper(ResourceConvert.class);
@Mappings({})
ResourceBO convert(ResourceDO resourceDO);
@Mappings({})
List<ResourceBO> convert(List<ResourceDO> resourceDOs);
}

View File

@ -0,0 +1,19 @@
package cn.iocoder.mall.admin.dao;
import cn.iocoder.mall.admin.dataobject.ResourceDO;
import org.apache.ibatis.annotations.Param;
import org.springframework.stereotype.Repository;
import java.util.List;
import java.util.Set;
@Repository
public interface ResourceMapper {
ResourceDO selectByTypeAndHandler(@Param("type") Integer type,
@Param("handler") String handler);
List<ResourceDO> selectListByTypeAndRoleIds(@Param("type") Integer type,
@Param("roleIds") Set<Integer> roleIds);
}

View File

@ -11,4 +11,6 @@ public interface RoleResourceMapper {
List<RoleResourceDO> selectByResourceHandler(@Param("resourceHandler") String resourceHandler);
List<RoleResourceDO> selectRoleByResourceId(@Param("resourceId") Integer resourceId);
}

View File

@ -1,21 +1,25 @@
package cn.iocoder.mall.admin.dataobject;
import cn.iocoder.common.framework.dataobject.BaseDO;
import java.util.Date;
/**
*
*/
public class ResourceDO {
public class ResourceDO extends BaseDO {
/**
* -
*/
@Deprecated
public static final Integer TYPE_MENU = 1;
/**
* -
*
*
*/
@Deprecated
public static final Integer TYPE_OPERATION = 2;
/**
@ -23,7 +27,7 @@ public class ResourceDO {
*/
private Integer id;
/**
*
*
*/
private String name;
/**
@ -50,7 +54,7 @@ public class ResourceDO {
*
*
* handler URL
* handler URL url url
* URLhandler URL url url
*/
private String handler;

View File

@ -4,9 +4,9 @@ import cn.iocoder.common.framework.util.ServiceExceptionUtil;
import cn.iocoder.common.framework.vo.CommonResult;
import cn.iocoder.mall.admin.api.AdminService;
import cn.iocoder.mall.admin.api.constant.AdminErrorCodeEnum;
import cn.iocoder.mall.admin.dataobject.AdminDO;
import cn.iocoder.mall.admin.dao.AdminMapper;
import cn.iocoder.mall.admin.dao.AdminRoleMapper;
import cn.iocoder.mall.admin.dataobject.AdminDO;
import cn.iocoder.mall.admin.dataobject.AdminRoleDO;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

View File

@ -14,7 +14,10 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import java.util.*;
import java.util.Date;
import java.util.List;
import java.util.Set;
import java.util.UUID;
@Service
@com.alibaba.dubbo.config.annotation.Service
@ -39,6 +42,8 @@ public class OAuth2ServiceImpl implements OAuth2Service {
private OAuth2RefreshTokenMapper oauth2RefreshTokenMapper;
@Autowired
private RoleServiceImpl roleService;
@Autowired
private ResourceServiceImpl resourceService;
@Override
public CommonResult<OAuth2AccessTokenBO> getAccessToken(String username, String password) {
@ -76,15 +81,17 @@ public class OAuth2ServiceImpl implements OAuth2Service {
@Override
public CommonResult<Boolean> checkPermission(Integer adminId, Set<Integer> roleIds, String url) {
// 避免传入的是空集合
if (roleIds == null) {
roleIds = Collections.emptySet();
}
// 校验权限
List<RoleResourceDO> roleResourceDOs = roleService.getRoleByResourceHandler(url);
if (roleResourceDOs.isEmpty()) { // 任何角色都可以访问。TODO 后面调整下,如果未配置的资源,直接不校验权限
// 如果未配置该资源,说明无需权限控制。
ResourceDO resource = resourceService.getResourceByTypeAndHandler(ResourceDO.TYPE_OPERATION, url);
if (resource == null) {
return CommonResult.success(true);
}
// 资源存在,结果无角色,说明没有权限。
if (roleIds == null || roleIds.isEmpty()) {
return ServiceExceptionUtil.error(AdminErrorCodeEnum.OAUTH_INVALID_PERMISSION.getCode());
}
// 校验是否有资源对应的角色,即 RBAC 。
List<RoleResourceDO> roleResourceDOs = roleService.getRoleByResourceId(resource.getId());
for (RoleResourceDO roleResourceDO : roleResourceDOs) {
if (roleIds.contains(roleResourceDO.getRoleId())) {
return CommonResult.success(true);

View File

@ -0,0 +1,34 @@
package cn.iocoder.mall.admin.service;
import cn.iocoder.mall.admin.api.ResourceService;
import cn.iocoder.mall.admin.api.bo.ResourceBO;
import cn.iocoder.mall.admin.convert.ResourceConvert;
import cn.iocoder.mall.admin.dao.ResourceMapper;
import cn.iocoder.mall.admin.dataobject.ResourceDO;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import java.util.Collections;
import java.util.List;
import java.util.Set;
@Service
@com.alibaba.dubbo.config.annotation.Service
public class ResourceServiceImpl implements ResourceService {
@Autowired
private ResourceMapper resourceMapper;
public ResourceDO getResourceByTypeAndHandler(Integer type, String handler) {
return resourceMapper.selectByTypeAndHandler(type, handler);
}
@Override
public List<ResourceBO> getResourceByTypeAndRoleIds(Integer type, Set<Integer> roleIds) {
if (roleIds == null || roleIds.isEmpty()) {
return Collections.emptyList();
}
return ResourceConvert.INSTANCE.convert(resourceMapper.selectListByTypeAndRoleIds(type, roleIds));
}
}

View File

@ -19,4 +19,8 @@ public class RoleServiceImpl implements RoleService {
return roleResourceMapper.selectByResourceHandler(resourceHandler);
}
public List<RoleResourceDO> getRoleByResourceId(Integer resourceId) {
return roleResourceMapper.selectRoleByResourceId(resourceId);
}
}

View File

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="cn.iocoder.mall.admin.dao.ResourceMapper">
<!--<insert id="insert" parameterType="UserDO" useGeneratedKeys="true" keyProperty="id">-->
<!--INSERT INTO users (-->
<!--id, mobile, create_time-->
<!--) VALUES (-->
<!--#{id}, #{mobile}, #{createTime}-->
<!--)-->
<!--</insert>-->
<select id="selectByTypeAndHandler" resultType="ResourceDO">
SELECT
id, name, type, sort, display_name,
create_time, pid, handler
FROM resource
WHERE type = #{type}
AND handler = #{handler}
AND deleted = 0
</select>
<select id="selectListByTypeAndRoleIds" resultType="ResourceDO">
SELECT
r.id, r.name, r.type, r.sort, r.display_name,
r.create_time, r.pid, r.handler
FROM resource r, role_resource rr
WHERE r.type = #{type}
AND deleted = 0
AND rr.role_id IN
<foreach item="roleId" collection="roleIds" separator="," open="(" close=")" index="">
#{roleId}
</foreach>
AND r.id = rr.resource_id
</select>
</mapper>

View File

@ -18,4 +18,11 @@
AND r.id = rr.resource_id
</select>
<select id="selectRoleByResourceId" parameterType="Integer" resultType="RoleResourceDO">
SELECT
id, role_id, resource_id
FROM role_resource
WHERE resource_id = #{resourceId}
</select>
</mapper>

View File

@ -44,6 +44,11 @@
<artifactId>jackson-annotations</artifactId>
<version>2.9.7</version>
</dependency>
<!--<dependency>-->
<!--<groupId>com.baomidou</groupId>-->
<!--<artifactId>mybatis-plus-support</artifactId>-->
<!--<version>2.3</version>-->
<!--</dependency>-->
</dependencies>

View File

@ -9,7 +9,6 @@ public enum SysErrorCodeEnum {
SYS_ERROR(2001001000, "服务端发生异常"),
MISSING_REQUEST_PARAM_ERROR(2001001001, "参数缺失"),
;
private final int code;

View File

@ -0,0 +1,47 @@
package cn.iocoder.common.framework.dataobject;
import java.util.Date;
/**
*
*/
public class BaseDO {
/**
*
*/
private Date createTime;
/**
*
*/
private Date updateTime;
private Boolean deleted;
public Date getCreateTime() {
return createTime;
}
public BaseDO setCreateTime(Date createTime) {
this.createTime = createTime;
return this;
}
public Date getUpdateTime() {
return updateTime;
}
public BaseDO setUpdateTime(Date updateTime) {
this.updateTime = updateTime;
return this;
}
public Boolean getDeleted() {
return deleted;
}
public BaseDO setDeleted(Boolean deleted) {
this.deleted = deleted;
return this;
}
}