后台权限控制

2025-07-23 17:49:34 +08:00 · 2023-02-21 17:16:51 +08:00 · 2023-02-21 17:16:51 +08:00 · 1419264a21
commit 1419264a21
parent 5cce777034
12 changed files with 164 additions and 4 deletions
--- a/src/main/java/xyz/playedu/api/bus/BackendBus.java
+++ b/src/main/java/xyz/playedu/api/bus/BackendBus.java
@ -1,9 +1,27 @@
 package xyz.playedu.api.bus;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import xyz.playedu.api.constant.BackendConstant;
 import xyz.playedu.api.service.AdminPermissionService;
 import xyz.playedu.api.service.AdminRolePermissionService;
 import xyz.playedu.api.service.AdminUserRoleService;
 import java.util.HashMap;
 import java.util.List;
@Component
 public class BackendBus {
    @Autowired
    private AdminUserRoleService adminUserRoleService;
    @Autowired
    private AdminRolePermissionService rolePermissionService;
    @Autowired
    private AdminPermissionService permissionService;
    public static boolean inUnAuthWhitelist(String uri) {
        for (int i = 0; i < BackendConstant.UN_AUTH_URI_WHITELIST.length; i++) {
            if (uri.equals(BackendConstant.UN_AUTH_URI_WHITELIST[i])) {
@ -13,4 +31,17 @@ public class BackendBus {
        return false;
    }
    public HashMap<String, Boolean> adminUserPermissions(Integer userId) {
        HashMap<String, Boolean> permissons = new HashMap<>();
        List<Integer> roleIds = adminUserRoleService.getRoleIdsByUserId(userId);
        if (roleIds.size() == 0) {
            return permissons;
        }
        List<Integer> permissionIds = rolePermissionService.getPermissionIdsByRoleIds(roleIds);
        if (permissionIds.size() == 0) {
            return permissons;
        }
        return permissionService.getSlugsByIds(permissionIds);
    }
 }
--- a/src/main/java/xyz/playedu/api/controller/backend/AdminRoleController.java
+++ b/src/main/java/xyz/playedu/api/controller/backend/AdminRoleController.java
@ -4,9 +4,11 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 import xyz.playedu.api.constant.BPermissionConstant;
 import xyz.playedu.api.domain.AdminPermission;
 import xyz.playedu.api.domain.AdminRole;
 import xyz.playedu.api.domain.AdminRolePermission;
 import xyz.playedu.api.middleware.BackendPermissionMiddleware;
 import xyz.playedu.api.request.backend.AdminRoleRequest;
 import xyz.playedu.api.service.AdminPermissionService;
 import xyz.playedu.api.service.AdminRolePermissionService;
@ -36,12 +38,14 @@ public class AdminRoleController {
    @Autowired
    private AdminRolePermissionService rolePermissionService;
    @BackendPermissionMiddleware(slug = BPermissionConstant.ADMIN_ROLE)
    @GetMapping("/index")
    public JsonResponse index() {
        List<AdminRole> data = roleService.list();
        return JsonResponse.data(data);
    }
    @BackendPermissionMiddleware(slug = BPermissionConstant.ADMIN_ROLE)
    @GetMapping("/create")
    public JsonResponse create() {
        List<AdminPermission> permissions = permissionService.listOrderBySortAsc();
@ -50,6 +54,7 @@ public class AdminRoleController {
        return JsonResponse.data(data);
    }
    @BackendPermissionMiddleware(slug = BPermissionConstant.ADMIN_ROLE)
    @PostMapping("/create")
    @Transactional
    public JsonResponse store(@RequestBody @Validated AdminRoleRequest request) {
@ -76,6 +81,7 @@ public class AdminRoleController {
        return JsonResponse.success();
    }
    @BackendPermissionMiddleware(slug = BPermissionConstant.ADMIN_ROLE)
    @GetMapping("/{id}")
    public JsonResponse edit(@PathVariable(name = "id") Integer id) {
        AdminRole role = roleService.getById(id);
@ -85,6 +91,7 @@ public class AdminRoleController {
        return JsonResponse.data(role);
    }
    @BackendPermissionMiddleware(slug = BPermissionConstant.ADMIN_ROLE)
    @PutMapping("/{id}")
    @Transactional
    public JsonResponse update(@PathVariable(name = "id") Integer id, @RequestBody @Validated AdminRoleRequest request) {
@ -116,6 +123,7 @@ public class AdminRoleController {
        return JsonResponse.success();
    }
    @BackendPermissionMiddleware(slug = BPermissionConstant.ADMIN_ROLE)
    @DeleteMapping("/{id}")
    @Transactional
    public JsonResponse destroy(@PathVariable(name = "id") Integer id) {
--- a/src/main/java/xyz/playedu/api/controller/backend/AdminUserController.java
+++ b/src/main/java/xyz/playedu/api/controller/backend/AdminUserController.java
@ -5,9 +5,11 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 import xyz.playedu.api.constant.BPermissionConstant;
 import xyz.playedu.api.domain.AdminRole;
 import xyz.playedu.api.domain.AdminUser;
 import xyz.playedu.api.domain.AdminUserRole;
 import xyz.playedu.api.middleware.BackendPermissionMiddleware;
 import xyz.playedu.api.request.backend.AdminUserRequest;
 import xyz.playedu.api.service.AdminRoleService;
 import xyz.playedu.api.service.AdminUserRoleService;
@ -35,6 +37,7 @@ public class AdminUserController {
    @Autowired
    private AdminUserRoleService userRoleService;
    @BackendPermissionMiddleware(slug = BPermissionConstant.ADMIN_USER_INDEX)
    @GetMapping("/index")
    public JsonResponse Index(@RequestParam(name = "page", defaultValue = "1") Integer page, @RequestParam(name = "size", defaultValue = "10") Integer size) {
        PaginationResult<AdminUser> result = adminUserService.paginate(page, size, null);
@ -50,6 +53,7 @@ public class AdminUserController {
        return JsonResponse.data(result);
    }
    @BackendPermissionMiddleware(slug = BPermissionConstant.ADMIN_USER_STORE)
    @GetMapping("/create")
    public JsonResponse create() {
        List<AdminRole> roles = roleService.list();
@ -59,6 +63,7 @@ public class AdminUserController {
    }
    @BackendPermissionMiddleware(slug = BPermissionConstant.ADMIN_USER_STORE)
    @PostMapping("/create")
    @Transactional
    public JsonResponse store(@RequestBody @Validated AdminUserRequest request) {
@ -100,6 +105,7 @@ public class AdminUserController {
        return JsonResponse.success();
    }
    @BackendPermissionMiddleware(slug = BPermissionConstant.ADMIN_USER_UPDATE)
    @GetMapping("/{id}")
    public JsonResponse edit(@PathVariable Integer id) {
        AdminUser adminUser = adminUserService.findById(id);
@ -111,6 +117,7 @@ public class AdminUserController {
        return JsonResponse.data(adminUser);
    }
    @BackendPermissionMiddleware(slug = BPermissionConstant.ADMIN_USER_UPDATE)
    @PutMapping("/{id}")
    @Transactional
    public JsonResponse update(@PathVariable Integer id, @RequestBody @Validated AdminUserRequest request) {
@ -159,6 +166,7 @@ public class AdminUserController {
        return JsonResponse.success();
    }
    @BackendPermissionMiddleware(slug = BPermissionConstant.ADMIN_USER_DESTROY)
    @DeleteMapping("/{id}")
    @Transactional
    public JsonResponse destroy(@PathVariable Integer id) {
--- a/src/main/java/xyz/playedu/api/controller/backend/DepartmentController.java
+++ b/src/main/java/xyz/playedu/api/controller/backend/DepartmentController.java
@ -5,8 +5,10 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 import xyz.playedu.api.bus.DepartmentBus;
 import xyz.playedu.api.constant.BPermissionConstant;
 import xyz.playedu.api.domain.Department;
 import xyz.playedu.api.exception.NotFoundException;
 import xyz.playedu.api.middleware.BackendPermissionMiddleware;
 import xyz.playedu.api.request.backend.DepartmentRequest;
 import xyz.playedu.api.service.DepartmentService;
 import xyz.playedu.api.types.JsonResponse;
@ -29,6 +31,7 @@ public class DepartmentController {
    @Autowired
    private DepartmentBus departmentBus;
    @BackendPermissionMiddleware(slug = BPermissionConstant.DEPARTMENT_INDEX)
    @GetMapping("/index")
    public JsonResponse index() {
        Map<Integer, List<Department>> departments = departmentService.all().stream().collect(Collectors.groupingBy(Department::getParentId));
@ -39,12 +42,14 @@ public class DepartmentController {
        return JsonResponse.data(data);
    }
    @BackendPermissionMiddleware(slug = BPermissionConstant.DEPARTMENT_STORE)
    @GetMapping("/create")
    public JsonResponse create(@RequestParam(name = "parent_id", defaultValue = "0") Integer parentId) {
        List<Department> data = departmentService.listByParentId(parentId);
        return JsonResponse.data(data);
    }
    @BackendPermissionMiddleware(slug = BPermissionConstant.DEPARTMENT_STORE)
    @PostMapping("/create")
    public JsonResponse store(@RequestBody @Validated DepartmentRequest request) throws NotFoundException {
        String parentChain = "";
@ -65,12 +70,14 @@ public class DepartmentController {
        return JsonResponse.success();
    }
    @BackendPermissionMiddleware(slug = BPermissionConstant.DEPARTMENT_UPDATE)
    @GetMapping("/{id}")
    public JsonResponse edit(@PathVariable Integer id) throws NotFoundException {
        Department department = departmentService.findOrFail(id);
        return JsonResponse.data(department);
    }
    @BackendPermissionMiddleware(slug = BPermissionConstant.DEPARTMENT_UPDATE)
    @PutMapping("/{id}")
    public JsonResponse update(@PathVariable Integer id, @RequestBody DepartmentRequest request) throws NotFoundException {
        Department department = departmentService.findOrFail(id);
@ -78,6 +85,7 @@ public class DepartmentController {
        return JsonResponse.success();
    }
    @BackendPermissionMiddleware(slug = BPermissionConstant.DEPARTMENT_DESTROY)
    @DeleteMapping("/{id}")
    public JsonResponse destroy(@PathVariable Integer id) throws NotFoundException {
        Department department = departmentService.findOrFail(id);
--- a/src/main/java/xyz/playedu/api/middleware/BackendPermissionMiddleware.java
+++ b/src/main/java/xyz/playedu/api/middleware/BackendPermissionMiddleware.java
@ -0,0 +1,14 @@
 package xyz.playedu.api.middleware;
 import java.lang.annotation.*;
 /**
 * @Author 杭州白书科技有限公司
 * @create 2023/2/21 16:40
 */
@Documented
@Target({ElementType.METHOD})
@Retention(RetentionPolicy.RUNTIME)
 public @interface BackendPermissionMiddleware {
    String slug() default "";
 }
--- a/src/main/java/xyz/playedu/api/middleware/impl/BackendPermissionMiddlewareImpl.java
+++ b/src/main/java/xyz/playedu/api/middleware/impl/BackendPermissionMiddlewareImpl.java
@ -0,0 +1,45 @@
 package xyz.playedu.api.middleware.impl;
 import lombok.extern.slf4j.Slf4j;
 import org.aspectj.lang.ProceedingJoinPoint;
 import org.aspectj.lang.annotation.Around;
 import org.aspectj.lang.annotation.Aspect;
 import org.aspectj.lang.annotation.Pointcut;
 import org.aspectj.lang.reflect.MethodSignature;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import xyz.playedu.api.PlayEduThreadLocal;
 import xyz.playedu.api.bus.BackendBus;
 import xyz.playedu.api.middleware.BackendPermissionMiddleware;
 import xyz.playedu.api.types.JsonResponse;
 import java.util.HashMap;
 /**
 * @Author 杭州白书科技有限公司
 * @create 2023/2/21 16:42
 */
@Aspect
@Component
@Slf4j
 public class BackendPermissionMiddlewareImpl {
    @Autowired
    private BackendBus backendBus;
    @Pointcut("@annotation(xyz.playedu.api.middleware.BackendPermissionMiddleware)")
    private void doPointcut() {
    }
    @Around("doPointcut()")
    public Object doAround(ProceedingJoinPoint joinPoint) throws Throwable {
        MethodSignature signature = (MethodSignature) joinPoint.getSignature();
        BackendPermissionMiddleware middleware = signature.getMethod().getAnnotation(BackendPermissionMiddleware.class);
        Integer adminUserId = PlayEduThreadLocal.getAdminUserID();
        HashMap<String, Boolean> permissions = backendBus.adminUserPermissions(adminUserId);
        if (permissions.get(middleware.slug()) == null) {
            return JsonResponse.error("权限不足", 403);
        }
        return joinPoint.proceed();
    }
 }
--- a/src/main/java/xyz/playedu/api/service/AdminPermissionService.java
+++ b/src/main/java/xyz/playedu/api/service/AdminPermissionService.java
@ -17,4 +17,6 @@ public interface AdminPermissionService extends IService<AdminPermission> {
    List<AdminPermission> listOrderBySortAsc();
    HashMap<String,Boolean> getSlugsByIds(List<Integer> ids);
 }
--- a/src/main/java/xyz/playedu/api/service/AdminRolePermissionService.java
+++ b/src/main/java/xyz/playedu/api/service/AdminRolePermissionService.java
@ -4,6 +4,9 @@ import org.springframework.stereotype.Service;
 import xyz.playedu.api.domain.AdminRolePermission;
 import com.baomidou.mybatisplus.extension.service.IService;
 import java.util.HashMap;
 import java.util.List;
 /**
 * @author tengteng
 * @description 针对表【admin_role_permission】的数据库操作Service
@ -14,4 +17,5 @@ public interface AdminRolePermissionService extends IService<AdminRolePermission
    void removeRolePermissionsByRoleId(Integer roleId);
    List<Integer> getPermissionIdsByRoleIds(List<Integer> roleIds);
 }
--- a/src/main/java/xyz/playedu/api/service/AdminUserRoleService.java
+++ b/src/main/java/xyz/playedu/api/service/AdminUserRoleService.java
@ -3,6 +3,8 @@ package xyz.playedu.api.service;
 import xyz.playedu.api.domain.AdminUserRole;
 import com.baomidou.mybatisplus.extension.service.IService;
 import java.util.List;
 /**
 * @author tengteng
 * @description 针对表【admin_user_role】的数据库操作Service
@ -12,4 +14,6 @@ public interface AdminUserRoleService extends IService<AdminUserRole> {
    void removeUserRolesByUserId(Integer userId);
    List<Integer> getRoleIdsByUserId(Integer userId);
 }
--- a/src/main/java/xyz/playedu/api/service/impl/AdminPermissionServiceImpl.java
+++ b/src/main/java/xyz/playedu/api/service/impl/AdminPermissionServiceImpl.java
@ -31,6 +31,16 @@ public class AdminPermissionServiceImpl extends ServiceImpl<AdminPermissionMappe
    public List<AdminPermission> listOrderBySortAsc() {
        return list(query().getWrapper().orderByAsc("group_name", "sort"));
    }
    @Override
    public HashMap<String, Boolean> getSlugsByIds(List<Integer> ids) {
        List<AdminPermission> adminPermissions = list(query().getWrapper().in("id", ids));
        HashMap<String, Boolean> map = new HashMap<>();
        for (AdminPermission adminPermission : adminPermissions) {
            map.put(adminPermission.getSlug(), true);
        }
        return map;
    }
 }
--- a/src/main/java/xyz/playedu/api/service/impl/AdminRolePermissionServiceImpl.java
+++ b/src/main/java/xyz/playedu/api/service/impl/AdminRolePermissionServiceImpl.java
@ -1,23 +1,37 @@
 package xyz.playedu.api.service.impl;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
 import lombok.extern.slf4j.Slf4j;
 import xyz.playedu.api.domain.AdminRole;
 import xyz.playedu.api.domain.AdminRolePermission;
 import xyz.playedu.api.service.AdminRolePermissionService;
 import xyz.playedu.api.mapper.AdminRolePermissionMapper;
 import org.springframework.stereotype.Service;
 import java.util.ArrayList;
 import java.util.List;
 /**
 * @author tengteng
 * @description 针对表【admin_role_permission】的数据库操作Service实现
 * @createDate 2023-02-21 16:07:01
 */
@Service
-public class AdminRolePermissionServiceImpl extends ServiceImpl<AdminRolePermissionMapper, AdminRolePermission>
+public class AdminRolePermissionServiceImpl extends ServiceImpl<AdminRolePermissionMapper, AdminRolePermission> implements AdminRolePermissionService {
        implements AdminRolePermissionService {
    @Override
    public void removeRolePermissionsByRoleId(Integer roleId) {
        remove(query().getWrapper().eq("role_id", roleId));
    }
    @Override
    public List<Integer> getPermissionIdsByRoleIds(List<Integer> roleIds) {
        List<AdminRolePermission> rolePermissions = list(query().getWrapper().in("role_id", roleIds));
        List<Integer> ids = new ArrayList<>();
        for (AdminRolePermission rolePermission : rolePermissions) {
            ids.add(rolePermission.getPermId());
        }
        return ids;
    }
 }
--- a/src/main/java/xyz/playedu/api/service/impl/AdminUserRoleServiceImpl.java
+++ b/src/main/java/xyz/playedu/api/service/impl/AdminUserRoleServiceImpl.java
@ -6,19 +6,31 @@ import xyz.playedu.api.service.AdminUserRoleService;
 import xyz.playedu.api.mapper.AdminUserRoleMapper;
 import org.springframework.stereotype.Service;
 import java.util.ArrayList;
 import java.util.List;
 /**
 * @author tengteng
 * @description 针对表【admin_user_role】的数据库操作Service实现
 * @createDate 2023-02-21 16:25:43
 */
@Service
-public class AdminUserRoleServiceImpl extends ServiceImpl<AdminUserRoleMapper, AdminUserRole>
+public class AdminUserRoleServiceImpl extends ServiceImpl<AdminUserRoleMapper, AdminUserRole> implements AdminUserRoleService {
        implements AdminUserRoleService {
    @Override
    public void removeUserRolesByUserId(Integer userId) {
        remove(query().getWrapper().eq("admin_id", userId));
    }
    @Override
    public List<Integer> getRoleIdsByUserId(Integer userId) {
        List<AdminUserRole> userRoles = list(query().getWrapper().eq("admin_id", userId));
        List<Integer> ids = new ArrayList<>();
        for (AdminUserRole userRole : userRoles) {
            ids.add(userRole.getRoleId());
        }
        return ids;
    }
 }