超级管理员角色

src/main/java/xyz/playedu/api/bus/BackendBus.java

@@ -3,10 +3,13 @@ package xyz.playedu.api.bus;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import xyz.playedu.api.constant.BackendConstant;
+import xyz.playedu.api.domain.AdminRole;
 import xyz.playedu.api.service.AdminPermissionService;
 import xyz.playedu.api.service.AdminRolePermissionService;
+import xyz.playedu.api.service.AdminRoleService;
 import xyz.playedu.api.service.AdminUserRoleService;
 
+import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 
@@ -22,6 +25,9 @@ public class BackendBus {
     @Autowired
     private AdminPermissionService permissionService;
 
+    @Autowired
+    private AdminRoleService adminRoleService;
+
     public static boolean inUnAuthWhitelist(String uri) {
         for (int i = 0; i < BackendConstant.UN_AUTH_URI_WHITELIST.length; i++) {
             if (uri.equals(BackendConstant.UN_AUTH_URI_WHITELIST[i])) {
@@ -32,15 +38,26 @@ public class BackendBus {
     }
 
     public HashMap<String, Boolean> adminUserPermissions(Integer userId) {
-        HashMap<String, Boolean> permissons = new HashMap<>();
+        // 读取超级管理角色
+        AdminRole superRole = adminRoleService.getBySlug(BackendConstant.SUPER_ADMIN_ROLE);
+
+        HashMap<String, Boolean> permissions = new HashMap<>();
         List<Integer> roleIds = adminUserRoleService.getRoleIdsByUserId(userId);
         if (roleIds.size() == 0) {
-            return permissons;
+            return permissions;
         }
-        List<Integer> permissionIds = rolePermissionService.getPermissionIdsByRoleIds(roleIds);
-        if (permissionIds.size() == 0) {
-            return permissons;
+
+        List<Integer> permissionIds;
+
+        if (roleIds.contains(superRole.getId())) {//包含超级管理角色的话返回全部权限
+            permissionIds = permissionService.allIds();
+        } else {//根据相应的roleIds读取权限
+            permissionIds = rolePermissionService.getPermissionIdsByRoleIds(roleIds);
+            if (permissionIds.size() == 0) {
+                return permissions;
+            }
         }
+
         return permissionService.getSlugsByIds(permissionIds);
     }
 

src/main/java/xyz/playedu/api/checks/AdminRoleCheck.java

@@ -0,0 +1,39 @@
+package xyz.playedu.api.checks;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.ApplicationArguments;
+import org.springframework.boot.ApplicationRunner;
+import org.springframework.stereotype.Component;
+import xyz.playedu.api.constant.BackendConstant;
+import xyz.playedu.api.domain.AdminRole;
+import xyz.playedu.api.service.AdminRoleService;
+
+import java.util.Date;
+
+/**
+ * @Author 杭州白书科技有限公司
+ * @create 2023/2/23 22:09
+ */
+@Component
+public class AdminRoleCheck implements ApplicationRunner {
+
+    @Autowired
+    private AdminRoleService adminRoleService;
+
+    @Override
+    public void run(ApplicationArguments args) throws Exception {
+        AdminRole adminRole = adminRoleService.getBySlug(BackendConstant.SUPER_ADMIN_ROLE);
+        if (adminRole != null) {//已存在超级管理权限
+            return;
+        }
+        adminRole = new AdminRole();
+
+        adminRole.setName("超级管理角色");
+        adminRole.setSlug(BackendConstant.SUPER_ADMIN_ROLE);
+        adminRole.setCreatedAt(new Date());
+        adminRole.setUpdatedAt(new Date());
+
+        adminRoleService.save(adminRole);
+    }
+
+}

src/main/java/xyz/playedu/api/constant/BackendConstant.java

@@ -1,6 +1,8 @@
 package xyz.playedu.api.constant;
 
 public class BackendConstant {
+    public final static String SUPER_ADMIN_ROLE = "super-role";
+
     public final static String[] UN_AUTH_URI_WHITELIST = {"/backend/v1/system/image-captcha", "/backend/v1/auth/login",};
 
     public final static String[] RESOURCE_TYPE_WHITELIST = {"IMAGE", "PDF", "VIDEO", "WORD", "PPT"};

src/main/java/xyz/playedu/api/controller/backend/AdminRoleController.java

@@ -5,6 +5,7 @@ import org.springframework.transaction.annotation.Transactional;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 import xyz.playedu.api.constant.BPermissionConstant;
+import xyz.playedu.api.constant.BackendConstant;
 import xyz.playedu.api.domain.AdminPermission;
 import xyz.playedu.api.domain.AdminRole;
 import xyz.playedu.api.domain.AdminRolePermission;
@@ -99,6 +100,9 @@ public class AdminRoleController {
         if (role == null) {
             return JsonResponse.error("管理角色不存在");
         }
+        if (role.getSlug() == BackendConstant.SUPER_ADMIN_ROLE) {
+            return JsonResponse.error("超级管理权限无法编辑");
+        }
 
         AdminRole newRole = new AdminRole();
         newRole.setId(role.getId());
@@ -128,8 +132,17 @@ public class AdminRoleController {
     @DeleteMapping("/{id}")
     @Transactional
     public JsonResponse destroy(@PathVariable(name = "id") Integer id) {
-        rolePermissionService.removeRolePermissionsByRoleId(id);
-        roleService.removeById(id);
+        AdminRole role = roleService.getById(id);
+        if (role == null) {
+            return JsonResponse.error("角色不存在");
+        }
+        if (role.getSlug() == BackendConstant.SUPER_ADMIN_ROLE) {
+            return JsonResponse.error("超级管理角色无法删除");
+        }
+
+        rolePermissionService.removeRolePermissionsByRoleId(role.getId());
+        roleService.removeById(role.getId());
+
         return JsonResponse.success();
     }
 

src/main/java/xyz/playedu/api/service/AdminPermissionService.java

@@ -19,4 +19,6 @@ public interface AdminPermissionService extends IService<AdminPermission> {
 
     HashMap<String,Boolean> getSlugsByIds(List<Integer> ids);
 
+    List<Integer> allIds();
+
 }

src/main/java/xyz/playedu/api/service/AdminRoleService.java

@@ -10,4 +10,6 @@ import com.baomidou.mybatisplus.extension.service.IService;
 */
 public interface AdminRoleService extends IService<AdminRole> {
 
+    AdminRole getBySlug(String slug);
+
 }

src/main/java/xyz/playedu/api/service/impl/AdminPermissionServiceImpl.java

@@ -6,6 +6,7 @@ import xyz.playedu.api.service.AdminPermissionService;
 import xyz.playedu.api.mapper.AdminPermissionMapper;
 import org.springframework.stereotype.Service;
 
+import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 
@@ -41,6 +42,16 @@ public class AdminPermissionServiceImpl extends ServiceImpl<AdminPermissionMappe
         }
         return map;
     }
+
+    @Override
+    public List<Integer> allIds() {
+        List<AdminPermission> permissions = list(query().getWrapper().eq("1", "1").select("id"));
+        List<Integer> ids = new ArrayList<>();
+        for (AdminPermission permission : permissions) {
+            ids.add(permission.getId());
+        }
+        return ids;
+    }
 }
 
 

src/main/java/xyz/playedu/api/service/impl/AdminRoleServiceImpl.java

@@ -7,14 +7,18 @@ import xyz.playedu.api.mapper.AdminRoleMapper;
 import org.springframework.stereotype.Service;
 
 /**
-* @author tengteng
-* @description 针对表【admin_roles】的数据库操作Service实现
-* @createDate 2023-02-21 15:53:27
-*/
+ * @author tengteng
+ * @description 针对表【admin_roles】的数据库操作Service实现
+ * @createDate 2023-02-21 15:53:27
+ */
 @Service
 public class AdminRoleServiceImpl extends ServiceImpl<AdminRoleMapper, AdminRole>
-    implements AdminRoleService{
+        implements AdminRoleService {
 
+    @Override
+    public AdminRole getBySlug(String slug) {
+        return getOne(query().getWrapper().eq("slug", slug));
+    }
 }