商品、分类、品牌接口添加权限控制

README.md

@@ -61,9 +61,8 @@ docker容器化部署 | ✔
 ELK日志收集功能 | ✔
 RabbitMq异步通信 | ✔
 RestTemplate服务间调用 | ✔
-SpringSecurity权限管理功能 |
+SpringSecurity权限管理功能 | ✔
 集成SpringCloud |
-集成SpringCloudSecurity |
 
 ### 使用工具
 
@@ -235,7 +234,7 @@ Linux远程连接工具 | http://www.netsarang.com/download/software.html
 
 #### 订单管理
 
-#### 权限管理
+#### 权限管理 ✔
 
 > **权限管理**
 

mall-admin/src/main/java/com/macro/mall/bo/AdminUserDetails.java

@@ -1,12 +1,14 @@
 package com.macro.mall.bo;
 
 import com.macro.mall.model.UmsAdmin;
+import com.macro.mall.model.UmsPermission;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
 
-import java.util.Arrays;
 import java.util.Collection;
+import java.util.List;
+import java.util.stream.Collectors;
 
 /**
  * SpringSecurity需要的用户详情
@@ -14,15 +16,19 @@ import java.util.Collection;
  */
 public class AdminUserDetails implements UserDetails {
     private UmsAdmin umsAdmin;
-
-    public AdminUserDetails(UmsAdmin umsAdmin) {
+    private List<UmsPermission> permissionList;
+    public AdminUserDetails(UmsAdmin umsAdmin,List<UmsPermission> permissionList) {
         this.umsAdmin = umsAdmin;
+        this.permissionList = permissionList;
     }
 
     @Override
     public Collection<? extends GrantedAuthority> getAuthorities() {
         //返回当前用户的权限
-        return Arrays.asList(new SimpleGrantedAuthority("TEST"));
+        return permissionList.stream()
+                .filter(permission -> permission.getValue()!=null)
+                .map(permission ->new SimpleGrantedAuthority(permission.getValue()))
+                .collect(Collectors.toList());
     }
 
     @Override

mall-admin/src/main/java/com/macro/mall/config/SecurityConfig.java

@@ -5,6 +5,7 @@ import com.macro.mall.component.JwtAuthenticationTokenFilter;
 import com.macro.mall.component.RestAuthenticationEntryPoint;
 import com.macro.mall.component.RestfulAccessDeniedHandler;
 import com.macro.mall.model.UmsAdmin;
+import com.macro.mall.model.UmsPermission;
 import com.macro.mall.service.UmsAdminService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
@@ -14,11 +15,11 @@ import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.encoding.Md5PasswordEncoder;
 import org.springframework.security.authentication.encoding.PasswordEncoder;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@@ -26,6 +27,8 @@ import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 import org.springframework.web.filter.CorsFilter;
 
+import java.util.List;
+
 
 /**
  * SpringSecurity的配置
@@ -33,6 +36,7 @@ import org.springframework.web.filter.CorsFilter;
  */
 @Configuration
 @EnableWebSecurity
+@EnableGlobalMethodSecurity(prePostEnabled=true)
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
     @Autowired
     private UmsAdminService adminService;
@@ -92,15 +96,13 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
     @Bean
     public UserDetailsService userDetailsService() {
         //获取登录用户信息
-        return new UserDetailsService() {
-            @Override
-            public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
-                UmsAdmin admin = adminService.getAdminByUsername(username);
-                if (admin != null) {
-                    return new AdminUserDetails(admin);
-                }
-                throw new UsernameNotFoundException("用户名或密码错误");
+        return username -> {
+            UmsAdmin admin = adminService.getAdminByUsername(username);
+            if (admin != null) {
+                List<UmsPermission> permissionList = adminService.getPermissionList(admin.getId());
+                return new AdminUserDetails(admin,permissionList);
             }
+            throw new UsernameNotFoundException("用户名或密码错误");
         };
     }
 

mall-admin/src/main/java/com/macro/mall/controller/PmsBrandController.java

@@ -3,12 +3,10 @@ package com.macro.mall.controller;
 import com.macro.mall.dto.CommonResult;
 import com.macro.mall.dto.PmsBrandParam;
 import com.macro.mall.service.PmsBrandService;
-import com.macro.mall.validator.FlagValidator;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.validation.BindingResult;
 import org.springframework.validation.annotation.Validated;
@@ -30,6 +28,7 @@ public class PmsBrandController {
     @ApiOperation(value = "获取全部品牌列表")
     @RequestMapping(value = "/listAll", method = RequestMethod.GET)
     @ResponseBody
+    @PreAuthorize("hasAuthority('pms:brand:read')")
     public Object getList() {
         return new CommonResult().success(brandService.listAllBrand());
     }
@@ -37,6 +36,7 @@ public class PmsBrandController {
     @ApiOperation(value = "添加品牌")
     @RequestMapping(value = "/create", method = RequestMethod.POST)
     @ResponseBody
+    @PreAuthorize("hasAuthority('pms:brand:create')")
     public Object create(@Validated @RequestBody PmsBrandParam pmsBrand, BindingResult result) {
         CommonResult commonResult;
         int count = brandService.createBrand(pmsBrand);
@@ -51,6 +51,7 @@ public class PmsBrandController {
     @ApiOperation(value = "更新品牌")
     @RequestMapping(value = "/update/{id}", method = RequestMethod.POST)
     @ResponseBody
+    @PreAuthorize("hasAuthority('pms:brand:update')")
     public Object update(@PathVariable("id") Long id,
                               @Validated @RequestBody PmsBrandParam pmsBrandParam,
                               BindingResult result) {
@@ -67,6 +68,7 @@ public class PmsBrandController {
     @ApiOperation(value = "删除品牌")
     @RequestMapping(value = "/delete/{id}", method = RequestMethod.GET)
     @ResponseBody
+    @PreAuthorize("hasAuthority('pms:brand:delete')")
     public Object delete(@PathVariable("id") Long id) {
         int count = brandService.deleteBrand(id);
         if (count == 1) {
@@ -79,6 +81,7 @@ public class PmsBrandController {
     @ApiOperation(value = "根据品牌名称分页获取品牌列表")
     @RequestMapping(value = "/list", method = RequestMethod.GET)
     @ResponseBody
+    @PreAuthorize("hasAuthority('pms:brand:read')")
     public Object getList(@RequestParam(value = "keyword", required = false) String keyword,
                             @RequestParam(value = "pageNum", defaultValue = "1") Integer pageNum,
                             @RequestParam(value = "pageSize", defaultValue = "5") Integer pageSize) {
@@ -88,6 +91,7 @@ public class PmsBrandController {
     @ApiOperation(value = "根据编号查询品牌信息")
     @RequestMapping(value = "/{id}", method = RequestMethod.GET)
     @ResponseBody
+    @PreAuthorize("hasAuthority('pms:brand:read')")
     public Object getItem(@PathVariable("id") Long id) {
         return new CommonResult().success(brandService.getBrand(id));
     }
@@ -95,6 +99,7 @@ public class PmsBrandController {
     @ApiOperation(value = "批量删除品牌")
     @RequestMapping(value = "/delete/batch", method = RequestMethod.POST)
     @ResponseBody
+    @PreAuthorize("hasAuthority('pms:brand:delete')")
     public Object deleteBatch(@RequestParam("ids") List<Long> ids) {
         int count = brandService.deleteBrand(ids);
         if (count > 0) {
@@ -107,6 +112,7 @@ public class PmsBrandController {
     @ApiOperation(value = "批量更新显示状态")
     @RequestMapping(value = "/update/showStatus", method = RequestMethod.POST)
     @ResponseBody
+    @PreAuthorize("hasAuthority('pms:brand:update')")
     public Object updateShowStatus(@RequestParam("ids") List<Long> ids,
                                    @RequestParam("showStatus") Integer showStatus) {
         int count = brandService.updateShowStatus(ids, showStatus);
@@ -120,6 +126,7 @@ public class PmsBrandController {
     @ApiOperation(value = "批量更新厂家制造商状态")
     @RequestMapping(value = "/update/factoryStatus", method = RequestMethod.POST)
     @ResponseBody
+    @PreAuthorize("hasAuthority('pms:brand:update')")
     public Object updateFactoryStatus(@RequestParam("ids") List<Long> ids,
                                       @RequestParam("factoryStatus") Integer factoryStatus) {
         int count = brandService.updateFactoryStatus(ids, factoryStatus);

mall-admin/src/main/java/com/macro/mall/controller/PmsProductCategoryController.java

@@ -8,6 +8,7 @@ import com.macro.mall.service.PmsProductCategoryService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.validation.BindingResult;
 import org.springframework.validation.annotation.Validated;
@@ -29,6 +30,7 @@ public class PmsProductCategoryController {
     @ApiOperation("添加产品分类")
     @RequestMapping(value = "/create", method = RequestMethod.POST)
     @ResponseBody
+    @PreAuthorize("hasAuthority('pms:productCategory:create')")
     public Object create(@Validated @RequestBody PmsProductCategoryParam productCategoryParam,
                          BindingResult result) {
         int count = productCategoryService.create(productCategoryParam);
@@ -42,6 +44,7 @@ public class PmsProductCategoryController {
     @ApiOperation("修改商品分类")
     @RequestMapping(value = "/update/{id}", method = RequestMethod.POST)
     @ResponseBody
+    @PreAuthorize("hasAuthority('pms:productCategory:update')")
     public Object update(@PathVariable Long id,
                          @Validated
                          @RequestBody PmsProductCategoryParam productCategoryParam,
@@ -57,6 +60,7 @@ public class PmsProductCategoryController {
     @ApiOperation("分页查询商品分类")
     @RequestMapping(value = "/list/{parentId}", method = RequestMethod.GET)
     @ResponseBody
+    @PreAuthorize("hasAuthority('pms:productCategory:read')")
     public Object getList(@PathVariable Long parentId,
                           @RequestParam(value = "pageSize", defaultValue = "5") Integer pageSize,
                           @RequestParam(value = "pageNum", defaultValue = "1") Integer pageNum) {
@@ -67,6 +71,7 @@ public class PmsProductCategoryController {
     @ApiOperation("根据id获取商品分类")
     @RequestMapping(value = "/{id}", method = RequestMethod.GET)
     @ResponseBody
+    @PreAuthorize("hasAuthority('pms:productCategory:read')")
     public Object getItem(@PathVariable Long id) {
         PmsProductCategory productCategory = productCategoryService.getItem(id);
         return new CommonResult().success(productCategory);
@@ -75,6 +80,7 @@ public class PmsProductCategoryController {
     @ApiOperation("删除商品分类")
     @RequestMapping(value = "/delete/{id}", method = RequestMethod.POST)
     @ResponseBody
+    @PreAuthorize("hasAuthority('pms:productCategory:delete')")
     public Object delete(@PathVariable Long id) {
         int count = productCategoryService.delete(id);
         if (count > 0) {
@@ -87,6 +93,7 @@ public class PmsProductCategoryController {
     @ApiOperation("修改导航栏显示状态")
     @RequestMapping(value = "/update/navStatus", method = RequestMethod.POST)
     @ResponseBody
+    @PreAuthorize("hasAuthority('pms:productCategory:update')")
     public Object updateNavStatus(@RequestParam("ids") List<Long> ids, @RequestParam("navStatus") Integer navStatus) {
         int count = productCategoryService.updateNavStatus(ids, navStatus);
         if (count > 0) {
@@ -99,6 +106,7 @@ public class PmsProductCategoryController {
     @ApiOperation("修改显示状态")
     @RequestMapping(value = "/update/showStatus", method = RequestMethod.POST)
     @ResponseBody
+    @PreAuthorize("hasAuthority('pms:productCategory:update')")
     public Object updateShowStatus(@RequestParam("ids") List<Long> ids, @RequestParam("showStatus") Integer showStatus) {
         int count = productCategoryService.updateShowStatus(ids, showStatus);
         if (count > 0) {
@@ -111,6 +119,7 @@ public class PmsProductCategoryController {
     @ApiOperation("查询所有一级分类及子分类")
     @RequestMapping(value = "/list/withChildren", method = RequestMethod.GET)
     @ResponseBody
+    @PreAuthorize("hasAuthority('pms:productCategory:read')")
     public Object listWithChildren() {
         List<PmsProductCategoryWithChildrenItem> list = productCategoryService.listWithChildren();
         return new CommonResult().success(list);

mall-admin/src/main/java/com/macro/mall/controller/PmsProductController.java

@@ -9,6 +9,7 @@ import com.macro.mall.service.PmsProductService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.validation.BindingResult;
 import org.springframework.web.bind.annotation.*;
@@ -29,6 +30,7 @@ public class PmsProductController {
     @ApiOperation("创建商品")
     @RequestMapping(value = "/create", method = RequestMethod.POST)
     @ResponseBody
+    @PreAuthorize("hasAuthority('pms:product:create')")
     public Object create(@RequestBody PmsProductParam productParam, BindingResult bindingResult) {
         int count = productService.create(productParam);
         if (count > 0) {
@@ -41,6 +43,7 @@ public class PmsProductController {
     @ApiOperation("根据商品id获取商品编辑信息")
     @RequestMapping(value = "/updateInfo/{id}", method = RequestMethod.GET)
     @ResponseBody
+    @PreAuthorize("hasAuthority('pms:product:read')")
     public Object getUpdateInfo(@PathVariable Long id) {
         PmsProductResult productResult = productService.getUpdateInfo(id);
         return new CommonResult().success(productResult);
@@ -49,6 +52,7 @@ public class PmsProductController {
     @ApiOperation("更新商品")
     @RequestMapping(value = "/update/{id}", method = RequestMethod.POST)
     @ResponseBody
+    @PreAuthorize("hasAuthority('pms:product:update')")
     public Object update(@PathVariable Long id, @RequestBody PmsProductParam productParam, BindingResult bindingResult) {
         int count = productService.update(id, productParam);
         if (count > 0) {
@@ -61,6 +65,7 @@ public class PmsProductController {
     @ApiOperation("查询商品")
     @RequestMapping(value = "/list", method = RequestMethod.GET)
     @ResponseBody
+    @PreAuthorize("hasAuthority('pms:product:read')")
     public Object getList(PmsProductQueryParam productQueryParam,
                        @RequestParam(value = "pageSize", defaultValue = "5") Integer pageSize,
                        @RequestParam(value = "pageNum", defaultValue = "1") Integer pageNum) {
@@ -71,6 +76,7 @@ public class PmsProductController {
     @ApiOperation("批量修改审核状态")
     @RequestMapping(value = "/update/verifyStatus",method = RequestMethod.POST)
     @ResponseBody
+    @PreAuthorize("hasAuthority('pms:product:update')")
     public Object updateVerifyStatus(@RequestParam("ids") List<Long> ids,
                                      @RequestParam("verifyStatus") Integer verifyStatus,
                                      @RequestParam("detail") String detail) {
@@ -85,6 +91,7 @@ public class PmsProductController {
     @ApiOperation("批量上下架")
     @RequestMapping(value = "/update/publishStatus",method = RequestMethod.POST)
     @ResponseBody
+    @PreAuthorize("hasAuthority('pms:product:update')")
     public Object updatePublishStatus(@RequestParam("ids") List<Long> ids,
                                      @RequestParam("publishStatus") Integer publishStatus) {
         int count = productService.updatePublishStatus(ids, publishStatus);
@@ -98,6 +105,7 @@ public class PmsProductController {
     @ApiOperation("批量推荐商品")
     @RequestMapping(value = "/update/recommendStatus",method = RequestMethod.POST)
     @ResponseBody
+    @PreAuthorize("hasAuthority('pms:product:update')")
     public Object updateRecommendStatus(@RequestParam("ids") List<Long> ids,
                                       @RequestParam("recommendStatus") Integer recommendStatus) {
         int count = productService.updateRecommendStatus(ids, recommendStatus);
@@ -111,6 +119,7 @@ public class PmsProductController {
     @ApiOperation("批量设为新品")
     @RequestMapping(value = "/update/newStatus",method = RequestMethod.POST)
     @ResponseBody
+    @PreAuthorize("hasAuthority('pms:product:update')")
     public Object updateNewStatus(@RequestParam("ids") List<Long> ids,
                                         @RequestParam("newStatus") Integer newStatus) {
         int count = productService.updateNewStatus(ids, newStatus);
@@ -124,6 +133,7 @@ public class PmsProductController {
     @ApiOperation("批量修改删除状态")
     @RequestMapping(value = "/update/deleteStatus",method = RequestMethod.POST)
     @ResponseBody
+    @PreAuthorize("hasAuthority('pms:product:delete')")
     public Object updateDeleteStatus(@RequestParam("ids") List<Long> ids,
                                   @RequestParam("deleteStatus") Integer deleteStatus) {
         int count = productService.updateDeleteStatus(ids, deleteStatus);