增加管理员获得菜单接口

2019-02-27 23:56:05 +08:00
parent c198f93819
commit f53d924e1e
22 changed files with 556 additions and 14 deletions
--- a/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/convert/ResourceConvert.java
+++ b/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/convert/ResourceConvert.java
@@ -0,0 +1,22 @@
+package cn.iocoder.mall.admin.convert;
+
+import cn.iocoder.mall.admin.api.bo.ResourceBO;
+import cn.iocoder.mall.admin.dataobject.ResourceDO;
+import org.mapstruct.Mapper;
+import org.mapstruct.Mappings;
+import org.mapstruct.factory.Mappers;
+
+import java.util.List;
+
+@Mapper
+public interface ResourceConvert {
+
+    ResourceConvert INSTANCE = Mappers.getMapper(ResourceConvert.class);
+
+    @Mappings({})
+    ResourceBO convert(ResourceDO resourceDO);
+
+    @Mappings({})
+    List<ResourceBO> convert(List<ResourceDO> resourceDOs);
+
+}
--- a/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/dao/ResourceMapper.java
+++ b/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/dao/ResourceMapper.java
@@ -0,0 +1,19 @@
+package cn.iocoder.mall.admin.dao;
+
+import cn.iocoder.mall.admin.dataobject.ResourceDO;
+import org.apache.ibatis.annotations.Param;
+import org.springframework.stereotype.Repository;
+
+import java.util.List;
+import java.util.Set;
+
+@Repository
+public interface ResourceMapper {
+
+    ResourceDO selectByTypeAndHandler(@Param("type") Integer type,
+                                      @Param("handler") String handler);
+
+    List<ResourceDO> selectListByTypeAndRoleIds(@Param("type") Integer type,
+                                                @Param("roleIds") Set<Integer> roleIds);
+
+}
--- a/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/dao/RoleResourceMapper.java
+++ b/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/dao/RoleResourceMapper.java
@@ -11,4 +11,6 @@ public interface RoleResourceMapper {

    List<RoleResourceDO> selectByResourceHandler(@Param("resourceHandler") String resourceHandler);

+    List<RoleResourceDO> selectRoleByResourceId(@Param("resourceId") Integer resourceId);
+
 }
--- a/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/dataobject/ResourceDO.java
+++ b/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/dataobject/ResourceDO.java
@@ -1,21 +1,25 @@
 package cn.iocoder.mall.admin.dataobject;

+import cn.iocoder.common.framework.dataobject.BaseDO;
+
 import java.util.Date;

 /**
 * 资源实体
 */
-public class ResourceDO {
+public class ResourceDO extends BaseDO {

    /**
     * 资源类型 - 菜单
     */
+    @Deprecated
    public static final Integer TYPE_MENU = 1;
    /**
     * 资源类型 - 操作
     *
     * 例如，按钮。
     */
+    @Deprecated
    public static final Integer TYPE_OPERATION = 2;

    /**
@@ -23,7 +27,7 @@ public class ResourceDO {
     */
    private Integer id;
    /**
-     * 资源名字
+     * 资源名字（标识）
     */
    private String name;
    /**
@@ -50,7 +54,7 @@ public class ResourceDO {
     * 操作
     *
     * 当资源类型为【菜单】时，handler 配置为界面 URL ，或者前端组件名
-     * 当资源类型为【操作】时，handler 配置为后端 URL 。举个例子，如果有一个「创建管理员」的表单，那么前端界面上的按钮可以根据这个 url 判断是否展示，后端接收到该 url 的请求时会判断是否有权限。
+     * 当资源类型为【URL】时，handler 配置为后端 URL 。举个例子，如果有一个「创建管理员」的表单，那么前端界面上的按钮可以根据这个 url 判断是否展示，后端接收到该 url 的请求时会判断是否有权限。
     */
    private String handler;

--- a/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/service/AdminServiceImpl.java
+++ b/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/service/AdminServiceImpl.java
@@ -4,9 +4,9 @@ import cn.iocoder.common.framework.util.ServiceExceptionUtil;
 import cn.iocoder.common.framework.vo.CommonResult;
 import cn.iocoder.mall.admin.api.AdminService;
 import cn.iocoder.mall.admin.api.constant.AdminErrorCodeEnum;
+import cn.iocoder.mall.admin.dataobject.AdminDO;
 import cn.iocoder.mall.admin.dao.AdminMapper;
 import cn.iocoder.mall.admin.dao.AdminRoleMapper;
-import cn.iocoder.mall.admin.dataobject.AdminDO;
 import cn.iocoder.mall.admin.dataobject.AdminRoleDO;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
--- a/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/service/OAuth2ServiceImpl.java
+++ b/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/service/OAuth2ServiceImpl.java
@@ -14,7 +14,10 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;

-import java.util.*;
+import java.util.Date;
+import java.util.List;
+import java.util.Set;
+import java.util.UUID;

@Service
@com.alibaba.dubbo.config.annotation.Service
@@ -39,6 +42,8 @@ public class OAuth2ServiceImpl implements OAuth2Service {
    private OAuth2RefreshTokenMapper oauth2RefreshTokenMapper;
    @Autowired
    private RoleServiceImpl roleService;
+    @Autowired
+    private ResourceServiceImpl resourceService;

    @Override
    public CommonResult<OAuth2AccessTokenBO> getAccessToken(String username, String password) {
@@ -76,15 +81,17 @@ public class OAuth2ServiceImpl implements OAuth2Service {

    @Override
    public CommonResult<Boolean> checkPermission(Integer adminId, Set<Integer> roleIds, String url) {
-        // 避免传入的是空集合
-        if (roleIds == null) {
-            roleIds = Collections.emptySet();
-        }
-        // 校验权限
-        List<RoleResourceDO> roleResourceDOs = roleService.getRoleByResourceHandler(url);
-        if (roleResourceDOs.isEmpty()) { // 任何角色，都可以访问。TODO 后面调整下，如果未配置的资源，直接不校验权限
+        // 如果未配置该资源，说明无需权限控制。
+        ResourceDO resource = resourceService.getResourceByTypeAndHandler(ResourceDO.TYPE_OPERATION, url);
+        if (resource == null) {
            return CommonResult.success(true);
        }
+        // 资源存在，结果无角色，说明没有权限。
+        if (roleIds == null || roleIds.isEmpty()) {
+            return ServiceExceptionUtil.error(AdminErrorCodeEnum.OAUTH_INVALID_PERMISSION.getCode());
+        }
+        // 校验是否有资源对应的角色，即 RBAC 。
+        List<RoleResourceDO> roleResourceDOs = roleService.getRoleByResourceId(resource.getId());
        for (RoleResourceDO roleResourceDO : roleResourceDOs) {
            if (roleIds.contains(roleResourceDO.getRoleId())) {
                return CommonResult.success(true);
--- a/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/service/ResourceServiceImpl.java
+++ b/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/service/ResourceServiceImpl.java
@@ -0,0 +1,34 @@
+package cn.iocoder.mall.admin.service;
+
+import cn.iocoder.mall.admin.api.ResourceService;
+import cn.iocoder.mall.admin.api.bo.ResourceBO;
+import cn.iocoder.mall.admin.convert.ResourceConvert;
+import cn.iocoder.mall.admin.dao.ResourceMapper;
+import cn.iocoder.mall.admin.dataobject.ResourceDO;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import java.util.Collections;
+import java.util.List;
+import java.util.Set;
+
+@Service
+@com.alibaba.dubbo.config.annotation.Service
+public class ResourceServiceImpl implements ResourceService {
+
+    @Autowired
+    private ResourceMapper resourceMapper;
+
+    public ResourceDO getResourceByTypeAndHandler(Integer type, String handler) {
+        return resourceMapper.selectByTypeAndHandler(type, handler);
+    }
+
+    @Override
+    public List<ResourceBO> getResourceByTypeAndRoleIds(Integer type, Set<Integer> roleIds) {
+        if (roleIds == null || roleIds.isEmpty()) {
+            return Collections.emptyList();
+        }
+        return ResourceConvert.INSTANCE.convert(resourceMapper.selectListByTypeAndRoleIds(type, roleIds));
+    }
+
+}
--- a/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/service/RoleServiceImpl.java
+++ b/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/service/RoleServiceImpl.java
@@ -19,4 +19,8 @@ public class RoleServiceImpl implements RoleService {
        return roleResourceMapper.selectByResourceHandler(resourceHandler);
    }

+    public List<RoleResourceDO> getRoleByResourceId(Integer resourceId) {
+        return roleResourceMapper.selectRoleByResourceId(resourceId);
+    }
+
 }