diff --git a/src/main/java/com/jsl/oa/annotations/CheckUserAbleToUse.java b/src/main/java/com/jsl/oa/annotations/CheckUserAbleToUse.java
new file mode 100644
index 0000000..508fc24
--- /dev/null
+++ b/src/main/java/com/jsl/oa/annotations/CheckUserAbleToUse.java
@@ -0,0 +1,60 @@
+package com.jsl.oa.annotations;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+/**
+ * 检查用户是否可用
+ *
+ * 用于检查用户是否可用
+ *
+ * @version v1.1.0
+ * @since v1.1.0
+ * @see com.jsl.oa.aspect.AnnotationsAspect
+ * @author xiao_lfeng
+ */
+@Target(ElementType.METHOD)
+@Retention(RetentionPolicy.RUNTIME)
+public @interface CheckUserAbleToUse {
+ /**
+ * 是否启用
+ *
+ * 用于指定是否启用
+ * 请注意,禁用后任何用户权限校验不校验用户是否启用
+ *
+ * @return {@link Boolean}
+ */
+ boolean isCheckEnable() default true;
+
+ /**
+ * 是否删除
+ *
+ * 用于指定是否删除
+ * 请注意,禁用后任何用户权限校验不校验用户是否删除
+ *
+ * @return {@link Boolean}
+ */
+ boolean isCheckDelete() default true;
+
+ /**
+ * 是否锁定
+ *
+ * 用于指定是否锁定
+ * 请注意,禁用后任何用户权限校验不校验用户是否锁定
+ *
+ * @return {@link Boolean}
+ */
+ boolean isCheckLock() default true;
+
+ /**
+ * 是否过期
+ *
+ * 用于指定是否过期
+ * 请注意,禁用后任何用户权限校验不校验用户是否过期
+ *
+ * @return {@link Boolean}
+ */
+ boolean isCheckExpire() default true;
+}
diff --git a/src/main/java/com/jsl/oa/annotations/CheckUserHasPermission.java b/src/main/java/com/jsl/oa/annotations/CheckUserHasPermission.java
new file mode 100644
index 0000000..824f40e
--- /dev/null
+++ b/src/main/java/com/jsl/oa/annotations/CheckUserHasPermission.java
@@ -0,0 +1,36 @@
+package com.jsl.oa.annotations;
+
+import java.lang.annotation.*;
+
+/**
+ * 检查用户是否有权限
+ *
+ * 用于检查用户是否有权限
+ *
+ * @version v1.1.0
+ * @since v1.1.0
+ * @author xiao_lfeng
+ */
+@Documented
+@Target(ElementType.METHOD)
+@Retention(RetentionPolicy.RUNTIME)
+public @interface CheckUserHasPermission {
+ /**
+ * 权限名称
+ *
+ * 用于指定权限名称
+ *
+ * @return {@link String}
+ */
+ String value() default "";
+
+ /**
+ * 是否检查
+ *
+ * 用于指定是否检查
+ * 请注意,该方法只会禁止检查权限,但是不会禁止检查用户是否允许继续执行
+ * @since v1.1.0
+ * @return {@link Boolean}
+ */
+ boolean isCheck() default true;
+}
diff --git a/src/main/java/com/jsl/oa/aspect/AnnotationsAspect.java b/src/main/java/com/jsl/oa/aspect/AnnotationsAspect.java
new file mode 100644
index 0000000..faadbc5
--- /dev/null
+++ b/src/main/java/com/jsl/oa/aspect/AnnotationsAspect.java
@@ -0,0 +1,203 @@
+package com.jsl.oa.aspect;
+
+import com.jsl.oa.annotations.CheckUserAbleToUse;
+import com.jsl.oa.annotations.CheckUserHasPermission;
+import com.jsl.oa.dao.PermissionDAO;
+import com.jsl.oa.dao.RoleDAO;
+import com.jsl.oa.dao.UserDAO;
+import com.jsl.oa.mapper.UserMapper;
+import com.jsl.oa.model.doData.RoleDO;
+import com.jsl.oa.model.doData.RoleUserDO;
+import com.jsl.oa.model.doData.UserDO;
+import com.jsl.oa.utils.BaseResponse;
+import com.jsl.oa.utils.ErrorCode;
+import com.jsl.oa.utils.Processing;
+import com.jsl.oa.utils.ResultUtil;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.aspectj.lang.ProceedingJoinPoint;
+import org.aspectj.lang.annotation.Around;
+import org.aspectj.lang.annotation.Aspect;
+import org.aspectj.lang.reflect.MethodSignature;
+import org.jetbrains.annotations.NotNull;
+import org.jetbrains.annotations.Nullable;
+import org.springframework.stereotype.Component;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import javax.servlet.http.HttpServletRequest;
+import java.lang.reflect.Method;
+import java.util.List;
+import java.util.Objects;
+
+/**
+ * 注解切面
+ *
+ * 用于注解的切面
+ *
+ * @author xiao_lfeng
+ * @version v1.1.0
+ * @since v1.1.0
+ */
+@Slf4j
+@Aspect
+@Component
+@RequiredArgsConstructor
+public class AnnotationsAspect {
+ private final RoleDAO roleDAO;
+ private final UserDAO userDAO;
+ private final PermissionDAO permissionDAO;
+
+ /**
+ * 检查用户是否有权限
+ *
+ * 检查用户是否有权限
+ *
+ * @param pjp ProceedingJoinPoint对象
+ * @return {@link Object}
+ * @throws Throwable 异常
+ */
+ @Around("@annotation(com.jsl.oa.annotations.CheckUserHasPermission)")
+ public Object checkUserHasPermission(@NotNull ProceedingJoinPoint pjp) throws Throwable {
+ log.info("用户权限检查");
+ // 获取 HttpServletRequest 对象
+ HttpServletRequest request = ((ServletRequestAttributes) Objects.requireNonNull(RequestContextHolder.getRequestAttributes())).getRequest();
+
+ // 获取注解方法
+ CheckUserHasPermission checkUserHasPermission = getCheckUserHasPermission(pjp);
+ // 获取注解值
+ String permissionName = null;
+ boolean permissionCheck = true;
+ if (checkUserHasPermission != null) {
+ permissionName = checkUserHasPermission.value();
+ permissionCheck = checkUserHasPermission.isCheck();
+ }
+
+ // 获取用户信息
+ Long userId = Processing.getAuthHeaderToUserId(request);
+ if (userId != null) {
+ // 检查用户是否允许继续执行
+ BaseResponse checkUserAbleToNext = checkUserAbleToNext(userId, userDAO.userMapper);
+ if (checkUserAbleToNext != null) {
+ return checkUserAbleToNext;
+ } else {
+ if (permissionCheck) {
+ // 检查用户权限
+ List getPermission = permissionDAO.getPermission(userId);
+ // 匹配权限
+ if (getPermission.contains(permissionName)) {
+ return pjp.proceed();
+ } else {
+ log.info("\t> 用户权限不足,检查是否是管理员");
+ // 检查用户是管理员
+ RoleUserDO roleUserDO = roleDAO.roleMapper.getRoleUserByUid(Processing.getAuthHeaderToUserId(request));
+ if (roleUserDO != null) {
+ RoleDO roleDO = roleDAO.roleMapper.getRoleByRoleName("admin");
+ if (roleUserDO.getRid().equals(roleDO.getId())) {
+ return pjp.proceed();
+ } else {
+ return ResultUtil.error(ErrorCode.NOT_PERMISSION);
+ }
+ } else {
+ return ResultUtil.error(ErrorCode.NOT_ADMIN);
+ }
+ }
+ } else {
+ return pjp.proceed();
+ }
+ }
+ } else {
+ return ResultUtil.error(ErrorCode.TOKEN_NOT_EXIST);
+ }
+ }
+
+ @Around("@annotation(com.jsl.oa.annotations.CheckUserAbleToUse)")
+ public Object checkUserAbleToUse(ProceedingJoinPoint pjp) throws Throwable {
+ log.info("检查用户是否有权限继续");
+ // 获取 HttpServletRequest 对象
+ HttpServletRequest request = ((ServletRequestAttributes) Objects.requireNonNull(RequestContextHolder.getRequestAttributes())).getRequest();
+
+ // 获取注解方法
+ CheckUserAbleToUse check = getCheckUserAbleToUse(pjp);
+ // 获取注解值
+ assert check != null;
+
+ // 获取用户信息
+ Long userId = Processing.getAuthHeaderToUserId(request);
+ UserDO userDO = userDAO.userMapper.getUserById(userId);
+ // 用户不存在
+ if (userDO == null) {
+ return ResultUtil.error(ErrorCode.USER_NOT_EXIST);
+ }
+ if (check.isCheckEnable()) {
+ // 用户是否被禁用
+ if (!userDO.getEnabled()) {
+ return ResultUtil.error(ErrorCode.USER_DISABLED);
+ }
+ }
+ if (check.isCheckLock()) {
+ // 用户是否被封禁
+ if (!userDO.getAccountNoLocked()) {
+ return ResultUtil.error(ErrorCode.USER_LOCKED);
+ }
+ }
+ if (check.isCheckDelete()) {
+ // 用户是否被删除
+ if (userDO.getIsDelete()) {
+ return ResultUtil.error(ErrorCode.USER_ALREADY_DELETE);
+ }
+ }
+ if (check.isCheckExpire()) {
+ // 用户是否过期
+ if (!userDO.getAccountNoExpired()) {
+ return ResultUtil.error(ErrorCode.USER_EXPIRED);
+ }
+ }
+ return pjp.proceed();
+ }
+
+ private @Nullable CheckUserHasPermission getCheckUserHasPermission(@NotNull ProceedingJoinPoint joinPoint) {
+ // 获取方法对象
+ MethodSignature methodSignature = (MethodSignature) joinPoint.getSignature();
+ Method method = methodSignature.getMethod();
+
+ // 获取方法上的注解
+ return (method != null) ? method.getAnnotation(CheckUserHasPermission.class) : null;
+ }
+
+ private @Nullable CheckUserAbleToUse getCheckUserAbleToUse(@NotNull ProceedingJoinPoint joinPoint) {
+ // 获取方法对象
+ MethodSignature methodSignature = (MethodSignature) joinPoint.getSignature();
+ Method method = methodSignature.getMethod();
+
+ // 获取方法上的注解
+ return (method != null) ? method.getAnnotation(CheckUserAbleToUse.class) : null;
+ }
+
+ private @Nullable BaseResponse checkUserAbleToNext(Long userId, @NotNull UserMapper userMapper) {
+ log.info("\t> 检查用户是否有权限继续");
+ // 获取用户信息
+ UserDO userDO = userMapper.getUserById(userId);
+ // 用户不存在
+ if (userDO == null) {
+ return ResultUtil.error(ErrorCode.USER_NOT_EXIST);
+ }
+ // 用户是否被禁用
+ if (!userDO.getEnabled()) {
+ return ResultUtil.error(ErrorCode.USER_DISABLED);
+ }
+ // 用户是否被封禁
+ if (!userDO.getAccountNoLocked()) {
+ return ResultUtil.error(ErrorCode.USER_LOCKED);
+ }
+ // 用户是否被删除
+ if (userDO.getIsDelete()) {
+ return ResultUtil.error(ErrorCode.USER_ALREADY_DELETE);
+ }
+ // 用户是否过期
+ if (!userDO.getAccountNoExpired()) {
+ return ResultUtil.error(ErrorCode.USER_EXPIRED);
+ }
+ return null;
+ }
+}
diff --git a/src/main/java/com/jsl/oa/aspect/AuthControllerAspect.java b/src/main/java/com/jsl/oa/aspect/AuthControllerAspect.java
index ca301eb..923d863 100755
--- a/src/main/java/com/jsl/oa/aspect/AuthControllerAspect.java
+++ b/src/main/java/com/jsl/oa/aspect/AuthControllerAspect.java
@@ -102,6 +102,7 @@ public class AuthControllerAspect {
private @NotNull Boolean checkTimestamp(@NotNull HttpServletRequest request) {
// 获取请求头中的时间戳
String getTimestamp = request.getHeader("Timestamp");
+ log.info("\t> 获取到的时间戳为 {} | 当前时间戳 {}", getTimestamp, System.currentTimeMillis());
// 判断是否为空
if (getTimestamp == null || getTimestamp.isEmpty()) {
return false;
diff --git a/src/main/java/com/jsl/oa/config/filter/CorsFilter.java b/src/main/java/com/jsl/oa/config/filter/CorsFilter.java
index 8e94664..4839883 100644
--- a/src/main/java/com/jsl/oa/config/filter/CorsFilter.java
+++ b/src/main/java/com/jsl/oa/config/filter/CorsFilter.java
@@ -8,10 +8,21 @@ import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+/**
+ * CORS过滤器
+ *
+ * 用于处理跨域请求
+ *
+ * @version v1.1.0
+ * @since v1.1.0
+ * @see Filter
+ * @author xiao_lfeng
+ */
@Slf4j
@Component
public class CorsFilter implements Filter {
- public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) {
+ @Override
+ public void doFilter(@NotNull ServletRequest req, ServletResponse res, FilterChain chain) {
// 请求头处理
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest request = (HttpServletRequest) req;
@@ -25,9 +36,11 @@ public class CorsFilter implements Filter {
}
}
+ @Override
public void init(FilterConfig filterConfig) {
}
+ @Override
public void destroy() {
Filter.super.destroy();
}
diff --git a/src/main/java/com/jsl/oa/controllers/RoleController.java b/src/main/java/com/jsl/oa/controllers/RoleController.java
index 514de4a..b7c272e 100755
--- a/src/main/java/com/jsl/oa/controllers/RoleController.java
+++ b/src/main/java/com/jsl/oa/controllers/RoleController.java
@@ -11,14 +11,11 @@ import com.jsl.oa.utils.ResultUtil;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.jetbrains.annotations.NotNull;
-import org.jetbrains.annotations.Nullable;
import org.springframework.validation.BindingResult;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.*;
import javax.servlet.http.HttpServletRequest;
-import java.util.ArrayList;
-import java.util.regex.Pattern;
/**
* 角色控制器
@@ -44,7 +41,7 @@ public class RoleController {
* @return {@link BaseResponse}
*/
@GetMapping("/role/get")
- public BaseResponse roleGet(HttpServletRequest request, @RequestParam @Nullable String id) {
+ public BaseResponse roleGet(HttpServletRequest request, @RequestParam(required = false) String id) {
log.info("请求接口[GET]: /role/get");
return roleService.roleGet(request, id);
}
@@ -79,17 +76,11 @@ public class RoleController {
* @return {@link BaseResponse}
*/
@DeleteMapping("/role/delete")
- public BaseResponse roleDelete(HttpServletRequest request, @RequestParam String id) {
+ public BaseResponse roleDelete(HttpServletRequest request, @RequestParam Long id) {
log.info("请求接口[DELETE]: /role/delete");
// 判断是否有参数错误
if (id == null) {
return ResultUtil.error(ErrorCode.PARAMETER_ERROR);
- } else {
- if (Pattern.matches("^[0-9]+$", id)) {
- ArrayList error = new ArrayList<>();
- error.add("id 只能为数字");
- return ResultUtil.error(ErrorCode.PARAMETER_ERROR, error);
- }
}
return roleService.roleDelete(request, Long.valueOf(id));
}
diff --git a/src/main/java/com/jsl/oa/dao/PermissionDAO.java b/src/main/java/com/jsl/oa/dao/PermissionDAO.java
index 7424a15..fc4a9e5 100644
--- a/src/main/java/com/jsl/oa/dao/PermissionDAO.java
+++ b/src/main/java/com/jsl/oa/dao/PermissionDAO.java
@@ -53,15 +53,13 @@ public class PermissionDAO {
if (permission.getPid() != null) {
// 存在父亲
this.getFatherPermission(permissionString, permission.getPid());
- // 寻找子类
- this.getChildPermission(permissionString, permission.getId(), getPermissionForString);
- getPermissionForString.add(permissionString.toString());
} else {
// 不存在父亲
permissionString.append(permission.getName());
- this.getChildPermission(permissionString, permission.getId(), getPermissionForString);
- getPermissionForString.add(permissionString.toString());
}
+ // 寻找子类
+ this.getChildPermission(permissionString, permission.getId(), getPermissionForString);
+ getPermissionForString.add(permissionString.toString());
}
// 存入 Redis
permissionRedisUtil.setData(BusinessConstants.NONE, uid.toString(), gson.toJson(getPermissionForString), 1440);
diff --git a/src/main/java/com/jsl/oa/exception/ProcessException.java b/src/main/java/com/jsl/oa/exception/ProcessException.java
index a0d60c3..bc7b85b 100755
--- a/src/main/java/com/jsl/oa/exception/ProcessException.java
+++ b/src/main/java/com/jsl/oa/exception/ProcessException.java
@@ -14,10 +14,22 @@ import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.RestControllerAdvice;
import org.springframework.web.method.annotation.MethodArgumentTypeMismatchException;
-import java.util.Objects;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-
+/**
+ * 异常处理
+ *
+ * 用于处理异常
+ *
+ * @version v1.1.0
+ * @since v1.1.0
+ * @see HttpRequestMethodNotSupportedException
+ * @see DuplicateKeyException
+ * @see HttpMessageNotReadableException
+ * @see MissingServletRequestParameterException
+ * @see Exception
+ * @see ClassCopyException
+ * @see MethodArgumentTypeMismatchException
+ * @author xiao_lfeng
+ */
@Slf4j
@RestControllerAdvice
public class ProcessException {
@@ -42,32 +54,47 @@ public class ProcessException {
@ExceptionHandler(value = MissingServletRequestParameterException.class)
public ResponseEntity businessMissingServletRequestParameterException(MissingServletRequestParameterException e) {
log.error(e.getMessage(), e);
- // 使用正则表达式匹配并提取'id'部分
- Pattern pattern = Pattern.compile("'.*?'");
- Matcher matcher = pattern.matcher(Objects.requireNonNull(e.getMessage()));
-
- // 查找匹配项
- while (matcher.find()) {
- String matchedGroup = matcher.group();
- }
-
return ResponseEntity
.status(400)
.body(ResultUtil.error(ErrorCode.PARAMETER_ERROR, "缺少 " + e.getParameterName() + " 参数"));
}
+ /**
+ * 业务异常
+ *
+ * 用于处理业务异常
+ *
+ * @param e 异常
+ * @return {@link ResponseEntity}
+ */
@ExceptionHandler(value = Exception.class)
public ResponseEntity businessException(@NotNull Exception e) {
log.error(e.getMessage(), e);
return ResultUtil.error("ServerInternalError", 50000, "服务器内部错误");
}
+ /**
+ * 类拷贝异常
+ *
+ * 用于处理类拷贝异常
+ *
+ * @param e 异常
+ * @return {@link ResponseEntity}
+ */
@ExceptionHandler(value = ClassCopyException.class)
public ResponseEntity businessClassCopyException(@NotNull ClassCopyException e) {
log.error(e.getMessage(), e);
return ResultUtil.error("ServerInternalError", 50001, "服务器内部错误");
}
+ /**
+ * 参数类型不匹配异常
+ *
+ * 用于处理参数类型不匹配异常
+ *
+ * @param e 异常
+ * @return {@link ResponseEntity}
+ */
@ExceptionHandler(value = MethodArgumentTypeMismatchException.class)
public ResponseEntity businessMethodArgumentTypeMismatchException(@NotNull MethodArgumentTypeMismatchException e) {
log.error(e.getMessage(), e);
diff --git a/src/main/java/com/jsl/oa/services/impl/UserServiceImpl.java b/src/main/java/com/jsl/oa/services/impl/UserServiceImpl.java
index b5f6958..8d0cd37 100755
--- a/src/main/java/com/jsl/oa/services/impl/UserServiceImpl.java
+++ b/src/main/java/com/jsl/oa/services/impl/UserServiceImpl.java
@@ -1,8 +1,11 @@
package com.jsl.oa.services.impl;
+import com.jsl.oa.annotations.CheckUserAbleToUse;
+import com.jsl.oa.annotations.CheckUserHasPermission;
+import com.jsl.oa.dao.PermissionDAO;
+import com.jsl.oa.dao.RoleDAO;
import com.jsl.oa.dao.UserDAO;
-import com.jsl.oa.mapper.PermissionMapper;
-import com.jsl.oa.mapper.RoleMapper;
+import com.jsl.oa.model.doData.RoleDO;
import com.jsl.oa.model.doData.RoleUserDO;
import com.jsl.oa.model.doData.UserDO;
import com.jsl.oa.model.voData.*;
@@ -19,14 +22,25 @@ import java.util.ArrayList;
import java.util.List;
import java.util.regex.Pattern;
+/**
+ * 用户服务实现类
+ *
+ * 用户服务实现类,包含用户账号删除、用户账号锁定、用户编辑自己的信息接口
+ *
+ * @version v1.1.0
+ * @see UserService
+ * @see UserEditProfileVO
+ * @since v1.0.0
+ * @author xiao_lfeng
+ */
@Slf4j
@Service
@RequiredArgsConstructor
public class UserServiceImpl implements UserService {
private final UserDAO userDAO;
- private final RoleMapper roleMapper;
- private final PermissionMapper permissionMapper;
+ private final RoleDAO roleDAO;
+ private final PermissionDAO permissionDAO;
@Override
public UserDO getUserInfoByUsername(String username) {
@@ -38,7 +52,7 @@ public class UserServiceImpl implements UserService {
log.info("\t> 执行 Service 层 UserService.userDelete 方法");
//判断用户是否存在
if (userDAO.isExistUser(id)) {
- if (!Processing.checkUserIsAdmin(request, roleMapper)) {
+ if (!Processing.checkUserIsAdmin(request, roleDAO.roleMapper)) {
return ResultUtil.error(ErrorCode.NOT_ADMIN);
}
// 用户是否已删除
@@ -56,7 +70,7 @@ public class UserServiceImpl implements UserService {
@Override
public BaseResponse userLock(HttpServletRequest request, Long id, Long isLock) {
log.info("\t> 执行 Service 层 UserService.userLock 方法");
- if (!Processing.checkUserIsAdmin(request, roleMapper)) {
+ if (!Processing.checkUserIsAdmin(request, roleDAO.roleMapper)) {
return ResultUtil.error(ErrorCode.NOT_ADMIN);
}
//判断用户是否存在
@@ -72,16 +86,15 @@ public class UserServiceImpl implements UserService {
if (userDAO.isExistUser(userEditProfileVO.getId())) {
userDAO.userEditProfile(userEditProfileVO);
return ResultUtil.success("修改成功");
- } else return ResultUtil.error(ErrorCode.USER_NOT_EXIST);
+ } else {
+ return ResultUtil.error(ErrorCode.USER_NOT_EXIST);
+ }
}
@Override
+ @CheckUserHasPermission("user.current.all")
public BaseResponse userCurrentAll(HttpServletRequest request, @NotNull UserAllCurrentVO userAllCurrentVO) {
log.info("\t> 执行 Service 层 UserService.userCurrentAll 方法");
- // 检查是否是管理员用户
- if (!Processing.checkUserIsAdmin(request, roleMapper)) {
- return ResultUtil.error(ErrorCode.NOT_ADMIN);
- }
// 检查数据
if (userAllCurrentVO.getPage() == null || userAllCurrentVO.getPage() < 1) {
userAllCurrentVO.setPage(1L);
@@ -114,29 +127,38 @@ public class UserServiceImpl implements UserService {
}
@Override
+ @CheckUserAbleToUse
public BaseResponse userCurrent(HttpServletRequest request, String id, String username, String email, String phone) {
log.info("\t> 执行 Service 层 UserService.userCurrent 方法");
- // 检查用户是否有权限继续
- log.info("\t> 检查用户是否有权限继续");
- BaseResponse userAbleNext = Processing.checkUserAbleToNext(request, userDAO.userMapper);
- if (userAbleNext != null) {
- return userAbleNext;
- }
- if (!Processing.checkUserHasPermission(request, roleMapper, permissionMapper, "")) {
- return ResultUtil.error(ErrorCode.NOT_PERMISSION);
- }
if (id == null && username == null && email == null && phone == null) {
// Token获取信息
UserDO userDO = userDAO.getUserById(Processing.getAuthHeaderToUserId(request));
if (userDO != null) {
- return ResultUtil.success(Processing.ReturnUserInfo(userDO, roleMapper));
+ return ResultUtil.success(Processing.ReturnUserInfo(userDO, roleDAO.roleMapper));
} else {
return ResultUtil.error(ErrorCode.USER_NOT_EXIST);
}
} else {
// 检查是否是管理员用户
- if (!Processing.checkUserIsAdmin(request, roleMapper)) {
- return ResultUtil.error(ErrorCode.NOT_ADMIN);
+ Long userId = Processing.getAuthHeaderToUserId(request);
+ if (userId != null) {
+ List getPermission = permissionDAO.getPermission(userId);
+ // 匹配权限
+ if (!getPermission.contains("user.current")) {
+ log.info("\t> 用户权限不足,检查是否是管理员");
+ // 检查用户是管理员
+ RoleUserDO roleUserDO = roleDAO.roleMapper.getRoleUserByUid(Processing.getAuthHeaderToUserId(request));
+ if (roleUserDO != null) {
+ RoleDO roleDO = roleDAO.roleMapper.getRoleByRoleName("admin");
+ if (!roleUserDO.getRid().equals(roleDO.getId())) {
+ return ResultUtil.error(ErrorCode.NOT_PERMISSION);
+ }
+ } else {
+ return ResultUtil.error(ErrorCode.NOT_PERMISSION);
+ }
+ }
+ } else {
+ return ResultUtil.error(ErrorCode.TOKEN_NOT_EXIST);
}
// 根据顺序优先级进行用户信息获取
UserDO userDO = null;
@@ -151,7 +173,7 @@ public class UserServiceImpl implements UserService {
}
// 返回结果
if (userDO != null) {
- return ResultUtil.success(Processing.ReturnUserInfo(userDO, roleMapper));
+ return ResultUtil.success(Processing.ReturnUserInfo(userDO, roleDAO.roleMapper));
} else {
return ResultUtil.error(ErrorCode.USER_NOT_EXIST);
}
@@ -163,7 +185,7 @@ public class UserServiceImpl implements UserService {
public BaseResponse userAdd(UserAddVO userAddVo, HttpServletRequest request) {
log.info("\t> 执行 Service 层 UserService.userAdd 方法");
// 检测用户是否为管理员
- if (!Processing.checkUserIsAdmin(request, roleMapper)) {
+ if (!Processing.checkUserIsAdmin(request, roleDAO.roleMapper)) {
return ResultUtil.error(ErrorCode.NOT_ADMIN);
}
//如果用户不重复,添加用户
@@ -199,7 +221,7 @@ public class UserServiceImpl implements UserService {
public BaseResponse userEdit(UserEditVO userEditVO, HttpServletRequest request) {
log.info("\t> 执行 Service 层 userEdit 方法");
// 检测用户是否为管理员
- if (!Processing.checkUserIsAdmin(request, roleMapper)) {
+ if (!Processing.checkUserIsAdmin(request, roleDAO.roleMapper)) {
return ResultUtil.error(ErrorCode.NOT_ADMIN);
}
//根据id获取用户信息
diff --git a/src/main/java/com/jsl/oa/utils/ErrorCode.java b/src/main/java/com/jsl/oa/utils/ErrorCode.java
index 0ec858f..e790b0a 100755
--- a/src/main/java/com/jsl/oa/utils/ErrorCode.java
+++ b/src/main/java/com/jsl/oa/utils/ErrorCode.java
@@ -3,6 +3,15 @@ package com.jsl.oa.utils;
import lombok.Getter;
import lombok.extern.slf4j.Slf4j;
+/**
+ * 错误码
+ *
+ * 用于定义错误码
+ *
+ * @version v1.1.0
+ * @since v1.0.0
+ * @author xiao_lfeng
+ */
@Slf4j
@Getter
public enum ErrorCode {
@@ -30,6 +39,7 @@ public enum ErrorCode {
USER_ALREADY_DELETE("UserAlreadyDelete", 40306, "用户已被删除"),
USER_DISABLED("UserDisabled", 40307, "用户已被禁用"),
USER_LOCKED("UserLocked", 40308, "用户已被锁定"),
+ USER_EXPIRED("UserExpired", 40309, "用户已过期"),
ID_NOT_EXIST("IdNotExist", 40400, "ID不存在"),
ROLE_NOT_FOUNDED("RoleNotFounded", 40401, "角色不存在"),
ROLE_NAME_REPEAT("RoleNameRepeat", 40402, "角色名称重复"),
diff --git a/src/main/java/com/jsl/oa/utils/Processing.java b/src/main/java/com/jsl/oa/utils/Processing.java
index efe3183..63080d8 100755
--- a/src/main/java/com/jsl/oa/utils/Processing.java
+++ b/src/main/java/com/jsl/oa/utils/Processing.java
@@ -1,15 +1,14 @@
package com.jsl.oa.utils;
import com.jsl.oa.exception.ClassCopyException;
-import com.jsl.oa.mapper.PermissionMapper;
import com.jsl.oa.mapper.RoleMapper;
-import com.jsl.oa.mapper.UserMapper;
import com.jsl.oa.model.doData.PermissionDO;
import com.jsl.oa.model.doData.RoleDO;
import com.jsl.oa.model.doData.RoleUserDO;
import com.jsl.oa.model.doData.UserDO;
import com.jsl.oa.model.voData.PermissionContentVo;
import com.jsl.oa.model.voData.UserCurrentBackVO;
+import org.jetbrains.annotations.Contract;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.springframework.validation.BindingResult;
@@ -236,7 +235,8 @@ public class Processing {
* @Description: 将性别转为字符形式
* @Date: 2024/1/18
**/
- public static String getSex(short sex){
+ @Contract(pure = true)
+ public static @NotNull String getSex(short sex){
if(sex == 0){
return "保密";
}
@@ -368,32 +368,4 @@ public class Processing {
return vo;
}
-
- public static @Nullable BaseResponse checkUserAbleToNext(HttpServletRequest request, @NotNull UserMapper userMapper) {
- Long userId = Processing.getAuthHeaderToUserId(request);
- // 获取用户信息
- UserDO userDO = userMapper.getUserById(userId);
- // 用户不存在
- if (userDO == null) {
- return ResultUtil.error(ErrorCode.USER_NOT_EXIST);
- }
- // 用户是否被禁用
- if (!userDO.getEnabled()) {
- return ResultUtil.error(ErrorCode.USER_DISABLED);
- }
- // 用户是否被封禁
- if (!userDO.getAccountNoLocked()) {
- return ResultUtil.error(ErrorCode.USER_LOCKED);
- }
- // 用户是否被删除
- if (userDO.getIsDelete()) {
- return ResultUtil.error(ErrorCode.USER_ALREADY_DELETE);
- }
- return null;
- }
-
- public static boolean checkUserHasPermission(HttpServletRequest request, RoleMapper roleMapper, PermissionMapper permissionMapper, String permission) {
- // TODO: 10003-用户权限及权限组校验
- return true;
- }
}
diff --git a/src/main/java/com/jsl/oa/utils/ResultUtil.java b/src/main/java/com/jsl/oa/utils/ResultUtil.java
index c3dc628..af924a4 100755
--- a/src/main/java/com/jsl/oa/utils/ResultUtil.java
+++ b/src/main/java/com/jsl/oa/utils/ResultUtil.java
@@ -5,6 +5,15 @@ import org.jetbrains.annotations.Contract;
import org.jetbrains.annotations.NotNull;
import org.springframework.http.ResponseEntity;
+/**
+ * 结果工具类
+ *
+ * 用于返回结果
+ *
+ * @version v1.1.0
+ * @since v1.1.0
+ * @author xiao_lfeng
+ */
@Slf4j
public class ResultUtil {
@@ -60,7 +69,7 @@ public class ResultUtil {
public static @NotNull ResponseEntity error(String output, Integer code, String message) {
log.warn("失败: 错误码[" + code + "] {} - {}", output, message);
log.info("==================================================");
- return ResponseEntity.status(code)
+ return ResponseEntity.status(500)
.body(new BaseResponse(output, code, message));
}
}
diff --git a/src/main/java/com/jsl/oa/utils/redis/TokenRedisUtil.java b/src/main/java/com/jsl/oa/utils/redis/TokenRedisUtil.java
index 46d5a4d..a7dfe2c 100644
--- a/src/main/java/com/jsl/oa/utils/redis/TokenRedisUtil.java
+++ b/src/main/java/com/jsl/oa/utils/redis/TokenRedisUtil.java
@@ -35,21 +35,18 @@ public class TokenRedisUtil extends RedisOperating {
@Override
public Long getExpiredAt(@NotNull BusinessConstants businessConstants, String field) {
String key = RedisConstant.TYPE_AUTH + RedisConstant.TABLE_TOKEN + businessConstants.getValue() + field;
- log.info("\t\t> 读取 Redis 键为 {} 的过期时间", key);
return redisTemplate.getExpire(key);
}
@Override
public Boolean delData(@NotNull BusinessConstants businessConstants, String field) {
String key = RedisConstant.TYPE_AUTH + RedisConstant.TABLE_TOKEN + businessConstants.getValue() + field;
- log.info("\t\t> 删除 Redis 键为 {} 的数据", key);
return redisTemplate.delete(key);
}
@Override
public R getData(@NotNull BusinessConstants businessConstants, String field) {
String key = RedisConstant.TYPE_AUTH + RedisConstant.TABLE_TOKEN + businessConstants.getValue() + field;
- log.info("\t\t> 读取 Redis 键为 {} 的数据", key);
return redisTemplate.opsForValue().get(key);
}
@@ -57,7 +54,6 @@ public class TokenRedisUtil extends RedisOperating {
public Boolean setData(@NotNull BusinessConstants businessConstants, String field, R value, Integer time) {
// 处理数据
String key = RedisConstant.TYPE_AUTH + RedisConstant.TABLE_TOKEN + businessConstants.getValue() + field;
- log.info("\t\t> 写入 Redis 键为 {} 的数据", key);
redisTemplate.opsForValue().set(key, value);
redisTemplate.expire(key, time, TimeUnit.MINUTES);
return true;
@@ -65,7 +61,6 @@ public class TokenRedisUtil extends RedisOperating {
public List getList(@NotNull BusinessConstants businessConstants) {
String key = RedisConstant.TYPE_AUTH + RedisConstant.TABLE_TOKEN + businessConstants.getValue() + "*";
- log.info("\t\t> 读取 Redis 键为 {} 的数据", key);
return this.getList(key);
}
}