Skip to content

M
manager
Commit e05d635b by kangxiaoshan
Options

权限管理

parent a3347f45
Showing with 229 additions and 81 deletions
src/main/java/common/controller/ContractController.java
......@@ -2,6 +2,7 @@ package common.controller;
import common.model.*;
import common.service.ContractService;
import dic.AuthMenuEnmm;
import dic.ContractStatusEnum;
import dic.OperateObjectTypeEnum;
import org.apache.commons.io.IOUtils;
......@@ -14,6 +15,7 @@ import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;
import security.annotation.AuthKey;
import security.annotation.CurrentAccount;
import util.IPAddrUtil;
import util.NewUserLogThread;
......@@ -71,6 +73,7 @@ public class ContractController {
@RequestMapping(value = "find", method = RequestMethod.GET)
@ResponseBody
@AuthKey(AuthMenuEnmm.CONTRACTMNG_V)
public ResultModel findAll(@CurrentAccount User loginAccount, @PathVariable String platform,
@RequestParam String startDate, @RequestParam String endDate,String contractId) {
......@@ -88,6 +91,7 @@ public class ContractController {
@RequestMapping(value = "export", method = RequestMethod.GET,produces = MediaType.APPLICATION_OCTET_STREAM_VALUE)
@ResponseBody
@AuthKey(AuthMenuEnmm.CONTRACTMNG_EX)
public ResponseEntity<byte[]> export(@CurrentAccount User loginAccount, @PathVariable String platform, @RequestParam String startDate
, @RequestParam String endDate, HttpServletRequest request, HttpServletResponse response) {
List<Contract> contractList = service.findAll(loginAccount, startDate, endDate, platform,null);
......@@ -123,6 +127,7 @@ public class ContractController {
@RequestMapping(value = "pay/export", method = RequestMethod.GET,produces = MediaType.APPLICATION_OCTET_STREAM_VALUE)
@ResponseBody
@AuthKey(AuthMenuEnmm.COLLECTBILLLIST_EX)
public ResponseEntity<byte[]> exportPay(@CurrentAccount User loginAccount, @RequestParam String startDate, @RequestParam String endDate,
HttpServletRequest request, HttpServletResponse response, @PathVariable String platform ,
String moneyType,String packageTypeSearch,String money_ids) {
......@@ -259,6 +264,7 @@ public class ContractController {
@RequestMapping(value = "update", method = RequestMethod.PUT)
@ResponseBody
@AuthKey(AuthMenuEnmm.CONTRACTMNG_M)
public ResultModel update(@CurrentAccount User loginAccount, @RequestBody Contract contract, HttpServletRequest request, @PathVariable String platform) {
String ip = IPAddrUtil.getIpAddrNew(request);
......@@ -332,6 +338,7 @@ public class ContractController {
@RequestMapping(value = "find/payall", method = RequestMethod.GET)
@ResponseBody
@AuthKey(AuthMenuEnmm.COLLECTBILLLIST_V)
public ResultModel findPayAll(@CurrentAccount User loginAccount, @RequestParam String startDate,
@RequestParam String endDate, @PathVariable String platform,
String moneyType,String packageTypeSearch,String money_ids) {
......@@ -364,6 +371,7 @@ public class ContractController {
@RequestMapping(value = "setstaus", method = RequestMethod.GET)
@ResponseBody
@AuthKey(AuthMenuEnmm.CONTRACTMNG_D)
public ResultModel contractStatusUpdate( @PathVariable String platform,@CurrentAccount User loginUser,
String contractId,String status,HttpServletRequest request) {
......
src/main/java/common/controller/UserController.java
......@@ -8,10 +8,12 @@ import common.repository.RoleTypeRepository;
import common.repository.UserRepository;
import common.service.MenuService;
import common.service.UserService;
import dic.AuthMenuEnmm;
import dic.OperateObjectTypeEnum;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;
import security.annotation.AuthKey;
import security.annotation.CurrentAccount;
import util.CipherUtil;
import util.ResultModel;
......@@ -50,6 +52,7 @@ public class UserController {
@RequestMapping(value = "/create", method = RequestMethod.POST)
@ResponseBody
@AuthKey(AuthMenuEnmm.USERMNG_A)
public ResultModel create(@CurrentAccount User loginAccount, @RequestBody User resource, HttpServletRequest request) {
if(userService.validEmail(resource.getEmail())){
userService.create(loginAccount, resource);
......@@ -63,6 +66,7 @@ public class UserController {
@RequestMapping(value = "/update", method = RequestMethod.PUT)
@ResponseBody
@AuthKey(AuthMenuEnmm.USERMNG_M)
public ResultModel update(@CurrentAccount User loginAccount, @RequestBody User resource, HttpServletRequest request) {
UserLogThread userlog = new UserLogThread(loginAccount.getEmail(), loginAccount.getName(), OperateObjectTypeEnum.INNERUSER.getKey(), resource.getEmail(), "修改系统账号", request,loginAccount.getRole(),"manager");
userlog.start();
......@@ -71,6 +75,7 @@ public class UserController {
@RequestMapping(value = "/find", method = RequestMethod.GET)
@ResponseBody
@AuthKey(AuthMenuEnmm.USERMNG_V)
public ResultModel find(@CurrentAccount User loginAccount) {
return ResultModel.OK(userService.find(loginAccount));
}
......@@ -96,6 +101,7 @@ public class UserController {
@RequestMapping(value = "/delete/{id}", method = RequestMethod.DELETE)
@ResponseBody
@AuthKey(AuthMenuEnmm.USERMNG_D)
public ResultModel delete(@CurrentAccount User loginAccount, @PathVariable Long id, HttpServletRequest request) {
User user = userService.delete(loginAccount, id);
UserLogThread userlog = new UserLogThread(loginAccount.getEmail(), loginAccount.getName(), OperateObjectTypeEnum.INNERUSER.getKey(), user.getEmail(), "删除系统账号", request,loginAccount.getRole(),"manager");
......@@ -114,6 +120,7 @@ public class UserController {
@RequestMapping(value = "/forbiden/{id}", method = RequestMethod.PUT)
@ResponseBody
@AuthKey(AuthMenuEnmm.USERMNG_STOP)
public ResultModel forbiden(@CurrentAccount User loginAccount, @PathVariable Long id, HttpServletRequest request) {
User user = userService.forbiden(loginAccount, id);
UserLogThread userlog = new UserLogThread(loginAccount.getEmail(), loginAccount.getName(), OperateObjectTypeEnum.INNERUSER.getKey(), user.getEmail(), "停用系统账号", request,loginAccount.getRole(),"manager");
......@@ -123,6 +130,7 @@ public class UserController {
@RequestMapping(value = "/update/name", method = RequestMethod.PUT)
@ResponseBody
@AuthKey(AuthMenuEnmm.USERMNG_M)
public ResultModel updateName(@CurrentAccount User loginAccount, @RequestParam String name, HttpServletRequest request) {
User login = userRepository.login(name);
if(null == login){
......@@ -138,6 +146,7 @@ public class UserController {
@RequestMapping(value = "/update/password", method = RequestMethod.PUT)
@ResponseBody
@AuthKey(AuthMenuEnmm.USERMNG_M)
public ResultModel updatePwd(@CurrentAccount User loginAccount, @RequestParam String pwd, @RequestParam String oldpwd, HttpServletRequest request) {
User login = userRepository.login(loginAccount.getEmail(), CipherUtil.generatePassword(oldpwd));
if(null != login){
......@@ -153,6 +162,7 @@ public class UserController {
//忘记密码时,修改密码
@RequestMapping(value = "/update/pwd", method = RequestMethod.PUT)
@ResponseBody
@AuthKey(AuthMenuEnmm.USERMNG_M)
public ResultModel updatePwd(@RequestParam String email, @RequestParam String pwd, HttpServletRequest request) {
UserLogThread userlog = new UserLogThread(email, email, OperateObjectTypeEnum.INNERUSER.getKey(), email, "修改系统账号密码", request,null,"manager");
userlog.start();
......
src/main/java/common/controller/UserLogController.java
......@@ -4,9 +4,11 @@ import common.model.User;
import common.model.UserLog;
import common.service.ContractService;
import common.service.UserLogService;
import dic.AuthMenuEnmm;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;
import security.annotation.AuthKey;
import security.annotation.CurrentAccount;
import util.ResultModel;
......@@ -36,6 +38,7 @@ public class UserLogController
@RequestMapping(value = "change/del/info", method = RequestMethod.GET)
@ResponseBody
@AuthKey(AuthMenuEnmm.USERLOGS_V)
public ResultModel getChangeDelData( @CurrentAccount User loginAccount,
HttpServletRequest request,
String contranctCode,String startDate,String endDate) {
......@@ -53,6 +56,7 @@ public class UserLogController
@RequestMapping(value = "change/del/recover", method = RequestMethod.GET)
@ResponseBody
@AuthKey(AuthMenuEnmm.USERLOGS_RE)
public ResultModel changesDelRecover( @CurrentAccount User loginAccount,
HttpServletRequest request,String id,String type) {
......
src/main/java/common/model/User.java
......@@ -6,6 +6,7 @@ import javax.persistence.Id;
import javax.persistence.Transient;
import java.util.Date;
import java.util.List;
import java.util.Map;
@Entity
public class User {
......@@ -29,6 +30,8 @@ public class User {
private Date createTime;
private Boolean delFlag;
private Map<String,String> authdataDic;
@Id
@GeneratedValue
......@@ -171,6 +174,15 @@ public class User {
this.parent = parent;
}
@Transient
public Map<String, String> getAuthdataDic() {
return authdataDic;
}
public void setAuthdataDic(Map<String, String> authdataDic) {
this.authdataDic = authdataDic;
}
@Override
public String toString() {
return "User{" +
......
src/main/java/common/service/impl/AuthServiceImpl.java
......@@ -29,34 +29,19 @@ public class AuthServiceImpl implements AuthService {
@Override
public Map<String, Object> getAuthExtends(User loginAccount) {
Auth auth = authRepository.findByUser(loginAccount.getId());
List<String> authArrs = new ArrayList<>();
Map<String, Object> collect = new HashMap<>();
if(RoleEnum.FINANCE.getKey().equals(loginAccount.getRole())){
if(RoleEnum.FINANCE.getKey().equals(loginAccount.getRole()) || RoleEnum.PM.getKey().equals(loginAccount.getRole())){
//财务 按签约主体查看
List<Integer> authInt = JSONArray.fromObject(auth.getAuthExtend());
collect = authInt.stream().collect(Collectors.toMap(t -> t.toString(), t -> t));
List<String> authArrs = JSONArray.fromObject(auth.getAuthExtend());
collect = authArrs.stream().collect(Collectors.toMap(t -> t, t -> t));
}else if(RoleEnum.SALSEMAN.getKey().equals(loginAccount.getRole())){
//销售 按签约合同人查看
authArrs = JSONArray.fromObject(auth.getAuthExtend());
collect = authArrs.stream().collect(Collectors.toMap(t -> t, t -> t));
}else if(RoleEnum.PM.getKey().equals(loginAccount.getRole())){
// 项目经理
authArrs = JSONArray.fromObject(auth.getAuthExtend());
collect = authArrs.stream().collect(Collectors.toMap(t -> t, t -> t));
List<Integer> authArrs = JSONArray.fromObject(auth.getAuthExtend());
collect = authArrs.stream().collect(Collectors.toMap(t -> t.toString(), t -> t));
}
if(collect.size()>0){
......
src/main/java/common/service/impl/ContractServiceImpl.java
......@@ -126,8 +126,6 @@ public class ContractServiceImpl implements ContractService {
AuthService authService;
@Override
public Map<String, Object> checkAccount(String email, String platfrom) {
Map<String, Object> map = new HashMap<>();
......@@ -198,10 +196,10 @@ public class ContractServiceImpl implements ContractService {
@Override
public List<ContractBody> findBody(String platform) {
if("all".equals(platform)){
if ("all".equals(platform)) {
List<ContractBody> all = contractBodyRepository.findAllDis();
return all;
}else{
} else {
List<ContractBody> common = contractBodyRepository.findByPlatform("common");
List<ContractBody> byPlatform = contractBodyRepository.findByPlatform(platform);
common.addAll(byPlatform);
......@@ -373,7 +371,7 @@ public class ContractServiceImpl implements ContractService {
return null;
}
if(!StringUtils.isEmpty(resource.getContractCode()) && !ContractStatusEnum.MONEY_BACK_FIRST.getKey().equals(resource.getStatus())){
if (!StringUtils.isEmpty(resource.getContractCode()) && !ContractStatusEnum.MONEY_BACK_FIRST.getKey().equals(resource.getStatus())) {
Contract contractExist = contractRepository.findByCode(resource.getContractCode().trim());
if (contractExist != null) {
contractExist = new Contract();
......@@ -628,7 +626,7 @@ public class ContractServiceImpl implements ContractService {
Contract contract = contractRepository.findOne(resource.getId());
if (resource.getContractCode()!=null && !resource.getContractCode().equals(contract.getContractCode())) {
if (resource.getContractCode() != null && !resource.getContractCode().equals(contract.getContractCode())) {
Contract contractExist = contractRepository.findByCode(resource.getContractCode().trim());
if (contractExist != null) {
// 合同编号已存在
......@@ -924,9 +922,9 @@ public class ContractServiceImpl implements ContractService {
//记录收款记录
money.setType("pay");
money = saveContractMoney(money, loginUser, resource, type);
money = saveContractMoney(money, loginUser, resource, type);
}else if (resource.getPayMoney().longValue() <= 0) {
} else if (resource.getPayMoney().longValue() <= 0) {
//未回款
resource.setStatus(ContractStatusEnum.MONEY_BACK_NONE.getKey());
......@@ -936,14 +934,14 @@ public class ContractServiceImpl implements ContractService {
//记录收款记录
money.setType("pay");
money = saveContractMoney(money, loginUser, resource, type);
money = saveContractMoney(money, loginUser, resource, type);
} else {
// 已回款
resource.setStatus(ContractStatusEnum.MONEY_BACK_ALL.getKey());
money.setType("pay");
money = saveContractMoney(money, loginUser, resource, type);
money = saveContractMoney(money, loginUser, resource, type);
}
......@@ -952,9 +950,9 @@ public class ContractServiceImpl implements ContractService {
resource.setStatus(ContractStatusEnum.MONEY_BACK_NONE.getKey());
}
if(money.getId()!=null){
if (money.getId() != null) {
resource.setFirstBackId(money.getId());
}else{
} else {
resource.setFirstBackId(0L);
}
......@@ -999,9 +997,9 @@ public class ContractServiceImpl implements ContractService {
return money;
}
if(ContractStatusEnum.MONEY_BACK_FIRST.getKey().equals(contract.getStatus())){
if (ContractStatusEnum.MONEY_BACK_FIRST.getKey().equals(contract.getStatus())) {
money.setMoney(contract.getPayMoney());
}else if (money.getType().equals("pay")) {
} else if (money.getType().equals("pay")) {
money.setMoney(contract.getMoney());
} else {
money.setMoney(contract.getInvoiceMoney().longValue());
......@@ -1029,7 +1027,7 @@ public class ContractServiceImpl implements ContractService {
money.setUser(loginUser.getId());
money.setCreateName(loginUser.getName());
money.setDs(new DateTime().toString("yyyy-MM-dd"));
money = contractMoneyRepository.save(money);
money = contractMoneyRepository.save(money);
return money;
}
......@@ -1089,38 +1087,38 @@ public class ContractServiceImpl implements ContractService {
Auth auth = authRepository.findByUser(loginAccount.getId());
if(RoleEnum.FINANCE.getKey().equals(loginAccount.getRole())){
if (RoleEnum.FINANCE.getKey().equals(loginAccount.getRole())) {
//财务 按签约主体查看
// List bodyids = Arrays.asList(loginAccount.getAuthExtend().split(","));
List bodyids = JSONArray.fromObject(auth.getAuthExtend());
List bodyids = JSONArray.fromObject(auth.getAuthExtend());
// List<String> bodycodes = contractBodyRepository.findByIds(bodyids);
if (!StringUtils.isEmpty(contractId)) {
if (ids != null && ids.size() > 0) {
contractList = contractRepository.findByDsContractBody(startDate, endDate, platforms,bodyids,ids);
contractList = contractRepository.findByDsContractBody(startDate, endDate, platforms, bodyids, ids);
}
} else {
contractList = contractRepository.findByDsContractBody(startDate, endDate, platform,bodyids);
contractList = contractRepository.findByDsContractBody(startDate, endDate, platform, bodyids);
}
}else if(RoleEnum.SALSEMAN.getKey().equals(loginAccount.getRole())){
} else if (RoleEnum.SALSEMAN.getKey().equals(loginAccount.getRole())) {
//销售 按签约合同人查看
// List salseid = Arrays.asList(loginAccount.getAuthExtend().split(","));
List salseid = JSONArray.fromObject(auth.getAuthExtend());
List salseid = JSONArray.fromObject(auth.getAuthExtend());
if (!StringUtils.isEmpty(contractId)) {
if (ids != null && ids.size() > 0) {
contractList = contractRepository.findByDsContractSalse(startDate, endDate, platforms,salseid,ids);
contractList = contractRepository.findByDsContractSalse(startDate, endDate, platforms, salseid, ids);
}
} else {
contractList = contractRepository.findByDsContractSalse(startDate, endDate, platform,salseid);
contractList = contractRepository.findByDsContractSalse(startDate, endDate, platform, salseid);
}
}else{
} else {
if (!StringUtils.isEmpty(contractId)) {
if (ids != null && ids.size() > 0) {
......@@ -1194,7 +1192,7 @@ public class ContractServiceImpl implements ContractService {
c.setRelationContract(-1L);
}
if(ContractStatusEnum.MONEY_BACK_FIRST.getKey().equals(c.getStatus())){
if (ContractStatusEnum.MONEY_BACK_FIRST.getKey().equals(c.getStatus())) {
c.setStartDate(null);
}
......@@ -1760,41 +1758,38 @@ public class ContractServiceImpl implements ContractService {
}
// public List<ContractMoney> findPayAll(String startDate, String endDate, String platfrom) {
//
// return this.findPayAll(startDate,endDate,platfrom,"all","all", null);
// }
@Override
public List<ContractMoney> findPayAll(User loginAccount,String startDate, String endDate, String platfrom, String moneyType, String packageTypeSearch, String money_ids) {
public List<ContractMoney> findPayAll(User loginAccount, String startDate, String endDate, String platfrom, String moneyType, String packageTypeSearch, String money_ids) {
Map<Long,PackageType> packageTypeMap = new HashMap<>();
Map<Long, PackageType> packageTypeMap = new HashMap<>();
Map<Long, String> saleMap = new HashMap<>();
Map<Long, PackageBase> packageBaseMap = new HashMap<>();
this.getDicMapDatas(saleMap,packageTypeMap,null,null,packageBaseMap,platfrom);
this.getDicMapDatas(saleMap, packageTypeMap, null, null, packageBaseMap, platfrom);
List<ContractMoney> result = new ArrayList<>();
List<ContractMoney> list;
if( "-1".equals(money_ids)){
if ("-1".equals(money_ids)) {
list = new ArrayList<>();
}else if(!StringUtil.isEmpty(money_ids) ){
list = contractMoneyRepository.findByDsAllContractMoneyIds(startDate, endDate, platfrom,Arrays.asList(money_ids.split(",")));
}else if(!"all".equals(moneyType) && !"all".equals(packageTypeSearch) ){
list = contractMoneyRepository.findByDsAllContractAll(startDate, endDate, platfrom,moneyType,packageTypeSearch);
}else if(!"all".equals(moneyType)){
list = contractMoneyRepository.findByDsAllContractMoneyType(startDate, endDate, platfrom,moneyType);
}else if(!"all".equals(packageTypeSearch)){
list = contractMoneyRepository.findByDsAllContractPkSearch(startDate, endDate, platfrom,packageTypeSearch);
}else{
} else if (!StringUtil.isEmpty(money_ids)) {
list = contractMoneyRepository.findByDsAllContractMoneyIds(startDate, endDate, platfrom, Arrays.asList(money_ids.split(",")));
} else if (!"all".equals(moneyType) && !"all".equals(packageTypeSearch)) {
list = contractMoneyRepository.findByDsAllContractAll(startDate, endDate, platfrom, moneyType, packageTypeSearch);
} else if (!"all".equals(moneyType)) {
list = contractMoneyRepository.findByDsAllContractMoneyType(startDate, endDate, platfrom, moneyType);
} else if (!"all".equals(packageTypeSearch)) {
list = contractMoneyRepository.findByDsAllContractPkSearch(startDate, endDate, platfrom, packageTypeSearch);
} else {
list = contractMoneyRepository.findByDsAllContract(startDate, endDate, platfrom);
}
......@@ -1810,14 +1805,14 @@ public class ContractServiceImpl implements ContractService {
if (RoleEnum.FINANCE.getKey().equals(loginAccount.getRole())) {
filterContractMoney(codesList,authdata,list,1);
filterContractMoney(codesList, authdata, list, 1);
}else if(RoleEnum.SALSEMAN.getKey().equals(loginAccount.getRole())){
} else if (RoleEnum.SALSEMAN.getKey().equals(loginAccount.getRole())) {
filterContractMoney(codesList,authdata,list,2);
}else if(RoleEnum.PM.getKey().equals(loginAccount.getRole())){
filterContractMoney(codesList, authdata, list, 2);
} else if (RoleEnum.PM.getKey().equals(loginAccount.getRole())) {
filterContractMoney(codesList,authdata,list,3);
filterContractMoney(codesList, authdata, list, 3);
}
}
......@@ -1831,12 +1826,12 @@ public class ContractServiceImpl implements ContractService {
PackageType packageType = packageTypeMap.get(cm.getPriceLevel());
if(packageType!=null){
String flow = packageType.getTrackFlow().intValue()<0?"无限制": packageType.getTrackFlow().intValue()/10000+"万/年";
if (packageType != null) {
String flow = packageType.getTrackFlow().intValue() < 0 ? "无限制" : packageType.getTrackFlow().intValue() / 10000 + "万/年";
cm.setPackageName(packageType.getPackageName()+": 流量"+flow+" APP"+packageType.getAppNum()+"个");
cm.setPackageName(packageType.getPackageName() + ": 流量" + flow + " APP" + packageType.getAppNum() + "个");
}else{
} else {
cm.setPackageName("");
}
......@@ -1849,15 +1844,15 @@ public class ContractServiceImpl implements ContractService {
return list;
}
private void filterContractMoney(List<String> codesList,Map<String, Object> authdata, List<ContractMoney> list,int nextIndex){
private void filterContractMoney(List<String> codesList, Map<String, Object> authdata, List<ContractMoney> list, int nextIndex) {
if(codesList==null || codesList.size()==0){
if (codesList == null || codesList.size() == 0) {
return;
}
Map<String, String> dicdata = contractRepository.findByContractCode(
codesList).stream().
collect(Collectors.toMap(p -> p[0].toString(), p -> p[nextIndex].toString(),(key1,key2)->key1));
collect(Collectors.toMap(p -> p[0].toString(), p -> p[nextIndex].toString(), (key1, key2) -> key1));
list = list.stream().filter(p -> authdata.get(dicdata.get(p.getContractCode())) == null ? false : true).collect(Collectors.toList());
......@@ -1941,7 +1936,7 @@ public class ContractServiceImpl implements ContractService {
String platform = contract.getPlatform();
if("trackio".equals(platform)){
if ("trackio".equals(platform)) {
List<PackageType> typeList = packageTypeRepository.findIsNewAll();
Map<Long, String> typeMap = new HashMap<>();
if (ValidateUtil.isValid(typeList)) {
......@@ -1951,13 +1946,13 @@ public class ContractServiceImpl implements ContractService {
}
return typeMap;
}else{
} else {
List<PackageBase> packageBases = packageBaseRepository.findByPlatAndStatus(platform,1);
List<PackageBase> packageBases = packageBaseRepository.findByPlatAndStatus(platform, 1);
Map<Long, String> typeMap = new HashMap<>();
for (PackageBase packageBase : packageBases) {
typeMap.put(packageBase.getId(),packageBase.getPackageName());
typeMap.put(packageBase.getId(), packageBase.getPackageName());
}
......
src/main/java/dic/AuthMenuEnmm.java 0 → 100644
package dic;
public enum AuthMenuEnmm {
FINANCE("finance","0","财务营收"),
CONTRACTMNG("21","finance","合同管理"),
CONTRACTMNG_V("21","21","查看"),//合同管理-查看
CONTRACTMNG_EX("212","21","导出"),
CONTRACTMNG_M("213","21","编辑"),
CONTRACTMNG_A("214","21","新增"),
CONTRACTMNG_D("215","21","删除"),
COLLECTBILLLIST("22","finance","收款/开票列表"),
COLLECTBILLLIST_V("22","22","查看"),//收款/开票列表-查看
COLLECTBILLLIST_EX("222","22","导出"),
COLLECTBILLLIST_M("223","22","编辑"),
CONTRACTDETAIL("20","finance","合同详情页"),
CONTRACTDETAIL_V("201","22","查看"),//合同详情页-查看
CONTRACTDETAIL_M("202","22","编辑"),
ACCOUNTDETAIL("20","finance","账号详情页"),
ACCOUNTDETAIL_V("203","22","查看"),//
ACCOUNTDETAIL_M("204","22","编辑"),
SYSTEM("system","0","系统管理"),
USERMNG("31","system","账号管理(重要)"),
USERMNG_V("31","31","查看"),//合同管理-查看
USERMNG_A("312","31","新建"),
USERMNG_M("313","31","编辑"),
USERMNG_D("314","31","删除"),
USERMNG_STOP("315","31","停用"),
USERLOGS("32","system","操作日志"),
USERLOGS_V("32","system","查看"),
USERLOGS_RE("32","system","恢复"),
OTHER("0","0","0");
private String idKey;
private String parentKey;
private String name;
AuthMenuEnmm(String idKey, String parentKey, String name) {
this.idKey = idKey;
this.parentKey = parentKey;
this.name = name;
}
public String getIdKey() {
return idKey;
}
public void setIdKey(String idKey) {
this.idKey = idKey;
}
public String getParentKey() {
return parentKey;
}
public void setParentKey(String parentKey) {
this.parentKey = parentKey;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
}
src/main/java/security/annotation/AuthKey.java 0 → 100644
package security.annotation;
import dic.AuthMenuEnmm;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
@Target({ElementType.TYPE, ElementType.METHOD})
@Retention(RetentionPolicy.RUNTIME)
public @interface AuthKey {
AuthMenuEnmm value();
}
src/main/java/security/interceptor/AuthorizationInterceptor.java
package security.interceptor;
import com.fasterxml.jackson.databind.ObjectMapper;
import common.model.Auth;
import common.model.User;
import common.repository.AuthRepository;
import common.repository.UserRepository;
import dic.RoleEnum;
import net.sf.json.JSONArray;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.util.StringUtils;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import security.RedisLoginStatusManager;
import security.TokenManager;
import security.annotation.AuthKey;
import util.Constant;
import util.ResultModel;
import util.ResultStatus;
......@@ -22,6 +28,8 @@ import javax.servlet.http.HttpServletResponse;
import java.io.BufferedWriter;
import java.io.OutputStreamWriter;
import java.util.Enumeration;
import java.util.Map;
import java.util.stream.Collectors;
public class AuthorizationInterceptor extends HandlerInterceptorAdapter {
private static final Logger logger = LoggerFactory.getLogger(AuthorizationInterceptor.class);
......@@ -31,6 +39,9 @@ public class AuthorizationInterceptor extends HandlerInterceptorAdapter {
private UserRepository userRepository;
@Autowired
private AuthRepository authRepository;
@Autowired
private TokenManager manager;
@Autowired
private RedisLoginStatusManager redisLoginStatusManager;
......@@ -82,26 +93,58 @@ public class AuthorizationInterceptor extends HandlerInterceptorAdapter {
// 可这里查出权限
if (sessionAct == null) {
User one = userRepository.findOne(Long.parseLong(key));
if (!one.getRole().equals(RoleEnum.MANAGER.getKey())) {
Auth auth = authRepository.findByUser(one.getId());
Map<String, String> authdata = (Map<String, String>) JSONArray.fromObject(auth.getAuth())
.stream().collect(Collectors.toMap(p -> ((Map) p).get("id").toString(), p -> "0"));
one.setAuthdataDic(authdata);
}
request.getSession().setAttribute(Constant.CURRENT_ACCOUNT,one);
sessionAct = one;
}
if(!sessionAct.getRole().equals(RoleEnum.MANAGER.getKey())){
//权限控制
AuthKey authKey = handler.getClass().getAnnotation(AuthKey.class);
if(authKey!=null && sessionAct.getAuthdataDic().get(authKey.value().getIdKey())==null){
printJsonResponse(response,"权限不足!");
return false;
}
return true;
}
return true;
}
}
printJsonResponse(response,null);
return false;
}
private void printJsonResponse(HttpServletResponse response,String message){
try {
//如果验证token失败,并且方法注明了Authorization,返回401错误
response.setStatus(HttpStatus.UNAUTHORIZED.value());
BufferedWriter writer = new BufferedWriter(new OutputStreamWriter(response.getOutputStream()));
response.setContentType(MediaType.APPLICATION_JSON_VALUE);
String json = new ObjectMapper().writeValueAsString(ResultModel.ERROR(ResultStatus.USERNAME_LOGIN_EXPIRE));
writer.write(json);
if(StringUtils.isEmpty(message)){
message = new ObjectMapper().writeValueAsString(ResultModel.ERROR(ResultStatus.USERNAME_LOGIN_EXPIRE));
}
writer.write(message);
writer.close();
} catch (Exception e){
e.printStackTrace();
}
return false;
}
private String getCookieToken(Cookie[] cookies, String name){
String token = null;
......
src/main/java/tkio/service/impl/AccountServiceImpl.java
......@@ -3,7 +3,6 @@ package tkio.service.impl;
import common.model.Contract;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import security.annotation.Authorization;
import tkio.model.Account;
import tkio.repository.AccountRepository;
import tkio.service.AccountService;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment