权限控制

fe741f85 · maliang · ab326639 · 25c14d1f · fe741f85 · fe741f85
Commit fe741f85 authored Apr 20, 2020 by maliang
34 changed files
--- a/src/main/java/com/boot/security/server/SecurityApplication.java
+++ b/src/main/java/com/boot/security/server/SecurityApplication.java
@@ -6,7 +6,7 @@ import org.springframework.boot.autoconfigure.SpringBootApplication;
 /**
 * 启动类
 * 
- * @author 奇趣源码商城 www.qiqucode.com
+ * @author maliang
 *
 */
 @SpringBootApplication

--- a/src/main/java/com/boot/security/server/advice/ExceptionHandlerAdvice.java
+++ b/src/main/java/com/boot/security/server/advice/ExceptionHandlerAdvice.java
@@ -17,7 +17,7 @@ import com.boot.security.server.dto.ResponseInfo;
 /**
 * springmvc异常处理
 * 
- * @author 398005446@qq.com
+ * @author maliang
 *
 */
 @RestControllerAdvice

--- a/src/main/java/com/boot/security/server/advice/奇趣源码官方微信.jpg
+++ b/src/main/java/com/boot/security/server/advice/奇趣源码官方微信.jpg
--- a/src/main/java/com/boot/security/server/config/AsycTaskExecutorConfig.java
+++ b/src/main/java/com/boot/security/server/config/AsycTaskExecutorConfig.java
@@ -9,7 +9,7 @@ import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor;
 /**
 * 线程池配置、启用异步
 * 
- * @author 奇趣源码商城 www.qiqucode.com
+ * @author maliang
 *
 *         2017年8月19日
 */

--- a/src/main/java/com/boot/security/server/config/DruidConfig.java
+++ b/src/main/java/com/boot/security/server/config/DruidConfig.java
@@ -56,7 +56,7 @@ public class DruidConfig {
 	/**
 	 * 数据源配置
 	 * 
-	 * @author 奇趣源码商城 www.qiqucode.com
+	 * @author maliang
 	 *
 	 */
 	@ConfigurationProperties(prefix = "spring.datasource")

--- a/src/main/java/com/boot/security/server/config/RedisConfig.java
+++ b/src/main/java/com/boot/security/server/config/RedisConfig.java
@@ -13,7 +13,7 @@ import org.springframework.data.redis.serializer.GenericToStringSerializer;
 * 集群下启动session共享，需打开@EnableRedisHttpSession<br>
 * 单机下不需要
 * 
- * @author 奇趣源码商城 www.qiqucode.com
+ * @author maliang
 *
 *         2017年8月10日
 */

--- a/src/main/java/com/boot/security/server/config/SecurityConfig.java
+++ b/src/main/java/com/boot/security/server/config/SecurityConfig.java
@@ -20,7 +20,7 @@ import com.boot.security.server.filter.TokenFilter;
 /**
 * spring security配置
 * 
- * @author 奇趣源码商城 www.qiqucode.com
+ * @author maliang
 * 
 *         2017年10月16日
 *
@@ -52,12 +52,13 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 		// 基于token，所以不需要session
 		http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
-		//authorizeRequests获取配置请求授权的相关配置类，antMatchers设置哪些请求需要认证，authenticated设置需要请求的请求类型是post，.permitAll().anyRequest()表示出了前面设置的请求任意用户任何请求都可访问
+		//对这些类型请求直接放开不做拦截
 		http.authorizeRequests()
 				.antMatchers("/", "/*.html", "/favicon.ico", "/css/**", "/js/**", "/fonts/**", "/layui/**", "/img/**",
 						"/v2/api-docs/**", "/swagger-resources/**", "/webjars/**", "/pages/**", "/druid/**",
 						"/statics/**")
 				.permitAll().anyRequest().authenticated();
+		//对于登录的地址和处理方法
 		http.formLogin().loginProcessingUrl("/login")
 				.successHandler(authenticationSuccessHandler).failureHandler(authenticationFailureHandler).and()
 				.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
@@ -65,12 +66,13 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 		// 解决不允许显示在iframe的问题
 		http.headers().frameOptions().disable();
 		http.headers().cacheControl();
+		//对请求进行处理(给token续命并且把当前用户保存到security的上下文环境中)
 		http.addFilterBefore(tokenFilter, UsernamePasswordAuthenticationFilter.class);
 	}
 	@Override
 	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+		//实现UserDetailsService接口，security会调用其中方法创建登陆对象，并且获取对象拥有的权限
 		auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder());
 	}

--- a/src/main/java/com/boot/security/server/config/SecurityHandlerConfig.java
+++ b/src/main/java/com/boot/security/server/config/SecurityHandlerConfig.java
@@ -28,7 +28,7 @@ import com.boot.security.server.utils.ResponseUtil;
 /**
 * spring security处理器
 * 
- * @author 奇趣源码商城 www.qiqucode.com
+ * @author maliang
 *
 *         2017年10月16日
 */

--- a/src/main/java/com/boot/security/server/config/SwaggerConfig.java
+++ b/src/main/java/com/boot/security/server/config/SwaggerConfig.java
@@ -17,7 +17,7 @@ import springfox.documentation.swagger2.annotations.EnableSwagger2;
 /**
 * swagger文档
 * 
- * @author 奇趣源码商城 www.qiqucode.com
+ * @author maliang
 *
 *         2017年7月21日
 */

--- a/src/main/java/com/boot/security/server/controller/AdvertiserManagerController.java
+++ b/src/main/java/com/boot/security/server/controller/AdvertiserManagerController.java
+package com.boot.security.server.controller;
+import com.alibaba.fastjson.JSONArray;
+import com.alibaba.fastjson.JSONObject;
+import io.swagger.annotations.ApiOperation;
+import org.springframework.web.bind.annotation.*;
+@RestController
+@RequestMapping("/advertiserManagerController")
+public class AdvertiserManagerController {
+    @GetMapping("/table")
+    @ApiOperation(value = "获取广告商数据")
+    @ResponseBody
+    public String getAdvertiserData() {
+        JSONObject jsonObject = new JSONObject();
+        JSONObject item = new JSONObject();
+        JSONArray array = new JSONArray();
+        item.put("id",1);
+        item.put("advertiser","百度联盟");
+        item.put("AccumulatedConsumptionAmount",100000);
+        item.put("leader","高飞");
+        item.put("yesterdayConsumptionAmount",5000);
+        item.put("viewData","曝光X1");
+        array.add(item);
+        jsonObject.put("code",0);
+        jsonObject.put("msg","");
+        jsonObject.put("count",1);
+        jsonObject.put("data",array);
+        return jsonObject.toJSONString();
+    }
+}
--- a/src/main/java/com/boot/security/server/controller/GenerateController.java
+++ b/src/main/java/com/boot/security/server/controller/GenerateController.java
@@ -22,7 +22,7 @@ import io.swagger.annotations.ApiOperation;
 /**
 * 代码生成接口
 * 
- * @author 奇趣源码商城 www.qiqucode.com
+ * @author maliang
 *
 */
 @Api(tags = "代码生成")

--- a/src/main/java/com/boot/security/server/controller/PermissionController.java
+++ b/src/main/java/com/boot/security/server/controller/PermissionController.java
@@ -34,7 +34,7 @@ import io.swagger.annotations.ApiOperation;
 /**
 * 权限相关接口
 * 
- * @author 奇趣源码商城 www.qiqucode.com
+ * @author maliang
 *
 */
 @Api(tags = "权限")
@@ -127,7 +127,15 @@ public class PermissionController {
 	@ApiOperation(value = "所有菜单")
 	@PreAuthorize("hasAuthority('sys:menu:query')")
 	public JSONArray permissionsAll() {
-		List<Permission> permissionsAll = permissionDao.listAll();
+		//获取当前登录用户，如果是admin用户则展示所有权限，否则只能看到当前用户拥有的权限
+		LoginUser loginUser = UserUtil.getLoginUser();
+		List<Permission> permissionsAll =null;
+		if(loginUser.getId().intValue()==1){
+			permissionsAll = permissionDao.listAll();
+		}else {
+			permissionsAll = loginUser.getPermissions();
+		}
+		//List<Permission> permissionsAll = permissionDao.listAll();
 		JSONArray array = new JSONArray();
 		setPermissionsTree(0L, permissionsAll, array);

--- a/src/main/java/com/boot/security/server/controller/RoleController.java
+++ b/src/main/java/com/boot/security/server/controller/RoleController.java
 package com.boot.security.server.controller;
+import java.util.Iterator;
 import java.util.List;
+import com.boot.security.server.dto.LoginUser;
+import com.boot.security.server.utils.UserUtil;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.DeleteMapping;
@@ -30,7 +33,7 @@ import io.swagger.annotations.ApiOperation;
 /**
 * 角色相关接口
 * 
- * @author 奇趣源码商城 www.qiqucode.com
+ * @author maliang
 *
 */
 @Api(tags = "角色")
@@ -55,10 +58,16 @@ public class RoleController {
 	@ApiOperation(value = "角色列表")
 	@PreAuthorize("hasAuthority('sys:role:query')")
 	public PageTableResponse listRoles(PageTableRequest request) {
+		//查询角色列表时，如果是admin用户显示所有角色，否则只显示除admin之外的角色
+		LoginUser loginUser = UserUtil.getLoginUser();
+		Long id = loginUser.getId();
 		return new PageTableHandler(new CountHandler() {
 			@Override
 			public int count(PageTableRequest request) {
+				if (id!=1){
+					return roleDao.count(request.getParams())-1;
+				}
 				return roleDao.count(request.getParams());
 			}
 		}, new ListHandler() {
@@ -66,6 +75,15 @@ public class RoleController {
 			@Override
 			public List<Role> list(PageTableRequest request) {
 				List<Role> list = roleDao.list(request.getParams(), request.getOffset(), request.getLimit());
+				if (id!=1){
+					Iterator<Role> iterator = list.iterator();
+					while (iterator.hasNext()) {
+						Role role = iterator.next();
+						if(role.getId().intValue()==1){
+						 	iterator.remove();
+						 }
+					}
+				}
 				return list;
 			}
 		}).handle(request);

--- a/src/main/java/com/boot/security/server/controller/UserController.java
+++ b/src/main/java/com/boot/security/server/controller/UserController.java
@@ -33,7 +33,7 @@ import io.swagger.annotations.ApiOperation;
 /**
 * 用户相关接口
 * 
- * @author 奇趣源码商城 www.qiqucode.com
+ * @author maliang
 *
 */
 @Api(tags = "用户")

--- a/src/main/java/com/boot/security/server/dto/Token.java
+++ b/src/main/java/com/boot/security/server/dto/Token.java
@@ -5,7 +5,7 @@ import java.io.Serializable;
 /**
 * Restful方式登陆token
 * 
- * @author 奇趣源码商城 www.qiqucode.com
+ * @author maliang
 *
 *         2017年8月4日
 */

--- a/src/main/java/com/boot/security/server/filter/TokenFilter.java
+++ b/src/main/java/com/boot/security/server/filter/TokenFilter.java
@@ -21,7 +21,7 @@ import com.boot.security.server.service.TokenService;
 /**
 * Token过滤器
 * 
- * @author 奇趣源码商城 www.qiqucode.com
+ * @author maliang
 *
 *         2017年10月14日
 */
@@ -36,6 +36,7 @@ public class TokenFilter extends OncePerRequestFilter {
 	private UserDetailsService userDetailsService;
 	private static final Long MINUTES_10 = 10 * 60 * 1000L;
+	//给token延长时间并且保存登录用户的信息
 	@Override
 	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
 			throws ServletException, IOException {

--- a/src/main/java/com/boot/security/server/page/table/PageTableArgumentResolver.java
+++ b/src/main/java/com/boot/security/server/page/table/PageTableArgumentResolver.java
@@ -19,7 +19,7 @@ import com.google.common.collect.Maps;
 /**
 * 分页、查询参数解析
 * 
- * @author 奇趣源码商城 www.qiqucode.com
+ * @author maliang
 *
 */
 public class PageTableArgumentResolver implements HandlerMethodArgumentResolver {

--- a/src/main/java/com/boot/security/server/page/table/PageTableHandler.java
+++ b/src/main/java/com/boot/security/server/page/table/PageTableHandler.java
@@ -6,7 +6,7 @@ import java.util.List;
 /**
 * 分页查询处理器
 * 
- * @author 奇趣源码商城 www.qiqucode.com
+ * @author maliang
 *
 */

--- a/src/main/java/com/boot/security/server/page/table/PageTableRequest.java
+++ b/src/main/java/com/boot/security/server/page/table/PageTableRequest.java
@@ -6,7 +6,7 @@ import java.util.Map;
 /**
 * 分页查询参数
 * 
- * @author 奇趣源码商城 www.qiqucode.com
+ * @author maliang
 *
 */
 public class PageTableRequest implements Serializable {

--- a/src/main/java/com/boot/security/server/page/table/PageTableResponse.java
+++ b/src/main/java/com/boot/security/server/page/table/PageTableResponse.java
@@ -6,7 +6,7 @@ import java.util.List;
 /**
 * 分页查询返回
 * 
- * @author 奇趣源码商城 www.qiqucode.com
+ * @author maliang
 *
 */
 public class PageTableResponse implements Serializable {

--- a/src/main/java/com/boot/security/server/service/SysLogService.java
+++ b/src/main/java/com/boot/security/server/service/SysLogService.java
@@ -5,7 +5,7 @@ import com.boot.security.server.model.SysLogs;
 /**
 * 日志service
 * 
- * @author 奇趣源码商城 www.qiqucode.com
+ * @author maliang
 *
 *         2017年8月19日
 */

--- a/src/main/java/com/boot/security/server/service/TokenService.java
+++ b/src/main/java/com/boot/security/server/service/TokenService.java
@@ -11,7 +11,7 @@ import com.boot.security.server.dto.Token;
 * 如要换成数据库存储，将TokenServiceImpl类上的注解@Primary挪到com.boot.security.server.service.impl.TokenServiceDbImpl
 * 
 * 
- * @author 奇趣源码商城 www.qiqucode.com
+ * @author maliang
 *
 *         2017年10月14日
 */

--- a/src/main/java/com/boot/security/server/service/impl/TokenServiceDbImpl.java
+++ b/src/main/java/com/boot/security/server/service/impl/TokenServiceDbImpl.java
@@ -32,7 +32,7 @@ import io.jsonwebtoken.SignatureAlgorithm;
 /**
 * token存到数据库的实现类
 * 
- * @author 奇趣源码商城 www.qiqucode.com
+ * @author maliang
 *
 */
 @Service

--- a/src/main/java/com/boot/security/server/service/impl/TokenServiceImpl.java
+++ b/src/main/java/com/boot/security/server/service/impl/TokenServiceImpl.java
@@ -16,7 +16,7 @@ import com.boot.security.server.service.TokenService;
 * token存到redis的实现类<br>
 * 普通token，uuid
 * 
- * @author 奇趣源码商城 www.qiqucode.com
+ * @author maliang
 *
 */
 @Deprecated

--- a/src/main/java/com/boot/security/server/service/impl/TokenServiceJWTImpl.java
+++ b/src/main/java/com/boot/security/server/service/impl/TokenServiceJWTImpl.java
@@ -32,7 +32,7 @@ import io.jsonwebtoken.SignatureAlgorithm;
 * token存到redis的实现类<br>
 * jwt实现的token
 * 
- * @author 奇趣源码商城 www.qiqucode.com
+ * @author maliang
 *
 */
 @Primary

--- a/src/main/java/com/boot/security/server/service/impl/UserDetailsServiceImpl.java
+++ b/src/main/java/com/boot/security/server/service/impl/UserDetailsServiceImpl.java
@@ -24,7 +24,7 @@ import com.boot.security.server.service.UserService;
 * <p>
 * 密码校验请看文档（02 框架及配置），第三章第4节
 *
- * @author 奇趣源码商城 www.qiqucode.com
+ * @author maliang
 */
 @Service
 public class UserDetailsServiceImpl implements UserDetailsService {

--- a/src/main/java/com/boot/security/server/utils/ExcelUtil.java
+++ b/src/main/java/com/boot/security/server/utils/ExcelUtil.java
@@ -21,7 +21,7 @@ import org.apache.poi.ss.usermodel.Workbook;
 /**
 * excel工具类
 * 
- * @author 奇趣源码商城 www.qiqucode.com
+ * @author maliang
 *
 */
 public class ExcelUtil {

--- a/src/main/java/com/boot/security/server/utils/FileUtil.java
+++ b/src/main/java/com/boot/security/server/utils/FileUtil.java
@@ -16,7 +16,7 @@ import org.springframework.web.multipart.MultipartFile;
 /**
 * 文件工具类
 * 
- * @author 奇趣源码商城 www.qiqucode.com
+ * @author maliang
 *
 */
 public class FileUtil {

--- a/src/main/java/com/boot/security/server/utils/SpringUtil.java
+++ b/src/main/java/com/boot/security/server/utils/SpringUtil.java
@@ -9,7 +9,7 @@ import org.springframework.stereotype.Component;
 /**
 * spring获取bean工具类
 * 
- * @author 奇趣源码商城 www.qiqucode.com
+ * @author maliang
 *
 */
 @Component

--- a/src/main/java/com/boot/security/server/utils/StrUtil.java
+++ b/src/main/java/com/boot/security/server/utils/StrUtil.java
@@ -7,7 +7,7 @@ import com.google.common.collect.Lists;
 /**
 * 字符串转化工具类
 * 
- * @author 奇趣源码商城 www.qiqucode.com
+ * @author maliang
 *
 */
 public class StrUtil {

--- a/src/main/resources/.gitignore
+++ b/src/main/resources/.gitignore
-/rebel.xml
--- a/src/main/resources/static/index.html
+++ b/src/main/resources/static/index.html
@@ -71,7 +71,13 @@
 					</ul>
 					<div class="layui-tab-content" style="min-height: 150px; padding: 5px 0 0 0;">
 						<div class="layui-tab-item layui-show">
-							<iframe src="pages/dashboard.html"></iframe>
+							<!--<iframe src="pages/dashboard.html"></iframe>-->
+							<div class="layui-card">
+								<div class="layui-card-header">lwby</div>
+								<div class="layui-card-body">
+									欢迎来到必看小说广告数据平台
+								</div>
+							</div>
 						</div>
 					</div>
 				</div>

--- a/src/main/resources/static/js/main.js
+++ b/src/main/resources/static/js/main.js
@@ -26,9 +26,10 @@ function initMenu(){
 	             }
 	             var li = $("<li class='layui-nav-item'></li>");
-	             if (i == 0) {
+	             //使菜单默认展开
-	            	 li.addClass("layui-nav-itemed");
+	             // if (i == 0) {
-	             }
+	            	//  li.addClass("layui-nav-itemed");
+	             // }
 	             li.append(a);
                 menu.append(li);

--- a/src/main/resources/static/pages/advertiserManager/advertiserManager.html
+++ b/src/main/resources/static/pages/advertiserManager/advertiserManager.html
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>广告主管理</title>
+</head>
+<link rel="stylesheet" href="../../css/treetable/jquery.treetable.css" />
+<link rel="stylesheet" href="../../css/treetable/jquery.treetable.theme.default.css" />
+<link rel="stylesheet" type="text/css" media="screen" href="../../layui/css/layui.css">
+<body>
+<table id="demo" lay-filter="test"></table>
+</body>
+</html>
+<script type="text/javascript" src="../../js/libs/jquery-2.1.1.min.js"></script>
+<script type="text/javascript" src="../../js/jq.js"></script>
+<script type="text/javascript" src="../../layui/layui.js"></script>
+<script type="text/javascript" src="../../js/my/permission.js"></script>
+<script src="../../js/libs/jquery.treetable.js"></script>
+<script>
+    layui.use('table', function(){
+        var table = layui.table;
+        //第一个实例
+        table.render({
+            elem: '#demo'
+            ,url: '/advertiserManagerController/table' //数据接口
+            ,page: true //开启分页
+            ,cols: [[ //表头
+                {field: 'id', title: 'ID', sort: true, fixed: 'left'}
+                ,{field: 'advertiser', title: '广告主名称'}
+                ,{field: 'AccumulatedConsumptionAmount', title: '累计消耗金额', sort: true}
+                ,{field: 'leader', title: '负责人'}
+                ,{field: 'yesterdayConsumptionAmount', title: '昨日消耗金额', }
+                ,{field: 'viewData', title: '展示数据', sort: true}
+            ]]
+        });
+    });
+</script>