code-image-backup-public/lilishop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

店员

Browse Source
This commit is contained in:
zhenghao
2022-02-10 20:05:00 +08:00
parent bf2fdc2761
commit 4d1dfebacd
56 changed files with 2836 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
seller-api/src/main/java/cn/lili/controller/passport/StorePassportController.java
View File

@@ -1,9 +1,12 @@
package cn.lili.controller.passport;
import cn.lili.common.aop.annotation.DemoSite;
import cn.lili.common.enums.ResultCode;
import cn.lili.common.enums.ResultUtil;
import cn.lili.common.exception.ServiceException;
import cn.lili.common.security.AuthUser;
import cn.lili.common.security.context.UserContext;
import cn.lili.common.security.enums.UserEnums;
import cn.lili.common.vo.ResultMessage;
import cn.lili.modules.member.entity.dos.Member;
@@ -15,6 +18,7 @@ import io.swagger.annotations.ApiImplicitParam;
import io.swagger.annotations.ApiImplicitParams;
import io.swagger.annotations.ApiOperation;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.web.bind.annotation.*;
import javax.validation.constraints.NotNull;
@@ -70,7 +74,11 @@ public class StorePassportController {
@PostMapping("/modifyPass")
public ResultMessage<Member> modifyPass(@NotNull(message = "旧密码不能为空") @RequestParam String password,
@NotNull(message = "新密码不能为空") @RequestParam String newPassword) {
return ResultUtil.data(memberService.modifyPass(password, newPassword));
AuthUser tokenUser = UserContext.getCurrentUser();
if (tokenUser == null) {
throw new ServiceException(ResultCode.USER_NOT_LOGIN);
}
return ResultUtil.data(memberService.modifyPass(tokenUser.getId(), password, newPassword));
}
@ApiOperation(value = "刷新token")
@@ -80,4 +88,5 @@ public class StorePassportController {
}
}

155
seller-api/src/main/java/cn/lili/controller/permission/ClerkStoreController.java Normal file
View File

@@ -0,0 +1,155 @@
package cn.lili.controller.permission;
import cn.lili.common.aop.annotation.DemoSite;
import cn.lili.common.enums.ResultCode;
import cn.lili.common.enums.ResultUtil;
import cn.lili.common.exception.ServiceException;
import cn.lili.common.security.context.UserContext;
import cn.lili.common.validation.Phone;
import cn.lili.common.vo.PageVO;
import cn.lili.common.vo.ResultMessage;
import cn.lili.modules.member.entity.dos.Clerk;
import cn.lili.modules.member.entity.dos.Member;
import cn.lili.modules.member.entity.dto.*;
import cn.lili.modules.member.entity.vo.ClerkVO;
import cn.lili.modules.member.service.ClerkService;
import cn.lili.modules.member.service.MemberService;
import com.baomidou.mybatisplus.core.metadata.IPage;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiImplicitParam;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import lombok.extern.slf4j.Slf4j;
import org.apache.ibatis.annotations.Delete;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.*;
import javax.validation.Valid;
import java.util.ArrayList;
import java.util.List;
/**
* 店员接口
*
* @author Chopper
* @since 2020/11/16 10:57
*/
@Slf4j
@RestController
@Api(tags = "店员")
@RequestMapping("/store/clerk")
@Transactional(rollbackFor = Exception.class)
@Validated
public class ClerkStoreController {
@Autowired
private ClerkService clerkService;
@Autowired
private MemberService memberService;
@GetMapping
@ApiOperation(value = "分页获取店员列表")
public ResultMessage<IPage<ClerkVO>> page(ClerkQueryDTO clerkQueryDTO,
PageVO pageVo) {
IPage<ClerkVO> page = clerkService.clerkForPage(pageVo, clerkQueryDTO);
return ResultUtil.data(page);
}
@GetMapping("/{id}")
@ApiOperation(value = "获取店员详细")
public ResultMessage<ClerkVO> get(@PathVariable String id) {
return ResultUtil.data(clerkService.get(id));
}
@PostMapping("/{mobile}/check")
@ApiOperation(value = "检测手机号码有效性")
public ResultMessage<Object> check(@PathVariable @Phone(message = "手机号码格式不正确") String mobile) {
return ResultUtil.data(clerkService.checkClerk(mobile));
}
@PostMapping
@ApiOperation(value = "添加店员")
public ResultMessage<Object> add(@Valid ClerkAddDTO clerkAddDTO) {
int rolesMaxSize = 10;
try {
if (clerkAddDTO.getRoles() != null && clerkAddDTO.getRoles().size() >= rolesMaxSize) {
throw new ServiceException(ResultCode.PERMISSION_BEYOND_TEN);
}
//校验是否已经是会员
Member member = memberService.findByMobile(clerkAddDTO.getMobile());
if (member == null) {
//添加会员
MemberAddDTO memberAddDTO = new MemberAddDTO();
memberAddDTO.setMobile(clerkAddDTO.getMobile());
memberAddDTO.setPassword(clerkAddDTO.getPassword());
memberAddDTO.setUsername(clerkAddDTO.getUsername());
member = memberService.addMember(memberAddDTO);
} else {
//校验要添加的会员是否已经是店主
if (member.getHaveStore()) {
throw new ServiceException(ResultCode.STORE_APPLY_DOUBLE_ERROR);
}
//校验会员的有效性
if (!member.getDisabled()) {
throw new ServiceException(ResultCode.USER_STATUS_ERROR);
}
}
//添加店员
clerkAddDTO.setMemberId(member.getId());
clerkAddDTO.setShopkeeper(false);
clerkAddDTO.setStoreId(UserContext.getCurrentUser().getStoreId());
clerkService.saveClerk(clerkAddDTO);
//修改此会员拥有店铺
List<String> ids = new ArrayList<>();
ids.add(member.getId());
memberService.updateHaveShop(true, UserContext.getCurrentUser().getStoreId(), ids);
} catch (Exception e) {
log.error("添加店员出错", e);
}
return ResultUtil.success();
}
@PutMapping("/{id}")
@ApiImplicitParam(name = "id", value = "店员id", required = true, paramType = "path")
@ApiOperation(value = "修改店员")
public ResultMessage<Clerk> edit(@PathVariable String id, @Valid ClerkEditDTO clerkEditDTO) {
clerkEditDTO.setId(id);
return ResultUtil.data(clerkService.updateClerk(clerkEditDTO));
}
@PutMapping(value = "/enable/{clerkId}")
@ApiOperation(value = "禁/启 用 店员")
@DemoSite
public ResultMessage<Object> disable(@ApiParam("用户唯一id标识") @PathVariable String clerkId, Boolean status) {
clerkService.disable(clerkId, status);
return ResultUtil.success();
}
@DeleteMapping(value = "/delByIds/{ids}")
@ApiOperation(value = "删除店员")
public ResultMessage<Object> deleteClerk(@PathVariable List<String> ids) {
clerkService.deleteClerk(ids);
return ResultUtil.success();
}
@PostMapping(value = "/resetPassword/{ids}")
@ApiOperation(value = "重置密码")
@DemoSite
public ResultMessage<Object> resetPassword(@PathVariable List ids) {
clerkService.resetPassword(ids);
return ResultUtil.success(ResultCode.USER_EDIT_SUCCESS);
}
}

70
seller-api/src/main/java/cn/lili/controller/permission/StoreDepartmentController.java Normal file
View File

@@ -0,0 +1,70 @@
package cn.lili.controller.permission;
import cn.lili.common.enums.ResultUtil;
import cn.lili.common.security.context.UserContext;
import cn.lili.common.vo.ResultMessage;
import cn.lili.common.vo.SearchVO;
import cn.lili.modules.member.entity.dos.StoreDepartment;
import cn.lili.modules.member.entity.vo.StoreDepartmentVO;
import cn.lili.modules.member.service.StoreDepartmentService;
import cn.lili.mybatis.util.PageUtil;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;
import java.util.List;
/**
* 管理端,部门管理接口
*
* @author Chopper
* @since 2020/11/22 12:06
*/
@RestController
@Api(tags = "店铺端,部门管理接口")
@RequestMapping("/store/department")
public class StoreDepartmentController {
@Autowired
private StoreDepartmentService storeDepartmentService;
@GetMapping(value = "/{id}")
@ApiOperation(value = "查看部门详情")
public ResultMessage<StoreDepartment> get(@PathVariable String id) {
StoreDepartment storeDepartment = storeDepartmentService.getById(id);
return ResultUtil.data(storeDepartment);
}
@GetMapping
@ApiOperation(value = "获取树状结构")
public ResultMessage<List<StoreDepartmentVO>> getByPage(StoreDepartment entity,
SearchVO searchVo) {
entity.setStoreId(UserContext.getCurrentUser().getStoreId());
return ResultUtil.data(storeDepartmentService.tree(PageUtil.initWrapper(entity, searchVo)));
}
@PostMapping
@ApiOperation(value = "新增部门")
public ResultMessage<StoreDepartment> save(StoreDepartment storeDepartment) {
storeDepartment.setStoreId(UserContext.getCurrentUser().getStoreId());
storeDepartmentService.save(storeDepartment);
return ResultUtil.data(storeDepartment);
}
@PutMapping("/{id}")
@ApiOperation(value = "更新部门")
public ResultMessage<StoreDepartment> update(@PathVariable String id, StoreDepartment storeDepartment) {
storeDepartment.setId(id);
storeDepartmentService.update(storeDepartment);
return ResultUtil.data(storeDepartment);
}
@DeleteMapping(value = "/{ids}")
@ApiOperation(value = "删除部门")
public ResultMessage<Object> delAllByIds(@PathVariable List<String> ids) {
storeDepartmentService.deleteByIds(ids);
return ResultUtil.success();
}
}

42
seller-api/src/main/java/cn/lili/controller/permission/StoreDepartmentRoleController.java Normal file
View File

@@ -0,0 +1,42 @@
package cn.lili.controller.permission;
import cn.lili.common.enums.ResultUtil;
import cn.lili.common.vo.ResultMessage;
import cn.lili.modules.member.entity.dos.StoreDepartmentRole;
import cn.lili.modules.member.service.StoreDepartmentRoleService;
import cn.lili.modules.permission.entity.dos.DepartmentRole;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;
import java.util.List;
/**
* 店铺端,部门角色接口
*
* @author Chopper
* @since 2020/11/22 14:05
*/
@RestController
@Api(tags = "店铺端,部门角色接口")
@RequestMapping("/store/departmentRole")
public class StoreDepartmentRoleController {
@Autowired
private StoreDepartmentRoleService storeDepartmentRoleService;
@GetMapping(value = "/{departmentId}")
@ApiOperation(value = "查看部门拥有的角色")
public ResultMessage<List<StoreDepartmentRole>> get(@PathVariable String departmentId) {
return ResultUtil.data(storeDepartmentRoleService.listByDepartmentId(departmentId));
}
@PutMapping("/{departmentId}")
@ApiOperation(value = "更新部门角色")
public ResultMessage<DepartmentRole> update(@PathVariable String departmentId, @RequestBody List<StoreDepartmentRole> storeDepartmentRoles) {
storeDepartmentRoleService.updateByDepartmentId(departmentId, storeDepartmentRoles);
return ResultUtil.success();
}
}

49
seller-api/src/main/java/cn/lili/controller/permission/StoreMenuController.java Normal file
View File

@@ -0,0 +1,49 @@
package cn.lili.controller.permission;
import cn.lili.common.aop.annotation.DemoSite;
import cn.lili.common.enums.ResultUtil;
import cn.lili.common.vo.ResultMessage;
import cn.lili.modules.member.entity.vo.StoreMenuVO;
import cn.lili.modules.member.service.StoreMenuService;
import cn.lili.modules.permission.entity.dos.Menu;
import cn.lili.modules.permission.entity.dto.MenuSearchParams;
import cn.lili.modules.permission.entity.vo.MenuVO;
import cn.lili.modules.permission.service.MenuService;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiImplicitParam;
import io.swagger.annotations.ApiOperation;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;
import java.util.List;
/**
* 管理端,菜单管理接口
*
* @author Chopper
* @since 2020/11/20 12:07
*/
@Slf4j
@RestController
@Api(tags = "店铺端,菜单管理接口")
@RequestMapping("/store/menu")
public class StoreMenuController {
@Autowired
private StoreMenuService storeMenuService;
@ApiOperation(value = "获取所有菜单")
@GetMapping("/tree")
public ResultMessage<List<StoreMenuVO>> getAllMenuList() {
return ResultUtil.data(storeMenuService.tree());
}
@ApiOperation(value = "获取所有菜单")
@GetMapping("/memberMenu")
public ResultMessage<List<StoreMenuVO>> memberMenu() {
return ResultUtil.data(storeMenuService.findUserTree());
}
}

43
seller-api/src/main/java/cn/lili/controller/permission/StoreMenuRoleController.java Normal file
View File

@@ -0,0 +1,43 @@
package cn.lili.controller.permission;
import cn.lili.common.enums.ResultUtil;
import cn.lili.common.vo.ResultMessage;
import cn.lili.modules.member.entity.dos.StoreMenuRole;
import cn.lili.modules.member.service.StoreMenuRoleService;
import cn.lili.modules.permission.entity.dos.RoleMenu;
import cn.lili.modules.permission.service.RoleMenuService;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;
import java.util.List;
/**
* 店铺端,角色菜单接口
*
* @author Chopper
* @since 2020/11/22 11:40
*/
@RestController
@Api(tags = "店铺端,角色菜单接口")
@RequestMapping("/store/roleMenu")
public class StoreMenuRoleController {
@Autowired
private StoreMenuRoleService storeMenuRoleService;
@GetMapping(value = "/{roleId}")
@ApiOperation(value = "查看某角色拥有到菜单")
public ResultMessage<List<StoreMenuRole>> get(@PathVariable String roleId) {
return ResultUtil.data(storeMenuRoleService.findByRoleId(roleId));
}
@PostMapping(value = "/{roleId}")
@ApiOperation(value = "保存角色菜单")
public ResultMessage save(@PathVariable String roleId, @RequestBody List<StoreMenuRole> roleMenus) {
storeMenuRoleService.updateRoleMenu(roleId, roleMenus);
return ResultUtil.success();
}
}

65
seller-api/src/main/java/cn/lili/controller/permission/StoreRoleController.java Normal file
View File

@@ -0,0 +1,65 @@
package cn.lili.controller.permission;
import cn.lili.common.enums.ResultUtil;
import cn.lili.common.security.context.UserContext;
import cn.lili.common.vo.PageVO;
import cn.lili.common.vo.ResultMessage;
import cn.lili.modules.member.entity.dos.StoreRole;
import cn.lili.modules.member.service.StoreRoleService;
import cn.lili.modules.permission.entity.dos.Role;
import cn.lili.modules.permission.service.RoleService;
import cn.lili.mybatis.util.PageUtil;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;
import java.util.List;
/**
* 店铺端,角色管理接口
*
* @author Chopper
* @since 2020/11/20 18:50
*/
@RestController
@Api(tags = "店铺端,店铺角色管理接口")
@RequestMapping("/store/role")
public class StoreRoleController {
@Autowired
private StoreRoleService storeRoleService;
@PostMapping
@ApiOperation(value = "添加角色")
public ResultMessage<StoreRole> add(StoreRole storeRole) {
storeRoleService.saveStoreRole(storeRole);
return ResultUtil.data(storeRole);
}
@GetMapping
@ApiOperation(value = "查询店铺角色")
public ResultMessage<Page> page(PageVO pageVo, StoreRole storeRole) {
storeRole.setStoreId(UserContext.getCurrentUser().getStoreId());
Page page = storeRoleService.page(PageUtil.initPage(pageVo), PageUtil.initWrapper(storeRole));
return ResultUtil.data(page);
}
@PutMapping("/{roleId}")
@ApiOperation(value = "编辑店铺角色")
public ResultMessage<StoreRole> edit(@PathVariable String roleId, StoreRole storeRole) {
storeRole.setId(roleId);
storeRoleService.update(storeRole);
return ResultUtil.data(storeRole);
}
@DeleteMapping(value = "/{ids}")
@ApiOperation(value = "批量删除店铺角色")
public ResultMessage<Role> delByIds(@PathVariable List<String> ids) {
storeRoleService.deleteRoles(ids);
return ResultUtil.success();
}
}

78
seller-api/src/main/java/cn/lili/security/StoreAuthenticationFilter.java
View File

@@ -1,9 +1,11 @@
package cn.lili.security;
import cn.hutool.core.util.StrUtil;
import cn.hutool.json.JSONUtil;
import cn.lili.cache.Cache;
import cn.lili.cache.CachePrefix;
import cn.lili.common.security.AuthUser;
import cn.lili.common.security.enums.PermissionEnum;
import cn.lili.common.security.enums.SecurityEnum;
import cn.lili.common.security.enums.UserEnums;
import cn.lili.common.security.token.SecretKeyUtil;
@@ -20,7 +22,10 @@ import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.util.PatternMatchUtils;
import org.springframework.web.bind.annotation.RequestMethod;
import javax.naming.NoPermissionException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
@@ -28,6 +33,7 @@ import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
/**
* @author Chopper
@@ -46,19 +52,20 @@ public class StoreAuthenticationFilter extends BasicAuthenticationFilter {
@SneakyThrows
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
String accessToken = request.getHeader(SecurityEnum.HEADER_TOKEN.getValue());
if (StrUtil.isBlank(accessToken)) {
//从header中获取jwt
String jwt = request.getHeader(SecurityEnum.HEADER_TOKEN.getValue());
//如果没有token 则return
if (StrUtil.isBlank(jwt)) {
chain.doFilter(request, response);
return;
}
try {
UsernamePasswordAuthenticationToken authentication = getAuthentication(accessToken, response);
//获取用户信息存入context
UsernamePasswordAuthenticationToken authentication = getAuthentication(jwt, response);
//自定义权限过滤
if (authentication != null) {
customAuthentication(request, response, authentication);
SecurityContextHolder.getContext().setAuthentication(authentication);
} catch (Exception e) {
log.error(e.getMessage());
}
chain.doFilter(request, response);
}
@@ -100,5 +107,60 @@ public class StoreAuthenticationFilter extends BasicAuthenticationFilter {
}
return null;
}
/**
* 自定义权限过滤
*
* @param request 请求
* @param response 响应
* @param authentication 用户信息
*/
private void customAuthentication(HttpServletRequest request, HttpServletResponse response, UsernamePasswordAuthenticationToken authentication) throws NoPermissionException {
AuthUser authUser = (AuthUser) authentication.getDetails();
String requestUrl = request.getRequestURI();
//如果不是超级管理员, 则鉴权
if (!authUser.getIsSuper()) {
//获取缓存中的权限
Map<String, List<String>> permission = (Map<String, List<String>>) cache.get(CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.STORE) + authUser.getId());
//获取数据(GET 请求)权限
if (request.getMethod().equals(RequestMethod.GET.name())) {
//如果用户的超级权限和查阅权限都不包含当前请求的api
if (match(permission.get(PermissionEnum.SUPER.name()), requestUrl) ||
match(permission.get(PermissionEnum.QUERY.name()), requestUrl)) {
} else {
ResponseUtil.output(response, ResponseUtil.resultMap(false, 400, "权限不足"));
log.error("当前请求路径:{},所拥有权限:{}", requestUrl, JSONUtil.toJsonStr(permission));
throw new NoPermissionException("权限不足");
}
}
//非get请求数据操作 判定鉴权
else {
if (!match(permission.get(PermissionEnum.SUPER.name()), requestUrl)) {
ResponseUtil.output(response, ResponseUtil.resultMap(false, 400, "权限不足"));
log.error("当前请求路径:{},所拥有权限:{}", requestUrl, JSONUtil.toJsonStr(permission));
throw new NoPermissionException("权限不足");
}
}
}
}
/**
* 校验权限
*
* @param permissions 权限集合
* @param url 请求地址
* @return 是否拥有权限
*/
boolean match(List<String> permissions, String url) {
if (permissions == null || permissions.isEmpty()) {
return false;
}
return PatternMatchUtils.simpleMatch(permissions.toArray(new String[0]), url);
}
}