修改数据权限逻辑

platform-admin/src/main/java/com/platform/aop/DataFilterAspect.java

@@ -1,136 +0,0 @@
-package com.platform.aop;
-
-import com.platform.annotation.DataFilter;
-import com.platform.service.impl.ZhiHouseService;
-import com.platform.utils.Constant;
-import com.platform.utils.RRException;
-import com.platform.utils.ShiroUtils;
-import com.platform.vos.TbUser;
-import org.apache.commons.lang.StringUtils;
-import org.aspectj.lang.JoinPoint;
-import org.aspectj.lang.annotation.Aspect;
-import org.aspectj.lang.annotation.Before;
-import org.aspectj.lang.annotation.Pointcut;
-import org.aspectj.lang.reflect.MethodSignature;
-import org.checkerframework.checker.units.qual.A;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Component;
-
-import java.util.List;
-import java.util.Map;
-
-/**
- * 数据过滤，切面处理类
- *
- * @author lipengjun
- * @email 939961241@qq.com
- * @gitee https://gitee.com/fuyang_lipengjun/platform
- * @date 2017年10月23日 下午13:33:35
- */
-@Aspect
-@Component
-public class DataFilterAspect {
-
-    @Autowired
-    private ZhiHouseService zhiHouseService;
-    /**
-     * 切点
-     */
-    @Pointcut("@annotation(com.platform.annotation.DataFilter)")
-    public void dataFilterCut() {
-
-    }
-
-    /**
-     * 前置通知
-     *
-     * @param point 连接点
-     */
-    @Before("dataFilterCut()")
-    public void dataFilter(JoinPoint point) {
-        //获取参数
-        Object params = point.getArgs()[0];
-        if (params != null && params instanceof Map) {
-            TbUser user = ShiroUtils.getUserEntity();
-
-            //如果不是超级管理员，则只能查询本部门及子部门数据
-            if (user.getId() != Constant.SUPER_ADMIN) {
-                Map map = (Map) params;
-                map.put("filterSql", getFilterSQL(user, point));
-            }
-
-            return;
-        }
-
-        throw new RRException("数据权限接口的参数必须为Map类型，且不能为NULL");
-    }
-
-    /**
-     * 获取数据过滤的SQL
-     *
-     * @param user  登录用户
-     * @param point 连接点
-     * @return sql
-     */
-    private String getFilterSQL(TbUser user, JoinPoint point) {
-        MethodSignature signature = (MethodSignature) point.getSignature();
-        DataFilter dataFilter = signature.getMethod().getAnnotation(DataFilter.class);
-
-        String userAlias = dataFilter.userAlias();
-        String deptAlias = dataFilter.deptAlias();
-
-        StringBuilder filterSql = new StringBuilder();
-
-        if (StringUtils.isNotBlank(deptAlias)) {
-            //取出登录用户部门权限
-            String alias = getAliasByUser(user.getId());
-            if (StringUtils.isNotEmpty(alias)) {
-                filterSql.append(" and (");
-                filterSql.append(deptAlias);
-                filterSql.append(" in ");
-                filterSql.append(" ( ");
-                filterSql.append(alias);
-                filterSql.append(" ) ");
-                if (StringUtils.isNotBlank(userAlias)) {
-                    filterSql.append(" or ");
-                    filterSql.append(userAlias);
-                    filterSql.append("='");
-                    filterSql.append(user.getId());
-                    filterSql.append("' ");
-                }
-                filterSql.append(" ) ");
-            }
-        } else if (StringUtils.isNotBlank(userAlias)) {
-            filterSql.append(" and ");
-            filterSql.append(userAlias);
-            filterSql.append("='");
-            filterSql.append(user.getId());
-            filterSql.append("' ");
-        }
-
-        return filterSql.toString();
-    }
-
-    /**
-     * 取出用户权限
-     *
-     * @param userId 登录用户Id
-     * @return 权限
-     */
-    private String getAliasByUser(Long userId) {
-        @SuppressWarnings("unchecked")
-        List<Long> roleOrglist = zhiHouseService.queryDeptIdListByUserId(userId);
-        StringBuilder roleStr = new StringBuilder();
-        String alias = "";
-        if (roleOrglist != null && !roleOrglist.isEmpty()) {
-            for (Long roleId : roleOrglist) {
-                roleStr.append(",");
-                roleStr.append("'");
-                roleStr.append(roleId);
-                roleStr.append("'");
-            }
-            alias = roleStr.toString().substring(1, roleStr.length());
-        }
-        return alias;
-    }
-}

platform-common/src/main/java/com/platform/annotation/DataFilter.java

@@ -1,31 +0,0 @@
-package com.platform.annotation;
-
-import java.lang.annotation.*;
-
-/**
- * 数据过滤
- *
- * @author lipengjun
- * @email 939961241@qq.com
- * @date 2017年10月23日 下午13:13:23
- */
-@Target(ElementType.METHOD)
-@Retention(RetentionPolicy.RUNTIME)
-@Documented
-public @interface DataFilter {
-
-    /**
-     * sql中数据创建用户（通常传入CREATE_USER_ID）的别名
-     */
-    String userAlias() default "";
-
-    /**
-     * sql中数据deptId的别名
-     */
-    String deptAlias() default "";
-
-    /**
-     * true：没有部门数据权限，也能查询本人数据
-     */
-    boolean self() default true;
-}

platform-common/src/main/java/com/platform/shiro/UserRealm.java

@@ -57,10 +57,8 @@ public class UserRealm extends AuthorizingRealm {
         Long userId = user.getId();
         Set<String> permsSet = new HashSet<String>();
         List<String> permsList;
-
         //系统管理员，拥有最高权限
-
-        if (userId == Constant.SUPER_ADMIN) {
+        if (user.getRoleIdList().contains(1)) {
             permsList = zhiHouseService.getAllPerms(null);
         } else {
             permsList = zhiHouseService.getAllPerms(userId);

platform-common/src/main/java/com/platform/utils/Constant.java

@@ -9,11 +9,6 @@ package com.platform.utils;
  */
 public class Constant {
     /**
-     * 超级管理员ID
-     */
-    public static final int SUPER_ADMIN = 1;
-
-    /**
      * ORACLE、MYSQL
      */
     public static final String USE_DATA = "MYSQL";

platform-shop/src/main/java/com/platform/controller/BrandController.java

@@ -17,6 +17,7 @@ import com.platform.service.impl.ZhiHouseService;
 import com.platform.utils.*;
 import com.platform.vo.BrandBindUserVo;
 import com.platform.vo.BrandRspVo;
+import com.platform.vos.CurrentUserLoginVo;
 import com.platform.vos.TbUser;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
@@ -112,10 +113,10 @@ public class BrandController extends AbstractController{
         List<Long> deptIdList = new ArrayList<>();
         Long userId = null;
         //如果不是超级管理员，则只能查询本部门及子部门数据
-        if (getUserId() != Constant.SUPER_ADMIN) {
-            Long roleId = getUser().getRoleId();
+        List<Long> roleIdList = getUser().getRoleIdList();
+        if (!roleIdList.contains(1L) && !roleIdList.contains(5L)) {
             // 公司员工只能看到已经绑定自身为主播的数据
-            if (roleId == 8) {
+            if (roleIdList.contains(8L)) {
                 userId = getUserId();
             }else{
                 if(ObjectUtils.isEmpty(getUser().getCompanyId())){
@@ -306,8 +307,8 @@ public class BrandController extends AbstractController{
      */
     @RequestMapping("/queryAll")
     public Result queryAll(@RequestBody Map<String, Object> params) {
-        Long userId = getUserId();
-        if(Constant.SUPER_ADMIN != userId){
+        List<Long> roleIds = zhiHouseService.getCurrentUser().getRoleIdList();
+        if(!roleIds.contains(5) && !roleIds.contains(1)){
             //通过部门ID过滤数据
             if(null == getDeptId()){
                 return Result.success(new ArrayList<>());
@@ -328,9 +329,9 @@ public class BrandController extends AbstractController{
         //查询列表数据
         Query query = new Query(params);
 
-        Long userId = getUserId();
-        if(Constant.SUPER_ADMIN != userId){
-            params.put("idList", mySysUserBrandService.queryBrandIdList(userId));
+        List<Long> roleIdList = getUser().getRoleIdList();
+        if(!roleIdList.contains(1L) && !roleIdList.contains(5L)){
+            params.put("idList", mySysUserBrandService.queryBrandIdList(getUserId()));
         }
         HttpRequestorUtil util = new HttpRequestorUtil();
         List<BrandEntity> list = brandService.queryList(params);
@@ -522,42 +523,4 @@ public class BrandController extends AbstractController{
         }
         return Result.failure("删除热点商品关联失败");
     }
-
-    /**
-     * 跳转到场景编辑页面
-     */
-    @RequestMapping("/goSceneEditUrl")
-    public void goSceneEditUrl(HttpServletRequest request, HttpServletResponse response){
-        TbUser sysUserEntity = zhiHouseService.getByUserId((long)Constant.SUPER_ADMIN);
-        String sceneUrl = request.getParameter("sceneUrl");
-        if(!StringUtils.isEmpty(sceneUrl)){
-            String sceneNum = sceneUrl.split("\\?m=")[1];
-            sceneNum = sceneNum.substring(0, sceneNum.indexOf("&"));
-
-            String scenePath = this.scenePath;
-            String editHtml = ResourceUtil.getConfigByName("editHtml");
-            String origin = ResourceUtil.getConfigByName("origin");
-            HttpRequestorUtil util = new HttpRequestorUtil();
-
-            JSONObject post = new JSONObject();
-            post.put("phoneNum", sysUserEntity.getFdkkUser());
-            post.put("password", PasswordUtils.decrypt(sysUserEntity.getFdkkPassword(), sysUserEntity.getFdkkUser(), PasswordUtils.getStaticSalt()));
-
-            String result = util.postJson(scenePath + "login", post.toString(), "POST");
-            JSONObject object = JSON.parseObject(result);
-
-            if(object.getIntValue("code") == 0){
-                String token = object.getJSONObject("data").getString("token");
-
-                try{
-                    //登录成功
-                    response.sendRedirect(scenePath + editHtml + "?m=" + sceneNum + "&origin=" + origin +
-                            "&t=" +System.currentTimeMillis() + "&token=" + token);
-                    return;
-                }catch (Exception e){
-                    e.printStackTrace();
-                }
-            }
-        }
-    }
 }

platform-shop/src/main/java/com/platform/controller/CouponController.java

@@ -51,7 +51,8 @@ public class CouponController extends AbstractController{
         PageHelper.startPage(query.getPage(), query.getLimit());
         Long userId = getUserId();
         PageUtils pageUtil = new PageUtils(new ArrayList<>(), 0 , query.getLimit(), query.getPage());
-        if(Constant.SUPER_ADMIN != userId){
+        List<Long> roleIdList = getUser().getRoleIdList();
+        if (!roleIdList.contains(1L) && !roleIdList.contains(5L)) {
             //通过部门ID过滤数据
             if(null == getDeptId()){
                 return Result.success(pageUtil);

platform-shop/src/main/java/com/platform/controller/GoodsController.java

@@ -60,9 +60,6 @@ public class GoodsController extends AbstractController{
     @Value("${api.secret}")
     private String appSecret;
 
-    @Autowired
-    private RestTemplate restTemplate;
-
     /**
      * 查看列表
      */
@@ -72,8 +69,8 @@ public class GoodsController extends AbstractController{
         //查询列表数据
         Query query = new Query(params);
         PageUtils pageUtil = new PageUtils(new ArrayList<>(), 0, query.getLimit(), query.getPage());
-        Long userId = getUserId();
-        if (Constant.SUPER_ADMIN != userId) {
+        List<Long> roleIdList = getUser().getRoleIdList();
+        if (!roleIdList.contains(1L) && !roleIdList.contains(5L)) {
             // 获取用户角色
             Long roleId = getUser().getRoleId();
             HashMap<String, Object> brandQuery = new HashMap<>();
@@ -85,7 +82,7 @@ public class GoodsController extends AbstractController{
                 brandQuery.put("deptIdList", getDeptId());
             } else if (roleId == 8) {
                 // 公司员工只能获取当前绑定当前用户直播间的商品数据
-                List<Long> brandIds = mySysUserBrandService.queryBrandIdList(userId);
+                List<Long> brandIds = mySysUserBrandService.queryBrandIdList(getUserId());
                 if(ObjectUtils.isEmpty(brandIds)){
                     return Result.success(pageUtil);
                 }
@@ -374,9 +371,9 @@ public class GoodsController extends AbstractController{
      */
     @RequestMapping("/queryAll")
     public Result queryAll(@RequestBody Map<String, Object> params) {
-        Long userId = getUserId();
-        if(Constant.SUPER_ADMIN != userId){
-            params.put("brandIdList", mySysUserBrandService.queryBrandIdList(userId));
+        List<Long> roleIdList = getUser().getRoleIdList();
+        if (!roleIdList.contains(1L) && !roleIdList.contains(5L)) {
+            params.put("brandIdList", mySysUserBrandService.queryBrandIdList(getUserId()));
         }
 
         params.put("isDelete", 0);
@@ -399,7 +396,8 @@ public class GoodsController extends AbstractController{
         PageUtils pageUtil = new PageUtils(new ArrayList<>(), 0, query.getLimit(), query.getPage());
         query.put("isDelete", 1);
         long userId = getUserId();
-        if(Constant.SUPER_ADMIN != userId){
+        List<Long> roleIdList = getUser().getRoleIdList();
+        if (!roleIdList.contains(1L) && !roleIdList.contains(5L)) {
             if(null == getDeptId()){
                 return Result.success( pageUtil);
             }

platform-shop/src/main/java/com/platform/controller/GoodsSpecificationController.java

@@ -51,7 +51,8 @@ public class GoodsSpecificationController extends AbstractController{
 
         Long userId = getUserId();
         logger.info("系统用户id: {}", userId);
-        if(Constant.SUPER_ADMIN != userId){
+        List<Long> roleIdList = getUser().getRoleIdList();
+        if (!roleIdList.contains(1L) && !roleIdList.contains(5L)) {
             query.put("brandIdList", mySysUserBrandService.queryBrandIdList(userId));
         }
 

platform-shop/src/main/java/com/platform/controller/OrderController.java

@@ -61,8 +61,8 @@ public class OrderController extends AbstractController {
         PageUtils pageUtil = new PageUtils(new ArrayList<>(), 0, query.getLimit(), query.getPage());
         ;
 
-        Long userId = getUserId();
-        if (Constant.SUPER_ADMIN != userId) {
+        List<Long> roleIdList = getUser().getRoleIdList();
+        if (!roleIdList.contains(1L) && !roleIdList.contains(5L)) {
             if (null == getDeptId()) {
                 return Result.success(pageUtil);
             }

platform-shop/src/main/java/com/platform/controller/ProductController.java

@@ -43,9 +43,9 @@ public class ProductController extends AbstractController{
         //查询列表数据
         Query query = new Query(params);
 
-        Long userId = getUserId();
-        if(Constant.SUPER_ADMIN != userId){
-            query.put("brandIdList", mySysUserBrandService.queryBrandIdList(userId));
+        List<Long> roleIdList = getUser().getRoleIdList();
+        if (!roleIdList.contains(1L) && !roleIdList.contains(5L)) {
+            query.put("brandIdList", mySysUserBrandService.queryBrandIdList(getUserId()));
         }
 
         List<ProductEntity> productList = productService.queryList(query);

platform-shop/src/main/java/com/platform/controller/TmLiveRoomController.java

@@ -187,7 +187,7 @@ public class TmLiveRoomController extends AbstractController{
         if(null == getUserId() || null == getDeptId()){
             return Result.failure("缺失用户信息");
         }
-        resultPage  = liveRoomInfoService.getOrQuery(name, page , limit , getUserId() , getDeptId());
+        resultPage  = liveRoomInfoService.getOrQuery(name, page , limit , getUserId() , getDeptId(),getUser());
         if(resultPage != null){
            return CommonDataUtils.toResponsObject(0,"" , CommonDataUtils.assembleResultCustom(resultPage.getTotal() , resultPage.getPages() ,
                     resultPage.getCurrent() ,limit , resultPage.getRecords()));

platform-shop/src/main/java/com/platform/service/custom/LiveRoomInfoService.java

@@ -9,10 +9,12 @@ import com.platform.service.impl.TmLiveRoomInfoServiceImpl;
 import com.platform.utils.Constant;
 import com.platform.utils.StringUtils;
 import com.platform.utils.UUidGenerator;
+import com.platform.vos.CurrentUserLoginVo;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Service;
 
 import java.time.LocalDateTime;
+import java.util.List;
 
 /**
  * @author abnerhou
@@ -49,7 +51,7 @@ public class LiveRoomInfoService extends TmLiveRoomInfoServiceImpl {
         return  getBaseMapper().update(tmLiveRoomInfo , queryWrapper);
     }
 
-    public IPage<TmLiveRoomInfo> getOrQuery(String key , long pageNum , long pageSize , Long userId , Long userDeptId){
+    public IPage<TmLiveRoomInfo> getOrQuery(String key , long pageNum , long pageSize , Long userId , Long userDeptId, CurrentUserLoginVo loginVo){
         IPage<TmLiveRoomInfo> page = new Page<>(pageNum , pageSize);
         QueryWrapper<TmLiveRoomInfo> queryWrapper = new QueryWrapper<>();
         queryWrapper.eq("enable" , 1);
@@ -57,7 +59,8 @@ public class LiveRoomInfoService extends TmLiveRoomInfoServiceImpl {
             //TODO:这里需要改进，防止慢查询
             queryWrapper.like("name"  , key).or().like("anchor_name" , key);
         }
-        if(null != userId && Constant.SUPER_ADMIN != userId){
+        List<Long> roleIdList = loginVo.getRoleIdList();
+        if (!roleIdList.contains(1L) && !roleIdList.contains(5L)) {
             if(null == userDeptId){
                 return new Page<TmLiveRoomInfo>(pageNum , pageSize);
             }

platform-shop/src/main/java/com/platform/service/impl/GoodsServiceImpl.java

@@ -2,8 +2,6 @@ package com.platform.service.impl;
 
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.core.metadata.IPage;
-import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
-import com.platform.annotation.DataFilter;
 import com.platform.dao.*;
 import com.platform.entity.*;
 import com.platform.service.GoodsService;
@@ -89,7 +87,6 @@ public class GoodsServiceImpl implements GoodsService {
     }
 
     @Override
-    @DataFilter(userAlias = "nideshop_goods.create_user_id", deptAlias = "nideshop_goods.create_user_dept_id")
     public int queryTotal(Map<String, Object> map) {
         return goodsDao.queryTotal(map);
     }