chore[litemall-admin-api]： 权限代码微调

litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/util/PermissionUtil.java

@@ -13,32 +13,33 @@ import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 
 import java.lang.reflect.Method;
-import java.util.*;
-import java.util.stream.Collectors;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
 
 public class PermissionUtil {
 
     public static List<PermVo> listPermissions(ApplicationContext context, String basicPackage) {
         List<PermVo> root = new ArrayList<>();
         List<Permission> permissions = findPermissions(context, basicPackage);
-        for(Permission permission : permissions) {
+        for (Permission permission : permissions) {
             RequiresPermissions requiresPermissions = permission.getRequiresPermissions();
             RequiresPermissionsDesc requiresPermissionsDesc = permission.getRequiresPermissionsDesc();
             String api = permission.getApi();
 
             String[] menus = requiresPermissionsDesc.menu();
-            if(menus.length != 2){
+            if (menus.length != 2) {
                 throw new RuntimeException("目前只支持两级菜单");
             }
             String menu1 = menus[0];
             PermVo perm1 = null;
-            for(PermVo permVo : root){
-                if(permVo.getLabel().equals(menu1)){
+            for (PermVo permVo : root) {
+                if (permVo.getLabel().equals(menu1)) {
                     perm1 = permVo;
                     break;
                 }
             }
-            if(perm1 == null){
+            if (perm1 == null) {
                 perm1 = new PermVo();
                 perm1.setId(menu1);
                 perm1.setLabel(menu1);
@@ -47,13 +48,13 @@ public class PermissionUtil {
             }
             String menu2 = menus[1];
             PermVo perm2 = null;
-            for(PermVo permVo : perm1.getChildren()){
-                if(permVo.getLabel().equals(menu2)){
+            for (PermVo permVo : perm1.getChildren()) {
+                if (permVo.getLabel().equals(menu2)) {
                     perm2 = permVo;
                     break;
                 }
             }
-            if(perm2 == null){
+            if (perm2 == null) {
                 perm2 = new PermVo();
                 perm2.setId(menu2);
                 perm2.setLabel(menu2);
@@ -61,12 +62,28 @@ public class PermissionUtil {
                 perm1.getChildren().add(perm2);
             }
 
-            PermVo leftPerm = new PermVo();
-            leftPerm.setId(requiresPermissions.value()[0]);
-            leftPerm.setLabel(requiresPermissionsDesc.button());
-            leftPerm.setApi(api);
+            String button = requiresPermissionsDesc.button();
+            PermVo leftPerm = null;
+            for (PermVo permVo : perm2.getChildren()) {
+                if (permVo.getLabel().equals(button)) {
+                    leftPerm = permVo;
+                    break;
+                }
+            }
+            if (leftPerm == null) {
+                leftPerm = new PermVo();
+                leftPerm.setId(requiresPermissions.value()[0]);
+                leftPerm.setLabel(requiresPermissionsDesc.button());
+                leftPerm.setApi(api);
+                perm2.getChildren().add(leftPerm);
+            }
+            else{
+                // TODO
+                // 目前限制Controller里面每个方法的RequiresPermissionsDesc注解是唯一的
+                // 如果允许相同，可能会造成内部权限不一致。
+                throw new RuntimeException("权限已经存在，不能添加新权限");
+            }
 
-            perm2.getChildren().add(leftPerm);
         }
         return root;
     }
@@ -74,9 +91,9 @@ public class PermissionUtil {
     public static List<Permission> findPermissions(ApplicationContext context, String basicPackage) {
         Map<String, Object> map = context.getBeansWithAnnotation(Controller.class);
         List<Permission> permissions = new ArrayList<>();
-        for(Map.Entry<String, Object> entry : map.entrySet()){
+        for (Map.Entry<String, Object> entry : map.entrySet()) {
             Object bean = entry.getValue();
-            if(!StringUtils.contains(ClassUtils.getPackageName(bean.getClass()), basicPackage)){
+            if (!StringUtils.contains(ClassUtils.getPackageName(bean.getClass()), basicPackage)) {
                 continue;
             }
 
@@ -84,21 +101,21 @@ public class PermissionUtil {
             Class controllerClz = clz.getSuperclass();
             RequestMapping clazzRequestMapping = AnnotationUtils.findAnnotation(controllerClz, RequestMapping.class);
             List<Method> methods = MethodUtils.getMethodsListWithAnnotation(controllerClz, RequiresPermissions.class);
-            for(Method method : methods){
+            for (Method method : methods) {
                 RequiresPermissions requiresPermissions = AnnotationUtils.getAnnotation(method, RequiresPermissions.class);
                 RequiresPermissionsDesc requiresPermissionsDesc = AnnotationUtils.getAnnotation(method, RequiresPermissionsDesc.class);
 
-                if(requiresPermissions == null || requiresPermissionsDesc == null){
+                if (requiresPermissions == null || requiresPermissionsDesc == null) {
                     continue;
                 }
 
                 String api = "";
-                if(clazzRequestMapping != null){
+                if (clazzRequestMapping != null) {
                     api = clazzRequestMapping.value()[0];
                 }
 
                 PostMapping postMapping = AnnotationUtils.getAnnotation(method, PostMapping.class);
-                if(postMapping != null){
+                if (postMapping != null) {
                     api = "POST " + api + postMapping.value()[0];
 
                     Permission permission = new Permission();
@@ -109,7 +126,7 @@ public class PermissionUtil {
                     continue;
                 }
                 GetMapping getMapping = AnnotationUtils.getAnnotation(method, GetMapping.class);
-                if(getMapping != null){
+                if (getMapping != null) {
                     api = "GET " + api + getMapping.value()[0];
                     Permission permission = new Permission();
                     permission.setRequiresPermissions(requiresPermissions);

litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminCouponController.java

@@ -51,7 +51,7 @@ public class AdminCouponController {
     }
 
     @RequiresPermissions("admin:coupon:list")
-    @RequiresPermissionsDesc(menu={"推广管理" , "优惠券管理"}, button="查询")
+    @RequiresPermissionsDesc(menu={"推广管理" , "优惠券管理"}, button="查询用户")
     @GetMapping("/listuser")
     public Object listuser(Integer userId, Integer couponId, Short status,
                        @RequestParam(defaultValue = "1") Integer page,

litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminGoodsController.java

@@ -36,7 +36,7 @@ public class AdminGoodsController {
      * @return
      */
     @RequiresPermissions("admin:goods:list")
-    @RequiresPermissionsDesc(menu = {"商品管理", "商品列表"}, button = "查询")
+    @RequiresPermissionsDesc(menu = {"商品管理", "商品管理"}, button = "查询")
     @GetMapping("/list")
     public Object list(String goodsSn, String name,
                        @RequestParam(defaultValue = "1") Integer page,
@@ -46,6 +46,11 @@ public class AdminGoodsController {
         return adminGoodsService.list(goodsSn, name, page, limit, sort, order);
     }
 
+    @GetMapping("/catAndBrand")
+    public Object list2() {
+        return adminGoodsService.list2();
+    }
+
     /**
      * 编辑商品
      *
@@ -53,7 +58,7 @@ public class AdminGoodsController {
      * @return
      */
     @RequiresPermissions("admin:goods:update")
-    @RequiresPermissionsDesc(menu = {"商品管理", "商品列表"}, button = "编辑")
+    @RequiresPermissionsDesc(menu = {"商品管理", "商品管理"}, button = "编辑")
     @PostMapping("/update")
     public Object update(@RequestBody GoodsAllinone goodsAllinone) {
         return adminGoodsService.update(goodsAllinone);
@@ -66,7 +71,7 @@ public class AdminGoodsController {
      * @return
      */
     @RequiresPermissions("admin:goods:delete")
-    @RequiresPermissionsDesc(menu = {"商品管理", "商品列表"}, button = "删除")
+    @RequiresPermissionsDesc(menu = {"商品管理", "商品管理"}, button = "删除")
     @PostMapping("/delete")
     public Object delete(@RequestBody LitemallGoods goods) {
         return adminGoodsService.delete(goods);
@@ -79,19 +84,12 @@ public class AdminGoodsController {
      * @return
      */
     @RequiresPermissions("admin:goods:create")
-    @RequiresPermissionsDesc(menu = {"商品管理", "商品上架"}, button = "上架")
+    @RequiresPermissionsDesc(menu = {"商品管理", "商品管理"}, button = "上架")
     @PostMapping("/create")
     public Object create(@RequestBody GoodsAllinone goodsAllinone) {
         return adminGoodsService.create(goodsAllinone);
     }
 
-    @RequiresPermissions("admin:goods:list")
-    @RequiresPermissionsDesc(menu = {"商品管理", "商品列表"}, button = "查询")
-    @GetMapping("/catAndBrand")
-    public Object list2() {
-        return adminGoodsService.list2();
-    }
-
     /**
      * 商品详情
      *
@@ -99,7 +97,7 @@ public class AdminGoodsController {
      * @return
      */
     @RequiresPermissions("admin:goods:read")
-    @RequiresPermissionsDesc(menu = {"商品管理", "商品列表"}, button = "编辑")
+    @RequiresPermissionsDesc(menu = {"商品管理", "商品管理"}, button = "详情")
     @GetMapping("/detail")
     public Object detail(@NotNull Integer id) {
         return adminGoodsService.detail(id);

litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminGrouponController.java

@@ -38,7 +38,7 @@ public class AdminGrouponController {
     private LitemallGrouponService grouponService;
 
     @RequiresPermissions("admin:groupon:read")
-    @RequiresPermissionsDesc(menu={"推广管理" , "团购管理"}, button="查询")
+    @RequiresPermissionsDesc(menu={"推广管理" , "团购管理"}, button="详情")
     @GetMapping("/listRecord")
     public Object listRecord(String grouponId,
                              @RequestParam(defaultValue = "1") Integer page,

litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminIssueController.java

@@ -29,7 +29,7 @@ public class AdminIssueController {
     private LitemallIssueService issueService;
 
     @RequiresPermissions("admin:issue:list")
-    @RequiresPermissionsDesc(menu={"商城管理" , "通用问题"}, button="查询")
+    @RequiresPermissionsDesc(menu={"商场管理" , "通用问题"}, button="查询")
     @GetMapping("/list")
     public Object list(String question,
                        @RequestParam(defaultValue = "1") Integer page,
@@ -58,7 +58,7 @@ public class AdminIssueController {
     }
 
     @RequiresPermissions("admin:issue:create")
-    @RequiresPermissionsDesc(menu={"商城管理" , "通用问题"}, button="添加")
+    @RequiresPermissionsDesc(menu={"商场管理" , "通用问题"}, button="添加")
     @PostMapping("/create")
     public Object create(@RequestBody LitemallIssue issue) {
         Object error = validate(issue);
@@ -77,7 +77,7 @@ public class AdminIssueController {
     }
 
     @RequiresPermissions("admin:issue:update")
-    @RequiresPermissionsDesc(menu={"商城管理" , "通用问题"}, button="编辑")
+    @RequiresPermissionsDesc(menu={"商场管理" , "通用问题"}, button="编辑")
     @PostMapping("/update")
     public Object update(@RequestBody LitemallIssue issue) {
         Object error = validate(issue);
@@ -92,7 +92,7 @@ public class AdminIssueController {
     }
 
     @RequiresPermissions("admin:issue:delete")
-    @RequiresPermissionsDesc(menu={"商城管理" , "通用问题"}, button="删除")
+    @RequiresPermissionsDesc(menu={"商场管理" , "通用问题"}, button="删除")
     @PostMapping("/delete")
     public Object delete(@RequestBody LitemallIssue issue) {
         Integer id = issue.getId();

litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminKeywordController.java

@@ -29,7 +29,7 @@ public class AdminKeywordController {
     private LitemallKeywordService keywordService;
 
     @RequiresPermissions("admin:keyword:list")
-    @RequiresPermissionsDesc(menu={"商城管理" , "关键词"}, button="查询")
+    @RequiresPermissionsDesc(menu={"商场管理" , "关键词"}, button="查询")
     @GetMapping("/list")
     public Object list(String keyword, String url,
                        @RequestParam(defaultValue = "1") Integer page,
@@ -58,7 +58,7 @@ public class AdminKeywordController {
     }
 
     @RequiresPermissions("admin:keyword:create")
-    @RequiresPermissionsDesc(menu={"商城管理" , "关键词"}, button="添加")
+    @RequiresPermissionsDesc(menu={"商场管理" , "关键词"}, button="添加")
     @PostMapping("/create")
     public Object create(@RequestBody LitemallKeyword keywords) {
         Object error = validate(keywords);
@@ -70,7 +70,7 @@ public class AdminKeywordController {
     }
 
     @RequiresPermissions("admin:keyword:read")
-    @RequiresPermissionsDesc(menu={"商城管理" , "关键词"}, button="详情")
+    @RequiresPermissionsDesc(menu={"商场管理" , "关键词"}, button="详情")
     @GetMapping("/read")
     public Object read(@NotNull Integer id) {
         LitemallKeyword brand = keywordService.findById(id);
@@ -78,7 +78,7 @@ public class AdminKeywordController {
     }
 
     @RequiresPermissions("admin:keyword:update")
-    @RequiresPermissionsDesc(menu={"商城管理" , "关键词"}, button="编辑")
+    @RequiresPermissionsDesc(menu={"商场管理" , "关键词"}, button="编辑")
     @PostMapping("/update")
     public Object update(@RequestBody LitemallKeyword keywords) {
         Object error = validate(keywords);
@@ -92,7 +92,7 @@ public class AdminKeywordController {
     }
 
     @RequiresPermissions("admin:keyword:delete")
-    @RequiresPermissionsDesc(menu={"商城管理" , "关键词"}, button="删除")
+    @RequiresPermissionsDesc(menu={"商场管理" , "关键词"}, button="删除")
     @PostMapping("/delete")
     public Object delete(@RequestBody LitemallKeyword keyword) {
         Integer id = keyword.getId();

litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminOrderController.java

@@ -36,7 +36,7 @@ public class AdminOrderController {
      * @return
      */
     @RequiresPermissions("admin:order:list")
-    @RequiresPermissionsDesc(menu = {"商城管理", "订单管理"}, button = "查询")
+    @RequiresPermissionsDesc(menu = {"商场管理", "订单管理"}, button = "查询")
     @GetMapping("/list")
     public Object list(Integer userId, String orderSn,
                        @RequestParam(required = false) List<Short> orderStatusArray,
@@ -54,7 +54,7 @@ public class AdminOrderController {
      * @return
      */
     @RequiresPermissions("admin:order:read")
-    @RequiresPermissionsDesc(menu = {"商城管理", "订单管理"}, button = "详情")
+    @RequiresPermissionsDesc(menu = {"商场管理", "订单管理"}, button = "详情")
     @GetMapping("/detail")
     public Object detail(@NotNull Integer id) {
         return adminOrderService.detail(id);
@@ -67,7 +67,7 @@ public class AdminOrderController {
      * @return 订单退款操作结果
      */
     @RequiresPermissions("admin:order:refund")
-    @RequiresPermissionsDesc(menu = {"商城管理", "订单管理"}, button = "订单退款")
+    @RequiresPermissionsDesc(menu = {"商场管理", "订单管理"}, button = "订单退款")
     @PostMapping("refund")
     public Object refund(@RequestBody String body) {
         return adminOrderService.refund(body);
@@ -80,7 +80,7 @@ public class AdminOrderController {
      * @return 订单操作结果
      */
     @RequiresPermissions("admin:order:ship")
-    @RequiresPermissionsDesc(menu = {"商城管理", "订单管理"}, button = "订单发货")
+    @RequiresPermissionsDesc(menu = {"商场管理", "订单管理"}, button = "订单发货")
     @PostMapping("ship")
     public Object ship(@RequestBody String body) {
         return adminOrderService.ship(body);
@@ -94,7 +94,7 @@ public class AdminOrderController {
      * @return 订单操作结果
      */
     @RequiresPermissions("admin:order:reply")
-    @RequiresPermissionsDesc(menu = {"商城管理", "订单管理"}, button = "订单商品回复")
+    @RequiresPermissionsDesc(menu = {"商场管理", "订单管理"}, button = "订单商品回复")
     @PostMapping("reply")
     public Object reply(@RequestBody String body) {
         return adminOrderService.reply(body);

litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminRoleController.java

@@ -42,7 +42,7 @@ public class AdminRoleController {
     private LitemallPermissionService permissionService;
 
     @RequiresPermissions("admin:role:list")
-    @RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="查询")
+    @RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="角色查询")
     @GetMapping("/list")
     public Object list(String name,
                        @RequestParam(defaultValue = "1") Integer page,
@@ -58,8 +58,6 @@ public class AdminRoleController {
         return ResponseUtil.ok(data);
     }
 
-    @RequiresPermissions("admin:role:list")
-    @RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="查询")
     @GetMapping("/options")
     public Object options(){
         List<LitemallRole> roleList = roleService.queryAll();
@@ -76,7 +74,7 @@ public class AdminRoleController {
     }
 
     @RequiresPermissions("admin:role:read")
-    @RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="详情")
+    @RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="角色详情")
     @GetMapping("/read")
     public Object read(@NotNull Integer id) {
         LitemallRole role = roleService.findById(id);
@@ -94,7 +92,7 @@ public class AdminRoleController {
     }
 
     @RequiresPermissions("admin:role:create")
-    @RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="添加")
+    @RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="角色添加")
     @PostMapping("/create")
     public Object create(@RequestBody LitemallRole role) {
         Object error = validate(role);
@@ -112,7 +110,7 @@ public class AdminRoleController {
     }
 
     @RequiresPermissions("admin:role:update")
-    @RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="编辑")
+    @RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="角色编辑")
     @PostMapping("/update")
     public Object update(@RequestBody LitemallRole role) {
         Object error = validate(role);
@@ -125,7 +123,7 @@ public class AdminRoleController {
     }
 
     @RequiresPermissions("admin:role:delete")
-    @RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="删除")
+    @RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="角色删除")
     @PostMapping("/delete")
     public Object delete(@RequestBody LitemallRole role) {
         Integer id = role.getId();
@@ -178,7 +176,7 @@ public class AdminRoleController {
      * @return 系统所有权限列表和管理员已分配权限
      */
     @RequiresPermissions("admin:role:permission")
-    @RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="授权")
+    @RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="权限详情")
     @GetMapping("/permissions")
     public Object getPermissions(Integer roleId) {
         List<PermVo> systemPermissions = getSystemPermissions();
@@ -198,11 +196,14 @@ public class AdminRoleController {
      * @return
      */
     @RequiresPermissions("admin:role:permission")
-    @RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="授权")
+    @RequiresPermissionsDesc(menu={"系统管理" , "角色管理"}, button="权限变更")
     @PostMapping("/permissions")
     public Object updatePermissions(@RequestBody String body) {
         Integer roleId = JacksonUtil.parseInteger(body, "roleId");
         List<String> permissions = JacksonUtil.parseStringList(body, "permissions");
+        if(roleId == null || permissions == null){
+            return ResponseUtil.badArgument();
+        }
 
         // 如果修改的角色是超级权限，则拒绝修改。
         if(permissionService.checkSuperPermission(roleId)){

litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminUserController.java

@@ -49,8 +49,6 @@ public class AdminUserController {
         return ResponseUtil.ok(data);
     }
 
-    @RequiresPermissions("admin:user:list")
-    @RequiresPermissionsDesc(menu={"用户管理" , "会员管理"}, button="查询")
     @GetMapping("/username")
     public Object username(@NotEmpty String username) {
         int total = userService.countSeletive(username, null, null, null, null, null);