package com.stylefeng.guns.modular.system.controller; import com.stylefeng.guns.config.properties.GunsProperties; import com.stylefeng.guns.core.base.controller.BaseController; import com.stylefeng.guns.core.base.tips.Tip; import com.stylefeng.guns.core.common.annotion.BussinessLog; import com.stylefeng.guns.core.common.annotion.Permission; import com.stylefeng.guns.core.common.constant.Const; import com.stylefeng.guns.core.common.constant.dictmap.UserDict; import com.stylefeng.guns.core.common.constant.factory.ConstantFactory; import com.stylefeng.guns.core.common.constant.state.ManagerStatus; import com.stylefeng.guns.core.common.exception.BizExceptionEnum; import com.stylefeng.guns.core.datascope.DataScope; import com.stylefeng.guns.core.db.Db; import com.stylefeng.guns.core.exception.GunsException; import com.stylefeng.guns.core.log.LogObjectHolder; import com.stylefeng.guns.core.shiro.ShiroKit; import com.stylefeng.guns.core.shiro.ShiroUser; import com.stylefeng.guns.core.util.ToolUtil; import com.stylefeng.guns.modular.system.dao.UserMapper; import com.stylefeng.guns.modular.system.factory.UserFactory; import com.stylefeng.guns.modular.system.model.User; import com.stylefeng.guns.modular.system.service.IUserService; import com.stylefeng.guns.modular.system.transfer.UserDto; import com.stylefeng.guns.modular.system.warpper.UserWarpper; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.validation.BindingResult; import org.springframework.web.bind.annotation.*; import org.springframework.web.multipart.MultipartFile; import javax.naming.NoPermissionException; import javax.validation.Valid; import java.io.File; import java.util.Date; import java.util.List; import java.util.Map; import java.util.UUID; /** * 系统管理员控制器 * * @author fengshuonan * @Date 2017年1月11日 下午1:08:17 */ @Controller @RequestMapping("/mgr") public class UserMgrController extends BaseController { private static String PREFIX = "/system/user/"; @Autowired private GunsProperties gunsProperties; @Autowired private IUserService userService; /** * 跳转到查看管理员列表的页面 */ @RequestMapping("") public String index() { return PREFIX + "user.html"; } /** * 跳转到查看管理员列表的页面 */ @RequestMapping("/user_add") public String addView() { return PREFIX + "user_add.html"; } /** * 跳转到角色分配页面 */ //@RequiresPermissions("/mgr/role_assign") //利用shiro自带的权限检查 @Permission @RequestMapping("/role_assign/{userId}") public String roleAssign(@PathVariable Integer userId, Model model) { if (ToolUtil.isEmpty(userId)) { throw new GunsException(BizExceptionEnum.REQUEST_NULL); } User user = (User) Db.create(UserMapper.class).selectOneByCon("id", userId); model.addAttribute("userId", userId); model.addAttribute("userAccount", user.getAccount()); return PREFIX + "user_roleassign.html"; } /** * 跳转到编辑管理员页面 */ @Permission @RequestMapping("/user_edit/{userId}") public String userEdit(@PathVariable Integer userId, Model model) { if (ToolUtil.isEmpty(userId)) { throw new GunsException(BizExceptionEnum.REQUEST_NULL); } assertAuth(userId); User user = this.userService.selectById(userId); model.addAttribute(user); model.addAttribute("roleName", ConstantFactory.me().getRoleName(user.getRoleid())); model.addAttribute("deptName", ConstantFactory.me().getDeptName(user.getDeptid())); LogObjectHolder.me().set(user); return PREFIX + "user_edit.html"; } /** * 跳转到查看用户详情页面 */ @RequestMapping("/user_info") public String userInfo(Model model) { Integer userId = ShiroKit.getUser().getId(); if (ToolUtil.isEmpty(userId)) { throw new GunsException(BizExceptionEnum.REQUEST_NULL); } User user = this.userService.selectById(userId); model.addAttribute(user); model.addAttribute("roleName", ConstantFactory.me().getRoleName(user.getRoleid())); model.addAttribute("deptName", ConstantFactory.me().getDeptName(user.getDeptid())); LogObjectHolder.me().set(user); return PREFIX + "user_view.html"; } /** * 跳转到修改密码界面 */ @RequestMapping("/user_chpwd") public String chPwd() { return PREFIX + "user_chpwd.html"; } /** * 修改当前用户的密码 */ @RequestMapping("/changePwd") @ResponseBody public Object changePwd(@RequestParam String oldPwd, @RequestParam String newPwd, @RequestParam String rePwd) { if (!newPwd.equals(rePwd)) { throw new GunsException(BizExceptionEnum.TWO_PWD_NOT_MATCH); } Integer userId = ShiroKit.getUser().getId(); User user = userService.selectById(userId); String oldMd5 = ShiroKit.md5(oldPwd, user.getSalt()); if (user.getPassword().equals(oldMd5)) { String newMd5 = ShiroKit.md5(newPwd, user.getSalt()); user.setPassword(newMd5); user.updateById(); return SUCCESS_TIP; } else { throw new GunsException(BizExceptionEnum.OLD_PWD_NOT_RIGHT); } } /** * 查询管理员列表 */ @RequestMapping("/list") @Permission @ResponseBody public Object list(@RequestParam(required = false) String name, @RequestParam(required = false) String beginTime, @RequestParam(required = false) String endTime, @RequestParam(required = false) Integer deptid) { if (ShiroKit.isAdmin()) { List> users = userService.selectUsers(null, name, beginTime, endTime, deptid); return new UserWarpper(users).warp(); } else { DataScope dataScope = new DataScope(ShiroKit.getDeptDataScope()); List> users = userService.selectUsers(dataScope, name, beginTime, endTime, deptid); return new UserWarpper(users).warp(); } } /** * 添加管理员 */ @RequestMapping("/add") @BussinessLog(value = "添加管理员", key = "account", dict = UserDict.class) @Permission(Const.ADMIN_NAME) @ResponseBody public Tip add(@Valid UserDto user, BindingResult result) { if (result.hasErrors()) { throw new GunsException(BizExceptionEnum.REQUEST_NULL); } // 判断账号是否重复 User theUser = userService.getByAccount(user.getAccount()); if (theUser != null) { throw new GunsException(BizExceptionEnum.USER_ALREADY_REG); } // 完善账号信息 user.setSalt(ShiroKit.getRandomSalt(5)); user.setPassword(ShiroKit.md5(user.getPassword(), user.getSalt())); user.setStatus(ManagerStatus.OK.getCode()); user.setCreatetime(new Date()); this.userService.insert(UserFactory.createUser(user)); return SUCCESS_TIP; } /** * 修改管理员 * * @throws NoPermissionException */ @RequestMapping("/edit") @BussinessLog(value = "修改管理员", key = "account", dict = UserDict.class) @ResponseBody public Tip edit(@Valid UserDto user, BindingResult result) throws NoPermissionException { if (result.hasErrors()) { throw new GunsException(BizExceptionEnum.REQUEST_NULL); } User oldUser = userService.selectById(user.getId()); if (ShiroKit.hasRole(Const.ADMIN_NAME)) { this.userService.updateById(UserFactory.editUser(user, oldUser)); return SUCCESS_TIP; } else { assertAuth(user.getId()); ShiroUser shiroUser = ShiroKit.getUser(); if (shiroUser.getId().equals(user.getId())) { this.userService.updateById(UserFactory.editUser(user, oldUser)); return SUCCESS_TIP; } else { throw new GunsException(BizExceptionEnum.NO_PERMITION); } } } /** * 删除管理员(逻辑删除) */ @RequestMapping("/delete") @BussinessLog(value = "删除管理员", key = "userId", dict = UserDict.class) @Permission @ResponseBody public Tip delete(@RequestParam Integer userId) { if (ToolUtil.isEmpty(userId)) { throw new GunsException(BizExceptionEnum.REQUEST_NULL); } //不能删除超级管理员 if (userId.equals(Const.ADMIN_ID)) { throw new GunsException(BizExceptionEnum.CANT_DELETE_ADMIN); } assertAuth(userId); this.userService.setStatus(userId, ManagerStatus.DELETED.getCode()); return SUCCESS_TIP; } /** * 查看管理员详情 */ @RequestMapping("/view/{userId}") @ResponseBody public User view(@PathVariable Integer userId) { if (ToolUtil.isEmpty(userId)) { throw new GunsException(BizExceptionEnum.REQUEST_NULL); } assertAuth(userId); return this.userService.selectById(userId); } /** * 重置管理员的密码 */ @RequestMapping("/reset") @BussinessLog(value = "重置管理员密码", key = "userId", dict = UserDict.class) @Permission(Const.ADMIN_NAME) @ResponseBody public Tip reset(@RequestParam Integer userId) { if (ToolUtil.isEmpty(userId)) { throw new GunsException(BizExceptionEnum.REQUEST_NULL); } assertAuth(userId); User user = this.userService.selectById(userId); user.setSalt(ShiroKit.getRandomSalt(5)); user.setPassword(ShiroKit.md5(Const.DEFAULT_PWD, user.getSalt())); this.userService.updateById(user); return SUCCESS_TIP; } /** * 冻结用户 */ @RequestMapping("/freeze") @BussinessLog(value = "冻结用户", key = "userId", dict = UserDict.class) @Permission(Const.ADMIN_NAME) @ResponseBody public Tip freeze(@RequestParam Integer userId) { if (ToolUtil.isEmpty(userId)) { throw new GunsException(BizExceptionEnum.REQUEST_NULL); } //不能冻结超级管理员 if (userId.equals(Const.ADMIN_ID)) { throw new GunsException(BizExceptionEnum.CANT_FREEZE_ADMIN); } assertAuth(userId); this.userService.setStatus(userId, ManagerStatus.FREEZED.getCode()); return SUCCESS_TIP; } /** * 解除冻结用户 */ @RequestMapping("/unfreeze") @BussinessLog(value = "解除冻结用户", key = "userId", dict = UserDict.class) @Permission(Const.ADMIN_NAME) @ResponseBody public Tip unfreeze(@RequestParam Integer userId) { if (ToolUtil.isEmpty(userId)) { throw new GunsException(BizExceptionEnum.REQUEST_NULL); } assertAuth(userId); this.userService.setStatus(userId, ManagerStatus.OK.getCode()); return SUCCESS_TIP; } /** * 分配角色 */ @RequestMapping("/setRole") @BussinessLog(value = "分配角色", key = "userId,roleIds", dict = UserDict.class) @Permission(Const.ADMIN_NAME) @ResponseBody public Tip setRole(@RequestParam("userId") Integer userId, @RequestParam("roleIds") String roleIds) { if (ToolUtil.isOneEmpty(userId, roleIds)) { throw new GunsException(BizExceptionEnum.REQUEST_NULL); } //不能修改超级管理员 if (userId.equals(Const.ADMIN_ID)) { throw new GunsException(BizExceptionEnum.CANT_CHANGE_ADMIN); } assertAuth(userId); this.userService.setRoles(userId, roleIds); return SUCCESS_TIP; } /** * 上传图片 */ @RequestMapping(method = RequestMethod.POST, path = "/upload") @ResponseBody public String upload(@RequestPart("file") MultipartFile picture) { String pictureName = UUID.randomUUID().toString() + "." + ToolUtil.getFileSuffix(picture.getOriginalFilename()); try { String fileSavePath = gunsProperties.getFileUploadPath(); picture.transferTo(new File(fileSavePath + pictureName)); } catch (Exception e) { throw new GunsException(BizExceptionEnum.UPLOAD_ERROR); } return pictureName; } /** * 判断当前登录的用户是否有操作这个用户的权限 */ private void assertAuth(Integer userId) { if (ShiroKit.isAdmin()) { return; } List deptDataScope = ShiroKit.getDeptDataScope(); User user = this.userService.selectById(userId); Integer deptid = user.getDeptid(); if (deptDataScope.contains(deptid)) { return; } else { throw new GunsException(BizExceptionEnum.NO_PERMITION); } } }