Skip to content
GitLab
Commit 835fd6f8 authored by Junling Bu's avatar Junling Bu
Browse files

feat[litemall-admin-api]:后端API访问需要校验权限

parent 457b7ad9
Hide whitespace changes
Inline Side-by-side
doc/admin.md
View file @ 835fd6f8
......@@ -80,39 +80,9 @@
### 4.1.8 安全
#### 4.1.8.1 Token
管理员登录成功以后,后端会返回token,之后管理员的请求都会携带token。
见AdminWebMvcConfiguration类、LoginAdmin和LoginAdminHandlerMethodArgumentResolver类。
管理后台后端服务每次请求都会检测是否存在HTTP头部域`X-Litemall-Admin-Token`
如果存在,则内部查询转换成LoginAdmin,然后作为请求参数。
如果不存在,则作为null请求参数。
而具体的后端服务controller中,则可以利用LoginAdmin来检查。
例如管理员地址服务中:
```
@RestController
@RequestMapping("/admin/address")
@Validated
public class AdminAddressController {
@GetMapping("/list")
public Object list(@LoginAdmin Integer adminId,
Integer userId, String name,
@RequestParam(defaultValue = "1") Integer page,
@RequestParam(defaultValue = "10") Integer limit,
@Sort @RequestParam(defaultValue = "add_time") String sort,
@Order @RequestParam(defaultValue = "desc") String order) {
if (adminId == null) {
return ResponseUtil.unlogin();
}
...
}
```
如果检测`adminId`是null,则返回错误信息“管理员未登录”。
这里的安全基于Shiro。
#### 4.1.8.1 认证
#### 4.1.8.2 账号密码加盐
......@@ -120,12 +90,17 @@ public class AdminAddressController {
而如果用户采用了账号和密码的形式登录,那么后端需要把用户密码加盐。
#### 4.1.8.3 权限管理
### 4.1.9 定时任务
AdminOrderController类存在以下三个方法,其实是三个定时任务:
* checkOrderUnpaid
* checkOrderUnconfirm
* checkOrderComment
job子包存在以下定时任务:
* OrderJob类
* checkOrderUnpaid
* checkOrderUnconfirm
* checkOrderComment
* CouponJob类
* checkCouponExpired
注意:
> 虽然定时任务放在AdminOrderController类中,但是可能这里不是很合适,
......
litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/annotation/LoginAdmin.java deleted 100644 → 0
View file @ 457b7ad9
package org.linlinjava.litemall.admin.annotation;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
@Target(ElementType.PARAMETER)
@Retention(RetentionPolicy.RUNTIME)
public @interface LoginAdmin {
}
litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/annotation/support/LoginAdminHandlerMethodArgumentResolver.java deleted 100644 → 0
View file @ 457b7ad9
package org.linlinjava.litemall.admin.annotation.support;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.subject.Subject;
import org.linlinjava.litemall.admin.annotation.LoginAdmin;
import org.linlinjava.litemall.db.domain.LitemallAdmin;
import org.springframework.core.MethodParameter;
import org.springframework.web.bind.support.WebDataBinderFactory;
import org.springframework.web.context.request.NativeWebRequest;
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.method.support.ModelAndViewContainer;
public class LoginAdminHandlerMethodArgumentResolver implements HandlerMethodArgumentResolver {
@Override
public boolean supportsParameter(MethodParameter parameter) {
return parameter.getParameterType().isAssignableFrom(Integer.class) && parameter.hasParameterAnnotation(LoginAdmin.class);
}
@Override
public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer container,
NativeWebRequest request, WebDataBinderFactory factory) throws Exception {
Subject currentUser = SecurityUtils.getSubject();
LitemallAdmin admin = (LitemallAdmin) currentUser.getPrincipal();
if (admin == null) {
throw new AuthenticationException();
}
return admin.getId();
}
}
litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/config/AdminWebMvcConfigurer.java deleted 100644 → 0
View file @ 457b7ad9
package org.linlinjava.litemall.admin.config;
import org.linlinjava.litemall.admin.annotation.support.LoginAdminHandlerMethodArgumentResolver;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import java.util.List;
@Configuration
public class AdminWebMvcConfigurer implements WebMvcConfigurer {
@Override
public void addArgumentResolvers(List<HandlerMethodArgumentResolver> argumentResolvers) {
argumentResolvers.add(new LoginAdminHandlerMethodArgumentResolver());
}
}
litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/config/ShiroConfig.java
View file @ 835fd6f8
......@@ -11,6 +11,7 @@ import org.linlinjava.litemall.admin.shiro.AdminWebSessionManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;
import java.util.LinkedHashMap;
import java.util.Map;
......@@ -72,9 +73,9 @@ public class ShiroConfig {
}
@Bean
public static DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator() {
@DependsOn("lifecycleBeanPostProcessor")
public static DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
DefaultAdvisorAutoProxyCreator creator = new DefaultAdvisorAutoProxyCreator();
creator.setUsePrefix(true);
return creator;
}
}
litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminAdController.java
View file @ 835fd6f8
......@@ -2,7 +2,7 @@ package org.linlinjava.litemall.admin.web;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.linlinjava.litemall.admin.annotation.LoginAdmin;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.linlinjava.litemall.core.util.ResponseUtil;
import org.linlinjava.litemall.core.validator.Order;
import org.linlinjava.litemall.core.validator.Sort;
......@@ -27,9 +27,9 @@ public class AdminAdController {
@Autowired
private LitemallAdService adService;
@GetMapping("/list")
public Object list(@LoginAdmin Integer adminId,
String name, String content,
@RequiresPermissions("admin:ad:list")
@RequestMapping("/list")
public Object list(String name, String content,
@RequestParam(defaultValue = "1") Integer page,
@RequestParam(defaultValue = "10") Integer limit,
@Sort @RequestParam(defaultValue = "add_time") String sort,
......@@ -55,8 +55,9 @@ public class AdminAdController {
return null;
}
@RequiresPermissions("admin:ad:create")
@PostMapping("/create")
public Object create(@LoginAdmin Integer adminId, @RequestBody LitemallAd ad) {
public Object create(@RequestBody LitemallAd ad) {
Object error = validate(ad);
if (error != null) {
return error;
......@@ -65,14 +66,16 @@ public class AdminAdController {
return ResponseUtil.ok(ad);
}
@RequiresPermissions("admin:ad:read")
@GetMapping("/read")
public Object read(@LoginAdmin Integer adminId, @NotNull Integer id) {
public Object read(@NotNull Integer id) {
LitemallAd brand = adService.findById(id);
return ResponseUtil.ok(brand);
}
@RequiresPermissions("admin:ad:update")
@PostMapping("/update")
public Object update(@LoginAdmin Integer adminId, @RequestBody LitemallAd ad) {
public Object update(@RequestBody LitemallAd ad) {
Object error = validate(ad);
if (error != null) {
return error;
......@@ -84,8 +87,9 @@ public class AdminAdController {
return ResponseUtil.ok(ad);
}
@RequiresPermissions("admin:ad:delete")
@PostMapping("/delete")
public Object delete(@LoginAdmin Integer adminId, @RequestBody LitemallAd ad) {
public Object delete(@RequestBody LitemallAd ad) {
Integer id = ad.getId();
if (id == null) {
return ResponseUtil.badArgument();
......
litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminAddressController.java
View file @ 835fd6f8
......@@ -2,7 +2,7 @@ package org.linlinjava.litemall.admin.web;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.linlinjava.litemall.admin.annotation.LoginAdmin;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.linlinjava.litemall.core.util.ResponseUtil;
import org.linlinjava.litemall.core.validator.Order;
import org.linlinjava.litemall.core.validator.Sort;
......@@ -52,9 +52,9 @@ public class AdminAddressController {
return addressVo;
}
@RequiresPermissions("admin:address:list")
@GetMapping("/list")
public Object list(@LoginAdmin Integer adminId,
Integer userId, String name,
public Object list(Integer userId, String name,
@RequestParam(defaultValue = "1") Integer page,
@RequestParam(defaultValue = "10") Integer limit,
@Sort @RequestParam(defaultValue = "add_time") String sort,
......
litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminAdminController.java
View file @ 835fd6f8
......@@ -2,7 +2,7 @@ package org.linlinjava.litemall.admin.web;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.linlinjava.litemall.admin.annotation.LoginAdmin;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.linlinjava.litemall.core.util.RegexUtil;
import org.linlinjava.litemall.core.util.ResponseUtil;
import org.linlinjava.litemall.core.util.bcrypt.BCryptPasswordEncoder;
......@@ -16,7 +16,6 @@ import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.*;
import javax.validation.constraints.NotNull;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
......@@ -32,9 +31,9 @@ public class AdminAdminController {
@Autowired
private LitemallAdminService adminService;
@RequiresPermissions("admin:admin:list")
@GetMapping("/list")
public Object list(@LoginAdmin Integer adminId,
String username,
public Object list(String username,
@RequestParam(defaultValue = "1") Integer page,
@RequestParam(defaultValue = "10") Integer limit,
@Sort @RequestParam(defaultValue = "add_time") String sort,
......@@ -63,8 +62,9 @@ public class AdminAdminController {
return null;
}
@RequiresPermissions("admin:admin:create")
@PostMapping("/create")
public Object create(@LoginAdmin Integer adminId, @RequestBody LitemallAdmin admin) {
public Object create(@RequestBody LitemallAdmin admin) {
Object error = validate(admin);
if (error != null) {
return error;
......@@ -84,14 +84,16 @@ public class AdminAdminController {
return ResponseUtil.ok(admin);
}
@RequiresPermissions("admin:admin:read")
@GetMapping("/read")
public Object read(@LoginAdmin Integer adminId, @NotNull Integer id) {
public Object read(@NotNull Integer id) {
LitemallAdmin admin = adminService.findById(id);
return ResponseUtil.ok(admin);
}
@RequiresPermissions("admin:admin:update")
@PostMapping("/update")
public Object update(@LoginAdmin Integer adminId, @RequestBody LitemallAdmin admin) {
public Object update(@RequestBody LitemallAdmin admin) {
Object error = validate(admin);
if (error != null) {
return error;
......@@ -114,8 +116,9 @@ public class AdminAdminController {
return ResponseUtil.ok(admin);
}
@RequiresPermissions("admin:admin:delete")
@PostMapping("/delete")
public Object delete(@LoginAdmin Integer adminId, @RequestBody LitemallAdmin admin) {
public Object delete(@RequestBody LitemallAdmin admin) {
Integer anotherAdminId = admin.getId();
if (anotherAdminId == null) {
return ResponseUtil.badArgument();
......
litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminAuthController.java
View file @ 835fd6f8
......@@ -3,9 +3,12 @@ package org.linlinjava.litemall.admin.web;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.annotation.RequiresAuthentication;
import org.apache.shiro.subject.Subject;
import org.linlinjava.litemall.admin.annotation.LoginAdmin;
import org.linlinjava.litemall.core.util.JacksonUtil;
import org.linlinjava.litemall.core.util.ResponseUtil;
import org.linlinjava.litemall.db.domain.LitemallAdmin;
......@@ -60,20 +63,20 @@ public class AdminAuthController {
/*
*
*/
@RequiresAuthentication
@PostMapping("/logout")
public Object login(@LoginAdmin Integer adminId) {
public Object login() {
Subject currentUser = SecurityUtils.getSubject();
currentUser.logout();
return ResponseUtil.ok();
}
@RequiresAuthentication
@GetMapping("/info")
public Object info(@LoginAdmin Integer adminId) {
LitemallAdmin admin = adminService.findById(adminId);
if (admin == null) {
return ResponseUtil.badArgumentValue();
}
public Object info() {
Subject currentUser = SecurityUtils.getSubject();
LitemallAdmin admin = (LitemallAdmin) currentUser.getPrincipal();
Map<String, Object> data = new HashMap<>();
data.put("name", admin.getUsername());
......@@ -83,6 +86,7 @@ public class AdminAuthController {
List<String> roles = new ArrayList<>();
roles.add("admin");
data.put("roles", roles);
data.put("perms", "*");
data.put("introduction", "admin introduction");
return ResponseUtil.ok(data);
}
......
litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminBrandController.java
View file @ 835fd6f8
......@@ -2,7 +2,7 @@ package org.linlinjava.litemall.admin.web;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.linlinjava.litemall.admin.annotation.LoginAdmin;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.linlinjava.litemall.core.util.ResponseUtil;
import org.linlinjava.litemall.core.validator.Order;
import org.linlinjava.litemall.core.validator.Sort;
......@@ -28,9 +28,9 @@ public class AdminBrandController {
@Autowired
private LitemallBrandService brandService;
@RequiresPermissions("admin:brand:list")
@GetMapping("/list")
public Object list(@LoginAdmin Integer adminId,
String id, String name,
public Object list(String id, String name,
@RequestParam(defaultValue = "1") Integer page,
@RequestParam(defaultValue = "10") Integer limit,
@Sort @RequestParam(defaultValue = "add_time") String sort,
......@@ -62,8 +62,9 @@ public class AdminBrandController {
return null;
}
@RequiresPermissions("admin:brand:create")
@PostMapping("/create")
public Object create(@LoginAdmin Integer adminId, @RequestBody LitemallBrand brand) {
public Object create(@RequestBody LitemallBrand brand) {
Object error = validate(brand);
if (error != null) {
return error;
......@@ -72,14 +73,16 @@ public class AdminBrandController {
return ResponseUtil.ok(brand);
}
@RequiresPermissions("admin:brand:read")
@GetMapping("/read")
public Object read(@LoginAdmin Integer adminId, @NotNull Integer id) {
public Object read(@NotNull Integer id) {
LitemallBrand brand = brandService.findById(id);
return ResponseUtil.ok(brand);
}
@RequiresPermissions("admin:brand:update")
@PostMapping("/update")
public Object update(@LoginAdmin Integer adminId, @RequestBody LitemallBrand brand) {
public Object update(@RequestBody LitemallBrand brand) {
Object error = validate(brand);
if (error != null) {
return error;
......@@ -90,8 +93,9 @@ public class AdminBrandController {
return ResponseUtil.ok(brand);
}
@RequiresPermissions("admin:brand:delete")
@PostMapping("/delete")
public Object delete(@LoginAdmin Integer adminId, @RequestBody LitemallBrand brand) {
public Object delete(@RequestBody LitemallBrand brand) {
Integer id = brand.getId();
if (id == null) {
return ResponseUtil.badArgument();
......
litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminCategoryController.java
View file @ 835fd6f8
......@@ -2,7 +2,7 @@ package org.linlinjava.litemall.admin.web;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.linlinjava.litemall.admin.annotation.LoginAdmin;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.linlinjava.litemall.core.util.ResponseUtil;
import org.linlinjava.litemall.core.validator.Order;
import org.linlinjava.litemall.core.validator.Sort;
......@@ -28,9 +28,9 @@ public class AdminCategoryController {
@Autowired
private LitemallCategoryService categoryService;
@RequiresPermissions("admin:category:list")
@GetMapping("/list")
public Object list(@LoginAdmin Integer adminId,
String id, String name,
public Object list(String id, String name,
@RequestParam(defaultValue = "1") Integer page,
@RequestParam(defaultValue = "10") Integer limit,
@Sort @RequestParam(defaultValue = "add_time") String sort,
......@@ -66,8 +66,9 @@ public class AdminCategoryController {
return null;
}
@RequiresPermissions("admin:category:create")
@PostMapping("/create")
public Object create(@LoginAdmin Integer adminId, @RequestBody LitemallCategory category) {
public Object create(@RequestBody LitemallCategory category) {
Object error = validate(category);
if (error != null) {
return error;
......@@ -76,14 +77,16 @@ public class AdminCategoryController {
return ResponseUtil.ok(category);
}
@RequiresPermissions("admin:category:read")
@GetMapping("/read")
public Object read(@LoginAdmin Integer adminId, @NotNull Integer id) {
public Object read(@NotNull Integer id) {
LitemallCategory category = categoryService.findById(id);
return ResponseUtil.ok(category);
}
@RequiresPermissions("admin:category:update")
@PostMapping("/update")
public Object update(@LoginAdmin Integer adminId, @RequestBody LitemallCategory category) {
public Object update(@RequestBody LitemallCategory category) {
Object error = validate(category);
if (error != null) {
return error;
......@@ -95,8 +98,9 @@ public class AdminCategoryController {
return ResponseUtil.ok();
}
@RequiresPermissions("admin:category:delete")
@PostMapping("/delete")
public Object delete(@LoginAdmin Integer adminId, @RequestBody LitemallCategory category) {
public Object delete(@RequestBody LitemallCategory category) {
Integer id = category.getId();
if (id == null) {
return ResponseUtil.badArgument();
......@@ -105,8 +109,9 @@ public class AdminCategoryController {
return ResponseUtil.ok();
}
@RequiresPermissions("admin:category:list")
@GetMapping("/l1")
public Object catL1(@LoginAdmin Integer adminId) {
public Object catL1() {
// 所有一级分类目录
List<LitemallCategory> l1CatList = categoryService.queryL1();
List<Map<String, Object>> data = new ArrayList<>(l1CatList.size());
......
litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminCollectController.java
View file @ 835fd6f8
......@@ -2,7 +2,7 @@ package org.linlinjava.litemall.admin.web;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.linlinjava.litemall.admin.annotation.LoginAdmin;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.linlinjava.litemall.core.util.ResponseUtil;
import org.linlinjava.litemall.core.validator.Order;
import org.linlinjava.litemall.core.validator.Sort;
......@@ -28,9 +28,10 @@ public class AdminCollectController {
@Autowired
private LitemallCollectService collectService;
@RequiresPermissions("admin:collect:list")
@GetMapping("/list")
public Object list(@LoginAdmin Integer adminId,
String userId, String valueId,
public Object list(String userId, String valueId,
@RequestParam(defaultValue = "1") Integer page,
@RequestParam(defaultValue = "10") Integer limit,
@Sort @RequestParam(defaultValue = "add_time") String sort,
......
litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminCommentController.java
View file @ 835fd6f8
......@@ -2,7 +2,7 @@ package org.linlinjava.litemall.admin.web;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.linlinjava.litemall.admin.annotation.LoginAdmin;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.linlinjava.litemall.core.util.ResponseUtil;
import org.linlinjava.litemall.core.validator.Order;
import org.linlinjava.litemall.core.validator.Sort;
......@@ -25,9 +25,9 @@ public class AdminCommentController {
@Autowired
private LitemallCommentService commentService;
@RequiresPermissions("admin:comment:list")
@GetMapping("/list")
public Object list(@LoginAdmin Integer adminId,
String userId, String valueId,
public Object list(String userId, String valueId,
@RequestParam(defaultValue = "1") Integer page,
@RequestParam(defaultValue = "10") Integer limit,
@Sort @RequestParam(defaultValue = "add_time") String sort,
......@@ -41,8 +41,9 @@ public class AdminCommentController {
return ResponseUtil.ok(data);
}
@RequiresPermissions("admin:comment:delete")
@PostMapping("/delete")
public Object delete(@LoginAdmin Integer adminId, @RequestBody LitemallComment comment) {
public Object delete(@RequestBody LitemallComment comment) {
Integer id = comment.getId();
if (id == null) {
return ResponseUtil.badArgument();
......
litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminCouponController.java
View file @ 835fd6f8
......@@ -2,16 +2,14 @@ package org.linlinjava.litemall.admin.web;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.linlinjava.litemall.admin.annotation.LoginAdmin;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.linlinjava.litemall.core.util.ResponseUtil;
import org.linlinjava.litemall.core.validator.Order;
import org.linlinjava.litemall.core.validator.Sort;
import org.linlinjava.litemall.db.domain.LitemallCoupon;
import org.linlinjava.litemall.db.domain.LitemallCouponUser;
import org.linlinjava.litemall.db.domain.LitemallTopic;
import org.linlinjava.litemall.db.service.LitemallCouponService;
import org.linlinjava.litemall.db.service.LitemallCouponUserService;
import org.linlinjava.litemall.db.service.LitemallTopicService;
import org.linlinjava.litemall.db.util.CouponConstant;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.util.StringUtils;
......@@ -34,9 +32,9 @@ public class AdminCouponController {
@Autowired
private LitemallCouponUserService couponUserService;
@RequiresPermissions("admin:coupon:list")
@GetMapping("/list")
public Object list(@LoginAdmin Integer adminId,
String name, Short type, Short status,
public Object list(String name, Short type, Short status,
@RequestParam(defaultValue = "1") Integer page,
@RequestParam(defaultValue = "10") Integer limit,
@Sort @RequestParam(defaultValue = "add_time") String sort,
......@@ -50,9 +48,9 @@ public class AdminCouponController {
return ResponseUtil.ok(data);
}
@RequiresPermissions("admin:coupon:list")
@GetMapping("/listuser")
public Object listuser(@LoginAdmin Integer adminId,
Integer userId, Integer couponId, Short status,
public Object listuser(Integer userId, Integer couponId, Short status,
@RequestParam(defaultValue = "1") Integer page,
@RequestParam(defaultValue = "10") Integer limit,
@Sort @RequestParam(defaultValue = "add_time") String sort,
......@@ -74,8 +72,9 @@ public class AdminCouponController {
return null;
}
@RequiresPermissions("admin:coupon:create")
@PostMapping("/create")
public Object create(@LoginAdmin Integer adminId, @RequestBody LitemallCoupon coupon) {
public Object create(@RequestBody LitemallCoupon coupon) {
Object error = validate(coupon);
if (error != null) {
return error;
......@@ -91,14 +90,16 @@ public class AdminCouponController {
return ResponseUtil.ok(coupon);
}
@RequiresPermissions("admin:coupon:read")
@GetMapping("/read")
public Object read(@LoginAdmin Integer adminId, @NotNull Integer id) {
public Object read(@NotNull Integer id) {
LitemallCoupon coupon = couponService.findById(id);
return ResponseUtil.ok(coupon);
}
@RequiresPermissions("admin:coupon:update")
@PostMapping("/update")
public Object update(@LoginAdmin Integer adminId, @RequestBody LitemallCoupon coupon) {
public Object update(@RequestBody LitemallCoupon coupon) {
Object error = validate(coupon);
if (error != null) {
return error;
......@@ -109,8 +110,9 @@ public class AdminCouponController {
return ResponseUtil.ok(coupon);
}
@RequiresPermissions("admin:coupon:delete")
@PostMapping("/delete")
public Object delete(@LoginAdmin Integer adminId, @RequestBody LitemallCoupon coupon) {
public Object delete(@RequestBody LitemallCoupon coupon) {
couponService.deleteById(coupon.getId());
return ResponseUtil.ok();
}
......
litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminDashbordController.java
View file @ 835fd6f8
......@@ -2,7 +2,7 @@ package org.linlinjava.litemall.admin.web;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.linlinjava.litemall.admin.annotation.LoginAdmin;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.linlinjava.litemall.core.util.ResponseUtil;
import org.linlinjava.litemall.db.service.LitemallGoodsProductService;
import org.linlinjava.litemall.db.service.LitemallGoodsService;
......@@ -32,8 +32,9 @@ public class AdminDashbordController {
@Autowired
private LitemallOrderService orderService;
@RequiresPermissions("admin:dashboard:info")
@GetMapping("")
public Object info(@LoginAdmin Integer adminId) {
public Object info() {
int userTotal = userService.count();
int goodsTotal = goodsService.count();
int productTotal = productService.count();
......
litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminFeedbackController.java
View file @ 835fd6f8
......@@ -2,7 +2,7 @@ package org.linlinjava.litemall.admin.web;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.linlinjava.litemall.admin.annotation.LoginAdmin;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.linlinjava.litemall.core.util.ResponseUtil;
import org.linlinjava.litemall.core.validator.Order;
import org.linlinjava.litemall.core.validator.Sort;
......@@ -32,9 +32,9 @@ public class AdminFeedbackController {
@Autowired
private LitemallFeedbackService feedbackService;
@RequiresPermissions("admin:feedback:list")
@GetMapping("/list")
public Object list(@LoginAdmin Integer adminId,
Integer userId, String username,
public Object list(Integer userId, String username,
@RequestParam(defaultValue = "1") Integer page,
@RequestParam(defaultValue = "10") Integer limit,
@Sort @RequestParam(defaultValue = "add_time") String sort,
......
litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminFootprintController.java
View file @ 835fd6f8
......@@ -2,7 +2,7 @@ package org.linlinjava.litemall.admin.web;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.linlinjava.litemall.admin.annotation.LoginAdmin;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.linlinjava.litemall.core.util.ResponseUtil;
import org.linlinjava.litemall.core.validator.Order;
import org.linlinjava.litemall.core.validator.Sort;
......@@ -28,9 +28,9 @@ public class AdminFootprintController {
@Autowired
private LitemallFootprintService footprintService;
@RequiresPermissions("admin:footprint:list")
@GetMapping("/list")
public Object list(@LoginAdmin Integer adminId,
String userId, String goodsId,
public Object list(String userId, String goodsId,
@RequestParam(defaultValue = "1") Integer page,
@RequestParam(defaultValue = "10") Integer limit,
@Sort @RequestParam(defaultValue = "add_time") String sort,
......
litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminGoodsController.java
View file @ 835fd6f8
......@@ -2,7 +2,7 @@ package org.linlinjava.litemall.admin.web;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.linlinjava.litemall.admin.annotation.LoginAdmin;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.linlinjava.litemall.admin.dao.GoodsAllinone;
import org.linlinjava.litemall.admin.util.CatVo;
import org.linlinjava.litemall.core.qcode.QCodeService;
......@@ -59,9 +59,9 @@ public class AdminGoodsController {
@Autowired
private QCodeService qCodeService;
@RequiresPermissions("admin:goods:list")
@GetMapping("/list")
public Object list(@LoginAdmin Integer adminId,
String goodsSn, String name,
public Object list(String goodsSn, String name,
@RequestParam(defaultValue = "1") Integer page,
@RequestParam(defaultValue = "10") Integer limit,
@Sort @RequestParam(defaultValue = "add_time") String sort,
......@@ -161,8 +161,9 @@ public class AdminGoodsController {
* 因此这里会拒绝管理员编辑商品,如果订单或购物车中存在商品。
* 所以这里可能需要重新设计。
*/
@RequiresPermissions("admin:goods:update")
@PostMapping("/update")
public Object update(@LoginAdmin Integer adminId, @RequestBody GoodsAllinone goodsAllinone) {
public Object update(@RequestBody GoodsAllinone goodsAllinone) {
Object error = validate(goodsAllinone);
if (error != null) {
return error;
......@@ -232,8 +233,9 @@ public class AdminGoodsController {
return ResponseUtil.ok();
}
@RequiresPermissions("admin:goods:delete")
@PostMapping("/delete")
public Object delete(@LoginAdmin Integer adminId, @RequestBody LitemallGoods goods) {
public Object delete(@RequestBody LitemallGoods goods) {
Integer id = goods.getId();
if (id == null) {
return ResponseUtil.badArgument();
......@@ -259,8 +261,9 @@ public class AdminGoodsController {
return ResponseUtil.ok();
}
@RequiresPermissions("admin:goods:create")
@PostMapping("/create")
public Object create(@LoginAdmin Integer adminId, @RequestBody GoodsAllinone goodsAllinone) {
public Object create(@RequestBody GoodsAllinone goodsAllinone) {
Object error = validate(goodsAllinone);
if (error != null) {
return error;
......@@ -321,9 +324,9 @@ public class AdminGoodsController {
return ResponseUtil.ok();
}
@RequiresPermissions("admin:goods:list")
@GetMapping("/catAndBrand")
public Object list2(@LoginAdmin Integer adminId) {
public Object list2() {
// http://element-cn.eleme.io/#/zh-CN/component/cascader
// 管理员设置“所属分类”
List<LitemallCategory> l1CatList = categoryService.queryL1();
......@@ -364,8 +367,9 @@ public class AdminGoodsController {
return ResponseUtil.ok(data);
}
@RequiresPermissions("admin:goods:read")
@GetMapping("/detail")
public Object detail(@LoginAdmin Integer adminId, @NotNull Integer id) {
public Object detail(@NotNull Integer id) {
LitemallGoods goods = goodsService.findById(id);
List<LitemallGoodsProduct> products = productService.queryByGid(id);
List<LitemallGoodsSpecification> specifications = specificationService.queryByGid(id);
......
litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminGrouponController.java
View file @ 835fd6f8
......@@ -2,7 +2,7 @@ package org.linlinjava.litemall.admin.web;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.linlinjava.litemall.admin.annotation.LoginAdmin;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.linlinjava.litemall.core.util.ResponseUtil;
import org.linlinjava.litemall.core.validator.Order;
import org.linlinjava.litemall.core.validator.Sort;
......@@ -36,9 +36,9 @@ public class AdminGrouponController {
@Autowired
private LitemallGrouponService grouponService;
@RequiresPermissions("admin:groupon:read")
@GetMapping("/listRecord")
public Object listRecord(@LoginAdmin Integer adminId,
String grouponId,
public Object listRecord(String grouponId,
@RequestParam(defaultValue = "1") Integer page,
@RequestParam(defaultValue = "10") Integer limit,
@Sort @RequestParam(defaultValue = "add_time") String sort,
......@@ -72,9 +72,9 @@ public class AdminGrouponController {
return ResponseUtil.ok(data);
}
@RequiresPermissions("admin:groupon:delete")
@GetMapping("/list")
public Object list(@LoginAdmin Integer adminId,
String goodsId,
public Object list(String goodsId,
@RequestParam(defaultValue = "1") Integer page,
@RequestParam(defaultValue = "10") Integer limit,
@Sort @RequestParam(defaultValue = "add_time") String sort,
......@@ -109,8 +109,9 @@ public class AdminGrouponController {
return null;
}
@RequiresPermissions("admin:groupon:update")
@PostMapping("/update")
public Object update(@LoginAdmin Integer adminId, @RequestBody LitemallGrouponRules grouponRules) {
public Object update(@RequestBody LitemallGrouponRules grouponRules) {
Object error = validate(grouponRules);
if (error != null) {
return error;
......@@ -132,9 +133,9 @@ public class AdminGrouponController {
return ResponseUtil.ok();
}
@RequiresPermissions("admin:groupon:create")
@PostMapping("/create")
public Object create(@LoginAdmin Integer adminId, @RequestBody LitemallGrouponRules grouponRules) {
public Object create(@RequestBody LitemallGrouponRules grouponRules) {
Object error = validate(grouponRules);
if (error != null) {
return error;
......@@ -154,9 +155,9 @@ public class AdminGrouponController {
return ResponseUtil.ok(grouponRules);
}
@RequiresPermissions("admin:groupon:delete")
@PostMapping("/delete")
public Object delete(@LoginAdmin Integer adminId, @RequestBody LitemallGrouponRules grouponRules) {
public Object delete(@RequestBody LitemallGrouponRules grouponRules) {
Integer id = grouponRules.getId();
if (id == null) {
return ResponseUtil.badArgument();
......
litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminHistoryController.java
View file @ 835fd6f8
......@@ -2,7 +2,7 @@ package org.linlinjava.litemall.admin.web;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.linlinjava.litemall.admin.annotation.LoginAdmin;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.linlinjava.litemall.core.util.ResponseUtil;
import org.linlinjava.litemall.core.validator.Order;
import org.linlinjava.litemall.core.validator.Sort;
......@@ -26,9 +26,9 @@ public class AdminHistoryController {
@Autowired
private LitemallSearchHistoryService searchHistoryService;
@RequiresPermissions("admin:history:list")
@GetMapping("/list")
public Object list(@LoginAdmin Integer adminId,
String userId, String keyword,
public Object list(String userId, String keyword,
@RequestParam(defaultValue = "1") Integer page,
@RequestParam(defaultValue = "10") Integer limit,
@Sort @RequestParam(defaultValue = "add_time") String sort,
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment