fix[litemall-admin, litemall-admin-api]: 修复后台系统角色权限传递问题 #403

litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminRoleController.java

 package org.linlinjava.litemall.admin.web;
 
+import io.swagger.models.auth.In;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
+import org.apache.shiro.subject.Subject;
 import org.linlinjava.litemall.admin.annotation.RequiresPermissionsDesc;
 import org.linlinjava.litemall.admin.util.AdminResponseCode;
 import org.linlinjava.litemall.admin.util.Permission;
@@ -25,10 +28,10 @@ import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
 import javax.validation.constraints.NotNull;
+import java.security.Security;
 import java.util.*;
 
-import static org.linlinjava.litemall.admin.util.AdminResponseCode.ROLE_NAME_EXIST;
-import static org.linlinjava.litemall.admin.util.AdminResponseCode.ROLE_USER_EXIST;
+import static org.linlinjava.litemall.admin.util.AdminResponseCode.*;
 
 @RestController
 @RequestMapping("/admin/role")
@@ -159,15 +162,15 @@ public class AdminRoleController {
         return systemPermissions;
     }
 
-    private Set<String> getAssignedPermissions(Integer roleId) {
+    private Set<String> getAssignedPermissions(List<Integer> roleIds) {
         // 这里需要注意的是，如果存在超级权限*，那么这里需要转化成当前所有系统权限。
         // 之所以这么做，是因为前端不能识别超级权限，所以这里需要转换一下。
         Set<String> assignedPermissions = null;
-        if (permissionService.checkSuperPermission(roleId)) {
+        if (permissionService.checkSuperPermission(roleIds)) {
             getSystemPermissions();
             assignedPermissions = systemPermissionsString;
         } else {
-            assignedPermissions = permissionService.queryByRoleId(roleId);
+            assignedPermissions = permissionService.queryByRoleId(roleIds);
         }
 
         return assignedPermissions;
@@ -176,18 +179,38 @@ public class AdminRoleController {
     /**
      * 管理员的权限情况
      *
-     * @return 系统所有权限列表和管理员已分配权限
+     * @return 系统所有权限列表、角色权限、管理员已分配权限
      */
     @RequiresPermissions("admin:role:permission:get")
     @RequiresPermissionsDesc(menu = {"系统管理", "角色管理"}, button = "权限详情")
     @GetMapping("/permissions")
     public Object getPermissions(Integer roleId) {
         List<PermVo> systemPermissions = getSystemPermissions();
-        Set<String> assignedPermissions = getAssignedPermissions(roleId);
+
+        // 这里需要注意的是，如果存在超级权限*，那么这里需要转化成当前所有系统权限。
+        // 之所以这么做，是因为前端不能识别超级权限，所以这里需要转换一下。
+        Set<String> assignedPermissions = null;
+        if (permissionService.checkSuperPermission(roleId)) {
+            getSystemPermissions();
+            assignedPermissions = systemPermissionsString;
+        } else {
+            assignedPermissions = permissionService.queryByRoleId(roleId);
+        }
+
+        Subject currentUser = SecurityUtils.getSubject();
+        LitemallAdmin currentAdmin = (LitemallAdmin) currentUser.getPrincipal();
+        Integer[] roles = currentAdmin.getRoleIds();
+        List<Integer> roleIds = Arrays.asList(roles);
+        Set<String> curPermissions = null;
+        if (!permissionService.checkSuperPermission(roleIds)) {
+            curPermissions = permissionService.queryByRoleId(roleIds);
+        }
+
 
         Map<String, Object> data = new HashMap<>();
         data.put("systemPermissions", systemPermissions);
         data.put("assignedPermissions", assignedPermissions);
+        data.put("curPermissions", curPermissions);
         return ResponseUtil.ok(data);
     }
 

litemall-admin/src/views/sys/role.vue

@@ -225,6 +225,25 @@ export default {
         .then(response => {
           this.systemPermissions = response.data.data.systemPermissions
           this.assignedPermissions = response.data.data.assignedPermissions
+          var _curPermissions = response.data.data.curPermissions
+          if (_curPermissions) {
+            var _map = {}
+            _curPermissions.forEach(r => {
+              _map[r] = true
+            })
+
+            this.systemPermissions.forEach(i => {
+              i.children.forEach(j => {
+                j.children.forEach(k => {
+                  if (_map[k.id]) {
+                    k.disabled = false
+                  } else {
+                    k.disabled = true
+                  }
+                })
+              })
+            })
+          }
         })
     },
     updatePermission() {

litemall-db/src/main/java/org/linlinjava/litemall/db/service/LitemallPermissionService.java

@@ -55,6 +55,23 @@ public class LitemallPermissionService {
         return permissions;
     }
 
+    public Set<String> queryByRoleId(List<Integer> roleIds) {
+        Set<String> permissions = new HashSet<String>();
+        if(roleIds == null || roleIds.isEmpty()){
+            return permissions;
+        }
+
+        LitemallPermissionExample example = new LitemallPermissionExample();
+        example.or().andRoleIdIn(roleIds).andDeletedEqualTo(false);
+        List<LitemallPermission> permissionList = permissionMapper.selectByExample(example);
+
+        for(LitemallPermission permission : permissionList){
+            permissions.add(permission.getPermission());
+        }
+
+        return permissions;
+    }
+
     public boolean checkSuperPermission(Integer roleId) {
         if(roleId == null){
             return false;
@@ -65,6 +82,16 @@ public class LitemallPermissionService {
         return permissionMapper.countByExample(example) != 0;
     }
 
+    public boolean checkSuperPermission(List<Integer> roleIds) {
+        if(roleIds == null || roleIds.isEmpty()){
+            return false;
+        }
+
+        LitemallPermissionExample example = new LitemallPermissionExample();
+        example.or().andRoleIdIn(roleIds).andPermissionEqualTo("*").andDeletedEqualTo(false);
+        return permissionMapper.countByExample(example) != 0;
+    }
+
     public void deleteByRoleId(Integer roleId) {
         LitemallPermissionExample example = new LitemallPermissionExample();
         example.or().andRoleIdEqualTo(roleId).andDeletedEqualTo(false);