权限

src/main/java/com/izouma/awesomeAdmin/enums/AuthorityName.java

@@ -0,0 +1,16 @@
+package com.izouma.awesomeAdmin.enums;
+
+public enum AuthorityName {
+    ROLE_USER("普通用户"),
+    ROLE_DEV("开发者"),
+    ROLE_ADMIN("管理员");
+    private final String description;
+
+    AuthorityName(String description) {
+        this.description = description;
+    }
+
+    public String getDescription() {
+        return description;
+    }
+}

src/main/java/com/izouma/awesomeAdmin/security/Authority.java

@@ -1,6 +1,7 @@
 package com.izouma.awesomeAdmin.security;
 
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.izouma.awesomeAdmin.enums.AuthorityName;
 import lombok.AllArgsConstructor;
 import lombok.Builder;
 import lombok.Data;
@@ -19,8 +20,9 @@ import java.util.Objects;
 @Builder
 @JsonIgnoreProperties(ignoreUnknown = true)
 public class Authority implements Serializable {
-    public enum NAMES {
-        ROLE_USER, ROLE_DEV, ROLE_ADMIN
+
+    public static Authority get(AuthorityName name) {
+        return new Authority(name.name(), name.getDescription());
     }
 
     @Id
@@ -29,6 +31,11 @@ public class Authority implements Serializable {
     @Column(length = 50)
     private String name;
 
+    @Column(length = 50)
+    @Size(max = 50)
+    @NotNull
+    private String description;
+
     @Override
     public boolean equals(Object o) {
         if (this == o) {

src/main/java/com/izouma/awesomeAdmin/service/UserService.java

@@ -21,6 +21,7 @@ import me.chanjar.weixin.mp.api.WxMpService;
 import me.chanjar.weixin.mp.bean.result.WxMpOAuth2AccessToken;
 import me.chanjar.weixin.mp.bean.result.WxMpUser;
 import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.data.domain.Page;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.stereotype.Service;
@@ -43,6 +44,13 @@ public class UserService {
         return userRepo.findAll(JpaUtils.toSpecification(pageQuery, User.class), JpaUtils.toPageRequest(pageQuery));
     }
 
+    public User create(User user) {
+        if (StringUtils.isNotBlank(user.getPassword())) {
+            user.setPassword(new BCryptPasswordEncoder().encode(user.getPassword()));
+        }
+        return userRepo.save(user);
+    }
+
     public User loginByPhone(String phone) {
         return userRepo.findByPhone(phone);
     }

src/main/java/com/izouma/awesomeAdmin/web/AuthenticationController.java

@@ -1,9 +1,10 @@
 package com.izouma.awesomeAdmin.web;
 
 import com.izouma.awesomeAdmin.domain.User;
+import com.izouma.awesomeAdmin.enums.AuthorityName;
 import com.izouma.awesomeAdmin.exception.AuthenticationException;
 import com.izouma.awesomeAdmin.security.JwtTokenUtil;
-import com.izouma.awesomeAdmin.security.JwtUserDetailsService;
+import com.izouma.awesomeAdmin.security.JwtUser;
 import com.izouma.awesomeAdmin.security.JwtUserFactory;
 import com.izouma.awesomeAdmin.service.UserService;
 import io.swagger.annotations.ApiOperation;
@@ -13,8 +14,8 @@ import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.DisabledException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
@@ -26,21 +27,25 @@ import java.util.Objects;
 @RestController
 @RequestMapping("/auth")
 public class AuthenticationController {
-    private AuthenticationManager authenticationManager;
-    private JwtTokenUtil          jwtTokenUtil;
-    private JwtUserDetailsService userDetailsService;
-    private UserService           userService;
+    private final AuthenticationManager authenticationManager;
+    private final JwtTokenUtil          jwtTokenUtil;
+    private final UserService           userService;
 
     @PostMapping("/login")
     public String loginByUserPwd(String username, String password, Integer expiration) {
-        try {
-            authenticate(username, password);
-            final UserDetails userDetails = userDetailsService.loadUserByUsername(username);
-            return jwtTokenUtil.generateToken(userDetails);
-        } catch (Exception e) {
-            log.error("loginByUserPwd", e);
-            throw new AuthenticationException("用户名或密码错误", e);
+        Authentication authentication = authenticate(username, password);
+        JwtUser jwtUser = (JwtUser) authentication.getPrincipal();
+        return jwtTokenUtil.generateToken(jwtUser);
+    }
+
+    @PostMapping("/loginAdmin")
+    public String loginByUserPwdAdmin(String username, String password, Integer expiration) {
+        Authentication authentication = authenticate(username, password);
+        if (!authentication.getAuthorities().contains(new SimpleGrantedAuthority(AuthorityName.ROLE_ADMIN.name()))) {
+            throw new AuthenticationException("禁止登录", null);
         }
+        JwtUser jwtUser = (JwtUser) authentication.getPrincipal();
+        return jwtTokenUtil.generateToken(jwtUser);
     }
 
     @PostMapping("/phoneLogin")
@@ -81,16 +86,18 @@ public class AuthenticationController {
 
     /**
      * Authenticates the user. If something is wrong, an {@link AuthenticationException} will be thrown
+     *
+     * @return Authentication
      */
-    private void authenticate(String username, String password) {
+    private Authentication authenticate(String username, String password) {
         Objects.requireNonNull(username);
         Objects.requireNonNull(password);
         try {
-            authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, password));
+            return authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, password));
         } catch (DisabledException e) {
-            throw new AuthenticationException("User is disabled!", e);
+            throw new AuthenticationException("禁止登录", e);
         } catch (BadCredentialsException e) {
-            throw new AuthenticationException("Bad credentials!", e);
+            throw new AuthenticationException("用户名或密码错误", e);
         }
     }
 }

src/main/java/com/izouma/awesomeAdmin/web/DistrictController.java

@@ -2,6 +2,7 @@ package com.izouma.awesomeAdmin.web;
 
 import com.izouma.awesomeAdmin.domain.District;
 import com.izouma.awesomeAdmin.dto.PageQuery;
+import com.izouma.awesomeAdmin.enums.DistrictLevel;
 import com.izouma.awesomeAdmin.exception.BusinessException;
 import com.izouma.awesomeAdmin.repo.DistrictRepo;
 import com.izouma.awesomeAdmin.service.DistrictService;
@@ -19,42 +20,13 @@ import java.util.List;
 @RequestMapping("/district")
 @AllArgsConstructor
 public class DistrictController extends BaseController {
-    private DistrictService districtService;
-    private DistrictRepo    districtRepo;
+    private final DistrictService districtService;
 
-    //@PreAuthorize("hasRole('ADMIN')")
-    @PostMapping("/save")
-    public District save(@RequestBody District record) {
-        if (record.getId() != null) {
-            District orig = districtRepo.findById(record.getId()).orElseThrow(new BusinessException("无记录"));
-            ObjUtils.merge(orig, record);
-            return districtRepo.save(orig);
-        }
-        return districtRepo.save(record);
-    }
-
-
-    //@PreAuthorize("hasRole('ADMIN')")
-    @GetMapping("/all")
-    public Page<District> all(PageQuery pageQuery) {
-        return districtService.all(pageQuery);
-    }
-
-    @GetMapping("/get/{id}")
-    public District get(@PathVariable Long id) {
-        return districtRepo.findById(id).orElseThrow(new BusinessException("无记录"));
-    }
-
-    @PostMapping("/del/{id}")
-    public void del(@PathVariable Long id) {
-        districtRepo.deleteById(id);
-    }
-
-    @GetMapping("/excel")
-    @ResponseBody
-    public void excel(HttpServletResponse response, PageQuery pageQuery) throws IOException {
-        List<District> data = all(pageQuery).getContent();
-        ExcelUtils.export(response, data);
+    @GetMapping({"/", ""})
+    public List<District> get(@RequestParam(required = false) DistrictLevel level,
+                              @RequestParam(required = false) DistrictLevel maxLevel,
+                              @RequestParam(required = false) Long parent) {
+        return districtService.get(level, maxLevel, parent);
     }
 }
 

src/main/java/com/izouma/awesomeAdmin/web/UserController.java

@@ -2,6 +2,7 @@ package com.izouma.awesomeAdmin.web;
 
 import com.izouma.awesomeAdmin.domain.User;
 import com.izouma.awesomeAdmin.dto.PageQuery;
+import com.izouma.awesomeAdmin.enums.AuthorityName;
 import com.izouma.awesomeAdmin.exception.BusinessException;
 import com.izouma.awesomeAdmin.repo.UserRepo;
 import com.izouma.awesomeAdmin.security.Authority;
@@ -20,7 +21,6 @@ import org.springframework.web.bind.annotation.*;
 
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
-import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
 
@@ -40,9 +40,15 @@ public class UserController extends BaseController {
                 .nickname(username)
                 .password(new BCryptPasswordEncoder().encode(password))
                 .enabled(true)
-                .authorities(Collections.singleton(new Authority(Authority.NAMES.ROLE_USER.name())))
+                .authorities(Collections.singleton(Authority.get(AuthorityName.ROLE_USER)))
                 .build();
-        return userRepo.save(user);
+        return userService.create(user);
+    }
+
+    @PreAuthorize("hasRole('ADMIN')")
+    @PostMapping("/create")
+    public User create(@RequestBody User user) {
+        return userService.create(user);
     }
 
     @PreAuthorize("hasRole('ADMIN')")
@@ -62,6 +68,13 @@ public class UserController extends BaseController {
                 .orElseThrow(new BusinessException("用户不存在"));
     }
 
+    @GetMapping("/myAdmin")
+    @PreAuthorize("hasRole('ADMIN')")
+    public User myAdmin() {
+        return userRepo.findById(SecurityUtils.getAuthenticatedUser().getId())
+                .orElseThrow(new BusinessException("用户不存在"));
+    }
+
     @PreAuthorize("hasRole('ADMIN')")
     @GetMapping("/all")
     public Page<User> all(PageQuery pageQuery) {

src/main/vue/src/views/UserEdit.vue

@@ -18,7 +18,7 @@
                 <el-input v-model="formData.nickname"></el-input>
             </el-form-item>
             <el-form-item v-if="formData.id" label="密码">
-                <el-button type="primary" plain @click="resetPassword">重置 </el-button>
+                <el-button type="primary" plain @click="resetPassword" size="mini">重置 </el-button>
             </el-form-item>
             <el-form-item v-else prop="password" label="密码">
                 <el-input v-model="formData.password"></el-input>
@@ -27,8 +27,14 @@
                 <el-input v-model="formData.phone"></el-input>
             </el-form-item>
             <el-form-item prop="authorities" label="角色">
-                <el-select v-model="formData.authorities" multiple placeholder="请选择" value-key="name">
-                    <el-option v-for="item in authorities" :key="item.name" :label="item.name" :value="item">
+                <el-select
+                    v-model="formData.authorities"
+                    multiple
+                    placeholder="请选择"
+                    value-key="name"
+                    style="width:100%"
+                >
+                    <el-option v-for="item in authorities" :key="item.name" :label="item.description" :value="item">
                     </el-option>
                 </el-select>
             </el-form-item>
@@ -75,6 +81,7 @@ export default {
                 avatar: [
                     {
                         required: true,
+                        regexp: /^[_.@A-Za-z0-9-]*$/,
                         message: '请上传头像',
                         trigger: 'blur'
                     }