安全

src/main/java/com/izouma/nineth/dto/UserDTO.java

@@ -7,22 +7,13 @@ import com.izouma.nineth.security.Authority;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
 
+import java.math.BigDecimal;
 import java.time.LocalDateTime;
 import java.util.Set;
 
 @Data
 public class UserDTO extends User {
 
-    private String password;
-
-    private String nftAccount;
-
-    private String kmsId;
-
-    private String publicKey;
-
-    private String tradeCode;
-
     @ApiModelProperty("是否关注")
     private boolean follow;
 
@@ -31,6 +22,7 @@ public class UserDTO extends User {
         return null;
     }
 
+    @Override
     public String getPassword() {
         return null;
     }
@@ -51,14 +43,42 @@ public class UserDTO extends User {
     }
 
     @Override
-    @JsonIgnore
-    public int getVipPoint() {
-        return super.getVipPoint();
+    public String getNftAccount() {
+        return null;
+    }
+
+    @Override
+    public String getPublicKey() {
+        return null;
+    }
+
+    @Override
+    public String getTradeCode() {
+        return null;
+    }
+
+    @Override
+    public String getKmsId() {
+        return null;
+    }
+
+    @Override
+    public String getMemberId() {
+        return null;
+    }
+
+    @Override
+    public Long getAuthId() {
+        return null;
+    }
+
+    @Override
+    public BigDecimal getShareRatio() {
+        return null;
     }
 
     @Override
-    @JsonIgnore
-    public int getVipPurchase() {
-        return super.getVipPurchase();
+    public String getSettleAccountId() {
+        return null;
     }
 }

src/main/java/com/izouma/nineth/web/AssetController.java

@@ -50,6 +50,7 @@ public class AssetController extends BaseController {
     //@PreAuthorize("hasRole('ADMIN')")
     @PostMapping("/all")
     public Page<Asset> all(@RequestBody PageQuery pageQuery) {
+        pageQuery.getQuery().put("userId",SecurityUtils.getAuthenticatedUser().getId());
         return assetService.all(pageQuery);
     }
 
@@ -65,6 +66,7 @@ public class AssetController extends BaseController {
 //        assetRepo.softDelete(id);
 //    }
 
+    @PreAuthorize("hasRole('ADMIN')")
     @GetMapping("/excel")
     @ResponseBody
     public void excel(HttpServletResponse response, PageQuery pageQuery) throws IOException {

src/main/java/com/izouma/nineth/web/DevelopController.java

@@ -3,6 +3,7 @@ package com.izouma.nineth.web;
 import com.izouma.nineth.utils.ObjUtils;
 import org.reflections.Reflections;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.method.HandlerMethod;
 import org.springframework.web.servlet.mvc.condition.PathPatternsRequestCondition;
@@ -17,7 +18,7 @@ import java.util.*;
 
 @RestController
 @RequestMapping("/dev")
-// @PreAuthorize("hasRole('ROLE_ADMIN') and hasRole('ROLE_DEV')")
+@PreAuthorize("hasRole('ADMIN')")
 public class DevelopController {
     @Autowired
     private RequestMappingHandlerMapping requestMappingHandlerMapping;

src/main/java/com/izouma/nineth/web/GenCodeController.java

@@ -12,6 +12,7 @@ import io.swagger.annotations.ApiModelProperty;
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.text.CaseUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import java.io.*;
@@ -23,6 +24,7 @@ import java.util.regex.Pattern;
 
 @RestController
 @RequestMapping("/genCode")
+@PreAuthorize("hasRole('ADMIN')")
 public class GenCodeController {
     @Autowired
     private GenCodeService genCodeService;

src/main/java/com/izouma/nineth/web/OrderController.java

@@ -4,6 +4,7 @@ import com.izouma.nineth.domain.Order;
 import com.izouma.nineth.domain.User;
 import com.izouma.nineth.dto.OrderDTO;
 import com.izouma.nineth.dto.PageQuery;
+import com.izouma.nineth.enums.AuthorityName;
 import com.izouma.nineth.enums.CollectionType;
 import com.izouma.nineth.enums.OrderStatus;
 import com.izouma.nineth.enums.PayMethod;
@@ -54,6 +55,9 @@ public class OrderController extends BaseController {
     //@PreAuthorize("hasRole('ADMIN')")
     @PostMapping("/all")
     public Page<Order> all(@RequestBody PageQuery pageQuery) {
+        if (!SecurityUtils.hasRole(AuthorityName.ROLE_ADMIN)) {
+            pageQuery.getQuery().put("userId", SecurityUtils.getAuthenticatedUser().getId());
+        }
         return orderService.all(pageQuery);
     }
 

src/main/java/com/izouma/nineth/web/SettingController.java

@@ -28,7 +28,7 @@ public class SettingController extends BaseController {
     private SettingRepo    settingRepo;
     private CacheService   cacheService;
 
-    //@PreAuthorize("hasRole('ADMIN')")
+    @PreAuthorize("hasRole('ADMIN')")
     @PostMapping("/save")
     public Setting save(@RequestBody Setting record) {
         if (record.getId() != null) {
@@ -59,11 +59,13 @@ public class SettingController extends BaseController {
         return settingRepo.findById(id).orElseThrow(new BusinessException("无记录"));
     }
 
+    @PreAuthorize("hasRole('ADMIN')")
     @PostMapping("/del/{id}")
     public void del(@PathVariable Long id) {
         settingRepo.softDelete(id);
     }
 
+    @PreAuthorize("hasRole('ADMIN')")
     @GetMapping("/excel")
     @ResponseBody
     public void excel(HttpServletResponse response, PageQuery pageQuery) throws IOException {

src/main/java/com/izouma/nineth/web/ShowroomController.java

@@ -17,6 +17,7 @@ import lombok.AllArgsConstructor;
 import org.apache.commons.lang3.ObjectUtils;
 import org.springframework.cache.annotation.Cacheable;
 import org.springframework.data.domain.Page;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import javax.servlet.http.HttpServletResponse;
@@ -86,6 +87,7 @@ public class ShowroomController extends BaseController {
         return showroom;
     }
 
+    @PreAuthorize("hasRole('ADMIN')")
     @PostMapping("/del/{id}")
     public void del(@PathVariable Long id) {
         showCollectionRepo.deleteAllByShowroomId(id);

src/main/java/com/izouma/nineth/web/StatisticController.java

@@ -26,30 +26,35 @@ public class StatisticController {
 
     @GetMapping("/total")
     @Cacheable("total")
+    @PreAuthorize("hasRole('ADMIN')")
     public Map<String, Object> total() {
         return statisticService.total();
     }
 
     @GetMapping("/userTrend")
     @Cacheable("userTrend")
+    @PreAuthorize("hasRole('ADMIN')")
     public Map<String, Long> userTrend(int day) {
         return statisticService.userTrend(day);
     }
 
     @GetMapping("/orderNumTrend")
     @Cacheable("orderNumTrend")
+    @PreAuthorize("hasRole('ADMIN')")
     public Map<String, Map<String, Long>> orderNumTrend(int day) {
         return statisticService.orderNumTrend(day);
     }
 
     @GetMapping("/orderPriceTrend")
     @Cacheable("orderPriceTrend")
+    @PreAuthorize("hasRole('ADMIN')")
     public Map<String, Map<String, BigDecimal>> orderPriceTrend(int day) {
         return statisticService.orderPriceTrend(day);
     }
 
     @GetMapping("/top")
     @CachePut(value = "top", key = "#month")
+    @PreAuthorize("hasRole('ADMIN')")
     public String top(int year, int month) {
         LocalDateTime start = LocalDateTime.of(year, month, 1, 0, 0, 0);
         LocalDateTime end = start.plusMonths(1).minusSeconds(1);
@@ -73,13 +78,13 @@ public class StatisticController {
 
     @PreAuthorize("hasRole('ADMIN')")
     @GetMapping("/clearWeekTop")
-    public void clearWeekTop(){
+    public void clearWeekTop() {
         cacheService.clearWeekTop();
     }
 
     @PreAuthorize("hasRole('ADMIN')")
     @GetMapping("/clearUser")
-    public void clearUser(){
+    public void clearUser() {
         cacheService.clearUser();
     }
 }

src/main/java/com/izouma/nineth/web/UserController.java

@@ -81,12 +81,22 @@ public class UserController extends BaseController {
     //    @PreAuthorize("hasRole('ADMIN')")
     @PostMapping("/all")
     public Page<UserDTO> all(@RequestBody PageQuery pageQuery) {
-        if (!(SecurityUtils.getAuthenticatedUser() != null && SecurityUtils.getAuthenticatedUser().isAdmin())) {
-            pageQuery.getQuery().put("minter", true);
-        }
+        pageQuery.getQuery().put("minter", true);
         return userService.toDTO(userService.all(pageQuery).toPage());
     }
 
+    @PreAuthorize("hasRole('ADMIN')")
+    @PostMapping("/adminAll")
+    public Page<User> adminAll(@RequestBody PageQuery pageQuery) {
+        return userService.all(pageQuery).toPage();
+    }
+
+    @PostMapping("/minterList")
+    public Page<Minter> toMinter(@RequestBody PageQuery pageQuery) {
+        pageQuery.getQuery().put("minter", true);
+        return userService.toMinterDTO(userService.all(pageQuery).toPage());
+    }
+
     //    @PreAuthorize("hasRole('ADMIN')")
     @GetMapping("/get/{id}")
     public UserDTO get(@PathVariable Long id) {