From dd682097946ab040506ad198b1bfe373b229b709 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=91=A8=E7=AB=9E=E7=94=B1?= <1193626695@qq.com> Date: Tue, 9 Dec 2025 20:09:03 +0800 Subject: [PATCH] =?UTF-8?q?admin=E6=9D=83=E9=99=90=E7=BB=86=E5=8C=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../campus/water/config/SecurityConfig.java | 8 +++-- .../water/controller/WorkOrderController.java | 12 ++++---- .../water/controller/web/AdminController.java | 8 ++--- .../water/controller/web/UserController.java | 2 +- .../java/com/campus/water/entity/Admin.java | 7 +++-- .../campus/water/security/RoleConstants.java | 9 ++++-- .../security/UserDetailsServiceImpl.java | 8 +++-- .../campus/water/service/LoginService.java | 29 ++++++++++++++----- .../campus/water/service/RegisterService.java | 2 +- .../service/app/RepairmanAppService.java | 10 +++---- .../water/service/app/StudentAppService.java | 6 ++-- 11 files changed, 63 insertions(+), 38 deletions(-) diff --git a/src/main/java/com/campus/water/config/SecurityConfig.java b/src/main/java/com/campus/water/config/SecurityConfig.java index 8b2b559..c0b4aa9 100644 --- a/src/main/java/com/campus/water/config/SecurityConfig.java +++ b/src/main/java/com/campus/water/config/SecurityConfig.java @@ -95,8 +95,12 @@ public class SecurityConfig { .requestMatchers("/api/app/student/**").hasAnyRole("STUDENT", "ADMIN") // 维修人员接口权限 .requestMatchers("/api/app/repair/**").hasAnyRole("REPAIRMAN", "ADMIN") - // 管理员接口权限 - .requestMatchers("/api/web/**").hasRole("ADMIN") + .requestMatchers("/api/web/**") + .hasAnyRole( + "SUPER_ADMIN", // 对应ROLE_SUPER_ADMIN(Spring会自动加ROLE_前缀) + "AREA_ADMIN", // 对应ROLE_AREA_ADMIN + "VIEWER" // 对应ROLE_VIEWER + ) // 其他接口需要认证 .anyRequest().authenticated() ) diff --git a/src/main/java/com/campus/water/controller/WorkOrderController.java b/src/main/java/com/campus/water/controller/WorkOrderController.java index 269d908..5b224fa 100644 --- a/src/main/java/com/campus/water/controller/WorkOrderController.java +++ b/src/main/java/com/campus/water/controller/WorkOrderController.java @@ -22,7 +22,7 @@ public class WorkOrderController { // 抢单功能 - 维修人员和管理员可访问 @PostMapping("/grab") - @PreAuthorize("hasAnyRole('REPAIRMAN', 'ADMIN')") + @PreAuthorize("hasAnyRole('REPAIRMAN', 'SUPER_ADMIN', 'AREA_ADMIN')") public ResultVO grabOrder( @RequestParam String orderId, @RequestParam String repairmanId) { @@ -37,7 +37,7 @@ public class WorkOrderController { // 拒单功能 - 维修人员和管理员可访问 @PostMapping("/reject") - @PreAuthorize("hasAnyRole('REPAIRMAN', 'ADMIN')") + @PreAuthorize("hasAnyRole('REPAIRMAN', 'SUPER_ADMIN', 'AREA_ADMIN')") public ResultVO rejectOrder( @RequestParam String orderId, @RequestParam String repairmanId, @@ -53,7 +53,7 @@ public class WorkOrderController { // 提交维修结果 - 维修人员和管理员可访问 @PostMapping("/submit") - @PreAuthorize("hasAnyRole('REPAIRMAN', 'ADMIN')") + @PreAuthorize("hasAnyRole('REPAIRMAN', 'SUPER_ADMIN', 'AREA_ADMIN')") public ResultVO submitRepairResult( @RequestParam String orderId, @RequestParam String repairmanId, @@ -70,7 +70,7 @@ public class WorkOrderController { // 获取可抢工单列表 - 维修人员和管理员可访问 @GetMapping("/available") - @PreAuthorize("hasAnyRole('REPAIRMAN', 'ADMIN')") + @PreAuthorize("hasAnyRole('REPAIRMAN','SUPER_ADMIN', 'AREA_ADMIN')") public ResultVO> getAvailableOrders(@RequestParam String areaId) { try { List orders = workOrderService.getAvailableOrders(areaId); @@ -82,7 +82,7 @@ public class WorkOrderController { // 获取维修工自己的工单 - 维修人员和管理员可访问 @GetMapping("/my") - @PreAuthorize("hasAnyRole('REPAIRMAN', 'ADMIN')") + @PreAuthorize("hasAnyRole('REPAIRMAN', 'SUPER_ADMIN', 'AREA_ADMIN')") public ResultVO> getMyOrders(@RequestParam String repairmanId) { try { List orders = workOrderService.getMyOrders(repairmanId); @@ -94,7 +94,7 @@ public class WorkOrderController { // 管理员手动派单接口 @PostMapping("/assign") - @PreAuthorize("hasRole('ADMIN')") + @PreAuthorize("hasAnyRole('SUPER_ADMIN', 'AREA_ADMIN')") public ResultVO assignOrderByAdmin( @RequestParam String orderId, @RequestParam String repairmanId) { diff --git a/src/main/java/com/campus/water/controller/web/AdminController.java b/src/main/java/com/campus/water/controller/web/AdminController.java index 57a3beb..3407f85 100644 --- a/src/main/java/com/campus/water/controller/web/AdminController.java +++ b/src/main/java/com/campus/water/controller/web/AdminController.java @@ -25,7 +25,7 @@ public class AdminController { * 获取管理员列表(支持姓名/角色筛选) */ @GetMapping("/list") - @PreAuthorize("hasAnyRole('super_admin', 'area_admin')") // 超级/区域管理员可查看 + @PreAuthorize("hasAnyRole('SUPER_ADMIN', 'AREA_ADMIN')") // 超级/区域管理员可查看 @Operation(summary = "获取管理员列表", description = "支持按姓名模糊搜索、按角色筛选") public ResponseEntity>> getAdminList( @RequestParam(required = false) String name, @@ -43,7 +43,7 @@ public class AdminController { * 获取所有管理员角色枚举 */ @GetMapping("/roles") - @PreAuthorize("hasAnyRole('super_admin', 'area_admin')") + @PreAuthorize("hasAnyRole('SUPER_ADMIN', 'AREA_ADMIN')") @Operation(summary = "获取管理员角色列表", description = "返回所有可选角色(super_admin/area_admin/viewer)") public ResponseEntity> getAllRoles() { try { @@ -58,7 +58,7 @@ public class AdminController { * 新增/编辑管理员 */ @PostMapping("/save") - @PreAuthorize("hasRole('super_admin')") // 仅超级管理员可新增/编辑 + @PreAuthorize("hasRole('SUPER_ADMIN')") // 仅超级管理员可新增/编辑 @Operation(summary = "保存管理员", description = "新增/编辑管理员,支持指定角色") public ResponseEntity> saveAdmin(@RequestBody Admin admin) { try { @@ -73,7 +73,7 @@ public class AdminController { * 删除管理员 */ @DeleteMapping("/{adminId}") - @PreAuthorize("hasRole('super_admin')") // 仅超级管理员可删除 + @PreAuthorize("hasRole('SUPER_ADMIN')") // 仅超级管理员可删除 @Operation(summary = "删除管理员", description = "按ID删除管理员") public ResponseEntity> deleteAdmin(@PathVariable String adminId) { try { diff --git a/src/main/java/com/campus/water/controller/web/UserController.java b/src/main/java/com/campus/water/controller/web/UserController.java index a58f493..28df30d 100644 --- a/src/main/java/com/campus/water/controller/web/UserController.java +++ b/src/main/java/com/campus/water/controller/web/UserController.java @@ -29,7 +29,7 @@ public class UserController { * @param status 状态筛选(可选,值:active/inactive) */ @GetMapping("/list") - @PreAuthorize("hasRole('ADMIN')") // 仅管理员可访问 + @PreAuthorize("hasAnyRole('STUDENT', 'SUPER_ADMIN', 'AREA_ADMIN', 'VIEWER')")// 仅管理员可访问 @Operation(summary = "获取学生用户列表", description = "支持按姓名和状态筛选学生") public ResponseEntity>> getUserList( @RequestParam(required = false) String studentName, diff --git a/src/main/java/com/campus/water/entity/Admin.java b/src/main/java/com/campus/water/entity/Admin.java index acaac0d..2b84886 100644 --- a/src/main/java/com/campus/water/entity/Admin.java +++ b/src/main/java/com/campus/water/entity/Admin.java @@ -38,9 +38,10 @@ public class Admin { private LocalDateTime updatedTime = LocalDateTime.now(); // 枚举类:恢复super_admin、area_admin、viewer三个角色 + // java/com/campus/water/entity/Admin.java public enum AdminRole { - super_admin, // 超级管理员 - area_admin, // 区域管理员 - viewer // 查看者 + ROLE_SUPER_ADMIN, // 超级管理员(原super_admin) + ROLE_AREA_ADMIN, // 区域管理员(原area_admin) + ROLE_VIEWER // 查看者(原viewer) } } \ No newline at end of file diff --git a/src/main/java/com/campus/water/security/RoleConstants.java b/src/main/java/com/campus/water/security/RoleConstants.java index 231457e..2d82713 100644 --- a/src/main/java/com/campus/water/security/RoleConstants.java +++ b/src/main/java/com/campus/water/security/RoleConstants.java @@ -1,4 +1,3 @@ -// com/campus/water/security/RoleConstants.java package com.campus.water.security; /** @@ -9,8 +8,12 @@ public class RoleConstants { public static final String ROLE_STUDENT = "ROLE_STUDENT"; /** 维修人员角色 */ public static final String ROLE_REPAIRMAN = "ROLE_REPAIRMAN"; - /** 管理员角色 */ - public static final String ROLE_ADMIN = "ROLE_ADMIN"; + + + /** 新增:细分的管理员角色(与Admin枚举一一对应) */ + public static final String ROLE_SUPER_ADMIN = "ROLE_SUPER_ADMIN"; // 超级管理员 + public static final String ROLE_AREA_ADMIN = "ROLE_AREA_ADMIN"; // 区域管理员 + public static final String ROLE_VIEWER = "ROLE_VIEWER"; // 查看者 private RoleConstants() {} } \ No newline at end of file diff --git a/src/main/java/com/campus/water/security/UserDetailsServiceImpl.java b/src/main/java/com/campus/water/security/UserDetailsServiceImpl.java index 0f45394..5ca6874 100644 --- a/src/main/java/com/campus/water/security/UserDetailsServiceImpl.java +++ b/src/main/java/com/campus/water/security/UserDetailsServiceImpl.java @@ -1,4 +1,3 @@ -// filePath:main/java/com/campus/water/security/UserDetailsServiceImpl.java package com.campus.water.security; import com.campus.water.entity.Admin; @@ -39,7 +38,12 @@ public class UserDetailsServiceImpl implements UserDetailsService { // 2. 查询管理员用户 Admin admin = adminRepository.findByAdminName(username).orElse(null); if (admin != null) { - return createUserDetails(admin.getAdminName(), admin.getPassword(), RoleConstants.ROLE_ADMIN); + // ========== 关键改动:替换硬编码的RoleConstants.ROLE_ADMIN为admin.getRole().name() ========== + return createUserDetails( + admin.getAdminName(), + admin.getPassword(), + admin.getRole().name() // 取Admin实体中实际的角色(如ROLE_SUPER_ADMIN/ROLE_AREA_ADMIN) + ); } // 3. 查询维修人员用户 diff --git a/src/main/java/com/campus/water/service/LoginService.java b/src/main/java/com/campus/water/service/LoginService.java index 0755d71..bd17015 100644 --- a/src/main/java/com/campus/water/service/LoginService.java +++ b/src/main/java/com/campus/water/service/LoginService.java @@ -1,4 +1,3 @@ -// filePath:main/java/com/campus/water/service/LoginService.java package com.campus.water.service; import com.campus.water.entity.Admin; @@ -58,7 +57,8 @@ public class LoginService { throw new RuntimeException("密码错误"); } - return createLoginVO(admin.getAdminId(), username, "admin"); + // ========== 关键改动1:调用重载的createLoginVO方法,传入Admin实体 ========== + return createLoginVO(admin.getAdminId(), username, "admin", admin); } private LoginVO handleUserLogin(String username, String password) { @@ -84,11 +84,24 @@ public class LoginService { } /** - * 生成包含JWT令牌和角色信息的登录响应 - * 角色映射: - * - admin -> ROLE_ADMIN - * - user -> ROLE_STUDENT - * - repairman -> ROLE_REPAIRMAN + * 重载方法:处理管理员登录(支持获取真实角色) + * ========== 关键改动2:新增重载方法,接收Admin参数 ========== + */ + private LoginVO createLoginVO(String userId, String username, String userType, Admin admin) { + LoginVO vo = new LoginVO(); + vo.setUserId(userId); + vo.setUsername(username); + vo.setUserType(userType); + + // 获取管理员真实角色(如ROLE_SUPER_ADMIN/ROLE_AREA_ADMIN) + String role = admin.getRole().name(); + // 生成包含真实角色的JWT令牌 + vo.setToken(jwtTokenProvider.generateToken(username, role)); + return vo; + } + + /** + * 原有方法:处理用户/维修人员登录(保留不变) */ private LoginVO createLoginVO(String userId, String username, String userType) { LoginVO vo = new LoginVO(); @@ -98,7 +111,7 @@ public class LoginService { // 根据用户类型获取对应的角色 String role = switch (userType) { - case "admin" -> RoleConstants.ROLE_ADMIN; + case "user" -> RoleConstants.ROLE_STUDENT; case "repairman" -> RoleConstants.ROLE_REPAIRMAN; default -> throw new RuntimeException("不支持的用户类型:" + userType); diff --git a/src/main/java/com/campus/water/service/RegisterService.java b/src/main/java/com/campus/water/service/RegisterService.java index 1c21f07..045a1a4 100644 --- a/src/main/java/com/campus/water/service/RegisterService.java +++ b/src/main/java/com/campus/water/service/RegisterService.java @@ -71,7 +71,7 @@ public class RegisterService { admin.setPassword(BCrypt.hashpw(password, BCrypt.gensalt())); // 密码加密 admin.setPhone(request.getPhone()); // 从注册请求中获取角色(需在RegisterRequest添加role字段) - admin.setRole(Admin.AdminRole.valueOf(request.getRole())); + admin.setRole(Admin.AdminRole.valueOf("ROLE_" + request.getRole().toUpperCase())); admin.setCreatedTime(LocalDateTime.now()); admin.setUpdatedTime(LocalDateTime.now()); diff --git a/src/main/java/com/campus/water/service/app/RepairmanAppService.java b/src/main/java/com/campus/water/service/app/RepairmanAppService.java index 0722a7c..7387881 100644 --- a/src/main/java/com/campus/water/service/app/RepairmanAppService.java +++ b/src/main/java/com/campus/water/service/app/RepairmanAppService.java @@ -26,7 +26,7 @@ public class RepairmanAppService { * @param areaId 区域ID * @return 可抢工单列表 */ - @PreAuthorize("hasAnyRole('REPAIRMAN', 'ADMIN')") + @PreAuthorize("hasAnyRole('REPAIRMAN', 'SUPER_ADMIN', 'AREA_ADMIN', 'VIEWER')") public ResultVO> getAvailableOrders(String areaId) { try { // 参数校验 @@ -45,7 +45,7 @@ public class RepairmanAppService { * @param request 包含orderId和repairmanId的请求参数 * @return 抢单结果 */ - @PreAuthorize("hasAnyRole('REPAIRMAN', 'ADMIN')") + @PreAuthorize("hasAnyRole('REPAIRMAN', 'SUPER_ADMIN', 'AREA_ADMIN', 'VIEWER')") public ResultVO grabOrder(Map request) { try { // 参数校验 @@ -74,7 +74,7 @@ public class RepairmanAppService { * @param request 包含orderId、repairmanId、reason的请求参数 * @return 拒单结果 */ - @PreAuthorize("hasAnyRole('REPAIRMAN', 'ADMIN')") + @PreAuthorize("hasAnyRole('REPAIRMAN', 'SUPER_ADMIN', 'AREA_ADMIN', 'VIEWER')") public ResultVO rejectOrder(Map request) { try { // 参数校验 @@ -108,7 +108,7 @@ public class RepairmanAppService { * @param request 包含orderId、repairmanId、dealNote、imgUrl的请求参数 * @return 提交结果 */ - @PreAuthorize("hasAnyRole('REPAIRMAN', 'ADMIN')") + @PreAuthorize("hasAnyRole('REPAIRMAN', 'SUPER_ADMIN', 'AREA_ADMIN', 'VIEWER')") public ResultVO submitRepairResult(Map request) { try { // 参数校验 @@ -143,7 +143,7 @@ public class RepairmanAppService { * @param repairmanId 维修人员ID * @return 维修人员名下的工单列表 */ - @PreAuthorize("hasAnyRole('REPAIRMAN', 'ADMIN')") + @PreAuthorize("hasAnyRole('REPAIRMAN', 'SUPER_ADMIN', 'AREA_ADMIN', 'VIEWER')") public ResultVO> getMyOrders(String repairmanId) { try { // 参数校验 diff --git a/src/main/java/com/campus/water/service/app/StudentAppService.java b/src/main/java/com/campus/water/service/app/StudentAppService.java index 092fa32..8615e60 100644 --- a/src/main/java/com/campus/water/service/app/StudentAppService.java +++ b/src/main/java/com/campus/water/service/app/StudentAppService.java @@ -15,7 +15,7 @@ public class StudentAppService { private WaterUsageController waterUsageController; // 扫码获取终端信息 - 学生和管理员可访问 - @PreAuthorize("hasAnyRole('STUDENT', 'ADMIN')") + @PreAuthorize("hasAnyRole('STUDENT', 'SUPER_ADMIN', 'AREA_ADMIN', 'VIEWER')") public ResultVO> getTerminalInfo(String terminalId) { try { Map result = waterUsageController.getTerminalInfo(terminalId); @@ -26,7 +26,7 @@ public class StudentAppService { } // 扫码用水 - 学生和管理员可访问 - @PreAuthorize("hasAnyRole('STUDENT', 'ADMIN')") + @PreAuthorize("hasAnyRole('STUDENT', 'SUPER_ADMIN', 'AREA_ADMIN', 'VIEWER')") public ResultVO> scanToDrink(Map request) { try { String terminalId = (String) request.get("terminalId"); @@ -41,7 +41,7 @@ public class StudentAppService { } // 查询水质信息 - 学生和管理员可访问 - @PreAuthorize("hasAnyRole('STUDENT', 'ADMIN')") + @PreAuthorize("hasAnyRole('STUDENT', 'SUPER_ADMIN', 'AREA_ADMIN', 'VIEWER')") public ResultVO> getWaterQuality(String deviceId) { try { Map result = waterUsageController.getWaterQualityInfo(deviceId); -- 2.34.1