p95fco63j
/
Water_Machine_Management_System
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Labels Milestones
New Pull Request

admin权限细化 #66

Merged
hnu202326010122 merged 1 commits from jingyou_branch into develop 1 month ago
Conversation 0 Commits 1 Files Changed 11
11 changed files with 63 additions and 38 deletions
Show Stats Download Patch File Download Diff File

8
src/main/java/com/campus/water/config/SecurityConfig.java
Unescape View File

@ -95,8 +95,12 @@ public class SecurityConfig {
.requestMatchers("/api/app/student/**").hasAnyRole("STUDENT", "ADMIN")
// 维修人员接口权限
.requestMatchers("/api/app/repair/**").hasAnyRole("REPAIRMAN", "ADMIN")
// 管理员接口权限
.requestMatchers("/api/web/**").hasRole("ADMIN")
.requestMatchers("/api/web/**")
.hasAnyRole(
"SUPER_ADMIN", // 对应ROLE_SUPER_ADMINSpring会自动加ROLE_前缀
"AREA_ADMIN", // 对应ROLE_AREA_ADMIN
"VIEWER" // 对应ROLE_VIEWER
)
// 其他接口需要认证
.anyRequest().authenticated()
)

12
src/main/java/com/campus/water/controller/WorkOrderController.java
Unescape View File

@ -22,7 +22,7 @@ public class WorkOrderController {
// 抢单功能 - 维修人员和管理员可访问
@PostMapping("/grab")
@PreAuthorize("hasAnyRole('REPAIRMAN', 'ADMIN')")
@PreAuthorize("hasAnyRole('REPAIRMAN', 'SUPER_ADMIN', 'AREA_ADMIN')")
public ResultVO<Boolean> grabOrder(
@RequestParam String orderId,
@RequestParam String repairmanId) {
@ -37,7 +37,7 @@ public class WorkOrderController {
// 拒单功能 - 维修人员和管理员可访问
@PostMapping("/reject")
@PreAuthorize("hasAnyRole('REPAIRMAN', 'ADMIN')")
@PreAuthorize("hasAnyRole('REPAIRMAN', 'SUPER_ADMIN', 'AREA_ADMIN')")
public ResultVO<Boolean> rejectOrder(
@RequestParam String orderId,
@RequestParam String repairmanId,
@ -53,7 +53,7 @@ public class WorkOrderController {
// 提交维修结果 - 维修人员和管理员可访问
@PostMapping("/submit")
@PreAuthorize("hasAnyRole('REPAIRMAN', 'ADMIN')")
@PreAuthorize("hasAnyRole('REPAIRMAN', 'SUPER_ADMIN', 'AREA_ADMIN')")
public ResultVO<Boolean> submitRepairResult(
@RequestParam String orderId,
@RequestParam String repairmanId,
@ -70,7 +70,7 @@ public class WorkOrderController {
// 获取可抢工单列表 - 维修人员和管理员可访问
@GetMapping("/available")
@PreAuthorize("hasAnyRole('REPAIRMAN', 'ADMIN')")
@PreAuthorize("hasAnyRole('REPAIRMAN','SUPER_ADMIN', 'AREA_ADMIN')")
public ResultVO<List<WorkOrder>> getAvailableOrders(@RequestParam String areaId) {
try {
List<WorkOrder> orders = workOrderService.getAvailableOrders(areaId);
@ -82,7 +82,7 @@ public class WorkOrderController {
// 获取维修工自己的工单 - 维修人员和管理员可访问
@GetMapping("/my")
@PreAuthorize("hasAnyRole('REPAIRMAN', 'ADMIN')")
@PreAuthorize("hasAnyRole('REPAIRMAN', 'SUPER_ADMIN', 'AREA_ADMIN')")
public ResultVO<List<WorkOrder>> getMyOrders(@RequestParam String repairmanId) {
try {
List<WorkOrder> orders = workOrderService.getMyOrders(repairmanId);
@ -94,7 +94,7 @@ public class WorkOrderController {
// 管理员手动派单接口
@PostMapping("/assign")
@PreAuthorize("hasRole('ADMIN')")
@PreAuthorize("hasAnyRole('SUPER_ADMIN', 'AREA_ADMIN')")
public ResultVO<Boolean> assignOrderByAdmin(
@RequestParam String orderId,
@RequestParam String repairmanId) {

8
src/main/java/com/campus/water/controller/web/AdminController.java
Unescape View File

@ -25,7 +25,7 @@ public class AdminController {
* /
*/
@GetMapping("/list")
@PreAuthorize("hasAnyRole('super_admin', 'area_admin')") // 超级/区域管理员可查看
@PreAuthorize("hasAnyRole('SUPER_ADMIN', 'AREA_ADMIN')") // 超级/区域管理员可查看
@Operation(summary = "获取管理员列表", description = "支持按姓名模糊搜索、按角色筛选")
public ResponseEntity<ResultVO<List<Admin>>> getAdminList(
@RequestParam(required = false) String name,
@ -43,7 +43,7 @@ public class AdminController {
*
*/
@GetMapping("/roles")
@PreAuthorize("hasAnyRole('super_admin', 'area_admin')")
@PreAuthorize("hasAnyRole('SUPER_ADMIN', 'AREA_ADMIN')")
@Operation(summary = "获取管理员角色列表", description = "返回所有可选角色super_admin/area_admin/viewer")
public ResponseEntity<ResultVO<Admin.AdminRole[]>> getAllRoles() {
try {
@ -58,7 +58,7 @@ public class AdminController {
* /
*/
@PostMapping("/save")
@PreAuthorize("hasRole('super_admin')") // 仅超级管理员可新增/编辑
@PreAuthorize("hasRole('SUPER_ADMIN')") // 仅超级管理员可新增/编辑
@Operation(summary = "保存管理员", description = "新增/编辑管理员,支持指定角色")
public ResponseEntity<ResultVO<Admin>> saveAdmin(@RequestBody Admin admin) {
try {
@ -73,7 +73,7 @@ public class AdminController {
*
*/
@DeleteMapping("/{adminId}")
@PreAuthorize("hasRole('super_admin')") // 仅超级管理员可删除
@PreAuthorize("hasRole('SUPER_ADMIN')") // 仅超级管理员可删除
@Operation(summary = "删除管理员", description = "按ID删除管理员")
public ResponseEntity<ResultVO<Void>> deleteAdmin(@PathVariable String adminId) {
try {

2
src/main/java/com/campus/water/controller/web/UserController.java
Unescape View File

@ -29,7 +29,7 @@ public class UserController {
* @param status active/inactive
*/
@GetMapping("/list")
@PreAuthorize("hasRole('ADMIN')") // 仅管理员可访问
@PreAuthorize("hasAnyRole('STUDENT', 'SUPER_ADMIN', 'AREA_ADMIN', 'VIEWER')")// 仅管理员可访问
@Operation(summary = "获取学生用户列表", description = "支持按姓名和状态筛选学生")
public ResponseEntity<ResultVO<List<User>>> getUserList(
@RequestParam(required = false) String studentName,

7
src/main/java/com/campus/water/entity/Admin.java
Unescape View File

@ -38,9 +38,10 @@ public class Admin {
private LocalDateTime updatedTime = LocalDateTime.now();
// 枚举类恢复super_admin、area_admin、viewer三个角色
// java/com/campus/water/entity/Admin.java
public enum AdminRole {
super_admin, // 超级管理员
area_admin, // 区域管理员
viewer // 查看者
ROLE_SUPER_ADMIN, // 超级管理员原super_admin
ROLE_AREA_ADMIN, // 区域管理员原area_admin
ROLE_VIEWER // 查看者原viewer
}
}

9
src/main/java/com/campus/water/security/RoleConstants.java
Unescape View File

@ -1,4 +1,3 @@
// com/campus/water/security/RoleConstants.java
package com.campus.water.security;
/**
@ -9,8 +8,12 @@ public class RoleConstants {
public static final String ROLE_STUDENT = "ROLE_STUDENT";
/** 维修人员角色 */
public static final String ROLE_REPAIRMAN = "ROLE_REPAIRMAN";
/** 管理员角色 */
public static final String ROLE_ADMIN = "ROLE_ADMIN";
/** 新增细分的管理员角色与Admin枚举一一对应 */
public static final String ROLE_SUPER_ADMIN = "ROLE_SUPER_ADMIN"; // 超级管理员
public static final String ROLE_AREA_ADMIN = "ROLE_AREA_ADMIN"; // 区域管理员
public static final String ROLE_VIEWER = "ROLE_VIEWER"; // 查看者
private RoleConstants() {}
}

8
src/main/java/com/campus/water/security/UserDetailsServiceImpl.java
Unescape View File

@ -1,4 +1,3 @@
// filePathmain/java/com/campus/water/security/UserDetailsServiceImpl.java
package com.campus.water.security;
import com.campus.water.entity.Admin;
@ -39,7 +38,12 @@ public class UserDetailsServiceImpl implements UserDetailsService {
// 2. 查询管理员用户
Admin admin = adminRepository.findByAdminName(username).orElse(null);
if (admin != null) {
return createUserDetails(admin.getAdminName(), admin.getPassword(), RoleConstants.ROLE_ADMIN);
// ========== 关键改动替换硬编码的RoleConstants.ROLE_ADMIN为admin.getRole().name() ==========
return createUserDetails(
admin.getAdminName(),
admin.getPassword(),
admin.getRole().name() // 取Admin实体中实际的角色如ROLE_SUPER_ADMIN/ROLE_AREA_ADMIN
);
}
// 3. 查询维修人员用户

29
src/main/java/com/campus/water/service/LoginService.java
Unescape View File

@ -1,4 +1,3 @@
// filePathmain/java/com/campus/water/service/LoginService.java
package com.campus.water.service;
import com.campus.water.entity.Admin;
@ -58,7 +57,8 @@ public class LoginService {
throw new RuntimeException("密码错误");
}
return createLoginVO(admin.getAdminId(), username, "admin");
// ========== 关键改动1调用重载的createLoginVO方法传入Admin实体 ==========
return createLoginVO(admin.getAdminId(), username, "admin", admin);
}
private LoginVO handleUserLogin(String username, String password) {
@ -84,11 +84,24 @@ public class LoginService {
}
/**
* JWT
*
* - admin -> ROLE_ADMIN
* - user -> ROLE_STUDENT
* - repairman -> ROLE_REPAIRMAN
*
* ========== 2Admin ==========
*/
private LoginVO createLoginVO(String userId, String username, String userType, Admin admin) {
LoginVO vo = new LoginVO();
vo.setUserId(userId);
vo.setUsername(username);
vo.setUserType(userType);
// 获取管理员真实角色如ROLE_SUPER_ADMIN/ROLE_AREA_ADMIN
String role = admin.getRole().name();
// 生成包含真实角色的JWT令牌
vo.setToken(jwtTokenProvider.generateToken(username, role));
return vo;
}
/**
* /
*/
private LoginVO createLoginVO(String userId, String username, String userType) {
LoginVO vo = new LoginVO();
@ -98,7 +111,7 @@ public class LoginService {
// 根据用户类型获取对应的角色
String role = switch (userType) {
case "admin" -> RoleConstants.ROLE_ADMIN;
case "user" -> RoleConstants.ROLE_STUDENT;
case "repairman" -> RoleConstants.ROLE_REPAIRMAN;
default -> throw new RuntimeException("不支持的用户类型:" + userType);

2
src/main/java/com/campus/water/service/RegisterService.java
Unescape View File

@ -71,7 +71,7 @@ public class RegisterService {
admin.setPassword(BCrypt.hashpw(password, BCrypt.gensalt())); // 密码加密
admin.setPhone(request.getPhone());
// 从注册请求中获取角色需在RegisterRequest添加role字段
admin.setRole(Admin.AdminRole.valueOf(request.getRole()));
admin.setRole(Admin.AdminRole.valueOf("ROLE_" + request.getRole().toUpperCase()));
admin.setCreatedTime(LocalDateTime.now());
admin.setUpdatedTime(LocalDateTime.now());

10
src/main/java/com/campus/water/service/app/RepairmanAppService.java
Unescape View File

@ -26,7 +26,7 @@ public class RepairmanAppService {
* @param areaId ID
* @return
*/
@PreAuthorize("hasAnyRole('REPAIRMAN', 'ADMIN')")
@PreAuthorize("hasAnyRole('REPAIRMAN', 'SUPER_ADMIN', 'AREA_ADMIN', 'VIEWER')")
public ResultVO<List<WorkOrder>> getAvailableOrders(String areaId) {
try {
// 参数校验
@ -45,7 +45,7 @@ public class RepairmanAppService {
* @param request orderIdrepairmanId
* @return
*/
@PreAuthorize("hasAnyRole('REPAIRMAN', 'ADMIN')")
@PreAuthorize("hasAnyRole('REPAIRMAN', 'SUPER_ADMIN', 'AREA_ADMIN', 'VIEWER')")
public ResultVO<Boolean> grabOrder(Map<String, String> request) {
try {
// 参数校验
@ -74,7 +74,7 @@ public class RepairmanAppService {
* @param request orderIdrepairmanIdreason
* @return
*/
@PreAuthorize("hasAnyRole('REPAIRMAN', 'ADMIN')")
@PreAuthorize("hasAnyRole('REPAIRMAN', 'SUPER_ADMIN', 'AREA_ADMIN', 'VIEWER')")
public ResultVO<Boolean> rejectOrder(Map<String, String> request) {
try {
// 参数校验
@ -108,7 +108,7 @@ public class RepairmanAppService {
* @param request orderIdrepairmanIddealNoteimgUrl
* @return
*/
@PreAuthorize("hasAnyRole('REPAIRMAN', 'ADMIN')")
@PreAuthorize("hasAnyRole('REPAIRMAN', 'SUPER_ADMIN', 'AREA_ADMIN', 'VIEWER')")
public ResultVO<Boolean> submitRepairResult(Map<String, String> request) {
try {
// 参数校验
@ -143,7 +143,7 @@ public class RepairmanAppService {
* @param repairmanId ID
* @return
*/
@PreAuthorize("hasAnyRole('REPAIRMAN', 'ADMIN')")
@PreAuthorize("hasAnyRole('REPAIRMAN', 'SUPER_ADMIN', 'AREA_ADMIN', 'VIEWER')")
public ResultVO<List<WorkOrder>> getMyOrders(String repairmanId) {
try {
// 参数校验

6
src/main/java/com/campus/water/service/app/StudentAppService.java
Unescape View File

@ -15,7 +15,7 @@ public class StudentAppService {
private WaterUsageController waterUsageController;
// 扫码获取终端信息 - 学生和管理员可访问
@PreAuthorize("hasAnyRole('STUDENT', 'ADMIN')")
@PreAuthorize("hasAnyRole('STUDENT', 'SUPER_ADMIN', 'AREA_ADMIN', 'VIEWER')")
public ResultVO<Map<String, Object>> getTerminalInfo(String terminalId) {
try {
Map<String, Object> result = waterUsageController.getTerminalInfo(terminalId);
@ -26,7 +26,7 @@ public class StudentAppService {
}
// 扫码用水 - 学生和管理员可访问
@PreAuthorize("hasAnyRole('STUDENT', 'ADMIN')")
@PreAuthorize("hasAnyRole('STUDENT', 'SUPER_ADMIN', 'AREA_ADMIN', 'VIEWER')")
public ResultVO<Map<String, Object>> scanToDrink(Map<String, Object> request) {
try {
String terminalId = (String) request.get("terminalId");
@ -41,7 +41,7 @@ public class StudentAppService {
}
// 查询水质信息 - 学生和管理员可访问
@PreAuthorize("hasAnyRole('STUDENT', 'ADMIN')")
@PreAuthorize("hasAnyRole('STUDENT', 'SUPER_ADMIN', 'AREA_ADMIN', 'VIEWER')")
public ResultVO<Map<String, Object>> getWaterQuality(String deviceId) {
try {
Map<String, Object> result = waterUsageController.getWaterQualityInfo(deviceId);

Write Preview
Loading…
Cancel
Save