权限管理模块用户认证页面和接口

dmaster/src/main/java/cn/reghao/autodop/dmaster/auth/controller/UserController.java

@@ -13,6 +13,7 @@ import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
 import javax.validation.Valid;
+import javax.validation.constraints.NotNull;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
@@ -56,19 +57,24 @@ public class UserController {
 
     @ApiOperation(value = "修改用户密码")
     @PostMapping(value = "/passwd", produces = MediaType.APPLICATION_JSON_VALUE)
-    public String modifyPassword(Integer userId, String newPassword) {
-        userService.modifyUserPassword(userId, newPassword);
+    public String modifyPassword(@NotNull Integer id, @NotNull String newPassword) {
+        userService.modifyUserPassword(id, newPassword);
         return WebBody.success();
     }
 
     @ApiOperation(value = "分配用户角色")
     @PostMapping(value = "/role", produces = MediaType.APPLICATION_JSON_VALUE)
     public String assignRole(@RequestParam(value = "id") Integer userId,
-                             @RequestParam(value = "roleId", required = false) HashSet<Role> roles) {
+                             @RequestParam(value = "roleId", required = false) Set<Role> roles) {
+        if (roles == null) {
+            return WebBody.failWithMsg("用户至少应该有一个角色");
+        }
+
         userService.setUserRoles(userId, roles);
         return WebBody.success();
     }
 
+    // TODO 暂不启用本功能
     @ApiOperation(value = "启用/禁用用户")
     @PostMapping(value = "/status/{enable}", produces = MediaType.APPLICATION_JSON_VALUE)
     public String setUserStatus(@PathVariable("enable") Boolean enable,

dmaster/src/main/java/cn/reghao/autodop/dmaster/auth/controller/UserPageController.java

@@ -13,12 +13,15 @@ import io.swagger.annotations.ApiOperation;
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.PageImpl;
 import org.springframework.data.domain.PageRequest;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.*;
 
+import java.util.Collection;
 import java.util.Collections;
 import java.util.List;
+import java.util.stream.Collectors;
 
 /**
  * @author reghao
@@ -85,8 +88,12 @@ public class UserPageController {
 
     @GetMapping("/detail/{id}")
     public String userDetailPage(@PathVariable("id") int id, Model model) {
-        User userInfo = userCrud.findById(id);
-        model.addAttribute("user", userInfo);
+        User user = userCrud.findById(id);
+        List<Role> roles = userQuery.getUserRoles(user);
+        List<String> names = roles.stream().map(Role::getName).collect(Collectors.toList());
+
+        model.addAttribute("roles", names.toString());
+        model.addAttribute("user", user);
         return "/auth/user/detail";
     }
 

dmaster/src/main/java/cn/reghao/autodop/dmaster/auth/db/query/RoleQuery.java

@@ -1,18 +1,8 @@
 package cn.reghao.autodop.dmaster.auth.db.query;
 
-import cn.reghao.autodop.dmaster.auth.entity.Role;
-import cn.reghao.autodop.dmaster.auth.entity.User;
 import cn.reghao.autodop.dmaster.auth.repository.RoleRepository;
-import cn.reghao.autodop.dmaster.auth.repository.UserRepository;
-import org.springframework.data.jpa.domain.Specification;
-import org.springframework.security.core.GrantedAuthority;
 import org.springframework.stereotype.Service;
 
-import java.util.Collections;
-import java.util.List;
-import java.util.Optional;
-import java.util.stream.Collectors;
-
 /**
  * @author reghao
  * @date 2021-07-12 15:32:26
@@ -24,9 +14,4 @@ public class RoleQuery {
     public RoleQuery(RoleRepository roleRepository) {
         this.roleRepository = roleRepository;
     }
-
-    public List<Role> getUserRoles(List<String> roles) {
-        Specification<Role> spec = ((root, query, criteriaBuilder) -> root.get("title").in(roles));
-        return roleRepository.findAll(spec);
-    }
 }

dmaster/src/main/java/cn/reghao/autodop/dmaster/auth/db/query/UserQuery.java

@@ -1,12 +1,17 @@
 package cn.reghao.autodop.dmaster.auth.db.query;
 
+import cn.reghao.autodop.dmaster.auth.entity.GrantedAuthorityImpl;
+import cn.reghao.autodop.dmaster.auth.entity.Role;
 import cn.reghao.autodop.dmaster.auth.entity.User;
+import cn.reghao.autodop.dmaster.auth.repository.RoleRepository;
 import cn.reghao.autodop.dmaster.auth.repository.UserRepository;
 import org.springframework.data.jpa.domain.Specification;
 import org.springframework.stereotype.Service;
 
 import javax.persistence.criteria.Predicate;
 import java.util.List;
+import java.util.Set;
+import java.util.stream.Collectors;
 
 /**
  * @author reghao
@@ -15,9 +20,11 @@ import java.util.List;
 @Service
 public class UserQuery {
     private UserRepository userRepository;
+    private RoleRepository roleRepository;
 
-    public UserQuery(UserRepository userRepository) {
+    public UserQuery(UserRepository userRepository, RoleRepository roleRepository) {
         this.userRepository = userRepository;
+        this.roleRepository = roleRepository;
     }
 
     public List<User> queryByMatchNickname(String nickname) {
@@ -28,4 +35,13 @@ public class UserQuery {
         };
         return userRepository.findAll(specification);
     }
+
+    public List<Role> getUserRoles(User user) {
+        Set<GrantedAuthorityImpl> set = user.getAuthoritiesSet();
+        List<String> roles = set.stream()
+                .map(GrantedAuthorityImpl::getAuthority)
+                .collect(Collectors.toList());
+        Specification<Role> spec = ((root, query, criteriaBuilder) -> root.get("title").in(roles));
+        return roleRepository.findAll(spec);
+    }
 }

dmaster/src/main/java/cn/reghao/autodop/dmaster/auth/entity/GrantedAuthorityImpl.java

@@ -15,7 +15,7 @@ import javax.persistence.*;
 @Embeddable
 public class GrantedAuthorityImpl implements GrantedAuthority {
     private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
-    private String role;
+    private final String role;
 
     public GrantedAuthorityImpl() {
         this.role = "ROLE_USER";

dmaster/src/main/java/cn/reghao/autodop/dmaster/auth/entity/User.java

@@ -124,4 +124,13 @@ public class User extends BaseEntity<Integer> implements UserDetails {
     public Collection<? extends GrantedAuthority> getAuthorities() {
         return authorities;
     }
+
+    public Set<GrantedAuthorityImpl> getAuthoritiesSet() {
+        return authorities;
+    }
+
+    public void setAuthorities(Set<GrantedAuthorityImpl> set) {
+        authorities.clear();
+        authorities.addAll(set);
+    }
 }

dmaster/src/main/java/cn/reghao/autodop/dmaster/auth/entity/UserInfo.java

@@ -2,14 +2,20 @@ package cn.reghao.autodop.dmaster.auth.entity;
 
 import lombok.Data;
 
+import javax.validation.constraints.NotBlank;
+import java.io.Serializable;
+
 /**
  * @author reghao
  * @date 2021-07-12 16:06:11
  */
 @Data
-public class UserInfo {
+public class UserInfo implements Serializable {
+    private static final long serialVersionUID = 1L;
     private Integer userId;
+    @NotBlank(message = "用户名不能为空白字符串")
     private String nickname;
+    // TODO 验证邮箱和手机号码是否有效
     private String email;
     private String mobilePhone;
 }

dmaster/src/main/java/cn/reghao/autodop/dmaster/auth/service/UserServiceImpl.java

@@ -3,18 +3,12 @@ package cn.reghao.autodop.dmaster.auth.service;
 import cn.reghao.autodop.common.utils.security.Cryptor;
 import cn.reghao.autodop.common.utils.security.Md5Cryptor;
 import cn.reghao.autodop.common.utils.security.Salt;
-import cn.reghao.autodop.dmaster.auth.db.query.RoleQuery;
-import cn.reghao.autodop.dmaster.auth.entity.GrantedAuthorityImpl;
-import cn.reghao.autodop.dmaster.auth.entity.Role;
-import cn.reghao.autodop.dmaster.auth.entity.User;
-import cn.reghao.autodop.dmaster.auth.entity.UserInfo;
+import cn.reghao.autodop.dmaster.auth.entity.*;
 import cn.reghao.autodop.dmaster.auth.repository.UserRepository;
 import lombok.extern.slf4j.Slf4j;
-import org.springframework.security.core.GrantedAuthority;
 import org.springframework.stereotype.Service;
 
 import java.security.NoSuchAlgorithmException;
-import java.util.List;
 import java.util.Optional;
 import java.util.Set;
 import java.util.stream.Collectors;
@@ -27,13 +21,11 @@ import java.util.stream.Collectors;
 @Service
 public class UserServiceImpl implements UserService {
     private UserRepository userRepository;
-    private RoleQuery roleQuery;
     private Cryptor cryptor;
 
-    public UserServiceImpl(UserRepository userRepository, RoleQuery roleQuery)
+    public UserServiceImpl(UserRepository userRepository)
             throws NoSuchAlgorithmException {
         this.userRepository = userRepository;
-        this.roleQuery = roleQuery;
         this.cryptor = new Md5Cryptor();
     }
 
@@ -67,6 +59,7 @@ public class UserServiceImpl implements UserService {
     public void modifyUserPassword(Integer userId, String newPassword) {
         User userEntity = getUser(userId);
         if (userEntity != null) {
+            userEntity.setPassword(newPassword);
             setEncryptPassword(userEntity);
             userRepository.save(userEntity);
         } else {
@@ -81,6 +74,12 @@ public class UserServiceImpl implements UserService {
             log.error("用户不存在...");
             return;
         }
+
+        userEntity.setEmail(userInfo.getEmail());
+        /*userEntity.setNickname(userInfo.getNickname());
+        userEntity.setEmail(userInfo.getEmail());
+        userEntity.setMobilePhone(userInfo.getMobilePhone());*/
+        userRepository.save(userEntity);
     }
 
     @Override
@@ -91,19 +90,11 @@ public class UserServiceImpl implements UserService {
             return;
         }
 
-        List<String> roleTitles = userEntity.getAuthorities().stream()
-                .map(GrantedAuthority::getAuthority).collect(Collectors.toList());
-        if (roleTitles.isEmpty()) {
-            Set<GrantedAuthorityImpl> authorities = roles.stream()
-                    .map(role -> new GrantedAuthorityImpl(role.getTitle()))
-                    .collect(Collectors.toSet());
-            userEntity.setAuthorities(authorities);
-            userRepository.save(userEntity);
-            return;
-        }
-
-        List<Role> currentRoles = roleQuery.getUserRoles(roleTitles);
-        System.out.println();
+        Set<GrantedAuthorityImpl> authorities = roles.stream()
+                .map(role -> new GrantedAuthorityImpl(role.getTitle()))
+                .collect(Collectors.toSet());
+        userEntity.setAuthorities(authorities);
+        userRepository.save(userEntity);
     }
 
     @Override

dmaster/src/main/resources/application.yml

@@ -27,7 +27,7 @@ spring:
       connection-timeout: 30000
       connection-test-query: SELECT 1
   jpa:
-    show-sql: false
+    show-sql: true
     open-in-view: true
     hibernate:
       ddl-auto: update

dmaster/src/main/resources/templates/auth/user/detail.html

@@ -25,6 +25,10 @@
                 <th>邮箱</th>
                 <td th:text="${user.email}"></td>
             </tr>
+            <tr>
+                <th>用户拥有的角色</th>
+                <td th:text="${roles}"></td>
+            </tr>
             <tr>
                 <th>创建时间</th>
                 <td th:text="${user.createTime}"></td>
@@ -33,7 +37,6 @@
             </tr>
             </tbody>
         </table>
-        <!--<div th:replace="/common/fragment :: log(${user})"></div>-->
     </div>
 <script th:replace="/common/template :: script"></script>
 </body>

dmaster/src/main/resources/templates/auth/user/edit.html

@@ -4,7 +4,7 @@
 <body>
 <div class="layui-form timo-compile">
     <form th:action="@{/api/auth/user/modify}">
-        <input type="hidden" name="id" th:value="${user.id}"/>
+        <input type="hidden" name="userId" th:value="${user.id}"/>
         <div class="layui-form-item">
             <label class="layui-form-label required">登录名</label>
             <div class="layui-input-inline">

dmaster/src/main/resources/templates/auth/user/passwd.html

@@ -4,7 +4,7 @@
 </head>
 <body>
 <div class="layui-form timo-compile">
-    <form th:action="@{/api/auth/passwd}">
+    <form th:action="@{/api/auth/user/passwd}">
         <input type="hidden" name="id" th:value="${id}"/>
         <div class="layui-form-item">
             <label class="layui-form-label">新密码</label>