用户权限细节处理

gis_admin/src/main/java/com/gis/admin/controller/LogController.java

@@ -25,7 +25,7 @@ import org.springframework.web.bind.annotation.RestController;
 @Api(tags = "sys-日志管理")
 @RestController
 @RequestMapping("sys/log")
-@RequiresRoles(value = {"sys_admin"}, logical = Logical.OR)
+//@RequiresRoles(value = {"sys_admin"}, logical = Logical.OR)
 public class LogController  {
 
     @Autowired

gis_admin/src/main/java/com/gis/admin/controller/SysResourceController.java

@@ -27,7 +27,7 @@ public class SysResourceController  {
     @Autowired
     SysResourceService entityService;
 
-    @RequiresRoles("sys_admin")
+//    @RequiresRoles("sys_admin")
     @ApiOperation("获取树资源")
     @GetMapping("getTreeResource")
     public Result getTreeResource() {

gis_admin/src/main/java/com/gis/admin/controller/SysRoleController.java

@@ -8,6 +8,7 @@ import com.gis.admin.service.SysRoleService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
@@ -23,7 +24,7 @@ import javax.validation.Valid;
 @Api(tags = "sys-角色管理")
 @RestController
 @RequestMapping("sys/role")
-@RequiresRoles("sys_admin") //需要admin角色才可以访问此controller
+//@RequiresRoles("sys_admin") //需要admin角色才可以访问此controller
 public class SysRoleController  {
 
     @Autowired
@@ -55,7 +56,7 @@ public class SysRoleController  {
         return roleService.detail(id);
     }
 
-
+    @RequiresPermissions("sys:role:edit")
     @WebControllerLog(description = "角色权限-新增/修改", addDb = true)
     @ApiOperation("新增或修改")
     @PostMapping("save")
@@ -63,6 +64,7 @@ public class SysRoleController  {
         return roleService.saveEntity(param);
     }
 
+    @RequiresPermissions("sys:role:edit")
     @WebControllerLog(description = "角色管理-角色启用/停用", addDb = true)
     @ApiOperation(value = "角色启用/停用", notes = "isDisable-> 0:可用， 1：禁用")
     @GetMapping("editStatus/{id}/{isDisable}")
@@ -70,6 +72,7 @@ public class SysRoleController  {
         return roleService.editStatus(id, isDisable);
     }
 
+    @RequiresPermissions("sys:role:remove")
     @WebControllerLog(description = "角色权限-角色删除", addDb = true)
     @ApiOperation("删除角色")
     @GetMapping("remove/{id}")

gis_admin/src/main/java/com/gis/admin/controller/SysUserController.java

@@ -13,6 +13,7 @@ import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import lombok.extern.log4j.Log4j2;
 import org.apache.shiro.authz.annotation.Logical;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
@@ -32,7 +33,7 @@ public class SysUserController {
     @Autowired
     private SysUserService userService;
 
-    @RequiresRoles(value = {"sys_admin"}, logical = Logical.OR)
+//    @RequiresRoles(value = {"sys_admin"}, logical = Logical.OR)
     @ApiOperation("用户列表")
     @PostMapping("list")
     public Result<SysUserEntity> list(@RequestBody UserPageDateDto param) {
@@ -40,6 +41,7 @@ public class SysUserController {
     }
 
 //    @RequiresRoles(value = {"sys_admin"}, logical = Logical.OR)
+    @RequiresPermissions("sys:user:edit")
     @WebControllerLog(description = "用户管理-修改用户", addDb = true)
     @ApiOperation("新增/修改用户信息")
     @PostMapping("save")
@@ -76,7 +78,7 @@ public class SysUserController {
     }
 
 
-    @RequiresRoles(value = {"sys_admin"}, logical = Logical.OR)
+//    @RequiresRoles(value = {"sys_admin"}, logical = Logical.OR)
     @WebControllerLog(description = "用户管理-启用、停用账户")
     @ApiOperation(value = "启用、停用账户", notes = "isEnabled-> 1:可用， 0：禁用")
     @GetMapping("editStatus/{id}/{isEnabled}")
@@ -86,7 +88,8 @@ public class SysUserController {
     }
 
 
-    @RequiresRoles(value = {"sys_admin"}, logical = Logical.OR)
+//    @RequiresRoles(value = {"sys_admin"}, logical = Logical.OR)
+    @RequiresPermissions("sys:user:remove")
     @WebControllerLog(description = "用户管理-删除",addDb = true)
     @ApiOperation("删除")
     @GetMapping("removes/{ids}")
@@ -94,7 +97,7 @@ public class SysUserController {
         return userService.removes(ids);
     }
 
-    @RequiresRoles(value = {"sys_admin"}, logical = Logical.OR)
+//    @RequiresRoles(value = {"sys_admin"}, logical = Logical.OR)
     @WebControllerLog(description = "用户管理-获取角色")
     @ApiOperation("获取角色")
     @GetMapping("getRole")

gis_admin/src/main/java/com/gis/admin/mapper/SysRoleMapper.java

@@ -53,4 +53,7 @@ public interface SysRoleMapper extends IBaseMapper<SysRoleEntity, Long> {
 
     @Update("update sys_user_role set role_id = #{roleId} , create_time = NOW() where user_id = #{userId} ")
     void setUserIdByRoleId(Long userId, Long roleId);
+
+    @Select("select id from sys_role where is_delete=0 and role_name=#{roleName}")
+    List<Long> existByRoleName(String roleName);
 }

gis_admin/src/main/java/com/gis/admin/service/impl/SysRoleServiceImpl.java

@@ -81,6 +81,11 @@ public class SysRoleServiceImpl extends IBaseServiceImpl<SysRoleEntity, Long> im
         if (param.getId() == null) {
             roleEntity = new SysRoleEntity();
             BeanUtils.copyProperties(param, roleEntity);
+
+            if (existByRoleName(param.getRoleName())){
+                return Result.failure("角色名称已存在，请重新输入");
+            }
+
             this.save(roleEntity);
             flag = true;
         } else {
@@ -90,8 +95,21 @@ public class SysRoleServiceImpl extends IBaseServiceImpl<SysRoleEntity, Long> im
                 return Result.failure("此角色不存在");
 
             }
+
+            String roleKey = roleEntity.getRoleKey();
+            if (StringUtils.equals(roleKey, "sys_admin")){
+                return Result.failure("超级管理员为预设角色， 不能修改");
+            }
+
             BeanUtils.copyProperties(param, roleEntity);
             roleEntity.setUpdateTime(LocalDateTime.now());
+
+            if (!StringUtils.equals(param.getRoleName(), roleEntity.getRoleName())){
+                if (existByRoleName(param.getRoleName())){
+                    return Result.failure("角色名称已存在，请重新输入");
+                }
+            }
+
             this.update(roleEntity);
 
             // 每次修改，删除角色资源表信息，重新添加
@@ -112,6 +130,16 @@ public class SysRoleServiceImpl extends IBaseServiceImpl<SysRoleEntity, Long> im
         return Result.failure("保存失败");
     }
 
+    /**
+     * 判断用户名是否重复
+     * @param roleName
+     * @return
+     */
+    public boolean existByRoleName(String roleName){
+        List<Long> n = entityMapper.existByRoleName(roleName);
+        return n.size() > 0;
+    }
+
     @Override
     public Result search(PageDto param) {
         startPage(param);

gis_admin/src/main/java/com/gis/admin/service/impl/SysUserServiceImpl.java

@@ -86,6 +86,9 @@ public class SysUserServiceImpl extends IBaseServiceImpl<SysUserEntity, Long> im
                 log.error("用户不存在： {}", id);
                 return Result.failure("用户不存在");
             }
+
+            Long userId = entity.getId();
+
             BeanUtils.copyProperties(param, entity);
             entity.setUpdateTime(LocalDateTime.now());
             this.update(entity);
@@ -100,14 +103,16 @@ public class SysUserServiceImpl extends IBaseServiceImpl<SysUserEntity, Long> im
                 updatePassword(dto);
             }
 
-            // 每次修改，删除用户角色表信息，重新添加
-            sysRoleService.deleteUserRoleByUserId(id);
+            // 每次修改，删除用户角色表信息，重新添加, 系统管理员不能修改
+            if (userId!=1){
+                sysRoleService.deleteUserRoleByUserId(id);
+            }
         }
 
 
         // 更新用户角色表
         Long roleId = param.getRoleId();
-        if (roleId != null) {
+        if (roleId != null && entity.getId() != 1) {
             sysRoleService.saveUserRole(id, roleId);
         }
 
@@ -120,6 +125,11 @@ public class SysUserServiceImpl extends IBaseServiceImpl<SysUserEntity, Long> im
         List<SysUserEntity> entityList = this.findByIds(ids);
         for (SysUserEntity entity: entityList) {
             Long id = entity.getId();
+
+            if (id==1){
+                return Result.failure("系统预设账号不能删除");
+            }
+
             Set<String> roleKeys = sysRoleService.findRoleKeyByUserId(id);
             if (roleKeys.contains("sys_admin")) {
                 log.error("管理员账户不能删除 {}", id);

gis_cms/src/main/java/com/gis/cms/controller/GoodsController.java

@@ -80,4 +80,11 @@ public class GoodsController  {
     public Result updateDisplay(@PathVariable Long id, @PathVariable Integer display) {
         return entityService.display(id, display);
     }
+
+    @WebControllerLog(description = "精品典藏-重新上传图片")
+    @ApiOperation(value = "重新上传图片", notes = "fileId:图片id, code:目录码")
+    @PostMapping("afresh/uploadImg/{fileId}/{code}")
+    public Result afreshUploadImg(MultipartFile file, @PathVariable String code, @PathVariable Long fileId) {
+        return entityService.afreshUploadImg(file, code, fileId);
+    }
 }

gis_cms/src/main/java/com/gis/cms/controller/WebController.java

@@ -79,9 +79,9 @@ public class WebController {
 
     @ApiOperation(value = "专家风采-列表", notes = "专家类型：1：一级，2：二级，3：三级，4：院士, 5:其他， " +
                                                     "loyal_1: 百世老人， loyal_2：英模专家")
-    @PostMapping("expertList/{type}")
-    public Result<ExpertEntity> expertList(@PathVariable String type) {
-        return expertService.webList(type);
+    @PostMapping("expertList")
+    public Result<ExpertEntity> expertList(@RequestBody ExpertWebDto param) {
+        return expertService.webList(param);
 
     }
 

gis_cms/src/main/java/com/gis/cms/entity/dto/ExpertWebDto.java

@@ -0,0 +1,26 @@
+package com.gis.cms.entity.dto;
+
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+
+import javax.validation.constraints.NotBlank;
+import javax.validation.constraints.NotNull;
+import java.io.Serializable;
+
+/**
+ * Created by owen on 2021/6/24 0024 12:22
+ * 专家
+ */
+@Data
+public class ExpertWebDto implements Serializable {
+
+    private static final long serialVersionUID = 2684221237124140925L;
+
+    @NotBlank(message = "类型不能为空")
+    @ApiModelProperty(value = "专家类型：1：一级，2：二级，3：三级，4：院士, 5:其他，loyal_1: 百世老人， loyal_2：英模专家", required = true)
+    private String type;
+
+    @ApiModelProperty(value = "搜索条件", name = "searchKey")
+    private String searchKey;
+
+}

gis_cms/src/main/java/com/gis/cms/entity/vo/CommentVo.java

@@ -17,14 +17,17 @@ public class CommentVo extends BaseEntity {
 
 
 
-    @ApiModelProperty(value = "真实姓名")
-    private String realName;
-
-    @ApiModelProperty(value = "单位")
-    private String unit;
-
-    @ApiModelProperty(value = "昵称")
-    private String nickName;
+//    @ApiModelProperty(value = "真实姓名")
+//    private String realName;
+//
+//    @ApiModelProperty(value = "单位")
+//    private String unit;
+//
+//    @ApiModelProperty(value = "昵称")
+//    private String nickName;
+
+        @ApiModelProperty(value = "姓名")
+    private String name;
 
     @ApiModelProperty(value = "内容")
     private String content;
@@ -35,8 +38,8 @@ public class CommentVo extends BaseEntity {
     @ApiModelProperty(value = "父级id")
     private Long parentId;
 
-    @ApiModelProperty(value = "是否显示真实姓名： 1：是， 0：否")
-    private Integer isRealName;
+//    @ApiModelProperty(value = "是否显示真实姓名： 1：是， 0：否")
+//    private Integer isRealName;
 
 
 //    public void setContent(String content) {

gis_cms/src/main/java/com/gis/cms/mapper/provider/CommentProvider.java

@@ -12,10 +12,13 @@ import org.apache.commons.lang3.StringUtils;
 public class CommentProvider {
 
     public String search(PageDateDto param, Integer display){
+//        StringBuffer sql = new StringBuffer(
+//                "select a.id, a.create_time, a.content, a.display, a.parent_id, a.is_real_name, b.unit, b.real_name, b.nick_name " +
+//                        "from tb_comment a left join sys_user b on b.id=a.user_id  " +
+//                        "where a.is_delete = '0' ");
+
         StringBuffer sql = new StringBuffer(
-                "select a.id, a.create_time, a.content, a.display, a.parent_id, a.is_real_name, b.unit, b.real_name, b.nick_name " +
-                        "from tb_comment a left join sys_user b on b.id=a.user_id  " +
-                        "where a.is_delete = '0' ");
+                "select a.* from tb_comment a where a.is_delete = '0' ");
 
 
         if(StringUtils.isNotBlank(param.getStartTime()) && StringUtils.isNotBlank(param.getEndTime())){

gis_cms/src/main/java/com/gis/cms/mapper/provider/GoodsProvider.java

@@ -3,6 +3,7 @@ package com.gis.cms.mapper.provider;
 import com.gis.cms.entity.dto.GoodsPageDateDto;
 import com.gis.cms.entity.dto.TypePageDateDto;
 import com.gis.common.base.entity.dto.PageDto;
+import com.gis.common.util.RegexUtil;
 import lombok.extern.log4j.Log4j2;
 import org.apache.commons.lang3.StringUtils;
 
@@ -67,7 +68,8 @@ public class GoodsProvider {
 
         String searchKey = param.getSearchKey();
         if (!StringUtils.isAllBlank(searchKey)) {
-            searchKey = StringUtils.trim(searchKey);
+
+            searchKey = RegexUtil.sqlReplaceSpecialStr(searchKey);
             sql.append(" and (");
             sql.append(" a.name like '%").append(searchKey).append("%'");
             sql.append(" or a.description like '%").append(searchKey).append("%'");

gis_cms/src/main/java/com/gis/cms/service/ExpertService.java

@@ -3,6 +3,7 @@ package com.gis.cms.service;
 
 import com.gis.cms.entity.dto.ExpertPageDto;
 import com.gis.cms.entity.dto.ExpertDto;
+import com.gis.cms.entity.dto.ExpertWebDto;
 import com.gis.cms.entity.po.ExpertEntity;
 import com.gis.common.base.service.IBaseService;
 import com.gis.common.util.Result;
@@ -29,7 +30,7 @@ public interface ExpertService extends IBaseService<ExpertEntity, Long> {
 
     void addVisit(Long id);
 
-    Result<ExpertEntity> webList(String type);
+    Result<ExpertEntity> webList(ExpertWebDto type);
 
     Result upload(MultipartFile file, String type);
 

gis_cms/src/main/java/com/gis/cms/service/GoodsService.java

@@ -39,4 +39,6 @@ public interface GoodsService extends IBaseService<GoodsEntity, Long> {
     void addVisit(Long id);
 
     Result<SearchVo> searchGlobal(PageDto param);
+
+    Result afreshUploadImg(MultipartFile file, String code, Long fileId);
 }

gis_cms/src/main/java/com/gis/cms/service/impl/DonateServiceImpl.java

@@ -45,7 +45,7 @@ public class DonateServiceImpl extends IBaseServiceImpl<DonateEntity, Long> impl
         String searchKey = param.getSearchKey();
         if (StringUtils.isNotBlank(searchKey)) {
             searchKey = StringUtils.trim(searchKey);
-            condition.and().orLike("realName", "%" + searchKey + "%");
+            condition.and().orLike("name", "%" + searchKey + "%");
 //                    .orLike("userName", "%" + searchKey + "%");
         }
         String startTime = param.getStartTime();

gis_cms/src/main/java/com/gis/cms/service/impl/ExpertServiceImpl.java

@@ -2,14 +2,15 @@ package com.gis.cms.service.impl;
 
 import com.gis.cms.entity.dto.ExpertPageDto;
 import com.gis.cms.entity.dto.ExpertDto;
+import com.gis.cms.entity.dto.ExpertWebDto;
 import com.gis.cms.entity.po.ExpertEntity;
 import com.gis.cms.mapper.ExpertMapper;
-import com.gis.cms.mapper.MyBaseMapper;
 import com.gis.cms.service.SensitiveService;
 import com.gis.common.base.exception.BaseRuntimeException;
 import com.gis.common.base.mapper.IBaseMapper;
 import com.gis.common.base.service.impl.IBaseServiceImpl;
 import com.gis.common.constant.MsgCode;
+import com.gis.common.util.RegexUtil;
 import com.gis.common.util.Result;
 import com.gis.cms.service.ExpertService;
 import com.github.pagehelper.PageInfo;
@@ -20,6 +21,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.web.multipart.MultipartFile;
 
+import javax.validation.constraints.NotBlank;
 import java.time.LocalDateTime;
 import java.util.*;
 
@@ -132,10 +134,10 @@ public class ExpertServiceImpl extends IBaseServiceImpl<ExpertEntity, Long> impl
 //    }
 
     @Override
-    public Result<ExpertEntity> webList(String type) {
+    public Result<ExpertEntity> webList(ExpertWebDto param) {
         StringBuffer sql = new StringBuffer();
         sql.append("select * from tb_expert where is_delete = '0' and display=1 ");
-
+        @NotBlank(message = "类型不能为空") String type = param.getType();
         String [] typeCheck = {"1","2","3","4","5","loyal_1","loyal_2"};
         if (!Arrays.asList(typeCheck).contains(type)) {
             return Result.failure("非法类型");
@@ -147,6 +149,12 @@ public class ExpertServiceImpl extends IBaseServiceImpl<ExpertEntity, Long> impl
             sql.append(" and level=").append(key);
         }
 
+        String searchKey = param.getSearchKey();
+        if (StringUtils.isNotBlank(searchKey)){
+            searchKey = RegexUtil.sqlReplaceSpecialStr(searchKey);
+            sql.append(" and name like '%").append(searchKey).append("%'");
+        }
+
         sql.append(" order by sort, create_time desc");
         log.info("sql: {}", sql.toString());
 

gis_cms/src/main/java/com/gis/cms/service/impl/GoodsServiceImpl.java

@@ -48,6 +48,8 @@ public class GoodsServiceImpl extends IBaseServiceImpl<GoodsEntity, Long> implem
     FileService fileService;
 
 
+
+
     @Override
     public IBaseMapper<GoodsEntity, Long> getBaseMapper() {
         return this.entityMapper;
@@ -229,9 +231,58 @@ public class GoodsServiceImpl extends IBaseServiceImpl<GoodsEntity, Long> implem
         return Result.success(new PageInfo<>(entityMapper.searchGlobal(param)));
     }
 
+    @Override
+    public Result afreshUploadImg(MultipartFile file, String code, Long fileId) {
+
+        if (StringUtils.isBlank(code) || StringUtils.equals(code, "null")){
+            return Result.failure("目录码不能为空");
+        }
+
+        FileEntity entity = fileService.findById(fileId);
+        if (entity == null){
+            return Result.failure("对象不存在");
+        }
+
+
+
+        Map<String, Object> map = fileUtils.uploadMap(file, "/goods/img/" + code, false);
+
+        String filePath = (String) map.get("filePath");
+        String fileName = (String) map.get("fileName");
+
+        if (!StringUtils.equals(filePath, entity.getFilePath())){
+            fileUtils.del(entity.getFilePath());
+        }
+        entity.setName(fileName);
+        entity.setFilePath(filePath);
+        fileService.update(entity);
+
+        // 更新封面图 （这里最终是否成功，要结合保存功能）
+        updateIndexImg(entity);
+
+        return Result.success(entity);
+    }
+
+    // 更新封面图
+    private void updateIndexImg(FileEntity entity){
+        if (entity.getIsIndex() == 1) {
+            GoodsEntity goods = this.findById(entity.getModuleId());
+            if (goods == null){
+                String errorMsg = "对象不存现，更新封面失败";
+                throw new RuntimeException(errorMsg);
+            }
+
+            goods.setThumb(entity.getFilePath());
+            this.update(goods);
+            log.info("更新封面完成");
+        }
+
+
+    }
+
 
     @Override
-    public Result   upload(MultipartFile file, String type) {
+    public Result upload(MultipartFile file, String type) {
 
         // 检查非法文件上传
         boolean checkFile = fileUtils.checkFile(file);

gis_cms/src/main/java/com/gis/cms/service/impl/QuestionGroupServiceImpl.java

@@ -134,7 +134,9 @@ public class QuestionGroupServiceImpl extends IBaseServiceImpl<QuestionGroupEnti
         QuestionGroupEntity entity = null;
         if (id == null) {
             entity = new QuestionGroupEntity();
+
             entity.setName(param.getName());
+            entity.setUserName(getTokenUserName());
             this.save(entity);
         } else {
             entity = this.findById(id);

gis_cms/src/main/java/com/gis/cms/service/impl/SandServiceImpl.java

@@ -50,6 +50,10 @@ public class SandServiceImpl extends IBaseServiceImpl<SandEntity, Long> implemen
 //        if (display != null) {
 //            condition.and().andEqualTo("display", display);
 //        }
+        String searchKey = param.getSearchKey();
+        if (StringUtils.isNotBlank(searchKey)){
+            condition.and().orLike("name", "%"+searchKey+"%");
+        }
 
         condition.orderBy("createTime").desc();
         PageInfo<SandEntity> pageInfo = this.findAll(condition, param.getPageNum(), param.getPageSize());

gis_cms/src/main/java/com/gis/cms/tree/CommentTreeUtil.java

@@ -31,13 +31,13 @@ public class CommentTreeUtil {
             vo.setContent(MyStrUtil.getFilterMsg(filterKey, n.getContent()));
 
 
-            vo.setRealName(n.getRealName());
+//            vo.setRealName(n.getRealName());
             vo.setCreateTime(n.getCreateTime());
             vo.setUpdateTime(n.getUpdateTime());
-            vo.setUnit(n.getUnit());
-            vo.setNickName(n.getNickName());
+//            vo.setUnit(n.getUnit());
+//            vo.setNickName(n.getNickName());
             vo.setDisplay(n.getDisplay());
-            vo.setIsRealName(n.getIsRealName());
+//            vo.setIsRealName(n.getIsRealName());
 
 
 

gis_common/src/main/java/com/gis/common/util/RegexUtil.java

@@ -4,7 +4,9 @@ import cn.hutool.extra.pinyin.PinyinUtil;
 import org.apache.commons.lang3.StringUtils;
 
 public class RegexUtil {
-    //specific symbol
+
+    // 需要过滤的特殊字符
+    static String [] specialSql = {"%","or","=","and"};
 
     /** 处理特殊符号，变空值*/
     public static String specificSymbol(String str){
@@ -26,7 +28,21 @@ public class RegexUtil {
     }
 
 
-
+    /**
+     * sql 过滤特殊字符
+     * @param str
+     * @return
+     */
+    public static String sqlReplaceSpecialStr(String str){
+        str = StringUtils.trim(str);
+        str = str.toLowerCase();
+        for (String s : specialSql) {
+            if (str.contains(s)) {
+                str = str.replaceAll(s, "");
+            }
+        }
+        return str;
+    }