不可删除其他管理员；只有一个管理员时，不可删除、降低权限

kanban-auth/src/main/java/com/uas/kanban/service/impl/UserServiceImpl.java

@@ -57,20 +57,22 @@ public class UserServiceImpl extends BaseService<User> implements UserService {
 	public int update(@NotEmpty("json") String json) throws IllegalArgumentException, OperationException {
 		User user = userDao.parse(json);
 		String code = user.codeNotEmpty();
-		User rPoint = userDao.findOne(code);
-		if (rPoint == null) {
+		User oldUser = userDao.findOne(code);
+		if (oldUser == null) {
 			throw new IllegalStateException("用户不存在");
 		}
-		if (rPoint.getRole() == Role.Admin) {
+		if (oldUser.getRole() == Role.Admin) {
 			if (!Objects.equals(code, SystemSession.checkUser().getCode())) {
-				throw new OperationException("不允许修改其他管理员");
+				throw new OperationException("不允许更改其他管理员：" + oldUser.getName());
+			} else if (user.getRole() != Role.Admin && countAdmin() <= 1) {
+				throw new OperationException("只有一个管理员，不可降低权限");
 			}
 		}
-		if (Objects.equals(user, rPoint)) {
+		if (Objects.equals(user, oldUser)) {
 			throw new IllegalStateException("未发现任何变更");
 		}
 		String name = user.getName();
-		if (!Objects.equals(name, rPoint.getName()) && exist(name)) {
+		if (!Objects.equals(name, oldUser.getName()) && exist(name)) {
 			throw new IllegalStateException("用户已存在");
 		}
 		checkValid(user);
@@ -168,4 +170,53 @@ public class UserServiceImpl extends BaseService<User> implements UserService {
 		return query.count() > 0;
 	}
 
+	@Override
+	public int deleteOne(@NotEmpty("code") String code) throws OperationException {
+		checkAdmin(code);
+		return super.deleteOne(code);
+	}
+
+	@Override
+	public int delete(@NotEmpty("codes") List<String> codes) throws OperationException {
+		for (String code : codes) {
+			checkAdmin(code);
+		}
+		return super.delete(codes);
+	}
+
+	/**
+	 * 检查对管理员的操作
+	 * 
+	 * @param code
+	 *            用户 code
+	 * @throws OperationException
+	 *             更改其他管理员
+	 */
+	private void checkAdmin(@NotEmpty("code") String code) throws OperationException {
+		User user = userDao.findOne(code);
+		if (user == null) {
+			throw new IllegalStateException("用户不存在");
+		}
+		if (user.getRole() == Role.Admin) {
+			if (!Objects.equals(code, SystemSession.checkUser().getCode())) {
+				throw new OperationException("不允许删除其他管理员：" + user.getName());
+			} else {
+				if (countAdmin() <= 1) {
+					throw new OperationException("不可删除最后一个管理员");
+				}
+			}
+		}
+	}
+
+	/**
+	 * 统计管理员的数量
+	 * 
+	 * @return 统计的数量
+	 */
+	private long countAdmin() {
+		Query<User> query = userDao.createQuery();
+		query.field("role").equal(Role.Admin);
+		return query.count();
+	}
+
 }

kanban-common/src/main/java/com/uas/kanban/base/BaseController.java

@@ -72,10 +72,11 @@ public abstract class BaseController<T extends BaseEntity> {
 	 *            the code to delete
 	 * @param request
 	 * @return results of the delete
+	 * @throws OperationException
 	 */
 	@RequestMapping("/delete/{code}")
 	@ResponseBody
-	public int deleteOne(@PathVariable("code") String code, HttpServletRequest request) {
+	public int deleteOne(@PathVariable("code") String code, HttpServletRequest request) throws OperationException {
 		return baseService.deleteOne(code);
 	}
 
@@ -86,10 +87,11 @@ public abstract class BaseController<T extends BaseEntity> {
 	 *            the code to delete
 	 * @param request
 	 * @return results of the delete
+	 * @throws OperationException
 	 */
 	@RequestMapping("/delete/byCodes")
 	@ResponseBody
-	public int delete(@NotEmpty("codes") String[] codes, HttpServletRequest request) {
+	public int delete(@NotEmpty("codes") String[] codes, HttpServletRequest request) throws OperationException {
 		return baseService.delete(Arrays.asList(codes));
 	}
 

kanban-common/src/main/java/com/uas/kanban/base/BaseService.java

@@ -58,8 +58,9 @@ public abstract class BaseService<T extends BaseEntity> {
 	 * @param code
 	 *            the code to delete
 	 * @return results of the delete
+	 * @throws OperationException
 	 */
-	public int deleteOne(@NotEmpty("code") String code) {
+	public int deleteOne(@NotEmpty("code") String code) throws OperationException {
 		return baseDao.deleteOne(code);
 	}
 
@@ -69,8 +70,9 @@ public abstract class BaseService<T extends BaseEntity> {
 	 * @param codes
 	 *            the code to delete
 	 * @return results of the delete
+	 * @throws OperationException
 	 */
-	public int delete(@NotEmpty("codes") List<String> codes) {
+	public int delete(@NotEmpty("codes") List<String> codes) throws OperationException {
 		return baseDao.delete(codes);
 	}
 

kanban-console/src/main/java/com/uas/kanban/service/impl/KanbanServiceImpl.java

@@ -67,7 +67,7 @@ public class KanbanServiceImpl extends BaseService<Kanban> {
 	}
 
 	@Override
-	public int deleteOne(@NotEmpty("code") String code) {
+	public int deleteOne(@NotEmpty("code") String code) throws OperationException {
 		// 先删除有关联的看板实例
 		kanbanInstanceService.deleteByKanbanCodes(Arrays.asList(code));
 		return super.deleteOne(code);