Merge remote-tracking branch 'origin/feature-rolepermission-201803' into feature-wangcz-201814

src/main/java/com/uas/platform/b2c/common/account/dao/UserDao.java

@@ -36,7 +36,7 @@ public interface UserDao extends JpaSpecificationExecutor<User>, JpaRepository<U
 	public List<User> findByEnUUAndUserUU(@Param("enUU") long enUU, @Param("userUU") long userUU);
 
 	/**
-	 * 按企业ID和查找个人
+	 * 按企业ID查找个人
 	 * 
 	 * @param enUU
 	 * @return
@@ -46,7 +46,7 @@ public interface UserDao extends JpaSpecificationExecutor<User>, JpaRepository<U
 	public List<User> findByEnUU(@Param("enUU") long enUU);
 
 	/**
-	 * 按企业ID和查找个人id
+	 * 按企业ID查找个人id
 	 *
 	 * @param enUU
 	 * @return

src/main/java/com/uas/platform/b2c/common/account/service/UserService.java

@@ -37,7 +37,7 @@ public interface UserService {
 	/**
 	 * 按uu取用户信息(不读取缓存)
 	 *
-	 * @param userUU
+	 * @param uu 用户userUU
 	 * @return
 	 */
 	User findUserPwdByUserUU(Long uu);
@@ -56,6 +56,12 @@ public interface UserService {
 	 */
 	Page<User> findUserByUserNameLikeAndEnUU(PageInfo pageInfo , Long enUU , String userName);
 
+	/**
+	 * 通过关键字、角色id过滤该企业下人员信息
+	 * @param keyword 姓名、电话号码、邮箱、uu号
+	 * @param roleId 角色id
+	 * @return
+	 */
 	Page<User> findUsersPageByEnUUAndKeyword(PageInfo pageInfo , Long enUU , String keyword , Long roleId);
 	/**
 	 * 按email取用户信息

src/main/java/com/uas/platform/b2c/common/account/service/impl/RoleServiceImpl.java

@@ -26,7 +26,7 @@ public class RoleServiceImpl implements RoleService {
 
     private static final int DEFAULT_ROLE = 1;
 
-    private static final int ALL_DEFAULT_ROLE = 4;
+    private static final int ALL_DEFAULT_ROLE = 5;
 
     @Autowired
     private RoleDao roleDao;

src/main/java/com/uas/platform/b2c/common/account/service/impl/UserServiceImpl.java

@@ -159,31 +159,7 @@ public class UserServiceImpl implements UserService {
 	@Override
 	public Page<User> findUsersPageByEnUU(final PageInfo pageInfo , Long enUU) {
 		final List<Long> usersId = userDao.findIdByEnUU(enUU);
-		if (usersId.size()>0) {
-			Page<User> pUser = userDao.findAll(new Specification<User>() {
-				public Predicate toPredicate(Root<User> root, CriteriaQuery<?> query, CriteriaBuilder builder) {
-					Predicate predicateId = root.get("userUU").in(usersId);
-					query.where(predicateId);
-					return null;
-				}
-			}, pageInfo);
-			for (User user : pUser) {
-				Set<Role> roles = user.getRoles();
-				Long enuu = SystemSession.getUser().getEnterprise().getUu();
-				if (!CollectionUtils.isEmpty(roles)) {
-					Iterator<Role> iterator = roles.iterator();
-					while (iterator.hasNext()) {
-						Role role = iterator.next();
-						if (!role.getEnUU().equals(enuu)) {
-							iterator.remove();
-						}
-					}
-				}
-			}
-			return pUser;
-		}else{
-			return null;
-		}
+		return deleteOtherRole(pageInfo,usersId);
 
 	}
 	@Override
@@ -251,34 +227,8 @@ public class UserServiceImpl implements UserService {
 			//过滤 角色信息
 			usersId = userDao.findUserByRoleAndUsers(roleId,usersId.toArray(new Long[0]));
 		}
-
 		final List<Long> users = usersId;
-		if (users.size()>0) {
-			Page<User> pUser = userDao.findAll(new Specification<User>() {
-				public Predicate toPredicate(Root<User> root, CriteriaQuery<?> query, CriteriaBuilder builder) {
-					Predicate predicateId = root.get("userUU").in(users);
-					query.where(predicateId);
-					return null;
-				}
-			}, pageInfo);
-			for (User user : pUser) {
-				Set<Role> roles = user.getRoles();
-				Long enuu = SystemSession.getUser().getEnterprise().getUu();
-				if (!CollectionUtils.isEmpty(roles)) {
-					Iterator<Role> iterator = roles.iterator();
-					while (iterator.hasNext()) {
-						Role role = iterator.next();
-						if (!role.getEnUU().equals(enuu)) {
-							iterator.remove();
-						}
-					}
-				}
-			}
-			return pUser;
-		}else{
-			return null;
-		}
-
+		return deleteOtherRole(pageInfo,users);
 	}
 
 	@Override
@@ -288,6 +238,10 @@ public class UserServiceImpl implements UserService {
 			usersId = userDao.findUserByUserNameLikeAndEnUU(userName, enUU);
 		}
 		final List<Long> users = usersId;
+		return deleteOtherRole(pageInfo,users);
+	}
+
+	private Page<User> deleteOtherRole(final PageInfo pageInfo,final List<Long> users) {
 		if (users.size()>0) {
 			Page<User> pUser = userDao.findAll(new Specification<User>() {
 				public Predicate toPredicate(Root<User> root, CriteriaQuery<?> query, CriteriaBuilder builder) {
@@ -328,38 +282,7 @@ public class UserServiceImpl implements UserService {
 //				throw new RuntimeException(e.getMessage());
 			}
 			// 修改用户角色，只对用户的当前企业的角色进行修改
-			if (!CollectionUtils.isEmpty(user.getRoles())) {
-				Set<Role> existRoles = userOld.getRoles();
-				if (!CollectionUtils.isEmpty(existRoles)) {// 保留用户在其他企业的角色
-					Iterator<Role> iterator = existRoles.iterator();
-					Long currentEnuu = SystemSession.getUser().getEnterprise().getUu();
-					while (iterator.hasNext()) {
-						Role role = iterator.next();
-						if (role.getEnUU().equals(currentEnuu)) {
-							iterator.remove();
-						}
-					}
-				} else {
-					existRoles = new HashSet<>();
-				}
-				for (Role role : user.getRoles()) {
-					existRoles.add(role);
-				}
-				userOld.setRoles(existRoles);
-			} else {
-				Set<Role> existRoles = userOld.getRoles();
-				if (!CollectionUtils.isEmpty(existRoles)) {// 保留用户在其他企业的角色
-					Iterator<Role> iterator = existRoles.iterator();
-					Long currentEnuu = SystemSession.getUser().getEnterprise().getUu();
-					while (iterator.hasNext()) {
-						Role role = iterator.next();
-						if (role.getEnUU().equals(currentEnuu)) {
-							iterator.remove();
-						}
-					}
-				}
-				userOld.setRoles(existRoles);
-			}
+			updateRole(user,userOld);
 			try {
 				userOld = userDao.save(userOld);
 			} catch (Exception e) {
@@ -384,38 +307,7 @@ public class UserServiceImpl implements UserService {
 			userOld.setUserTel(user.getUserTel());
 			userOld.setUserName(user.getUserName());
 			// 修改用户角色，只对用户的当前企业的角色进行修改
-			if (!CollectionUtils.isEmpty(user.getRoles())) {
-				Set<Role> existRoles = userOld.getRoles();
-				if (!CollectionUtils.isEmpty(existRoles)) {// 保留用户在其他企业的角色
-					Iterator<Role> iterator = existRoles.iterator();
-					Long currentEnuu = SystemSession.getUser().getEnterprise().getUu();
-					while (iterator.hasNext()) {
-						Role role = iterator.next();
-						if (role.getEnUU().equals(currentEnuu)) {
-							iterator.remove();
-						}
-					}
-				} else {
-					existRoles = new HashSet<>();
-				}
-				for (Role role : user.getRoles()) {
-					existRoles.add(role);
-				}
-				userOld.setRoles(existRoles);
-			} else {
-				Set<Role> existRoles = userOld.getRoles();
-				if (!CollectionUtils.isEmpty(existRoles)) {// 保留用户在其他企业的角色
-					Iterator<Role> iterator = existRoles.iterator();
-					Long currentEnuu = SystemSession.getUser().getEnterprise().getUu();
-					while (iterator.hasNext()) {
-						Role role = iterator.next();
-						if (role.getEnUU().equals(currentEnuu)) {
-							iterator.remove();
-						}
-					}
-				}
-				userOld.setRoles(existRoles);
-			}
+			updateRole(user,userOld);
 			try {
 				userOld = userDao.save(userOld);
 			} catch (Exception e) {
@@ -432,36 +324,46 @@ public class UserServiceImpl implements UserService {
 		}
 	}
 
+	private void updateRole(User user,User userOld) {
+		if (!CollectionUtils.isEmpty(user.getRoles())) {
+			Set<Role> existRoles = userOld.getRoles();
+			if (!CollectionUtils.isEmpty(existRoles)) {// 保留用户在其他企业的角色
+				Iterator<Role> iterator = existRoles.iterator();
+				Long currentEnuu = SystemSession.getUser().getEnterprise().getUu();
+				while (iterator.hasNext()) {
+					Role role = iterator.next();
+					if (role.getEnUU().equals(currentEnuu)) {
+						iterator.remove();
+					}
+				}
+			} else {
+				existRoles = new HashSet<>();
+			}
+			for (Role role : user.getRoles()) {
+				existRoles.add(role);
+			}
+			userOld.setRoles(existRoles);
+		} else {
+			Set<Role> existRoles = userOld.getRoles();
+			if (!CollectionUtils.isEmpty(existRoles)) {// 保留用户在其他企业的角色
+				Iterator<Role> iterator = existRoles.iterator();
+				Long currentEnuu = SystemSession.getUser().getEnterprise().getUu();
+				while (iterator.hasNext()) {
+					Role role = iterator.next();
+					if (role.getEnUU().equals(currentEnuu)) {
+						iterator.remove();
+					}
+				}
+			}
+			userOld.setRoles(existRoles);
+		}
+	}
+
 	@Override
 	public User updatePassword(User user, String password, String newPassword) {
-//		boolean result = user.getUserPwd().equals(Md5Utils.encode(password, user.getUserUU()));
-//		if (result) {
-//			User user1 = userDao.findOne(user.getUserUU());
-//			user1.setUserPwd(Md5Utils.encode(newPassword, user1.getUserUU()));
-//			user1.setPwdSecLevel(user.getPwdSecLevel());
-//			if (user1.getEnterprise() == null)
-//				user1.setCurrentEnterprise();// 随便绑定一个用户所属企业
-//			Enterprise enterprise = user1.getEnterprise();
-//			try {
-//					//判断是否为个人账户
-//					if (enterprise == null){
-//							//AccountUtils.resetPassword(user1.getUserUU(), null, newPassword);
-//					}else {
-//							//AccountUtils.resetPassword(user1.getUserUU(), enterprise.getUu(), newPassword);
-//					}
-//				user1 = userDao.save(user1);
-//			} catch (Exception e) {
-//				throw new SystemException(e.getMessage());
-//			}
-//			return user1;
-//		} else {
-//			throw new IllegalOperatorException("原密码验证错误");
-//		}
 		return null;
 	}
 
-
-	static final String defaultPassword = "111111";
 	@Override
 	public User addUser(User user, HttpServletRequest request) {
 		List<User> users = userDao.findUserByUserTel(user.getUserTel().trim());
@@ -487,7 +389,6 @@ public class UserServiceImpl implements UserService {
 			}else{
 				enterpriseDao.callInitProcedure(SystemSession.getUser().getEnterprise().getUu());
 			}
-			//Long uu = commonDao.queryForObject("select users_seq.nextval from dual", Long.class);
 			user.setUserUU(addssoUser.getUserUU());
 			user.addEnterprise(SystemSession.getUser().getEnterprise());
 			user.setCurrentEnterprise();
@@ -508,26 +409,10 @@ public class UserServiceImpl implements UserService {
 		model.put("rootpath", AgentUtils.getHost(request));
 		if (user.getUserEmail() != null) {
 			mailService.send(messageConf.getTplAfterBeAddedtoB2C(), user.getUserEmail(), model);
-			//mailService.send(messageConf.getTplInvitationForB2B(), user.getUserEmail(), model);
 		}
 		return user;
 	}
 
-    //添加未注册
-	/*public  com.uas.account.entity.User postToAccountCenter(User user, String password) throws Exception {
-		UserDetail detail = new UserDetail();
-		detail.setEmail(user.getUserEmail());
-		detail.setIdCode(user.getUserIdcode());
-		detail.setMobile(user.getUserTel());
-		detail.setName(user.getUserName());
-		detail.setSex(user.getUserSex());
-		List<com.uas.account.entity.User> users = AccountUtils.addUser(user.getUserUU(), SystemSession.getUser().getEnterprise().getUu(), detail, password);
-		if (!CollectionUtils.isEmpty(users)) {
-			return users.get(0);
-		} else {
-			return null;
-		}
-	}*/
 	public void postToAccountCenter(User user) throws Exception {
 		//判断是否个人用户
 		if(SystemSession.getUser().getEnterprise()==null){
@@ -541,8 +426,6 @@ public class UserServiceImpl implements UserService {
 		User user = userDao.findOne(uu);
 		if (user.getEnterprises().contains(SystemSession.getUser().getEnterprise())) {
 			user.removeEnterprise(SystemSession.getUser().getEnterprise());
-			/*if (user.getEnterprises().size() == 0)
-				user.setEnable((short) Status.DISABLED.value());*/
 			userDao.save(user);
 			try {
 				com.uas.sso.util.AccountUtils.removeUser(uu,SystemSession.getUser().getEnterprise().getUu());
@@ -623,45 +506,11 @@ public class UserServiceImpl implements UserService {
 
 	@Override
 	public User updateUserTel(String oldTel, String newTel,Long uu) {
-		/*// 旧手机号是否正确
-		User user = userDao.findOne(uu);
-			if(!user.getUserTel().equals(oldTel)){
-				throw new IllegalOperatorException("旧手机号错误");
-			}
-			try {
-				if(!StringUtils.isEmpty(oldTel) && !StringUtils.isEmpty(newTel)) {
-					// 保存数据库
-					List<com.uas.account.entity.User> users = AccountUtils.updateTel(oldTel, newTel);
-					if (users != null && users.size() > 0) {
-						user.setUserTel(users.get(0).getUid());
-						user = userDao.save(user);
-						return user;
-					}
-				}
-			} catch (Exception e) {
-				e.printStackTrace();
-			}*/
 			return null;
 		}
 
 	@Override
 	public User updateUserEmail(String tel, String newEmail, Long uu) {
-/*
-		try {
-			if(!StringUtils.isEmpty(tel) && !StringUtils.isEmpty(newEmail)) {
-				User user = userDao.findOne(uu);
-				// 从账户中心返回的数据
-				List<com.uas.account.entity.User> users = AccountUtils.updateEmail(tel,newEmail);
-				// 保存数据库
-				if (users != null && users.size() > 0) {
-					user.setUserEmail(users.get(0).getSecondUID());
-					user = userDao.save(user);
-					return user;
-				}
-			}
-		} catch (Exception e) {
-			e.printStackTrace();
-		}*/
 		throw new IllegalOperatorException("数据更新失败...");
 	}
 
@@ -678,7 +527,11 @@ public class UserServiceImpl implements UserService {
 		Set<Role> roles = user.getRoles();
 		if (!org.apache.commons.collections.CollectionUtils.isEmpty(roles)) {
 			for (Role role : roles) {
-				resourceItems = role.getResourceItems();
+				if (!org.apache.commons.collections.CollectionUtils.isEmpty(role.getResourceItems())) {
+					for (ResourceItem resourceItem : role.getResourceItems()) {
+						resourceItems.add(resourceItem);
+					}
+				}
 			}
 		}
 		//匹配当前访问权限;

src/main/java/com/uas/platform/b2c/core/filter/SSOInterceptor.java

@@ -35,6 +35,8 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.ui.ModelMap;
 import org.springframework.util.StringUtils;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -166,9 +168,42 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
         if (user != null) {
             SystemSession.setUser(user);
             accessDecision(request, user);
+            accessAdmin(request,user);
         }
     }
 
+    /**
+     * admin权限验证
+     */
+    private void accessAdmin(HttpServletRequest request,User user) {
+        if (!StringUtils.isEmpty(user.getEnterprise())) {
+            if (!user.getEnterprise().getUu().toString().equals(enUU) && request.getServletPath().equals("/admin")) {
+                //throw new AccessDeniedException("无法访问，您没有权限！");
+                HttpServletResponse response = ((ServletRequestAttributes)RequestContextHolder.getRequestAttributes()).getResponse();
+                try {
+                    response.setHeader("Content-type", "text/html;charset=UTF-8");
+                    response.getWriter().write("您没有管理权限，请联系优软商城");
+                } catch (IOException e) {
+
+                }
+                throw new AccessDeniedException("无法访问，您没有权限！");
+
+            }
+        } else {
+            if (request.getServletPath().equals("/admin")) {
+                HttpServletResponse response = ((ServletRequestAttributes)RequestContextHolder.getRequestAttributes()).getResponse();
+                try {
+                    response.setHeader("Content-type", "text/html;charset=UTF-8");
+                    response.getWriter().write("您没有管理权限，请联系优软商城");
+                } catch (IOException e) {
+
+                }
+                throw new AccessDeniedException("无法访问，您没有权限！");
+            }
+        }
+
+    }
+
     /**
      * 权限验证
      */
@@ -203,7 +238,6 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
         }
         // 暂时在正式 过滤admin访问权限
         if (needPermission != null) {
-            if ("dev".equals(profile)) {
                 if (!user.getEnterprise().getUu().toString().equals(enUU)) {
                     throw new AccessDeniedException("无法访问，没有 " + needPermission + " 权限！");
                 } else {
@@ -213,9 +247,6 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
                         }
                     }
                 }
-            } else {
-                throw new AccessDeniedException("无法访问，没有 " + needPermission + " 权限！");
-            }
         }
     }
 

src/main/webapp/resources/view/vendor/modal/role_detail.html

@@ -384,7 +384,7 @@
 				<span class="tooltip-inner">请描述一下角色的具体职责，内容保持在50个字以内</span>
 			</div>
 		</div>
-		<div class="form-group role-resources" ng-if="role.issys != 1 && role.desc != '普通用户'">
+		<div class="form-group role-resources" ng-if="role.issys != 1 && role.desc != '普通用户' && role.desc != '店长' ">
 			<label>权限分配</label>
 			<p class="help-block">给角色分配允许操作的资源</p>
 			<div>
@@ -447,14 +447,14 @@
 			</div>
 		</div>
 	</div>
-	<div class="modal-footer" ng-if="role.issys != 1 && role.desc != '普通用户'">
+	<div class="modal-footer" ng-if="role.issys != 1 && role.desc != '普通用户' && role.desc != '店长'">
 		<button class="mall-default-btn mall-btn-cancel" ng-click="cancel()" type="button">取消</button>
 		<button class="mall-default-btn mall-btn-delete"
 			ng-show="role.id && role.isdefault == 0" ng-click="del()" type="button">删除角色</button>
 		<button class="mall-default-btn mall-btn-submit"
 				ng-disabled="roleForm.$invalid || !isChanged(role)" type="submit">确认</button>
 	</div>
-	<div class="modal-footer" ng-if="!(role.issys != 1 && role.desc != '普通用户')">
+	<div class="modal-footer" ng-if="!(role.issys != 1 && role.desc != '普通用户' && role.desc != '店长')">
 		<button class="btn btn-default" ng-click="cancel()" type="button">关闭</button>
 	</div>
 </form>