package com.iamberry.rst.controllers.sys; import com.iamberry.app.tool.des.MD5; import com.iamberry.rst.core.cm.CompanyInfo; import com.iamberry.rst.core.cm.StoreInfo; import com.iamberry.rst.core.order.OrderDepart; import com.iamberry.rst.core.page.PageRequest; import com.iamberry.rst.core.page.PagedResult; import com.iamberry.rst.core.sys.*; import com.iamberry.rst.faces.cm.CompanyInfoService; import com.iamberry.rst.faces.cm.StoreInfoService; import com.iamberry.rst.faces.order.OrderDepartService; import com.iamberry.rst.faces.sys.DepartService; import com.iamberry.rst.faces.sys.SysService; import com.iamberry.rst.utils.AdminUtils; import com.iamberry.rst.utils.StaticModelUtil; import com.iamberry.wechat.autiXSS.XSSHandler; import com.iamberry.wechat.tools.ResponseJson; import com.iamberry.wechat.tools.StrUtils; import com.iamberry.wechat.tools.ValidationResult; import com.iamberry.wechat.tools.ValidationUtils; import org.apache.commons.lang3.StringUtils; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authz.annotation.Logical; import org.apache.shiro.authz.annotation.RequiresPermissions; import org.apache.shiro.authz.annotation.RequiresRoles; import org.apache.shiro.authz.annotation.RequiresUser; import org.apache.shiro.subject.Subject; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.servlet.ModelAndView; import javax.servlet.http.HttpServletRequest; import java.lang.reflect.InvocationTargetException; import java.util.ArrayList; import java.util.List; import java.util.Random; /** * @author 献 * * @company 深圳爱贝源科技有限公司 * @website www.iamberry.com * @tel 18271840547 * @date 2017/5/15 */ @Controller @RequestMapping("/admin/sys") public class SysController { @Autowired private SysService sysService; @Autowired private DepartService departService; @Autowired private CompanyInfoService companyInfoService; @Autowired private StoreInfoService storeInfoService; @Autowired private OrderDepartService orderDepartService; private static Logger logger = LoggerFactory.getLogger(SysController.class); private Dept dept = new Dept(); private StrUtils strUtils = new StrUtils(); private MD5 md5; /** * 后台首页,自动判断来源 * @param request * @return */ @RequiresUser @RequestMapping("/_index") public ModelAndView indexUI(HttpServletRequest request) { Subject currentUser = SecurityUtils.getSubject(); Admin admin = (Admin) currentUser.getPrincipal(); Depart depart = departService.getDepartById(admin.getAdminDept()); // 判断来源 String userAgent = request.getHeader("User-Agent").toLowerCase(); /* if (userAgent.contains("ipad") || userAgent.contains("iphone os") || userAgent.contains("android")) { // 来自手机端 logger.info("用户{}来源于手机端", currentUser.getPrincipal()); // 传递部门信息 return new ModelAndView("wap/wap_index") .addObject("dept_name", depart.getDepartName()) .addObject("dept_role", admin.getAdminManager() == 2); }*/ logger.info("用户{}来源于PC端", currentUser.getPrincipal()); // 注入数据:管理员名称、管理员部门 String dept = depart.getDepartName(); List list = sysService.listMenu(AdminUtils.getLoginAdminId()); return new ModelAndView("home/pc_index") .addObject("adminName", admin.getAdminName()) .addObject("deptName", dept) .addObject("menus", sysService.listMenu(AdminUtils.getLoginAdminId())); } /** * 查看我的信息 * @return */ @ResponseBody @RequestMapping("/get/my_info") public ResponseJson getMyInfo() { // 获取当前用户信息 Integer adminId = AdminUtils.getLoginAdminId(); Admin temp = new Admin(); temp.setAdminId(adminId); // 查询数据 & 清空敏感数据 Admin admin = sysService.get(temp); admin.setAdminId(null); admin.setAdminPassword(null); admin.setAdminSalt(null); admin.setAdminTel(StrUtils.phoneFormat(admin.getAdminTel())); return new ResponseJson(200, "SUCCESS", 200).addResponseKeyValue("admin", admin); } /** * 进入修改密码页面 * @return */ @RequiresPermissions("sys:editMyPwd") @RequestMapping("/edit/_my_pwd") public ModelAndView editMyPasswordUI() { return new ModelAndView("sys/edit_pwd"); } /** * 执行修改密码 * @param pwd * @return */ @RequiresPermissions("sys:editMyPwd") @RequestMapping("/edit/my_pwd") @ResponseBody public ResponseJson editMyPassword(@RequestParam("pwd") String pwd) { // 获取当前用户信息 Integer adminId = AdminUtils.getLoginAdminId(); Admin admin = new Admin(); admin.setAdminPassword(pwd); admin.setAdminId(adminId); Integer res = sysService.editAdmin(admin); if (res == 1) { return new ResponseJson(200, "SUCCESS", 200); } return new ResponseJson(200, "SUCCESS", 400); } /** * 编辑自己的用户信息页面 * @return */ @RequiresPermissions("sys:editMyInfo") @RequestMapping("/_edit_myinfo") public ModelAndView editMeInfoUI() { // 获取当前用户信息 Integer adminId = AdminUtils.getLoginAdminId(); Admin temp = new Admin(); temp.setAdminId(adminId); Admin admin = sysService.get(temp); // 返回用户信息 ModelAndView mv = new ModelAndView("admin/edit"); mv.addObject("admin", admin); return mv; } /** * 编辑我的信息 * @param admin * @return */ @ResponseBody @RequestMapping("/edit_myinfo") @RequiresPermissions("sys:editMyinfo") public ResponseJson editMeInfo(Admin admin) { // 校验 ValidationResult result = ValidationUtils.validateEntity(admin); if (result.isHasErrors()) { return new ResponseJson(200, "VALIDATION_ERROR", 500).addResponseKeyValue(result.getErrorMsgList().get(0)); } // 获取当前用户信息 Integer adminId = AdminUtils.getLoginAdminId(); admin.setAdminId(adminId); Integer res = sysService.editAdmin(admin); if (res == 1) { return new ResponseJson(200, "SUCCESS", 200); } return new ResponseJson(200, "EDIT_ERROR", 400); } @RequiresRoles(value = {"ROOT", "MANAGER"}, logical = Logical.OR) @RequiresPermissions("sys:listAdmin") @RequestMapping("/_list_admin") public ModelAndView listAdminUI(Admin admin, HttpServletRequest request, @RequestParam(value = "pageNO", defaultValue = "1", required = false) int pageNO, @RequestParam(value = "pageTotal", required = false) Integer pageTotal, @RequestParam(value = "pageSize", defaultValue = "20", required = false) int pageSize) throws NoSuchMethodException, IllegalAccessException, InvocationTargetException { // 如果是ROOT,查询所有,否则查询部门信息 Integer managerDept = AdminUtils.getLoginAdmin().getAdminDept(); if (managerDept != 1) { admin.setAdminDept(managerDept); } // 封装请求数据 PageRequest pageRequest = new PageRequest<>(admin, pageNO, pageSize, pageTotal == null); // 查询 PagedResult result = sysService.listAdmin(pageRequest); if (pageTotal != null) { result.setPages(pageTotal); } // 返回 ModelAndView mv = new ModelAndView("sys/list_admin"); mv.addObject("page", result); mv.addObject("url", request.getRequestURI().replace(request.getContextPath(), "") + "?pageTotal=" + result.getPages() + "&pageSize=" + pageSize + "&adminName=" + (admin.getAdminName() == null ? "" : admin.getAdminName()) + "&adminSex=" + (admin.getAdminSex() == null ? "" : admin.getAdminSex()) + "&adminTel=" + (admin.getAdminTel() == null ? "" : admin.getAdminTel()) + "&adminMail=" + (admin.getAdminMail() == null ? "" : admin.getAdminMail()) + "&pageNO="); // 向页面传递数据,注意防止XSS XSSHandler.escapeObject(admin, new String[] {"adminName", "adminSex", "adminTel", "adminMail"}); mv.addObject("admin", admin); mv.addObject("deptUtil", StaticModelUtil.useStaticPacker(Dept.class.getName())); mv.addObject("strUtil", StaticModelUtil.useStaticPacker(StrUtils.class.getName())); return mv; } @ResponseBody @RequestMapping("/edit_status") @RequiresPermissions("sys:editStatus") @RequiresRoles(value = {"ROOT", "MANAGER"}, logical = Logical.OR) public ResponseJson editStatus(@RequestParam("adminId") Integer adminId, @RequestParam("status") Integer status) { Admin admin = new Admin(); admin.setAdminId(adminId); admin.setAdminStatus(status); Integer managerDept = AdminUtils.getLoginAdmin().getAdminDept(); if (managerDept != 1) { admin.setAdminDept(managerDept); } Integer res = sysService.editAdmin(admin); if (res == null || res <= 0) { return new ResponseJson(200, "SUCCESS", 400); } return new ResponseJson(200, "SUCCESS", 200); } /** * 超级管理员 前往 编辑其他用户的权限 * @return */ @RequiresRoles(value = {"ROOT", "MANAGER"}, logical = Logical.OR) @RequiresPermissions("sys:editPermission") @RequestMapping("/{adminId}/_edit_permission") public ModelAndView editPermissionUI(@PathVariable("adminId") Integer adminId) { List menus = sysService.listPermissions(adminId); Integer[] storeIds = orderDepartService.getDepartStoreIds(adminId); List companyInfoList = companyInfoService.listCompanyInfo(new CompanyInfo()); for (CompanyInfo companyInfo : companyInfoList) { StoreInfo storeInfo = new StoreInfo(); storeInfo.setCompanyId(companyInfo.getCompanyId()); List storeInfoList = storeInfoService.listStore(storeInfo); if(storeIds.length > 0){ for (StoreInfo si : storeInfoList) { for (int i = 0; i < storeIds.length; i++) { if(si.getStoreId() == storeIds[i]){ si.setIsSelectDepart(1); // 1:选中 2:未选中 } } } } companyInfo.setStoreInfoList(storeInfoList); } return new ModelAndView("sys/edit_permission") .addObject("companyInfoList", companyInfoList) .addObject("list", menus) .addObject("adminId", adminId); } @RequiresRoles(value = {"ROOT", "MANAGER"}, logical = Logical.OR) @RequiresPermissions("sys:editPermission") @RequestMapping("/edit_permission") @ResponseBody public ResponseJson editPermission(@RequestParam("adminId") Integer adminId, @RequestParam("perms[]") String [] perms, @RequestParam("companyIds") String companyIds, @RequestParam("storeIds") String storeIds) { // perms["一级菜单:二级菜单:权限id:权限操作符", "一级菜单:二级菜单:权限id:权限操作符"] List pocesses = new ArrayList<>(); for (String perm : perms) { String[] temp = StringUtils.split(perm, "-"); if (temp.length != 4) { continue; } Integer menuId = Integer.parseInt(temp[0]); Integer subMenuId = Integer.parseInt(temp[1]); Integer permissionId = Integer.parseInt(temp[2]); AdminPocess pocess = new AdminPocess(); pocess.setPocessAdminId(adminId); pocess.setPocessMenuId(menuId); pocess.setPocessSubId(subMenuId); pocess.setPocessSymbol(temp[3]); pocess.setPocessPermId(permissionId); pocesses.add(pocess); } int res = 0; try { res = sysService.editAdminPermission(pocesses, adminId); } catch (Exception e) { logger.info("", e); } List orderDepartList = new ArrayList<>(); if(companyIds != null && !"".equals(companyIds)){ String[] companyArray = companyIds.split(","); for (String company : companyArray) { OrderDepart orderDepart = new OrderDepart(); orderDepart.setAdminId(adminId); orderDepart.setCompanyId(Integer.valueOf(company)); orderDepart.setOrderDepartType(1); orderDepartList.add(orderDepart); } } if(storeIds != null && !"".equals(storeIds)){ String[] storeArray = storeIds.split(","); for (String store : storeArray) { OrderDepart orderDepart = new OrderDepart(); orderDepart.setAdminId(adminId); orderDepart.setStoreId(Integer.valueOf(store)); orderDepart.setOrderDepartType(2); orderDepartList.add(orderDepart); } } if(orderDepartList.size() > 0){ orderDepartService.update(orderDepartList,adminId); } if (res == 0) { return new ResponseJson(200, "ERROR", 400); } return new ResponseJson(200, "SUCCESS", 200); } /** * 判断是否是业务经理(有审核权限,即是否是小曾) * @date 2017年6月2日 * @return */ @ResponseBody @RequestMapping("/is_check_admin") public ResponseJson isCheckManager(){ ResponseJson rj = new ResponseJson(); rj.setResultCode(200); rj.setResultMsg("SUCCESS"); Integer loginAdminId = AdminUtils.getLoginAdminId(); if(loginAdminId == null || loginAdminId != 8){ rj.setReturnCode(400); rj.addResponseKeyValue("该用户不是具有审核权限的管理员!"); return rj; } rj.setReturnCode(200); return rj; } /** * 进入添加管理员页面 * @param request * @return * @throws Exception */ @RequiresPermissions("sys:add:admin") @RequestMapping("/_add_admin") public ModelAndView goAddAdmin(HttpServletRequest request) throws Exception { ModelAndView mv = new ModelAndView("sys/add_admin"); Depart depart = new Depart(); depart.setDepartStatus(1); List departList = departService.getDepartList(depart); mv.addObject("departList",departList); return mv; } /** * 添加管理员信息 * @param admin * @param request * @return * @throws Exception */ @ResponseBody @RequiresPermissions("sys:add:admin") @RequestMapping("/add_admin_info") public ResponseJson addAdminInfo(Admin admin,HttpServletRequest request) throws Exception { md5 = new MD5("inlongadMD5"); StringBuilder salt = new StringBuilder(); String adminSalt = ""; if (admin.getAdminAccount() == null || admin.getAdminPassword() == null) { return new ResponseJson(200, "账号和密码不能为空", 500); } StringBuilder passWord = new StringBuilder(admin.getAdminPassword()); Random rd = new Random(); for (int i = 0;i < 10;i++) { salt.append(String.valueOf(rd.nextInt(10))); } int adminId = AdminUtils.getLoginAdminId(); Admin adminInfo = new Admin(); adminInfo.setAdminId(adminId); //查询登录人信息 adminInfo = sysService.get(adminInfo); if (adminInfo == null) { return new ResponseJson(200, "账号信息有误,请重新登录", 500); } adminSalt = md5.stringToMD5(salt.toString()); admin.setAdminSalt(adminSalt); admin.setAdminSaleNum(0); admin.setAdminStatus(1); passWord.append(adminSalt); Admin admin1 = new Admin(); admin1.setAdminAccount(admin.getAdminAccount()); admin.setAdminPassword(md5.stringToMD5(passWord.toString())); List adminList = sysService.listGetAdmin(admin1); if (adminList != null && adminList.size() > 0) { return new ResponseJson(200, "该账号密码已存在,请重新输入", 500); } int num = sysService.saveAdmin(admin); if (num > 0) { return new ResponseJson(200, "恭喜您,添加成功!", 200); } else { return new ResponseJson(200, "添加失败", 500); } } }