hexiugang
/
iamberry-common-parent


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460
							package com.iamberry.rst.controllers.sys;

import com.iamberry.app.tool.des.MD5;
import com.iamberry.rst.core.cm.CompanyInfo;
import com.iamberry.rst.core.cm.StoreInfo;
import com.iamberry.rst.core.order.OrderDepart;
import com.iamberry.rst.core.page.PageRequest;
import com.iamberry.rst.core.page.PagedResult;
import com.iamberry.rst.core.sys.*;
import com.iamberry.rst.faces.cm.CompanyInfoService;
import com.iamberry.rst.faces.cm.StoreInfoService;
import com.iamberry.rst.faces.order.OrderDepartService;
import com.iamberry.rst.faces.sys.DepartService;
import com.iamberry.rst.faces.sys.SysService;
import com.iamberry.rst.utils.AdminUtils;
import com.iamberry.rst.utils.StaticModelUtil;
import com.iamberry.wechat.autiXSS.XSSHandler;
import com.iamberry.wechat.tools.ResponseJson;
import com.iamberry.wechat.tools.StrUtils;
import com.iamberry.wechat.tools.ValidationResult;
import com.iamberry.wechat.tools.ValidationUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.annotation.Logical;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.authz.annotation.RequiresUser;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.ModelAndView;

import javax.servlet.http.HttpServletRequest;
import java.lang.reflect.InvocationTargetException;
import java.util.ArrayList;
import java.util.List;
import java.util.Random;

/**
 * @author 献
 *
 * @company 深圳爱贝源科技有限公司
 * @website www.iamberry.com
 * @tel 18271840547
 * @date 2017/5/15
 */
@Controller
@RequestMapping("/admin/sys")
public class SysController {

    @Autowired
    private SysService sysService;
    @Autowired
    private DepartService departService;
    @Autowired
    private CompanyInfoService companyInfoService;
    @Autowired
    private StoreInfoService storeInfoService;
    @Autowired
    private OrderDepartService orderDepartService;

    private static Logger logger = LoggerFactory.getLogger(SysController.class);

    private Dept dept = new Dept();
    private StrUtils strUtils = new StrUtils();
    private MD5 md5;

    /**
     * 后台首页，自动判断来源
     * @param request
     * @return
     */
    @RequiresUser
    @RequestMapping("/_index")
    public ModelAndView indexUI(HttpServletRequest request) {
        Subject currentUser = SecurityUtils.getSubject();
        Admin admin = (Admin) currentUser.getPrincipal();
        Depart depart = departService.getDepartById(admin.getAdminDept());
        // 判断来源
        String userAgent = request.getHeader("User-Agent").toLowerCase();
      /*  if (userAgent.contains("ipad") || userAgent.contains("iphone os") || userAgent.contains("android")) {
            // 来自手机端
            logger.info("用户{}来源于手机端", currentUser.getPrincipal());
            // 传递部门信息
            return new ModelAndView("wap/wap_index")
                    .addObject("dept_name", depart.getDepartName())
                    .addObject("dept_role", admin.getAdminManager() == 2);
        }*/
        logger.info("用户{}来源于PC端", currentUser.getPrincipal());

        // 注入数据:管理员名称、管理员部门
        String dept = depart.getDepartName();
        List<Menu> list = sysService.listMenu(AdminUtils.getLoginAdminId());
        return new ModelAndView("home/pc_index")
                .addObject("adminName", admin.getAdminName())
                .addObject("deptName", dept)
                .addObject("menus", sysService.listMenu(AdminUtils.getLoginAdminId()));
    }

    /**
     * 查看我的信息
     * @return
     */
    @ResponseBody
    @RequestMapping("/get/my_info")
    public ResponseJson getMyInfo() {
        // 获取当前用户信息
        Integer adminId = AdminUtils.getLoginAdminId();
        Admin temp = new Admin();
        temp.setAdminId(adminId);

        // 查询数据 & 清空敏感数据
        Admin admin = sysService.get(temp);
        admin.setAdminId(null);
        admin.setAdminPassword(null);
        admin.setAdminSalt(null);
        admin.setAdminTel(StrUtils.phoneFormat(admin.getAdminTel()));
        return new ResponseJson(200, "SUCCESS", 200).addResponseKeyValue("admin", admin);
    }

    /**
     * 进入修改密码页面
     * @return
     */
    @RequiresPermissions("sys:editMyPwd")
    @RequestMapping("/edit/_my_pwd")
    public ModelAndView editMyPasswordUI() {
        return new ModelAndView("sys/edit_pwd");
    }

    /**
     * 执行修改密码
     * @param pwd
     * @return
     */
    @RequiresPermissions("sys:editMyPwd")
    @RequestMapping("/edit/my_pwd")
    @ResponseBody
    public ResponseJson editMyPassword(@RequestParam("pwd") String pwd) {
        // 获取当前用户信息
        Integer adminId = AdminUtils.getLoginAdminId();

        Admin admin = new Admin();
        admin.setAdminPassword(pwd);
        admin.setAdminId(adminId);

        Integer res = sysService.editAdmin(admin);
        if (res == 1) {
            return new ResponseJson(200, "SUCCESS", 200);
        }

        return new ResponseJson(200, "SUCCESS", 400);
    }

    /**
     * 编辑自己的用户信息页面
     * @return
     */
    @RequiresPermissions("sys:editMyInfo")
    @RequestMapping("/_edit_myinfo")
    public ModelAndView editMeInfoUI() {
        // 获取当前用户信息
        Integer adminId = AdminUtils.getLoginAdminId();
        Admin temp = new Admin();
        temp.setAdminId(adminId);
        Admin admin = sysService.get(temp);

        // 返回用户信息
        ModelAndView mv = new ModelAndView("admin/edit");
        mv.addObject("admin", admin);
        return mv;
    }

    /**
     * 编辑我的信息
     * @param admin
     * @return
     */
    @ResponseBody
    @RequestMapping("/edit_myinfo")
    @RequiresPermissions("sys:editMyinfo")
    public ResponseJson editMeInfo(Admin admin) {
        // 校验
        ValidationResult result = ValidationUtils.validateEntity(admin);
        if (result.isHasErrors()) {
            return new ResponseJson(200, "VALIDATION_ERROR", 500).addResponseKeyValue(result.getErrorMsgList().get(0));
        }

        // 获取当前用户信息
        Integer adminId = AdminUtils.getLoginAdminId();
        admin.setAdminId(adminId);

        Integer res = sysService.editAdmin(admin);
        if (res == 1) {
            return new ResponseJson(200, "SUCCESS", 200);
        }
        return new ResponseJson(200, "EDIT_ERROR", 400);
    }

    @RequiresRoles(value = {"ROOT", "MANAGER"}, logical = Logical.OR)
    @RequiresPermissions("sys:listAdmin")
    @RequestMapping("/_list_admin")
    public ModelAndView listAdminUI(Admin admin, HttpServletRequest request,
                                    @RequestParam(value = "pageNO", defaultValue = "1", required = false) int pageNO,
                                    @RequestParam(value = "pageTotal", required = false) Integer pageTotal,
                                    @RequestParam(value = "pageSize", defaultValue = "20", required = false) int pageSize) throws NoSuchMethodException, IllegalAccessException, InvocationTargetException {
        // 如果是ROOT，查询所有，否则查询部门信息
        Integer managerDept = AdminUtils.getLoginAdmin().getAdminDept();
        if (managerDept != 1) {
            admin.setAdminDept(managerDept);
        }
        // 封装请求数据
        PageRequest<Admin> pageRequest = new PageRequest<>(admin, pageNO, pageSize, pageTotal == null);

        // 查询
        PagedResult<Admin> result = sysService.listAdmin(pageRequest);
        if (pageTotal != null) {
            result.setPages(pageTotal);
        }

        // 返回
        ModelAndView mv = new ModelAndView("sys/list_admin");
        mv.addObject("page", result);
        mv.addObject("url", request.getRequestURI().replace(request.getContextPath(), "") +
                "?pageTotal=" + result.getPages() + "&pageSize=" + pageSize +
                "&adminName=" + (admin.getAdminName() == null ? "" : admin.getAdminName()) +
                "&adminSex=" + (admin.getAdminSex() == null ? "" : admin.getAdminSex()) +
                "&adminTel=" + (admin.getAdminTel() == null ? "" : admin.getAdminTel()) +
                "&adminMail=" + (admin.getAdminMail() == null ? "" : admin.getAdminMail()) +
                "&pageNO=");

        // 向页面传递数据，注意防止XSS
        XSSHandler.escapeObject(admin, new String[] {"adminName", "adminSex", "adminTel", "adminMail"});
        mv.addObject("admin", admin);
        mv.addObject("deptUtil", StaticModelUtil.useStaticPacker(Dept.class.getName()));
        mv.addObject("strUtil", StaticModelUtil.useStaticPacker(StrUtils.class.getName()));
        return mv;
    }

    @ResponseBody
    @RequestMapping("/edit_status")
    @RequiresPermissions("sys:editStatus")
    @RequiresRoles(value = {"ROOT", "MANAGER"}, logical = Logical.OR)
    public ResponseJson editStatus(@RequestParam("adminId") Integer adminId,
                                   @RequestParam("status") Integer status) {

        Admin admin = new Admin();
        admin.setAdminId(adminId);
        admin.setAdminStatus(status);
        Integer managerDept = AdminUtils.getLoginAdmin().getAdminDept();
        if (managerDept != 1) {
            admin.setAdminDept(managerDept);
        }
        Integer res = sysService.editAdmin(admin);
        if (res == null || res <= 0) {
            return new ResponseJson(200, "SUCCESS", 400);
        }
        return new ResponseJson(200, "SUCCESS", 200);
    }

    /**
     * 超级管理员 前往 编辑其他用户的权限
     * @return
     */
    @RequiresRoles(value = {"ROOT", "MANAGER"}, logical = Logical.OR)
    @RequiresPermissions("sys:editPermission")
    @RequestMapping("/{adminId}/_edit_permission")
    public ModelAndView editPermissionUI(@PathVariable("adminId") Integer adminId) {
        List<Menu> menus = sysService.listPermissions(adminId);

        Integer[] storeIds = orderDepartService.getDepartStoreIds(adminId);

        List<CompanyInfo> companyInfoList = companyInfoService.listCompanyInfo(new CompanyInfo());
        for (CompanyInfo companyInfo : companyInfoList) {
            StoreInfo storeInfo = new StoreInfo();
            storeInfo.setCompanyId(companyInfo.getCompanyId());
            List<StoreInfo>  storeInfoList = storeInfoService.listStore(storeInfo);
            if(storeIds.length > 0){
                for (StoreInfo si : storeInfoList) {
                    for (int i = 0; i < storeIds.length; i++) {
                        if(si.getStoreId() == storeIds[i]){
                            si.setIsSelectDepart(1); //   1：选中  2：未选中
                        }
                    }
                }
            }
            companyInfo.setStoreInfoList(storeInfoList);
        }

        return new ModelAndView("sys/edit_permission")
                .addObject("companyInfoList", companyInfoList)
                .addObject("list", menus)
                .addObject("adminId", adminId);
    }

    @RequiresRoles(value = {"ROOT", "MANAGER"}, logical = Logical.OR)
    @RequiresPermissions("sys:editPermission")
    @RequestMapping("/edit_permission")
    @ResponseBody
    public ResponseJson editPermission(@RequestParam("adminId") Integer adminId,
                                       @RequestParam("perms[]") String [] perms,
                                       @RequestParam("companyIds") String companyIds,
                                       @RequestParam("storeIds") String storeIds) {

        // perms["一级菜单:二级菜单:权限id:权限操作符", "一级菜单:二级菜单:权限id:权限操作符"]
        List<AdminPocess> pocesses = new ArrayList<>();
        for (String perm : perms) {
            String[] temp = StringUtils.split(perm, "-");
            if (temp.length != 4) {
                continue;
            }
            Integer menuId = Integer.parseInt(temp[0]);
            Integer subMenuId = Integer.parseInt(temp[1]);
            Integer permissionId = Integer.parseInt(temp[2]);

            AdminPocess pocess = new AdminPocess();
            pocess.setPocessAdminId(adminId);
            pocess.setPocessMenuId(menuId);
            pocess.setPocessSubId(subMenuId);
            pocess.setPocessSymbol(temp[3]);
            pocess.setPocessPermId(permissionId);

            pocesses.add(pocess);
        }

        int res = 0;
        try {
            res = sysService.editAdminPermission(pocesses, adminId);
        } catch (Exception e) {
            logger.info("", e);
        }

        List<OrderDepart> orderDepartList = new ArrayList<>();
        if(companyIds != null && !"".equals(companyIds)){
            String[] companyArray = companyIds.split(",");
            for (String company : companyArray) {
                OrderDepart orderDepart = new OrderDepart();
                orderDepart.setAdminId(adminId);
                orderDepart.setCompanyId(Integer.valueOf(company));
                orderDepart.setOrderDepartType(1);
                orderDepartList.add(orderDepart);
            }
        }
        if(storeIds != null && !"".equals(storeIds)){
            String[] storeArray = storeIds.split(",");
            for (String store : storeArray) {
                OrderDepart orderDepart = new OrderDepart();
                orderDepart.setAdminId(adminId);
                orderDepart.setStoreId(Integer.valueOf(store));
                orderDepart.setOrderDepartType(2);
                orderDepartList.add(orderDepart);
            }
        }

        if(orderDepartList.size() > 0){
            orderDepartService.update(orderDepartList,adminId);
        }

        if (res == 0) {
            return new ResponseJson(200, "ERROR", 400);
        }
        return new ResponseJson(200, "SUCCESS", 200);
    }

    /**
     * 判断是否是业务经理(有审核权限,即是否是小曾)
     * @date 2017年6月2日
     * @return
     */
    @ResponseBody
    @RequestMapping("/is_check_admin")
    public ResponseJson isCheckManager(){
        ResponseJson rj = new ResponseJson();
        rj.setResultCode(200);
        rj.setResultMsg("SUCCESS");

        Integer loginAdminId = AdminUtils.getLoginAdminId();
        if(loginAdminId == null || loginAdminId != 8){
            rj.setReturnCode(400);
            rj.addResponseKeyValue("该用户不是具有审核权限的管理员!");
            return rj;
        }
        rj.setReturnCode(200);
        return rj;
    }

    /**
     * 进入添加管理员页面
     * @param request
     * @return
     * @throws Exception
     */
    @RequiresPermissions("sys:add:admin")
    @RequestMapping("/_add_admin")
    public ModelAndView goAddAdmin(HttpServletRequest request) throws Exception {
        ModelAndView mv = new ModelAndView("sys/add_admin");
        Depart depart = new Depart();
        depart.setDepartStatus(1);
        List<Depart> departList = departService.getDepartList(depart);
        mv.addObject("departList",departList);
        return mv;
    }

    /**
     * 添加管理员信息
     * @param admin
     * @param request
     * @return
     * @throws Exception
     */
    @ResponseBody
    @RequiresPermissions("sys:add:admin")
    @RequestMapping("/add_admin_info")
    public ResponseJson addAdminInfo(Admin admin,HttpServletRequest request) throws Exception {
        md5 = new MD5("inlongadMD5");
        StringBuilder salt = new StringBuilder();
        String adminSalt = "";
        if (admin.getAdminAccount() == null || admin.getAdminPassword() == null) {
            return new ResponseJson(200, "账号和密码不能为空", 500);
        }
        StringBuilder passWord = new StringBuilder(admin.getAdminPassword());
        Random rd = new Random();
        for (int i = 0;i < 10;i++) {
            salt.append(String.valueOf(rd.nextInt(10)));
        }
        int adminId = AdminUtils.getLoginAdminId();
        Admin adminInfo = new Admin();
        adminInfo.setAdminId(adminId);
        //查询登录人信息
        adminInfo = sysService.get(adminInfo);
        if (adminInfo == null) {
            return new ResponseJson(200, "账号信息有误,请重新登录", 500);
        }
        adminSalt = md5.stringToMD5(salt.toString());
        admin.setAdminSalt(adminSalt);
        admin.setAdminSaleNum(0);
        admin.setAdminStatus(1);
        passWord.append(adminSalt);
        Admin admin1 = new Admin();
        admin1.setAdminAccount(admin.getAdminAccount());
        admin.setAdminPassword(md5.stringToMD5(passWord.toString()));
        List<Admin> adminList = sysService.listGetAdmin(admin1);
        if (adminList != null && adminList.size() > 0) {
            return new ResponseJson(200, "该账号密码已存在，请重新输入", 500);
        }
        int num = sysService.saveAdmin(admin);
        if (num > 0) {
            return new ResponseJson(200, "恭喜您,添加成功!", 200);
        } else {
            return new ResponseJson(200, "添加失败", 500);
        }
    }
}