后台管理员操作权限控制

houko · houko · commit 292eba1d396e · 2016-04-14T20:01:43.000+08:00
diff --git a/admin/src/main/java/info/xiaomo/admin/controller/AdminUserController.java b/admin/src/main/java/info/xiaomo/admin/controller/AdminUserController.java
@@ -6,7 +6,6 @@
 import info.xiaomo.core.service.AdminUserService;
 import info.xiaomo.core.untils.MD5Util;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.PageRequest;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -69,12 +68,32 @@ public Map<String, Object> login(@RequestParam String userName, @RequestParam St
         return result;
     }
 
+    /**
+     * 添加用户
+     *
+     * @param operator
+     * @param userName
+     * @param password
+     * @param authLevel
+     * @return
+     */
     @RequestMapping(value = "add", method = RequestMethod.POST)
-    public HashMap<String, Object> register(
+    public HashMap<String, Object> add(
+            @RequestParam String operator,
             @RequestParam String userName,
             @RequestParam String password,
             @RequestParam int authLevel
     ) {
+        AdminModel operatorModel = service.findAdminUserByUserName(operator);
+        if (operator == null) {
+            result.put(code, notFound);
+            return result;
+        }
+        if (operatorModel.getAuthLevel() <= 0) {
+            result.put(code, authError);
+            return result;
+        }
+
         AdminModel adminModel = service.findAdminUserByUserName(userName);
         if (adminModel != null) {
             result.put(code, error);
@@ -108,15 +127,24 @@ public HashMap<String, Object> findUserById(@RequestParam("id") Long id) {
 
 
     @RequestMapping(value = "findAll", method = RequestMethod.GET)
-    public HashMap<String, Object> getAll(@RequestParam(value = "start",defaultValue = "1") int start, @RequestParam(value = "pageSize", defaultValue ="10") int page) {
+    public HashMap<String, Object> getAll(@RequestParam(value = "start", defaultValue = "1") int start, @RequestParam(value = "pageSize", defaultValue = "10") int page) {
         Page<AdminModel> pages = service.getAdminUsers(new PageRequest(start - 1, page));
         result.put(code, success);
         result.put(adminUsers, pages);
         return result;
     }
 
     @RequestMapping(value = "deleteById", method = RequestMethod.GET)
-    public HashMap<String, Object> deleteUserById(@RequestParam("id") Long id) throws UserNotFoundException {
+    public HashMap<String, Object> deleteUserById(@RequestParam("id") Long id, @RequestParam String operator) throws UserNotFoundException {
+        AdminModel operatorModel = service.findAdminUserByUserName(operator);
+        if (operator == null) {
+            result.put(code, notFound);
+            return result;
+        }
+        if (operatorModel.getAuthLevel() <= 0) {
+            result.put(code, authError);
+            return result;
+        }
         AdminModel adminModel = service.deleteAdminUserById(id);
         if (adminModel == null) {
             result.put(code, notFound);
@@ -129,10 +157,20 @@ public HashMap<String, Object> deleteUserById(@RequestParam("id") Long id) throw
 
     @RequestMapping(value = "update", method = RequestMethod.POST)
     public HashMap<String, Object> update(
+            @RequestParam("operator") String operator,
             @RequestParam("userName") String userName,
             @RequestParam("password") String password,
             @RequestParam("authLevel") int authLevel
     ) throws UserNotFoundException {
+        AdminModel operatorModel = service.findAdminUserByUserName(operator);
+        if (operator == null) {
+            result.put(code, notFound);
+            return result;
+        }
+        if (operatorModel.getAuthLevel() <= 0) {
+            result.put(code, authError);
+            return result;
+        }
         AdminModel adminModel = service.findAdminUserByUserName(userName);
         if (adminModel == null) {
             result.put(code, notFound);
@@ -148,7 +186,16 @@ public HashMap<String, Object> update(
     }
 
     @RequestMapping(value = "forbid", method = RequestMethod.GET)
-    public HashMap<String, Object> forbid(@RequestParam("id") Long id) throws UserNotFoundException {
+    public HashMap<String, Object> forbid(@RequestParam("id") Long id, @RequestParam("operator") String operator) throws UserNotFoundException {
+        AdminModel operatorModel = service.findAdminUserByUserName(operator);
+        if (operator == null) {
+            result.put(code, notFound);
+            return result;
+        }
+        if (operatorModel.getAuthLevel() <= 0) {
+            result.put(code, authError);
+            return result;
+        }
         AdminModel model = service.findAdminUserById(id);
         if (model == null) {
             result.put(code, notFound);
diff --git a/core/src/main/java/info/xiaomo/core/constant/Code.java b/core/src/main/java/info/xiaomo/core/constant/Code.java
@@ -47,7 +47,12 @@ public abstract class Code extends Module {
     /**
      * 图片格式不对
      */
-    protected static final int notImg = 205;
+    protected static final int notImg = 206;
+
+    /**
+     * 权限不够
+     */
+    protected static final int authError = 207;
 
     /**
      * 找不到
diff --git a/core/src/main/java/info/xiaomo/core/model/AdminModel.java b/core/src/main/java/info/xiaomo/core/model/AdminModel.java
@@ -46,6 +46,11 @@ public class AdminModel extends BaseModel implements Serializable {
      */
     private int authLevel;
 
+    /**
+     * 操作员(谁加的这个帐号)
+     */
+    private String operator;
+
     public String getUserName() {
         return userName;
     }
@@ -77,4 +82,12 @@ public int getStatus() {
     public void setStatus(int status) {
         this.status = status;
     }
+
+    public String getOperator() {
+        return operator;
+    }
+
+    public void setOperator(String operator) {
+        this.operator = operator;
+    }
 }
diff --git a/项目文档/返回码对照表 b/项目文档/返回码对照表
@@ -0,0 +1,41 @@
+    /**
+     * 成功
+     */
+     success = 200;
+    /**
+     * 己激活
+     */
+     activated = 201;
+    /**
+     * 己过期
+     */
+     expired = 202;
+    /**
+     * 未激活
+     */
+     notActivated = 203;
+    /**
+     * 重复
+     */
+     repeat = 204;
+
+    /**
+     * 出错
+     */
+     error = 205;
+
+    /**
+     * 图片格式不对
+     */
+     notImg = 206;
+
+    /**
+     * 权限不够
+     */
+     authError = 207;
+
+    /**
+     * 找不到
+     */
+     notFound = 404;
+
