后台权限控制功能调整

fuint-application/src/main/java/com/fuint/common/dto/AccountInfo.java

@@ -26,6 +26,7 @@ public class AccountInfo implements Serializable {
     private int ownerId;
     private String realName;
     private Integer merchantId;
+    private String merchantName;
     private Integer storeId;
     private String storeName;
     private Integer staffId;

fuint-application/src/main/java/com/fuint/common/service/DutyService.java

@@ -60,21 +60,25 @@ public interface DutyService extends IService<TDuty> {
     /**
      * 删除方法
      *
+     * @param merchantId
      * @param dutyId
      */
-    void deleteDuty(long dutyId);
+    void deleteDuty(Integer merchantId, long dutyId);
 
     /**
      * 更新状态
      *
+     * @param merchantId
      * @param dutyStatusRequest
+     * @return
      */
-    void updateStatus(DutyStatusRequest dutyStatusRequest) throws BusinessCheckException;
+    void updateStatus(Integer merchantId, DutyStatusRequest dutyStatusRequest) throws BusinessCheckException;
 
     /**
      * 修改角色
      *
      * @param tduty
+     * @return
      */
     void updateDuty(TDuty tduty, List<TSource> sources) throws BusinessCheckException;
 

fuint-application/src/main/java/com/fuint/common/service/SourceService.java

@@ -41,10 +41,11 @@ public interface SourceService extends IService<TSource> {
     /**
      * 根据会员ID获取菜单
      *
-     * @param  userId 会员ID
+     * @param  merchantId 商户ID
+     * @param  accountId 账号ID
      * @throws BusinessCheckException
      */
-    List<TSource> getMenuListByUserId(Integer userId) throws BusinessCheckException;
+    List<TSource> getMenuListByUserId(Integer merchantId, Integer accountId) throws BusinessCheckException;
 
     /**
      * 构建前端路由所需要的菜单

fuint-application/src/main/java/com/fuint/common/service/impl/AccountServiceImpl.java

@@ -128,6 +128,18 @@ public class AccountServiceImpl extends ServiceImpl<TAccountMapper, TAccount> im
             accountInfo.setStaffId(account.getStaffId());
             accountInfo.setStoreId(account.getStoreId());
             accountInfo.setMerchantId(account.getMerchantId());
+            if (account.getMerchantId() != null && account.getMerchantId() > 0) {
+                MtMerchant mtMerchant = mtMerchantMapper.selectById(account.getMerchantId());
+                if (mtMerchant != null) {
+                    accountInfo.setMerchantName(mtMerchant.getName());
+                }
+            }
+            if (account.getStoreId() != null && account.getStoreId() > 0) {
+                MtStore mtStore = mtStoreMapper.selectById(account.getStoreId());
+                if (mtStore != null) {
+                    accountInfo.setStoreName(mtStore.getName());
+                }
+            }
             return accountInfo;
         } else {
             return null;

fuint-application/src/main/java/com/fuint/common/service/impl/DutyServiceImpl.java

@@ -80,10 +80,14 @@ public class DutyServiceImpl extends ServiceImpl<TDutyMapper, TDuty> implements
     @Override
     @Transactional(rollbackFor = Exception.class)
     @OperationServiceLog(description = "删除后台角色")
-    public void deleteDuty(long dutyId) {
+    public void deleteDuty(Integer merchantId, long dutyId) {
+        TDuty tDuty = getRoleById(dutyId);
+        if (!merchantId.equals(tDuty.getMerchantId()) && merchantId > 0) {
+            throw new BusinessRuntimeException("抱歉，您没有删除的权限");
+        }
         try {
-            tDutySourceMapper.deleteSourcesByDutyId((int) dutyId);
-            tDutyMapper.deleteById(dutyId);
+             tDutySourceMapper.deleteSourcesByDutyId((int) dutyId);
+             tDutyMapper.deleteById(dutyId);
         } catch (Exception e) {
             throw new BusinessRuntimeException("该角色已存在关联用户，无法删除");
         }
@@ -92,14 +96,20 @@ public class DutyServiceImpl extends ServiceImpl<TDutyMapper, TDuty> implements
     /**
      * 更新角色状态
      *
+     * @param merchantId
      * @param dutyStatusRequest
      * @return
      */
     @Override
     @Transactional(rollbackFor = Exception.class)
     @OperationServiceLog(description = "更新后台角色状态")
-    public void updateStatus(DutyStatusRequest dutyStatusRequest) throws BusinessCheckException {
+    public void updateStatus(Integer merchantId, DutyStatusRequest dutyStatusRequest) throws BusinessCheckException {
         TDuty tDuty = tDutyMapper.selectById(dutyStatusRequest.getRoleId());
+
+        if (!merchantId.equals(tDuty.getMerchantId()) && merchantId > 0) {
+            throw new BusinessRuntimeException("抱歉，您没有操作的权限");
+        }
+
         if (tDuty != null) {
             tDuty.setStatus(dutyStatusRequest.getStatus());
             tDutyMapper.updateById(tDuty);
@@ -213,7 +223,10 @@ public class DutyServiceImpl extends ServiceImpl<TDutyMapper, TDuty> implements
         }
         String merchantId = paginationRequest.getSearchParams().get("merchantId") == null ? "" : paginationRequest.getSearchParams().get("merchantId").toString();
         if (StringUtils.isNotBlank(merchantId)) {
-            lambdaQueryWrapper.eq(TDuty::getMerchantId, merchantId);
+            lambdaQueryWrapper.and(wq -> wq
+                    .eq(TDuty::getMerchantId, 0)
+                    .or()
+                    .eq(TDuty::getMerchantId, merchantId));
         }
 
         lambdaQueryWrapper.orderByDesc(TDuty::getDutyId);

fuint-application/src/main/java/com/fuint/common/service/impl/PaymentServiceImpl.java

@@ -72,18 +72,33 @@ public class PaymentServiceImpl implements PaymentService {
     @Autowired
     private BalanceService balanceService;
 
+    /**
+     * 积分服务接口
+     * */
     @Autowired
     private PointService pointService;
 
+    /**
+     * 会员卡券服务接口
+     * */
     @Autowired
     private UserCouponService userCouponService;
 
+    /**
+     * 系统设置服务接口
+     * */
     @Autowired
     private SettingService settingService;
 
+    /**
+     * 会员等级服务接口
+     * */
     @Autowired
     private UserGradeService userGradeService;
 
+    /**
+     * 开卡赠礼服务接口
+     * */
     @Autowired
     private OpenGiftService openGiftService;
 

fuint-application/src/main/java/com/fuint/common/service/impl/SourceServiceImpl.java

@@ -93,12 +93,16 @@ public class SourceServiceImpl extends ServiceImpl<TSourceMapper, TSource> imple
     /**
      * 根据账号ID获取菜单列表
      *
+     * @param  merchantId 商户ID
      * @param  accountId 账号ID
      * @throws BusinessCheckException
      */
     @Override
-    public List<TSource> getMenuListByUserId(Integer accountId) {
-        List<TSource> sourceList = tSourceMapper.findSourcesByAccountId(accountId);
+    public List<TSource> getMenuListByUserId(Integer merchantId, Integer accountId) {
+        if (merchantId == null) {
+            merchantId = 0;
+        }
+        List<TSource> sourceList = tSourceMapper.findSourcesByAccountId(merchantId, accountId);
         return delRepeated(sourceList);
     }
 

fuint-application/src/main/java/com/fuint/common/util/TokenUtil.java

@@ -48,6 +48,9 @@ public class TokenUtil {
 
     /**
      * 保存token
+     *
+     * @param userInfo
+     * @return
      * */
     public static void saveToken(UserInfo userInfo) {
         if (userInfo == null || userInfo.getToken() == null) {
@@ -102,6 +105,7 @@ public class TokenUtil {
 
     /**
      * 保存后台登录token
+     *
      * @param accountInfo
      * @return
      * */

fuint-application/src/main/java/com/fuint/module/backendApi/controller/BackendDutyController.java

@@ -113,7 +113,7 @@ public class BackendDutyController extends BaseController {
     /**
      * 新增角色
      *
-     * @param request  HttpServletRequest对象
+     * @param  request  HttpServletRequest对象
      * @return 角色列表页面
      * @throws BusinessCheckException
      */
@@ -206,7 +206,7 @@ public class BackendDutyController extends BaseController {
     @ApiOperation(value = "修改角色")
     @RequestMapping(value = "/update", method = RequestMethod.POST)
     @CrossOrigin
-    public ResponseObject updateHandler(HttpServletRequest request, @RequestBody Map<String, Object> param) throws BusinessCheckException {
+    public ResponseObject updateHandler(HttpServletRequest request, @RequestBody Map<String, Object> param) {
         String token = request.getHeader("Access-Token");
         List<Integer> menuIds = (List) param.get("menuIds");
         String id = param.get("id").toString();
@@ -225,11 +225,14 @@ public class BackendDutyController extends BaseController {
         }
 
         TDuty duty = tDutyService.getRoleById(Long.parseLong(id));
+        if (!duty.getMerchantId().equals(accountInfo.getMerchantId()) && accountInfo.getMerchantId() > 0) {
+            return getFailureResult(201, "抱歉，您没有修改权限");
+        }
+
         duty.setDescription(description);
         duty.setDutyName(name);
         duty.setStatus(status);
         duty.setDutyType(type);
-        duty.setMerchantId(accountInfo.getMerchantId());
 
         // 获取角色所分配的菜单
         List<TSource> sources = null;
@@ -259,9 +262,14 @@ public class BackendDutyController extends BaseController {
     @ApiOperation(value = "删除角色信息")
     @RequestMapping(value = "/delete/{roleId}", method = RequestMethod.POST)
     @CrossOrigin
-    public ResponseObject deleteAccount(@PathVariable("roleId") Long roleId) {
+    public ResponseObject deleteRole(HttpServletRequest request, @PathVariable("roleId") Long roleId) {
+        String token = request.getHeader("Access-Token");
+        AccountInfo accountInfo = TokenUtil.getAccountInfoByToken(token);
+        if (accountInfo == null) {
+            return getFailureResult(1001, "请先登录");
+        }
         try {
-            tDutyService.deleteDuty(roleId);
+            tDutyService.deleteDuty(accountInfo.getMerchantId(), roleId);
         } catch (BusinessRuntimeException e) {
             return getFailureResult(201, e.getMessage() == null ? "角色删除失败" : e.getMessage());
         }
@@ -277,9 +285,15 @@ public class BackendDutyController extends BaseController {
     @ApiOperation(value = "修改角色状态")
     @RequestMapping(value = "/changeStatus", method = RequestMethod.POST)
     @CrossOrigin
-    public ResponseObject changeStatus(@RequestBody DutyStatusRequest dutyStatusRequest) {
+    public ResponseObject changeStatus(HttpServletRequest request, @RequestBody DutyStatusRequest dutyStatusRequest) {
+        String token = request.getHeader("Access-Token");
+        AccountInfo accountInfo = TokenUtil.getAccountInfoByToken(token);
+        if (accountInfo == null) {
+            return getFailureResult(1001, "请先登录");
+        }
+
         try {
-            tDutyService.updateStatus(dutyStatusRequest);
+            tDutyService.updateStatus(accountInfo.getMerchantId(), dutyStatusRequest);
         } catch (BusinessCheckException e) {
             return getFailureResult(201, e.getMessage() == null ? "操作失败" : e.getMessage());
         }

fuint-application/src/main/java/com/fuint/module/backendApi/controller/BackendLoginController.java

@@ -135,7 +135,7 @@ public class BackendLoginController extends BaseController {
             }
         }
 
-        List<TSource> sources = sourceService.getMenuListByUserId(accountInfo.getId());
+        List<TSource> sources = sourceService.getMenuListByUserId(accountInfo.getMerchantId(), accountInfo.getId());
         List<String> permissions = new ArrayList<>();
         if (sources.size() > 0) {
             for (TSource source : sources) {
@@ -165,12 +165,12 @@ public class BackendLoginController extends BaseController {
     @CrossOrigin
     public ResponseObject getRouters(HttpServletRequest request) throws BusinessCheckException {
         String token = request.getHeader("Access-Token");
-        if (StringUtil.isEmpty(token)) {
-            return getFailureResult(201,"请求参数有误");
+        AccountInfo accountInfo = TokenUtil.getAccountInfoByToken(token);
+        if (accountInfo == null) {
+            return getFailureResult(401, "登录信息已失效，请重新登录");
         }
 
-        AccountInfo accountInfo = TokenUtil.getAccountInfoByToken(token);
-        List<TSource> sources = sourceService.getMenuListByUserId(accountInfo.getId());
+        List<TSource> sources = sourceService.getMenuListByUserId(accountInfo.getMerchantId(), accountInfo.getId());
 
         List<TreeNode> trees = new ArrayList<>();
         TreeNode treeNode;

fuint-application/src/main/java/com/fuint/module/backendApi/controller/BackendSourceController.java

@@ -176,6 +176,9 @@ public class BackendSourceController extends BaseController {
         Long id = param.get("id") == null ? 0 : Long.parseLong(param.get("id").toString());
 
         TSource editSource = sSourceService.getById(id);
+        if (!editSource.getMerchantId().equals(accountInfo.getMerchantId()) && accountInfo.getMerchantId() > 0) {
+            return getFailureResult(201, "抱歉，您没有修改的权限");
+        }
         editSource.setSourceName(name);
         editSource.setStatus(status);
         editSource.setNewIcon(icon);
@@ -184,7 +187,6 @@ public class BackendSourceController extends BaseController {
         editSource.setSourceStyle(sort);
         editSource.setIsMenu(isMenu);
         editSource.setSourceCode(editSource.getPath());
-        editSource.setMerchantId(accountInfo.getMerchantId());
 
         String eName = "";
         String[] paths = path.split("/");
@@ -230,9 +232,11 @@ public class BackendSourceController extends BaseController {
         if (accountInfo == null) {
             return getFailureResult(1001, "请先登录");
         }
-
         try {
             TSource tSource = sSourceService.getById(sourceId);
+            if (!tSource.getMerchantId().equals(accountInfo.getMerchantId()) && accountInfo.getMerchantId() > 0) {
+                return getFailureResult(201, "抱歉，您没有删除的权限");
+            }
             tSource.setStatus(StatusEnum.DISABLE.getKey());
             sSourceService.editSource(tSource);
         } catch(Exception e) {

fuint-repository/src/main/java/com/fuint/repository/mapper/TSourceMapper.java

@@ -13,7 +13,7 @@ import java.util.List;
  */
 public interface TSourceMapper extends BaseMapper<TSource> {
 
-    List<TSource> findSourcesByAccountId(@Param("accountId") Integer accountId);
+    List<TSource> findSourcesByAccountId(@Param("merchantId") Integer merchantId, @Param("accountId") Integer accountId);
 
     List<TSource> findByIdIn(@Param("ids") List<String> ids);
 

fuint-repository/src/main/resources/mapper/TSourceMapper.xml

@@ -2,7 +2,7 @@
 <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
 <mapper namespace="com.fuint.repository.mapper.TSourceMapper">
     <select id="findSourcesByAccountId" resultType="com.fuint.repository.model.TSource">
-        SELECT s.* FROM `t_source` s WHERE s.status='A' AND source_id IN(SELECT source_id FROM `t_duty_source` WHERE duty_id IN(SELECT duty_id FROM `t_account_duty` WHERE acct_id = #{accountId})) ORDER BY s.source_style ASC
+        SELECT s.* FROM `t_source` s WHERE s.status='A' AND (s.merchant_id = 0 OR s.merchant_id = #{merchantId}) AND source_id IN(SELECT source_id FROM `t_duty_source` WHERE duty_id IN(SELECT duty_id FROM `t_account_duty` WHERE acct_id = #{accountId})) ORDER BY s.source_style ASC
     </select>
 
     <select id="findByIdIn" resultType="com.fuint.repository.model.TSource">
@@ -13,10 +13,10 @@
     </select>
 
     <select id="findByStatus" resultType="com.fuint.repository.model.TSource">
-        select * from t_source u
-        where u.status = #{status}
+        select * from t_source s
+        where s.status = #{status}
         <if test="merchantId != null and merchantId > 0">
-            and u.MERCHANT_ID = #{merchantId}
+            and (s.merchant_id = 0 OR s.merchant_id = #{merchantId})
         </if>
     </select>
 </mapper>