blame | history | raw
xin
2025-06-03 95dc030ad8e77303207a1a42a3afd9a7a6612d75 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142

package com.oying.modules.system.rest;


 


import cn.hutool.core.lang.Dict;


import com.baomidou.mybatisplus.extension.plugins.pagination.Page;


import com.oying.modules.system.domain.Role;


import com.oying.utils.R;


import io.swagger.annotations.Api;


import io.swagger.annotations.ApiOperation;


import lombok.RequiredArgsConstructor;


import com.oying.annotation.Log;


import com.oying.exception.BadRequestException;


import com.oying.modules.system.service.RoleService;


import com.oying.modules.system.domain.dto.RoleQueryCriteria;


import com.oying.utils.PageResult;


import com.oying.utils.SecurityUtils;


import org.springframework.http.HttpStatus;


import org.springframework.http.ResponseEntity;


import org.springframework.security.access.prepost.PreAuthorize;


import org.springframework.validation.annotation.Validated;


import org.springframework.web.bind.annotation.*;


 


import javax.servlet.http.HttpServletResponse;


import java.io.IOException;


import java.util.Collections;


import java.util.List;


import java.util.Set;


import java.util.stream.Collectors;


 


/**


 * @author Z


 * @date 2018-12-03


 */


@RestController


@RequiredArgsConstructor


@Api(tags = "系统:角色管理")


@RequestMapping("/api/roles")


public class RoleController {


 


    private final RoleService roleService;


 


    private static final String ENTITY_NAME = "role";


 


    @ApiOperation("获取单个role")


    @GetMapping(value = "/{id}")


    @PreAuthorize("@el.check('roles:list')")


    public ResponseEntity<Object> findRoleById(@PathVariable Long id) {


        return new ResponseEntity<>(R.success(roleService.findById(id)), HttpStatus.OK);


    }


 


    @ApiOperation("导出角色数据")


    @GetMapping(value = "/download")


    @PreAuthorize("@el.check('role:list')")


    public void exportRole(HttpServletResponse response, RoleQueryCriteria criteria) throws IOException {


        roleService.download(roleService.queryAll(criteria), response);


    }


 


    @ApiOperation("返回全部的角色")


    @GetMapping(value = "/all")


    @PreAuthorize("@el.check('roles:list','user:add','user:edit')")


    public ResponseEntity<Object> queryAllRole() {


        return new ResponseEntity<>(R.success(roleService.queryAll()), HttpStatus.OK);


    }


 


    @ApiOperation("查询角色")


    @GetMapping


    @PreAuthorize("@el.check('roles:list')")


    public ResponseEntity<Object> queryRole(RoleQueryCriteria criteria) {


        Page<Object> page = new Page<>(criteria.getPage(), criteria.getSize());


        return new ResponseEntity<>(R.success(roleService.queryAll(criteria, page)), HttpStatus.OK);


    }


 


    @ApiOperation("获取用户级别")


    @GetMapping(value = "/level")


    public ResponseEntity<Object> getRoleLevel() {


        return new ResponseEntity<>(R.success(Dict.create().set("level", getLevels(null))), HttpStatus.OK);


    }


 


    @Log("新增角色")


    @ApiOperation("新增角色")


    @PostMapping


    @PreAuthorize("@el.check('roles:add')")


    public ResponseEntity<Object> createRole(@Validated @RequestBody Role resources) {


        if (resources.getId() != null) {


            throw new BadRequestException("A new " + ENTITY_NAME + " cannot already have an ID");


        }


        getLevels(resources.getLevel());


        roleService.create(resources);


        return new ResponseEntity<>(R.success(), HttpStatus.CREATED);


    }


 


    @Log("修改角色")


    @ApiOperation("修改角色")


    @PutMapping


    @PreAuthorize("@el.check('roles:edit')")


    public ResponseEntity<Object> updateRole(@Validated(Role.Update.class) @RequestBody Role resources) {


        getLevels(resources.getLevel());


        roleService.update(resources);


        return new ResponseEntity<>(R.success(), HttpStatus.NO_CONTENT);


    }


 


    @Log("修改角色菜单")


    @ApiOperation("修改角色菜单")


    @PutMapping(value = "/menu")


    @PreAuthorize("@el.check('roles:edit')")


    public ResponseEntity<Object> updateRoleMenu(@RequestBody Role resources) {


        Role role = roleService.getById(resources.getId());


        getLevels(role.getLevel());


        roleService.updateMenu(resources);


        return new ResponseEntity<>(R.success(), HttpStatus.NO_CONTENT);


    }


 


    @Log("删除角色")


    @ApiOperation("删除角色")


    @DeleteMapping


    @PreAuthorize("@el.check('roles:del')")


    public ResponseEntity<Object> deleteRole(@RequestBody Set<Long> ids) {


        for (Long id : ids) {


            Role role = roleService.getById(id);


            getLevels(role.getLevel());


        }


        // 验证是否被用户关联


        roleService.verification(ids);


        roleService.delete(ids);


        return new ResponseEntity<>(R.success(), HttpStatus.OK);


    }


 


    /**


     * 获取用户的角色级别


     *


     * @return /


     */


    private int getLevels(Integer level) {


        List<Integer> levels = roleService.findByUsersId(SecurityUtils.getCurrentUserId()).stream().map(Role::getLevel).collect(Collectors.toList());


        int min = Collections.min(levels);


        if (level != null) {


            if (level < min) {


                throw new BadRequestException("权限不足,你的角色级别:" + min + ",低于操作的角色级别:" + level);


            }


        }


        return min;


    }


}