PageRenderTime 54ms CodeModel.GetById 26ms RepoModel.GetById 0ms app.codeStats 0ms

/src/main/java/com/jeecms/cms/action/admin/main/CmsAdminGlobalAct.java

https://gitlab.com/spiderworts/ab_pc_cms
Java | 281 lines | 243 code | 30 blank | 8 comment | 23 complexity | 81b5889e043262d2b37aa7328ddf5618 MD5 | raw file
  1. package com.jeecms.cms.action.admin.main;
  2. import static com.jeecms.common.page.SimplePage.cpn;
  3. import java.util.List;
  4. import javax.servlet.http.HttpServletRequest;
  5. import javax.servlet.http.HttpServletResponse;
  6. import org.apache.shiro.authz.annotation.RequiresPermissions;
  7. import org.slf4j.Logger;
  8. import org.slf4j.LoggerFactory;
  9. import org.springframework.stereotype.Controller;
  10. import org.springframework.ui.ModelMap;
  11. import org.springframework.web.bind.annotation.RequestMapping;
  12. import com.jeecms.common.page.Pagination;
  13. import com.jeecms.common.web.CookieUtils;
  14. import com.jeecms.common.web.RequestUtils;
  15. import com.jeecms.core.entity.CmsGroup;
  16. import com.jeecms.core.entity.CmsRole;
  17. import com.jeecms.core.entity.CmsSite;
  18. import com.jeecms.core.entity.CmsUser;
  19. import com.jeecms.core.entity.CmsUserExt;
  20. import com.jeecms.core.web.WebErrors;
  21. import com.jeecms.core.web.util.CmsUtils;
  22. /**
  23. * 全站管理员ACTION
  24. *
  25. */
  26. @Controller
  27. public class CmsAdminGlobalAct extends CmsAdminAbstract {
  28. private static final Logger log = LoggerFactory
  29. .getLogger(CmsAdminGlobalAct.class);
  30. @RequiresPermissions("admin_global:v_list")
  31. @RequestMapping("/admin_global/v_list.do")
  32. public String list(String queryUsername, String queryEmail,
  33. Integer queryGroupId, Boolean queryDisabled, Integer pageNo,
  34. HttpServletRequest request, ModelMap model) {
  35. CmsUser currUser = CmsUtils.getUser(request);
  36. Pagination pagination = manager.getPage(queryUsername, queryEmail,
  37. null, queryGroupId, queryDisabled, true, currUser.getRank(),
  38. cpn(pageNo), CookieUtils.getPageSize(request));
  39. model.addAttribute("pagination", pagination);
  40. model.addAttribute("queryUsername", queryUsername);
  41. model.addAttribute("queryEmail", queryEmail);
  42. model.addAttribute("queryGroupId", queryGroupId);
  43. model.addAttribute("queryDisabled", queryDisabled);
  44. return "admin/global/list";
  45. }
  46. @RequiresPermissions("admin_global:v_add")
  47. @RequestMapping("/admin_global/v_add.do")
  48. public String add(HttpServletRequest request, ModelMap model) {
  49. CmsSite site = CmsUtils.getSite(request);
  50. CmsUser currUser = CmsUtils.getUser(request);
  51. List<CmsGroup> groupList = cmsGroupMng.getList();
  52. List<CmsSite> siteList = cmsSiteMng.getList();
  53. List<CmsRole> roleList = cmsRoleMng.getList();
  54. model.addAttribute("site", site);
  55. model.addAttribute("groupList", groupList);
  56. model.addAttribute("siteList", siteList);
  57. model.addAttribute("roleList", roleList);
  58. model.addAttribute("currRank", currUser.getRank());
  59. return "admin/global/add";
  60. }
  61. @RequiresPermissions("admin_global:v_edit")
  62. @RequestMapping("/admin_global/v_edit.do")
  63. public String edit(Integer id, Integer queryGroupId, Boolean queryDisabled,
  64. HttpServletRequest request, ModelMap model) {
  65. CmsSite site = CmsUtils.getSite(request);
  66. String queryUsername = RequestUtils.getQueryParam(request,
  67. "queryUsername");
  68. String queryEmail = RequestUtils.getQueryParam(request, "queryEmail");
  69. CmsUser currUser = CmsUtils.getUser(request);
  70. WebErrors errors = validateEdit(id, request);
  71. if (errors.hasErrors()) {
  72. return errors.showErrorPage(model);
  73. }
  74. CmsUser admin = manager.findById(id);
  75. List<CmsGroup> groupList = cmsGroupMng.getList();
  76. List<CmsSite> siteList = cmsSiteMng.getList();
  77. List<CmsRole> roleList = cmsRoleMng.getList();
  78. model.addAttribute("cmsAdmin", admin);
  79. model.addAttribute("site", site);
  80. model.addAttribute("siteIds", admin.getSiteIds());
  81. model.addAttribute("roleIds", admin.getRoleIds());
  82. model.addAttribute("groupList", groupList);
  83. model.addAttribute("siteList", siteList);
  84. model.addAttribute("roleList", roleList);
  85. model.addAttribute("currRank", currUser.getRank());
  86. model.addAttribute("queryUsername", queryUsername);
  87. model.addAttribute("queryEmail", queryEmail);
  88. model.addAttribute("queryGroupId", queryGroupId);
  89. model.addAttribute("queryDisabled", queryDisabled);
  90. return "admin/global/edit";
  91. }
  92. @RequiresPermissions("admin_global:o_save")
  93. @RequestMapping("/admin_global/o_save.do")
  94. public String save(CmsUser bean, CmsUserExt ext, String username,
  95. String email, String password, Boolean selfAdmin, Integer rank, Integer groupId,
  96. Integer[] roleIds,Integer[] channelIds, Integer[] siteIds,
  97. Byte[] steps, Boolean[] allChannels, HttpServletRequest request,
  98. ModelMap model) {
  99. WebErrors errors = validateSave(bean, siteIds, steps, allChannels,
  100. request);
  101. if (errors.hasErrors()) {
  102. return errors.showErrorPage(model);
  103. }
  104. String ip = RequestUtils.getIpAddr(request);
  105. bean = manager.saveAdmin(username, email, password, ip, false,
  106. selfAdmin, rank, groupId, roleIds, channelIds, siteIds, steps,
  107. allChannels, ext);
  108. log.info("save CmsAdmin id={}", bean.getId());
  109. cmsLogMng.operating(request, "cmsUser.log.save", "id=" + bean.getId()
  110. + ";username=" + bean.getUsername());
  111. return "redirect:v_list.do";
  112. }
  113. @RequiresPermissions("admin_global:o_update")
  114. @RequestMapping("/admin_global/o_update.do")
  115. public String update(CmsUser bean, CmsUserExt ext, String password,
  116. Integer groupId,Integer[] roleIds, Integer[] channelIds,
  117. Integer[] siteIds, Byte[] steps, Boolean[] allChannels,
  118. String queryUsername, String queryEmail, Integer queryGroupId,
  119. Boolean queryDisabled, Integer pageNo, HttpServletRequest request,
  120. ModelMap model) {
  121. WebErrors errors = validateUpdate(bean.getId(),bean.getRank(), request);
  122. if (errors.hasErrors()) {
  123. return errors.showErrorPage(model);
  124. }
  125. bean = manager.updateAdmin(bean, ext, password, groupId, roleIds,
  126. channelIds, siteIds, steps, allChannels);
  127. log.info("update CmsAdmin id={}.", bean.getId());
  128. cmsLogMng.operating(request, "cmsUser.log.update", "id=" + bean.getId()
  129. + ";username=" + bean.getUsername());
  130. return list(queryUsername, queryEmail, queryGroupId, queryDisabled,
  131. pageNo, request, model);
  132. }
  133. @RequiresPermissions("admin_global:o_delete")
  134. @RequestMapping("/admin_global/o_delete.do")
  135. public String delete(Integer[] ids, Integer queryGroupId,
  136. Boolean queryDisabled, Integer pageNo, HttpServletRequest request,
  137. ModelMap model) {
  138. String queryUsername = RequestUtils.getQueryParam(request,
  139. "queryUsername");
  140. String queryEmail = RequestUtils.getQueryParam(request, "queryEmail");
  141. WebErrors errors = validateDelete(ids, request);
  142. if (errors.hasErrors()) {
  143. return errors.showErrorPage(model);
  144. }
  145. CmsUser[] beans = manager.deleteByIds(ids);
  146. for (CmsUser bean : beans) {
  147. log.info("delete CmsAdmin id={}", bean.getId());
  148. cmsLogMng.operating(request, "cmsUser.log.delete", "id="
  149. + bean.getId() + ";username=" + bean.getUsername());
  150. }
  151. return list(queryUsername, queryEmail, queryGroupId, queryDisabled,
  152. pageNo, request, model);
  153. }
  154. @RequiresPermissions("admin_global:v_channels_add")
  155. @RequestMapping(value = "/admin_global/v_channels_add.do")
  156. public String channelsAdd(Integer siteId, HttpServletRequest request,
  157. HttpServletResponse response, ModelMap model) {
  158. return channelsAddJson(siteId, request, response, model);
  159. }
  160. @RequiresPermissions("admin_global:v_channels_edit")
  161. @RequestMapping(value = "/admin_global/v_channels_edit.do")
  162. public String channelsEdit(Integer userId, Integer siteId,
  163. HttpServletRequest request, HttpServletResponse response,
  164. ModelMap model) {
  165. return channelsEditJson(userId, siteId, request, response, model);
  166. }
  167. @RequiresPermissions("admin_global:v_check_username")
  168. @RequestMapping(value = "/admin_global/v_check_username.do")
  169. public void checkUsername(HttpServletRequest request, HttpServletResponse response) {
  170. checkUserJson(request, response);
  171. }
  172. @RequiresPermissions("admin_global:v_check_email")
  173. @RequestMapping(value = "/admin_global/v_check_email.do")
  174. public void checkEmail(String email, HttpServletResponse response) {
  175. checkEmailJson(email, response);
  176. }
  177. private WebErrors validateSave(CmsUser bean, Integer[] siteIds,
  178. Byte[] steps, Boolean[] allChannels, HttpServletRequest request) {
  179. WebErrors errors = WebErrors.create(request);
  180. if (siteIds != null) {
  181. if (steps == null) {
  182. errors.addError("steps cannot be null");
  183. return errors;
  184. }
  185. if (allChannels == null) {
  186. errors.addError("allChannels cannot be null");
  187. return errors;
  188. }
  189. if (siteIds.length != steps.length
  190. || siteIds.length != allChannels.length) {
  191. errors.addError("siteIds length, steps length,"
  192. + " allChannels length not equals");
  193. return errors;
  194. }
  195. }
  196. return errors;
  197. }
  198. private WebErrors validateEdit(Integer id, HttpServletRequest request) {
  199. WebErrors errors = WebErrors.create(request);
  200. if (vldExist(id, errors)) {
  201. return errors;
  202. }
  203. // TODO 检查管理员rank
  204. return errors;
  205. }
  206. private WebErrors validateUpdate(Integer id, Integer rank,HttpServletRequest request) {
  207. WebErrors errors = WebErrors.create(request);
  208. if (vldExist(id, errors)) {
  209. return errors;
  210. }
  211. if (vldParams(id,rank, request, errors)) {
  212. return errors;
  213. }
  214. // TODO 检查管理员rank
  215. return errors;
  216. }
  217. private WebErrors validateDelete(Integer[] ids, HttpServletRequest request) {
  218. WebErrors errors = WebErrors.create(request);
  219. errors.ifEmpty(ids, "ids");
  220. for (Integer id : ids) {
  221. vldExist(id, errors);
  222. }
  223. return errors;
  224. }
  225. private boolean vldExist(Integer id, WebErrors errors) {
  226. if (errors.ifNull(id, "id")) {
  227. return true;
  228. }
  229. CmsUser entity = manager.findById(id);
  230. if (errors.ifNotExist(entity, CmsUser.class, id)) {
  231. return true;
  232. }
  233. return false;
  234. }
  235. private boolean vldParams(Integer id,Integer rank, HttpServletRequest request,
  236. WebErrors errors) {
  237. CmsUser user = CmsUtils.getUser(request);
  238. CmsUser entity = manager.findById(id);
  239. //提升等级大于当前登录用户
  240. if (rank > user.getRank()) {
  241. errors.addErrorCode("error.noPermissionToRaiseRank", id);
  242. return true;
  243. }
  244. //修改的用户等级大于当前登录用户 无权限
  245. if (entity.getRank() > user.getRank()) {
  246. errors.addErrorCode("error.noPermission", CmsUser.class, id);
  247. return true;
  248. }
  249. return false;
  250. }
  251. }