增加权限申请接口

src/main/java/com/zy/bms/common/ServerResponse.java

@@ -22,22 +22,26 @@ public class ServerResponse implements Serializable {
     /**
      * 根据成功与否及是否需要返回data提供的各种静态构造方法
      */
-    public static ServerResponse createBySuccess() {
+    public static ServerResponse success() {
         return new ServerResponse(ResponseCode.SUCCESS.code, null, ResponseCode.SUCCESS.msg);
     }
 
-    public static ServerResponse createBySuccess(Object data) {
+    public static ServerResponse success(Object data) {
         return new ServerResponse(ResponseCode.SUCCESS.code, data, ResponseCode.SUCCESS.msg);
     }
 
-    public static ServerResponse createByError() {
+    public static ServerResponse error() {
         return new ServerResponse(ResponseCode.ERROR.code, null, ResponseCode.ERROR.msg);
     }
 
-    public static ServerResponse createByWarning(String msg) {
+    public static ServerResponse warning(String msg) {
         return new ServerResponse(ResponseCode.WARNING.code, null, msg);
     }
 
+    public static ServerResponse custom(ResponseCode code) {
+        return new ServerResponse(code.code, null, code.msg);
+    }
+
     private ServerResponse(int status, Object data, String msg) {
         this.status = status;
         this.msg = msg;

src/main/java/com/zy/bms/common/enums/ResponseCode.java

@@ -6,6 +6,7 @@ package com.zy.bms.common.enums;
 public enum ResponseCode {
     SUCCESS(200, "Success"),//成功
     WARNING(300, "Warning"),//警告,不进入成功回调函数,直接alert
+    AUTHOR(400, "No Access"),//无权限
     ERROR(500, "Error");//服务器异常
     public final int code;
     public final String msg;

src/main/java/com/zy/bms/common/interceptor/AuthInterceptor.java

@@ -1,6 +1,7 @@
 package com.zy.bms.common.interceptor;
 
 import com.zy.bms.manager.SessionManager;
+import com.zy.bms.utils.CustomResponseUtil;
 import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
 
@@ -22,10 +23,15 @@ public class AuthInterceptor extends HandlerInterceptorAdapter {
 
     @Override
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
-        if (!sessionManager.valid(request.getHeader("token"))) {
-            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
-            return false;
+        switch (request.getHeader("channel")) {
+            case "bms": {
+                if (sessionManager.valid(request.getHeader("token"))) return true;
+            }
+            case "ubi-app": {
+                if (request.getHeader("app_user") != null) return true;
+            }
         }
-        return true;
+        CustomResponseUtil.author(response);
+        return false;
     }
 }

src/main/java/com/zy/bms/common/interceptor/VerifyInterceptor.java → src/main/java/com/zy/bms/common/interceptor/ChannelInterceptor.java

@@ -1,10 +1,12 @@
 package com.zy.bms.common.interceptor;
 
+import com.zy.bms.utils.CustomResponseUtil;
 import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import java.util.HashSet;
 
 /**
  * 身份验证拦截器
@@ -14,15 +16,22 @@ import javax.servlet.http.HttpServletResponse;
  * Create on 2019/10/10
  */
 @Component
-public class VerifyInterceptor extends HandlerInterceptorAdapter {
+public class ChannelInterceptor extends HandlerInterceptorAdapter {
+    //合法通道取值
+    private final static HashSet<String> legalHeader = new HashSet<>();
+
+    static {
+        legalHeader.add("bms");
+        legalHeader.add("ubi-app");
+    }
 
     @Override
-    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
         if (request.getMethod().equals("OPTIONS")) {
             response.setStatus(HttpServletResponse.SC_OK);
             return true;
         }
-        if (request.getHeader("verify") != null && request.getHeader("verify").equals("bms")) return true;
+        if (legalHeader.contains(request.getHeader("channel"))) return true;
         response.setStatus(HttpServletResponse.SC_FORBIDDEN);
         return false;
     }

src/main/java/com/zy/bms/config/InterceptorConfig.java

@@ -1,9 +1,8 @@
 package com.zy.bms.config;
 
 import com.zy.bms.common.interceptor.AuthInterceptor;
-import com.zy.bms.common.interceptor.VerifyInterceptor;
+import com.zy.bms.common.interceptor.ChannelInterceptor;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Profile;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
@@ -17,14 +16,14 @@ import java.util.List;
  * @author chenyi
  * Create on 2019/10/10
  */
-@Profile("prod")
+//@Profile("prod")
 @Configuration
 public class InterceptorConfig implements WebMvcConfigurer {
     /**
      * 身份验证拦截器
      */
     @Resource
-    private VerifyInterceptor verifyInterceptor;
+    private ChannelInterceptor verifyInterceptor;
     @Resource
     private AuthInterceptor authInterceptor;
 
@@ -41,11 +40,11 @@ public class InterceptorConfig implements WebMvcConfigurer {
     @Override
     public void addInterceptors(InterceptorRegistry registry) {
         registry.addInterceptor(verifyInterceptor)
-                .addPathPatterns("omp/api/pc/**")
+                .addPathPatterns("/bms/api/app/**")
                 .excludePathPatterns("/common/**");
 
-        registry.addInterceptor(authInterceptor)
-                .addPathPatterns("omp/api/pc/**")
-                .excludePathPatterns(whiteList);
+//        registry.addInterceptor(authInterceptor)
+//                .addPathPatterns("bms/api/app/**")
+//                .excludePathPatterns(whiteList);
     }
 }

src/main/java/com/zy/bms/controller/BaseController.java

@@ -34,7 +34,7 @@ public class BaseController {
      * 获取微信小程序登录User
      */
     public Integer userId() {
-        String userId = AesUtil.decrypt(request.getHeader("wx_user"));
+        String userId = AesUtil.decrypt(request.getHeader("app_user"));
         if (userId == null) throw new ApiRuntimeException("用户ID解析失败!");
         return Integer.parseInt(userId);
     }

src/main/java/com/zy/bms/controller/PrivilegeApplyRecordController.java → src/main/java/com/zy/bms/controller/PrivilegeApplyController.java

@@ -7,6 +7,7 @@ import com.zy.bms.pojo.io.PrivilegeApplyIO;
 import com.zy.bms.service.IGroupService;
 import com.zy.bms.service.IPrivilegeApplyRecordService;
 import com.zy.bms.service.IUserPrivilegeService;
+import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
@@ -21,18 +22,19 @@ import java.time.LocalDateTime;
  * @since 2021-07-12
  */
 @RestController
-@RequestMapping("/bms/privilegeApply")
-public class PrivilegeApplyRecordController extends BaseController {
+@RequestMapping("/bms/api/app/privilegeApply")
+public class PrivilegeApplyController extends BaseController {
 
     @Resource
     private IPrivilegeApplyRecordService privilegeApplyRecordService;
+
     @Resource
     private IUserPrivilegeService userPrivilegeService;
 
     /**
      * 分页查询
      */
-    @PostMapping("listPage.do")
+    @GetMapping("listPage.do")
     public ServerResponse listPage(PrivilegeApplyIO io) {
         return ServerResponse.createBySuccess(privilegeApplyRecordService.listPage(io));
     }

src/main/java/com/zy/bms/entity/PrivilegeApplyRecord.java

@@ -2,13 +2,11 @@ package com.zy.bms.entity;
 
 import com.baomidou.mybatisplus.annotation.IdType;
 import com.baomidou.mybatisplus.annotation.TableId;
+import lombok.Data;
 
 import java.time.LocalDateTime;
 import java.io.Serializable;
 
-import lombok.Data;
-import lombok.EqualsAndHashCode;
-
 /**
  * <p>
  * 权限申请记录
@@ -18,7 +16,6 @@ import lombok.EqualsAndHashCode;
  * @since 2021-07-12
  */
 @Data
-@EqualsAndHashCode(callSuper = false)
 public class PrivilegeApplyRecord implements Serializable {
 
     private static final long serialVersionUID = 1L;

src/main/java/com/zy/bms/mapper/UserPrivilegeMapper.java

@@ -2,7 +2,9 @@ package com.zy.bms.mapper;
 
 import com.zy.bms.entity.UserPrivilege;
 import com.baomidou.mybatisplus.core.mapper.BaseMapper;
+import org.apache.ibatis.annotations.Mapper;
 import org.apache.ibatis.annotations.Param;
+import org.springframework.stereotype.Repository;
 
 import java.util.List;
 
@@ -12,6 +14,8 @@ import java.util.List;
  * @author chenyi
  * @since 2021-07-13
  */
+@Mapper
+@Repository
 public interface UserPrivilegeMapper extends BaseMapper<UserPrivilege> {
 
     /**

src/main/java/com/zy/bms/service/impl/PrivilegeApplyRecordServiceImpl.java

@@ -2,7 +2,6 @@ package com.zy.bms.service.impl;
 
 import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
-import com.zy.bms.entity.Group;
 import com.zy.bms.entity.PrivilegeApplyRecord;
 import com.zy.bms.mapper.PrivilegeApplyRecordMapper;
 import com.zy.bms.pojo.io.PrivilegeApplyIO;
@@ -10,8 +9,6 @@ import com.zy.bms.service.IPrivilegeApplyRecordService;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
 import org.springframework.stereotype.Service;
 
-import java.util.Map;
-
 /**
  * 权限申请记录 服务实现类
  *
@@ -27,8 +24,4 @@ public class PrivilegeApplyRecordServiceImpl extends ServiceImpl<PrivilegeApplyR
         return baseMapper.listPage(page, io);
     }
 
-    @Override
-    public Map<String, Group> getGroupByUserId(String userId) {
-        return null;
-    }
 }

src/main/java/com/zy/bms/utils/CustomResponseUtil.java

@@ -0,0 +1,33 @@
+package com.zy.bms.utils;
+
+import com.alibaba.fastjson.JSON;
+import com.zy.bms.common.ServerResponse;
+import com.zy.bms.common.enums.ResponseCode;
+import com.zy.bms.common.exception.ApiRuntimeException;
+
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * 自定义返回请求
+ *
+ * @author yang xiao kun
+ * create on 2021/7/15
+ */
+public class CustomResponseUtil {
+    //权限不足结果
+    private final static String author = JSON.toJSONString(ServerResponse.custom(ResponseCode.AUTHOR));
+
+    /**
+     * 权限验证失败
+     */
+    public static void author(HttpServletResponse response) {
+        response.setCharacterEncoding("UTF-8");
+        response.setContentType("application/json;charset=utf-8");
+        try {
+            response.getWriter().write(author);
+        } catch (IOException e) {
+            throw new ApiRuntimeException("自定义response返回结果写入异常");
+        }
+    }
+}