修改微信小程序接口

src/main/java/com/zy/bms/common/annotation/AdminAuthorWx.java

@@ -0,0 +1,15 @@
+package com.zy.bms.common.annotation;
+
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+import static java.lang.annotation.ElementType.METHOD;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+/**
+ * 管理员权限
+ */
+@Target(METHOD)
+@Retention(RUNTIME)
+public @interface AdminAuthorWx {
+}

src/main/java/com/zy/bms/common/annotation/UserPrivilegeWx.java

@@ -0,0 +1,15 @@
+package com.zy.bms.common.annotation;
+
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+import static java.lang.annotation.ElementType.METHOD;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+/**
+ * 用户权限
+ */
+@Target(METHOD)
+@Retention(RUNTIME)
+public @interface UserPrivilegeWx {
+}

src/main/java/com/zy/bms/common/aspect/AdminAuthorWxAop.java

@@ -0,0 +1,46 @@
+package com.zy.bms.common.aspect;
+
+import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
+import com.zy.bms.common.ServerResponse;
+import com.zy.bms.common.enums.ResponseCode;
+import com.zy.bms.entity.User;
+import com.zy.bms.service.IUserService;
+import com.zy.bms.utils.AesUtil;
+import lombok.extern.slf4j.Slf4j;
+import org.aspectj.lang.ProceedingJoinPoint;
+import org.aspectj.lang.annotation.Around;
+import org.aspectj.lang.annotation.Aspect;
+import org.springframework.stereotype.Component;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import javax.annotation.Resource;
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * 微信用户是否是管理员权限拦截
+ */
+@Slf4j
+@Aspect
+@Component
+public class AdminAuthorWxAop {
+
+    @Resource
+    private IUserService userService;
+
+
+    @Around(value = "@annotation(com.zy.bms.common.annotation.AdminAuthorWx)")
+    public Object doAround(ProceedingJoinPoint joinPoint) {
+        try {
+            //获取request对象
+            HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
+            String userId = AesUtil.decrypt(request.getHeader("app_user"));
+            User user = userService.getOne(new QueryWrapper<User>().eq("id", userId));
+            if (user != null && user.getAdmin() == 1) return joinPoint.proceed();
+        } catch (Throwable throwable) {
+            log.error("微信用户判断管理员权限AOP错误", throwable);
+            throwable.printStackTrace();
+        }
+        return ServerResponse.custom(ResponseCode.AUTHOR);
+    }
+}

src/main/java/com/zy/bms/common/aspect/UserPrivilegeWxAop.java

@@ -0,0 +1,73 @@
+package com.zy.bms.common.aspect;
+
+import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
+import com.zy.bms.common.ServerResponse;
+import com.zy.bms.common.enums.ResponseCode;
+import com.zy.bms.entity.DeviceBase;
+import com.zy.bms.entity.UserPrivilege;
+import com.zy.bms.service.IDeviceBaseService;
+import com.zy.bms.service.IUserPrivilegeService;
+import com.zy.bms.utils.AesUtil;
+import lombok.extern.slf4j.Slf4j;
+import org.aspectj.lang.ProceedingJoinPoint;
+import org.aspectj.lang.annotation.Around;
+import org.aspectj.lang.annotation.Aspect;
+import org.aspectj.lang.reflect.CodeSignature;
+import org.springframework.stereotype.Component;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import javax.annotation.Resource;
+import javax.servlet.http.HttpServletRequest;
+import java.util.HashMap;
+
+/**
+ * 微信用户权限拦截
+ */
+@Slf4j
+//@Aspect
+//@Component
+public class UserPrivilegeWxAop {
+
+    @Resource
+    private IUserPrivilegeService userPrivilegeService;
+
+    @Resource
+    private IDeviceBaseService deviceBaseService;
+
+
+    @Around(value = "@annotation(com.zy.bms.common.annotation.UserPrivilegeWx)")
+    public Object doAround(ProceedingJoinPoint joinPoint) {
+        try {
+            //获取request对象
+            HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
+            String userId = AesUtil.decrypt(request.getHeader("app_user"));
+            HashMap<String, Object> params = getNameAndValue(joinPoint);
+            String openNum = params.get("openNum").toString();
+            DeviceBase deviceBase = deviceBaseService.getOne(new QueryWrapper<DeviceBase>().eq("open_num", openNum));
+            if (deviceBase != null) {
+                UserPrivilege userPrivilege = userPrivilegeService
+                        .getOne(new QueryWrapper<UserPrivilege>().eq("user_id", userId)
+                                .eq("group_id", deviceBase.getGroupId()));
+                if (userPrivilege != null) return joinPoint.proceed();
+            }
+        } catch (Throwable throwable) {
+            log.error("微信用户设备权限AOP错误", throwable);
+            throwable.printStackTrace();
+        }
+        return ServerResponse.custom(ResponseCode.AUTHOR);
+    }
+
+    /**
+     * 获取参数Map
+     */
+    private HashMap<String, Object> getNameAndValue(ProceedingJoinPoint joinPoint) {
+        HashMap<String, Object> result = new HashMap<>();
+        Object[] paramValues = joinPoint.getArgs();
+        String[] paramNames = ((CodeSignature) joinPoint.getSignature()).getParameterNames();
+        for (int i = 0; i < paramNames.length; i++) {
+            result.put(paramNames[i], paramValues[i]);
+        }
+        return result;
+    }
+}

src/main/java/com/zy/bms/controller/UbiLpWxController.java

@@ -2,7 +2,7 @@ package com.zy.bms.controller;
 
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.zy.bms.common.ServerResponse;
-import com.zy.bms.common.enums.ResponseCode;
+import com.zy.bms.common.annotation.AdminAuthorWx;
 import com.zy.bms.entity.DeviceBase;
 import com.zy.bms.entity.User;
 import com.zy.bms.entity.UserPrivilege;
@@ -73,24 +73,18 @@ public class UbiLpWxController extends BaseController {
     /**
      * 查看当前在线设备 rabbitMQ
      */
+    @AdminAuthorWx
     @GetMapping("connections.do")
     public ServerResponse connections() {
-        User user = userService.getOne(new QueryWrapper<User>().eq("user_id", userId()));
-        if (user == null || user.getAdmin() != 1) {
-            return ServerResponse.custom(ResponseCode.AUTHOR);
-        }
         return ServerResponse.success(RabbitMQApi.connections());
     }
 
     /**
      * 查看当前注册的用户 rabbitMQ
      */
+    @AdminAuthorWx
     @GetMapping("users.do")
     public ServerResponse users() {
-        User user = userService.getOne(new QueryWrapper<User>().eq("user_id", userId()));
-        if (user == null || user.getAdmin() != 1) {
-            return ServerResponse.custom(ResponseCode.AUTHOR);
-        }
         return ServerResponse.success(RabbitMQApi.users());
     }
 
@@ -102,14 +96,6 @@ public class UbiLpWxController extends BaseController {
         return ServerResponse.success(groupService.getByUserId(userId()));
     }
 
-    /**
-     * 校验设备码是否存在
-     */
-    @GetMapping("checkOpenNum.do")
-    public ServerResponse checkOpenNum(String openNum) {
-        return ServerResponse.success(deviceBaseService.checkOpenNum(openNum));
-    }
-
     /**
      * 通过设备组ID查询设备列表
      */
@@ -126,7 +112,7 @@ public class UbiLpWxController extends BaseController {
     @GetMapping("getDevicesByUserId.do")
     public ServerResponse getDevicesByUserId() {
         List<String> groupIds = userPrivilegeService.getGroupIdsByUserId(userId());
-        if (groupIds.isEmpty()) return ServerResponse.success(null);
+        if (groupIds == null || groupIds.isEmpty()) return ServerResponse.success(null);
         return ServerResponse.success(deviceBaseService.listByGroupIdsWx(groupIds));
     }
 
@@ -138,13 +124,10 @@ public class UbiLpWxController extends BaseController {
         DeviceBase device = deviceBaseService.getOne(new QueryWrapper<DeviceBase>().eq("open_num", openNum));
         if (device == null) return ServerResponse.warning("设备码错误!");
         //如果该用户没有该设备组权限,则加上权限
-        UserPrivilege userPrivilege = userPrivilegeService.getOne(new QueryWrapper<UserPrivilege>()
-                .eq("group_id", device.getGroupId()).eq("user_id", userId()));
-        if (userPrivilege == null) {
-            UserPrivilege entity = new UserPrivilege();
-            entity.setUserId(userId());
-            entity.setGroupId(device.getGroupId());
-            userPrivilegeService.save(entity);
+        if (userPrivilegeService.getOne(new QueryWrapper<UserPrivilege>()
+                .eq("group_id", device.getGroupId())
+                .eq("user_id", userId())) == null) {
+            userPrivilegeService.save(new UserPrivilege(userId(), device.getGroupId()));
         }
         return ServerResponse.success(deviceBaseService.getDetailWx(openNum));
     }

src/main/java/com/zy/bms/entity/UserPrivilege.java

@@ -7,7 +7,7 @@ import java.time.LocalDateTime;
 import java.io.Serializable;
 
 import lombok.Data;
-import lombok.EqualsAndHashCode;
+import lombok.NoArgsConstructor;
 
 /**
  * 用户查看手机设备权限表
@@ -16,10 +16,16 @@ import lombok.EqualsAndHashCode;
  * @since 2021-07-13
  */
 @Data
+@NoArgsConstructor
 public class UserPrivilege implements Serializable {
 
     private static final long serialVersionUID = 1L;
 
+    public UserPrivilege(Integer userId, String groupId) {
+        this.userId = userId;
+        this.groupId = groupId;
+    }
+
     @TableId(type = IdType.INPUT)
     private Integer id;
 

src/main/resources/application.yml

@@ -1,3 +1,3 @@
 spring:
   profiles:
-    active: prod
+    active: dev