1.加入系统角色、用户的概念如超级管理员、root(系统内置角色、用户用来维护最基础系统操作，不可被删除)和现有的层级权限结构契合

2.加入密码重置功能(超级管理员角色独有)

1.加入系统角色、用户的概念如超级管理员、root(系统内置角色、用户用来维护最基础系统操作，不可被删除)和现有的层级权限结构契合
2.加入密码重置功能(超级管理员角色独有)
游瑞烽
1 parent 04833bf4
Showing 10 changed files with 257 additions and 66 deletions
src/main/java/com/bsth/controller/sys/RoleController.java
src/main/java/com/bsth/controller/sys/UserController.java
src/main/java/com/bsth/service/sys/RoleService.java
src/main/java/com/bsth/service/sys/SysUserService.java
src/main/java/com/bsth/service/sys/impl/RoleServiceImpl.java
src/main/java/com/bsth/service/sys/impl/SysUserServiceImpl.java
src/main/resources/static/index.html
src/main/resources/static/pages/permission/user/add.html
src/main/resources/static/pages/permission/user/changePWD.html
src/main/resources/static/pages/permission/user/list.html
@@ -68,4 +68,14 @@ public class RoleController extends BaseController&lt;Role, Integer&gt;{
 	public Map<String, Object> roleInfo(@RequestParam Integer id){
 		return roleService.roleInfo(id);
 	}
+
+	/**
+	 * 检查操作合法性 操作的是否是下级角色
+	 * @param operationRoleId 下级角色Id
+	 * @return
+	 */
+	@RequestMapping(value = "/checkOperationLegality")
+	public boolean checkOperationLegality(@RequestParam Integer operationRoleId){
+		return roleService.checkOperationLegality(operationRoleId);
+	}
 }
@@ -260,6 +260,15 @@ public class UserController extends BaseController&lt;SysUser, Integer&gt; {
     public String changePWD(@RequestParam String oldPWD, @RequestParam String newPWD, @RequestParam String cnewPWD) {
         SysUser sysUser = SecurityUtils.getCurrentUser();
         String msg = "";
+
+        //解密RSA
+        try{
+            oldPWD = (RSAUtils.decryptBase64(oldPWD));
+            newPWD = (RSAUtils.decryptBase64(newPWD));
+            cnewPWD = (RSAUtils.decryptBase64(cnewPWD));
+        }catch (RuntimeException e) {
+            return  "网络延迟，解密失败，请重新添加！";
+        }
         if (new BCryptPasswordEncoder(4).matches(oldPWD, sysUser.getPassword())) {
             if (oldPWD.equals(newPWD)) {
                 msg = "新密码不能跟原始密码一样！";
@@ -282,8 +291,16 @@ public class UserController extends BaseController&lt;SysUser, Integer&gt; {
         return sysUserService.register(u);
     }
+    // 查询用户下所有下级角色
     @RequestMapping(value = "/all_distinct")
     public List<SysUser> findAll_distinct() {
         return sysUserService.findAll_distinct();
     }
+
+    // 重置密码
+    @RequestMapping(value = "/resetPassword", method = RequestMethod.POST)
+    public Map<String, Object> resetPassword(@RequestParam Integer id) {
+        return sysUserService.resetPassword(id);
+    }
+
 }
 package com.bsth.service.sys;
-import java.util.List;
-import java.util.Map;
-
 import com.bsth.entity.sys.Role;
-import com.bsth.entity.sys.SysUser;
 import com.bsth.service.BaseService;
+import java.util.List;
+import java.util.Map;
+
 public interface RoleService extends BaseService<Role, Integer>{
 	Map<String, Object> findSubordinate();
@@ -18,4 +17,6 @@ public interface RoleService extends BaseService&lt;Role, Integer&gt;{
 	Map<String, Object> roleInfo(Integer id);
 	List<Role> findAllByIds(String ids);
+
+	boolean checkOperationLegality(Integer operationRoleId);
 }
@@ -2,6 +2,7 @@ package com.bsth.service.sys;
 import com.bsth.entity.sys.SysUser;
 import com.bsth.service.BaseService;
+import org.springframework.web.bind.annotation.RequestParam;
 import java.util.List;
 import java.util.Map;
@@ -17,4 +18,6 @@ public interface SysUserService extends BaseService&lt;SysUser, Integer&gt;{
 	Map<String,Object> register(SysUser u);
 	List<SysUser> findAll_distinct();
+
+	Map<String, Object> resetPassword(@RequestParam Integer id);
 }
@@ -96,8 +96,10 @@ public class RoleServiceImpl extends BaseServiceImpl&lt;Role, Integer&gt; implements
 //			ComparatorSysrole(rootlist);
 			map.put("list", rsRoleList);
 			map.put("status", ResponseCode.SUCCESS);
+			map.put("msg", "成功");
 		} catch (Exception e) {
 			map.put("status", ResponseCode.ERROR);
+			map.put("msg", e);
 			logger.error("error",e);
 		}
 		return map;
@@ -282,4 +284,12 @@ public class RoleServiceImpl extends BaseServiceImpl&lt;Role, Integer&gt; implements
 	public List<Role> findAllByIds(String ids) {
 		return roleRepository.findAllById(ids);
 	}
+
+	@Override
+	public boolean checkOperationLegality(Integer operationRoleId){
+		boolean isLegality = false;
+		Map<String, Object> roleMap = findSubordinate();
+		isLegality = (roleMap.get(operationRoleId) == null ? true:false );
+		return isLegality;
+	}
 }
 package com.bsth.service.sys.impl;
-import com.alibaba.fastjson.JSONArray;
 import com.bsth.common.ResponseCode;
+import com.bsth.controller.sys.util.RSAUtils;
 import com.bsth.entity.sys.Role;
 import com.bsth.entity.sys.SysUser;
 import com.bsth.repository.sys.SysUserRepository;
@@ -16,6 +16,7 @@ import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.stereotype.Service;
+import org.springframework.web.bind.annotation.RequestParam;
 import java.util.ArrayList;
 import java.util.HashMap;
@@ -65,20 +66,45 @@ public class SysUserServiceImpl extends BaseServiceImpl&lt;SysUser, Integer&gt; implem
 	@Override
 	public Map<String, Object> register(SysUser u) {
 		Map<String, Object> rs = new HashMap();
-		try{
-			//检查用户名是否存在
-			if(findByUserName(u.getUserName()) != null){
+		boolean isLegality = false;
+		Iterator<Role> itRole = u.getRoles().iterator();
+		Role ro = new Role();
+		while(itRole.hasNext()){//判断是否有下一个
+			ro = itRole.next();
+			if(roleService.checkOperationLegality(ro.getId())){
+				isLegality = true;
+			} else {
 				rs.put("status", ResponseCode.ERROR);
-				rs.put("msg", "用户名" + u.getUserName() + "已存在！");
+				rs.put("msg", "用户权限不够，请联系管理员！");
+				return rs;
 			}
-			else{
-				u.setPassword(new BCryptPasswordEncoder(4).encode(u.getPassword()));
-				rs = super.save(u);
+		}
+		if(isLegality){
+			try{
+				//解密RSA
+				try{
+					u.setUserName(RSAUtils.decryptBase64(u.getUserName()));
+					u.setPassword(RSAUtils.decryptBase64(u.getPassword()));
+				}catch (RuntimeException e) {
+					rs.put("msg", "网络延迟，解密失败，请重新添加！");
+				}
+				//检查用户名是否存在
+				if(findByUserName(u.getUserName()) != null){
+					rs.put("status", ResponseCode.ERROR);
+					rs.put("msg", "用户名" + u.getUserName() + "已存在！");
+				}
+				else{
+					u.setPassword(new BCryptPasswordEncoder(4).encode(u.getPassword()));
+					rs = super.save(u);
+				}
+			}catch (Exception e){
+				logger.error("", e);
+				rs.put("status", ResponseCode.ERROR);
+				rs.put("msg", e.getMessage());
 			}
-		}catch (Exception e){
-			logger.error("", e);
+		}else {
 			rs.put("status", ResponseCode.ERROR);
-			rs.put("msg", e.getMessage());
+			rs.put("msg", "用户权限不够，请联系管理员！");
 		}
 		return rs;
 	}
@@ -122,8 +148,36 @@ public class SysUserServiceImpl extends BaseServiceImpl&lt;SysUser, Integer&gt; implem
 		} catch (Exception e){
 			logger.error("error", e);
 		}
-
-
 		return rsList;
 	}
+
+	@Override
+	public Map<String, Object> resetPassword(@RequestParam Integer id){
+		Map<String, Object> rs = new HashMap();
+		try{
+			// 获取当前用户
+			SysUser user = SecurityUtils.getCurrentUser();
+			Iterator<Role> itRole = user.getRoles().iterator();
+			Role ro = new Role();
+			boolean Legality = false;
+			while(itRole.hasNext()){//判断是否有下一个
+				ro = itRole.next();
+				if(ro.getLevel() == 1)
+					Legality = true;
+			}
+			if(Legality){
+				sysUserRepository.changePWD(id,new BCryptPasswordEncoder(4).encode("123456"));
+				rs.put("status", ResponseCode.SUCCESS);
+				rs.put("msg", "密码重置成功！");
+			}else {
+				rs.put("status", ResponseCode.ERROR);
+				rs.put("msg", "您不是超级管理员无权限重置其他用户密码");
+			}
+		}catch (Exception e){
+			logger.error("", e);
+			rs.put("status", ResponseCode.ERROR);
+			rs.put("msg", e.getMessage());
+		}
+		return rs;
+	}
 }
@@ -630,9 +630,11 @@
 <script
 		src="http://webapi.amap.com/maps?v=1.3&key=16cb1c5043847e09ef9edafdd77befda"
 		data-exclude=1></script>
-<!-- echarts4 误删 -->
+<!-- echarts4 -->
 <script src="/metronic_v4.5.4/plugins/echarts4/echarts.min.js"></script>
 <script src="/real_control_v2/assets/plugins/perfect-scrollbar/perfect-scrollbar.jquery.js"  merge="plugins"></script>
+<!-- RSA加密 -->
+<script src="/assets/plugins/jsencrypt.min.js"></script>
 </body>
 </html>
 \ No newline at end of file
@@ -42,7 +42,7 @@
 					<label class="col-md-3 control-label">密码</label>
 					<div class="col-md-4">
 							<input type="password" class="form-control" id="password" name="password" >
-							<span class="help-block"> 请输入6位以上密码</span>
+							<!--<span class="help-block"> 请输入6位以上密码</span>-->
 					</div>
 				</div>
 				<div class="form-group">
@@ -62,7 +62,7 @@
 				<div class="form-group">
 					<label class="col-md-3 control-label">角色</label>
 					<div class="col-md-4">
-							<select class="form-control" id="role" name="role" style="width: 160px;" multiple="multiple">
+							<select class="form-control" id="role" name="roles[]" style="width: 160px;" multiple="multiple">
 							</select>
 					</div>
@@ -100,18 +100,46 @@
 			});
 		});*/
-		// 查询下级角色
+        // 查询下级角色
         $.get('/role/findSubordinate', function (rs) {
             if(rs.status == "SUCCESS"){
+                if(rs.list.length < 1){
+                    loadPage('/pages/permission/role/add.html');
+                    layer.open({
+                        // type: 2,
+                        content: '用户需要有下级角色才能添加用户！',
+                        title: '请添加下级角色',
+                        shift: 5,
+                        scrollbar: false
+                    });
+                    return;
+                }
+
                 $.each(rs.list,function(i,obj){
                     $("#role").append("<option value='"+obj.id+"'>"+obj.roleName+"</option>");
                 });
+            }else {
+                loadPage('/pages/permission/role/list.html');
+                layer.open({
+                    // type: 2,
+                    content: rs.msg,
+                    title: "用户的下级角色有问题",
+                    shift: 5,
+                    scrollbar: false
+                });
 			}
         });
+
 		var form = $('#user_add_form');
 		var error = $('.alert-danger', form);
-		
+
+        $.validator.addMethod("passwordrule", function(value, element) {
+            //var userblank = /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*?[#?!@$%^&*-]).{8,16}$/;
+            var userblank = /^(?=.*[a-zA-Z])(?=.*\d).{8,16}$/;
+            return this.optional(element) ||(userblank.test(value));
+        }, "需包含字母、数字的8-16位字符");
+
 		//表单 validate
 		form.validate({
 			errorElement : 'span', 
@@ -128,13 +156,14 @@
 				},
 				'password' : {
 					required : true,
-					minlength: 6,
-					maxlength: 25
+                    minlength: 8,
+                    maxlength: 16,
+                    passwordrule: true
 				},
 				'cfmPassword' : {
-					equalTo: '#password'
+					equalTo: '#password',
 				},
-				'role' : {
+				'roles' : {
 					required : true,
 					minlength: 1
 				}
@@ -160,6 +189,21 @@
 				var params = form.serializeJSON();
 				error.hide();
+                var keys;
+                $.ajax({
+                    url: "/user/login/jCryptionKey?t="+Math.random(),
+                    type: "Get",
+                    async:false,
+                    data: null,
+                    success: function(data) {
+						keys = data.publickey;
+					}
+                });
+                //RSA加密
+                var encrypt = new JSEncrypt();
+                encrypt.setPublicKey(keys);
+                params.userName = encrypt.encrypt(params.userName);
+                params.password = encrypt.encrypt(params.password);
 				$.ajax({
 					url: '/user/register',
 					type: 'POST',
@@ -178,27 +222,6 @@
 						}
 					}
 				});
-				/*$get('/user/all', {userName_eq: params.userName}, function(list){
-					if(!list || list.length == 0){
-						console.log(params);
-						$.ajax({
-							url: '/user',
-							type: 'POST',
-							traditional: true,
-							data: params,
-							success: function(res){
-								layer.msg('添加用户成功.');
-								loadPage('list.html');
-							}
-						});
-						/!* $post('/user', params, function(res){
-							layer.msg('添加用户成功.');
-							loadPage('list.html');
-						}); *!/
-					}
-					else
-						layer.alert('用户【' + params.userName + '】已存在', {icon: 2, title: '提交被拒绝'});
-				});*/
 			}
 		});
 	});
@@ -97,6 +97,22 @@ $(function(){
             var params = form.serializeJSON();
             error.hide();
+            var keys;
+            $.ajax({
+                url: "/user/login/jCryptionKey?t="+Math.random(),
+                type: "Get",
+                async:false,
+                data: null,
+                success: function(data) {
+                    keys = data.publickey;
+                }
+            });
+            //RSA加密
+            var encrypt = new JSEncrypt();
+            encrypt.setPublicKey(keys);
+            params.oldPWD = encrypt.encrypt(params.oldPWD);
+            params.newPWD = encrypt.encrypt(params.newPWD);
+            params.cnewPWD = encrypt.encrypt(params.cnewPWD);
             $.ajax({
                 url: '/user/changePWD',
                 type: 'POST',
@@ -64,7 +64,7 @@
 								<td>
 									<button class="btn btn-sm green btn-outline filter-submit margin-bottom" >
                                                                 <i class="fa fa-search"></i> 搜索</button>
-                                                                
+
 									<button class="btn btn-sm red btn-outline filter-cancel">
                                                             <i class="fa fa-times"></i> 重置</button>
 								</td>
@@ -117,6 +117,9 @@
 			<a class="btn btn-sm blue btn-outline" href="edit.html?no={{obj.id}}" data-pjax><i class="fa fa-edit"></i> 编辑</a>
 			<!--<button type="button" class="btn btn-sm line_allot_btn" data-id="{{obj.id}}">线调线路分配</button>-->
 		{{/if}}
+		{{if obj.isAdmin}}
+			<a class="btn btn-sm red btn-outline reset_password" data-id="{{obj.id}}" data-name="{{obj.userName}}" data-pjax><i class="fa fa-undo"></i> 重置密码</a>
+		{{/if}}
 	</td>
 </tr>
 {{/each}}
@@ -130,15 +133,49 @@
 <script>
 $(function(){
 	var page = 0, initPagination;
-	var user;
+	var user,isAdmin = false;
 	var icheckOptions = {
 	    checkboxClass: 'icheckbox_flat-blue',
 	    increaseArea: '20%'
 	};
 	$.get('/user/getCurrentUser', function(data) {
         user = data;
+        var roles = user.roles;
+        $.each(roles,function () {
+            if(this.level == 1)
+                isAdmin = true;
+        })
+
     });
+
 	setTimeout(function () {
+        $(document).on('click', 'a.reset_password', function () {
+            var id = $(this).data('id');
+            var name = $(this).data('name');
+            swal({
+                    title: "重装密码",
+                    text: "将登录名为"+name+"的用户，密码重置为默认密码！",
+                    type: "warning",
+                    showCancelButton: true,
+                    confirmButtonColor: "#DD6B55",
+                    confirmButtonText: "重置",
+                    cancelButtonText: "取消",
+                    closeOnConfirm: false },
+                function(){
+                    $.post('/user/resetPassword',{'id':id},function(result){
+                        if(result.status=='SUCCESS') {
+                            // 弹出添加成功提示消息
+                            swal("登录名为"+name+"的用户密码重置成功！", "success");
+                        } else if(result.status=='ERROR') {
+                            // 弹出添加失败提示消息
+                            swal("重置失败！", result.msg+"，请联系开发人员！", "ERROR");
+                        }
+                        //				loadPage('list.html');
+                        // 发布后刷新页面
+                        jsDoQuery(getParams(), true);
+                    });
+                });
+        });
         jsDoQuery(null,true);
         //重置
@@ -147,45 +184,63 @@ $(function(){
             jsDoQuery(null, true);
         });
+		function getParams() {
+		 var cells = $('tr.filter')[0].cells
+			 ,params = {}
+			 ,name;
+		 $.each(cells, function(i, cell){
+			 var items = $('input,select', cell);
+			 for(var j = 0, item; item = items[j++];){
+				 name = $(item).attr('name');
+				 if(name){
+					 params[name] = $(item).val();
+				 }
+			 }
+		 });
+		 return params;
+		}
+
         //提交
         $('tr.filter .filter-submit').on('click', function(){
-            var cells = $('tr.filter')[0].cells
-                ,params = {}
-                ,name;
-            $.each(cells, function(i, cell){
-                var items = $('input,select', cell);
-                for(var j = 0, item; item = items[j++];){
-                    name = $(item).attr('name');
-                    if(name){
-                        params[name] = $(item).val();
-                    }
-                }
-            });
-            page = 0;
-            jsDoQuery(params, true);
+            jsDoQuery(getParams(), true);
         });
         /*
         * 获取数据 p: 要提交的参数， pagination: 是否重新分页
         */
         function jsDoQuery(p, pagination){
+            var roles = new Map();
+            // 查询下级角色
+            $.ajax({
+                url: "/role/findSubordinate",
+                type: "Get",
+                async:false,
+                data: null,
+                success: function (rs) {
+                    if(rs.status == "SUCCESS"){
+                        $.each(rs.list,function(i,obj){
+                            roles[obj.id] = obj;
+                        });
+                    }
+                }
+            });
             var params = {};
             if(p)
                 params = p;
             //更新时间排序
             params['order'] = 'lastLoginDate';
             params['page'] = page;
-            params['roles[0].pic_ne'] = 1;
+            // params['id_eq'] = "1";
             var i = layer.load(2);
             $get('/user' ,params, function(data){
                 var list = data.content;
-                var errorList=[];
                 $.each(list, function(i, obj) {
-                    if(obj.roles[0].level > user.roles[0].level){
+                    if(roles[obj.roles[0].id] != null && roles[obj.roles[0].id] != undefined){
                         obj.isEdit = 0;
                     } else{
                         obj.isEdit = 1;
                     }
+                    obj.isAdmin = isAdmin;
                     obj.lastLoginDate = moment(obj.lastLoginDate).format("YYYY-MM-DD HH:mm:ss");
                 });