java source code of UserController

package com.digag.web;

import com.digag.domain.User;
import com.digag.domain.Repository.UserRepository;
import com.digag.service.UserService;
import com.digag.util.JsonResult;
import io.swagger.annotations.ApiImplicitParam;
import io.swagger.annotations.ApiOperation;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.domain.Page;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;
import springfox.documentation.annotations.ApiIgnore;

import javax.servlet.http.HttpServletRequest;
import java.util.List;

/**
 * Created by Yuicon on 2017/5/14.
 * https://github.com/Yuicon
 * 在 @PreAuthorize 中我们可以利用内建的 SPEL 表达式：比如 'hasRole()' 来决定哪些用户有权访问。
 * 需注意的一点是 hasRole 表达式认为每个角色名字前都有一个前缀 'ROLE_'。所以这里的 'ADMIN' 其实在
 * 数据库中存储的是 'ROLE_ADMIN' 。这个 @PreAuthorize 可以修饰Controller也可修饰Controller中的方法。
 */
@RestController
@RequestMapping("/users")
@SuppressWarnings("all")
public class UserController {

    @Autowired
    private UserRepository repository;

    @Autowired
    private UserService userService;

    @ApiOperation(value="获取用户列表")
    @PreAuthorize("hasRole('USER')")
    @RequestMapping(method = RequestMethod.GET)
    public List<User> getUsers() {
        return repository.findAll();
    }

    @ApiOperation(value="新建用户")
    @PreAuthorize("hasRole('ADMIN')")
    @RequestMapping(method = RequestMethod.POST)
    User addUser(@RequestBody User addedUser) {
        return repository.save(addedUser);
    }

    @ApiOperation(value="获取用户", notes="根据url的id来获取用户详细信息")
    @ApiImplicitParam(name = "id", value = "用户ID", required = true, dataType = "String", paramType = "path")
    @PostAuthorize("returnObject.username == principal.username or hasRole('ROLE_ADMIN')")
    @RequestMapping(value = "/{id}", method = RequestMethod.GET)
    public User getUser(@PathVariable String id) {
        return repository.findOne(id);
    }

    @ApiOperation(value="修改用户", notes="通过ID")
    @PreAuthorize("hasRole('ADMIN')")
    @RequestMapping(value = "/{id}", method = RequestMethod.PUT)
    User updateUser(@PathVariable String id, @RequestBody User updatedUser) {
        updatedUser.setId(id);
        return repository.save(updatedUser);
    }

    @ApiOperation(value="删除用户", notes="通过ID")
    @PreAuthorize("hasRole('ADMIN')")
    @RequestMapping(value = "/{id}", method = RequestMethod.DELETE)
    User removeUser(@PathVariable String id) {
        User deletedUser = repository.findOne(id);
        repository.delete(id);
        return deletedUser;
    }

    @ApiOperation(value="获取用户", notes="通过用户名")
    @PostAuthorize("hasRole('ROLE_USER')")
    @RequestMapping(value = "/",method = RequestMethod.GET)
    public JsonResult<User> getUserByUsername(@RequestParam(value="username") String username) {
        return JsonResult.<User>builder().data(repository.findByUsername(username)).build();
    }

    @ApiOperation(value="获取当前用户")
    @PostAuthorize("hasRole('ROLE_USER')")
    @RequestMapping(value = "/current",method = RequestMethod.GET)
    public JsonResult<User> getCurrentUser(HttpServletRequest request) {
        return userService.getCurrentUser(request);
    }
}