package org.javamaster.b2c.core.controller;
import com.github.pagehelper.PageInfo;
import org.javamaster.b2c.core.annos.AopLock;
import org.javamaster.b2c.core.entity.SysUser;
import org.javamaster.b2c.core.model.Result;
import org.javamaster.b2c.core.model.vo.ChangeUserStatusReqVo;
import org.javamaster.b2c.core.model.vo.CreateUserReqVo;
import org.javamaster.b2c.core.model.vo.FindUsersReqVo;
import org.javamaster.b2c.core.model.vo.UpdatePasswordReqVo;
import org.javamaster.b2c.core.service.IUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import java.util.List;
/**
* 管理用户信息
*
* @author yudong
* @date 2019/7/5
*/
@RestController
@RequestMapping("/admin/user")
public class UserController {
@Autowired
private IUserService userService;
/**
* 创建用户
*/
@Secured("ROLE_ADMIN")
@PostMapping("/createUser")
@AopLock(lockKeySpEL = "#reqVo.username", errorMsg = "用户名已被占用,请重新输入")
public Result<SysUser> createUser(@Validated @RequestBody CreateUserReqVo reqVo) {
return new Result<>(userService.createUser(reqVo));
}
/**
* 启用或者禁用用户
*/
@Secured("ROLE_ADMIN")
@PostMapping("/changeUserStatus")
public Result<Integer> changeUserStatus(@RequestBody ChangeUserStatusReqVo reqVo) {
return new Result<>(userService.changeUserStatus(reqVo));
}
/**
* 拥有管理员权限可查看任何用户信息,否则只能查看自己的信息
*/
@PreAuthorize("hasAuthority('ROLE_DMIN') or #reqVo.sysUser.username == #userDetails.username")
@PostMapping("/findUsers")
public Result<List<SysUser>> findUsers(@RequestBody FindUsersReqVo reqVo, @AuthenticationPrincipal UserDetails userDetails) {
PageInfo<SysUser> pageInfo = userService.findUsers(reqVo);
return new Result<>(pageInfo.getList(), pageInfo.getTotal());
}
/**
* 拥有管理员权限可修改任何用户的密码,否则只能修改自己的密码
*/
@PreAuthorize("hasAuthority('ROLE_ADMIN') or (#reqVo.username == #userDetails.username and !T(org.springframework.util.StringUtils).isEmpty(#reqVo.password))")
@PostMapping("/updatePassword")
public Result<Integer> updatePassword(@Validated @RequestBody UpdatePasswordReqVo reqVo,
@AuthenticationPrincipal UserDetails userDetails) {
return new Result<>(userService.updatePassword(reqVo, userDetails));
}
}
