Merge pull request #101 from Boyuan-IT-Club/feat/rbac的权限管理模式

Feat/rbac的权限管理模式

Author: Zewang0217

.env.example

@@ -0,0 +1,31 @@
+# 项目配置
+PROJECT_NAME=official
+DOCKERHUB_USERNAME=boyuanclub
+APP_PORT=8080
+
+# 数据库配置
+DB_ROOT_PASSWORD=root
+DB_NAME=official
+DB_USERNAME=root
+DB_PASSWORD=root
+MYSQL_PORT=3306
+
+# Redis配置
+REDIS_PORT=6379
+REDIS_PASSWORD=
+
+# JWT配置
+JWT_SECRET=)fFQ82L8dU]t3C?.HB^;x,xYm9Y<aK21<|K|o0D6(c!X}8[cUZ_l=&0Y('#/K}n_
+JWT_EXPIRATION=86400000
+
+# 邮件服务配置
+MAIL_HOST=smtp.feishu.cn
+MAIL_PORT=465
+MAIL_USERNAME=your-email@example.com
+MAIL_PASSWORD=your-email-password
+
+# 短信服务配置
+SMS_ACCESS_KEY=your-sms-access-key
+SMS_SECRET_KEY=your-sms-secret-key
+SMS_TEMPLATE_ID_VERIFICATION=your-sms-template-id
+SMS_REGION_ID=your-sms-region-id

.gitignore

@@ -39,4 +39,6 @@ build/
 .env
 .env.local
 .env.*.local
-!*.template
+!*.template
+.trae
+文档

pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>3.5.3</version>
+        <version>3.2.1</version>
         <relativePath/> <!-- lookup parent from repository -->
     </parent>
     <groupId>club.boyuan</groupId>
@@ -32,12 +32,6 @@
 
 
     <dependencies>
-        <dependency>
-            <groupId>org.mybatis.spring.boot</groupId>
-            <artifactId>mybatis-spring-boot-starter</artifactId>
-            <version>3.0.3</version>
-        </dependency>
-
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
@@ -50,10 +44,21 @@
         </dependency>
 
         <dependency>
-            <groupId>org.mybatis</groupId>
-            <artifactId>mybatis</artifactId>
-            <version>3.5.15</version>
+            <groupId>com.baomidou</groupId>
+            <artifactId>mybatis-plus-spring-boot3-starter</artifactId>
+            <version>3.5.9</version>
+        </dependency>
+        <dependency>
+            <groupId>com.baomidou</groupId>
+            <artifactId>mybatis-plus-extension</artifactId>
+            <version>3.5.9</version>
         </dependency>
+        <dependency>
+            <groupId>com.baomidou</groupId>
+            <artifactId>mybatis-plus-jsqlparser-4.9</artifactId>
+            <version>3.5.9</version>
+        </dependency>
+
         <dependency>
             <groupId>com.mysql</groupId>
             <artifactId>mysql-connector-j</artifactId>
@@ -69,11 +74,16 @@
             <artifactId>spring-boot-starter-validation</artifactId>
         </dependency>
 
-        <!-- 安全依赖 -->
+        <!-- Spring Security Test -->
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-security</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-test</artifactId>
+            <scope>test</scope>
+        </dependency>
         <!-- Redis依赖 -->
         <dependency>
             <groupId>org.springframework.boot</groupId>
@@ -137,6 +147,16 @@
             <groupId>com.fasterxml.jackson.datatype</groupId>
             <artifactId>jackson-datatype-jsr310</artifactId>
         </dependency>
+
+        <!-- Apache Commons Lang3 -->
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+            <version>3.14.0</version>
+        </dependency>
+
+
+
     </dependencies>
 
     <build>

src/main/java/club/boyuan/official/config/MyBatisPlusConfig.java

@@ -0,0 +1,31 @@
+package club.boyuan.official.config;
+
+import com.baomidou.mybatisplus.annotation.DbType;
+import com.baomidou.mybatisplus.extension.plugins.MybatisPlusInterceptor;
+import com.baomidou.mybatisplus.extension.plugins.inner.PaginationInnerInterceptor;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+/**
+ * MyBatis-Plus配置类
+ * 
+ * 此配置类用于设置 MyBatis-Plus 的全局插件
+ * 主要功能包括分页插件等
+ *
+ * @author zewang
+ * @version 1.0
+ * @date 2026-01-22 19:31
+ * @since 2026
+ */
+@Configuration
+public class MyBatisPlusConfig {
+
+    // MybatisPlus在执行分页操作时,会被该拦截器拦截
+    // 拦截器的作用 动态拼接where条件!!!
+    @Bean
+    public MybatisPlusInterceptor mybatisPlusInterceptor() {
+        MybatisPlusInterceptor interceptor = new MybatisPlusInterceptor();
+        interceptor.addInnerInterceptor(new PaginationInnerInterceptor(DbType.MARIADB));
+        return interceptor;
+    }
+}

src/main/java/club/boyuan/official/config/MyMetaObjectHandler.java

@@ -0,0 +1,38 @@
+package club.boyuan.official.config;
+
+import com.baomidou.mybatisplus.core.handlers.MetaObjectHandler;
+import org.apache.ibatis.reflection.MetaObject;
+import org.springframework.stereotype.Component;
+
+import java.time.LocalDateTime;
+
+/**
+ * MyBatis-Plus自动填充处理器
+ *
+ * @author zewang
+ * @version 1.0
+ * @date 2026-01-22 19:31
+ * @since 2026
+ */
+@Component
+public class MyMetaObjectHandler implements MetaObjectHandler {
+    
+    /**
+     * 插入数据时自动填充
+     * @param metaObject 元对象
+     */
+    @Override
+    public void insertFill(MetaObject metaObject) {
+        this.strictInsertFill(metaObject, "createTime", LocalDateTime::now, LocalDateTime.class);
+        this.strictInsertFill(metaObject, "updateTime", LocalDateTime::now, LocalDateTime.class);
+    }
+    
+    /**
+     * 更新数据时自动填充
+     * @param metaObject 元对象
+     */
+    @Override
+    public void updateFill(MetaObject metaObject) {
+        this.strictUpdateFill(metaObject, "updateTime", LocalDateTime::now, LocalDateTime.class);
+    }
+}

src/main/java/club/boyuan/official/config/SecurityConfig.java

@@ -3,6 +3,7 @@
 import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.http.SessionCreationPolicy;
@@ -24,6 +25,7 @@
  */
 @Configuration
 @EnableWebSecurity
+@EnableMethodSecurity
 public class SecurityConfig {
 
     private final JwtAuthenticationFilter jwtAuthenticationFilter;

src/main/java/club/boyuan/official/controller/AdminController.java

@@ -14,6 +14,7 @@
 
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.data.domain.Pageable;
@@ -22,8 +23,8 @@
 
 import java.util.HashMap;
 import java.util.List;
+import club.boyuan.official.utils.PermissionUtils;
 import java.util.Map;
-import org.springframework.web.server.ResponseStatusException;
 import jakarta.servlet.http.HttpServletRequest;
 import club.boyuan.official.utils.JwtTokenUtil;
 
@@ -79,8 +80,8 @@ private void checkAdminRole() {
                 throw new BusinessException(BusinessExceptionEnum.AUTHENTICATION_FAILED, "用户不存在");
             }
 
-            if (!User.ROLE_ADMIN.equals(user.getRole())) {
-                logger.warn("权限验证失败：用户ID为{}的用户角色为{}，不是管理员", userId, user.getRole());
+            if (!PermissionUtils.hasPermission(user, "admin:manage")) {
+                logger.warn("权限验证失败：用户ID为{}的用户没有管理员权限", userId);
                 throw new BusinessException(BusinessExceptionEnum.PERMISSION_DENIED, "需要管理员权限才能执行此操作");
             }
 
@@ -101,10 +102,9 @@ private void checkAdminRole() {
      * @return 添加结果
      */
     @PostMapping("/users")
+    @PreAuthorize("hasAuthority('admin:manage')")
     public ResponseEntity<ResponseMessage<?>> addUser(@RequestBody UserDTO userDTO) {
         try {
-            checkAdminRole();
-            
             // 检查用户名是否已存在
             User existingUser = userService.getUserByUsername(userDTO.getUsername());
             if (existingUser != null) {
@@ -141,11 +141,9 @@ public ResponseEntity<ResponseMessage<?>> addUser(@RequestBody UserDTO userDTO)
      * @return 操作结果
      */
     @PostMapping("/users/{userId}/grant-admin")
+    @PreAuthorize("hasAuthority('admin:manage')")
     public ResponseEntity<ResponseMessage<?>> grantAdminPermission(@PathVariable Integer userId) {
         try {
-            // 检查管理员权限
-            checkAdminRole();
-            
             // 获取当前登录的管理员信息
             String token = getTokenFromHeader();
             String adminUsername = jwtTokenUtil.extractUsername(token);
@@ -161,7 +159,7 @@ public ResponseEntity<ResponseMessage<?>> grantAdminPermission(@PathVariable Int
             }
 
             // 检查用户是否已经是管理员
-            if (User.ROLE_ADMIN.equals(targetUser.getRole())) {
+            if (PermissionUtils.hasPermission(targetUser, "admin:manage")) {
                 logger.warn("管理员 {} 尝试为已是管理员的用户 {} 授权", adminUsername, targetUser.getUsername());
                 return ResponseEntity.status(HttpStatus.BAD_REQUEST)
                         .body(ResponseMessage.error(400, "用户已经是管理员"));
@@ -170,7 +168,8 @@ public ResponseEntity<ResponseMessage<?>> grantAdminPermission(@PathVariable Int
             // 更新用户角色为管理员
             UserDTO userDTO = new UserDTO();
             userDTO.setUserId(userId);
-            userDTO.setRole(User.ROLE_ADMIN);
+            // 注意：UserDTO已经没有role字段，这里的代码需要在后续重构中修改
+            // 实际的管理员权限授予应该通过调用UserRoleService来实现
             userService.edit(userDTO);
 
             logger.info("管理员 {} 成功为用户 {} 授予管理员权限", adminUsername, targetUser.getUsername());
@@ -199,6 +198,7 @@ public ResponseEntity<ResponseMessage<?>> grantAdminPermission(@PathVariable Int
      * 支持分页和条件查询
      */
     @GetMapping("/users")
+    @PreAuthorize("hasAuthority('admin:manage')")
     public ResponseEntity<ResponseMessage<?>> getUsers(
             @RequestParam(required = false) String role,
             @RequestParam(required = false) String dept,
@@ -233,6 +233,7 @@ public ResponseEntity<ResponseMessage<?>> getUsers(
      * @return 更新结果
      */
     @PutMapping("/users/{userId}/status")
+    @PreAuthorize("hasAuthority('admin:manage')")
     public ResponseEntity<ResponseMessage<?>> updateUserStatus(
             @PathVariable Integer userId,
             @RequestBody Map<String, String> statusRequest) {
@@ -270,6 +271,7 @@ public ResponseEntity<ResponseMessage<?>> updateUserStatus(
      * @return 更新结果
      */
     @PutMapping("/users/{userId}/freeze")
+    @PreAuthorize("hasAuthority('admin:manage')")
     public ResponseEntity<ResponseMessage<?>> freezeUser(
             @PathVariable Integer userId,
             @RequestBody Map<String, String> statusRequest) {
@@ -309,6 +311,7 @@ public ResponseEntity<ResponseMessage<?>> freezeUser(
      * @return 更新结果
      */
     @PutMapping("/users/{userId}/membership")
+    @PreAuthorize("hasAuthority('admin:manage')")
     public ResponseEntity<ResponseMessage<?>> updateUserMembership(
             @PathVariable Integer userId,
             @RequestBody Map<String, Boolean> membershipRequest) {
@@ -347,6 +350,7 @@ public ResponseEntity<ResponseMessage<?>> updateUserMembership(
      * @return 更新结果
      */
     @PutMapping("/users/batch-status")
+    @PreAuthorize("hasAuthority('admin:manage')")
     public ResponseEntity<ResponseMessage<?>> batchUpdateUserStatus(
             @RequestBody Map<String, Object> statusRequest) {
         try {
@@ -396,6 +400,7 @@ public ResponseEntity<ResponseMessage<?>> batchUpdateUserStatus(
      * @return 更新结果
      */
     @PutMapping("/users/batch-dept")
+    @PreAuthorize("hasAuthority('admin:manage')")
     public ResponseEntity<ResponseMessage<?>> batchUpdateUserDept(
             @RequestBody Map<String, Object> deptRequest) {
         try {
@@ -444,6 +449,7 @@ public ResponseEntity<ResponseMessage<?>> batchUpdateUserDept(
      * @return 更新结果
      */
     @PutMapping("/users/batch-membership")
+    @PreAuthorize("hasAuthority('admin:manage')")
     public ResponseEntity<ResponseMessage<?>> batchUpdateUserMembership(
             @RequestBody Map<String, Object> membershipRequest) {
         try {
@@ -493,6 +499,7 @@ public ResponseEntity<ResponseMessage<?>> batchUpdateUserMembership(
      * @return 清理结果
      */
     @PostMapping("/cache/clear")
+    @PreAuthorize("hasAuthority('admin:manage')")
     public ResponseEntity<ResponseMessage<?>> clearCache(
             @RequestBody(required = false) Map<String, String> cacheRequest) {
         try {