refactor shenyu-admin: add user permissions.

shenyu-admin/src/main/java/org/apache/shenyu/admin/controller/DashboardUserController.java

@@ -29,6 +29,7 @@
 import org.apache.shenyu.admin.service.DashboardUserService;
 import org.apache.shenyu.admin.utils.AesUtils;
 import org.apache.shenyu.admin.utils.ShenyuResultMessage;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -70,14 +71,17 @@ public DashboardUserController(final SecretProperties secretProperties, final Da
      * @param pageSize    page size
      * @return {@linkplain ShenyuAdminResult}
      */
+    @RequiresPermissions("system:manager:list")
     @GetMapping("")
-    public ShenyuAdminResult queryDashboardUsers(final String userName, final Integer currentPage, final Integer pageSize) {
-        String key = secretProperties.getKey();
-        String iv = secretProperties.getIv();
-        CommonPager<DashboardUserVO> commonPager = dashboardUserService.listByPage(new DashboardUserQuery(userName, new PageParameter(currentPage, pageSize)));
+    public ShenyuAdminResult queryDashboardUsers(final String userName,
+                                                 final Integer currentPage,
+                                                 final Integer pageSize) {
+        CommonPager<DashboardUserVO> commonPager = dashboardUserService.listByPage(new DashboardUserQuery(userName,
+                new PageParameter(currentPage, pageSize)));
+
         if (CollectionUtils.isNotEmpty(commonPager.getDataList())) {
             commonPager.getDataList()
-                    .forEach(item -> item.setPassword(AesUtils.aesDecryption(item.getPassword(), key, iv)));
+                    .forEach(item -> item.setPassword(""));
             return ShenyuAdminResult.success(ShenyuResultMessage.QUERY_SUCCESS, commonPager);
         } else {
             return ShenyuAdminResult.error(ShenyuResultMessage.DASHBOARD_QUERY_ERROR);
@@ -90,6 +94,7 @@ public ShenyuAdminResult queryDashboardUsers(final String userName, final Intege
      * @param id dashboard user id.
      * @return {@linkplain ShenyuAdminResult}
      */
+    @RequiresPermissions("system:manager:list")
     @GetMapping("/{id}")
     public ShenyuAdminResult detailDashboardUser(@PathVariable("id") final String id) {
         DashboardUserEditVO dashboardUserEditVO = dashboardUserService.findById(id);
@@ -105,6 +110,7 @@ public ShenyuAdminResult detailDashboardUser(@PathVariable("id") final String id
      * @param dashboardUserDTO dashboard user.
      * @return {@linkplain ShenyuAdminResult}
      */
+    @RequiresPermissions("system:manager:add")
     @PostMapping("")
     public ShenyuAdminResult createDashboardUser(@Valid @RequestBody final DashboardUserDTO dashboardUserDTO) {
         String key = secretProperties.getKey();
@@ -123,6 +129,7 @@ public ShenyuAdminResult createDashboardUser(@Valid @RequestBody final Dashboard
      * @param dashboardUserDTO dashboard user.
      * @return {@linkplain ShenyuAdminResult}
      */
+    @RequiresPermissions("system:manager:edit")
     @PutMapping("/{id}")
     public ShenyuAdminResult updateDashboardUser(@PathVariable("id") final String id, @Valid @RequestBody final DashboardUserDTO dashboardUserDTO) {
         String key = secretProperties.getKey();
@@ -139,6 +146,7 @@ public ShenyuAdminResult updateDashboardUser(@PathVariable("id") final String id
      * @param ids primary key.
      * @return {@linkplain ShenyuAdminResult}
      */
+    @RequiresPermissions("system:manager:delete")
     @DeleteMapping("/batch")
     public ShenyuAdminResult deleteDashboardUser(@RequestBody @NotEmpty final List<@NotBlank String> ids) {
         Integer deleteCount = dashboardUserService.delete(ids);

shenyu-admin/src/main/java/org/apache/shenyu/admin/shiro/config/ShiroConfiguration.java

@@ -24,6 +24,7 @@
 import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
 import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
 import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
+import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -94,6 +95,18 @@ public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(
         return authorizationAttributeSourceAdvisor;
     }
 
+    /**
+     * Support shiro annotation.
+     *
+     * @return DefaultAdvisorAutoProxyCreator.
+     */
+    @Bean
+    public static DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator() {
+        DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
+        defaultAdvisorAutoProxyCreator.setProxyTargetClass(true);
+        return defaultAdvisorAutoProxyCreator;
+    }
+
     /**
      * shiro's lifecycle in spring.
      *

shenyu-admin/src/test/java/org/apache/shenyu/admin/controller/DashboardUserControllerTest.java

@@ -98,7 +98,7 @@ public void queryDashboardUsers() throws Exception {
         mockMvc.perform(get(url))
                 .andExpect(status().isOk())
                 .andExpect(jsonPath("$.message", is(ShenyuResultMessage.QUERY_SUCCESS)))
-                .andExpect(jsonPath("$.data.dataList[0].password", is("123456")))
+                .andExpect(jsonPath("$.data.dataList[0].password", is("")))
                 .andReturn();
 
         final CommonPager<DashboardUserVO> commonPagerError = new CommonPager<>(new PageParameter(),