From c07f247efe54ac2139a6e196f844d12dd6caa8c2 Mon Sep 17 00:00:00 2001
From: midnight2104 <LL2104@163.com>
Date: Sat, 13 Nov 2021 22:00:17 +0800
Subject: [PATCH] refactor shenyu-admin: add user permissions.

---
 .../controller/DashboardUserController.java    | 18 +++++++++++++-----
 .../admin/shiro/config/ShiroConfiguration.java | 13 +++++++++++++
 .../DashboardUserControllerTest.java           |  2 +-
 3 files changed, 27 insertions(+), 6 deletions(-)

diff --git a/shenyu-admin/src/main/java/org/apache/shenyu/admin/controller/DashboardUserController.java b/shenyu-admin/src/main/java/org/apache/shenyu/admin/controller/DashboardUserController.java
index 049854b8534c..35a9037ccf3e 100644
--- a/shenyu-admin/src/main/java/org/apache/shenyu/admin/controller/DashboardUserController.java
+++ b/shenyu-admin/src/main/java/org/apache/shenyu/admin/controller/DashboardUserController.java
@@ -29,6 +29,7 @@
 import org.apache.shenyu.admin.service.DashboardUserService;
 import org.apache.shenyu.admin.utils.AesUtils;
 import org.apache.shenyu.admin.utils.ShenyuResultMessage;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -70,14 +71,17 @@ public DashboardUserController(final SecretProperties secretProperties, final Da
      * @param pageSize    page size
      * @return {@linkplain ShenyuAdminResult}
      */
+    @RequiresPermissions("system:manager:list")
     @GetMapping("")
-    public ShenyuAdminResult queryDashboardUsers(final String userName, final Integer currentPage, final Integer pageSize) {
-        String key = secretProperties.getKey();
-        String iv = secretProperties.getIv();
-        CommonPager<DashboardUserVO> commonPager = dashboardUserService.listByPage(new DashboardUserQuery(userName, new PageParameter(currentPage, pageSize)));
+    public ShenyuAdminResult queryDashboardUsers(final String userName,
+                                                 final Integer currentPage,
+                                                 final Integer pageSize) {
+        CommonPager<DashboardUserVO> commonPager = dashboardUserService.listByPage(new DashboardUserQuery(userName,
+                new PageParameter(currentPage, pageSize)));
+
         if (CollectionUtils.isNotEmpty(commonPager.getDataList())) {
             commonPager.getDataList()
-                    .forEach(item -> item.setPassword(AesUtils.aesDecryption(item.getPassword(), key, iv)));
+                    .forEach(item -> item.setPassword(""));
             return ShenyuAdminResult.success(ShenyuResultMessage.QUERY_SUCCESS, commonPager);
         } else {
             return ShenyuAdminResult.error(ShenyuResultMessage.DASHBOARD_QUERY_ERROR);
@@ -90,6 +94,7 @@ public ShenyuAdminResult queryDashboardUsers(final String userName, final Intege
      * @param id dashboard user id.
      * @return {@linkplain ShenyuAdminResult}
      */
+    @RequiresPermissions("system:manager:list")
     @GetMapping("/{id}")
     public ShenyuAdminResult detailDashboardUser(@PathVariable("id") final String id) {
         DashboardUserEditVO dashboardUserEditVO = dashboardUserService.findById(id);
@@ -105,6 +110,7 @@ public ShenyuAdminResult detailDashboardUser(@PathVariable("id") final String id
      * @param dashboardUserDTO dashboard user.
      * @return {@linkplain ShenyuAdminResult}
      */
+    @RequiresPermissions("system:manager:add")
     @PostMapping("")
     public ShenyuAdminResult createDashboardUser(@Valid @RequestBody final DashboardUserDTO dashboardUserDTO) {
         String key = secretProperties.getKey();
@@ -123,6 +129,7 @@ public ShenyuAdminResult createDashboardUser(@Valid @RequestBody final Dashboard
      * @param dashboardUserDTO dashboard user.
      * @return {@linkplain ShenyuAdminResult}
      */
+    @RequiresPermissions("system:manager:edit")
     @PutMapping("/{id}")
     public ShenyuAdminResult updateDashboardUser(@PathVariable("id") final String id, @Valid @RequestBody final DashboardUserDTO dashboardUserDTO) {
         String key = secretProperties.getKey();
@@ -139,6 +146,7 @@ public ShenyuAdminResult updateDashboardUser(@PathVariable("id") final String id
      * @param ids primary key.
      * @return {@linkplain ShenyuAdminResult}
      */
+    @RequiresPermissions("system:manager:delete")
     @DeleteMapping("/batch")
     public ShenyuAdminResult deleteDashboardUser(@RequestBody @NotEmpty final List<@NotBlank String> ids) {
         Integer deleteCount = dashboardUserService.delete(ids);
diff --git a/shenyu-admin/src/main/java/org/apache/shenyu/admin/shiro/config/ShiroConfiguration.java b/shenyu-admin/src/main/java/org/apache/shenyu/admin/shiro/config/ShiroConfiguration.java
index 0484d06d1493..0e2efe3e874e 100644
--- a/shenyu-admin/src/main/java/org/apache/shenyu/admin/shiro/config/ShiroConfiguration.java
+++ b/shenyu-admin/src/main/java/org/apache/shenyu/admin/shiro/config/ShiroConfiguration.java
@@ -24,6 +24,7 @@
 import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
 import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
 import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
+import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -94,6 +95,18 @@ public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(
         return authorizationAttributeSourceAdvisor;
     }
 
+    /**
+     * Support shiro annotation.
+     *
+     * @return DefaultAdvisorAutoProxyCreator.
+     */
+    @Bean
+    public static DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator() {
+        DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
+        defaultAdvisorAutoProxyCreator.setProxyTargetClass(true);
+        return defaultAdvisorAutoProxyCreator;
+    }
+
     /**
      * shiro's lifecycle in spring.
      *
diff --git a/shenyu-admin/src/test/java/org/apache/shenyu/admin/controller/DashboardUserControllerTest.java b/shenyu-admin/src/test/java/org/apache/shenyu/admin/controller/DashboardUserControllerTest.java
index ed616f9ee546..e1f81c8d18da 100644
--- a/shenyu-admin/src/test/java/org/apache/shenyu/admin/controller/DashboardUserControllerTest.java
+++ b/shenyu-admin/src/test/java/org/apache/shenyu/admin/controller/DashboardUserControllerTest.java
@@ -98,7 +98,7 @@ public void queryDashboardUsers() throws Exception {
         mockMvc.perform(get(url))
                 .andExpect(status().isOk())
                 .andExpect(jsonPath("$.message", is(ShenyuResultMessage.QUERY_SUCCESS)))
-                .andExpect(jsonPath("$.data.dataList[0].password", is("123456")))
+                .andExpect(jsonPath("$.data.dataList[0].password", is("")))
                 .andReturn();
 
         final CommonPager<DashboardUserVO> commonPagerError = new CommonPager<>(new PageParameter(),