@RestController @Slf4j public class HomeController { //为了方便角色的判断,我们定义两个角色的常量 //这个常量的类型是Spring-Security角色类型固定的 public static final GrantedAuthority STUDENT= new SimpleGrantedAuthority("ROLE_STUDENT"); public static final GrantedAuthority TEACHER= new SimpleGrantedAuthority("ROLE_TEACHER"); //用于显示学生首页的控制器方法 @GetMapping("/index.html") public ModelAndView index( @AuthenticationPrincipal UserDetails user){ //判断当前登录用户的角色 if(user.getAuthorities().contains(TEACHER)){ return new ModelAndView("index_teacher"); }else if(user.getAuthorities().contains(STUDENT)) { return new ModelAndView("index"); } //不是学生也不是老师 return null; } //显示学生发布问题的页面的控制器方法 @GetMapping("/question/create.html") public ModelAndView createQuestion(){ // /templates/question/create.html return new ModelAndView("question/create"); } @GetMapping("/question/detail.html") public ModelAndView detail( @AuthenticationPrincipal UserDetails userDetails ){ if(userDetails.getAuthorities().contains(TEACHER)) {return new ModelAndView("question/detail_teacher");} if(userDetails.getAuthorities().contains(STUDENT)) {return new ModelAndView("question/detail");} return null; }
//讲师首页控制层方法
@GetMapping("/teacher")
//下面注解表示要想运行控制器的方法必须拥有ROLE_TEACHER的角色
@PreAuthorize("hasRole('ROLE_TEACHER')")
public R<PageInfo<Question>> teacher(
@AuthenticationPrincipal UserDetails user,
Integer pageNum){
if(pageNum==null)
pageNum=1;
Integer pageSize=8;
PageInfo<Question> pageInfo=questionService
.getQuestionsByTeacherName(
user.getUsername(),pageNum,pageSize);
return R.ok(pageInfo);
}
@Service
@Slf4j
public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements IUserService {
@Autowired
private UserMapper userMapper;
@Override
public UserDetails getUserDetails(String username) {
// 要返回用户详情,大致分两个部分
// 1.用户的密码,2.用户的权限
// 密码可以使用用户名查询用户对象获得
User user = userMapper.findUserByUsername(username);
//如果用户名不存在user就是null就不用继续执行了
if (user == null) {
return null;
}
//用户存在的情况下再去查询所有权限
List<Permission> ps = userMapper
.findUserPermissionsById(user.getId());
String[] auth = new String[ps.size()];
int i = 0;
for (Permission p : ps) {
auth[i++] = p.getName();
}
//查询用户给所有角色
List<Role> roles=userMapper
.findUserRolesById(user.getId());
//对auth数组进行扩容以存放用户的角色信息
auth= Arrays.copyOf(auth,auth.length+roles.size());
for(Role r:roles){
auth[i++]=r.getName();
}
//现在开始创建UserDetails对象
UserDetails u = org.springframework.security.core.userdetails
.User.builder()
.username(user.getUsername())
.password(user.getPassword())
//auth是包含当前用户所有权限的数组
.authorities(auth)
//Spring-Security提供了用户锁定或禁用的设置
//accountLocked()里写true表示锁定,不锁定要传false
.accountLocked(user.getLocked() == 1)
//disabled()里写true表示禁用,可用要传false
.disabled(user.getEnabled() == 0)
.build();
//千万不要忘了返回u 否则白写
return u;
}