@@ -11,6 +11,8 @@ import org.springframework.context.annotation.ComponentScan; | |||||
import org.springframework.context.annotation.EnableAspectJAutoProxy; | import org.springframework.context.annotation.EnableAspectJAutoProxy; | ||||
import org.springframework.scheduling.annotation.EnableAsync; | import org.springframework.scheduling.annotation.EnableAsync; | ||||
import org.springframework.scheduling.annotation.EnableScheduling; | import org.springframework.scheduling.annotation.EnableScheduling; | ||||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; | |||||
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; | |||||
import org.springframework.security.core.context.SecurityContextHolder; | import org.springframework.security.core.context.SecurityContextHolder; | ||||
import org.springframework.transaction.annotation.EnableTransactionManagement; | import org.springframework.transaction.annotation.EnableTransactionManagement; | ||||
@@ -21,6 +23,7 @@ import org.springframework.transaction.annotation.EnableTransactionManagement; | |||||
@EnableAsync | @EnableAsync | ||||
@MapperScan(App.MAPPER_PACKAGES) | @MapperScan(App.MAPPER_PACKAGES) | ||||
@EnableScheduling | @EnableScheduling | ||||
@EnableMethodSecurity | |||||
@EnableTransactionManagement | @EnableTransactionManagement | ||||
@EnableAspectJAutoProxy(exposeProxy = true) | @EnableAspectJAutoProxy(exposeProxy = true) | ||||
@ComponentScan(basePackages = {"com.hz.pm", "com.ningdatech.irs"}) | @ComponentScan(basePackages = {"com.hz.pm", "com.ningdatech.irs"}) | ||||
@@ -21,6 +21,7 @@ import io.swagger.annotations.Api; | |||||
import io.swagger.annotations.ApiOperation; | import io.swagger.annotations.ApiOperation; | ||||
import lombok.RequiredArgsConstructor; | import lombok.RequiredArgsConstructor; | ||||
import lombok.extern.slf4j.Slf4j; | import lombok.extern.slf4j.Slf4j; | ||||
import org.springframework.security.access.prepost.PreAuthorize; | |||||
import org.springframework.validation.annotation.Validated; | import org.springframework.validation.annotation.Validated; | ||||
import org.springframework.web.bind.annotation.*; | import org.springframework.web.bind.annotation.*; | ||||
@@ -92,6 +93,7 @@ public class MenuController { | |||||
@ApiOperation(value = "保存新菜单", notes = "保存新菜单") | @ApiOperation(value = "保存新菜单", notes = "保存新菜单") | ||||
@PostMapping("/save") | @PostMapping("/save") | ||||
@WebLog("保存菜单") | @WebLog("保存菜单") | ||||
@PreAuthorize("hasAuthority('SUPER_ADMIN')") | |||||
public MenuVO handlerSave(@Valid @RequestBody MenuSaveDTO data) { | public MenuVO handlerSave(@Valid @RequestBody MenuSaveDTO data) { | ||||
menuService.save(data, LoginUserUtil.getUserId()); | menuService.save(data, LoginUserUtil.getUserId()); | ||||
return BeanUtil.toBean(data, MenuVO.class); | return BeanUtil.toBean(data, MenuVO.class); | ||||
@@ -100,6 +102,7 @@ public class MenuController { | |||||
@ApiOperation(value = "编辑菜单", notes = "编辑菜单") | @ApiOperation(value = "编辑菜单", notes = "编辑菜单") | ||||
@PostMapping("/modify") | @PostMapping("/modify") | ||||
@WebLog("编辑菜单") | @WebLog("编辑菜单") | ||||
@PreAuthorize("hasAuthority('SUPER_ADMIN')") | |||||
public MenuVO handlerUpdate(@RequestBody MenuUpdateDTO data) { | public MenuVO handlerUpdate(@RequestBody MenuUpdateDTO data) { | ||||
menuService.update(data, LoginUserUtil.getUserId()); | menuService.update(data, LoginUserUtil.getUserId()); | ||||
return BeanUtil.toBean(data, MenuVO.class); | return BeanUtil.toBean(data, MenuVO.class); | ||||
@@ -108,6 +111,7 @@ public class MenuController { | |||||
@ApiOperation(value = "删除菜单", notes = "删除菜单") | @ApiOperation(value = "删除菜单", notes = "删除菜单") | ||||
@PostMapping("/remove") | @PostMapping("/remove") | ||||
@WebLog("删除菜单") | @WebLog("删除菜单") | ||||
@PreAuthorize("hasAuthority('SUPER_ADMIN')") | |||||
public Boolean handlerDelete(@RequestBody List<Long> ids) { | public Boolean handlerDelete(@RequestBody List<Long> ids) { | ||||
return menuService.removeByIdWithCache(ids); | return menuService.removeByIdWithCache(ids); | ||||
} | } | ||||
@@ -2,8 +2,6 @@ package com.hz.pm.api.sys.controller; | |||||
import cn.hutool.core.bean.BeanUtil; | import cn.hutool.core.bean.BeanUtil; | ||||
import cn.hutool.core.lang.Assert; | import cn.hutool.core.lang.Assert; | ||||
import com.ningdatech.basic.model.PageVo; | |||||
import com.ningdatech.log.annotation.WebLog; | |||||
import com.hz.pm.api.common.util.BizUtils; | import com.hz.pm.api.common.util.BizUtils; | ||||
import com.hz.pm.api.sys.manage.RoleManage; | import com.hz.pm.api.sys.manage.RoleManage; | ||||
import com.hz.pm.api.sys.model.dto.MenuDataScopeDTO; | import com.hz.pm.api.sys.model.dto.MenuDataScopeDTO; | ||||
@@ -14,10 +12,13 @@ import com.hz.pm.api.sys.model.req.RolePageReq; | |||||
import com.hz.pm.api.sys.model.vo.RoleVO; | import com.hz.pm.api.sys.model.vo.RoleVO; | ||||
import com.hz.pm.api.sys.service.IRoleService; | import com.hz.pm.api.sys.service.IRoleService; | ||||
import com.hz.pm.api.user.util.LoginUserUtil; | import com.hz.pm.api.user.util.LoginUserUtil; | ||||
import com.ningdatech.basic.model.PageVo; | |||||
import com.ningdatech.log.annotation.WebLog; | |||||
import io.swagger.annotations.Api; | import io.swagger.annotations.Api; | ||||
import io.swagger.annotations.ApiOperation; | import io.swagger.annotations.ApiOperation; | ||||
import lombok.RequiredArgsConstructor; | import lombok.RequiredArgsConstructor; | ||||
import lombok.extern.slf4j.Slf4j; | import lombok.extern.slf4j.Slf4j; | ||||
import org.springframework.security.access.prepost.PreAuthorize; | |||||
import org.springframework.validation.annotation.Validated; | import org.springframework.validation.annotation.Validated; | ||||
import org.springframework.web.bind.annotation.*; | import org.springframework.web.bind.annotation.*; | ||||
@@ -73,6 +74,7 @@ public class RoleController { | |||||
@ApiOperation(value = "保存新角色", notes = "保存新角色") | @ApiOperation(value = "保存新角色", notes = "保存新角色") | ||||
@PostMapping("/save") | @PostMapping("/save") | ||||
@WebLog("保存新角色") | @WebLog("保存新角色") | ||||
@PreAuthorize("hasAuthority('SUPER_ADMIN')") | |||||
public RoleVO handlerSave(@Valid @RequestBody RoleSaveDTO data) { | public RoleVO handlerSave(@Valid @RequestBody RoleSaveDTO data) { | ||||
roleService.saveRole(data, LoginUserUtil.getUserId()); | roleService.saveRole(data, LoginUserUtil.getUserId()); | ||||
return BeanUtil.toBean(data, RoleVO.class); | return BeanUtil.toBean(data, RoleVO.class); | ||||
@@ -81,6 +83,7 @@ public class RoleController { | |||||
@ApiOperation(value = "编辑角色", notes = "编辑角色") | @ApiOperation(value = "编辑角色", notes = "编辑角色") | ||||
@PostMapping("/modify") | @PostMapping("/modify") | ||||
@WebLog("编辑角色") | @WebLog("编辑角色") | ||||
@PreAuthorize("hasAuthority('SUPER_ADMIN')") | |||||
public RoleVO handlerUpdate(@Valid @RequestBody RoleUpdateDTO data) { | public RoleVO handlerUpdate(@Valid @RequestBody RoleUpdateDTO data) { | ||||
roleService.updateRole(data, LoginUserUtil.getUserId()); | roleService.updateRole(data, LoginUserUtil.getUserId()); | ||||
return BeanUtil.toBean(data, RoleVO.class); | return BeanUtil.toBean(data, RoleVO.class); | ||||
@@ -89,6 +92,7 @@ public class RoleController { | |||||
@ApiOperation(value = "删除角色", notes = "删除角色") | @ApiOperation(value = "删除角色", notes = "删除角色") | ||||
@PostMapping("/remove") | @PostMapping("/remove") | ||||
@WebLog("删除角色") | @WebLog("删除角色") | ||||
@PreAuthorize("hasAuthority('SUPER_ADMIN')") | |||||
public Boolean handlerDelete(@Valid @RequestBody List<Long> ids) { | public Boolean handlerDelete(@Valid @RequestBody List<Long> ids) { | ||||
return roleService.removeByIdWithCache(ids); | return roleService.removeByIdWithCache(ids); | ||||
} | } | ||||
@@ -1,7 +1,7 @@ | |||||
package com.hz.pm.api.user.security.model; | package com.hz.pm.api.user.security.model; | ||||
import cn.hutool.core.collection.CollUtil; | import cn.hutool.core.collection.CollUtil; | ||||
import cn.hutool.core.collection.CollectionUtil; | |||||
import cn.hutool.core.util.StrUtil; | |||||
import com.hz.pm.api.sys.model.entity.Role; | import com.hz.pm.api.sys.model.entity.Role; | ||||
import com.hz.pm.api.user.model.enumeration.RoleEnum; | import com.hz.pm.api.user.model.enumeration.RoleEnum; | ||||
import com.ningdatech.basic.auth.AbstractLoginUser; | import com.ningdatech.basic.auth.AbstractLoginUser; | ||||
@@ -75,7 +75,13 @@ public class UserInfoDetails extends AbstractLoginUser implements UserDetails { | |||||
if (CollUtil.isNotEmpty(this.userRoleList)) { | if (CollUtil.isNotEmpty(this.userRoleList)) { | ||||
List<SimpleGrantedAuthority> authorities = new ArrayList<>(); | List<SimpleGrantedAuthority> authorities = new ArrayList<>(); | ||||
for (Role role : this.userRoleList) { | for (Role role : this.userRoleList) { | ||||
authorities.add(new SimpleGrantedAuthority(role.getCode())); | |||||
String roleCode; | |||||
if (StrUtil.isBlank(role.getCode())) { | |||||
roleCode = String.valueOf(role.getId()); | |||||
} else { | |||||
roleCode = role.getCode(); | |||||
} | |||||
authorities.add(new SimpleGrantedAuthority(roleCode)); | |||||
} | } | ||||
return authorities; | return authorities; | ||||
} | } | ||||
@@ -149,7 +155,7 @@ public class UserInfoDetails extends AbstractLoginUser implements UserDetails { | |||||
return Boolean.FALSE; | return Boolean.FALSE; | ||||
} | } | ||||
public List<Long> getRoleIds(){ | |||||
public List<Long> getRoleIds() { | |||||
if (this.userRoleList != null && !this.userRoleList.isEmpty()) { | if (this.userRoleList != null && !this.userRoleList.isEmpty()) { | ||||
return this.userRoleList.stream().map(Role::getId).collect(Collectors.toList()); | return this.userRoleList.stream().map(Role::getId).collect(Collectors.toList()); | ||||
} | } | ||||