调整

2025-06-06 11:17:35 +08:00 · 2025-06-06 11:17:35 +08:00 · 29cd8a5241
parent dd25d08717
commit 29cd8a5241
5 changed files with 42 additions and 1 deletions
--- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysConfigController.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysConfigController.java
@ -81,7 +81,7 @@ public class SysConfigController extends BaseController {
    /**
     * 修改参数配置
     */
-    @PreAuthorize("@ss.hasAnyRoles('admin,store')||@ss.hasSupplierSubRole()")
+    @PreAuthorize("@ss.hasPermi('system:config:edit')")
    @Log(title = "参数管理", businessType = BusinessType.UPDATE)
    @PutMapping
    public AjaxResult edit(@Validated @RequestBody SysConfig config) {
--- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysMenuController.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysMenuController.java
@ -15,6 +15,7 @@ import com.ruoyi.web.controller.xkt.vo.IdsVO;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import lombok.RequiredArgsConstructor;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;

@ -59,6 +60,7 @@ public class SysMenuController extends XktBaseController {
        return R.ok(BeanUtil.toBean(infoDTO, MenuInfoVO.class));
    }

+    @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')")
    @Log(title = "菜单管理", businessType = BusinessType.INSERT)
    @ApiOperation("创建菜单")
    @PostMapping("create")
@ -69,6 +71,7 @@ public class SysMenuController extends XktBaseController {
        return R.ok(menuId);
    }

+    @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')")
    @Log(title = "菜单管理", businessType = BusinessType.UPDATE)
    @ApiOperation("修改菜单")
    @PostMapping("edit")
@ -81,6 +84,7 @@ public class SysMenuController extends XktBaseController {
        return R.ok(vo.getMenuId());
    }

+    @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')")
    @Log(title = "菜单管理", businessType = BusinessType.DELETE)
    @ApiOperation("删除菜单")
    @PostMapping("/remove")
@ -91,6 +95,7 @@ public class SysMenuController extends XktBaseController {
        return R.ok(scope.getCount());
    }

+    @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')")
    @Log(title = "菜单管理", businessType = BusinessType.UPDATE)
    @ApiOperation("修改菜单状态")
    @PostMapping("/changeStatus")
--- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java
@ -22,6 +22,7 @@ import com.ruoyi.web.controller.xkt.vo.IdsVO;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import lombok.RequiredArgsConstructor;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;

@ -46,6 +47,7 @@ public class SysRoleController extends XktBaseController {
    final TokenService tokenService;
    final ISysUserService userService;

+    @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')")
    @ApiOperation(value = "角色分页查询 - 管理员")
    @PostMapping("/page")
    public R<PageVO<RoleListItemVO>> page(@Validated @RequestBody RoleQueryVO vo) {
@ -55,6 +57,7 @@ public class SysRoleController extends XktBaseController {
        return R.ok(PageVO.of(page, RoleListItemVO.class));
    }

+    @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')")
    @ApiOperation(value = "所有角色 - 管理员")
    @PostMapping("/all")
    public R<List<RoleListItemVO>> all() {
@ -62,6 +65,7 @@ public class SysRoleController extends XktBaseController {
        return R.ok(BeanUtil.copyToList(all, RoleListItemVO.class));
    }

+    @PreAuthorize("@ss.hasAnyRoles('admin,general_admin,store')")
    @ApiOperation(value = "角色分页查询 - 档口")
    @PostMapping("/store/page")
    public R<PageVO<RoleListItemVO>> pageByStore(@Validated @RequestBody RoleQueryVO vo) {
@ -73,6 +77,7 @@ public class SysRoleController extends XktBaseController {
        return R.ok(PageVO.of(page, RoleListItemVO.class));
    }

+    @PreAuthorize("@ss.hasAnyRoles('admin,general_admin,store')")
    @ApiOperation(value = "所有角色 - 档口")
    @PostMapping("/store/all")
    public R<List<RoleListItemVO>> allByStore() {
@ -83,6 +88,7 @@ public class SysRoleController extends XktBaseController {
        return R.ok(BeanUtil.copyToList(all, RoleListItemVO.class));
    }

+    @PreAuthorize("@ss.hasAnyRoles('admin,general_admin,store')")
    @ApiOperation(value = "角色详情")
    @GetMapping(value = "/{id}")
    public R<RoleInfoVO> getInfo(@PathVariable("id") Long id) {
@ -93,6 +99,7 @@ public class SysRoleController extends XktBaseController {
        return R.ok(vo);
    }

+    @PreAuthorize("@ss.hasAnyRoles('admin,general_admin,store')")
    @Log(title = "角色管理", businessType = BusinessType.INSERT)
    @ApiOperation("创建角色")
    @PostMapping("create")
@ -104,6 +111,7 @@ public class SysRoleController extends XktBaseController {
        return R.ok(roleId);
    }

+    @PreAuthorize("@ss.hasAnyRoles('admin,general_admin,store')")
    @Log(title = "角色管理", businessType = BusinessType.UPDATE)
    @ApiOperation("修改角色")
    @PostMapping("edit")
@ -116,6 +124,7 @@ public class SysRoleController extends XktBaseController {
        return R.ok(vo.getRoleId());
    }

+    @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')")
    @Log(title = "角色管理", businessType = BusinessType.EXPORT)
    @ApiOperation("导出")
    @PostMapping("/export")
@ -126,6 +135,7 @@ public class SysRoleController extends XktBaseController {
        util.exportExcel(response, list, "角色数据");
    }

+    @PreAuthorize("@ss.hasAnyRoles('admin,general_admin,store')")
    @Log(title = "角色管理", businessType = BusinessType.DELETE)
    @ApiOperation("删除角色")
    @PostMapping("/remove")
@ -136,6 +146,7 @@ public class SysRoleController extends XktBaseController {
        return R.ok(scope.getCount());
    }

+    @PreAuthorize("@ss.hasAnyRoles('admin,general_admin,store')")
    @Log(title = "角色管理", businessType = BusinessType.UPDATE)
    @ApiOperation("修改角色状态")
    @PostMapping("/changeStatus")
--- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java
@ -26,6 +26,7 @@ import com.ruoyi.web.controller.xkt.vo.IdsVO;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
@ -51,6 +52,7 @@ public class SysUserController extends BaseController {
    @Autowired
    private TokenService tokenService;

+    @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')")
    @ApiOperation(value = "用户分页查询 - 管理员")
    @PostMapping("/page")
    public R<PageVO<UserListItemVO>> page(@Validated @RequestBody UserQueryVO vo) {
@ -60,6 +62,7 @@ public class SysUserController extends BaseController {
        return R.ok(PageVO.of(page, UserListItemVO.class));
    }

+    @PreAuthorize("@ss.hasAnyRoles('store')")
    @ApiOperation(value = "用户分页查询 - 档口")
    @PostMapping("/store/page")
    public R<PageVO<UserListItemVO>> pageByStore(@Validated @RequestBody UserQueryVO vo) {
@ -71,6 +74,7 @@ public class SysUserController extends BaseController {
        return R.ok(PageVO.of(page, UserListItemVO.class));
    }

+    @PreAuthorize("@ss.hasAnyRoles('admin,general_admin,store')")
    @ApiOperation(value = "用户详情")
    @GetMapping(value = "/{id}")
    public R<UserInfoVO> getInfo(@PathVariable("id") Long id) {
@ -81,6 +85,7 @@ public class SysUserController extends BaseController {
        return R.ok(vo);
    }

+    @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')")
    @Log(title = "用户管理", businessType = BusinessType.INSERT)
    @ApiOperation("创建用户")
    @PostMapping("create")
@ -91,6 +96,7 @@ public class SysUserController extends BaseController {
        return R.ok(userId);
    }

+    @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')")
    @Log(title = "用户管理", businessType = BusinessType.UPDATE)
    @ApiOperation("修改用户")
    @PostMapping("edit")
@ -103,6 +109,7 @@ public class SysUserController extends BaseController {
        return R.ok(userId);
    }

+    @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')")
    @Log(title = "用户管理", businessType = BusinessType.EXPORT)
    @ApiOperation("导出")
    @PostMapping("/export")
@ -113,6 +120,7 @@ public class SysUserController extends BaseController {
        util.exportExcel(response, list, "用户数据");
    }

+    @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')")
    @Log(title = "用户管理", businessType = BusinessType.IMPORT)
    @ApiOperation("导入")
    @PostMapping("/importData")
@ -124,6 +132,7 @@ public class SysUserController extends BaseController {
        return success(message);
    }

+    @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')")
    @ApiOperation("导入模板")
    @PostMapping("/importTemplate")
    public void importTemplate(HttpServletResponse response) {
@ -132,6 +141,7 @@ public class SysUserController extends BaseController {
    }


+    @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')")
    @Log(title = "用户管理", businessType = BusinessType.DELETE)
    @ApiOperation("删除用户")
    @PostMapping("/remove")
@ -142,6 +152,7 @@ public class SysUserController extends BaseController {
        return R.ok(count);
    }

+    @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')")
    @Log(title = "用户管理", businessType = BusinessType.UPDATE)
    @ApiOperation("修改用户状态")
    @PostMapping("/changeStatus")
@ -157,6 +168,7 @@ public class SysUserController extends BaseController {
    /**
     * 重置密码
     */
+    @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')")
    @ApiOperation("重置密码")
    @Log(title = "用户管理", businessType = BusinessType.UPDATE)
    @PostMapping("/resetPwd")
--- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/xkt/StoreOrderController.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/xkt/StoreOrderController.java
@ -32,6 +32,7 @@ import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ResponseHeader;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;

@ -62,6 +63,7 @@ public class StoreOrderController extends XktBaseController {
    @Autowired
    private RedisCache redisCache;

+    @PreAuthorize("@ss.hasRole('seller')")
    @Log(title = "订单", businessType = BusinessType.INSERT)
    @ApiOperation("创建订单")
    @PostMapping("create")
@ -77,6 +79,7 @@ public class StoreOrderController extends XktBaseController {
        return success(respVO);
    }

+    @PreAuthorize("@ss.hasRole('seller')")
    @Log(title = "订单", businessType = BusinessType.UPDATE)
    @ApiOperation("修改订单")
    @PostMapping("edit")
@ -88,6 +91,7 @@ public class StoreOrderController extends XktBaseController {
        return success(result.getOrder().getId());
    }

+    @PreAuthorize("@ss.hasRole('seller')")
    @Log(title = "订单", businessType = BusinessType.OTHER)
    @ApiOperation("支付订单")
    @PostMapping("pay")
@ -102,6 +106,7 @@ public class StoreOrderController extends XktBaseController {
        return success(respVO);
    }

+    @PreAuthorize("@ss.hasRole('seller')")
    @Log(title = "订单", businessType = BusinessType.UPDATE)
    @ApiOperation("取消订单")
    @PostMapping("cancel")
@ -124,6 +129,7 @@ public class StoreOrderController extends XktBaseController {
    }


+    @PreAuthorize("@ss.hasAnyRoles('store,seller')||@ss.hasSupplierSubRole()")
    @ApiOperation(value = "订单分页查询")
    @PostMapping("/page")
    @ResponseHeader
@ -138,6 +144,7 @@ public class StoreOrderController extends XktBaseController {
        return success(PageVO.of(pageDTO, StoreOrderPageItemVO.class));
    }

+    @PreAuthorize("@ss.hasAnyRoles('store')||@ss.hasSupplierSubRole()")
    @Log(title = "订单", businessType = BusinessType.OTHER)
    @ApiOperation("发货-平台物流")
    @PostMapping("ship/platform")
@ -154,6 +161,7 @@ public class StoreOrderController extends XktBaseController {
        return success(respList);
    }

+    @PreAuthorize("@ss.hasAnyRoles('store')||@ss.hasSupplierSubRole()")
    @Log(title = "订单", businessType = BusinessType.OTHER)
    @ApiOperation("发货-档口物流")
    @PostMapping("ship/store")
@ -170,6 +178,7 @@ public class StoreOrderController extends XktBaseController {
        return success(respList);
    }

+    @PreAuthorize("@ss.hasAnyRoles('store')||@ss.hasSupplierSubRole()")
    @Log(title = "订单", businessType = BusinessType.OTHER)
    @ApiOperation("打印面单")
    @PostMapping("ship/print")
@ -185,6 +194,7 @@ public class StoreOrderController extends XktBaseController {
        return success(rtnList);
    }

+    @PreAuthorize("@ss.hasAnyRoles('seller')")
    @Log(title = "订单", businessType = BusinessType.OTHER)
    @ApiOperation("确认收货")
    @PostMapping("receipt")
@ -194,6 +204,7 @@ public class StoreOrderController extends XktBaseController {
        return success();
    }

+    @PreAuthorize("@ss.hasAnyRoles('seller')")
    @Log(title = "订单", businessType = BusinessType.OTHER)
    @ApiOperation("申请售后（创建售后订单）")
    @PostMapping("refund/apply")
@ -229,6 +240,7 @@ public class StoreOrderController extends XktBaseController {
        return success(afterSaleApplyResult.getStoreOrderId());
    }

+    @PreAuthorize("@ss.hasAnyRoles('store')||@ss.hasSupplierSubRole()")
    @Log(title = "订单", businessType = BusinessType.OTHER)
    @ApiOperation("确认退款")
    @PostMapping("refund/confirm")
@ -260,6 +272,7 @@ public class StoreOrderController extends XktBaseController {
        return success();
    }

+    @PreAuthorize("@ss.hasAnyRoles('store')||@ss.hasSupplierSubRole()")
    @Log(title = "订单", businessType = BusinessType.OTHER)
    @ApiOperation("拒绝退款")
    @PostMapping("refund/reject")