From 29cd8a52418b90dea6758317ce8a2fe626285168 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=A2=81=E5=AE=87=E5=A5=87?= Date: Fri, 6 Jun 2025 11:17:35 +0800 Subject: [PATCH] =?UTF-8?q?=E8=B0=83=E6=95=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../web/controller/system/SysConfigController.java | 2 +- .../web/controller/system/SysMenuController.java | 5 +++++ .../web/controller/system/SysRoleController.java | 11 +++++++++++ .../web/controller/system/SysUserController.java | 12 ++++++++++++ .../web/controller/xkt/StoreOrderController.java | 13 +++++++++++++ 5 files changed, 42 insertions(+), 1 deletion(-) diff --git a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysConfigController.java b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysConfigController.java index 74ab1056c..d4ee7dfc2 100644 --- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysConfigController.java +++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysConfigController.java @@ -81,7 +81,7 @@ public class SysConfigController extends BaseController { /** * 修改参数配置 */ - @PreAuthorize("@ss.hasAnyRoles('admin,store')||@ss.hasSupplierSubRole()") + @PreAuthorize("@ss.hasPermi('system:config:edit')") @Log(title = "参数管理", businessType = BusinessType.UPDATE) @PutMapping public AjaxResult edit(@Validated @RequestBody SysConfig config) { diff --git a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysMenuController.java b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysMenuController.java index e48f3ee2e..3b8bc6d2c 100644 --- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysMenuController.java +++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysMenuController.java @@ -15,6 +15,7 @@ import com.ruoyi.web.controller.xkt.vo.IdsVO; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import lombok.RequiredArgsConstructor; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.*; @@ -59,6 +60,7 @@ public class SysMenuController extends XktBaseController { return R.ok(BeanUtil.toBean(infoDTO, MenuInfoVO.class)); } + @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')") @Log(title = "菜单管理", businessType = BusinessType.INSERT) @ApiOperation("创建菜单") @PostMapping("create") @@ -69,6 +71,7 @@ public class SysMenuController extends XktBaseController { return R.ok(menuId); } + @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')") @Log(title = "菜单管理", businessType = BusinessType.UPDATE) @ApiOperation("修改菜单") @PostMapping("edit") @@ -81,6 +84,7 @@ public class SysMenuController extends XktBaseController { return R.ok(vo.getMenuId()); } + @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')") @Log(title = "菜单管理", businessType = BusinessType.DELETE) @ApiOperation("删除菜单") @PostMapping("/remove") @@ -91,6 +95,7 @@ public class SysMenuController extends XktBaseController { return R.ok(scope.getCount()); } + @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')") @Log(title = "菜单管理", businessType = BusinessType.UPDATE) @ApiOperation("修改菜单状态") @PostMapping("/changeStatus") diff --git a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java index affbcefa7..07a8d6c3b 100644 --- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java +++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java @@ -22,6 +22,7 @@ import com.ruoyi.web.controller.xkt.vo.IdsVO; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import lombok.RequiredArgsConstructor; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.*; @@ -46,6 +47,7 @@ public class SysRoleController extends XktBaseController { final TokenService tokenService; final ISysUserService userService; + @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')") @ApiOperation(value = "角色分页查询 - 管理员") @PostMapping("/page") public R> page(@Validated @RequestBody RoleQueryVO vo) { @@ -55,6 +57,7 @@ public class SysRoleController extends XktBaseController { return R.ok(PageVO.of(page, RoleListItemVO.class)); } + @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')") @ApiOperation(value = "所有角色 - 管理员") @PostMapping("/all") public R> all() { @@ -62,6 +65,7 @@ public class SysRoleController extends XktBaseController { return R.ok(BeanUtil.copyToList(all, RoleListItemVO.class)); } + @PreAuthorize("@ss.hasAnyRoles('admin,general_admin,store')") @ApiOperation(value = "角色分页查询 - 档口") @PostMapping("/store/page") public R> pageByStore(@Validated @RequestBody RoleQueryVO vo) { @@ -73,6 +77,7 @@ public class SysRoleController extends XktBaseController { return R.ok(PageVO.of(page, RoleListItemVO.class)); } + @PreAuthorize("@ss.hasAnyRoles('admin,general_admin,store')") @ApiOperation(value = "所有角色 - 档口") @PostMapping("/store/all") public R> allByStore() { @@ -83,6 +88,7 @@ public class SysRoleController extends XktBaseController { return R.ok(BeanUtil.copyToList(all, RoleListItemVO.class)); } + @PreAuthorize("@ss.hasAnyRoles('admin,general_admin,store')") @ApiOperation(value = "角色详情") @GetMapping(value = "/{id}") public R getInfo(@PathVariable("id") Long id) { @@ -93,6 +99,7 @@ public class SysRoleController extends XktBaseController { return R.ok(vo); } + @PreAuthorize("@ss.hasAnyRoles('admin,general_admin,store')") @Log(title = "角色管理", businessType = BusinessType.INSERT) @ApiOperation("创建角色") @PostMapping("create") @@ -104,6 +111,7 @@ public class SysRoleController extends XktBaseController { return R.ok(roleId); } + @PreAuthorize("@ss.hasAnyRoles('admin,general_admin,store')") @Log(title = "角色管理", businessType = BusinessType.UPDATE) @ApiOperation("修改角色") @PostMapping("edit") @@ -116,6 +124,7 @@ public class SysRoleController extends XktBaseController { return R.ok(vo.getRoleId()); } + @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')") @Log(title = "角色管理", businessType = BusinessType.EXPORT) @ApiOperation("导出") @PostMapping("/export") @@ -126,6 +135,7 @@ public class SysRoleController extends XktBaseController { util.exportExcel(response, list, "角色数据"); } + @PreAuthorize("@ss.hasAnyRoles('admin,general_admin,store')") @Log(title = "角色管理", businessType = BusinessType.DELETE) @ApiOperation("删除角色") @PostMapping("/remove") @@ -136,6 +146,7 @@ public class SysRoleController extends XktBaseController { return R.ok(scope.getCount()); } + @PreAuthorize("@ss.hasAnyRoles('admin,general_admin,store')") @Log(title = "角色管理", businessType = BusinessType.UPDATE) @ApiOperation("修改角色状态") @PostMapping("/changeStatus") diff --git a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java index de8de00dd..c38423184 100644 --- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java +++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java @@ -26,6 +26,7 @@ import com.ruoyi.web.controller.xkt.vo.IdsVO; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.*; import org.springframework.web.multipart.MultipartFile; @@ -51,6 +52,7 @@ public class SysUserController extends BaseController { @Autowired private TokenService tokenService; + @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')") @ApiOperation(value = "用户分页查询 - 管理员") @PostMapping("/page") public R> page(@Validated @RequestBody UserQueryVO vo) { @@ -60,6 +62,7 @@ public class SysUserController extends BaseController { return R.ok(PageVO.of(page, UserListItemVO.class)); } + @PreAuthorize("@ss.hasAnyRoles('store')") @ApiOperation(value = "用户分页查询 - 档口") @PostMapping("/store/page") public R> pageByStore(@Validated @RequestBody UserQueryVO vo) { @@ -71,6 +74,7 @@ public class SysUserController extends BaseController { return R.ok(PageVO.of(page, UserListItemVO.class)); } + @PreAuthorize("@ss.hasAnyRoles('admin,general_admin,store')") @ApiOperation(value = "用户详情") @GetMapping(value = "/{id}") public R getInfo(@PathVariable("id") Long id) { @@ -81,6 +85,7 @@ public class SysUserController extends BaseController { return R.ok(vo); } + @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')") @Log(title = "用户管理", businessType = BusinessType.INSERT) @ApiOperation("创建用户") @PostMapping("create") @@ -91,6 +96,7 @@ public class SysUserController extends BaseController { return R.ok(userId); } + @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')") @Log(title = "用户管理", businessType = BusinessType.UPDATE) @ApiOperation("修改用户") @PostMapping("edit") @@ -103,6 +109,7 @@ public class SysUserController extends BaseController { return R.ok(userId); } + @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')") @Log(title = "用户管理", businessType = BusinessType.EXPORT) @ApiOperation("导出") @PostMapping("/export") @@ -113,6 +120,7 @@ public class SysUserController extends BaseController { util.exportExcel(response, list, "用户数据"); } + @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')") @Log(title = "用户管理", businessType = BusinessType.IMPORT) @ApiOperation("导入") @PostMapping("/importData") @@ -124,6 +132,7 @@ public class SysUserController extends BaseController { return success(message); } + @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')") @ApiOperation("导入模板") @PostMapping("/importTemplate") public void importTemplate(HttpServletResponse response) { @@ -132,6 +141,7 @@ public class SysUserController extends BaseController { } + @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')") @Log(title = "用户管理", businessType = BusinessType.DELETE) @ApiOperation("删除用户") @PostMapping("/remove") @@ -142,6 +152,7 @@ public class SysUserController extends BaseController { return R.ok(count); } + @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')") @Log(title = "用户管理", businessType = BusinessType.UPDATE) @ApiOperation("修改用户状态") @PostMapping("/changeStatus") @@ -157,6 +168,7 @@ public class SysUserController extends BaseController { /** * 重置密码 */ + @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')") @ApiOperation("重置密码") @Log(title = "用户管理", businessType = BusinessType.UPDATE) @PostMapping("/resetPwd") diff --git a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/xkt/StoreOrderController.java b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/xkt/StoreOrderController.java index 8a84db4f4..93026bc33 100644 --- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/xkt/StoreOrderController.java +++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/xkt/StoreOrderController.java @@ -32,6 +32,7 @@ import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ResponseHeader; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.*; @@ -62,6 +63,7 @@ public class StoreOrderController extends XktBaseController { @Autowired private RedisCache redisCache; + @PreAuthorize("@ss.hasRole('seller')") @Log(title = "订单", businessType = BusinessType.INSERT) @ApiOperation("创建订单") @PostMapping("create") @@ -77,6 +79,7 @@ public class StoreOrderController extends XktBaseController { return success(respVO); } + @PreAuthorize("@ss.hasRole('seller')") @Log(title = "订单", businessType = BusinessType.UPDATE) @ApiOperation("修改订单") @PostMapping("edit") @@ -88,6 +91,7 @@ public class StoreOrderController extends XktBaseController { return success(result.getOrder().getId()); } + @PreAuthorize("@ss.hasRole('seller')") @Log(title = "订单", businessType = BusinessType.OTHER) @ApiOperation("支付订单") @PostMapping("pay") @@ -102,6 +106,7 @@ public class StoreOrderController extends XktBaseController { return success(respVO); } + @PreAuthorize("@ss.hasRole('seller')") @Log(title = "订单", businessType = BusinessType.UPDATE) @ApiOperation("取消订单") @PostMapping("cancel") @@ -124,6 +129,7 @@ public class StoreOrderController extends XktBaseController { } + @PreAuthorize("@ss.hasAnyRoles('store,seller')||@ss.hasSupplierSubRole()") @ApiOperation(value = "订单分页查询") @PostMapping("/page") @ResponseHeader @@ -138,6 +144,7 @@ public class StoreOrderController extends XktBaseController { return success(PageVO.of(pageDTO, StoreOrderPageItemVO.class)); } + @PreAuthorize("@ss.hasAnyRoles('store')||@ss.hasSupplierSubRole()") @Log(title = "订单", businessType = BusinessType.OTHER) @ApiOperation("发货-平台物流") @PostMapping("ship/platform") @@ -154,6 +161,7 @@ public class StoreOrderController extends XktBaseController { return success(respList); } + @PreAuthorize("@ss.hasAnyRoles('store')||@ss.hasSupplierSubRole()") @Log(title = "订单", businessType = BusinessType.OTHER) @ApiOperation("发货-档口物流") @PostMapping("ship/store") @@ -170,6 +178,7 @@ public class StoreOrderController extends XktBaseController { return success(respList); } + @PreAuthorize("@ss.hasAnyRoles('store')||@ss.hasSupplierSubRole()") @Log(title = "订单", businessType = BusinessType.OTHER) @ApiOperation("打印面单") @PostMapping("ship/print") @@ -185,6 +194,7 @@ public class StoreOrderController extends XktBaseController { return success(rtnList); } + @PreAuthorize("@ss.hasAnyRoles('seller')") @Log(title = "订单", businessType = BusinessType.OTHER) @ApiOperation("确认收货") @PostMapping("receipt") @@ -194,6 +204,7 @@ public class StoreOrderController extends XktBaseController { return success(); } + @PreAuthorize("@ss.hasAnyRoles('seller')") @Log(title = "订单", businessType = BusinessType.OTHER) @ApiOperation("申请售后(创建售后订单)") @PostMapping("refund/apply") @@ -229,6 +240,7 @@ public class StoreOrderController extends XktBaseController { return success(afterSaleApplyResult.getStoreOrderId()); } + @PreAuthorize("@ss.hasAnyRoles('store')||@ss.hasSupplierSubRole()") @Log(title = "订单", businessType = BusinessType.OTHER) @ApiOperation("确认退款") @PostMapping("refund/confirm") @@ -260,6 +272,7 @@ public class StoreOrderController extends XktBaseController { return success(); } + @PreAuthorize("@ss.hasAnyRoles('store')||@ss.hasSupplierSubRole()") @Log(title = "订单", businessType = BusinessType.OTHER) @ApiOperation("拒绝退款") @PostMapping("refund/reject")