Added permission control for AttendanceManagement

2026-04-04 22:41:24 +08:00 · 2023-05-25 06:37:08 +08:00
parent 09e0fbe31b
commit 09bb7fe632
3 changed files with 86 additions and 12 deletions
--- a/Pinnacle/src/main/java/com/cfive/pinnacle/controller/AttendanceController.java
+++ b/Pinnacle/src/main/java/com/cfive/pinnacle/controller/AttendanceController.java
@@ -6,6 +6,7 @@ import com.cfive.pinnacle.entity.common.ResponseResult;
 import com.cfive.pinnacle.service.IAttendanceService;
 import com.cfive.pinnacle.utils.WebUtil;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;

 import java.util.List;
@@ -29,26 +30,30 @@ public class AttendanceController {

    //查询所有考勤信息和用户名
    @GetMapping("findAllAttendance")
-    public ResponseResult findAllAttendanceAndUser() {
+    @PreAuthorize("hasAuthority('attendance:manage:get')")
+    public ResponseResult<List<Attendance>> findAllAttendanceAndUser() {
        List<Attendance> attendances = attendanceService.getAllAttendanceAndUser();
        return ResponseResult.build(ResponseCode.DATABASE_SELECT_OK, "success", attendances);
    }
    //查询个人考勤
    @GetMapping("/selectAttendance")
-    public ResponseResult findAttendanceAndUser() {
+    @PreAuthorize("hasAuthority('attendance:self:get')")
+    public ResponseResult<List<Attendance>> findAttendanceAndUser() {
        Long userId = WebUtil.getLoginUser().getUser().getId();
        List<Attendance> attendances = attendanceService.getAttendanceAndUserByid(userId);
        return ResponseResult.build(ResponseCode.DATABASE_SELECT_OK, "success", attendances);
    }
    //模糊时间查询所有考勤信息
    @GetMapping("/findAttendanceByTime")
-    public ResponseResult findAttendanceAndUserByTime(String startTime,String endTime) {
+    @PreAuthorize("hasAuthority('attendance:manage:get')")
+    public ResponseResult<List<Attendance>> findAttendanceAndUserByTime(String startTime,String endTime) {
        List<Attendance> attendances = attendanceService.selectByTime(startTime, endTime);
        return ResponseResult.build(ResponseCode.DATABASE_SELECT_OK, "success", attendances);
    }
    //用户个人模糊时间查询
    @GetMapping("/findOneAttendanceByTime")
-    public ResponseResult findOneAttendanceAndUserByTime(String startTime,String endTime) {
+    @PreAuthorize("hasAuthority('attendance:self:get')")
+    public ResponseResult<List<Attendance>> findOneAttendanceAndUserByTime(String startTime,String endTime) {
        Long userId = WebUtil.getLoginUser().getUser().getId();
        List<Attendance> attendances = attendanceService.selectOneByTime(startTime, endTime,userId);
        System.out.println(attendances);
@@ -56,7 +61,8 @@ public class AttendanceController {
    }
    //添加或更新考勤信息
    @PostMapping("/saveAttendance")
-    public ResponseResult saveAttendance(@RequestBody Attendance attendance) {
+    @PreAuthorize("hasAuthority('attendance:manage:modify')")
+    public ResponseResult<?> saveAttendance(@RequestBody Attendance attendance) {
        attendance.setModifyId(1652714496280469506L);
        return attendanceService.saveOrUpdate(attendance) ? ResponseResult.build(ResponseCode.DATABASE_SAVE_OK, "success", attendance) :
                ResponseResult.build(ResponseCode.DATABASE_SAVE_ERROR, "error", null);
@@ -65,7 +71,8 @@ public class AttendanceController {

    //个人签到
    @PostMapping("/saveOneAttendance")
-    public ResponseResult saveOneAttendance(@RequestBody Attendance attendance) {
+    @PreAuthorize("hasAuthority('attendance:self:check')")
+    public ResponseResult<?> saveOneAttendance(@RequestBody Attendance attendance) {
        attendance.setModifyId(1652714496280469506L);
        attendance.setUserId(WebUtil.getLoginUser().getUser().getId());
        if (attendance.getAttTime().getHour() > 1 && attendance.getAttTime().getHour() < 10) {
@@ -97,14 +104,16 @@ public class AttendanceController {

    //删除考勤信息
    @DeleteMapping("/delAttendance/{id}")
-    public ResponseResult delAttendance(@PathVariable Long id) {
+    @PreAuthorize("hasAuthority('attendance:manage:delete')")
+    public ResponseResult<?> delAttendance(@PathVariable Long id) {
        return attendanceService.removeById(id) ? ResponseResult.build(ResponseCode.DATABASE_DELETE_OK, "success", null) :
                ResponseResult.build(ResponseCode.DATABASE_DELETE_ERROR, "error", null);
    }

    //批量删除考勤信息
    @PostMapping("/delBatchAttendance")
-    public ResponseResult delBatchAttendance(@RequestBody List<Long> ids) {
+    @PreAuthorize("hasAuthority('attendance:manage:delete')")
+    public ResponseResult<?> delBatchAttendance(@RequestBody List<Long> ids) {
        return attendanceService.removeByIds(ids) ? ResponseResult.build(ResponseCode.DATABASE_DELETE_OK, "success", null) :
                ResponseResult.build(ResponseCode.DATABASE_DELETE_ERROR, "error", null);
    }