Added permission control for AttendanceManagement

2026-04-06 07:21:24 +08:00 · 2023-05-25 06:37:08 +08:00
parent 09e0fbe31b
commit 09bb7fe632
3 changed files with 86 additions and 12 deletions
--- a/Pinnacle/src/main/java/com/cfive/pinnacle/controller/AttendanceController.java
+++ b/Pinnacle/src/main/java/com/cfive/pinnacle/controller/AttendanceController.java
@@ -6,6 +6,7 @@ import com.cfive.pinnacle.entity.common.ResponseResult;
 import com.cfive.pinnacle.service.IAttendanceService;
 import com.cfive.pinnacle.utils.WebUtil;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 import java.util.List;
@@ -29,26 +30,30 @@ public class AttendanceController {
    //查询所有考勤信息和用户名
    @GetMapping("findAllAttendance")
-    public ResponseResult findAllAttendanceAndUser() {
+    @PreAuthorize("hasAuthority('attendance:manage:get')")
    public ResponseResult<List<Attendance>> findAllAttendanceAndUser() {
        List<Attendance> attendances = attendanceService.getAllAttendanceAndUser();
        return ResponseResult.build(ResponseCode.DATABASE_SELECT_OK, "success", attendances);
    }
    //查询个人考勤
    @GetMapping("/selectAttendance")
-    public ResponseResult findAttendanceAndUser() {
+    @PreAuthorize("hasAuthority('attendance:self:get')")
    public ResponseResult<List<Attendance>> findAttendanceAndUser() {
        Long userId = WebUtil.getLoginUser().getUser().getId();
        List<Attendance> attendances = attendanceService.getAttendanceAndUserByid(userId);
        return ResponseResult.build(ResponseCode.DATABASE_SELECT_OK, "success", attendances);
    }
    //模糊时间查询所有考勤信息
    @GetMapping("/findAttendanceByTime")
-    public ResponseResult findAttendanceAndUserByTime(String startTime,String endTime) {
+    @PreAuthorize("hasAuthority('attendance:manage:get')")
    public ResponseResult<List<Attendance>> findAttendanceAndUserByTime(String startTime,String endTime) {
        List<Attendance> attendances = attendanceService.selectByTime(startTime, endTime);
        return ResponseResult.build(ResponseCode.DATABASE_SELECT_OK, "success", attendances);
    }
    //用户个人模糊时间查询
    @GetMapping("/findOneAttendanceByTime")
-    public ResponseResult findOneAttendanceAndUserByTime(String startTime,String endTime) {
+    @PreAuthorize("hasAuthority('attendance:self:get')")
    public ResponseResult<List<Attendance>> findOneAttendanceAndUserByTime(String startTime,String endTime) {
        Long userId = WebUtil.getLoginUser().getUser().getId();
        List<Attendance> attendances = attendanceService.selectOneByTime(startTime, endTime,userId);
        System.out.println(attendances);
@@ -56,7 +61,8 @@ public class AttendanceController {
    }
    //添加或更新考勤信息
    @PostMapping("/saveAttendance")
-    public ResponseResult saveAttendance(@RequestBody Attendance attendance) {
+    @PreAuthorize("hasAuthority('attendance:manage:modify')")
    public ResponseResult<?> saveAttendance(@RequestBody Attendance attendance) {
        attendance.setModifyId(1652714496280469506L);
        return attendanceService.saveOrUpdate(attendance) ? ResponseResult.build(ResponseCode.DATABASE_SAVE_OK, "success", attendance) :
                ResponseResult.build(ResponseCode.DATABASE_SAVE_ERROR, "error", null);
@@ -65,7 +71,8 @@ public class AttendanceController {
    //个人签到
    @PostMapping("/saveOneAttendance")
-    public ResponseResult saveOneAttendance(@RequestBody Attendance attendance) {
+    @PreAuthorize("hasAuthority('attendance:self:check')")
    public ResponseResult<?> saveOneAttendance(@RequestBody Attendance attendance) {
        attendance.setModifyId(1652714496280469506L);
        attendance.setUserId(WebUtil.getLoginUser().getUser().getId());
        if (attendance.getAttTime().getHour() > 1 && attendance.getAttTime().getHour() < 10) {
@@ -97,14 +104,16 @@ public class AttendanceController {
    //删除考勤信息
    @DeleteMapping("/delAttendance/{id}")
-    public ResponseResult delAttendance(@PathVariable Long id) {
+    @PreAuthorize("hasAuthority('attendance:manage:delete')")
    public ResponseResult<?> delAttendance(@PathVariable Long id) {
        return attendanceService.removeById(id) ? ResponseResult.build(ResponseCode.DATABASE_DELETE_OK, "success", null) :
                ResponseResult.build(ResponseCode.DATABASE_DELETE_ERROR, "error", null);
    }
    //批量删除考勤信息
    @PostMapping("/delBatchAttendance")
-    public ResponseResult delBatchAttendance(@RequestBody List<Long> ids) {
+    @PreAuthorize("hasAuthority('attendance:manage:delete')")
    public ResponseResult<?> delBatchAttendance(@RequestBody List<Long> ids) {
        return attendanceService.removeByIds(ids) ? ResponseResult.build(ResponseCode.DATABASE_DELETE_OK, "success", null) :
                ResponseResult.build(ResponseCode.DATABASE_DELETE_ERROR, "error", null);
    }
--- a/sql/Insert.sql
+++ b/sql/Insert.sql
@@ -148,6 +148,70 @@ insert into t_operation(id, name, code, power_id, element_id, parent_id)
 VALUES (2020108, '修改工作事项（管理）', 'work:admin:modify', id, 2020100, null);
 commit;
 begin;
 insert into t_power (id, type_id)
 values (4010000, 1);
 insert into t_menu (id, name, url, power_id, parent_id)
 VALUES (4010000, '员工考勤', '/attendance/user', id, null);
 commit;
 begin;
 insert into t_power(id, type_id)
 VALUES (4010100, 2);
 insert into t_element(id, name, power_id, menu_id)
 VALUES (4010100, '列表', id, 4010000);
 commit;
 begin;
 insert into t_power(id, type_id)
 values (4010101, 3);
 insert into t_operation(id, name, code, power_id, element_id, parent_id)
 VALUES (4010101, '获取个人考勤', 'attendance:self:get', id, 4010100, null);
 commit;
 begin;
 insert into t_power(id, type_id)
 values (4010102, 3);
 insert into t_operation(id, name, code, power_id, element_id, parent_id)
 VALUES (4010102, '个人签到', 'attendance:self:check', id, 4010100, null);
 commit;
 begin;
 insert into t_power (id, type_id)
 values (4020000, 1);
 insert into t_menu (id, name, url, power_id, parent_id)
 VALUES (4020000, '考勤管理', '/attendance/manage', id, null);
 commit;
 begin;
 insert into t_power(id, type_id)
 VALUES (4020100, 2);
 insert into t_element(id, name, power_id, menu_id)
 VALUES (4020100, '列表', id, 4020000);
 commit;
 begin;
 insert into t_power(id, type_id)
 values (4020101, 3);
 insert into t_operation(id, name, code, power_id, element_id, parent_id)
 VALUES (4020101, '获取管理考勤', 'attendance:manage:get', id, 4020100, null);
 commit;
 begin;
 insert into t_power(id, type_id)
 values (4020102, 3);
 insert into t_operation(id, name, code, power_id, element_id, parent_id)
 VALUES (4020102, '删除管理考勤', 'attendance:manage:delete', id, 4020100, null);
 commit;
 begin;
 insert into t_power(id, type_id)
 values (4020103, 3);
 insert into t_operation(id, name, code, power_id, element_id, parent_id)
 VALUES (4020103, '修改管理考勤', 'attendance:manage:modify', id, 4020100, null);
 commit;
 begin;
@@ -203,14 +267,14 @@ begin;
 insert into t_power(id, type_id)
 values (5020102, 3);
 insert into t_operation(id, name, code, power_id, element_id, parent_id)
-VALUES (5020102, '修改审批事务', 'affair:manage:modify', id, 5020100, null);
+VALUES (5020102, '删除审批事务', 'affair:manage:delete', id, 5020100, null);
 commit;
 begin;
 insert into t_power(id, type_id)
 values (5020103, 3);
 insert into t_operation(id, name, code, power_id, element_id, parent_id)
-VALUES (5020103, '删除审批事务', 'affair:manage:delete', id, 5020100, null);
+VALUES (5020103, '修改审批事务', 'affair:manage:modify', id, 5020100, null);
 commit;
--- a/ui/src/router/attendance.ts
+++ b/ui/src/router/attendance.ts
@@ -27,10 +27,11 @@ const attendanceRouter = {
    ],
    meta: {
        title: '考勤',
        requiresMenu: true,
        icon: shallowRef(IconPinnacleAttendance),
        requiresMenu: true,
        requiresScrollbar: false,
-        requiresPadding: true
+        requiresPadding: true,
        requiresAuth: true
    }
 }