From 418fd840951e16aa9e9f6d7c6e07599eda97018e Mon Sep 17 00:00:00 2001 From: FatttSnake Date: Fri, 26 May 2023 05:19:29 +0800 Subject: [PATCH] Added permission control for NoticeeManagement --- .../pinnacle/controller/NoticeController.java | 11 +- .../controller/NoticeTypeController.java | 13 +- sql/Insert.sql | 124 ++++++++++++++++-- 3 files changed, 131 insertions(+), 17 deletions(-) diff --git a/Pinnacle/src/main/java/com/cfive/pinnacle/controller/NoticeController.java b/Pinnacle/src/main/java/com/cfive/pinnacle/controller/NoticeController.java index 801231f..d935435 100644 --- a/Pinnacle/src/main/java/com/cfive/pinnacle/controller/NoticeController.java +++ b/Pinnacle/src/main/java/com/cfive/pinnacle/controller/NoticeController.java @@ -3,13 +3,12 @@ package com.cfive.pinnacle.controller; import com.baomidou.mybatisplus.core.metadata.IPage; import com.baomidou.mybatisplus.extension.plugins.pagination.Page; import com.cfive.pinnacle.entity.Notice; -import com.cfive.pinnacle.entity.NoticeReceive; import com.cfive.pinnacle.entity.common.ResponseCode; import com.cfive.pinnacle.entity.common.ResponseResult; import com.cfive.pinnacle.service.INoticeReceiveService; import com.cfive.pinnacle.service.INoticeService; -import com.cfive.pinnacle.utils.WebUtil; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.util.StringUtils; import org.springframework.web.bind.annotation.*; @@ -35,6 +34,7 @@ public class NoticeController { //根据公告id查公告信息及发布人 @GetMapping("/{nid}") + @PreAuthorize("hasAuthority('notice:manage:get')") public ResponseResult selectByNoticeId(@PathVariable Long nid) { Notice noticeById = noticeService.selectByNoticeId(nid); Integer code = noticeById != null ? ResponseCode.DATABASE_SELECT_OK : ResponseCode.DATABASE_SELECT_ERROR; @@ -44,6 +44,7 @@ public class NoticeController { //查询所有公告或模糊查询 @GetMapping + @PreAuthorize("hasAuthority('notice:manage:get')") public ResponseResult> selectAllNotice(String title, String type, String startTime, String endTime) { List noticeList; if (!StringUtils.hasText(title) && !StringUtils.hasText(type) && !StringUtils.hasText(startTime) && !StringUtils.hasText(endTime)) { @@ -59,6 +60,7 @@ public class NoticeController { //根据登录用户id查询所接收的公告 @GetMapping("/self") + @PreAuthorize("hasAuthority('notice:self:get')") public ResponseResult> selectByUserId(Integer readStatus) { List noticesByUserId = noticeReceiveService.selectByUserId(readStatus); Integer code = noticesByUserId != null ? ResponseCode.DATABASE_SELECT_OK : ResponseCode.DATABASE_SELECT_ERROR; @@ -68,6 +70,7 @@ public class NoticeController { //修改登录用户所接收公告的阅读状态 @PutMapping("/modify_notice_read") + @PreAuthorize("hasAuthority('notice:self:get')") public ResponseResult modifyNoticeIsRead(@RequestBody Notice notice) { boolean updateById = false; if (null != notice) { @@ -88,6 +91,7 @@ public class NoticeController { //修改公告置顶状态 @PutMapping("/update_notice_top") + @PreAuthorize("hasAuthority('notice:self:get')") public ResponseResult updateNoticeTop(@RequestBody Notice notice) { String operationMessage = notice.getTop() == 1 ? "取消置顶" : "置顶"; boolean updateResult = noticeService.updateNoticeTop(notice); @@ -97,6 +101,7 @@ public class NoticeController { //添加公告 @PostMapping + @PreAuthorize("hasAuthority('notice:manage:add')") public ResponseResult addNotice(@RequestBody Notice notice) { Boolean insertNotice = noticeService.addNotice(notice); String msg = insertNotice ? "" : "数据添加失败,请重试!"; @@ -105,6 +110,7 @@ public class NoticeController { //删除公告 @DeleteMapping("/{nid}") + @PreAuthorize("hasAuthority('notice:manage:modify')") public ResponseResult deleteByNoticeId(@PathVariable Long nid) { boolean removeById = noticeService.deleteById(nid); String msg = removeById ? "" : "数据删除失败,请重试!"; @@ -113,6 +119,7 @@ public class NoticeController { //分页查询所有公告或分页模糊查询 @GetMapping("/page") + @PreAuthorize("hasAuthority('notice:manage:get')") public ResponseResult> selectPageAllNotice(Integer currentPage, Integer pageSize, String title, String type, String startTime, String endTime) { IPage noticePageList; Page page = new Page(); diff --git a/Pinnacle/src/main/java/com/cfive/pinnacle/controller/NoticeTypeController.java b/Pinnacle/src/main/java/com/cfive/pinnacle/controller/NoticeTypeController.java index 18de656..6b12fb3 100644 --- a/Pinnacle/src/main/java/com/cfive/pinnacle/controller/NoticeTypeController.java +++ b/Pinnacle/src/main/java/com/cfive/pinnacle/controller/NoticeTypeController.java @@ -5,9 +5,8 @@ import com.cfive.pinnacle.entity.common.ResponseCode; import com.cfive.pinnacle.entity.common.ResponseResult; import com.cfive.pinnacle.service.INoticeTypeService; import lombok.extern.slf4j.Slf4j; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.util.StringUtils; import org.springframework.web.bind.annotation.*; @@ -32,6 +31,7 @@ public class NoticeTypeController { //查询已启用的公告类型 @GetMapping("/enable") + @PreAuthorize("hasAnyAuthority('notice:type:enable', 'notice:self:get', 'notice:manage:get')") public ResponseResult> selectEnableTypeList(){ List selectTypeName = noticeTypeService.selectEnableTypeList(); Integer code = selectTypeName != null ? ResponseCode.DATABASE_SELECT_OK : ResponseCode.DATABASE_SELECT_ERROR; @@ -41,6 +41,7 @@ public class NoticeTypeController { //查询所有公告类型 @GetMapping + @PreAuthorize("hasAuthority('notice:type:get')") public ResponseResult> selectTypeList(){ List selectTypeList = noticeTypeService.selectTypeList(); Integer code = selectTypeList != null ? ResponseCode.DATABASE_SELECT_OK : ResponseCode.DATABASE_SELECT_ERROR; @@ -50,6 +51,7 @@ public class NoticeTypeController { //修改公告类型启用或禁用 @GetMapping("/update") + @PreAuthorize("hasAuthority('notice:type:modify')") public ResponseResult updateTypeEnableById(String typeId,Integer enable){ Long tid=null; if (StringUtils.hasText(typeId)){ @@ -62,14 +64,16 @@ public class NoticeTypeController { //添加公告类型 @PostMapping - public ResponseResult addNoticeType(@RequestBody NoticeType noticeType){ + @PreAuthorize("hasAuthority('notice:type:add')") + public ResponseResult addNoticeType(@RequestBody NoticeType noticeType){ Boolean insertNotice = noticeTypeService.addNoticeType(noticeType); String msg = insertNotice ? "" : "数据添加失败,请重试!"; - return ResponseResult.build(insertNotice ? ResponseCode.DATABASE_SAVE_OK : ResponseCode.DATABASE_SAVE_ERROR, msg, insertNotice); + return ResponseResult.build(insertNotice ? ResponseCode.DATABASE_SAVE_OK : ResponseCode.DATABASE_SAVE_ERROR, msg, null); } //修改公告类型 @PutMapping + @PreAuthorize("hasAuthority('notice:type:modify')") public ResponseResult updateNoticeType(@RequestBody NoticeType noticeType){ boolean updateById =noticeTypeService.updateNoticeType(noticeType); String msg = updateById ? "" : "数据修改失败,请重试!"; @@ -78,6 +82,7 @@ public class NoticeTypeController { //删除公告类型 @DeleteMapping("/{typeId}") + @PreAuthorize("hasAuthority('notice:type:delete')") public ResponseResult deleteNoticeTypeById(@PathVariable Long typeId) { boolean removeById = noticeTypeService.deleteNoticeTypeById(typeId); String msg = removeById ? "" : "数据删除失败,请重试!"; diff --git a/sql/Insert.sql b/sql/Insert.sql index 4299a81..bc25e58 100644 --- a/sql/Insert.sql +++ b/sql/Insert.sql @@ -148,6 +148,118 @@ insert into t_operation(id, name, code, power_id, element_id, parent_id) VALUES (2020108, '修改工作事项(管理)', 'work:admin:modify', id, 2020100, null); commit; +begin; +insert into t_power (id, type_id) +values (3010000, 1); +insert into t_menu (id, name, url, power_id, parent_id) +VALUES (3010000, '公告查看', '/notice/view', id, null); +commit; + +begin; +insert into t_power(id, type_id) +VALUES (3010100, 2); +insert into t_element(id, name, power_id, menu_id) +VALUES (3010100, '列表', id, 3010000); +commit; + +begin; +insert into t_power(id, type_id) +values (3010101, 3); +insert into t_operation(id, name, code, power_id, element_id, parent_id) +VALUES (3010101, '获取接收的公告', 'notice:self:get', id, 3010100, null); +commit; + +begin; +insert into t_power (id, type_id) +values (3020000, 1); +insert into t_menu (id, name, url, power_id, parent_id) +VALUES (3020000, '公告管理', '/notice/manage', id, null); +commit; + +begin; +insert into t_power(id, type_id) +VALUES (3020100, 2); +insert into t_element(id, name, power_id, menu_id) +VALUES (3020100, '列表', id, 3020000); +commit; + +begin; +insert into t_power(id, type_id) +values (3020101, 3); +insert into t_operation(id, name, code, power_id, element_id, parent_id) +VALUES (3020101, '获取所有公告', 'notice:manage:get', id, 3030100, null); +commit; + +begin; +insert into t_power(id, type_id) +values (3020102, 3); +insert into t_operation(id, name, code, power_id, element_id, parent_id) +VALUES (3020102, '发布公告', 'notice:manage:add', id, 3030100, null); +commit; + +begin; +insert into t_power(id, type_id) +values (3020103, 3); +insert into t_operation(id, name, code, power_id, element_id, parent_id) +VALUES (3020103, '删除公告', 'notice:manage:delete', id, 3030100, null); +commit; + +begin; +insert into t_power(id, type_id) +values (3020104, 3); +insert into t_operation(id, name, code, power_id, element_id, parent_id) +VALUES (3020104, '修改公告', 'notice:manage:modify', id, 3030100, null); +commit; + +begin; +insert into t_power (id, type_id) +values (3030000, 1); +insert into t_menu (id, name, url, power_id, parent_id) +VALUES (3030000, '公告类型管理', '/notice/typeManage', id, null); +commit; + +begin; +insert into t_power(id, type_id) +VALUES (3030100, 2); +insert into t_element(id, name, power_id, menu_id) +VALUES (3030100, '列表', id, 3030000); +commit; + +begin; +insert into t_power(id, type_id) +values (3030101, 3); +insert into t_operation(id, name, code, power_id, element_id, parent_id) +VALUES (3030101, '获取已启用的公告类型', 'notice:type:enable', id, 3030100, null); +commit; + +begin; +insert into t_power(id, type_id) +values (3030102, 3); +insert into t_operation(id, name, code, power_id, element_id, parent_id) +VALUES (3030102, '获取所有公告类型', 'notice:type:get', id, 3030100, null); +commit; + +begin; +insert into t_power(id, type_id) +values (3030103, 3); +insert into t_operation(id, name, code, power_id, element_id, parent_id) +VALUES (3030103, '添加公告类型', 'notice:type:add', id, 3030100, null); +commit; + +begin; +insert into t_power(id, type_id) +values (3030104, 3); +insert into t_operation(id, name, code, power_id, element_id, parent_id) +VALUES (3030104, '修改公告类型', 'notice:type:modify', id, 3030100, null); +commit; + +begin; +insert into t_power(id, type_id) +values (3030105, 3); +insert into t_operation(id, name, code, power_id, element_id, parent_id) +VALUES (3030105, '删除公告类型', 'notice:type:delete', id, 3030100, null); +commit; + begin; insert into t_power (id, type_id) values (4010000, 1); @@ -166,14 +278,7 @@ begin; insert into t_power(id, type_id) values (4010101, 3); insert into t_operation(id, name, code, power_id, element_id, parent_id) -VALUES (4010101, '获取个人考勤', 'attendance:self:get', id, 4010100, null); -commit; - -begin; -insert into t_power(id, type_id) -values (4010102, 3); -insert into t_operation(id, name, code, power_id, element_id, parent_id) -VALUES (4010102, '个人签到', 'attendance:self:check', id, 4010100, null); +VALUES (4010101, '个人签到', 'attendance:self:check', id, 4010100, null); commit; begin; @@ -211,9 +316,6 @@ insert into t_operation(id, name, code, power_id, element_id, parent_id) VALUES (4020103, '修改管理考勤', 'attendance:manage:modify', id, 4020100, null); commit; - - - begin; insert into t_power (id, type_id) values (5010000, 1);