Add permission control
This commit is contained in:
@@ -3,6 +3,7 @@ package top.fatweb.api.controller.permission
|
||||
import io.swagger.v3.oas.annotations.Operation
|
||||
import io.swagger.v3.oas.annotations.tags.Tag
|
||||
import jakarta.validation.Valid
|
||||
import org.springframework.security.access.prepost.PreAuthorize
|
||||
import org.springframework.web.bind.annotation.*
|
||||
import top.fatweb.api.entity.common.ResponseCode
|
||||
import top.fatweb.api.entity.common.ResponseResult
|
||||
@@ -24,24 +25,27 @@ import top.fatweb.api.vo.permission.GroupWithRoleVo
|
||||
class GroupController(
|
||||
val groupService: IGroupService
|
||||
) {
|
||||
@Operation(summary = "获取用户组")
|
||||
@GetMapping
|
||||
fun get(@Valid groupGetParam: GroupGetParam?): ResponseResult<PageVo<GroupWithRoleVo>> {
|
||||
return ResponseResult.databaseSuccess(
|
||||
data = groupService.getPage(groupGetParam)
|
||||
)
|
||||
}
|
||||
|
||||
@Operation(summary = "获取单个用户组")
|
||||
@GetMapping("/{id}")
|
||||
@PreAuthorize("hasAnyAuthority('system:group:query:one')")
|
||||
fun getOne(@PathVariable id: Long): ResponseResult<GroupWithRoleVo> {
|
||||
return ResponseResult.databaseSuccess(
|
||||
data = groupService.getOne(id)
|
||||
)
|
||||
}
|
||||
|
||||
@Operation(summary = "获取用户组")
|
||||
@GetMapping
|
||||
@PreAuthorize("hasAnyAuthority('system:group:query:all')")
|
||||
fun get(@Valid groupGetParam: GroupGetParam?): ResponseResult<PageVo<GroupWithRoleVo>> {
|
||||
return ResponseResult.databaseSuccess(
|
||||
data = groupService.getPage(groupGetParam)
|
||||
)
|
||||
}
|
||||
|
||||
@Operation(summary = "获取用户组列表")
|
||||
@GetMapping("/list")
|
||||
@PreAuthorize("hasAnyAuthority('system:group:query:list', 'system:user:add:one', 'system:user:modify:one')")
|
||||
fun list(): ResponseResult<List<GroupVo>> {
|
||||
return ResponseResult.databaseSuccess(
|
||||
data = groupService.listAll()
|
||||
@@ -50,6 +54,7 @@ class GroupController(
|
||||
|
||||
@Operation(summary = "添加用户组")
|
||||
@PostMapping
|
||||
@PreAuthorize("hasAnyAuthority('system:group:add:one')")
|
||||
fun add(@Valid @RequestBody groupAddParam: GroupAddParam): ResponseResult<GroupVo> {
|
||||
return groupService.add(groupAddParam)?.let {
|
||||
ResponseResult.databaseSuccess(
|
||||
@@ -60,6 +65,7 @@ class GroupController(
|
||||
|
||||
@Operation(summary = "修改用户组")
|
||||
@PutMapping
|
||||
@PreAuthorize("hasAnyAuthority('system:group:modify:one')")
|
||||
fun update(@Valid @RequestBody groupUpdateParam: GroupUpdateParam): ResponseResult<GroupVo> {
|
||||
return groupService.update(groupUpdateParam)?.let {
|
||||
ResponseResult.databaseSuccess(
|
||||
@@ -70,6 +76,7 @@ class GroupController(
|
||||
|
||||
@Operation(summary = "修改用户组状态")
|
||||
@PatchMapping
|
||||
@PreAuthorize("hasAnyAuthority('system:group:modify:status')")
|
||||
fun changStatus(@Valid @RequestBody groupChangeStatusParam: GroupChangeStatusParam): ResponseResult<Nothing> {
|
||||
return if (groupService.changeStatus(groupChangeStatusParam)) {
|
||||
ResponseResult.databaseSuccess(ResponseCode.DATABASE_UPDATE_SUCCESS)
|
||||
@@ -80,6 +87,7 @@ class GroupController(
|
||||
|
||||
@Operation(summary = "删除角色")
|
||||
@DeleteMapping("/{id}")
|
||||
@PreAuthorize("hasAnyAuthority('system:group:delete:one')")
|
||||
fun delete(@PathVariable id: Long): ResponseResult<Nothing> {
|
||||
groupService.deleteOne(id)
|
||||
return ResponseResult.databaseSuccess(ResponseCode.DATABASE_DELETE_SUCCESS)
|
||||
@@ -87,6 +95,7 @@ class GroupController(
|
||||
|
||||
@Operation(summary = "批量删除角色")
|
||||
@DeleteMapping
|
||||
@PreAuthorize("hasAnyAuthority('system:group:delete:multiple')")
|
||||
fun deleteList(@Valid @RequestBody groupDeleteParam: GroupDeleteParam): ResponseResult<Nothing> {
|
||||
groupService.delete(groupDeleteParam)
|
||||
return ResponseResult.databaseSuccess(ResponseCode.DATABASE_DELETE_SUCCESS)
|
||||
|
||||
@@ -2,6 +2,7 @@ package top.fatweb.api.controller.permission
|
||||
|
||||
import io.swagger.v3.oas.annotations.Operation
|
||||
import io.swagger.v3.oas.annotations.tags.Tag
|
||||
import org.springframework.security.access.prepost.PreAuthorize
|
||||
import org.springframework.web.bind.annotation.GetMapping
|
||||
import org.springframework.web.bind.annotation.RequestMapping
|
||||
import org.springframework.web.bind.annotation.RestController
|
||||
@@ -22,5 +23,6 @@ class PowerController(
|
||||
) {
|
||||
@Operation(summary = "获取权限列表")
|
||||
@GetMapping("/list")
|
||||
@PreAuthorize("hasAnyAuthority('system:power:query:list', 'system:role:add:one', 'system:role:modify:one')")
|
||||
fun getList() = ResponseResult.databaseSuccess(data = powerService.getList())
|
||||
}
|
||||
@@ -3,14 +3,15 @@ package top.fatweb.api.controller.permission
|
||||
import io.swagger.v3.oas.annotations.Operation
|
||||
import io.swagger.v3.oas.annotations.tags.Tag
|
||||
import jakarta.validation.Valid
|
||||
import org.springframework.security.access.prepost.PreAuthorize
|
||||
import org.springframework.web.bind.annotation.*
|
||||
import top.fatweb.api.entity.common.ResponseCode
|
||||
import top.fatweb.api.entity.common.ResponseResult
|
||||
import top.fatweb.api.param.permission.role.*
|
||||
import top.fatweb.api.service.permission.IRoleService
|
||||
import top.fatweb.api.vo.PageVo
|
||||
import top.fatweb.api.vo.permission.base.RoleVo
|
||||
import top.fatweb.api.vo.permission.RoleWithPowerVo
|
||||
import top.fatweb.api.vo.permission.base.RoleVo
|
||||
|
||||
/**
|
||||
* Role controller
|
||||
@@ -24,24 +25,27 @@ import top.fatweb.api.vo.permission.RoleWithPowerVo
|
||||
class RoleController(
|
||||
private val roleService: IRoleService
|
||||
) {
|
||||
@Operation(summary = "获取角色")
|
||||
@GetMapping
|
||||
fun get(roleGetParam: RoleGetParam?): ResponseResult<PageVo<RoleWithPowerVo>> {
|
||||
return ResponseResult.databaseSuccess(
|
||||
data = roleService.getPage(roleGetParam)
|
||||
)
|
||||
}
|
||||
|
||||
@Operation(summary = "获取单个角色")
|
||||
@GetMapping("/{id}")
|
||||
@PreAuthorize("hasAnyAuthority('system:role:query:one')")
|
||||
fun getOne(@PathVariable id: Long): ResponseResult<RoleWithPowerVo> {
|
||||
return ResponseResult.databaseSuccess(
|
||||
data = roleService.getOne(id)
|
||||
)
|
||||
}
|
||||
|
||||
@Operation(summary = "获取角色")
|
||||
@GetMapping
|
||||
@PreAuthorize("hasAnyAuthority('system:role:query:all')")
|
||||
fun get(roleGetParam: RoleGetParam?): ResponseResult<PageVo<RoleWithPowerVo>> {
|
||||
return ResponseResult.databaseSuccess(
|
||||
data = roleService.getPage(roleGetParam)
|
||||
)
|
||||
}
|
||||
|
||||
@Operation(summary = "获取角色列表")
|
||||
@GetMapping("/list")
|
||||
@PreAuthorize("hasAnyAuthority('system:role:query:list', 'system:group:add:one', 'system:group:modify:one', 'system:user:add:one', 'system:user:modify:one')")
|
||||
fun list(): ResponseResult<List<RoleVo>> {
|
||||
return ResponseResult.databaseSuccess(
|
||||
data = roleService.listAll()
|
||||
@@ -50,6 +54,7 @@ class RoleController(
|
||||
|
||||
@Operation(summary = "添加角色")
|
||||
@PostMapping
|
||||
@PreAuthorize("hasAnyAuthority('system:role:add:one')")
|
||||
fun add(@Valid @RequestBody roleAddParam: RoleAddParam): ResponseResult<RoleVo> {
|
||||
return roleService.add(roleAddParam)?.let {
|
||||
ResponseResult.databaseSuccess(
|
||||
@@ -60,6 +65,7 @@ class RoleController(
|
||||
|
||||
@Operation(summary = "修改角色")
|
||||
@PutMapping
|
||||
@PreAuthorize("hasAnyAuthority('system:role:modify:one')")
|
||||
fun update(@Valid @RequestBody roleUpdateParam: RoleUpdateParam): ResponseResult<RoleVo> {
|
||||
return roleService.update(roleUpdateParam)?.let {
|
||||
ResponseResult.databaseSuccess(
|
||||
@@ -70,6 +76,7 @@ class RoleController(
|
||||
|
||||
@Operation(summary = "修改角色状态")
|
||||
@PatchMapping
|
||||
@PreAuthorize("hasAnyAuthority('system:role:modify:status')")
|
||||
fun changStatus(@Valid @RequestBody roleChangeStatusParam: RoleChangeStatusParam): ResponseResult<Nothing> {
|
||||
return if (roleService.changeStatus(roleChangeStatusParam)) {
|
||||
ResponseResult.databaseSuccess(ResponseCode.DATABASE_UPDATE_SUCCESS)
|
||||
@@ -80,6 +87,7 @@ class RoleController(
|
||||
|
||||
@Operation(summary = "删除角色")
|
||||
@DeleteMapping("/{id}")
|
||||
@PreAuthorize("hasAnyAuthority('system:role:delete:one')")
|
||||
fun delete(@PathVariable id: Long): ResponseResult<Nothing> {
|
||||
roleService.deleteOne(id)
|
||||
return ResponseResult.databaseSuccess(ResponseCode.DATABASE_DELETE_SUCCESS)
|
||||
@@ -87,6 +95,7 @@ class RoleController(
|
||||
|
||||
@Operation(summary = "批量删除角色")
|
||||
@DeleteMapping
|
||||
@PreAuthorize("hasAnyAuthority('system:role:delete:multiple')")
|
||||
fun deleteList(@Valid @RequestBody roleDeleteParam: RoleDeleteParam): ResponseResult<Nothing> {
|
||||
roleService.delete(roleDeleteParam)
|
||||
return ResponseResult.databaseSuccess(ResponseCode.DATABASE_DELETE_SUCCESS)
|
||||
|
||||
@@ -3,6 +3,7 @@ package top.fatweb.api.controller.permission
|
||||
import io.swagger.v3.oas.annotations.Operation
|
||||
import io.swagger.v3.oas.annotations.tags.Tag
|
||||
import jakarta.validation.Valid
|
||||
import org.springframework.security.access.prepost.PreAuthorize
|
||||
import org.springframework.web.bind.annotation.*
|
||||
import top.fatweb.api.entity.common.ResponseCode
|
||||
import top.fatweb.api.entity.common.ResponseResult
|
||||
@@ -34,16 +35,9 @@ class UserController(
|
||||
} ?: let { return ResponseResult.databaseFail() }
|
||||
}
|
||||
|
||||
@Operation(summary = "获取用户")
|
||||
@GetMapping
|
||||
fun get(@Valid userGetParam: UserGetParam?): ResponseResult<PageVo<UserWithRoleInfoVo>> {
|
||||
return ResponseResult.databaseSuccess(
|
||||
data = userService.getPage(userGetParam)
|
||||
)
|
||||
}
|
||||
|
||||
@Operation(summary = "获取单个用户")
|
||||
@GetMapping("/{id}")
|
||||
@PreAuthorize("hasAnyAuthority('system:user:query:one')")
|
||||
fun getOne(@PathVariable id: Long): ResponseResult<UserWithRoleInfoVo> {
|
||||
return userService.getOne(id)?.let {
|
||||
ResponseResult.databaseSuccess(data = it)
|
||||
@@ -52,8 +46,18 @@ class UserController(
|
||||
}
|
||||
}
|
||||
|
||||
@Operation(summary = "获取用户")
|
||||
@GetMapping
|
||||
@PreAuthorize("hasAnyAuthority('system:user:query:all')")
|
||||
fun get(@Valid userGetParam: UserGetParam?): ResponseResult<PageVo<UserWithRoleInfoVo>> {
|
||||
return ResponseResult.databaseSuccess(
|
||||
data = userService.getPage(userGetParam)
|
||||
)
|
||||
}
|
||||
|
||||
@Operation(summary = "添加用户")
|
||||
@PostMapping
|
||||
@PreAuthorize("hasAnyAuthority('system:user:add:one')")
|
||||
fun add(@Valid @RequestBody userAddParam: UserAddParam): ResponseResult<UserWithPasswordRoleInfoVo> {
|
||||
return userService.add(userAddParam)?.let {
|
||||
ResponseResult.databaseSuccess(
|
||||
@@ -64,6 +68,7 @@ class UserController(
|
||||
|
||||
@Operation(summary = "修改用户")
|
||||
@PutMapping
|
||||
@PreAuthorize("hasAnyAuthority('system:user:modify:one')")
|
||||
fun update(@Valid @RequestBody userUpdateParam: UserUpdateParam): ResponseResult<UserWithRoleInfoVo> {
|
||||
return userService.update(userUpdateParam)?.let {
|
||||
ResponseResult.databaseSuccess(
|
||||
@@ -74,6 +79,7 @@ class UserController(
|
||||
|
||||
@Operation(summary = "修改密码")
|
||||
@PatchMapping
|
||||
@PreAuthorize("hasAnyAuthority('system:user:modify:password')")
|
||||
fun changePassword(@Valid @RequestBody userChangePasswordParam: UserChangePasswordParam): ResponseResult<Nothing> {
|
||||
userService.changePassword(userChangePasswordParam)
|
||||
return ResponseResult.databaseSuccess(ResponseCode.DATABASE_UPDATE_SUCCESS)
|
||||
@@ -81,6 +87,7 @@ class UserController(
|
||||
|
||||
@Operation(summary = "删除用户")
|
||||
@DeleteMapping("/{id}")
|
||||
@PreAuthorize("hasAnyAuthority('system:user:delete:one')")
|
||||
fun delete(@PathVariable id: Long): ResponseResult<Nothing> {
|
||||
userService.deleteOne(id)
|
||||
return ResponseResult.databaseSuccess(ResponseCode.DATABASE_DELETE_SUCCESS)
|
||||
@@ -88,6 +95,7 @@ class UserController(
|
||||
|
||||
@Operation(summary = "批量删除用户")
|
||||
@DeleteMapping
|
||||
@PreAuthorize("hasAnyAuthority('system:user:delete:multiple')")
|
||||
fun deleteList(@Valid @RequestBody userDeleteParam: UserDeleteParam): ResponseResult<Nothing> {
|
||||
userService.delete(userDeleteParam)
|
||||
return ResponseResult.databaseSuccess(ResponseCode.DATABASE_DELETE_SUCCESS)
|
||||
|
||||
@@ -3,6 +3,7 @@ package top.fatweb.api.controller.system
|
||||
import io.swagger.v3.oas.annotations.Operation
|
||||
import io.swagger.v3.oas.annotations.tags.Tag
|
||||
import jakarta.validation.Valid
|
||||
import org.springframework.security.access.prepost.PreAuthorize
|
||||
import org.springframework.web.bind.annotation.GetMapping
|
||||
import org.springframework.web.bind.annotation.RequestMapping
|
||||
import org.springframework.web.bind.annotation.RestController
|
||||
@@ -28,6 +29,7 @@ class SysLogController(
|
||||
) {
|
||||
@Operation(summary = "获取")
|
||||
@GetMapping
|
||||
@PreAuthorize("hasAnyAuthority('system:log:query:all')")
|
||||
fun get(@Valid sysLogGetParam: SysLogGetParam?): ResponseResult<PageVo<SysLogVo>> {
|
||||
return ResponseResult.success(
|
||||
ResponseCode.DATABASE_SELECT_SUCCESS, data = SysLogConverter.sysLogPageToSysLogPageVo(
|
||||
|
||||
@@ -3,6 +3,7 @@ package top.fatweb.api.entity.permission
|
||||
import com.fasterxml.jackson.annotation.JsonIgnore
|
||||
import com.fasterxml.jackson.annotation.JsonTypeInfo
|
||||
import org.springframework.security.core.GrantedAuthority
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority
|
||||
import org.springframework.security.core.userdetails.UserDetails
|
||||
import java.time.LocalDateTime
|
||||
import java.time.ZoneOffset
|
||||
@@ -27,7 +28,7 @@ class LoginUser() : UserDetails {
|
||||
@JsonIgnore
|
||||
override fun getAuthorities(): List<GrantedAuthority> {
|
||||
authorities?.let { return it }
|
||||
authorities = emptyList()
|
||||
authorities = user.operations?.map { SimpleGrantedAuthority(it.code) } ?: emptyList()
|
||||
|
||||
return authorities as List<GrantedAuthority>
|
||||
}
|
||||
|
||||
@@ -8,6 +8,7 @@ import org.slf4j.LoggerFactory
|
||||
import org.springframework.dao.DuplicateKeyException
|
||||
import org.springframework.http.converter.HttpMessageNotReadableException
|
||||
import org.springframework.jdbc.BadSqlGrammarException
|
||||
import org.springframework.security.access.AccessDeniedException
|
||||
import org.springframework.security.authentication.*
|
||||
import org.springframework.web.HttpRequestMethodNotSupportedException
|
||||
import org.springframework.web.bind.MethodArgumentNotValidException
|
||||
@@ -106,6 +107,11 @@ class ExceptionHandler {
|
||||
ResponseResult.fail(ResponseCode.PERMISSION_TOKEN_HAS_EXPIRED, e.localizedMessage, null)
|
||||
}
|
||||
|
||||
is AccessDeniedException -> {
|
||||
logger.debug(e.localizedMessage, e)
|
||||
ResponseResult.fail(ResponseCode.PERMISSION_ACCESS_DENIED, "Access Denied", null)
|
||||
}
|
||||
|
||||
is BadSqlGrammarException -> {
|
||||
logger.debug(e.localizedMessage, e)
|
||||
ResponseResult.fail(ResponseCode.DATABASE_EXECUTE_ERROR, "Incorrect SQL syntax", null)
|
||||
|
||||
Reference in New Issue
Block a user