Add permission control

src/main/kotlin/top/fatweb/api/controller/permission/UserController.kt

@@ -3,6 +3,7 @@ package top.fatweb.api.controller.permission
 import io.swagger.v3.oas.annotations.Operation
 import io.swagger.v3.oas.annotations.tags.Tag
 import jakarta.validation.Valid
+import org.springframework.security.access.prepost.PreAuthorize
 import org.springframework.web.bind.annotation.*
 import top.fatweb.api.entity.common.ResponseCode
 import top.fatweb.api.entity.common.ResponseResult
@@ -34,16 +35,9 @@ class UserController(
         } ?: let { return ResponseResult.databaseFail() }
     }
 
-    @Operation(summary = "获取用户")
-    @GetMapping
-    fun get(@Valid userGetParam: UserGetParam?): ResponseResult<PageVo<UserWithRoleInfoVo>> {
-        return ResponseResult.databaseSuccess(
-            data = userService.getPage(userGetParam)
-        )
-    }
-
     @Operation(summary = "获取单个用户")
     @GetMapping("/{id}")
+    @PreAuthorize("hasAnyAuthority('system:user:query:one')")
     fun getOne(@PathVariable id: Long): ResponseResult<UserWithRoleInfoVo> {
         return userService.getOne(id)?.let {
             ResponseResult.databaseSuccess(data = it)
@@ -52,8 +46,18 @@ class UserController(
         }
     }
 
+    @Operation(summary = "获取用户")
+    @GetMapping
+    @PreAuthorize("hasAnyAuthority('system:user:query:all')")
+    fun get(@Valid userGetParam: UserGetParam?): ResponseResult<PageVo<UserWithRoleInfoVo>> {
+        return ResponseResult.databaseSuccess(
+            data = userService.getPage(userGetParam)
+        )
+    }
+
     @Operation(summary = "添加用户")
     @PostMapping
+    @PreAuthorize("hasAnyAuthority('system:user:add:one')")
     fun add(@Valid @RequestBody userAddParam: UserAddParam): ResponseResult<UserWithPasswordRoleInfoVo> {
         return userService.add(userAddParam)?.let {
             ResponseResult.databaseSuccess(
@@ -64,6 +68,7 @@ class UserController(
 
     @Operation(summary = "修改用户")
     @PutMapping
+    @PreAuthorize("hasAnyAuthority('system:user:modify:one')")
     fun update(@Valid @RequestBody userUpdateParam: UserUpdateParam): ResponseResult<UserWithRoleInfoVo> {
         return userService.update(userUpdateParam)?.let {
             ResponseResult.databaseSuccess(
@@ -74,6 +79,7 @@ class UserController(
 
     @Operation(summary = "修改密码")
     @PatchMapping
+    @PreAuthorize("hasAnyAuthority('system:user:modify:password')")
     fun changePassword(@Valid @RequestBody userChangePasswordParam: UserChangePasswordParam): ResponseResult<Nothing> {
         userService.changePassword(userChangePasswordParam)
         return ResponseResult.databaseSuccess(ResponseCode.DATABASE_UPDATE_SUCCESS)
@@ -81,6 +87,7 @@ class UserController(
 
     @Operation(summary = "删除用户")
     @DeleteMapping("/{id}")
+    @PreAuthorize("hasAnyAuthority('system:user:delete:one')")
     fun delete(@PathVariable id: Long): ResponseResult<Nothing> {
         userService.deleteOne(id)
         return ResponseResult.databaseSuccess(ResponseCode.DATABASE_DELETE_SUCCESS)
@@ -88,6 +95,7 @@ class UserController(
 
     @Operation(summary = "批量删除用户")
     @DeleteMapping
+    @PreAuthorize("hasAnyAuthority('system:user:delete:multiple')")
     fun deleteList(@Valid @RequestBody userDeleteParam: UserDeleteParam): ResponseResult<Nothing> {
         userService.delete(userDeleteParam)
         return ResponseResult.databaseSuccess(ResponseCode.DATABASE_DELETE_SUCCESS)