diff --git a/src/main/java/com/youlai/system/common/constant/SystemConstants.java b/src/main/java/com/youlai/system/common/constant/SystemConstants.java index d6e823d2..e3a19d0e 100644 --- a/src/main/java/com/youlai/system/common/constant/SystemConstants.java +++ b/src/main/java/com/youlai/system/common/constant/SystemConstants.java @@ -4,14 +4,14 @@ package com.youlai.system.common.constant; * 系统常量 * * @author haoxr - * @date 2022/10/22 + * @since 2022/10/22 */ public interface SystemConstants { /** * 根节点ID */ - Long ROOT_NODE_ID = 0l; + Long ROOT_NODE_ID = 0L; /** diff --git a/src/main/java/com/youlai/system/controller/SysDeptController.java b/src/main/java/com/youlai/system/controller/SysDeptController.java index 0aa31443..7ceee0a7 100644 --- a/src/main/java/com/youlai/system/controller/SysDeptController.java +++ b/src/main/java/com/youlai/system/controller/SysDeptController.java @@ -1,5 +1,6 @@ package com.youlai.system.controller; +import com.youlai.system.framework.resubmit.Resubmit; import com.youlai.system.pojo.vo.Option; import com.youlai.system.common.result.Result; import com.youlai.system.pojo.form.DeptForm; @@ -12,6 +13,7 @@ import io.swagger.v3.oas.annotations.tags.Tag; import io.swagger.v3.oas.annotations.Operation; import lombok.RequiredArgsConstructor; import org.springdoc.core.annotations.ParameterObject; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.*; import jakarta.validation.Valid; @@ -21,7 +23,7 @@ import java.util.List; * 部门控制器 * * @author haoxr - * @date 2020/11/6 + * @since 2020/11/6 */ @Tag(name = "05.部门接口") @RestController @@ -56,6 +58,8 @@ public class SysDeptController { @Operation(summary = "新增部门", security = {@SecurityRequirement(name = "Authorization")}) @PostMapping + @PreAuthorize("@ss.hasPerm('sys:dept:add')") + @Resubmit public Result saveDept( @Valid @RequestBody DeptForm formData ) { @@ -65,6 +69,7 @@ public class SysDeptController { @Operation(summary = "修改部门", security = {@SecurityRequirement(name = "Authorization")}) @PutMapping(value = "/{deptId}") + @PreAuthorize("@ss.hasPerm('sys:dept:edit')") public Result updateDept( @PathVariable Long deptId, @Valid @RequestBody DeptForm formData @@ -75,6 +80,7 @@ public class SysDeptController { @Operation(summary = "删除部门", security = {@SecurityRequirement(name = "Authorization")}) @DeleteMapping("/{ids}") + @PreAuthorize("@ss.hasPerm('sys:dept:delete')") public Result deleteDepartments( @Parameter(description ="部门ID,多个以英文逗号(,)分割") @PathVariable("ids") String ids ) { diff --git a/src/main/java/com/youlai/system/controller/SysMenuController.java b/src/main/java/com/youlai/system/controller/SysMenuController.java index 0581140c..c463c7e1 100644 --- a/src/main/java/com/youlai/system/controller/SysMenuController.java +++ b/src/main/java/com/youlai/system/controller/SysMenuController.java @@ -1,24 +1,24 @@ package com.youlai.system.controller; -import com.youlai.system.pojo.form.MenuForm; -import com.youlai.system.pojo.vo.Option; import com.youlai.system.common.result.Result; -import com.youlai.system.pojo.entity.SysMenu; +import com.youlai.system.framework.resubmit.Resubmit; +import com.youlai.system.pojo.form.MenuForm; import com.youlai.system.pojo.query.MenuQuery; import com.youlai.system.pojo.vo.MenuVO; +import com.youlai.system.pojo.vo.Option; import com.youlai.system.pojo.vo.RouteVO; import com.youlai.system.service.SysMenuService; +import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.security.SecurityRequirement; import io.swagger.v3.oas.annotations.tags.Tag; -import io.swagger.v3.oas.annotations.Operation; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import org.springdoc.core.annotations.ParameterObject; import org.springframework.cache.annotation.CacheEvict; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.*; -import java.util.Arrays; import java.util.List; /** @@ -68,6 +68,8 @@ public class SysMenuController { @Operation(summary = "新增菜单",security = {@SecurityRequirement(name = "Authorization")}) @PostMapping + @PreAuthorize("@ss.hasPerm('sys:menu:add')") + @Resubmit @CacheEvict(cacheNames = "system", key = "'routes'") public Result addMenu(@RequestBody MenuForm menuForm) { boolean result = menuService.saveMenu(menuForm); @@ -76,6 +78,7 @@ public class SysMenuController { @Operation(summary = "修改菜单",security = {@SecurityRequirement(name = "Authorization")}) @PutMapping(value = "/{id}") + @PreAuthorize("@ss.hasPerm('sys:menu:edit')") @CacheEvict(cacheNames = "system", key = "'routes'") public Result updateMenu( @RequestBody MenuForm menuForm @@ -86,6 +89,7 @@ public class SysMenuController { @Operation(summary = "删除菜单",security = {@SecurityRequirement(name = "Authorization")}) @DeleteMapping("/{id}") + @PreAuthorize("@ss.hasPerm('sys:menu:delete')") @CacheEvict(cacheNames = "system", key = "'routes'") public Result deleteMenu( @Parameter(description ="菜单ID,多个以英文(,)分割") @PathVariable("id") Long id diff --git a/src/main/java/com/youlai/system/controller/SysRoleController.java b/src/main/java/com/youlai/system/controller/SysRoleController.java index f79a492c..748112f3 100644 --- a/src/main/java/com/youlai/system/controller/SysRoleController.java +++ b/src/main/java/com/youlai/system/controller/SysRoleController.java @@ -1,6 +1,7 @@ package com.youlai.system.controller; import com.baomidou.mybatisplus.extension.plugins.pagination.Page; +import com.youlai.system.framework.resubmit.Resubmit; import com.youlai.system.pojo.vo.Option; import com.youlai.system.common.result.PageResult; import com.youlai.system.common.result.Result; @@ -14,6 +15,7 @@ import io.swagger.v3.oas.annotations.tags.Tag; import io.swagger.v3.oas.annotations.Operation; import lombok.RequiredArgsConstructor; import org.springdoc.core.annotations.ParameterObject; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.*; import jakarta.validation.Valid; @@ -45,6 +47,8 @@ public class SysRoleController { @Operation(summary = "新增角色",security = {@SecurityRequirement(name = "Authorization")}) @PostMapping + @PreAuthorize("@ss.hasPerm('sys:role:add')") + @Resubmit public Result addRole(@Valid @RequestBody RoleForm roleForm) { boolean result = roleService.saveRole(roleForm); return Result.judge(result); @@ -61,6 +65,7 @@ public class SysRoleController { @Operation(summary = "修改角色",security = {@SecurityRequirement(name = "Authorization")}) @PutMapping(value = "/{id}") + @PreAuthorize("@ss.hasPerm('sys:role:edit')") public Result updateRole(@Valid @RequestBody RoleForm roleForm) { boolean result = roleService.saveRole(roleForm); return Result.judge(result); @@ -68,6 +73,7 @@ public class SysRoleController { @Operation(summary = "删除角色",security = {@SecurityRequirement(name = "Authorization")}) @DeleteMapping("/{ids}") + @PreAuthorize("@ss.hasPerm('sys:role:delete')") public Result deleteRoles( @Parameter(description ="删除角色,多个以英文逗号(,)分割") @PathVariable String ids ) { diff --git a/src/main/java/com/youlai/system/controller/SysUserController.java b/src/main/java/com/youlai/system/controller/SysUserController.java index 603d76c6..4e819209 100644 --- a/src/main/java/com/youlai/system/controller/SysUserController.java +++ b/src/main/java/com/youlai/system/controller/SysUserController.java @@ -104,6 +104,7 @@ public class SysUserController { @Operation(summary = "修改用户密码", security = {@SecurityRequirement(name = "Authorization")}) @PatchMapping(value = "/{userId}/password") + @PreAuthorize("@ss.hasPerm('sys:user:reset_pwd')") public Result updatePassword( @Parameter(description = "用户ID") @PathVariable Long userId, @RequestParam String password diff --git a/src/main/java/com/youlai/system/service/impl/SysUserServiceImpl.java b/src/main/java/com/youlai/system/service/impl/SysUserServiceImpl.java index 7fdc2d0e..5bbbde93 100644 --- a/src/main/java/com/youlai/system/service/impl/SysUserServiceImpl.java +++ b/src/main/java/com/youlai/system/service/impl/SysUserServiceImpl.java @@ -2,13 +2,13 @@ package com.youlai.system.service.impl; import cn.hutool.core.collection.CollectionUtil; import cn.hutool.core.lang.Assert; -import cn.hutool.core.util.RandomUtil; import cn.hutool.core.util.StrUtil; import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; import com.baomidou.mybatisplus.core.conditions.update.LambdaUpdateWrapper; import com.baomidou.mybatisplus.core.metadata.IPage; import com.baomidou.mybatisplus.extension.plugins.pagination.Page; import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl; +import com.youlai.system.common.constant.SecurityConstants; import com.youlai.system.common.constant.SystemConstants; import com.youlai.system.converter.UserConverter; import com.youlai.system.framework.security.util.SecurityUtils; @@ -17,7 +17,6 @@ import com.youlai.system.pojo.bo.UserAuthInfo; import com.youlai.system.pojo.bo.UserBO; import com.youlai.system.pojo.bo.UserFormBO; import com.youlai.system.pojo.entity.SysUser; -import com.youlai.system.pojo.form.RoleForm; import com.youlai.system.pojo.form.UserForm; import com.youlai.system.pojo.query.UserPageQuery; import com.youlai.system.pojo.vo.UserExportVO; @@ -182,24 +181,21 @@ public class SysUserServiceImpl extends ServiceImpl impl * * @param userId 用户ID * @param password 用户密码 - * @return + * @return true|false */ @Override public boolean updatePassword(Long userId, String password) { - String encryptedPassword = passwordEncoder.encode(password); - boolean result = this.update(new LambdaUpdateWrapper() + return this.update(new LambdaUpdateWrapper() .eq(SysUser::getId, userId) - .set(SysUser::getPassword, encryptedPassword) + .set(SysUser::getPassword, passwordEncoder.encode(password)) ); - - return result; } /** * 根据用户名获取认证信息 * - * @param username - * @return + * @param username 用户名 + * @return 用户认证信息 {@link UserAuthInfo} */ @Override public UserAuthInfo getUserAuthInfo(String username) { @@ -255,7 +251,7 @@ public class SysUserServiceImpl extends ServiceImpl impl userInfoVO.setRoles(roles); // 用户权限集合 - Set perms = (Set) redisTemplate.opsForValue().get("USER_PERMS:" + user.getId()); + Set perms = (Set) redisTemplate.opsForValue().get(SecurityConstants.USER_PERMS_CACHE_PREFIX+ user.getId()); userInfoVO.setPerms(perms); return userInfoVO;