From a10cd6db85ba4661255409e550662599defb92fa Mon Sep 17 00:00:00 2001 From: weiweiw <14335254+weiweiw22@user.noreply.gitee.com> Date: Wed, 25 Sep 2024 14:25:46 +0800 Subject: [PATCH] =?UTF-8?q?=E5=AE=8C=E5=96=84=E5=86=85=E9=83=A8=E6=8E=A5?= =?UTF-8?q?=E5=8F=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../RequiresPermissionsOrInnerAuth.java | 16 +++++ .../security/aspect/InnerAuthAspect.java | 17 +---- .../aspect/PermisssionOrInnerAuthAspect.java | 68 +++++++++++++++++++ .../bonus/common/security/auth/AuthUtil.java | 23 +++++++ .../controller/SysConfigController.java | 22 ++---- .../system/controller/SysDeptController.java | 14 ++-- .../controller/SysDictDataController.java | 12 ++-- .../controller/SysDictTypeController.java | 12 ++-- .../system/controller/SysMenuController.java | 12 ++-- .../controller/SysNoticeController.java | 12 ++-- .../system/controller/SysPostController.java | 12 ++-- .../system/controller/SysRoleController.java | 26 +++---- .../system/controller/SysUserController.java | 23 ++++--- 13 files changed, 185 insertions(+), 84 deletions(-) create mode 100644 bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/annotation/RequiresPermissionsOrInnerAuth.java create mode 100644 bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/aspect/PermisssionOrInnerAuthAspect.java diff --git a/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/annotation/RequiresPermissionsOrInnerAuth.java b/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/annotation/RequiresPermissionsOrInnerAuth.java new file mode 100644 index 0000000..20b42cd --- /dev/null +++ b/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/annotation/RequiresPermissionsOrInnerAuth.java @@ -0,0 +1,16 @@ +package com.bonus.common.security.annotation; + +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +/** + * @author wangvivi + */ +@Target(ElementType.METHOD) +@Retention(RetentionPolicy.RUNTIME) +public @interface RequiresPermissionsOrInnerAuth { + InnerAuth innerAuth() default @InnerAuth(); + RequiresPermissions requiresPermissions() default @RequiresPermissions(); +} diff --git a/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/aspect/InnerAuthAspect.java b/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/aspect/InnerAuthAspect.java index c059622..122a965 100644 --- a/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/aspect/InnerAuthAspect.java +++ b/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/aspect/InnerAuthAspect.java @@ -1,5 +1,6 @@ package com.bonus.common.security.aspect; +import com.bonus.common.security.auth.AuthUtil; import org.aspectj.lang.ProceedingJoinPoint; import org.aspectj.lang.annotation.Around; import org.aspectj.lang.annotation.Aspect; @@ -23,21 +24,7 @@ public class InnerAuthAspect implements Ordered @Around("@annotation(innerAuth)") public Object innerAround(ProceedingJoinPoint point, InnerAuth innerAuth) throws Throwable { - String source = ServletUtils.getRequest().getHeader(SecurityConstants.FROM_SOURCE); - // 内部请求验证 - if (!StringUtils.equals(SecurityConstants.INNER, source)) - { - throw new InnerAuthException("没有内部访问权限,不允许访问"); - } - - String userid = ServletUtils.getRequest().getHeader(SecurityConstants.DETAILS_USER_ID); - String username = ServletUtils.getRequest().getHeader(SecurityConstants.DETAILS_USERNAME); - // 用户信息验证 - boolean bResult = StringUtils.isEmpty(userid) || StringUtils.isEmpty(username); - if (innerAuth.isUser() && bResult) - { - throw new InnerAuthException("没有设置用户信息,不允许访问 "); - } + AuthUtil.checkInnerAuth(innerAuth); return point.proceed(); } diff --git a/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/aspect/PermisssionOrInnerAuthAspect.java b/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/aspect/PermisssionOrInnerAuthAspect.java new file mode 100644 index 0000000..4b69365 --- /dev/null +++ b/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/aspect/PermisssionOrInnerAuthAspect.java @@ -0,0 +1,68 @@ +package com.bonus.common.security.aspect; + +import com.alibaba.nacos.plugin.auth.constant.Constants; +import com.bonus.common.core.constant.SecurityConstants; +import com.bonus.common.core.exception.InnerAuthException; +import com.bonus.common.core.utils.ServletUtils; +import com.bonus.common.core.utils.StringUtils; +import com.bonus.common.security.annotation.*; +import com.bonus.common.security.auth.AuthUtil; +import lombok.extern.slf4j.Slf4j; +import org.aspectj.lang.ProceedingJoinPoint; +import org.aspectj.lang.annotation.Around; +import org.aspectj.lang.annotation.Aspect; +import org.aspectj.lang.reflect.MethodSignature; +import org.springframework.core.Ordered; +import org.springframework.stereotype.Component; + +import java.lang.reflect.Method; + +/** + * 内部服务调用验证处理 + * + * @author bonus + */ +@Aspect +@Component +@Slf4j +public class PermisssionOrInnerAuthAspect +{ + @Around("@annotation(RequiresPermissionsOrInnerAuth)") + public Object innerAround(ProceedingJoinPoint point, RequiresPermissionsOrInnerAuth permissionsOrInnerAuth) throws Throwable + { + MethodSignature signature = (MethodSignature) point.getSignature(); + RequiresPermissionsOrInnerAuth auth = signature.getMethod().getAnnotation(RequiresPermissionsOrInnerAuth.class); + + // 获取内部认证注解 + InnerAuth innerAuth = auth.innerAuth(); + // 获取权限注解 + RequiresPermissions requiresPermissions = auth.requiresPermissions(); + + // 检查内部认证 + if (isInnerAuthPassed(innerAuth)) { + return point.proceed(); + } + + // 检查权限 + if (isPermissionsPassed(requiresPermissions,point)) { + return point.proceed(); + } + + throw new RuntimeException("认证或权限校验失败"); + } + + private boolean isInnerAuthPassed(InnerAuth innerAuth) { + try { + AuthUtil.checkInnerAuth(innerAuth); + } catch (InnerAuthException e){ + log.error("内部认证失败:{}",e.getMessage()); + return false; + } + return true; + } + + private boolean isPermissionsPassed(RequiresPermissions requiresPermissions,ProceedingJoinPoint point) { + AuthUtil.checkPermi(requiresPermissions,point); + return true; + } +} diff --git a/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/auth/AuthUtil.java b/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/auth/AuthUtil.java index 5d7c9bc..79d20c9 100644 --- a/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/auth/AuthUtil.java +++ b/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/auth/AuthUtil.java @@ -1,5 +1,10 @@ package com.bonus.common.security.auth; +import com.bonus.common.core.constant.SecurityConstants; +import com.bonus.common.core.exception.InnerAuthException; +import com.bonus.common.core.utils.ServletUtils; +import com.bonus.common.core.utils.StringUtils; +import com.bonus.common.security.annotation.InnerAuth; import com.bonus.common.security.annotation.RequiresPermissions; import com.bonus.common.security.annotation.RequiresRoles; import com.bonus.system.api.model.LoginUser; @@ -165,4 +170,22 @@ public class AuthUtil { authLogic.checkPermiOr(permissions); } + + public static void checkInnerAuth(InnerAuth innerAuth) throws InnerAuthException { + String source = ServletUtils.getRequest().getHeader(SecurityConstants.FROM_SOURCE); + // 内部请求验证 + if (!StringUtils.equals(SecurityConstants.INNER, source)) + { + throw new InnerAuthException("没有内部访问权限,不允许访问"); + } + + String userid = ServletUtils.getRequest().getHeader(SecurityConstants.DETAILS_USER_ID); + String username = ServletUtils.getRequest().getHeader(SecurityConstants.DETAILS_USERNAME); + // 用户信息验证 + boolean bResult = StringUtils.isEmpty(userid) || StringUtils.isEmpty(username); + if (innerAuth.isUser() && bResult) + { + throw new InnerAuthException("没有设置用户信息,不允许访问 "); + } + } } diff --git a/bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysConfigController.java b/bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysConfigController.java index 42fb733..a79e13d 100644 --- a/bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysConfigController.java +++ b/bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysConfigController.java @@ -6,6 +6,8 @@ import javax.servlet.http.HttpServletResponse; import com.bonus.common.log.annotation.SysLog; import com.bonus.common.log.enums.OperaType; +import com.bonus.common.security.annotation.InnerAuth; +import com.bonus.common.security.annotation.RequiresPermissionsOrInnerAuth; import com.bonus.system.api.domain.SysConfig; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; @@ -43,16 +45,9 @@ public class SysConfigController extends BaseController { * 获取参数配置列表 */ - -// @ApiOperation("获取参数配置列表") - @RequiresPermissions("system:config:list") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:config:list")) @GetMapping("/list") @SysLog(title = "参数配置", businessType = OperaType.QUERY,logType = 0,module = "系统管理->参数配置") -// @ApiResponses(value = { -// @ApiResponse(code = 200, message = "成功", response = TableDataInfo.class), -// @ApiResponse(code = 400, message = "无效的ID"), -// @ApiResponse(code = 404, message = "未找到用户") -// }) public TableDataInfo list(SysConfig config) { try{ startPage(); @@ -105,10 +100,7 @@ public class SysConfigController extends BaseController { } } - /** - * 新增参数配置 - */ - @RequiresPermissions("system:config:add") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:config:add")) @SysLog(title = "参数配置", businessType = OperaType.INSERT,logType = 0,module = "系统管理->参数配置") @PostMapping public AjaxResult add(@Validated @RequestBody SysConfig config) { @@ -127,7 +119,7 @@ public class SysConfigController extends BaseController { /** * 修改参数配置 */ - @RequiresPermissions("system:config:edit") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:config:edit")) @PutMapping @SysLog(title = "参数配置", businessType = OperaType.UPDATE,logType = 0,module = "系统管理->参数配置") public AjaxResult edit(@Validated @RequestBody SysConfig config) { @@ -146,7 +138,7 @@ public class SysConfigController extends BaseController { /** * 删除参数配置 */ - @RequiresPermissions("system:config:remove") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:config:remove")) @SysLog(title = "参数配置", businessType = OperaType.DELETE,logType = 0,module = "系统管理->参数配置") @DeleteMapping("/{configIds}") public AjaxResult remove(@PathVariable Long[] configIds) { @@ -162,7 +154,7 @@ public class SysConfigController extends BaseController { /** * 刷新参数缓存 */ - @RequiresPermissions("system:config:remove") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:config:remove")) @DeleteMapping("/refreshCache") @SysLog(title = "参数配置", businessType = OperaType.FLASH,logType = 0,module = "系统管理->参数配置",details = "刷新参数缓存") public AjaxResult refreshCache() { diff --git a/bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysDeptController.java b/bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysDeptController.java index fcac7a4..e334187 100644 --- a/bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysDeptController.java +++ b/bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysDeptController.java @@ -4,6 +4,8 @@ import java.util.List; import com.bonus.common.log.annotation.SysLog; import com.bonus.common.log.enums.OperaType; +import com.bonus.common.security.annotation.InnerAuth; +import com.bonus.common.security.annotation.RequiresPermissionsOrInnerAuth; import com.bonus.common.security.annotation.RequiresRoles; import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.ArrayUtils; @@ -43,7 +45,7 @@ public class SysDeptController extends BaseController * 获取部门列表 * 根据部门id或上级部门id或部门名或状态(正常或停用)获取部门信息 */ - @RequiresPermissions("system:dept:list") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:dept:list")) @GetMapping("/list") @SysLog(title = "部门管理", businessType = OperaType.QUERY,logType = 0,module = "系统管理->部门管理") public AjaxResult list(SysDept dept) { @@ -59,7 +61,7 @@ public class SysDeptController extends BaseController /** * 查询部门列表(排除节点) */ - @RequiresPermissions("system:dept:list") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:dept:list")) @GetMapping("/list/exclude/{deptId}") public AjaxResult excludeChild(@PathVariable(value = "deptId", required = false) Long deptId) { try{ @@ -75,7 +77,7 @@ public class SysDeptController extends BaseController /** * 根据部门编号获取详细信息 */ - @RequiresPermissions("system:dept:query") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:dept:query")) @GetMapping(value = "/{deptId}") public AjaxResult getInfo(@PathVariable Long deptId) { try{ @@ -90,7 +92,7 @@ public class SysDeptController extends BaseController /** * 新增部门 */ - @RequiresPermissions("system:dept:add") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:dept:add")) @SysLog(title = "部门管理", businessType = OperaType.INSERT,logType = 0,module = "系统管理->部门管理") @PostMapping public AjaxResult add(@Validated @RequestBody SysDept dept) { @@ -109,7 +111,7 @@ public class SysDeptController extends BaseController /** * 修改部门 */ - @RequiresPermissions("system:dept:edit") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:dept:edit")) @PutMapping @SysLog(title = "部门管理", businessType = OperaType.UPDATE,logType = 0,module = "系统管理->部门管理") public AjaxResult edit(@Validated @RequestBody SysDept dept) { @@ -135,7 +137,7 @@ public class SysDeptController extends BaseController * 删除部门 */ @RequiresRoles("admin") - @RequiresPermissions("system:dept:remove") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:dept:remove")) @DeleteMapping("/{deptId}") @SysLog(title = "部门管理", businessType = OperaType.DELETE,logType = 0,module = "系统管理->部门管理") public AjaxResult remove(@PathVariable Long deptId) { diff --git a/bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysDictDataController.java b/bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysDictDataController.java index 60fd318..5fac135 100644 --- a/bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysDictDataController.java +++ b/bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysDictDataController.java @@ -6,6 +6,8 @@ import javax.servlet.http.HttpServletResponse; import com.bonus.common.log.annotation.SysLog; import com.bonus.common.log.enums.OperaType; +import com.bonus.common.security.annotation.InnerAuth; +import com.bonus.common.security.annotation.RequiresPermissionsOrInnerAuth; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.validation.annotation.Validated; @@ -44,7 +46,7 @@ public class SysDictDataController extends BaseController @Autowired private ISysDictTypeService dictTypeService; - @RequiresPermissions("system:dict:list") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:dict:list")) @GetMapping("/list") @SysLog(title = "字典管理", businessType = OperaType.QUERY,logType = 0,module = "系统管理->字典管理") public TableDataInfo list(SysDictData dictData) { @@ -74,7 +76,7 @@ public class SysDictDataController extends BaseController /** * 查询字典数据详细 */ - @RequiresPermissions("system:dict:query") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:dict:query")) @GetMapping(value = "/{dictCode}") public AjaxResult getInfo(@PathVariable Long dictCode) { try{ @@ -106,7 +108,7 @@ public class SysDictDataController extends BaseController /** * 新增字典数据 */ - @RequiresPermissions("system:dict:add") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:dict:add")) @SysLog(title = "字典管理", businessType = OperaType.INSERT,logType = 0,module = "系统管理->字典管理") @PostMapping public AjaxResult add(@Validated @RequestBody SysDictData dict) { @@ -123,7 +125,7 @@ public class SysDictDataController extends BaseController /** * 修改保存字典数据 */ - @RequiresPermissions("system:dict:edit") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:dict:edit")) @PutMapping @SysLog(title = "字典管理", businessType = OperaType.UPDATE,logType = 0,module = "系统管理->字典管理") public AjaxResult edit(@Validated @RequestBody SysDictData dict) { @@ -140,7 +142,7 @@ public class SysDictDataController extends BaseController /** * 删除字典数据 */ - @RequiresPermissions("system:dict:remove") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:dict:remove")) @DeleteMapping("/{dictCodes}") @SysLog(title = "字典管理", businessType = OperaType.DELETE,logType = 0,module = "系统管理->字典管理") public AjaxResult remove(@PathVariable Long[] dictCodes) { diff --git a/bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysDictTypeController.java b/bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysDictTypeController.java index c693749..54a99e0 100644 --- a/bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysDictTypeController.java +++ b/bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysDictTypeController.java @@ -6,6 +6,8 @@ import javax.servlet.http.HttpServletResponse; import com.bonus.common.log.annotation.SysLog; import com.bonus.common.log.enums.OperaType; +import com.bonus.common.security.annotation.InnerAuth; +import com.bonus.common.security.annotation.RequiresPermissionsOrInnerAuth; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.validation.annotation.Validated; @@ -39,7 +41,7 @@ public class SysDictTypeController extends BaseController @Autowired private ISysDictTypeService dictTypeService; - @RequiresPermissions("system:dict:list") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:dict:list")) @GetMapping("/list") @SysLog(title = "字典管理", businessType = OperaType.QUERY,logType = 0,module = "系统管理->字典管理") public TableDataInfo list(SysDictType dictType) { @@ -69,7 +71,7 @@ public class SysDictTypeController extends BaseController /** * 查询字典类型详细 */ - @RequiresPermissions("system:dict:query") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:dict:query")) @GetMapping(value = "/{dictId}") public AjaxResult getInfo(@PathVariable Long dictId) { try{ @@ -83,7 +85,7 @@ public class SysDictTypeController extends BaseController /** * 新增字典类型 */ - @RequiresPermissions("system:dict:add") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:dict:add")) @PostMapping @SysLog(title = "字典管理", businessType = OperaType.INSERT,logType = 0,module = "系统管理->字典管理") public AjaxResult add(@Validated @RequestBody SysDictType dict) { @@ -102,7 +104,7 @@ public class SysDictTypeController extends BaseController /** * 修改字典类型 */ - @RequiresPermissions("system:dict:edit") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:dict:edit")) @PutMapping @SysLog(title = "字典管理", businessType = OperaType.UPDATE,logType = 0,module = "系统管理->字典管理") public AjaxResult edit(@Validated @RequestBody SysDictType dict) { @@ -122,7 +124,7 @@ public class SysDictTypeController extends BaseController /** * 删除字典类型 */ - @RequiresPermissions("system:dict:remove") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:dict:remove")) @DeleteMapping("/{dictIds}") @SysLog(title = "字典管理", businessType = OperaType.DELETE,logType = 0,module = "系统管理->字典管理") public AjaxResult remove(@PathVariable Long[] dictIds) { diff --git a/bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysMenuController.java b/bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysMenuController.java index 0ea7e53..6e52247 100644 --- a/bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysMenuController.java +++ b/bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysMenuController.java @@ -4,6 +4,8 @@ import java.util.List; import com.bonus.common.log.annotation.SysLog; import com.bonus.common.log.enums.OperaType; +import com.bonus.common.security.annotation.InnerAuth; +import com.bonus.common.security.annotation.RequiresPermissionsOrInnerAuth; import com.bonus.system.api.domain.SysMenu; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; @@ -40,7 +42,7 @@ public class SysMenuController extends BaseController /** * 获取当前用户的菜单列表 */ - @RequiresPermissions("system:menu:list") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:menu:list")) @GetMapping("/list") @SysLog(title = "菜单管理", businessType = OperaType.QUERY,logType = 0,module = "系统管理->菜单管理") public AjaxResult list(SysMenu menu) { @@ -57,7 +59,7 @@ public class SysMenuController extends BaseController /** * 根据菜单编号获取详细信息 */ - @RequiresPermissions("system:menu:query") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:menu:query")) @GetMapping(value = "/{menuId}") public AjaxResult getInfo(@PathVariable Long menuId) { try{ @@ -109,7 +111,7 @@ public class SysMenuController extends BaseController /** * 新增菜单 */ - @RequiresPermissions("system:menu:add") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:menu:add")) @PostMapping @SysLog(title = "菜单管理", businessType = OperaType.INSERT,logType = 0,module = "系统管理->菜单管理") public AjaxResult add(@Validated @RequestBody SysMenu menu) { @@ -130,7 +132,7 @@ public class SysMenuController extends BaseController /** * 修改菜单 */ - @RequiresPermissions("system:menu:edit") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:menu:edit")) @PutMapping @SysLog(title = "菜单管理", businessType = OperaType.UPDATE,logType = 0,module = "系统管理->菜单管理") public AjaxResult edit(@Validated @RequestBody SysMenu menu) { @@ -153,7 +155,7 @@ public class SysMenuController extends BaseController /** * 删除菜单 */ - @RequiresPermissions("system:menu:remove") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:menu:remove")) @DeleteMapping("/{menuId}") @SysLog(title = "菜单管理", businessType = OperaType.DELETE,logType = 0,module = "系统管理->菜单管理") public AjaxResult remove(@PathVariable("menuId") Long menuId) { diff --git a/bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysNoticeController.java b/bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysNoticeController.java index 880fcbb..fc920c2 100644 --- a/bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysNoticeController.java +++ b/bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysNoticeController.java @@ -5,6 +5,8 @@ import java.util.List; import com.bonus.common.log.annotation.SysLog; import com.bonus.common.log.enums.OperaType; +import com.bonus.common.security.annotation.InnerAuth; +import com.bonus.common.security.annotation.RequiresPermissionsOrInnerAuth; import com.bonus.system.api.domain.SysNotice; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; @@ -40,7 +42,7 @@ public class SysNoticeController extends BaseController /** * 获取通知公告列表 */ - @RequiresPermissions("system:notice:list") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:notice:list")) @GetMapping("/list") @SysLog(title = "通知公告", businessType = OperaType.QUERY,logType = 0,module = "系统管理->通知公告") public TableDataInfo list(SysNotice notice) { @@ -57,7 +59,7 @@ public class SysNoticeController extends BaseController /** * 根据通知公告编号获取详细信息 */ - @RequiresPermissions("system:notice:query") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:notice:query")) @GetMapping(value = "/{noticeId}") public AjaxResult getInfo(@PathVariable Long noticeId) { try{ @@ -72,7 +74,7 @@ public class SysNoticeController extends BaseController /** * 新增通知公告 */ - @RequiresPermissions("system:notice:add") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:notice:add")) @PostMapping @SysLog(title = "通知公告", businessType = OperaType.INSERT,logType = 0,module = "系统管理->通知公告") public AjaxResult add(@Validated @RequestBody SysNotice notice) { @@ -90,7 +92,7 @@ public class SysNoticeController extends BaseController /** * 修改通知公告 */ - @RequiresPermissions("system:notice:edit") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:notice:edit")) @PutMapping @SysLog(title = "通知公告", businessType = OperaType.UPDATE,logType = 0,module = "系统管理->通知公告") public AjaxResult edit(@Validated @RequestBody SysNotice notice) { @@ -107,7 +109,7 @@ public class SysNoticeController extends BaseController /** * 删除通知公告 */ - @RequiresPermissions("system:notice:remove") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:notice:remove")) @DeleteMapping("/{noticeIds}") @SysLog(title = "通知公告", businessType = OperaType.DELETE,logType = 0,module = "系统管理->通知公告") public AjaxResult remove(@PathVariable Long[] noticeIds) { diff --git a/bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysPostController.java b/bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysPostController.java index adcf690..8ba4ecf 100644 --- a/bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysPostController.java +++ b/bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysPostController.java @@ -6,6 +6,8 @@ import javax.servlet.http.HttpServletResponse; import com.bonus.common.log.annotation.SysLog; import com.bonus.common.log.enums.OperaType; +import com.bonus.common.security.annotation.InnerAuth; +import com.bonus.common.security.annotation.RequiresPermissionsOrInnerAuth; import com.bonus.system.api.domain.SysPost; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; @@ -41,7 +43,7 @@ public class SysPostController extends BaseController { /** * 获取岗位列表 */ - @RequiresPermissions("system:post:list") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:post:list")) @GetMapping("/list") @SysLog(title = "岗位管理", businessType = OperaType.QUERY, logType = 0, module = "系统管理->岗位管理") public TableDataInfo list(SysPost post) { @@ -71,7 +73,7 @@ public class SysPostController extends BaseController { /** * 根据岗位编号获取详细信息 */ - @RequiresPermissions("system:post:query") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:post:query")) @GetMapping(value = "/{postId}") public AjaxResult getInfo(@PathVariable Long postId) { try { @@ -85,7 +87,7 @@ public class SysPostController extends BaseController { /** * 新增岗位 */ - @RequiresPermissions("system:post:add") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:post:add")) @PostMapping @SysLog(title = "岗位管理", businessType = OperaType.INSERT, logType = 0, module = "系统管理->岗位管理", details = "新增岗位") public AjaxResult add(@Validated @RequestBody SysPost post) { @@ -106,7 +108,7 @@ public class SysPostController extends BaseController { /** * 修改岗位 */ - @RequiresPermissions("system:post:edit") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:post:edit")) @PutMapping @SysLog(title = "岗位管理", businessType = OperaType.UPDATE, logType = 0, module = "系统管理->岗位管理") public AjaxResult edit(@Validated @RequestBody SysPost post) { @@ -127,7 +129,7 @@ public class SysPostController extends BaseController { /** * 删除岗位 */ - @RequiresPermissions("system:post:remove") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:post:remove")) @DeleteMapping("/{postIds}") @SysLog(title = "岗位管理", businessType = OperaType.DELETE, logType = 0, module = "系统管理->岗位管理") public AjaxResult remove(@PathVariable Long[] postIds) { diff --git a/bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysRoleController.java b/bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysRoleController.java index 24b89b0..376b872 100644 --- a/bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysRoleController.java +++ b/bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysRoleController.java @@ -6,6 +6,8 @@ import javax.servlet.http.HttpServletResponse; import com.bonus.common.log.annotation.SysLog; import com.bonus.common.log.enums.OperaType; +import com.bonus.common.security.annotation.InnerAuth; +import com.bonus.common.security.annotation.RequiresPermissionsOrInnerAuth; import com.bonus.system.api.domain.SysUserRole; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.validation.annotation.Validated; @@ -48,7 +50,7 @@ public class SysRoleController extends BaseController @Autowired private ISysDeptService deptService; - @RequiresPermissions("system:role:list") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:role:list")) @GetMapping("/list") @SysLog(title = "角色管理", businessType = OperaType.QUERY,logType = 0,module = "系统管理->角色管理",details = "查询角色列表") public TableDataInfo list(SysRole role) { @@ -80,7 +82,7 @@ public class SysRoleController extends BaseController /** * 根据角色编号获取详细信息 */ - @RequiresPermissions("system:role:query") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:role:query")) @GetMapping(value = "/{roleId}") public AjaxResult getInfo(@PathVariable Long roleId) { try{ @@ -95,7 +97,7 @@ public class SysRoleController extends BaseController /** * 新增角色 */ - @RequiresPermissions("system:role:add") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:role:add")) @PostMapping @SysLog(title = "角色管理", businessType = OperaType.INSERT,logType = 0,module = "系统管理->角色管理",details = "新增角色") public AjaxResult add(@Validated @RequestBody SysRole role) { @@ -116,7 +118,7 @@ public class SysRoleController extends BaseController /** * 修改保存角色 */ - @RequiresPermissions("system:role:edit") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:role:edit")) @PutMapping @SysLog(title = "角色管理", businessType = OperaType.UPDATE,logType = 0,module = "系统管理->角色管理",details = "修改角色") public AjaxResult edit(@Validated @RequestBody SysRole role) { @@ -140,7 +142,7 @@ public class SysRoleController extends BaseController /** * 修改保存数据权限 */ - @RequiresPermissions("system:role:edit") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:role:edit")) @PutMapping("/dataScope") @SysLog(title = "角色管理", businessType = OperaType.UPDATE,logType = 0,module = "系统管理->角色管理",details = "修改权限") public AjaxResult dataScope(@RequestBody SysRole role) { @@ -157,7 +159,7 @@ public class SysRoleController extends BaseController /** * 状态修改 */ - @RequiresPermissions("system:role:edit") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:role:edit")) @PutMapping("/changeStatus") @SysLog(title = "角色管理", businessType = OperaType.UPDATE,logType = 0,module = "系统管理->角色管理",details = "修改角色状态") public AjaxResult changeStatus(@RequestBody SysRole role) { @@ -177,7 +179,7 @@ public class SysRoleController extends BaseController /** * 删除角色 */ - @RequiresPermissions("system:role:remove") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:role:remove")) @DeleteMapping("/{roleIds}") @SysLog(title = "角色管理", businessType = OperaType.DELETE,logType = 0,module = "系统管理->角色管理",details = "删除角色信息") public AjaxResult remove(@PathVariable Long[] roleIds) { @@ -195,7 +197,7 @@ public class SysRoleController extends BaseController /** * 获取角色选择框列表 */ - @RequiresPermissions("system:role:query") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:role:query")) @GetMapping("/optionselect") public AjaxResult optionselect() { try{ @@ -226,7 +228,7 @@ public class SysRoleController extends BaseController /** * 查询未分配用户角色列表 */ - @RequiresPermissions("system:role:list") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:role:list")) @GetMapping("/authUser/unallocatedList") @SysLog(title = "角色管理", businessType = OperaType.QUERY,logType = 0,module = "系统管理->角色管理->分配用户",details = "查询预分配用户列表") public TableDataInfo unallocatedList(SysUser user) { @@ -259,7 +261,7 @@ public class SysRoleController extends BaseController /** * 批量取消授权用户 */ - @RequiresPermissions("system:role:edit") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:role:edit")) @PutMapping("/authUser/cancelAll") @SysLog(title = "角色管理", businessType = OperaType.GRANT,logType = 0,module = "系统管理->角色管理->分配用户",details = "取消授权用户") public AjaxResult cancelAuthUserAll(Long roleId, Long[] userIds) { @@ -275,7 +277,7 @@ public class SysRoleController extends BaseController /** * 批量选择用户授权 */ - @RequiresPermissions("system:role:edit") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:role:edit")) @PutMapping("/authUser/selectAll") @SysLog(title = "角色管理", businessType = OperaType.GRANT,logType = 0,module = "系统管理->角色管理->分配用户",details = "授权用户") public AjaxResult selectAuthUserAll(Long roleId, Long[] userIds) { @@ -291,7 +293,7 @@ public class SysRoleController extends BaseController /** * 获取对应角色部门树列表 */ - @RequiresPermissions("system:role:query") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:role:query")) @GetMapping(value = "/deptTree/{roleId}") public AjaxResult deptTree(@PathVariable("roleId") Long roleId) { try{ diff --git a/bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysUserController.java b/bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysUserController.java index 34c74f4..f649d9d 100644 --- a/bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysUserController.java +++ b/bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysUserController.java @@ -10,6 +10,7 @@ import com.bonus.common.log.annotation.SysLog; import com.bonus.common.log.enums.OperaType; import com.bonus.common.security.annotation.InnerAuth; import com.bonus.common.security.annotation.RequiresPermissions; +import com.bonus.common.security.annotation.RequiresPermissionsOrInnerAuth; import com.bonus.common.security.utils.SecurityUtils; import com.bonus.system.api.domain.SysDept; import com.bonus.system.api.domain.SysRole; @@ -63,7 +64,7 @@ public class SysUserController extends BaseController { /** * 获取用户列表 */ - @RequiresPermissions("system:user:list") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:user:list")) @GetMapping("/list") @SysLog(title = "用户管理", businessType = OperaType.QUERY, logType = 0, module = "系统管理->用户管理", details = "查询用户列表") public TableDataInfo list(SysUser user) { @@ -185,7 +186,7 @@ public class SysUserController extends BaseController { /** * 根据用户编号获取详细信息 */ - @RequiresPermissions("system:user:query") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:user:query")) @GetMapping(value = {"/", "/{userId}"}) public AjaxResult getInfo(@PathVariable(value = "userId", required = false) Long userId) { try { @@ -210,7 +211,7 @@ public class SysUserController extends BaseController { /** * 新增用户 */ - @RequiresPermissions("system:user:add") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:user:add")) @PostMapping @SysLog(title = "用户管理", businessType = OperaType.INSERT, logType = 0, module = "系统管理->用户管理", details = "新增用户信息") public AjaxResult add(@Validated @RequestBody SysUser user) { @@ -245,7 +246,7 @@ public class SysUserController extends BaseController { /** * 修改用户 */ - @RequiresPermissions("system:user:edit") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:user:edit")) @PutMapping @SysLog(title = "用户管理", businessType = OperaType.UPDATE, logType = 0, module = "系统管理->用户管理", details = "修改用户信息") public AjaxResult edit(@Validated @RequestBody SysUser user) { @@ -272,7 +273,7 @@ public class SysUserController extends BaseController { /** * 删除用户 */ - @RequiresPermissions("system:user:remove") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:user:remove")) @DeleteMapping("/{userIds}") @SysLog(title = "用户管理", businessType = OperaType.DELETE, logType = 0, module = "系统管理->用户管理", details = "删除用户信息") public AjaxResult remove(@PathVariable("userIds") Long[] userIds) { @@ -290,7 +291,7 @@ public class SysUserController extends BaseController { /** * 重置密码 */ - @RequiresPermissions("system:user:edit") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:user:edit")) @PutMapping("/resetPwd") @SysLog(title = "用户管理", businessType = OperaType.UPDATE, logType = 0, module = "系统管理->用户管理", details = "重置用户密码") public AjaxResult resetPwd(@RequestBody SysUser user) { @@ -320,7 +321,7 @@ public class SysUserController extends BaseController { /** * 状态修改 */ - @RequiresPermissions("system:user:edit") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:user:edit")) @PutMapping("/changeStatus") @SysLog(title = "用户管理", businessType = OperaType.UPDATE, logType = 0, module = "系统管理->用户管理", details = "修改用户状态") public AjaxResult changeStatus(@RequestBody SysUser user) { @@ -338,7 +339,7 @@ public class SysUserController extends BaseController { /** * 根据用户编号获取授权角色 */ - @RequiresPermissions("system:user:query") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:user:query")) @GetMapping("/authRole/{userId}") public AjaxResult authRole(@PathVariable("userId") Long userId) { try { @@ -357,7 +358,7 @@ public class SysUserController extends BaseController { /** * 用户授权角色 */ - @RequiresPermissions("system:user:edit") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:user:edit")) @PutMapping("/authRole") @SysLog(title = "用户管理", businessType = OperaType.GRANT, logType = 0, module = "系统管理->用户管理", details = "用户授权角色") public AjaxResult insertAuthRole(Long userId, Long[] roleIds) { @@ -375,7 +376,7 @@ public class SysUserController extends BaseController { /** * 获取部门树列表 */ - @RequiresPermissions("system:user:list") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:user:list")) @GetMapping("/deptTree") public AjaxResult deptTree(SysDept dept) { try { @@ -389,7 +390,7 @@ public class SysUserController extends BaseController { /** * 修改用户审批状态 */ - @RequiresPermissions("system:user:approval") + @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:user:approval")) @PostMapping("/approvalStatus") public AjaxResult approvalStatus(@RequestBody SysUser user) { try {