Merge remote-tracking branch 'origin/master'

sgzb-api/sgzb-api-system/src/main/java/com/bonus/sgzb/base/api/domain/SysDic.java

@@ -57,6 +57,11 @@ public class SysDic extends BaseEntity {
      */
     private String level;
 
+    /**
+     * o/null: 默认,需要鉴权, 1: 跳过鉴权
+     */
+    private Integer skipPermission;
+
     /**
      * 状态
      */
@@ -159,6 +164,14 @@ public class SysDic extends BaseEntity {
         return creator;
     }
 
+    public Integer getSkipPermission() {
+        return skipPermission;
+    }
+
+    public void setSkipPermission(Integer skipPermission) {
+        this.skipPermission = skipPermission;
+    }
+
     @Override
     public String toString() {
         return new ToStringBuilder(this, ToStringStyle.MULTI_LINE_STYLE)

sgzb-common/sgzb-common-security/src/main/java/com/bonus/sgzb/common/security/aspect/PreAuthorizeAspect.java

@@ -1,7 +1,12 @@
 package com.bonus.sgzb.common.security.aspect;
 
 import java.lang.reflect.Method;
+import java.util.Objects;
 
+import cn.hutool.json.JSONArray;
+import cn.hutool.json.JSONObject;
+import cn.hutool.json.JSONUtil;
+import com.alibaba.fastjson2.JSON;
 import com.bonus.sgzb.common.security.auth.AuthUtil;
 import com.bonus.sgzb.common.security.annotation.RequiresRoles;
 import org.aspectj.lang.ProceedingJoinPoint;
@@ -54,9 +59,25 @@ public class PreAuthorizeAspect
     @Around("pointcut()")
     public Object around(ProceedingJoinPoint joinPoint) throws Throwable
     {
+        //获取请求参数
+        boolean needPermission = true;
+        Object[] args = joinPoint.getArgs();
+        String argStr = JSON.toJSONString(args);
+        JSONArray jsonArray = JSONUtil.parseArray(argStr);
+        for (int i = 0; i < jsonArray.size(); i++) {
+            Object obj = jsonArray.getObj(i);
+            if (Objects.nonNull(obj) && obj instanceof JSONObject) {
+                JSONObject jsonObject = (JSONObject) obj;
+                if ("1".equals(jsonObject.getStr("skipPermission"))) {
+                    needPermission = false;
+                }
+            }
+        }
+
         // 注解鉴权
         MethodSignature signature = (MethodSignature) joinPoint.getSignature();
-        checkMethodAnnotation(signature.getMethod());
+        checkMethodAnnotation(signature.getMethod(), needPermission);
+
         try
         {
             // 执行原有逻辑
@@ -72,7 +93,7 @@ public class PreAuthorizeAspect
     /**
      * 对一个Method对象进行注解检查
      */
-    public void checkMethodAnnotation(Method method)
+    public void checkMethodAnnotation(Method method, boolean needPermission)
     {
         // 校验 @RequiresLogin 注解
         RequiresLogin requiresLogin = method.getAnnotation(RequiresLogin.class);
@@ -89,10 +110,11 @@ public class PreAuthorizeAspect
         }
 
         // 校验 @RequiresPermissions 注解
+        if (needPermission) {
             RequiresPermissions requiresPermissions = method.getAnnotation(RequiresPermissions.class);
-        if (requiresPermissions != null)
+            if (requiresPermissions != null) {
-        {
                 AuthUtil.checkPermi(requiresPermissions);
             }
         }
+    }
 }

sgzb-modules/sgzb-system/src/main/java/com/bonus/sgzb/system/controller/BmStorageLogController.java

@@ -5,6 +5,7 @@ import com.bonus.sgzb.common.core.web.domain.AjaxResult;
 import com.bonus.sgzb.common.core.web.page.TableDataInfo;
 import com.bonus.sgzb.common.security.annotation.InnerAuth;
 import com.bonus.sgzb.base.api.domain.BmStorageLog;
+import com.bonus.sgzb.common.security.annotation.RequiresPermissions;
 import com.bonus.sgzb.system.service.impl.BmStorageLogService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
@@ -26,6 +27,7 @@ public class BmStorageLogController extends BaseController {
     @Autowired
     private BmStorageLogService bmStorageLogService;
 
+    @RequiresPermissions("stock:log:list")
     @GetMapping("/list")
     public TableDataInfo list(BmStorageLog record) {
         startPage();