From 0445176e7cf71bea476874f7220f3e896ad5ca07 Mon Sep 17 00:00:00 2001 From: fit2cloud-chenyw Date: Mon, 14 Feb 2022 16:50:26 +0800 Subject: [PATCH] =?UTF-8?q?refactor:=20=E5=A2=9E=E5=8A=A0=E6=95=B0?= =?UTF-8?q?=E6=8D=AE=E6=BA=90=E3=80=81=E9=83=A8=E5=88=86=E6=95=B0=E6=8D=AE?= =?UTF-8?q?=E9=9B=86api=E6=9D=83=E9=99=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../base/mapper/ext/ExtAuthMapper.xml | 6 ++--- .../io/dataease/commons/utils/AuthUtils.java | 7 ++--- .../dataset/DataSetGroupController.java | 14 ++++++++++ .../dataset/DataSetTableController.java | 26 +++++++++++++++++++ .../datasource/DatasourceController.java | 16 ++++++++++++ .../sys/SystemParameterController.java | 6 +++++ .../dataease/plugins/server/ThemeServer.java | 3 +++ .../dataease/plugins/server/XAuthServer.java | 5 ++++ .../dataease/plugins/server/XDeptServer.java | 5 ++++ .../plugins/server/XDisplayServer.java | 2 ++ .../plugins/server/XEmailTaskServer.java | 5 ++++ .../dataease/plugins/server/XLdapServer.java | 2 ++ .../dataease/plugins/server/XOidcServer.java | 2 ++ .../dataease/plugins/server/XRoleServer.java | 5 ++++ 14 files changed, 98 insertions(+), 6 deletions(-) diff --git a/backend/src/main/java/io/dataease/base/mapper/ext/ExtAuthMapper.xml b/backend/src/main/java/io/dataease/base/mapper/ext/ExtAuthMapper.xml index b0498ecded..2fb26a2579 100644 --- a/backend/src/main/java/io/dataease/base/mapper/ext/ExtAuthMapper.xml +++ b/backend/src/main/java/io/dataease/base/mapper/ext/ExtAuthMapper.xml @@ -40,7 +40,7 @@ sys_auth a LEFT JOIN sys_auth_detail d on d.auth_id = a.id WHERE - auth_source_type = 'datasource' + auth_source_type = 'link' AND auth_target_type = 'user' AND auth_target = #{userId} AND d.privilege_value = 1 @@ -80,7 +80,7 @@ sys_auth a LEFT JOIN sys_auth_detail d on d.auth_id = a.id WHERE - auth_source_type = 'datasource' + auth_source_type = 'link' AND auth_target_type = 'role' AND auth_target = #{roleId} AND d.privilege_value = 1 @@ -119,7 +119,7 @@ sys_auth a LEFT JOIN sys_auth_detail d on d.auth_id = a.id WHERE - auth_source_type = 'datasource' + auth_source_type = 'link' AND auth_target_type = 'dept' AND auth_target = #{deptId} AND d.privilege_value = 1 diff --git a/backend/src/main/java/io/dataease/commons/utils/AuthUtils.java b/backend/src/main/java/io/dataease/commons/utils/AuthUtils.java index 5fc77ab5cf..30a7f3a2df 100644 --- a/backend/src/main/java/io/dataease/commons/utils/AuthUtils.java +++ b/backend/src/main/java/io/dataease/commons/utils/AuthUtils.java @@ -4,6 +4,7 @@ import io.dataease.auth.api.dto.CurrentRoleDto; import io.dataease.auth.api.dto.CurrentUserDto; import io.dataease.auth.entity.AuthItem; import io.dataease.auth.service.ExtAuthService; +import io.dataease.commons.constants.DePermissionType; import io.dataease.commons.constants.ResourceAuthLevel; import io.dataease.commons.model.AuthURD; import org.apache.commons.lang3.StringUtils; @@ -56,7 +57,7 @@ public class AuthUtils { Long deptId = user.getDeptId(); List roles = user.getRoles(); Set result = new HashSet<>(); - if (StringUtils.equals("link", type)) { + if (StringUtils.equals(DePermissionType.DATASOURCE.name().toLowerCase(), type)) { Set userSet = extAuthService.dataSourceIdByUser(userId).stream().collect(Collectors.toSet()); Set roleSet = roles.stream().map(role -> extAuthService.dataSourceIdByRole(role.getId())).flatMap(Collection::stream).collect(Collectors.toSet()); Set deptSet = extAuthService.dataSourceIdByDept(deptId).stream().collect(Collectors.toSet()); @@ -69,7 +70,7 @@ public class AuthUtils { return result; } - else if (StringUtils.equals("dataset", type)) { + else if (StringUtils.equals(DePermissionType.DATASET.name().toLowerCase(), type)) { Set userSet = extAuthService.dataSetIdByUser(userId).stream().collect(Collectors.toSet()); Set roleSet = roles.stream().map(role -> extAuthService.dataSetIdByRole(role.getId())).flatMap(Collection::stream).collect(Collectors.toSet()); Set deptSet = extAuthService.dataSetIdByDept(deptId).stream().collect(Collectors.toSet()); @@ -81,7 +82,7 @@ public class AuthUtils { }); return result; } - else if (StringUtils.equals("panel", type)) { + else if (StringUtils.equals(DePermissionType.PANEL.name().toLowerCase(), type)) { Set userSet = extAuthService.panelIdByUser(userId).stream().collect(Collectors.toSet()); Set roleSet = roles.stream().map(role -> extAuthService.panelIdByRole(role.getId())).flatMap(Collection::stream).collect(Collectors.toSet()); Set deptSet = extAuthService.panelIdByDept(deptId).stream().collect(Collectors.toSet()); diff --git a/backend/src/main/java/io/dataease/controller/dataset/DataSetGroupController.java b/backend/src/main/java/io/dataease/controller/dataset/DataSetGroupController.java index 0a52e11796..f4cdcff78b 100644 --- a/backend/src/main/java/io/dataease/controller/dataset/DataSetGroupController.java +++ b/backend/src/main/java/io/dataease/controller/dataset/DataSetGroupController.java @@ -1,13 +1,19 @@ package io.dataease.controller.dataset; import com.github.xiaoymin.knife4j.annotations.ApiSupport; +import io.dataease.auth.annotation.DePermission; +import io.dataease.auth.annotation.DePermissions; import io.dataease.base.domain.DatasetGroup; +import io.dataease.commons.constants.DePermissionType; +import io.dataease.commons.constants.ResourceAuthLevel; import io.dataease.controller.request.dataset.DataSetGroupRequest; import io.dataease.dto.dataset.DataSetGroupDTO; import io.dataease.service.dataset.DataSetGroupService; import io.dataease.service.dataset.ExtractDataService; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; +import org.apache.shiro.authz.annotation.Logical; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.web.bind.annotation.*; import springfox.documentation.annotations.ApiIgnore; @@ -28,12 +34,18 @@ public class DataSetGroupController { @Resource private ExtractDataService extractDataService; + @RequiresPermissions("data:read") + @DePermissions(value = { + @DePermission(type = DePermissionType.DATASET, value = "id"), + @DePermission(type = DePermissionType.DATASET, value = "pid", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) + }, logical = Logical.AND) @ApiOperation("保存") @PostMapping("/save") public DataSetGroupDTO save(@RequestBody DatasetGroup datasetGroup) { return dataSetGroupService.save(datasetGroup); } + @RequiresPermissions("data:read") @ApiOperation("查询树") @PostMapping("/tree") public List tree(@RequestBody DataSetGroupRequest datasetGroup) { @@ -46,6 +58,8 @@ public class DataSetGroupController { return dataSetGroupService.treeNode(datasetGroup); } + @RequiresPermissions("data:read") + @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("删除") @PostMapping("/delete/{id}") public void tree(@PathVariable String id) throws Exception { diff --git a/backend/src/main/java/io/dataease/controller/dataset/DataSetTableController.java b/backend/src/main/java/io/dataease/controller/dataset/DataSetTableController.java index 54841a4805..1a23f7b32a 100644 --- a/backend/src/main/java/io/dataease/controller/dataset/DataSetTableController.java +++ b/backend/src/main/java/io/dataease/controller/dataset/DataSetTableController.java @@ -1,9 +1,13 @@ package io.dataease.controller.dataset; import com.github.xiaoymin.knife4j.annotations.ApiSupport; +import io.dataease.auth.annotation.DePermission; +import io.dataease.auth.annotation.DePermissions; import io.dataease.base.domain.DatasetTable; import io.dataease.base.domain.DatasetTableField; import io.dataease.base.domain.DatasetTableIncrementalConfig; +import io.dataease.commons.constants.DePermissionType; +import io.dataease.commons.constants.ResourceAuthLevel; import io.dataease.controller.request.dataset.DataSetTableRequest; import io.dataease.controller.response.DataSetDetail; import io.dataease.dto.datasource.TableFiled; @@ -11,6 +15,8 @@ import io.dataease.dto.dataset.DataSetTableDTO; import io.dataease.dto.dataset.ExcelFileData; import io.dataease.service.dataset.DataSetTableService; import io.swagger.annotations.*; +import org.apache.shiro.authz.annotation.Logical; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.web.bind.annotation.*; import org.springframework.web.multipart.MultipartFile; @@ -30,12 +36,24 @@ public class DataSetTableController { @Resource private DataSetTableService dataSetTableService; + @RequiresPermissions("data:read") + @DePermissions(value = { + @DePermission(type = DePermissionType.DATASET, value = "id"), + @DePermission(type = DePermissionType.DATASET, value = "sceneId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE), + @DePermission(type = DePermissionType.DATASOURCE, value = "dataSourceId", level = ResourceAuthLevel.DATASET_LEVEL_USE) + }, logical = Logical.AND) @ApiOperation("批量保存") @PostMapping("batchAdd") public void batchAdd(@RequestBody List datasetTable) throws Exception { dataSetTableService.batchInsert(datasetTable); } + @RequiresPermissions("data:read") + @DePermissions(value = { + @DePermission(type = DePermissionType.DATASET, value = "id", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE), + @DePermission(type = DePermissionType.DATASET, value = "sceneId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE), + @DePermission(type = DePermissionType.DATASOURCE, value = "dataSourceId", level = ResourceAuthLevel.DATASET_LEVEL_USE) + }, logical = Logical.AND) @ApiOperation("更新") @PostMapping("update") public void save(@RequestBody DataSetTableRequest datasetTable) throws Exception { @@ -46,12 +64,19 @@ public class DataSetTableController { } } + @RequiresPermissions("data:read") + @DePermissions(value = { + @DePermission(type = DePermissionType.DATASET, value = "id", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE), + @DePermission(type = DePermissionType.DATASET, value = "sceneId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE), + @DePermission(type = DePermissionType.DATASOURCE, value = "dataSourceId", level = ResourceAuthLevel.DATASET_LEVEL_USE) + }, logical = Logical.AND) @ApiOperation("修改") @PostMapping("alter") public void alter(@RequestBody DataSetTableRequest request) throws Exception { dataSetTableService.alter(request); } + @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_MANAGE) @ApiOperation("删除") @PostMapping("delete/{id}") public void delete(@ApiParam(name = "id", value = "数据集ID", required = true) @PathVariable String id) throws Exception { @@ -70,6 +95,7 @@ public class DataSetTableController { return dataSetTableService.listAndGroup(dataSetTableRequest); } + @DePermission(type = DePermissionType.DATASET, level = ResourceAuthLevel.DATASET_LEVEL_USE) @ApiOperation("详息") @PostMapping("get/{id}") public DatasetTable get(@ApiParam(name = "id", value = "数据集ID", required = true) @PathVariable String id) { diff --git a/backend/src/main/java/io/dataease/controller/datasource/DatasourceController.java b/backend/src/main/java/io/dataease/controller/datasource/DatasourceController.java index df0015db1d..240ddb768a 100644 --- a/backend/src/main/java/io/dataease/controller/datasource/DatasourceController.java +++ b/backend/src/main/java/io/dataease/controller/datasource/DatasourceController.java @@ -3,7 +3,11 @@ package io.dataease.controller.datasource; import com.github.pagehelper.Page; import com.github.pagehelper.PageHelper; import com.github.xiaoymin.knife4j.annotations.ApiSupport; +import io.dataease.auth.annotation.DePermission; +import io.dataease.auth.annotation.DePermissions; import io.dataease.base.domain.Datasource; +import io.dataease.commons.constants.DePermissionType; +import io.dataease.commons.constants.ResourceAuthLevel; import io.dataease.commons.utils.AuthUtils; import io.dataease.commons.utils.PageUtils; import io.dataease.commons.utils.Pager; @@ -15,6 +19,8 @@ import io.dataease.service.datasource.DatasourceService; import io.dataease.dto.DatasourceDTO; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; +import org.apache.shiro.authz.annotation.Logical; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.web.bind.annotation.*; import springfox.documentation.annotations.ApiIgnore; @@ -31,18 +37,24 @@ public class DatasourceController { @Resource private DatasourceService datasourceService; + @RequiresPermissions("datasource:add") + @DePermission(type = DePermissionType.DATASOURCE, value = "id") @ApiOperation("新增数据源") @PostMapping("/add") public Datasource addDatasource(@RequestBody Datasource datasource) throws Exception{ return datasourceService.addDatasource(datasource); } + @RequiresPermissions("datasource:read") + @DePermission(type = DePermissionType.DATASOURCE, value = "id") @ApiOperation("验证数据源") @PostMapping("/validate") public ResultHolder validate(@RequestBody Datasource datasource) throws Exception { return datasourceService.validate(datasource); } + @RequiresPermissions("datasource:read") + @DePermission(type = DePermissionType.DATASOURCE) @ApiOperation("验证数据源") @GetMapping("/validate/{datasourceId}") public ResultHolder validate(@PathVariable String datasourceId) { @@ -64,6 +76,7 @@ public class DatasourceController { return getDatasourceList().stream().filter(datasourceDTO -> datasourceDTO.getType().equalsIgnoreCase(type)).collect(Collectors.toList()); } + @RequiresPermissions("datasource:read") @ApiIgnore @PostMapping("/list/{goPage}/{pageSize}") public Pager> getDatasourceList(@RequestBody BaseGridRequest request, @PathVariable int goPage, @PathVariable int pageSize) throws Exception { @@ -71,12 +84,15 @@ public class DatasourceController { return PageUtils.setPageInfo(page, datasourceService.gridQuery(request)); } + @DePermission(type = DePermissionType.DATASOURCE, level = ResourceAuthLevel.LINK_LEVEL_MANAGE) @ApiOperation("删除数据源") @PostMapping("/delete/{datasourceID}") public void deleteDatasource(@PathVariable(value = "datasourceID") String datasourceID) throws Exception { datasourceService.deleteDatasource(datasourceID); } + @RequiresPermissions("datasource:add") + @DePermission(type = DePermissionType.DATASOURCE, value = "id", level = ResourceAuthLevel.LINK_LEVEL_MANAGE) @ApiOperation("更新数据源") @PostMapping("/update") public void updateDatasource(@RequestBody Datasource Datasource) { diff --git a/backend/src/main/java/io/dataease/controller/sys/SystemParameterController.java b/backend/src/main/java/io/dataease/controller/sys/SystemParameterController.java index 00adf25aa8..e3751a563c 100644 --- a/backend/src/main/java/io/dataease/controller/sys/SystemParameterController.java +++ b/backend/src/main/java/io/dataease/controller/sys/SystemParameterController.java @@ -11,6 +11,7 @@ import io.dataease.service.FileService; import io.dataease.service.system.EmailService; import io.dataease.service.system.SystemParameterService; import org.apache.commons.lang3.StringUtils; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.http.HttpHeaders; import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; @@ -39,11 +40,13 @@ public class SystemParameterController { private EmailService emailService; + @RequiresPermissions("sysparam:read") @GetMapping("/mail/info") public MailInfo mailInfo() { return emailService.mailInfo(); } + @RequiresPermissions("sysparam:read") @GetMapping("/basic/info") public BasicInfo basicInfo() { return systemParameterService.basicInfo(); @@ -55,11 +58,13 @@ public class SystemParameterController { return StringUtils.isNotBlank(basicInfo.getFrontTimeOut()) ? Integer.parseInt(basicInfo.getFrontTimeOut()) : 10; } + @RequiresPermissions("sysparam:read") @PostMapping("/edit/email") public void editMail(@RequestBody List systemParameter) { emailService.editMail(systemParameter); } + @RequiresPermissions("sysparam:read") @PostMapping("/edit/basic") public void editBasic(@RequestBody List systemParameter) { systemParameterService.editBasic(systemParameter); @@ -76,6 +81,7 @@ public class SystemParameterController { } + @RequiresPermissions("sysparam:read") @GetMapping("/base/info") public List getBaseInfo() { return systemParameterService.getSystemParameterInfo(ParamConstants.Classify.BASE.getValue()); diff --git a/backend/src/main/java/io/dataease/plugins/server/ThemeServer.java b/backend/src/main/java/io/dataease/plugins/server/ThemeServer.java index 5e1ee1769d..df49eba490 100644 --- a/backend/src/main/java/io/dataease/plugins/server/ThemeServer.java +++ b/backend/src/main/java/io/dataease/plugins/server/ThemeServer.java @@ -3,6 +3,7 @@ package io.dataease.plugins.server; import java.util.List; import org.apache.commons.lang3.ObjectUtils; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestMapping; @@ -36,6 +37,7 @@ public class ThemeServer { return themeXpackService.queryItems(themeId); } + @RequiresPermissions("sysparam:read") @PostMapping("/save") public void save(@RequestPart("request") ThemeRequest request, @RequestPart(value = "file", required = false) MultipartFile bodyFile) { @@ -55,6 +57,7 @@ public class ThemeServer { } + @RequiresPermissions("sysparam:read") @PostMapping("/delete/{themeId}") public void delete(@PathVariable("themeId") int themeId) { ThemeXpackService themeXpackService = SpringContextUtil.getBean(ThemeXpackService.class); diff --git a/backend/src/main/java/io/dataease/plugins/server/XAuthServer.java b/backend/src/main/java/io/dataease/plugins/server/XAuthServer.java index dbfce409a2..2aec82d079 100644 --- a/backend/src/main/java/io/dataease/plugins/server/XAuthServer.java +++ b/backend/src/main/java/io/dataease/plugins/server/XAuthServer.java @@ -14,6 +14,7 @@ import io.dataease.plugins.xpack.auth.dto.response.XpackSysAuthDetailDTO; import io.dataease.plugins.xpack.auth.dto.response.XpackVAuthModelDTO; import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.lang3.StringUtils; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.web.bind.annotation.*; import io.dataease.plugins.xpack.auth.service.AuthXpackService; @@ -25,6 +26,7 @@ public class XAuthServer { private static final Set cacheTypes = new HashSet<>(); + @RequiresPermissions("auth:read") @PostMapping("/authModels") @I18n public List authModels(@RequestBody XpackBaseTreeRequest request) { @@ -33,12 +35,14 @@ public class XAuthServer { return sysAuthService.searchAuthModelTree(request, user.getUserId(), user.getIsAdmin()); } + @RequiresPermissions("auth:read") @PostMapping("/authDetails") public Map> authDetails(@RequestBody XpackSysAuthRequest request) { AuthXpackService sysAuthService = SpringContextUtil.getBean(AuthXpackService.class); return sysAuthService.searchAuthDetails(request); } + @RequiresPermissions("auth:read") @GetMapping("/authDetailsModel/{authType}/{direction}") @I18n public List authDetailsModel(@PathVariable String authType, @PathVariable String direction) { @@ -54,6 +58,7 @@ public class XAuthServer { return authDetails; } + @RequiresPermissions("auth:read") @PostMapping("/authChange") public void authChange(@RequestBody XpackSysAuthRequest request) { AuthXpackService sysAuthService = SpringContextUtil.getBean(AuthXpackService.class); diff --git a/backend/src/main/java/io/dataease/plugins/server/XDeptServer.java b/backend/src/main/java/io/dataease/plugins/server/XDeptServer.java index 76dc14c8eb..0c3b911405 100644 --- a/backend/src/main/java/io/dataease/plugins/server/XDeptServer.java +++ b/backend/src/main/java/io/dataease/plugins/server/XDeptServer.java @@ -14,6 +14,7 @@ import io.dataease.plugins.xpack.dept.dto.response.XpackSysDept; import io.dataease.plugins.xpack.dept.service.DeptXpackService; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.*; import springfox.documentation.annotations.ApiIgnore; @@ -66,6 +67,7 @@ public class XDeptServer { return nodes; } + @RequiresPermissions("dept:add") @ApiOperation("创建") @PostMapping("/create") public int create(@RequestBody XpackCreateDept dept){ @@ -73,6 +75,7 @@ public class XDeptServer { return deptService.add(dept); } + @RequiresPermissions("dept:del") @ApiOperation("删除") @PostMapping("/delete") public void delete(@RequestBody List requests){ @@ -83,6 +86,7 @@ public class XDeptServer { deptService.batchDelete(requests); } + @RequiresPermissions("dept:edit") @ApiOperation("更新") @PostMapping("/update") public int update(@RequestBody XpackCreateDept dept){ @@ -91,6 +95,7 @@ public class XDeptServer { } + @RequiresPermissions("dept:del") @ApiIgnore @ApiOperation("删除") @PostMapping("/nodesByDeptId/{deptId}") diff --git a/backend/src/main/java/io/dataease/plugins/server/XDisplayServer.java b/backend/src/main/java/io/dataease/plugins/server/XDisplayServer.java index 36e26fc1bb..b689183768 100644 --- a/backend/src/main/java/io/dataease/plugins/server/XDisplayServer.java +++ b/backend/src/main/java/io/dataease/plugins/server/XDisplayServer.java @@ -4,6 +4,7 @@ package io.dataease.plugins.server; import io.dataease.plugins.config.SpringContextUtil; import io.dataease.plugins.xpack.display.dto.response.SysSettingDto; import io.dataease.plugins.xpack.display.service.DisplayXpackService; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.web.bind.annotation.*; import org.springframework.web.multipart.MultipartFile; import java.util.List; @@ -22,6 +23,7 @@ public class XDisplayServer { return disPlayXpackService.systemSettings(); } + @RequiresPermissions("sysparam:read") @PostMapping(value="/save", consumes = {"multipart/form-data"}) public void saveUIInfo(@RequestPart("request") Map> systemParameterMap, @RequestPart(value = "files", required = false) List bodyFiles) throws Exception { DisplayXpackService disPlayXpackService = SpringContextUtil.getBean(DisplayXpackService.class); diff --git a/backend/src/main/java/io/dataease/plugins/server/XEmailTaskServer.java b/backend/src/main/java/io/dataease/plugins/server/XEmailTaskServer.java index 31595ae413..317fe48079 100644 --- a/backend/src/main/java/io/dataease/plugins/server/XEmailTaskServer.java +++ b/backend/src/main/java/io/dataease/plugins/server/XEmailTaskServer.java @@ -20,6 +20,7 @@ import io.dataease.service.ScheduleService; import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang3.ObjectUtils; import org.apache.commons.lang3.StringUtils; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.*; @@ -39,6 +40,7 @@ public class XEmailTaskServer { @Resource private PriorityThreadPoolExecutor priorityExecutor; + @RequiresPermissions("task-email:read") @PostMapping("/queryTasks/{goPage}/{pageSize}") public Pager> queryTask(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody XpackGridRequest request) { @@ -71,6 +73,7 @@ public class XEmailTaskServer { return listPager; } + @RequiresPermissions("task-email:add") @PostMapping("/save") public void save(@RequestBody XpackEmailCreate param) throws Exception { XpackEmailTaskRequest request = param.fillContent(); @@ -81,6 +84,7 @@ public class XEmailTaskServer { scheduleService.addSchedule(globalTask); } + @RequiresPermissions("task-email:read") @PostMapping("/queryForm/{taskId}") public XpackEmailCreate queryForm(@PathVariable Long taskId) { EmailXpackService emailXpackService = SpringContextUtil.getBean(EmailXpackService.class); @@ -141,6 +145,7 @@ public class XEmailTaskServer { } + @RequiresPermissions("task-email:del") @PostMapping("/delete/{taskId}") public void delete(@PathVariable Long taskId) { EmailXpackService emailXpackService = SpringContextUtil.getBean(EmailXpackService.class); diff --git a/backend/src/main/java/io/dataease/plugins/server/XLdapServer.java b/backend/src/main/java/io/dataease/plugins/server/XLdapServer.java index 2a6c2c7d6a..44f77c9833 100644 --- a/backend/src/main/java/io/dataease/plugins/server/XLdapServer.java +++ b/backend/src/main/java/io/dataease/plugins/server/XLdapServer.java @@ -6,6 +6,7 @@ import io.dataease.plugins.config.SpringContextUtil; import io.dataease.plugins.xpack.display.dto.response.SysSettingDto; import io.dataease.plugins.xpack.ldap.dto.response.LdapInfo; import io.dataease.plugins.xpack.ldap.service.LdapXpackService; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.web.bind.annotation.*; import java.util.List; @@ -21,6 +22,7 @@ public class XLdapServer { return ldapXpackService.info(); } + @RequiresPermissions("sysparam:read") @PostMapping("/save") public void save(@RequestBody List settings) { LdapXpackService ldapXpackService = SpringContextUtil.getBean(LdapXpackService.class); diff --git a/backend/src/main/java/io/dataease/plugins/server/XOidcServer.java b/backend/src/main/java/io/dataease/plugins/server/XOidcServer.java index becea9e55a..bf600f0aae 100644 --- a/backend/src/main/java/io/dataease/plugins/server/XOidcServer.java +++ b/backend/src/main/java/io/dataease/plugins/server/XOidcServer.java @@ -5,6 +5,7 @@ import io.dataease.plugins.config.SpringContextUtil; import io.dataease.plugins.xpack.display.dto.response.SysSettingDto; import io.dataease.plugins.xpack.oidc.service.OidcXpackService; import org.apache.commons.lang3.StringUtils; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.web.bind.annotation.*; import java.util.HashMap; import java.util.List; @@ -21,6 +22,7 @@ public class XOidcServer { return oidcXpackService.oidcSettings(); } + @RequiresPermissions("sysparam:read") @PostMapping("/save") public void save(@RequestBody List settings) { OidcXpackService oidcXpackService = SpringContextUtil.getBean(OidcXpackService.class); diff --git a/backend/src/main/java/io/dataease/plugins/server/XRoleServer.java b/backend/src/main/java/io/dataease/plugins/server/XRoleServer.java index e3ba4da452..200a00155f 100644 --- a/backend/src/main/java/io/dataease/plugins/server/XRoleServer.java +++ b/backend/src/main/java/io/dataease/plugins/server/XRoleServer.java @@ -13,6 +13,7 @@ import io.dataease.plugins.xpack.role.dto.response.XpackRoleItemDto; import io.dataease.plugins.xpack.role.service.RoleXpackService; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; +import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.*; import springfox.documentation.annotations.ApiIgnore; @@ -26,6 +27,7 @@ public class XRoleServer { @Autowired private ExtAuthService extAuthService; + @RequiresPermissions("role:add") @ApiOperation("新增角色") @PostMapping("/create") public void create(@RequestBody XpackRoleDto role){ @@ -34,6 +36,7 @@ public class XRoleServer { } + @RequiresPermissions("role:del") @ApiOperation("删除角色") @PostMapping("/delete/{roleId}") public void delete(@PathVariable("roleId") Long roleId){ @@ -43,6 +46,7 @@ public class XRoleServer { } + @RequiresPermissions("role:edit") @ApiOperation("更新角色") @PostMapping("/update") public void update(@RequestBody XpackRoleDto role){ @@ -50,6 +54,7 @@ public class XRoleServer { roleXpackService.update(role); } + @RequiresPermissions("role:read") @ApiOperation("分页查询") @PostMapping("/roleGrid/{goPage}/{pageSize}") public Pager> roleGrid(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody XpackGridRequest request) {