From 201ef04546721d2c1172ae54dcef3e64640aa9c6 Mon Sep 17 00:00:00 2001 From: zwzw1219 Date: Sun, 15 Oct 2017 18:54:13 +0800 Subject: [PATCH] 1 --- .../server/controller/MailController.java | 30 ++++++------ .../server/controller/NoticeController.java | 34 ++++++-------- .../controller/PermissionController.java | 30 ++++++------ .../server/controller/RoleController.java | 10 ++-- .../server/controller/SysLogsController.java | 15 +++--- .../server/controller/UserController.java | 46 ++++++++----------- 6 files changed, 73 insertions(+), 92 deletions(-) diff --git a/src/main/java/com/boot/security/server/controller/MailController.java b/src/main/java/com/boot/security/server/controller/MailController.java index 03b93f6..3f9c6a0 100644 --- a/src/main/java/com/boot/security/server/controller/MailController.java +++ b/src/main/java/com/boot/security/server/controller/MailController.java @@ -5,8 +5,8 @@ import java.util.List; import java.util.stream.Collectors; import org.apache.commons.lang3.StringUtils; -import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.PostMapping; @@ -14,16 +14,16 @@ import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; -import com.zw.admin.server.annotation.LogAnnotation; -import com.zw.admin.server.dao.MailDao; -import com.zw.admin.server.model.Mail; -import com.zw.admin.server.model.MailTo; -import com.zw.admin.server.page.table.PageTableRequest; -import com.zw.admin.server.page.table.PageTableHandler; -import com.zw.admin.server.page.table.PageTableResponse; -import com.zw.admin.server.page.table.PageTableHandler.CountHandler; -import com.zw.admin.server.page.table.PageTableHandler.ListHandler; -import com.zw.admin.server.service.MailService; +import com.boot.security.server.annotation.LogAnnotation; +import com.boot.security.server.dao.MailDao; +import com.boot.security.server.model.Mail; +import com.boot.security.server.model.MailTo; +import com.boot.security.server.page.table.PageTableHandler; +import com.boot.security.server.page.table.PageTableHandler.CountHandler; +import com.boot.security.server.page.table.PageTableHandler.ListHandler; +import com.boot.security.server.page.table.PageTableRequest; +import com.boot.security.server.page.table.PageTableResponse; +import com.boot.security.server.service.MailService; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; @@ -41,7 +41,7 @@ public class MailController { @LogAnnotation @PostMapping @ApiOperation(value = "保存邮件") - @RequiresPermissions("mail:send") + @PreAuthorize("hasAuthority('mail:send')") public Mail save(@RequestBody Mail mail) { String toUsers = mail.getToUsers().trim(); if (StringUtils.isBlank(toUsers)) { @@ -61,21 +61,21 @@ public class MailController { @GetMapping("/{id}") @ApiOperation(value = "根据id获取邮件") - @RequiresPermissions("mail:all:query") + @PreAuthorize("hasAuthority('mail:all:query')") public Mail get(@PathVariable Long id) { return mailDao.getById(id); } @GetMapping("/{id}/to") @ApiOperation(value = "根据id获取邮件发送详情") - @RequiresPermissions("mail:all:query") + @PreAuthorize("hasAuthority('mail:all:query')") public List getMailTo(@PathVariable Long id) { return mailDao.getToUsers(id); } @GetMapping @ApiOperation(value = "邮件列表") - @RequiresPermissions("mail:all:query") + @PreAuthorize("hasAuthority('mail:all:query')") public PageTableResponse list(PageTableRequest request) { return PageTableHandler. builder().countHandler(new CountHandler() { diff --git a/src/main/java/com/boot/security/server/controller/NoticeController.java b/src/main/java/com/boot/security/server/controller/NoticeController.java index cf81090..72ba44d 100644 --- a/src/main/java/com/boot/security/server/controller/NoticeController.java +++ b/src/main/java/com/boot/security/server/controller/NoticeController.java @@ -2,8 +2,8 @@ package com.boot.security.server.controller; import java.util.List; -import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.DeleteMapping; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; @@ -13,19 +13,15 @@ import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; -import com.zw.admin.server.annotation.LogAnnotation; -import com.zw.admin.server.dao.NoticeDao; -import com.zw.admin.server.dto.NoticeReadVO; -import com.zw.admin.server.dto.NoticeVO; -import com.zw.admin.server.model.Notice; -import com.zw.admin.server.model.Notice.Status; -import com.zw.admin.server.model.User; -import com.zw.admin.server.page.table.PageTableHandler; -import com.zw.admin.server.page.table.PageTableHandler.CountHandler; -import com.zw.admin.server.page.table.PageTableHandler.ListHandler; -import com.zw.admin.server.page.table.PageTableRequest; -import com.zw.admin.server.page.table.PageTableResponse; -import com.zw.admin.server.utils.UserUtil; +import com.boot.security.server.annotation.LogAnnotation; +import com.boot.security.server.dao.NoticeDao; +import com.boot.security.server.dto.NoticeReadVO; +import com.boot.security.server.dto.NoticeVO; +import com.boot.security.server.model.Notice; +import com.boot.security.server.model.Notice.Status; +import com.boot.security.server.page.table.PageTableHandler; +import com.boot.security.server.page.table.PageTableRequest; +import com.boot.security.server.page.table.PageTableResponse; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; @@ -41,7 +37,7 @@ public class NoticeController { @LogAnnotation @PostMapping @ApiOperation(value = "保存公告") - @RequiresPermissions("notice:add") + @PreAuthorize("hasAuthority('notice:add')") public Notice saveNotice(@RequestBody Notice notice) { noticeDao.save(notice); @@ -50,7 +46,7 @@ public class NoticeController { @GetMapping("/{id}") @ApiOperation(value = "根据id获取公告") - @RequiresPermissions("notice:query") + @PreAuthorize("hasAuthority('notice:query')") public Notice get(@PathVariable Long id) { return noticeDao.getById(id); } @@ -76,7 +72,7 @@ public class NoticeController { @LogAnnotation @PutMapping @ApiOperation(value = "修改公告") - @RequiresPermissions("notice:add") + @PreAuthorize("hasAuthority('notice:add')") public Notice updateNotice(@RequestBody Notice notice) { Notice no = noticeDao.getById(notice.getId()); if (no.getStatus() == Status.PUBLISH) { @@ -89,7 +85,7 @@ public class NoticeController { @GetMapping @ApiOperation(value = "公告管理列表") - @RequiresPermissions("notice:query") + @PreAuthorize("hasAuthority('notice:query')") public PageTableResponse listNotice(PageTableRequest request) { return PageTableHandler. builder().countHandler(new CountHandler() { @@ -109,7 +105,7 @@ public class NoticeController { @LogAnnotation @DeleteMapping("/{id}") @ApiOperation(value = "删除公告") - @RequiresPermissions(value = { "notice:del" }) + @PreAuthorize("hasAuthority('notice:del')") public void delete(@PathVariable Long id) { noticeDao.delete(id); } diff --git a/src/main/java/com/boot/security/server/controller/PermissionController.java b/src/main/java/com/boot/security/server/controller/PermissionController.java index 0b4d6ad..ddf119d 100644 --- a/src/main/java/com/boot/security/server/controller/PermissionController.java +++ b/src/main/java/com/boot/security/server/controller/PermissionController.java @@ -5,10 +5,8 @@ import java.util.List; import java.util.Set; import java.util.stream.Collectors; -import org.apache.commons.collections.CollectionUtils; -import org.apache.shiro.authz.annotation.Logical; -import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.util.StringUtils; import org.springframework.web.bind.annotation.DeleteMapping; import org.springframework.web.bind.annotation.GetMapping; @@ -21,13 +19,11 @@ import org.springframework.web.bind.annotation.RestController; import com.alibaba.fastjson.JSONArray; import com.alibaba.fastjson.JSONObject; +import com.boot.security.server.annotation.LogAnnotation; +import com.boot.security.server.dao.PermissionDao; +import com.boot.security.server.model.Permission; +import com.boot.security.server.service.PermissionService; import com.google.common.collect.Lists; -import com.zw.admin.server.annotation.LogAnnotation; -import com.zw.admin.server.dao.PermissionDao; -import com.zw.admin.server.model.Permission; -import com.zw.admin.server.model.User; -import com.zw.admin.server.service.PermissionService; -import com.zw.admin.server.utils.UserUtil; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; @@ -93,7 +89,7 @@ public class PermissionController { @GetMapping @ApiOperation(value = "菜单列表") - @RequiresPermissions("sys:menu:query") + @PreAuthorize("hasAuthority('sys:menu:query')") public List permissionsList() { List permissionsAll = permissionDao.listAll(); @@ -105,7 +101,7 @@ public class PermissionController { @GetMapping("/all") @ApiOperation(value = "所有菜单") - @RequiresPermissions("sys:menu:query") + @PreAuthorize("hasAuthority('sys:menu:query')") public JSONArray permissionsAll() { List permissionsAll = permissionDao.listAll(); JSONArray array = new JSONArray(); @@ -116,7 +112,7 @@ public class PermissionController { @GetMapping("/parents") @ApiOperation(value = "一级菜单") - @RequiresPermissions("sys:menu:query") + @PreAuthorize("hasAuthority('sys:menu:query')") public List parentMenu() { List parents = permissionDao.listParents(); @@ -148,7 +144,7 @@ public class PermissionController { @GetMapping(params = "roleId") @ApiOperation(value = "根据角色id删除权限") - @RequiresPermissions(value = { "sys:menu:query", "sys:role:query" }, logical = Logical.OR) + @PreAuthorize("hasAnyAuthority('sys:menu:query','sys:role:query')") public List listByRoleId(Long roleId) { return permissionDao.listByRoleId(roleId); } @@ -156,14 +152,14 @@ public class PermissionController { @LogAnnotation @PostMapping @ApiOperation(value = "保存菜单") - @RequiresPermissions("sys:menu:add") + @PreAuthorize("hasAuthority('sys:menu:add')") public void save(@RequestBody Permission permission) { permissionDao.save(permission); } @GetMapping("/{id}") @ApiOperation(value = "根据菜单id获取菜单") - @RequiresPermissions("sys:menu:query") + @PreAuthorize("hasAuthority('sys:menu:query')") public Permission get(@PathVariable Long id) { return permissionDao.getById(id); } @@ -171,7 +167,7 @@ public class PermissionController { @LogAnnotation @PutMapping @ApiOperation(value = "修改菜单") - @RequiresPermissions("sys:menu:add") + @PreAuthorize("hasAuthority('sys:menu:add')") public void update(@RequestBody Permission permission) { permissionDao.update(permission); } @@ -196,7 +192,7 @@ public class PermissionController { @LogAnnotation @DeleteMapping("/{id}") @ApiOperation(value = "删除菜单") - @RequiresPermissions(value = { "sys:menu:del" }) + @PreAuthorize("hasAuthority('sys:menu:del')") public void delete(@PathVariable Long id) { permissionService.delete(id); } diff --git a/src/main/java/com/boot/security/server/controller/RoleController.java b/src/main/java/com/boot/security/server/controller/RoleController.java index e508cc5..2c18f5d 100644 --- a/src/main/java/com/boot/security/server/controller/RoleController.java +++ b/src/main/java/com/boot/security/server/controller/RoleController.java @@ -46,14 +46,14 @@ public class RoleController { @LogAnnotation @PostMapping @ApiOperation(value = "保存角色") - @RequiresPermissions("sys:role:add") + @PreAuthorize("hasAuthority('sys:role:add')") public void saveRole(@RequestBody RoleDto roleDto) { roleService.saveRole(roleDto); } @GetMapping @ApiOperation(value = "角色列表") - @RequiresPermissions("sys:role:query") + @PreAuthorize("hasAuthority('sys:role:query')") public PageTableResponse listRoles(PageTableRequest request) { return PageTableHandler. builder().countHandler(new CountHandler() { @@ -73,7 +73,7 @@ public class RoleController { @GetMapping("/{id}") @ApiOperation(value = "根据id获取角色") - @RequiresPermissions("sys:role:query") + @PreAuthorize("hasAuthority('sys:role:query')") public Role get(@PathVariable Long id) { return roleDao.getById(id); } @@ -87,7 +87,7 @@ public class RoleController { @GetMapping(params = "userId") @ApiOperation(value = "根据用户id获取拥有的角色") - @RequiresPermissions(value = { "sys:user:query", "sys:role:query" }, logical = Logical.OR) + @PreAuthorize("hasAnyAuthority('sys:user:query','sys:role:query')") public List roles(Long userId) { return roleDao.listByUserId(userId); } @@ -95,7 +95,7 @@ public class RoleController { @LogAnnotation @DeleteMapping("/{id}") @ApiOperation(value = "删除角色") - @RequiresPermissions(value = { "sys:role:del" }) + @PreAuthorize("hasAuthority('sys:role:del')") public void delete(@PathVariable Long id) { roleService.deleteRole(id); } diff --git a/src/main/java/com/boot/security/server/controller/SysLogsController.java b/src/main/java/com/boot/security/server/controller/SysLogsController.java index 41003c1..4588e80 100644 --- a/src/main/java/com/boot/security/server/controller/SysLogsController.java +++ b/src/main/java/com/boot/security/server/controller/SysLogsController.java @@ -2,19 +2,18 @@ package com.boot.security.server.controller; import java.util.List; -import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; -import com.zw.admin.server.dao.SysLogsDao; -import com.zw.admin.server.model.SysLogs; -import com.zw.admin.server.page.table.PageTableRequest; -import com.zw.admin.server.page.table.PageTableHandler; -import com.zw.admin.server.page.table.PageTableResponse; -import com.zw.admin.server.page.table.PageTableHandler.CountHandler; -import com.zw.admin.server.page.table.PageTableHandler.ListHandler; +import com.boot.security.server.dao.SysLogsDao; +import com.boot.security.server.model.SysLogs; +import com.boot.security.server.page.table.PageTableHandler; +import com.boot.security.server.page.table.PageTableHandler.CountHandler; +import com.boot.security.server.page.table.PageTableHandler.ListHandler; +import com.boot.security.server.page.table.PageTableRequest; +import com.boot.security.server.page.table.PageTableResponse; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; diff --git a/src/main/java/com/boot/security/server/controller/UserController.java b/src/main/java/com/boot/security/server/controller/UserController.java index bbfba7e..131b298 100644 --- a/src/main/java/com/boot/security/server/controller/UserController.java +++ b/src/main/java/com/boot/security/server/controller/UserController.java @@ -2,9 +2,9 @@ package com.boot.security.server.controller; import java.util.List; -import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.beans.BeanUtils; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.PostMapping; @@ -13,17 +13,7 @@ import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; -import com.zw.admin.server.annotation.LogAnnotation; -import com.zw.admin.server.dao.UserDao; -import com.zw.admin.server.dto.UserDto; -import com.zw.admin.server.model.User; -import com.zw.admin.server.page.table.PageTableRequest; -import com.zw.admin.server.page.table.PageTableHandler; -import com.zw.admin.server.page.table.PageTableResponse; -import com.zw.admin.server.page.table.PageTableHandler.CountHandler; -import com.zw.admin.server.page.table.PageTableHandler.ListHandler; -import com.zw.admin.server.service.UserService; -import com.zw.admin.server.utils.UserUtil; +import com.boot.security.server.model.SysUser; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; @@ -49,9 +39,9 @@ public class UserController { @LogAnnotation @PostMapping @ApiOperation(value = "保存用户") - @RequiresPermissions("sys:user:add") - public User saveUser(@RequestBody UserDto userDto) { - User u = userService.getUser(userDto.getUsername()); + @PreAuthorize("hasAuthority('sys:user:add')") + public SysUser saveUser(@RequestBody UserDto userDto) { + SysUser u = userService.getUser(userDto.getUsername()); if (u != null) { throw new IllegalArgumentException(userDto.getUsername() + "已存在"); } @@ -62,8 +52,8 @@ public class UserController { @LogAnnotation @PutMapping @ApiOperation(value = "修改用户") - @RequiresPermissions("sys:user:add") - public User updateUser(@RequestBody UserDto userDto) { + @PreAuthorize("hasAuthority('sys:user:add')") + public SysUser updateUser(@RequestBody UserDto userDto) { return userService.updateUser(userDto); } @@ -71,7 +61,7 @@ public class UserController { @PutMapping(params = "headImgUrl") @ApiOperation(value = "修改头像") public void updateHeadImgUrl(String headImgUrl) { - User user = UserUtil.getCurrentUser(); + SysUser user = UserUtil.getCurrentUser(); UserDto userDto = new UserDto(); BeanUtils.copyProperties(user, userDto); userDto.setHeadImgUrl(headImgUrl); @@ -83,26 +73,26 @@ public class UserController { @LogAnnotation @PutMapping("/{username}") @ApiOperation(value = "修改密码") - @RequiresPermissions("sys:user:password") + @PreAuthorize("hasAuthority('sys:user:password')") public void changePassword(@PathVariable String username, String oldPassword, String newPassword) { userService.changePassword(username, oldPassword, newPassword); } @GetMapping @ApiOperation(value = "用户列表") - @RequiresPermissions("sys:user:query") - public PageTableResponse listUsers(PageTableRequest request) { - return PageTableHandler. builder().countHandler(new CountHandler() { + @PreAuthorize("hasAuthority('sys:user:query')") + public PageTableResponse listUsers(PageTableRequest request) { + return PageTableHandler. builder().countHandler(new CountHandler() { @Override public int count(PageTableRequest request) { return userDao.count(request.getParams()); } - }).listHandler(new ListHandler() { + }).listHandler(new ListHandler() { @Override - public List list(PageTableRequest request) { - List list = userDao.list(request.getParams(), request.getOffset(), request.getLimit()); + public List list(PageTableRequest request) { + List list = userDao.list(request.getParams(), request.getOffset(), request.getLimit()); return list; } }).build().handle(request); @@ -110,14 +100,14 @@ public class UserController { @ApiOperation(value = "当前登录用户") @GetMapping("/current") - public User currentUser() { + public SysUser currentUser() { return UserUtil.getCurrentUser(); } @ApiOperation(value = "根据用户id获取用户") @GetMapping("/{id}") - @RequiresPermissions("sys:user:query") - public User user(@PathVariable Long id) { + @PreAuthorize("hasAuthority('sys:user:query')") + public SysUser user(@PathVariable Long id) { return userDao.getById(id); }