github
/
jeecg-boot
mirror of https://github.com/jeecgboot/jeecg-boot
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

放开系统权限控制,@RequiresPermissions,解决不安全的问题 

jeecg存在权限提升漏洞,可直接获得管理员权限 #5270
pull/5328/head
zhangdaiscott 2023-08-20 18:01:25 +08:00
parent 9c038a979d
commit ff083361d4
14 changed files with 821 additions and 675 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1057
db/jeecgboot-mysql-5.7.sql
View File

File diff suppressed because one or more lines are too long

2
jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/oss/controller/OssFileController.java
View File

@ -48,7 +48,7 @@ public class OssFileController {
@ResponseBody
@PostMapping("/upload")
//@RequiresRoles("admin")
//@RequiresPermissions("system:ossFile:upload")
@RequiresPermissions("system:ossFile:upload")
public Result upload(@RequestParam("file") MultipartFile multipartFile) {
Result result = new Result();
try {

14
jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/quartz/controller/QuartzJobController.java
View File

@ -80,7 +80,7 @@ public class QuartzJobController {
* @return
*/
//@RequiresRoles("admin")
//@RequiresPermissions("system:quartzJob:add")
@RequiresPermissions("system:quartzJob:add")
@RequestMapping(value = "/add", method = RequestMethod.POST)
public Result<?> add(@RequestBody QuartzJob quartzJob) {
quartzJobService.saveAndScheduleJob(quartzJob);
@ -94,7 +94,7 @@ public class QuartzJobController {
* @return
*/
//@RequiresRoles("admin")
//@RequiresPermissions("system:quartzJob:edit")
@RequiresPermissions("system:quartzJob:edit")
@RequestMapping(value = "/edit", method ={RequestMethod.PUT, RequestMethod.POST})
public Result<?> eidt(@RequestBody QuartzJob quartzJob) {
try {
@ -113,7 +113,7 @@ public class QuartzJobController {
* @return
*/
//@RequiresRoles("admin")
//@RequiresPermissions("system:quartzJob:delete")
@RequiresPermissions("system:quartzJob:delete")
@RequestMapping(value = "/delete", method = RequestMethod.DELETE)
public Result<?> delete(@RequestParam(name = "id", required = true) String id) {
QuartzJob quartzJob = quartzJobService.getById(id);
@ -132,7 +132,7 @@ public class QuartzJobController {
* @return
*/
//@RequiresRoles("admin")
//@RequiresPermissions("system:quartzJob:deleteBatch")
@RequiresPermissions("system:quartzJob:deleteBatch")
@RequestMapping(value = "/deleteBatch", method = RequestMethod.DELETE)
public Result<?> deleteBatch(@RequestParam(name = "ids", required = true) String ids) {
if (ids == null || "".equals(ids.trim())) {
@ -152,7 +152,7 @@ public class QuartzJobController {
* @return
*/
//@RequiresRoles("admin")
//@RequiresPermissions("system:quartzJob:pause")
@RequiresPermissions("system:quartzJob:pause")
@GetMapping(value = "/pause")
@ApiOperation(value = "停止定时任务")
public Result<Object> pauseJob(@RequestParam(name = "id") String id) {
@ -171,7 +171,7 @@ public class QuartzJobController {
* @return
*/
//@RequiresRoles("admin")
//@RequiresPermissions("system:quartzJob:resume")
@RequiresPermissions("system:quartzJob:resume")
@GetMapping(value = "/resume")
@ApiOperation(value = "启动定时任务")
public Result<Object> resumeJob(@RequestParam(name = "id") String id) {
@ -272,7 +272,7 @@ public class QuartzJobController {
* @return
*/
//@RequiresRoles("admin")
//@RequiresPermissions("system:quartzJob:execute")
@RequiresPermissions("system:quartzJob:execute")
@GetMapping("/execute")
public Result<?> execute(@RequestParam(name = "id", required = true) String id) {
QuartzJob quartzJob = quartzJobService.getById(id);

2
jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysDataSourceController.java
View File

@ -65,7 +65,7 @@ public class SysDataSourceController extends JeecgController<SysDataSource, ISys
*/
@AutoLog(value = "多数据源管理-分页列表查询")
@ApiOperation(value = "多数据源管理-分页列表查询", notes = "多数据源管理-分页列表查询")
//@RequiresPermissions("system:datasource:list")
@RequiresPermissions("system:datasource:list")
@GetMapping(value = "/list")
public Result<?> queryPageList(
SysDataSource sysDataSource,

10
jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysDepartController.java
View File

@ -173,7 +173,7 @@ public class SysDepartController {
* @param sysDepart
* @return
*/
//@RequiresPermissions("system:depart:add")
@RequiresPermissions("system:depart:add")
@RequestMapping(value = "/add", method = RequestMethod.POST)
@CacheEvict(value= {CacheConstant.SYS_DEPARTS_CACHE,CacheConstant.SYS_DEPART_IDS_CACHE}, allEntries=true)
public Result<SysDepart> add(@RequestBody SysDepart sysDepart, HttpServletRequest request) {
@ -199,7 +199,7 @@ public class SysDepartController {
* @param sysDepart
* @return
*/
//@RequiresPermissions("system:depart:edit")
@RequiresPermissions("system:depart:edit")
@RequestMapping(value = "/edit", method = {RequestMethod.PUT,RequestMethod.POST})
@CacheEvict(value= {CacheConstant.SYS_DEPARTS_CACHE,CacheConstant.SYS_DEPART_IDS_CACHE}, allEntries=true)
public Result<SysDepart> edit(@RequestBody SysDepart sysDepart, HttpServletRequest request) {
@ -227,7 +227,7 @@ public class SysDepartController {
* @param id
* @return
*/
//@RequiresPermissions("system:depart:delete")
@RequiresPermissions("system:depart:delete")
@RequestMapping(value = "/delete", method = RequestMethod.DELETE)
@CacheEvict(value= {CacheConstant.SYS_DEPARTS_CACHE,CacheConstant.SYS_DEPART_IDS_CACHE}, allEntries=true)
public Result<SysDepart> delete(@RequestParam(name="id",required=true) String id) {
@ -253,7 +253,7 @@ public class SysDepartController {
* @param ids
* @return
*/
//@RequiresPermissions("system:depart:deleteBatch")
@RequiresPermissions("system:depart:deleteBatch")
@RequestMapping(value = "/deleteBatch", method = RequestMethod.DELETE)
@CacheEvict(value= {CacheConstant.SYS_DEPARTS_CACHE,CacheConstant.SYS_DEPART_IDS_CACHE}, allEntries=true)
public Result<SysDepart> deleteBatch(@RequestParam(name = "ids", required = true) String ids) {
@ -377,7 +377,7 @@ public class SysDepartController {
* @param response
* @return
*/
//@RequiresPermissions("system:depart:importExcel")
@RequiresPermissions("system:depart:importExcel")
@RequestMapping(value = "/importExcel", method = RequestMethod.POST)
@CacheEvict(value= {CacheConstant.SYS_DEPARTS_CACHE,CacheConstant.SYS_DEPART_IDS_CACHE}, allEntries=true)
public Result<?> importExcel(HttpServletRequest request, HttpServletResponse response) {

10
jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysDepartRoleController.java
View File

@ -104,7 +104,7 @@ public class SysDepartRoleController extends JeecgController<SysDepartRole, ISys
* @param sysDepartRole
* @return
*/
//@RequiresPermissions("system:depart:role:add")
@RequiresPermissions("system:depart:role:add")
@ApiOperation(value="部门角色-添加", notes="部门角色-添加")
@PostMapping(value = "/add")
public Result<?> add(@RequestBody SysDepartRole sysDepartRole) {
@ -119,7 +119,7 @@ public class SysDepartRoleController extends JeecgController<SysDepartRole, ISys
* @return
*/
@ApiOperation(value="部门角色-编辑", notes="部门角色-编辑")
//@RequiresPermissions("system:depart:role:edit")
@RequiresPermissions("system:depart:role:edit")
@RequestMapping(value = "/edit", method = {RequestMethod.PUT,RequestMethod.POST})
public Result<?> edit(@RequestBody SysDepartRole sysDepartRole) {
sysDepartRoleService.updateById(sysDepartRole);
@ -134,7 +134,7 @@ public class SysDepartRoleController extends JeecgController<SysDepartRole, ISys
*/
@AutoLog(value = "部门角色-通过id删除")
@ApiOperation(value="部门角色-通过id删除", notes="部门角色-通过id删除")
//@RequiresPermissions("system:depart:role:delete")
@RequiresPermissions("system:depart:role:delete")
@DeleteMapping(value = "/delete")
public Result<?> delete(@RequestParam(name="id",required=true) String id) {
sysDepartRoleService.removeById(id);
@ -149,7 +149,7 @@ public class SysDepartRoleController extends JeecgController<SysDepartRole, ISys
*/
@AutoLog(value = "部门角色-批量删除")
@ApiOperation(value="部门角色-批量删除", notes="部门角色-批量删除")
//@RequiresPermissions("system:depart:role:deleteBatch")
@RequiresPermissions("system:depart:role:deleteBatch")
@DeleteMapping(value = "/deleteBatch")
public Result<?> deleteBatch(@RequestParam(name="ids",required=true) String ids) {
this.sysDepartRoleService.removeByIds(Arrays.asList(ids.split(",")));
@ -189,7 +189,7 @@ public class SysDepartRoleController extends JeecgController<SysDepartRole, ISys
* @param json
* @return
*/
//@RequiresPermissions("system:depart:role:userAdd")
@RequiresPermissions("system:depart:role:userAdd")
@RequestMapping(value = "/deptRoleUserAdd", method = RequestMethod.POST)
public Result<?> deptRoleAdd(@RequestBody JSONObject json) {
String newRoleId = json.getString("newRoleId");

10
jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysDictController.java
View File

@ -391,7 +391,7 @@ public class SysDictController {
* @param sysDict
* @return
*/
//@RequiresPermissions("system:dict:add")
@RequiresPermissions("system:dict:add")
@RequestMapping(value = "/add", method = RequestMethod.POST)
public Result<SysDict> add(@RequestBody SysDict sysDict) {
Result<SysDict> result = new Result<SysDict>();
@ -412,7 +412,7 @@ public class SysDictController {
* @param sysDict
* @return
*/
//@RequiresPermissions("system:dict:edit")
@RequiresPermissions("system:dict:edit")
@RequestMapping(value = "/edit", method = { RequestMethod.PUT,RequestMethod.POST })
public Result<SysDict> edit(@RequestBody SysDict sysDict) {
Result<SysDict> result = new Result<SysDict>();
@ -434,7 +434,7 @@ public class SysDictController {
* @param id
* @return
*/
//@RequiresPermissions("system:dict:delete")
@RequiresPermissions("system:dict:delete")
@RequestMapping(value = "/delete", method = RequestMethod.DELETE)
@CacheEvict(value={CacheConstant.SYS_DICT_CACHE, CacheConstant.SYS_ENABLE_DICT_CACHE}, allEntries=true)
public Result<SysDict> delete(@RequestParam(name="id",required=true) String id) {
@ -453,7 +453,7 @@ public class SysDictController {
* @param ids
* @return
*/
//@RequiresPermissions("system:dict:deleteBatch")
@RequiresPermissions("system:dict:deleteBatch")
@RequestMapping(value = "/deleteBatch", method = RequestMethod.DELETE)
@CacheEvict(value= {CacheConstant.SYS_DICT_CACHE, CacheConstant.SYS_ENABLE_DICT_CACHE}, allEntries=true)
public Result<SysDict> deleteBatch(@RequestParam(name="ids",required=true) String ids) {
@ -554,7 +554,7 @@ public class SysDictController {
* @param
* @return
*/
//@RequiresPermissions("system:dict:importExcel")
@RequiresPermissions("system:dict:importExcel")
@RequestMapping(value = "/importExcel", method = RequestMethod.POST)
public Result<?> importExcel(HttpServletRequest request, HttpServletResponse response) {
MultipartHttpServletRequest multipartRequest = (MultipartHttpServletRequest) request;

8
jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysDictItemController.java
View File

@ -74,7 +74,7 @@ public class SysDictItemController {
* @
* @return
*/
//@RequiresPermissions("system:dict:item:add")
@RequiresPermissions("system:dict:item:add")
@RequestMapping(value = "/add", method = RequestMethod.POST)
@CacheEvict(value= {CacheConstant.SYS_DICT_CACHE, CacheConstant.SYS_ENABLE_DICT_CACHE}, allEntries=true)
public Result<SysDictItem> add(@RequestBody SysDictItem sysDictItem) {
@ -95,7 +95,7 @@ public class SysDictItemController {
* @param sysDictItem
* @return
*/
//@RequiresPermissions("system:dict:item:edit")
@RequiresPermissions("system:dict:item:edit")
@RequestMapping(value = "/edit", method = { RequestMethod.PUT,RequestMethod.POST })
@CacheEvict(value={CacheConstant.SYS_DICT_CACHE, CacheConstant.SYS_ENABLE_DICT_CACHE}, allEntries=true)
public Result<SysDictItem> edit(@RequestBody SysDictItem sysDictItem) {
@ -119,7 +119,7 @@ public class SysDictItemController {
* @param id
* @return
*/
//@RequiresPermissions("system:dict:item:delete")
@RequiresPermissions("system:dict:item:delete")
@RequestMapping(value = "/delete", method = RequestMethod.DELETE)
@CacheEvict(value={CacheConstant.SYS_DICT_CACHE, CacheConstant.SYS_ENABLE_DICT_CACHE}, allEntries=true)
public Result<SysDictItem> delete(@RequestParam(name="id",required=true) String id) {
@ -141,7 +141,7 @@ public class SysDictItemController {
* @param ids
* @return
*/
//@RequiresPermissions("system:dict:item:deleteBatch")
@RequiresPermissions("system:dict:item:deleteBatch")
@RequestMapping(value = "/deleteBatch", method = RequestMethod.DELETE)
@CacheEvict(value={CacheConstant.SYS_DICT_CACHE, CacheConstant.SYS_ENABLE_DICT_CACHE}, allEntries=true)
public Result<SysDictItem> deleteBatch(@RequestParam(name="ids",required=true) String ids) {

2
jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysGatewayRouteController.java
View File

@ -68,7 +68,7 @@ public class SysGatewayRouteController extends JeecgController<SysGatewayRoute,
* @param id
* @return
*/
//@RequiresPermissions("system:getway:delete")
@RequiresPermissions("system:getway:delete")
@RequestMapping(value = "/delete", method = RequestMethod.DELETE)
public Result<?> delete(@RequestParam(name = "id", required = true) String id) {
sysGatewayRouteService.deleteById(id);

18
jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysPermissionController.java
View File

@ -360,7 +360,7 @@ public class SysPermissionController {
* @param permission
* @return
*/
//@RequiresPermissions("system:permission:add")
@RequiresPermissions("system:permission:add")
@RequestMapping(value = "/add", method = RequestMethod.POST)
public Result<SysPermission> add(@RequestBody SysPermission permission) {
Result<SysPermission> result = new Result<SysPermission>();
@ -380,7 +380,7 @@ public class SysPermissionController {
* @param permission
* @return
*/
//@RequiresPermissions("system:permission:edit")
@RequiresPermissions("system:permission:edit")
@RequestMapping(value = "/edit", method = { RequestMethod.PUT, RequestMethod.POST })
public Result<SysPermission> edit(@RequestBody SysPermission permission) {
Result<SysPermission> result = new Result<>();
@ -422,7 +422,7 @@ public class SysPermissionController {
* @param id
* @return
*/
//@RequiresPermissions("system:permission:delete")
@RequiresPermissions("system:permission:delete")
@RequestMapping(value = "/delete", method = RequestMethod.DELETE)
public Result<SysPermission> delete(@RequestParam(name = "id", required = true) String id) {
Result<SysPermission> result = new Result<>();
@ -441,7 +441,7 @@ public class SysPermissionController {
* @param ids
* @return
*/
//@RequiresPermissions("system:permission:deleteBatch")
@RequiresPermissions("system:permission:deleteBatch")
@RequestMapping(value = "/deleteBatch", method = RequestMethod.DELETE)
public Result<SysPermission> deleteBatch(@RequestParam(name = "ids", required = true) String ids) {
Result<SysPermission> result = new Result<>();
@ -548,7 +548,7 @@ public class SysPermissionController {
*
* @return
*/
//@RequiresPermissions("system:permission:saveRole")
@RequiresPermissions("system:permission:saveRole")
@RequestMapping(value = "/saveRolePermission", method = RequestMethod.POST)
public Result<String> saveRolePermission(@RequestBody JSONObject json) {
long start = System.currentTimeMillis();
@ -877,7 +877,7 @@ public class SysPermissionController {
* @param sysPermissionDataRule
* @return
*/
//@RequiresPermissions("system:permission:addRule")
@RequiresPermissions("system:permission:addRule")
@RequestMapping(value = "/addPermissionRule", method = RequestMethod.POST)
public Result<SysPermissionDataRule> addPermissionRule(@RequestBody SysPermissionDataRule sysPermissionDataRule) {
Result<SysPermissionDataRule> result = new Result<SysPermissionDataRule>();
@ -892,7 +892,7 @@ public class SysPermissionController {
return result;
}
//@RequiresPermissions("system:permission:editRule")
@RequiresPermissions("system:permission:editRule")
@RequestMapping(value = "/editPermissionRule", method = { RequestMethod.PUT, RequestMethod.POST })
public Result<SysPermissionDataRule> editPermissionRule(@RequestBody SysPermissionDataRule sysPermissionDataRule) {
Result<SysPermissionDataRule> result = new Result<SysPermissionDataRule>();
@ -912,7 +912,7 @@ public class SysPermissionController {
* @param id
* @return
*/
//@RequiresPermissions("system:permission:deleteRule")
@RequiresPermissions("system:permission:deleteRule")
@RequestMapping(value = "/deletePermissionRule", method = RequestMethod.DELETE)
public Result<SysPermissionDataRule> deletePermissionRule(@RequestParam(name = "id", required = true) String id) {
Result<SysPermissionDataRule> result = new Result<SysPermissionDataRule>();
@ -969,7 +969,7 @@ public class SysPermissionController {
* @return
*/
@RequestMapping(value = "/saveDepartPermission", method = RequestMethod.POST)
//@RequiresPermissions("system:permission:saveDepart")
@RequiresPermissions("system:permission:saveDepart")
public Result<String> saveDepartPermission(@RequestBody JSONObject json) {
long start = System.currentTimeMillis();
Result<String> result = new Result<>();

10
jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysRoleController.java
View File

@ -136,7 +136,7 @@ public class SysRoleController {
* @return
*/
@RequestMapping(value = "/add", method = RequestMethod.POST)
//@RequiresPermissions("system:role:add")
@RequiresPermissions("system:role:add")
public Result<SysRole> add(@RequestBody SysRole role) {
Result<SysRole> result = new Result<SysRole>();
try {
@ -155,7 +155,7 @@ public class SysRoleController {
* @param role
* @return
*/
//@RequiresPermissions("system:role:edit")
@RequiresPermissions("system:role:edit")
@RequestMapping(value = "/edit",method = {RequestMethod.PUT,RequestMethod.POST})
public Result<SysRole> edit(@RequestBody SysRole role) {
Result<SysRole> result = new Result<SysRole>();
@ -179,7 +179,7 @@ public class SysRoleController {
* @param id
* @return
*/
//@RequiresPermissions("system:role:delete")
@RequiresPermissions("system:role:delete")
@RequestMapping(value = "/delete", method = RequestMethod.DELETE)
public Result<?> delete(@RequestParam(name="id",required=true) String id) {
sysRoleService.deleteRole(id);
@ -191,7 +191,7 @@ public class SysRoleController {
* @param ids
* @return
*/
//@RequiresPermissions("system:role:deleteBatch")
@RequiresPermissions("system:role:deleteBatch")
@RequestMapping(value = "/deleteBatch", method = RequestMethod.DELETE)
public Result<SysRole> deleteBatch(@RequestParam(name="ids",required=true) String ids) {
Result<SysRole> result = new Result<SysRole>();
@ -252,7 +252,7 @@ public class SysRoleController {
*
* @return
*/
//@RequiresPermissions("system:role:queryallNoByTenant")
@RequiresPermissions("system:role:queryallNoByTenant")
@RequestMapping(value = "/queryallNoByTenant", method = RequestMethod.GET)
public Result<List<SysRole>> queryallNoByTenant() {
Result<List<SysRole>> result = new Result<>();

4
jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysRoleIndexController.java
View File

@ -67,7 +67,7 @@ public class SysRoleIndexController extends JeecgController<SysRoleIndex, ISysRo
* @param sysRoleIndex
* @return
*/
//@RequiresPermissions("system:roleindex:add")
@RequiresPermissions("system:roleindex:add")
@AutoLog(value = "角色首页配置-添加")
@ApiOperation(value = "角色首页配置-添加", notes = "角色首页配置-添加")
@PostMapping(value = "/add")
@ -83,7 +83,7 @@ public class SysRoleIndexController extends JeecgController<SysRoleIndex, ISysRo
* @param sysRoleIndex
* @return
*/
//@RequiresPermissions("system:roleindex:edit")
@RequiresPermissions("system:roleindex:edit")
@AutoLog(value = "角色首页配置-编辑")
@ApiOperation(value = "角色首页配置-编辑", notes = "角色首页配置-编辑")
@RequestMapping(value = "/edit", method = {RequestMethod.PUT, RequestMethod.POST})

309
jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysTenantController.java
View File

@ -69,7 +69,7 @@ public class SysTenantController {
* @param req
* @return
*/
//@RequiresPermissions("system:tenant:list")
@RequiresPermissions("system:tenant:list")
@PermissionData(pageComponent = "system/TenantList")
@RequestMapping(value = "/list", method = RequestMethod.GET)
public Result<IPage<SysTenant>> queryPageList(SysTenant sysTenant, @RequestParam(name="pageNo", defaultValue="1") Integer pageNo,
@ -108,7 +108,7 @@ public class SysTenantController {
* @return
*/
@GetMapping("/recycleBinPageList")
//@RequiresPermissions("system:tenant:recycleBinPageList")
@RequiresPermissions("system:tenant:recycleBinPageList")
public Result<IPage<SysTenant>> recycleBinPageList(SysTenant sysTenant, @RequestParam(name="pageNo", defaultValue="1") Integer pageNo,
@RequestParam(name="pageSize", defaultValue="10") Integer pageSize, HttpServletRequest req){
Result<IPage<SysTenant>> result = new Result<IPage<SysTenant>>();
@ -124,7 +124,7 @@ public class SysTenantController {
* @param
* @return
*/
//@RequiresPermissions("system:tenant:add")
@RequiresPermissions("system:tenant:add")
@RequestMapping(value = "/add", method = RequestMethod.POST)
public Result<SysTenant> add(@RequestBody SysTenant sysTenant) {
Result<SysTenant> result = new Result();
@ -146,7 +146,7 @@ public class SysTenantController {
* @param
* @return
*/
//@RequiresPermissions("system:tenant:edit")
@RequiresPermissions("system:tenant:edit")
@RequestMapping(value = "/edit", method ={RequestMethod.PUT, RequestMethod.POST})
public Result<SysTenant> edit(@RequestBody SysTenant tenant) {
Result<SysTenant> result = new Result();
@ -169,7 +169,7 @@ public class SysTenantController {
* @param id
* @return
*/
//@RequiresPermissions("system:tenant:delete")
@RequiresPermissions("system:tenant:delete")
@RequestMapping(value = "/delete", method ={RequestMethod.DELETE, RequestMethod.POST})
public Result<?> delete(@RequestParam(name="id",required=true) String id) {
//------------------------------------------------------------------
@ -197,7 +197,7 @@ public class SysTenantController {
* @param ids
* @return
*/
//@RequiresPermissions("system:tenant:deleteBatch")
@RequiresPermissions("system:tenant:deleteBatch")
@RequestMapping(value = "/deleteBatch", method = RequestMethod.DELETE)
public Result<?> deleteBatch(@RequestParam(name="ids",required=true) String ids) {
Result<?> result = new Result<>();
@ -281,7 +281,7 @@ public class SysTenantController {
*
* @return
*/
//@RequiresPermissions("system:tenant:queryList")
@RequiresPermissions("system:tenant:queryList")
@RequestMapping(value = "/queryList", method = RequestMethod.GET)
public Result<List<SysTenant>> queryList(@RequestParam(name="ids",required=false) String ids) {
Result<List<SysTenant>> result = new Result<List<SysTenant>>();
@ -307,7 +307,7 @@ public class SysTenantController {
* @return
*/
@GetMapping(value = "/packList")
//@RequiresPermissions("system:tenant:packList")
@RequiresPermissions("system:tenant:packList")
public Result<IPage<SysTenantPack>> queryPackPageList(SysTenantPack sysTenantPack,
@RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo,
@RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize,
@ -329,7 +329,7 @@ public class SysTenantController {
* @return
*/
@PostMapping(value = "/addPackPermission")
//@RequiresPermissions("system:tenant:add:pack")
@RequiresPermissions("system:tenant:add:pack")
public Result<String> addPackPermission(@RequestBody SysTenantPack sysTenantPack) {
sysTenantPackService.addPackPermission(sysTenantPack);
return Result.ok("创建租户产品包成功");
@ -342,7 +342,7 @@ public class SysTenantController {
* @return
*/
@PutMapping(value = "/editPackPermission")
//@RequiresPermissions("system:tenant:edit:pack")
@RequiresPermissions("system:tenant:edit:pack")
public Result<String> editPackPermission(@RequestBody SysTenantPack sysTenantPack) {
sysTenantPackService.editPackPermission(sysTenantPack);
return Result.ok("修改租户产品包成功");
@ -355,7 +355,7 @@ public class SysTenantController {
* @return
*/
@DeleteMapping("/deletePackPermissions")
//@RequiresPermissions("system:tenant:delete:pack")
@RequiresPermissions("system:tenant:delete:pack")
public Result<String> deletePackPermissions(@RequestParam(value = "ids") String ids) {
sysTenantPackService.deletePackPermissions(ids);
return Result.ok("删除租户产品包成功");
@ -363,289 +363,6 @@ public class SysTenantController {
//===========【低代码应用,前端专用接口 —— 加入限制只能维护和查看自己拥有的租户】==========================================================
/**
*
* @return
*/
@RequestMapping(value = "/getCurrentUserTenant", method = RequestMethod.GET)
public Result<Map<String,Object>> getCurrentUserTenant() {
Result<Map<String,Object>> result = new Result<Map<String,Object>>();
try {
LoginUser sysUser = (LoginUser) SecurityUtils.getSubject().getPrincipal();
//update-begin---author:wangshuai ---date:20221223 for[QQYUN-3371]租户逻辑改造,改成关系表------------
List<Integer> tenantIdList = relationService.getTenantIdsByUserId(sysUser.getId());
Map<String,Object> map = new HashMap(5);
if (null!=tenantIdList && tenantIdList.size()>0) {
//update-end---author:wangshuai ---date:20221223 for[QQYUN-3371]租户逻辑改造,改成关系表------------
// 该方法仅查询有效的租户如果返回0个就说明所有的租户均无效。
List<SysTenant> tenantList = sysTenantService.queryEffectiveTenant(tenantIdList);
map.put("list", tenantList);
}
result.setSuccess(true);
result.setResult(map);
}catch(Exception e) {
log.error(e.getMessage(), e);
result.error500("查询失败!");
}
return result;
}
/**
*
* @param ids
* @param phone
* @return
*/
@PutMapping("/invitationUserJoin")
//@RequiresPermissions("system:tenant:invitation:user")
public Result<String> invitationUserJoin(@RequestParam("ids") String ids, @RequestParam("phone") String phone){
sysTenantService.invitationUserJoin(ids,phone);
return Result.ok("邀请用户成功");
}
/**
*
* @param user
* @param pageNo
* @param pageSize
* @param req
* @return
*/
@RequestMapping(value = "/getTenantUserList", method = RequestMethod.GET)
//@RequiresPermissions("system:tenant:user:list")
public Result<IPage<SysUser>> getTenantUserList(SysUser user,
@RequestParam(name="pageNo", defaultValue="1") Integer pageNo,
@RequestParam(name="pageSize", defaultValue="10") Integer pageSize,
@RequestParam(name="userTenantId") String userTenantId,
HttpServletRequest req) {
Result<IPage<SysUser>> result = new Result<>();
Page<SysUser> page = new Page<>(pageNo, pageSize);
Page<SysUser> pageList = relationService.getPageUserList(page,Integer.valueOf(userTenantId),user);
result.setSuccess(true);
result.setResult(pageList);
return result;
}
/**
*
* @param userIds
* @param tenantId
* @return
*/
@PutMapping("/leaveTenant")
//@RequiresPermissions("system:tenant:leave")
public Result<String> leaveTenant(@RequestParam("userIds") String userIds,
@RequestParam("tenantId") String tenantId){
Result<String> result = new Result<>();
//是否开启系统管理模块的多租户数据隔离【SAAS多租户模式】
LoginUser sysUser = (LoginUser) SecurityUtils.getSubject().getPrincipal();
if(MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL && !"admin".equals(sysUser.getUsername())){
Integer loginSessionTenant = oConvertUtils.getInt(TenantContext.getTenant());
if(loginSessionTenant!=null && !loginSessionTenant.equals(Integer.valueOf(tenantId))){
result.error500("无权限访问他人租户!");
return result;
}
}
sysTenantService.leaveTenant(userIds,tenantId);
return Result.ok("请离成功");
}
/**
*
* @param
* @return
*/
@RequestMapping(value = "/editOwnTenant", method ={RequestMethod.PUT, RequestMethod.POST})
public Result<SysTenant> editOwnTenant(@RequestBody SysTenant tenant, HttpServletRequest req) {
Result<SysTenant> result = new Result();
String tenantId = TokenUtils.getTenantIdByRequest(req);
if(!tenantId.equals(tenant.getId().toString())){
return result.error500("无权修改他人租户!");
}
SysTenant sysTenant = sysTenantService.getById(tenant.getId());
if(sysTenant==null) {
return result.error500("未找到对应实体");
}
if(oConvertUtils.isEmpty(sysTenant.getHouseNumber())){
tenant.setHouseNumber(RandomUtil.randomStringUpper(6));
}
boolean ok = sysTenantService.updateById(tenant);
if(ok) {
result.success("修改成功!");
}
return result;
}
/**
*
* @param sysTenant
*/
@PostMapping("/saveTenantJoinUser")
public Result<Integer> saveTenantJoinUser(@RequestBody SysTenant sysTenant){
Result<Integer> result = new Result<>();
LoginUser sysUser = (LoginUser) SecurityUtils.getSubject().getPrincipal();
//------------------------------------------------------------------------------------------------
//是否开启系统管理模块的多租户数据隔离【SAAS多租户模式】
if(MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL){
//---author:scott---date:20220111-----for: 限制免费用户只能创建两个租户--
Integer count = sysTenantService.countCreateTenantNum(sysUser.getUsername());
if (count > 2) {
Set<String> roles = sysUserService.getUserRolesSet(sysUser.getUsername());
//创建一个付费角色 paymember
if (roles==null || (!roles.contains("paymember") && !roles.contains("admin"))) {
return result.error500("免费用户最多创建两个租户!");
}
}
//---author:scott---date:20220111-----for: 限制免费用户只能创建两个租户--
}
//------------------------------------------------------------------------------------------------
Integer tenantId = sysTenantService.saveTenantJoinUser(sysTenant, sysUser.getId());
result.setSuccess(true);
result.setMessage("创建成功");
result.setResult(tenantId);
return result;
}
/**
*
* @param sysTenant
*/
@PostMapping("/joinTenantByHouseNumber")
public Result<Integer> joinTenantByHouseNumber(@RequestBody SysTenant sysTenant){
LoginUser sysUser = (LoginUser) SecurityUtils.getSubject().getPrincipal();
Integer tenantId = sysTenantService.joinTenantByHouseNumber(sysTenant, sysUser.getId());
Result<Integer> result = new Result<>();
if(tenantId != 0){
result.setMessage("申请租户成功");
result.setSuccess(true);
result.setResult(tenantId);
return result;
}else{
result.setMessage("该门牌号不存在");
result.setSuccess(false);
return result;
}
}
//update-begin---author:wangshuai ---date:20230107 for[QQYUN-3725]申请加入租户,审核中状态增加接口------------
/**
* (vue3)
*
* @param pageNo
* @param pageSize
* @param userTenantStatus
* @param type
* @param req
* @return
*/
@GetMapping("/getUserTenantPageList")
//@RequiresPermissions("system:tenant:tenantPageList")
public Result<IPage<SysUserTenantVo>> getUserTenantPageList(@RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo,
@RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize,
@RequestParam(name = "userTenantStatus") String userTenantStatus,
@RequestParam(name = "type", required = false) String type,
SysUser user,
HttpServletRequest req) {
Page<SysUserTenantVo> page = new Page<SysUserTenantVo>(pageNo, pageSize);
LoginUser sysUser = (LoginUser) SecurityUtils.getSubject().getPrincipal();
String tenantId = oConvertUtils.getString(TenantContext.getTenant(), "0");
IPage<SysUserTenantVo> list = relationService.getUserTenantPageList(page, Arrays.asList(userTenantStatus.split(SymbolConstant.COMMA)), user, Integer.valueOf(tenantId));
return Result.ok(list);
}
/**
* id
*
* @param userTenantStatus
* @return
*/
@GetMapping("/getTenantListByUserId")
//@RequiresPermissions("system:tenant:getTenantListByUserId")
public Result<List<SysUserTenantVo>> getTenantListByUserId(@RequestParam(name = "userTenantStatus", required = false) String userTenantStatus) {
LoginUser sysUser = (LoginUser) SecurityUtils.getSubject().getPrincipal();
List<String> list = null;
if (oConvertUtils.isNotEmpty(userTenantStatus)) {
list = Arrays.asList(userTenantStatus.split(SymbolConstant.COMMA));
}
//租户状态用户id,租户用户关系状态
List<SysUserTenantVo> sysTenant = relationService.getTenantListByUserId(sysUser.getId(), list);
return Result.ok(sysTenant);
}
/**
*
*/
@PutMapping("/updateUserTenantStatus")
//@RequiresPermissions("system:tenant:updateUserTenantStatus")
public Result<String> updateUserTenantStatus(@RequestBody SysUserTenant userTenant) {
String tenantId = TenantContext.getTenant();
if (oConvertUtils.isEmpty(tenantId)) {
return Result.error("未找到当前租户信息");
}
relationService.updateUserTenantStatus(userTenant.getUserId(), tenantId, userTenant.getStatus());
return Result.ok("更新用户租户状态成功");
}
/**
*
*
* @param sysTenant
* @return
*/
@PutMapping("/cancelTenant")
//@RequiresPermissions("system:tenant:cancelTenant")
public Result<String> cancelTenant(@RequestBody SysTenant sysTenant, HttpServletRequest request) {
LoginUser sysUser = (LoginUser) SecurityUtils.getSubject().getPrincipal();
SysTenant tenant = sysTenantService.getById(sysTenant.getId());
if (null == tenant) {
return Result.error("未找到当前租户信息");
}
if (!sysUser.getUsername().equals(tenant.getCreateBy())) {
return Result.error("无权限,只能注销自己创建的租户!");
}
SysUser userById = sysUserService.getById(sysUser.getId());
String loginPassword = request.getParameter("loginPassword");
String passwordEncode = PasswordUtil.encrypt(sysUser.getUsername(),loginPassword, userById.getSalt());
if (!passwordEncode.equals(userById.getPassword())) {
return Result.error("密码不正确");
}
sysTenantService.removeById(sysTenant.getId());
return Result.ok("注销成功");
}
//update-end---author:wangshuai ---date:20230107 for[QQYUN-3725]申请加入租户,审核中状态增加接口------------
/**
*
* @return
*/
@GetMapping("/getTenantStatusCount")
public Result<Long> getTenantStatusCount(@RequestParam(value = "status",defaultValue = "1") String status, HttpServletRequest req){
String tenantId = TokenUtils.getTenantIdByRequest(req);
if (null == tenantId) {
return Result.error("未找到当前租户信息");
}
LambdaQueryWrapper<SysUserTenant> query = new LambdaQueryWrapper<>();
query.eq(SysUserTenant::getTenantId,tenantId);
query.eq(SysUserTenant::getStatus,status);
long count = relationService.count(query);
return Result.ok(count);
}
/**
*
* @param tenantId
* @return
*/
@PutMapping("/cancelApplyTenant")
public Result<String> cancelApplyTenant(@RequestParam("tenantId") String tenantId){
LoginUser sysUser = (LoginUser) SecurityUtils.getSubject().getPrincipal();
sysTenantService.leaveTenant(sysUser.getId(),tenantId);
return Result.ok("取消申请成功");
}
//===========【低代码应用,前端专用接口 —— 加入限制只能维护和查看自己拥有的租户】==========================================================
/**
*
@ -653,7 +370,7 @@ public class SysTenantController {
* @return
*/
@DeleteMapping("/deleteLogicDeleted")
//@RequiresPermissions("system:tenant:deleteTenantLogic")
@RequiresPermissions("system:tenant:deleteTenantLogic")
public Result<String> deleteTenantLogic(@RequestParam("ids") String ids){
sysTenantService.deleteTenantLogic(ids);
return Result.ok("彻底删除成功");
@ -665,7 +382,7 @@ public class SysTenantController {
* @return
*/
@PutMapping("/revertTenantLogic")
//@RequiresPermissions("system:tenant:revertTenantLogic")
@RequiresPermissions("system:tenant:revertTenantLogic")
public Result<String> revertTenantLogic(@RequestParam("ids") String ids){
sysTenantService.revertTenantLogic(ids);
return Result.ok("还原成功");

40
jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserController.java
View File

@ -140,7 +140,7 @@ public class SysUserController {
* @param req
* @return
*/
//@RequiresPermissions("system:user:listAll")
@RequiresPermissions("system:user:listAll")
@RequestMapping(value = "/listAll", method = RequestMethod.GET)
public Result<IPage<SysUser>> queryAllPageList(SysUser user, @RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo,
@RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, HttpServletRequest req) {
@ -148,7 +148,7 @@ public class SysUserController {
return sysUserService.queryPageList(req, queryWrapper, pageSize, pageNo);
}
//@RequiresPermissions("system:user:add")
@RequiresPermissions("system:user:add")
@RequestMapping(value = "/add", method = RequestMethod.POST)
public Result<SysUser> add(@RequestBody JSONObject jsonObject) {
Result<SysUser> result = new Result<SysUser>();
@ -178,7 +178,7 @@ public class SysUserController {
return result;
}
//@RequiresPermissions("system:user:edit")
@RequiresPermissions("system:user:edit")
@RequestMapping(value = "/edit", method = {RequestMethod.PUT,RequestMethod.POST})
public Result<SysUser> edit(@RequestBody JSONObject jsonObject) {
Result<SysUser> result = new Result<SysUser>();
@ -216,7 +216,7 @@ public class SysUserController {
/**
*
*/
//@RequiresPermissions("system:user:delete")
@RequiresPermissions("system:user:delete")
@RequestMapping(value = "/delete", method = RequestMethod.DELETE)
public Result<?> delete(@RequestParam(name="id",required=true) String id) {
baseCommonService.addLog("删除用户id " +id ,CommonConstant.LOG_TYPE_2, 3);
@ -227,7 +227,7 @@ public class SysUserController {
/**
*
*/
//@RequiresPermissions("system:user:deleteBatch")
@RequiresPermissions("system:user:deleteBatch")
@RequestMapping(value = "/deleteBatch", method = RequestMethod.DELETE)
public Result<?> deleteBatch(@RequestParam(name="ids",required=true) String ids) {
baseCommonService.addLog("批量删除用户, ids " +ids ,CommonConstant.LOG_TYPE_2, 3);
@ -240,7 +240,7 @@ public class SysUserController {
* @param jsonObject
* @return
*/
//@RequiresPermissions("system:user:frozenBatch")
@RequiresPermissions("system:user:frozenBatch")
@RequestMapping(value = "/frozenBatch", method = RequestMethod.PUT)
public Result<SysUser> frozenBatch(@RequestBody JSONObject jsonObject) {
Result<SysUser> result = new Result<SysUser>();
@ -263,7 +263,7 @@ public class SysUserController {
}
//@RequiresPermissions("system:user:queryById")
@RequiresPermissions("system:user:queryById")
@RequestMapping(value = "/queryById", method = RequestMethod.GET)
public Result<SysUser> queryById(@RequestParam(name = "id", required = true) String id) {
Result<SysUser> result = new Result<SysUser>();
@ -277,7 +277,7 @@ public class SysUserController {
return result;
}
//@RequiresPermissions("system:user:queryUserRole")
@RequiresPermissions("system:user:queryUserRole")
@RequestMapping(value = "/queryUserRole", method = RequestMethod.GET)
public Result<List<String>> queryUserRole(@RequestParam(name = "userid", required = true) String userid) {
Result<List<String>> result = new Result<>();
@ -330,7 +330,7 @@ public class SysUserController {
/**
*
*/
//@RequiresPermissions("system:user:changepwd")
@RequiresPermissions("system:user:changepwd")
@RequestMapping(value = "/changePassword", method = RequestMethod.PUT)
public Result<?> changePassword(@RequestBody SysUser sysUser) {
SysUser u = this.sysUserService.getOne(new LambdaQueryWrapper<SysUser>().eq(SysUser::getUsername, sysUser.getUsername()));
@ -453,7 +453,7 @@ public class SysUserController {
* @param request
* @param sysUser
*/
//@RequiresPermissions("system:user:export")
@RequiresPermissions("system:user:export")
@RequestMapping(value = "/exportXls")
public ModelAndView exportXls(SysUser sysUser,HttpServletRequest request) {
// Step.1 组装查询条件
@ -486,7 +486,7 @@ public class SysUserController {
* @param response
* @return
*/
//@RequiresPermissions("system:user:import")
@RequiresPermissions("system:user:import")
@RequestMapping(value = "/importExcel", method = RequestMethod.POST)
public Result<?> importExcel(HttpServletRequest request, HttpServletResponse response)throws IOException {
MultipartHttpServletRequest multipartRequest = (MultipartHttpServletRequest) request;
@ -600,7 +600,7 @@ public class SysUserController {
/**
*
*/
//@RequiresPermissions("system:user:updatepwd")
@RequiresPermissions("system:user:updatepwd")
@RequestMapping(value = "/updatePassword", method = RequestMethod.PUT)
public Result<?> updatePassword(@RequestBody JSONObject json) {
String username = json.getString("username");
@ -641,7 +641,7 @@ public class SysUserController {
* @param
* @return
*/
//@RequiresPermissions("system:user:addUserRole")
@RequiresPermissions("system:user:addUserRole")
@RequestMapping(value = "/addSysUserRole", method = RequestMethod.POST)
public Result<String> addSysUserRole(@RequestBody SysUserRoleVO sysUserRoleVO) {
Result<String> result = new Result<String>();
@ -672,7 +672,7 @@ public class SysUserController {
* @param
* @return
*/
//@RequiresPermissions("system:user:deleteRole")
@RequiresPermissions("system:user:deleteRole")
@RequestMapping(value = "/deleteUserRole", method = RequestMethod.DELETE)
public Result<SysUserRole> deleteUserRole(@RequestParam(name="roleId") String roleId,
@RequestParam(name="userId",required=true) String userId
@ -696,7 +696,7 @@ public class SysUserController {
* @param
* @return
*/
//@RequiresPermissions("system:user:deleteRoleBatch")
@RequiresPermissions("system:user:deleteRoleBatch")
@RequestMapping(value = "/deleteUserRoleBatch", method = RequestMethod.DELETE)
public Result<SysUserRole> deleteUserRoleBatch(
@RequestParam(name="roleId") String roleId,
@ -827,7 +827,7 @@ public class SysUserController {
/**
*
*/
//@RequiresPermissions("system:user:editDepartWithUser")
@RequiresPermissions("system:user:editDepartWithUser")
@RequestMapping(value = "/editSysDepartWithUser", method = RequestMethod.POST)
public Result<String> editSysDepartWithUser(@RequestBody SysDepartUsersVO sysDepartUsersVO) {
Result<String> result = new Result<String>();
@ -856,7 +856,7 @@ public class SysUserController {
/**
*
*/
//@RequiresPermissions("system:user:deleteUserInDepart")
@RequiresPermissions("system:user:deleteUserInDepart")
@RequestMapping(value = "/deleteUserInDepart", method = RequestMethod.DELETE)
public Result<SysUserDepart> deleteUserInDepart(@RequestParam(name="depId") String depId,
@RequestParam(name="userId",required=true) String userId
@ -888,7 +888,7 @@ public class SysUserController {
/**
*
*/
//@RequiresPermissions("system:user:deleteUserInDepartBatch")
@RequiresPermissions("system:user:deleteUserInDepartBatch")
@RequestMapping(value = "/deleteUserInDepartBatch", method = RequestMethod.DELETE)
public Result<SysUserDepart> deleteUserInDepartBatch(
@RequestParam(name="depId") String depId,
@ -1263,7 +1263,7 @@ public class SysUserController {
* @param userIds IDid
* @return
*/
//@RequiresPermissions("system:user:deleteRecycleBin")
@RequiresPermissions("system:user:deleteRecycleBin")
@RequestMapping(value = "/deleteRecycleBin", method = RequestMethod.DELETE)
public Result deleteRecycleBin(@RequestParam("userIds") String userIds) {
if (StringUtils.isNotBlank(userIds)) {
@ -1640,7 +1640,7 @@ public class SysUserController {
* @return
*/
@PostMapping("/login/setting/userEdit")
//@RequiresPermissions("system:user:setting:edit")
@RequiresPermissions("system:user:setting:edit")
public Result<String> userEdit(@RequestBody SysUser sysUser, HttpServletRequest request) {
String username = JwtUtil.getUserNameByToken(request);
SysUser user = sysUserService.getById(sysUser.getId());