org.springframework.security.access.prepost.PreAuthorize Java Examples

The following examples show how to use org.springframework.security.access.prepost.PreAuthorize. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: PmsBrandController.java    From macrozheng with Apache License 2.0 6 votes vote down vote up
@ApiOperation(value = "更新品牌")
@RequestMapping(value = "/update/{id}", method = RequestMethod.POST)
@ResponseBody
@PreAuthorize("hasAuthority('pms:brand:update')")
public CommonResult update(@PathVariable("id") Long id,
                           @Validated @RequestBody PmsBrandParam pmsBrandParam,
                           BindingResult result) {
    CommonResult commonResult;
    int count = brandService.updateBrand(id, pmsBrandParam);
    if (count == 1) {
        commonResult = CommonResult.success(count);
    } else {
        commonResult = CommonResult.failed();
    }
    return commonResult;
}
 
Example #2
Source File: SysUserController.java    From mall4j with GNU Affero General Public License v3.0 6 votes vote down vote up
/**
 * 删除用户
 */
@SysLog("删除用户")
@DeleteMapping
@PreAuthorize("@pms.hasPermission('sys:user:delete')")
public ResponseEntity<String> delete(@RequestBody Long[] userIds){
	if (userIds.length == 0) {
		return ResponseEntity.badRequest().body("请选择需要删除的用户");
	}
	if(ArrayUtil.contains(userIds, Constant.SUPER_ADMIN_ID)){
		return ResponseEntity.badRequest().body("系统管理员不能删除");
	}
	if(ArrayUtil.contains(userIds, SecurityUtils.getSysUser().getUserId())){
		return ResponseEntity.badRequest().body("当前用户不能删除");
	}
	sysUserService.deleteBatch(userIds,SecurityUtils.getSysUser().getShopId());
	return ResponseEntity.ok().build();
}
 
Example #3
Source File: SysUserController.java    From yshopmall with Apache License 2.0 6 votes vote down vote up
@Log("删除用户")
@ApiOperation("删除用户")
@DeleteMapping
@PreAuthorize("@el.check('admin','user:del')")
public ResponseEntity<Object> delete(@RequestBody Set<Long> ids){

    UserDto user = userService.findByName(SecurityUtils.getUsername());
    for (Long id : ids) {
        Integer currentLevel =  Collections.min(roleService.findByUsersId(user.getId()).stream().map(RoleSmallDto::getLevel).collect(Collectors.toList()));
        Integer optLevel =  Collections.min(roleService.findByUsersId(id).stream().map(RoleSmallDto::getLevel).collect(Collectors.toList()));
        if (currentLevel > optLevel) {
            throw new BadRequestException("角色权限不足,不能删除:" + userService.findByName(SecurityUtils.getUsername()).getUsername());
        }
    }
    userService.delete(ids);
    return new ResponseEntity<>(HttpStatus.OK);
}
 
Example #4
Source File: SysUserController.java    From mall4j with GNU Affero General Public License v3.0 6 votes vote down vote up
/**
 * 修改用户
 */
@SysLog("修改用户")
@PutMapping
@PreAuthorize("@pms.hasPermission('sys:user:update')")
public ResponseEntity<String> update(@Valid @RequestBody SysUser user){
	String password = user.getPassword();

	SysUser dbUser = sysUserService.getSysUserById(user.getUserId());

	if (!Objects.equals(dbUser.getShopId(), SecurityUtils.getSysUser().getShopId())) {
		throw new YamiShopBindException("没有权限修改该用户信息");
	}
	SysUser dbUserNameInfo = sysUserService.getByUserName(user.getUsername());

	if (dbUserNameInfo != null && !Objects.equals(dbUserNameInfo.getUserId(),user.getUserId())) {
		return ResponseEntity.badRequest().body("该用户已存在");
	}
	if (StrUtil.isBlank(password)) {
		user.setPassword(null);
	}else {
		user.setPassword(passwordEncoder.encode(user.getPassword()));
	}
	sysUserService.updateUserAndUserRole(user);
	return ResponseEntity.ok().build();
}
 
Example #5
Source File: PmsBrandController.java    From mall-learning with Apache License 2.0 6 votes vote down vote up
@ApiOperation("添加品牌")
@RequestMapping(value = "/create", method = RequestMethod.POST)
@ResponseBody
@PreAuthorize("hasAuthority('pms:brand:create')")
public CommonResult createBrand(@RequestBody PmsBrand pmsBrand) {
    CommonResult commonResult;
    int count = brandService.createBrand(pmsBrand);
    if (count == 1) {
        commonResult = CommonResult.success(pmsBrand);
        LOGGER.debug("createBrand success:{}", pmsBrand);
    } else {
        commonResult = CommonResult.failed("操作失败");
        LOGGER.debug("createBrand failed:{}", pmsBrand);
    }
    return commonResult;
}
 
Example #6
Source File: SysDeptController.java    From RuoYi-Vue with MIT License 6 votes vote down vote up
/**
 * 查询部门列表(排除节点)
 */
@PreAuthorize("@ss.hasPermi('system:dept:list')")
@GetMapping("/list/exclude/{deptId}")
public AjaxResult excludeChild(@PathVariable(value = "deptId", required = false) Long deptId)
{
    List<SysDept> depts = deptService.selectDeptList(new SysDept());
    Iterator<SysDept> it = depts.iterator();
    while (it.hasNext())
    {
        SysDept d = (SysDept) it.next();
        if (d.getDeptId().intValue() == deptId
                || ArrayUtils.contains(StringUtils.split(d.getAncestors(), ","), deptId + ""))
        {
            it.remove();
        }
    }
    return AjaxResult.success(depts);
}
 
Example #7
Source File: SysMenuController.java    From mall4j with GNU Affero General Public License v3.0 6 votes vote down vote up
/**
 * 修改
 */
@SysLog("修改菜单")
@PutMapping
@PreAuthorize("@pms.hasPermission('sys:menu:update')")
public ResponseEntity<String> update(@Valid @RequestBody SysMenu menu){
	//数据校验
	verifyForm(menu);

	if(menu.getType() == MenuType.MENU.getValue()){
		if(StrUtil.isBlank(menu.getUrl())){
			return ResponseEntity.badRequest().body("菜单URL不能为空");
		}
	}
	sysMenuService.updateById(menu);

	return ResponseEntity.ok().build();
}
 
Example #8
Source File: SysMenuController.java    From RuoYi-Vue with MIT License 6 votes vote down vote up
/**
 * 修改菜单
 */
@PreAuthorize("@ss.hasPermi('system:menu:edit')")
@Log(title = "菜单管理", businessType = BusinessType.UPDATE)
@PutMapping
public AjaxResult edit(@Validated @RequestBody SysMenu menu)
{
    if (UserConstants.NOT_UNIQUE.equals(menuService.checkMenuNameUnique(menu)))
    {
        return AjaxResult.error("修改菜单'" + menu.getMenuName() + "'失败,菜单名称已存在");
    }
    else if (UserConstants.YES_FRAME.equals(menu.getIsFrame())
            && !StringUtils.startsWithAny(menu.getPath(), Constants.HTTP, Constants.HTTPS))
    {
        return AjaxResult.error("新增菜单'" + menu.getMenuName() + "'失败,地址必须以http(s)://开头");
    }
    menu.setUpdateBy(SecurityUtils.getUsername());
    return toAjax(menuService.updateMenu(menu));
}
 
Example #9
Source File: SystemUserTaskController.java    From yshopmall with Apache License 2.0 5 votes vote down vote up
@Log("查询")
@ApiOperation(value = "查询")
@GetMapping(value = "/yxSystemUserTask")
@PreAuthorize("@el.check('admin','YXSYSTEMUSERTASK_ALL','YXSYSTEMUSERTASK_SELECT')")
public ResponseEntity getYxSystemUserTasks(YxSystemUserTaskQueryCriteria criteria,
                                           Pageable pageable){
    Sort sort = new Sort(Sort.Direction.ASC, "level_id");
    Pageable pageableT = PageRequest.of(pageable.getPageNumber(),
            pageable.getPageSize(),
            sort);
    return new ResponseEntity(yxSystemUserTaskService.queryAll(criteria,pageableT),
            HttpStatus.OK);
}
 
Example #10
Source File: SysConfigController.java    From RuoYi-Vue with MIT License 5 votes vote down vote up
/**
 * 修改参数配置
 */
@PreAuthorize("@ss.hasPermi('system:config:edit')")
@Log(title = "参数管理", businessType = BusinessType.UPDATE)
@PutMapping
public AjaxResult edit(@Validated @RequestBody SysConfig config)
{
    if (UserConstants.NOT_UNIQUE.equals(configService.checkConfigKeyUnique(config)))
    {
        return AjaxResult.error("修改参数'" + config.getConfigName() + "'失败,参数键名已存在");
    }
    config.setUpdateBy(SecurityUtils.getUsername());
    return toAjax(configService.updateConfig(config));
}
 
Example #11
Source File: ScheduleJobController.java    From mall4j with GNU Affero General Public License v3.0 5 votes vote down vote up
/**
 * 立即执行任务
 */
@SysLog("立即执行任务")
@PostMapping("/run")
@PreAuthorize("@pms.hasPermission('sys:schedule:run')")
public ResponseEntity<Void> run(@RequestBody Long[] jobIds){
	scheduleJobService.run(jobIds);
	return ResponseEntity.ok().build();
}
 
Example #12
Source File: SpecController.java    From mall4j with GNU Affero General Public License v3.0 5 votes vote down vote up
/**
 * 删除
 */
@DeleteMapping("/{id}")
@PreAuthorize("@pms.hasPermission('prod:spec:delete')")
public ResponseEntity<Void> delete(@PathVariable Long id) {
    prodPropService.deleteProdPropAndValues(id, ProdPropRule.SPEC.value(), SecurityUtils.getSysUser().getShopId());
    return ResponseEntity.ok().build();
}
 
Example #13
Source File: PickAddrController.java    From mall4j with GNU Affero General Public License v3.0 5 votes vote down vote up
/**
 * 保存
 */
@PostMapping
@PreAuthorize("@pms.hasPermission('shop:pickAddr:save')")
public ResponseEntity<Void> save(@Valid @RequestBody PickAddr pickAddr){
	pickAddr.setShopId(SecurityUtils.getSysUser().getShopId());
	pickAddrService.save(pickAddr);
	return ResponseEntity.ok().build();
}
 
Example #14
Source File: LogController.java    From sk-admin with Apache License 2.0 5 votes vote down vote up
@DeleteMapping(value = "/del/info")
@Log("删除所有INFO日志")
@ApiOperation("删除所有INFO日志")
@PreAuthorize("@sk.check()")
public ResponseEntity<Void> delAllByInfo() {
    logService.delAllByInfo();
    return new ResponseEntity<>(HttpStatus.OK);
}
 
Example #15
Source File: PmsProductController.java    From BigDataPlatform with GNU General Public License v3.0 5 votes vote down vote up
@ApiOperation("批量上下架")
@RequestMapping(value = "/update/publishStatus", method = RequestMethod.POST)
@ResponseBody
@PreAuthorize("hasAuthority('pms:product:update')")
public CommonResult updatePublishStatus(@RequestParam("ids") List<Long> ids,
                                        @RequestParam("publishStatus") Integer publishStatus) {
    int count = productService.updatePublishStatus(ids, publishStatus);
    if (count > 0) {
        return CommonResult.success(count);
    } else {
        return CommonResult.failed();
    }
}
 
Example #16
Source File: MessageController.java    From mall4j with GNU Affero General Public License v3.0 5 votes vote down vote up
/**
 * 获取信息
 */
@GetMapping("/info/{id}")
@PreAuthorize("@pms.hasPermission('admin:message:info')")
public ResponseEntity<Message> info(@PathVariable("id") Long id) {
    Message message = messageService.getById(id);
    return ResponseEntity.ok(message);
}
 
Example #17
Source File: ScheduleJobController.java    From mall4j with GNU Affero General Public License v3.0 5 votes vote down vote up
/**
 * 恢复定时任务
 */
@SysLog("恢复定时任务")
@PostMapping("/resume")
@PreAuthorize("@pms.hasPermission('sys:schedule:resume')")
public ResponseEntity<Void> resume(@RequestBody Long[] jobIds){
	scheduleJobService.resume(jobIds);
	return ResponseEntity.ok().build();
}
 
Example #18
Source File: PmsProductController.java    From xmall with MIT License 5 votes vote down vote up
@ApiOperation("更新商品")
@RequestMapping(value = "/update/{id}", method = RequestMethod.POST)
@ResponseBody
@PreAuthorize("hasAuthority('pms:product:update')")
public Object update(@PathVariable Long id, @RequestBody PmsProductParam productParam, BindingResult bindingResult) {
    int count = productService.update(id, productParam);
    if (count > 0) {
        return new CommonResult().success(count);
    } else {
        return new CommonResult().failed();
    }
}
 
Example #19
Source File: MenuController.java    From sk-admin with Apache License 2.0 5 votes vote down vote up
@Log("查询菜单")
@ApiOperation("查询菜单")
@GetMapping
@PreAuthorize("@sk.check('menu:list')")
public ResponseEntity<Object> getMenus(MenuQuery criteria){
    List<MenuDTO> menuDtoList = menuService.queryAll(criteria);
    return new ResponseEntity<>(menuService.buildTree(menuDtoList),HttpStatus.OK);
}
 
Example #20
Source File: JobController.java    From sk-admin with Apache License 2.0 5 votes vote down vote up
@Log("删除岗位")
@ApiOperation("删除岗位")
@DeleteMapping
@PreAuthorize("@sk.check('job:del')")
public ResponseEntity<Object> delete(@RequestBody Set<Long> ids){
    try {
        jobService.delete(ids);
    }catch (Throwable e){
        ThrowableUtil.throwForeignKeyException(e, "所选岗位存在用户关联,请取消关联后再试");
    }
    return new ResponseEntity<>(HttpStatus.OK);
}
 
Example #21
Source File: StoreCombinationController.java    From yshopmall with Apache License 2.0 5 votes vote down vote up
@Log("删除拼团")
@ApiOperation(value = "删除拼团")
@DeleteMapping(value = "/yxStoreCombination/{id}")
@PreAuthorize("@el.check('admin','YXSTORECOMBINATION_ALL','YXSTORECOMBINATION_DELETE')")
public ResponseEntity delete(@PathVariable Integer id){

    YxStoreCombination combination = new YxStoreCombination();
    combination.setIsDel(1);
    combination.setId(id);
    yxStoreCombinationService.saveOrUpdate(combination);
    return new ResponseEntity(HttpStatus.OK);
}
 
Example #22
Source File: PmsBrandController.java    From mall-learning with Apache License 2.0 5 votes vote down vote up
@ApiOperation("删除指定id的品牌")
@RequestMapping(value = "/delete/{id}", method = RequestMethod.GET)
@ResponseBody
@PreAuthorize("hasAuthority('pms:brand:delete')")
public CommonResult deleteBrand(@PathVariable("id") Long id) {
    int count = brandService.deleteBrand(id);
    if (count == 1) {
        LOGGER.debug("deleteBrand success :id={}", id);
        return CommonResult.success(null);
    } else {
        LOGGER.debug("deleteBrand failed :id={}", id);
        return CommonResult.failed("操作失败");
    }
}
 
Example #23
Source File: StoreCouponIssueUserController.java    From yshopmall with Apache License 2.0 5 votes vote down vote up
@Log("修改")
@ApiOperation(value = "修改")
@PutMapping(value = "/yxStoreCouponIssueUser")
@PreAuthorize("@el.check('admin','YXSTORECOUPONISSUEUSER_ALL','YXSTORECOUPONISSUEUSER_EDIT')")
public ResponseEntity update(@Validated @RequestBody YxStoreCouponIssueUser resources){
    yxStoreCouponIssueUserService.saveOrUpdate(resources);
    return new ResponseEntity(HttpStatus.NO_CONTENT);
}
 
Example #24
Source File: DeptController.java    From smaker with GNU Lesser General Public License v3.0 5 votes vote down vote up
/**
 * 编辑
 *
 * @param sysDept 实体
 * @return success/false
 */
@SysLog("编辑部门")
@PutMapping
@PreAuthorize("@pms.hasPermission('sys_dept_edit')")
public SmakerResult update(@Valid @RequestBody SysDept sysDept) {
	sysDept.setUpdateTime(LocalDateTime.now());
	return new SmakerResult<>(sysDeptService.updateDeptById(sysDept));
}
 
Example #25
Source File: ConfigController.java    From cymbal with Apache License 2.0 5 votes vote down vote up
/**
 * Update name of redis config.
 *
 * @param clusterId cluster id
 * @param configId config id
 * @param configName new config name
 */
@PatchMapping("/clusters/{clusterId}/configs/{configId}")
@PreAuthorize(value = "@clusterPermissionChecker.hasOperationPermissionForCluster(#clusterId, principal.username)")
@ResponseBody
public void updateConfigName(@PathVariable final String clusterId, @PathVariable final Integer configId,
        final @RequestBody String configName) {
    redisConfigProcessService.updateConfigName(configId, configName);
}
 
Example #26
Source File: ProgramController.java    From TASK-Management-System with MIT License 5 votes vote down vote up
@PostMapping("/createProgram/{uid}")
@CrossOrigin(origins = clientUrl)
@PreAuthorize("hasRole('USER') or hasRole('ADMIN')")
public ResponseEntity<Boolean> createProgram(@PathVariable("uid") Long uid, @RequestBody NewProgramDTO newProgramDto) {
  service.createProgram(newProgramDto, uid);
  return new ResponseEntity<Boolean>(true,HttpStatus.OK);
}
 
Example #27
Source File: QuartzJobController.java    From yshopmall with Apache License 2.0 5 votes vote down vote up
@Log("删除定时任务")
@ApiOperation("删除定时任务")
@DeleteMapping
@PreAuthorize("@el.check('admin','timing:del')")
public ResponseEntity<Object> delete(@RequestBody Integer[] ids){

    quartzJobService.removeByIds(new ArrayList<>(Arrays.asList(ids)));
    return new ResponseEntity<>(HttpStatus.OK);
}
 
Example #28
Source File: PictureController.java    From sk-admin with Apache License 2.0 5 votes vote down vote up
@Log("多选删除图片")
@ApiOperation("多选删除图片")
@PreAuthorize("@sk.check('pictures:del')")
@DeleteMapping
public ResponseEntity<Object> deleteAll(@RequestBody Long[] ids) {
    pictureService.deleteAll(ids);
    return new ResponseEntity<>(HttpStatus.OK);
}
 
Example #29
Source File: QuartzController.java    From sk-admin with Apache License 2.0 5 votes vote down vote up
@Log("查询定时任务")
@ApiOperation("查询定时任务")
@GetMapping
@PreAuthorize("@sk.check('timing:list')")
public ResponseEntity<Object> getJobs(QuartzJobQuery criteria, Pageable pageable){
    return new ResponseEntity<>(quartzJobService.queryAll(criteria,pageable), HttpStatus.OK);
}
 
Example #30
Source File: PictureController.java    From sk-admin with Apache License 2.0 5 votes vote down vote up
@Log("查询图片")
@PreAuthorize("@sk.check('pictures:list')")
@GetMapping
@ApiOperation("查询图片")
public ResponseEntity<Object> getRoles(PictureQuery criteria, Pageable pageable){
    return new ResponseEntity<>(pictureService.queryAll(criteria,pageable), HttpStatus.OK);
}