org.springframework.security.access.prepost.PreAuthorize Java Examples
The following examples show how to use
org.springframework.security.access.prepost.PreAuthorize.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: PmsBrandController.java From macrozheng with Apache License 2.0 | 6 votes |
|
@ApiOperation(value = "更新品牌")
@RequestMapping(value = "/update/{id}", method = RequestMethod.POST)
@ResponseBody
@PreAuthorize("hasAuthority('pms:brand:update')")
public CommonResult update(@PathVariable("id") Long id,
@Validated @RequestBody PmsBrandParam pmsBrandParam,
BindingResult result) {
CommonResult commonResult;
int count = brandService.updateBrand(id, pmsBrandParam);
if (count == 1) {
commonResult = CommonResult.success(count);
} else {
commonResult = CommonResult.failed();
}
return commonResult;
}
Example #2
| Source File: SysUserController.java From mall4j with GNU Affero General Public License v3.0 | 6 votes |
|
/**
* 删除用户
*/
@SysLog("删除用户")
@DeleteMapping
@PreAuthorize("@pms.hasPermission('sys:user:delete')")
public ResponseEntity<String> delete(@RequestBody Long[] userIds){
if (userIds.length == 0) {
return ResponseEntity.badRequest().body("请选择需要删除的用户");
}
if(ArrayUtil.contains(userIds, Constant.SUPER_ADMIN_ID)){
return ResponseEntity.badRequest().body("系统管理员不能删除");
}
if(ArrayUtil.contains(userIds, SecurityUtils.getSysUser().getUserId())){
return ResponseEntity.badRequest().body("当前用户不能删除");
}
sysUserService.deleteBatch(userIds,SecurityUtils.getSysUser().getShopId());
return ResponseEntity.ok().build();
}
Example #3
| Source File: SysUserController.java From yshopmall with Apache License 2.0 | 6 votes |
|
@Log("删除用户")
@ApiOperation("删除用户")
@DeleteMapping
@PreAuthorize("@el.check('admin','user:del')")
public ResponseEntity<Object> delete(@RequestBody Set<Long> ids){
UserDto user = userService.findByName(SecurityUtils.getUsername());
for (Long id : ids) {
Integer currentLevel = Collections.min(roleService.findByUsersId(user.getId()).stream().map(RoleSmallDto::getLevel).collect(Collectors.toList()));
Integer optLevel = Collections.min(roleService.findByUsersId(id).stream().map(RoleSmallDto::getLevel).collect(Collectors.toList()));
if (currentLevel > optLevel) {
throw new BadRequestException("角色权限不足,不能删除:" + userService.findByName(SecurityUtils.getUsername()).getUsername());
}
}
userService.delete(ids);
return new ResponseEntity<>(HttpStatus.OK);
}
Example #4
| Source File: SysUserController.java From mall4j with GNU Affero General Public License v3.0 | 6 votes |
|
/**
* 修改用户
*/
@SysLog("修改用户")
@PutMapping
@PreAuthorize("@pms.hasPermission('sys:user:update')")
public ResponseEntity<String> update(@Valid @RequestBody SysUser user){
String password = user.getPassword();
SysUser dbUser = sysUserService.getSysUserById(user.getUserId());
if (!Objects.equals(dbUser.getShopId(), SecurityUtils.getSysUser().getShopId())) {
throw new YamiShopBindException("没有权限修改该用户信息");
}
SysUser dbUserNameInfo = sysUserService.getByUserName(user.getUsername());
if (dbUserNameInfo != null && !Objects.equals(dbUserNameInfo.getUserId(),user.getUserId())) {
return ResponseEntity.badRequest().body("该用户已存在");
}
if (StrUtil.isBlank(password)) {
user.setPassword(null);
}else {
user.setPassword(passwordEncoder.encode(user.getPassword()));
}
sysUserService.updateUserAndUserRole(user);
return ResponseEntity.ok().build();
}
Example #5
| Source File: PmsBrandController.java From mall-learning with Apache License 2.0 | 6 votes |
|
@ApiOperation("添加品牌")
@RequestMapping(value = "/create", method = RequestMethod.POST)
@ResponseBody
@PreAuthorize("hasAuthority('pms:brand:create')")
public CommonResult createBrand(@RequestBody PmsBrand pmsBrand) {
CommonResult commonResult;
int count = brandService.createBrand(pmsBrand);
if (count == 1) {
commonResult = CommonResult.success(pmsBrand);
LOGGER.debug("createBrand success:{}", pmsBrand);
} else {
commonResult = CommonResult.failed("操作失败");
LOGGER.debug("createBrand failed:{}", pmsBrand);
}
return commonResult;
}
Example #6
| Source File: SysDeptController.java From RuoYi-Vue with MIT License | 6 votes |
|
/**
* 查询部门列表(排除节点)
*/
@PreAuthorize("@ss.hasPermi('system:dept:list')")
@GetMapping("/list/exclude/{deptId}")
public AjaxResult excludeChild(@PathVariable(value = "deptId", required = false) Long deptId)
{
List<SysDept> depts = deptService.selectDeptList(new SysDept());
Iterator<SysDept> it = depts.iterator();
while (it.hasNext())
{
SysDept d = (SysDept) it.next();
if (d.getDeptId().intValue() == deptId
|| ArrayUtils.contains(StringUtils.split(d.getAncestors(), ","), deptId + ""))
{
it.remove();
}
}
return AjaxResult.success(depts);
}
Example #7
| Source File: SysMenuController.java From mall4j with GNU Affero General Public License v3.0 | 6 votes |
|
/**
* 修改
*/
@SysLog("修改菜单")
@PutMapping
@PreAuthorize("@pms.hasPermission('sys:menu:update')")
public ResponseEntity<String> update(@Valid @RequestBody SysMenu menu){
//数据校验
verifyForm(menu);
if(menu.getType() == MenuType.MENU.getValue()){
if(StrUtil.isBlank(menu.getUrl())){
return ResponseEntity.badRequest().body("菜单URL不能为空");
}
}
sysMenuService.updateById(menu);
return ResponseEntity.ok().build();
}
Example #8
| Source File: SysMenuController.java From RuoYi-Vue with MIT License | 6 votes |
|
/**
* 修改菜单
*/
@PreAuthorize("@ss.hasPermi('system:menu:edit')")
@Log(title = "菜单管理", businessType = BusinessType.UPDATE)
@PutMapping
public AjaxResult edit(@Validated @RequestBody SysMenu menu)
{
if (UserConstants.NOT_UNIQUE.equals(menuService.checkMenuNameUnique(menu)))
{
return AjaxResult.error("修改菜单'" + menu.getMenuName() + "'失败,菜单名称已存在");
}
else if (UserConstants.YES_FRAME.equals(menu.getIsFrame())
&& !StringUtils.startsWithAny(menu.getPath(), Constants.HTTP, Constants.HTTPS))
{
return AjaxResult.error("新增菜单'" + menu.getMenuName() + "'失败,地址必须以http(s)://开头");
}
menu.setUpdateBy(SecurityUtils.getUsername());
return toAjax(menuService.updateMenu(menu));
}
Example #9
| Source File: SystemUserTaskController.java From yshopmall with Apache License 2.0 | 5 votes |
|
@Log("查询")
@ApiOperation(value = "查询")
@GetMapping(value = "/yxSystemUserTask")
@PreAuthorize("@el.check('admin','YXSYSTEMUSERTASK_ALL','YXSYSTEMUSERTASK_SELECT')")
public ResponseEntity getYxSystemUserTasks(YxSystemUserTaskQueryCriteria criteria,
Pageable pageable){
Sort sort = new Sort(Sort.Direction.ASC, "level_id");
Pageable pageableT = PageRequest.of(pageable.getPageNumber(),
pageable.getPageSize(),
sort);
return new ResponseEntity(yxSystemUserTaskService.queryAll(criteria,pageableT),
HttpStatus.OK);
}
Example #10
| Source File: SysConfigController.java From RuoYi-Vue with MIT License | 5 votes |
|
/**
* 修改参数配置
*/
@PreAuthorize("@ss.hasPermi('system:config:edit')")
@Log(title = "参数管理", businessType = BusinessType.UPDATE)
@PutMapping
public AjaxResult edit(@Validated @RequestBody SysConfig config)
{
if (UserConstants.NOT_UNIQUE.equals(configService.checkConfigKeyUnique(config)))
{
return AjaxResult.error("修改参数'" + config.getConfigName() + "'失败,参数键名已存在");
}
config.setUpdateBy(SecurityUtils.getUsername());
return toAjax(configService.updateConfig(config));
}
Example #11
| Source File: ScheduleJobController.java From mall4j with GNU Affero General Public License v3.0 | 5 votes |
|
/**
* 立即执行任务
*/
@SysLog("立即执行任务")
@PostMapping("/run")
@PreAuthorize("@pms.hasPermission('sys:schedule:run')")
public ResponseEntity<Void> run(@RequestBody Long[] jobIds){
scheduleJobService.run(jobIds);
return ResponseEntity.ok().build();
}
Example #12
| Source File: SpecController.java From mall4j with GNU Affero General Public License v3.0 | 5 votes |
|
/**
* 删除
*/
@DeleteMapping("/{id}")
@PreAuthorize("@pms.hasPermission('prod:spec:delete')")
public ResponseEntity<Void> delete(@PathVariable Long id) {
prodPropService.deleteProdPropAndValues(id, ProdPropRule.SPEC.value(), SecurityUtils.getSysUser().getShopId());
return ResponseEntity.ok().build();
}
Example #13
| Source File: PickAddrController.java From mall4j with GNU Affero General Public License v3.0 | 5 votes |
|
/**
* 保存
*/
@PostMapping
@PreAuthorize("@pms.hasPermission('shop:pickAddr:save')")
public ResponseEntity<Void> save(@Valid @RequestBody PickAddr pickAddr){
pickAddr.setShopId(SecurityUtils.getSysUser().getShopId());
pickAddrService.save(pickAddr);
return ResponseEntity.ok().build();
}
Example #14
| Source File: LogController.java From sk-admin with Apache License 2.0 | 5 votes |
|
@DeleteMapping(value = "/del/info")
@Log("删除所有INFO日志")
@ApiOperation("删除所有INFO日志")
@PreAuthorize("@sk.check()")
public ResponseEntity<Void> delAllByInfo() {
logService.delAllByInfo();
return new ResponseEntity<>(HttpStatus.OK);
}
Example #15
| Source File: PmsProductController.java From BigDataPlatform with GNU General Public License v3.0 | 5 votes |
|
@ApiOperation("批量上下架")
@RequestMapping(value = "/update/publishStatus", method = RequestMethod.POST)
@ResponseBody
@PreAuthorize("hasAuthority('pms:product:update')")
public CommonResult updatePublishStatus(@RequestParam("ids") List<Long> ids,
@RequestParam("publishStatus") Integer publishStatus) {
int count = productService.updatePublishStatus(ids, publishStatus);
if (count > 0) {
return CommonResult.success(count);
} else {
return CommonResult.failed();
}
}
Example #16
| Source File: MessageController.java From mall4j with GNU Affero General Public License v3.0 | 5 votes |
|
/**
* 获取信息
*/
@GetMapping("/info/{id}")
@PreAuthorize("@pms.hasPermission('admin:message:info')")
public ResponseEntity<Message> info(@PathVariable("id") Long id) {
Message message = messageService.getById(id);
return ResponseEntity.ok(message);
}
Example #17
| Source File: ScheduleJobController.java From mall4j with GNU Affero General Public License v3.0 | 5 votes |
|
/**
* 恢复定时任务
*/
@SysLog("恢复定时任务")
@PostMapping("/resume")
@PreAuthorize("@pms.hasPermission('sys:schedule:resume')")
public ResponseEntity<Void> resume(@RequestBody Long[] jobIds){
scheduleJobService.resume(jobIds);
return ResponseEntity.ok().build();
}
Example #18
| Source File: PmsProductController.java From xmall with MIT License | 5 votes |
|
@ApiOperation("更新商品")
@RequestMapping(value = "/update/{id}", method = RequestMethod.POST)
@ResponseBody
@PreAuthorize("hasAuthority('pms:product:update')")
public Object update(@PathVariable Long id, @RequestBody PmsProductParam productParam, BindingResult bindingResult) {
int count = productService.update(id, productParam);
if (count > 0) {
return new CommonResult().success(count);
} else {
return new CommonResult().failed();
}
}
Example #19
| Source File: MenuController.java From sk-admin with Apache License 2.0 | 5 votes |
|
@Log("查询菜单")
@ApiOperation("查询菜单")
@GetMapping
@PreAuthorize("@sk.check('menu:list')")
public ResponseEntity<Object> getMenus(MenuQuery criteria){
List<MenuDTO> menuDtoList = menuService.queryAll(criteria);
return new ResponseEntity<>(menuService.buildTree(menuDtoList),HttpStatus.OK);
}
Example #20
| Source File: JobController.java From sk-admin with Apache License 2.0 | 5 votes |
|
@Log("删除岗位")
@ApiOperation("删除岗位")
@DeleteMapping
@PreAuthorize("@sk.check('job:del')")
public ResponseEntity<Object> delete(@RequestBody Set<Long> ids){
try {
jobService.delete(ids);
}catch (Throwable e){
ThrowableUtil.throwForeignKeyException(e, "所选岗位存在用户关联,请取消关联后再试");
}
return new ResponseEntity<>(HttpStatus.OK);
}
Example #21
| Source File: StoreCombinationController.java From yshopmall with Apache License 2.0 | 5 votes |
|
@Log("删除拼团")
@ApiOperation(value = "删除拼团")
@DeleteMapping(value = "/yxStoreCombination/{id}")
@PreAuthorize("@el.check('admin','YXSTORECOMBINATION_ALL','YXSTORECOMBINATION_DELETE')")
public ResponseEntity delete(@PathVariable Integer id){
YxStoreCombination combination = new YxStoreCombination();
combination.setIsDel(1);
combination.setId(id);
yxStoreCombinationService.saveOrUpdate(combination);
return new ResponseEntity(HttpStatus.OK);
}
Example #22
| Source File: PmsBrandController.java From mall-learning with Apache License 2.0 | 5 votes |
|
@ApiOperation("删除指定id的品牌")
@RequestMapping(value = "/delete/{id}", method = RequestMethod.GET)
@ResponseBody
@PreAuthorize("hasAuthority('pms:brand:delete')")
public CommonResult deleteBrand(@PathVariable("id") Long id) {
int count = brandService.deleteBrand(id);
if (count == 1) {
LOGGER.debug("deleteBrand success :id={}", id);
return CommonResult.success(null);
} else {
LOGGER.debug("deleteBrand failed :id={}", id);
return CommonResult.failed("操作失败");
}
}
Example #23
| Source File: StoreCouponIssueUserController.java From yshopmall with Apache License 2.0 | 5 votes |
|
@Log("修改")
@ApiOperation(value = "修改")
@PutMapping(value = "/yxStoreCouponIssueUser")
@PreAuthorize("@el.check('admin','YXSTORECOUPONISSUEUSER_ALL','YXSTORECOUPONISSUEUSER_EDIT')")
public ResponseEntity update(@Validated @RequestBody YxStoreCouponIssueUser resources){
yxStoreCouponIssueUserService.saveOrUpdate(resources);
return new ResponseEntity(HttpStatus.NO_CONTENT);
}
Example #24
| Source File: DeptController.java From smaker with GNU Lesser General Public License v3.0 | 5 votes |
|
/**
* 编辑
*
* @param sysDept 实体
* @return success/false
*/
@SysLog("编辑部门")
@PutMapping
@PreAuthorize("@pms.hasPermission('sys_dept_edit')")
public SmakerResult update(@Valid @RequestBody SysDept sysDept) {
sysDept.setUpdateTime(LocalDateTime.now());
return new SmakerResult<>(sysDeptService.updateDeptById(sysDept));
}
Example #25
| Source File: ConfigController.java From cymbal with Apache License 2.0 | 5 votes |
|
/**
* Update name of redis config.
*
* @param clusterId cluster id
* @param configId config id
* @param configName new config name
*/
@PatchMapping("/clusters/{clusterId}/configs/{configId}")
@PreAuthorize(value = "@clusterPermissionChecker.hasOperationPermissionForCluster(#clusterId, principal.username)")
@ResponseBody
public void updateConfigName(@PathVariable final String clusterId, @PathVariable final Integer configId,
final @RequestBody String configName) {
redisConfigProcessService.updateConfigName(configId, configName);
}
Example #26
| Source File: ProgramController.java From TASK-Management-System with MIT License | 5 votes |
|
@PostMapping("/createProgram/{uid}")
@CrossOrigin(origins = clientUrl)
@PreAuthorize("hasRole('USER') or hasRole('ADMIN')")
public ResponseEntity<Boolean> createProgram(@PathVariable("uid") Long uid, @RequestBody NewProgramDTO newProgramDto) {
service.createProgram(newProgramDto, uid);
return new ResponseEntity<Boolean>(true,HttpStatus.OK);
}
Example #27
| Source File: QuartzJobController.java From yshopmall with Apache License 2.0 | 5 votes |
|
@Log("删除定时任务")
@ApiOperation("删除定时任务")
@DeleteMapping
@PreAuthorize("@el.check('admin','timing:del')")
public ResponseEntity<Object> delete(@RequestBody Integer[] ids){
quartzJobService.removeByIds(new ArrayList<>(Arrays.asList(ids)));
return new ResponseEntity<>(HttpStatus.OK);
}
Example #28
| Source File: PictureController.java From sk-admin with Apache License 2.0 | 5 votes |
|
@Log("多选删除图片")
@ApiOperation("多选删除图片")
@PreAuthorize("@sk.check('pictures:del')")
@DeleteMapping
public ResponseEntity<Object> deleteAll(@RequestBody Long[] ids) {
pictureService.deleteAll(ids);
return new ResponseEntity<>(HttpStatus.OK);
}
Example #29
| Source File: QuartzController.java From sk-admin with Apache License 2.0 | 5 votes |
|
@Log("查询定时任务")
@ApiOperation("查询定时任务")
@GetMapping
@PreAuthorize("@sk.check('timing:list')")
public ResponseEntity<Object> getJobs(QuartzJobQuery criteria, Pageable pageable){
return new ResponseEntity<>(quartzJobService.queryAll(criteria,pageable), HttpStatus.OK);
}
Example #30
| Source File: PictureController.java From sk-admin with Apache License 2.0 | 5 votes |
|
@Log("查询图片")
@PreAuthorize("@sk.check('pictures:list')")
@GetMapping
@ApiOperation("查询图片")
public ResponseEntity<Object> getRoles(PictureQuery criteria, Pageable pageable){
return new ResponseEntity<>(pictureService.queryAll(criteria,pageable), HttpStatus.OK);
}
