Skip to content

G
gdtel-gztel-school-center
Commit 0faa7ed2 by 伍思炜
Options

修复管理员配置中的敏感信息泄露+自定义注解实现接口访问权限3

parent c49b808f
Showing with 368 additions and 30 deletions
common/src/main/java/com/winsun/mapper/SysUserMapper.java
package com.winsun.mapper; package com.winsun.mapper;
import com.baomidou.mybatisplus.mapper.BaseMapper; import com.baomidou.mybatisplus.mapper.BaseMapper;
import com.baomidou.mybatisplus.plugins.Page;
import com.winsun.auth.model.common.Menu; import com.winsun.auth.model.common.Menu;
import com.winsun.auth.model.user.User;
import com.winsun.bean.SysUser; import com.winsun.bean.SysUser;
import org.apache.ibatis.annotations.*; import org.apache.ibatis.annotations.*;
import org.apache.ibatis.annotations.Param;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import java.util.List; import java.util.List;
...@@ -29,4 +32,7 @@ public interface SysUserMapper extends BaseMapper<SysUser> { ...@@ -29,4 +32,7 @@ public interface SysUserMapper extends BaseMapper<SysUser> {
List<Map<String,Object>> schoolAllocationList(@Param("account")String account,@Param("name")String name,@Param("substName")String substName,@Param("schoolName")String schoolName); List<Map<String,Object>> schoolAllocationList(@Param("account")String account,@Param("name")String name,@Param("substName")String substName,@Param("schoolName")String schoolName);
List<Menu> getRoleMenu(@Param("roleIds") List<Integer> roleIds); List<Menu> getRoleMenu(@Param("roleIds") List<Integer> roleIds);
List<Map<String, Object>> selectUsers(Page<SysUser> page, Map<String, Object> map);
List<Map<String, Object>> selectUsers(Map<String, Object> map);
} }
common/src/main/java/com/winsun/service/ISysUserService.java 0 → 100644
package com.winsun.service;
import com.baomidou.mybatisplus.plugins.Page;
import com.baomidou.mybatisplus.service.IService;
import com.winsun.auth.model.user.User;
import com.winsun.bean.HhrUser;
import com.winsun.bean.SysUser;
import java.util.List;
import java.util.Map;
public interface ISysUserService extends IService<SysUser> {
List<Map<String, Object>> selectUsers(Page<SysUser> page, Map<String, Object> map);
}
common/src/main/java/com/winsun/service/impl/SysUserServiceImpl.java 0 → 100644
package com.winsun.service.impl;
import com.baomidou.mybatisplus.plugins.Page;
import com.baomidou.mybatisplus.service.impl.ServiceImpl;
import com.winsun.auth.model.user.User;
import com.winsun.bean.SysUser;
import com.winsun.mapper.SysUserMapper;
import com.winsun.service.ISysUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import java.util.List;
import java.util.Map;
@Service
public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> implements ISysUserService {
@Autowired
private SysUserMapper sysUserMapper;
@Override
public List<Map<String, Object>> selectUsers(Page<SysUser> page, Map<String, Object> map) {
return ((SysUserMapper)this.baseMapper).selectUsers(page, map);
}
}
common/src/main/java/com/winsun/utils/DesensitizationUtil.java
...@@ -53,4 +53,17 @@ public class DesensitizationUtil { ...@@ -53,4 +53,17 @@ public class DesensitizationUtil {
} }
return phoneNumber; return phoneNumber;
} }
/**
* 账号
*
* @param account
* @return
*/
public static String desensitizedAccount(String account){
if(StringUtils.isNotEmpty(account)){
account = account.replaceAll("(\\w{3})\\w*(\\w{4})", "$3****");
}
return account;
}
} }
common/src/main/resources/com/winsun/mapper/mapping/SysUserMapper.xml
...@@ -2,6 +2,15 @@ ...@@ -2,6 +2,15 @@
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd"> <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.winsun.mapper.SysUserMapper"> <mapper namespace="com.winsun.mapper.SysUserMapper">
<sql id="Base_Column_List">
id, account, name, birthday, sex, email, avatar,
phone, roleid,
deptid, status,
createtime, version,
channelType, salestaffId,
substName, branchName
</sql>
<select id="schoolAllocationList" resultType="HashMap" parameterType="String"> <select id="schoolAllocationList" resultType="HashMap" parameterType="String">
select a.account,a.name,c.id as schoolId, b.id, a.id as userId, select a.account,a.name,c.id as schoolId, b.id, a.id as userId,
c.sub_name as substName, c.school_name as schoolName c.sub_name as substName, c.school_name as schoolName
...@@ -36,5 +45,61 @@ ...@@ -36,5 +45,61 @@
</foreach> </foreach>
</select> </select>
<select id="selectUsers" resultType="map">
select id, account, name, birthday, sex, email, avatar,
phone, roleid,
deptid, status,
createtime, version,
channelType, salestaffId,
substName, branchName
from sys_user
<where>
<if test="status != null and status != ''">
and status = #{status}
</if>
<if test="name != null and name != ''">
and name like CONCAT(#{name},'%')
</if>
<if test="account != null and account != ''">
and account like CONCAT('%',#{account},'%')
</if>
<if test="phone != null and phone != ''">
and account like CONCAT(#{phone},'%')
</if>
<if test="roleid != null and roleid != ''">
and FIND_IN_SET(#{roleid},roleid)
</if>
<if test="substName != null and substName != ''">
and substName = #{substName}
</if>
<if test="branchName != null and branchName != ''">
and branchName like CONCAT('%',#{branchName},'%')
</if>
<if test="areaName != null and areaName != ''">
and account in (select account from sys_user_area_relation where areaname = #{areaName})
</if>
<if test="channel != null and channel != ''">
and account in (select account from sys_user_channel_relation where (channelnbr like CONCAT('%',#{channel},'%') or channelname like CONCAT('%',#{channel},'%')))
</if>
<if test="bevyCust != null and bevyCust != ''">
and account in (select account from sys_user_bevy_cust_relation where (bevy_cust_code like CONCAT('%',#{bevyCust},'%') or bevy_cust_name like CONCAT('%',#{bevyCust},'%')))
</if>
<if test="salestaffId != null and salestaffId != ''">
and salestaffId = #{salestaffId}
</if>
<if test="subType != null and subType.size != 0">
and
<foreach collection="subType" index="index" item="item" open="(" separator="OR" close=")">
subType Like CONCAT('%',#{item},'%')
</foreach>
</if>
<if test="deptid != null and deptid != 0">
and (deptid = #{deptid} or deptid in ( select id from sys_dept where pids like CONCAT('%[', #{deptid}, ']%') ))
</if>
<if test="beginTime != null and beginTime != '' and endTime != null and endTime != ''">
and (createTime between CONCAT(#{beginTime},' 00:00:00') and CONCAT(#{endTime},' 23:59:59'))
</if>
and status != 3
</where>
</select>
</mapper> </mapper>
core-service/src/main/java/com/winsun/aop/AuthorityAspect.java 0 → 100644
package com.winsun.aop;
import com.alibaba.fastjson.JSONObject;
import com.winsun.auth.core.common.model.ResponseData;
import com.winsun.auth.core.shiro.ShiroUser;
import com.winsun.auth.core.support.HttpKit;
import com.winsun.auth.model.common.Menu;
import com.winsun.interfaces.PermissionVerification;
import com.winsun.mapper.SysUserMapper;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.aspectj.lang.annotation.Pointcut;
import org.aspectj.lang.reflect.MethodSignature;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.stereotype.Component;
import javax.servlet.http.HttpServletRequest;
import java.util.List;
import java.util.concurrent.TimeUnit;
/**
* 基于服务层的权限切面
*
* @author Cocowwy
* @create 2021-11-11-13:59
*/
@Aspect
@Component
@Slf4j
public class AuthorityAspect {
@Autowired
private StringRedisTemplate stringRedisTemplate;
@Autowired
private SysUserMapper sysUserMapper;
private final static String PERMISSION_VERIFICATION = "permissionVerification:";
private final static Integer CACHE_TIME = 60;
/**
* 对接口进行权限校验
*/
@Pointcut("@annotation(com.winsun.interfaces.PermissionVerification)")
private void pointcut() {
}
@Around("pointcut()")
public Object around(ProceedingJoinPoint joinPoint) throws Throwable {
MethodSignature signature = (MethodSignature) joinPoint.getSignature();
PermissionVerification permissionVerification = signature.getMethod().getDeclaredAnnotation(PermissionVerification.class);
if (permissionVerification != null) {
return apiIdempotent(joinPoint, signature);
}
Object proceed = joinPoint.proceed();
return proceed;
}
public Object apiIdempotent(ProceedingJoinPoint joinPoint, MethodSignature signature) throws Throwable {
ShiroUser user = getShiroUser();
/*if (user.getRoleNames().stream().anyMatch(roleName -> StringUtils.equalsAny(roleName, "超级管理员"))) {
Object proceed = joinPoint.proceed();
return proceed;
}*/
PermissionVerification permissionVerification = signature.getMethod().getDeclaredAnnotation(PermissionVerification.class);
if ("".equals(permissionVerification.value()[0]) || user == null) {
log.error("无权限");
return false;
}
List<Integer> roleList = user.getRoleList();
if (roleList.size() == 0) {
log.error("无权限");
return false;
}
String key = PERMISSION_VERIFICATION + getHttpServletRequest().getHeader("Authorization");
String[] values = permissionVerification.value();
String s = stringRedisTemplate.opsForValue().get(key);
List<Menu> roleMenu = null;
if (StringUtils.isNotBlank(s)) {
roleMenu = JSONObject.parseArray(s, Menu.class);
}else {
roleMenu = sysUserMapper.getRoleMenu(roleList);
stringRedisTemplate.opsForValue().set(key,
JSONObject.toJSONString(roleMenu),
CACHE_TIME, TimeUnit.SECONDS);
}
if (roleMenu == null || roleMenu.isEmpty()) {
return false;
}
for (String value : values) {
for (Menu menu : roleMenu) {
if (menu == null || StringUtils.isBlank(menu.getUrl())) {
continue;
}
if (StringUtils.equals(menu.getUrl(), value)) {
Object proceed = joinPoint.proceed();
return proceed;
}
}
}
return ResponseData.error("无权限");
}
protected ShiroUser getShiroUser() {
HttpServletRequest httpServletRequest = this.getHttpServletRequest();
Object Attr = httpServletRequest.getAttribute("user");
ShiroUser user = (ShiroUser) JSONObject.parseObject(Attr.toString(), ShiroUser.class);
return user;
}
protected HttpServletRequest getHttpServletRequest() {
return HttpKit.getRequest();
}
}
service-manager/src/main/java/com/winsun/controller/KdyListController.java
...@@ -22,7 +22,6 @@ import java.util.List; ...@@ -22,7 +22,6 @@ import java.util.List;
import java.util.Map; import java.util.Map;
/** /**
*
* @Date: 2021/1/14 * @Date: 2021/1/14
*/ */
@RestController @RestController
...@@ -32,36 +31,36 @@ public class KdyListController extends BaseController { ...@@ -32,36 +31,36 @@ public class KdyListController extends BaseController {
private static KdyListMapper kdyListMapper; private static KdyListMapper kdyListMapper;
@Autowired @Autowired
public KdyListController(KdyListMapper kdyListMapper){ public KdyListController(KdyListMapper kdyListMapper) {
KdyListController.kdyListMapper = kdyListMapper; KdyListController.kdyListMapper = kdyListMapper;
} }
@PermissionVerification(value = {"/school-center/broadbandList/kdyList"}) @PermissionVerification(value = {"/school-center/broadbandList/kdyList"})
@Permission(menuname = "查询信息", value = "list", method = RequestMethod.POST) @Permission(menuname = "查询信息", value = "list", method = RequestMethod.POST)
public Map<String,Object> dataList(@RequestParam(name = "id",required = false)String id, public Map<String, Object> dataList(@RequestParam(name = "id", required = false) String id,
@RequestParam(name = "accountNumber",required = false)String accountNumber, @RequestParam(name = "accountNumber", required = false) String accountNumber,
@RequestParam(name = "pageNo", required = false) int pageNo, @RequestParam(name = "pageNo", required = false) int pageNo,
@RequestParam(name = "pageSize", required = false) int pageSize){ @RequestParam(name = "pageSize", required = false) int pageSize) {
Map<String,Object> map = new HashMap<>(); Map<String, Object> map = new HashMap<>();
Wrapper<KdyList> wrapper = new EntityWrapper<>(); Wrapper<KdyList> wrapper = new EntityWrapper<>();
wrapper.eq(StringUtils.isNotBlank(id), "id",id); wrapper.eq(StringUtils.isNotBlank(id), "id", id);
wrapper.like(StringUtils.isNotBlank(accountNumber), "account_number",accountNumber, SqlLike.RIGHT); wrapper.like(StringUtils.isNotBlank(accountNumber), "account_number", accountNumber, SqlLike.RIGHT);
Page<KdyList> page = new Page<>(pageNo, pageSize); Page<KdyList> page = new Page<>(pageNo, pageSize);
List<KdyList> aPackage = kdyListMapper.selectPage(page, wrapper); List<KdyList> aPackage = kdyListMapper.selectPage(page, wrapper);
page.setRecords(aPackage); page.setRecords(aPackage);
map.put("page",ResponseData.success(page,"查询成功!")); map.put("page", ResponseData.success(page, "查询成功!"));
return map; return map;
} }
@PermissionVerification(value = {"/school-center/broadbandList/kdyList"}) @PermissionVerification(value = {"/school-center/broadbandList/kdyList"})
@RequestMapping(value = "addData",method = RequestMethod.POST) @Permission(menuname = "新增信息", value = "addData", method = RequestMethod.POST)
public ResponseData<String> addData(@RequestParam(name = "id") String id, public ResponseData<String> addData(@RequestParam(name = "id") String id,
@RequestParam(name = "accountNumber") String accountNumber){ @RequestParam(name = "accountNumber") String accountNumber) {
Wrapper<KdyList> wrapper = new EntityWrapper<>(); Wrapper<KdyList> wrapper = new EntityWrapper<>();
wrapper.eq(StringUtils.isNotBlank(accountNumber), "account_number",accountNumber); wrapper.eq(StringUtils.isNotBlank(accountNumber), "account_number", accountNumber);
List<KdyList> list = kdyListMapper.selectList(wrapper); List<KdyList> list = kdyListMapper.selectList(wrapper);
if(list != null && list.size()>0){ if (list != null && list.size() > 0) {
return ResponseData.error("多媒体账号已存在!"); return ResponseData.error("多媒体账号已存在!");
} }
KdyList kdyList = new KdyList(); KdyList kdyList = new KdyList();
...@@ -69,23 +68,24 @@ public class KdyListController extends BaseController { ...@@ -69,23 +68,24 @@ public class KdyListController extends BaseController {
kdyList.setAccountNumber(accountNumber); kdyList.setAccountNumber(accountNumber);
try { try {
kdyListMapper.insert(kdyList); kdyListMapper.insert(kdyList);
}catch (Exception e){ } catch (Exception e) {
e.printStackTrace(); e.printStackTrace();
} }
return ResponseData.success(); return ResponseData.success();
} }
@PermissionVerification(value = {"/school-center/broadbandList/kdyList"}) @PermissionVerification(value = {"/school-center/broadbandList/kdyList"})
@RequestMapping(value = "deleteData",method = RequestMethod.POST) @Permission(menuname = "删除信息", value = "deleteData", method = RequestMethod.POST)
public ResponseData<String> deleteData(@RequestParam(name = "id") String id){ public ResponseData<String> deleteData(@RequestParam(name = "id") String id) {
if(StringUtils.isBlank(id)){ if (StringUtils.isBlank(id)) {
return ResponseData.error(""); return ResponseData.error("");
}; }
;
Wrapper<KdyList> wrapper = new EntityWrapper<>(); Wrapper<KdyList> wrapper = new EntityWrapper<>();
wrapper.eq(StringUtils.isNotBlank(id), "id",id); wrapper.eq(StringUtils.isNotBlank(id), "id", id);
try { try {
kdyListMapper.delete(wrapper); kdyListMapper.delete(wrapper);
}catch (Exception e){ } catch (Exception e) {
e.printStackTrace(); e.printStackTrace();
} }
return ResponseData.success(); return ResponseData.success();
......
service-manager/src/main/java/com/winsun/controller/MgrController.java 0 → 100644
package com.winsun.controller;
import com.baomidou.mybatisplus.plugins.Page;
import com.winsun.auth.core.annotion.Permission;
import com.winsun.auth.core.base.controller.BaseController;
import com.winsun.auth.core.shiro.ShiroUser;
import com.winsun.bean.SysUser;
import com.winsun.interfaces.PermissionVerification;
import com.winsun.item.core.common.constant.factory.PageFactory;
import com.winsun.item.core.shiro.ShiroKit;
import com.winsun.item.modular.system.service.IUserService;
import com.winsun.item.modular.system.warpper.UserWarpper;
import com.winsun.mapper.SysUserMapper;
import com.winsun.service.ISysUserService;
import com.winsun.utils.DesensitizationUtil;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
@Slf4j
@RestController
@RequestMapping("/mgr")
public class MgrController extends BaseController {
@Autowired
private ISysUserService sysUserService;
@Autowired
private IUserService userService;
@Autowired
private SysUserMapper sysUserMapper;
@PermissionVerification(value = "/system/user")
@Permission(menuname = "管理员配置查询", value = "hhrUserList", method = RequestMethod.POST)
public Object list(@RequestParam Map<String, Object> map) {
log.info("用户管理列表查询已启动");
Page<SysUser> page = (new PageFactory()).defaultPage();
List<Map<String, Object>> users = null;
ShiroUser user = ShiroKit.getUser();
Object subType = map.get("subType");
Object phone = map.get("phone");
Object name = map.get("name");
if (subType != null) {
String[] subTypeList = subType.toString().split(",");
map.put("subType", Arrays.asList(subTypeList));
}
if (phone != null) {
map.put("phone", phone);
}
if (name != null) {
map.put("name", name);
}
List<Map<String, Object>> maps = null;
if (ShiroKit.isAdmin()) {
maps = sysUserMapper.selectUsers(page,map);
} else {
map.put("deptid", user.getDeptId());
maps = sysUserMapper.selectUsers(page,map);
}
for (Map<String, Object> userMap : maps) {
if (StringUtils.isNotBlank(userMap.get("phone").toString())) {
userMap.put("phone", DesensitizationUtil.desensitizedPhoneNumber(userMap.get("phone").toString()));
}
if (StringUtils.isNotBlank(userMap.get("account").toString())) {
userMap.put("account", DesensitizationUtil.desensitizedPhoneNumber(userMap.get("account").toString()));
}
}
page.setRecords((List) (new UserWarpper(maps)).warp());
return super.packForBT(page);
}
}
service-manager/src/main/java/com/winsun/controller/MultimediaAccountController.java
...@@ -57,7 +57,7 @@ public class MultimediaAccountController extends BaseController { ...@@ -57,7 +57,7 @@ public class MultimediaAccountController extends BaseController {
} }
@PermissionVerification(value = {"/school-center/broadbandList/multimediaAccount"}) @PermissionVerification(value = {"/school-center/broadbandList/multimediaAccount"})
@RequestMapping(value = "addData",method = RequestMethod.POST) @Permission(menuname = "新增信息", value = "addData",method = RequestMethod.POST)
public ResponseData<String> addData(@RequestParam(name = "id") String id, public ResponseData<String> addData(@RequestParam(name = "id") String id,
@RequestParam(name = "accountNumber") String accountNumber){ @RequestParam(name = "accountNumber") String accountNumber){
Wrapper<MultimediaAccount> wrapper = new EntityWrapper<>(); Wrapper<MultimediaAccount> wrapper = new EntityWrapper<>();
...@@ -78,7 +78,7 @@ public class MultimediaAccountController extends BaseController { ...@@ -78,7 +78,7 @@ public class MultimediaAccountController extends BaseController {
} }
@PermissionVerification(value = {"/school-center/broadbandList/multimediaAccount"}) @PermissionVerification(value = {"/school-center/broadbandList/multimediaAccount"})
@RequestMapping(value = "deleteData",method = RequestMethod.POST) @Permission(menuname = "删除信息", value = "deleteData",method = RequestMethod.POST)
public ResponseData<String> deleteData(@RequestParam(name = "id") String id){ public ResponseData<String> deleteData(@RequestParam(name = "id") String id){
if(StringUtils.isBlank(id)){ if(StringUtils.isBlank(id)){
return ResponseData.error(""); return ResponseData.error("");
......
service-manager/src/main/java/com/winsun/controller/RhPhoneController.java
...@@ -61,7 +61,7 @@ public class RhPhoneController extends BaseController { ...@@ -61,7 +61,7 @@ public class RhPhoneController extends BaseController {
} }
@PermissionVerification(value = {"/school-center/broadbandList/RhPhone"}) @PermissionVerification(value = {"/school-center/broadbandList/RhPhone"})
@RequestMapping(value = "addData",method = RequestMethod.POST) @Permission(menuname = "新增信息", value = "addData",method = RequestMethod.POST)
public ResponseData<String> addData(@RequestParam(name = "phone") String phone){ public ResponseData<String> addData(@RequestParam(name = "phone") String phone){
Wrapper<RhPhone> wrapper = new EntityWrapper<>(); Wrapper<RhPhone> wrapper = new EntityWrapper<>();
wrapper.eq(StringUtils.isNotBlank(phone), "phone",phone); wrapper.eq(StringUtils.isNotBlank(phone), "phone",phone);
...@@ -80,7 +80,7 @@ public class RhPhoneController extends BaseController { ...@@ -80,7 +80,7 @@ public class RhPhoneController extends BaseController {
} }
@PermissionVerification(value = {"/school-center/broadbandList/RhPhone"}) @PermissionVerification(value = {"/school-center/broadbandList/RhPhone"})
@RequestMapping(value = "deleteData",method = RequestMethod.POST) @Permission(menuname = "删除信息", value = "deleteData",method = RequestMethod.POST)
public ResponseData<String> deleteData(@RequestParam(name = "id") String id){ public ResponseData<String> deleteData(@RequestParam(name = "id") String id){
if(StringUtils.isBlank(id)){ if(StringUtils.isBlank(id)){
return ResponseData.error(""); return ResponseData.error("");
......
service-manager/src/main/java/com/winsun/controller/SchoolManagementController.java
...@@ -348,7 +348,7 @@ public class SchoolManagementController extends BaseController { ...@@ -348,7 +348,7 @@ public class SchoolManagementController extends BaseController {
} }
@RequestMapping(name = "获取县分下拉列表", value = "substList", method = RequestMethod.POST) @Permission(menuname = "获取县分下拉列表", value = "substList", method = RequestMethod.POST)
@PermissionVerification(value = {"/school-center/schoolmanager/schoolmanagement"}) @PermissionVerification(value = {"/school-center/schoolmanager/schoolmanagement"})
public ResponseData<List<Map<String, Object>>> substList() { public ResponseData<List<Map<String, Object>>> substList() {
// ShiroUser user = getShiroUser(); // ShiroUser user = getShiroUser();
...@@ -367,7 +367,7 @@ public class SchoolManagementController extends BaseController { ...@@ -367,7 +367,7 @@ public class SchoolManagementController extends BaseController {
} }
@PermissionVerification(value = {"/school-center/userManager/PartnerManagement","/school-center/schoolmanager/schoolmanagement"}) @PermissionVerification(value = {"/school-center/userManager/PartnerManagement","/school-center/schoolmanager/schoolmanagement"})
@RequestMapping(name = "获取学校下拉列表", value = "schoolList", method = RequestMethod.POST) @Permission(menuname = "获取学校下拉列表", value = "schoolList", method = RequestMethod.POST)
public ResponseData<List<Map<String, Object>>> schoolList(@RequestParam("substName") String substName) { public ResponseData<List<Map<String, Object>>> schoolList(@RequestParam("substName") String substName) {
// ShiroUser user = getShiroUser(); // ShiroUser user = getShiroUser();
// if (!user.getRoleNames().stream().anyMatch(roleName -> StringUtils.equalsAny(roleName, "超级管理员"))) { // if (!user.getRoleNames().stream().anyMatch(roleName -> StringUtils.equalsAny(roleName, "超级管理员"))) {
......
service-manager/src/main/java/com/winsun/controller/TeacherController.java
...@@ -57,7 +57,7 @@ public class TeacherController extends BaseController { ...@@ -57,7 +57,7 @@ public class TeacherController extends BaseController {
} }
@PermissionVerification(value = {"/school-center/broadbandList/teacher"}) @PermissionVerification(value = {"/school-center/broadbandList/teacher"})
@RequestMapping(value = "addData",method = RequestMethod.POST) @Permission(menuname = "新增信息", value = "addData",method = RequestMethod.POST)
public ResponseData<String> addData(@RequestParam(name = "stuNumber") String stuNumber, public ResponseData<String> addData(@RequestParam(name = "stuNumber") String stuNumber,
@RequestParam(name = "stuName") String stuName){ @RequestParam(name = "stuName") String stuName){
Wrapper<Teacher> wrapper = new EntityWrapper<>(); Wrapper<Teacher> wrapper = new EntityWrapper<>();
...@@ -78,7 +78,7 @@ public class TeacherController extends BaseController { ...@@ -78,7 +78,7 @@ public class TeacherController extends BaseController {
} }
@PermissionVerification(value = {"/school-center/broadbandList/teacher"}) @PermissionVerification(value = {"/school-center/broadbandList/teacher"})
@RequestMapping(value = "deleteData",method = RequestMethod.POST) @Permission(menuname = "删除信息", value = "deleteData",method = RequestMethod.POST)
public ResponseData<String> deleteData(@RequestParam(name = "id") String id){ public ResponseData<String> deleteData(@RequestParam(name = "id") String id){
if(StringUtils.isBlank(id)){ if(StringUtils.isBlank(id)){
return ResponseData.error(""); return ResponseData.error("");
......
service-manager/src/main/java/com/winsun/controller/UserDeployController.java
...@@ -72,7 +72,7 @@ public class UserDeployController extends BaseController { ...@@ -72,7 +72,7 @@ public class UserDeployController extends BaseController {
} }
@PermissionVerification(value = {"/school-center/other/userDeploy"}) @PermissionVerification(value = {"/school-center/other/userDeploy"})
@RequestMapping(value = "/delete") @Permission(menuname = "删除合伙人配置信息", value = "/delete")
@ResponseBody @ResponseBody
public ResponseData<String> delete(Integer id) { public ResponseData<String> delete(Integer id) {
try { try {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment