自定义注解实现接口访问权限

a1a58f89 · 伍思炜 · d92bc63e · a1a58f89 · a1a58f89 · a1a58f89
Commit a1a58f89 authored Mar 25, 2022 by 伍思炜
13 changed files
--- a/common/src/main/java/com/winsun/interfaces/PermissionVerification.java
+++ b/common/src/main/java/com/winsun/interfaces/PermissionVerification.java
+package com.winsun.interfaces;
+import java.lang.annotation.*;
+// 菜单权限注解
+@Target({ElementType.TYPE,ElementType.METHOD})
+@Retention(RetentionPolicy.RUNTIME)
+@Documented
+public @interface PermissionVerification {
+    String[] value() default "";
+}
--- a/common/src/main/java/com/winsun/outSideSystem/IntelligenceSendOrders.java
+++ b/common/src/main/java/com/winsun/outSideSystem/IntelligenceSendOrders.java
@@ -585,16 +585,20 @@ public class IntelligenceSendOrders {
        if (businessType == 5) {
            orderingProducts.put("AI编码", "DQ_ADSL_CAMPUS");
-        } else {
+        } else if (businessType == 3){
            orderingProducts.put("AI编码", "4B90FBDD2A1A43EE8A4C963115C52F14");
+        }else if (businessType == 10){
+            orderingProducts.put("AI编码", "46102E5199DE4B089AC46CBE9B22F9EB");
        }
        order_data.put("订购产品", orderingProducts);
-        if (businessType == 3 || businessType == 10) {
+        if (businessType == 3) {
            order_data.put("业务类型", "融合业务");  //业务类型
        } else if (businessType == 5) {
            order_data.put("业务类型", "单宽业务");  //业务类型
+        }else if (businessType == 10){
+            order_data.put("业务类型", "校园宽带提速");  //业务类型
        }
        if (businessType == 3 || businessType == 10) {

--- a/core-service/src/main/java/com/winsun/item/modular/system/controller/PersonalController.java
+++ b/core-service/src/main/java/com/winsun/item/modular/system/controller/PersonalController.java
 package com.winsun.item.modular.system.controller;
+import com.alibaba.fastjson.JSON;
 import com.baomidou.mybatisplus.mapper.EntityWrapper;
 import com.baomidou.mybatisplus.mapper.Wrapper;
 import com.winsun.auth.core.base.controller.BaseController;
 import com.winsun.auth.core.common.model.ResponseData;
+import com.winsun.auth.core.node.MenuNode;
+import com.winsun.auth.core.shiro.ShiroUser;
+import com.winsun.auth.core.util.TreeStructureConverterUtils;
 import com.winsun.bean.SysUser;
 import com.winsun.item.core.shiro.ShiroKit;
+import com.winsun.item.modular.system.service.IMenuService;
 import com.winsun.mapper.AppMapper;
 import com.winsun.mapper.HhrUserMapper;
 import com.winsun.mapper.SysUserMapper;
 import com.winsun.utils.MyBatisPlusUpdateUtils;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
+import org.apache.shiro.authz.annotation.Logical;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
+import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.redis.core.StringRedisTemplate;
-import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.*;
-import org.springframework.web.bind.annotation.RequestMethod;
-import org.springframework.web.bind.annotation.RestController;
-import java.util.Date;
+import java.util.*;
-import java.util.HashMap;
+import java.util.stream.Collectors;
-import java.util.Map;
 /**
 *
@@ -42,6 +47,9 @@ public class PersonalController extends BaseController {
    private String EDITPWD = "EditPwd";
    @Autowired
+    private IMenuService menuService;
+    @Autowired
    public PersonalController(SysUserMapper sysUserMapper, HhrUserMapper hhrUserMapper, AppMapper appMapper, StringRedisTemplate stringRedisTemplate) {
        PersonalController.sysUserMapper = sysUserMapper;
        PersonalController.hhrUserMapper = hhrUserMapper;
@@ -159,4 +167,16 @@ public class PersonalController extends BaseController {
+    @PostMapping("/getMenusList")
+    public List<Map<String, Object>> getMenus() {
+        //ShiroUser shiroUser = getShiroUser();
+        List<MenuNode> menu = this.menuService.getMenusByRoleIds(ShiroKit.getUser().getRoleList(), "0");
+        menu.stream().filter((m) -> {
+            return !"not:acc:verification".equals(m.getName());
+        }).collect(Collectors.toList());
+        List jsonArr = new ArrayList(JSON.parseArray(JSON.toJSONString(menu)));
+        List<Map<String, Object>> treeStructureConverter = TreeStructureConverterUtils.TreeStructureConverterByStream(jsonArr, "id", "parentId", "num");
+        return treeStructureConverter;
+    }
 }
--- a/service-manager/src/main/java/com/winsun/controller/ImgController.java
+++ b/service-manager/src/main/java/com/winsun/controller/ImgController.java
@@ -5,6 +5,7 @@ import com.winsun.auth.core.base.controller.BaseController;
 import com.winsun.auth.core.common.model.ResponseData;
 import com.winsun.auth.core.shiro.ShiroUser;
 import com.winsun.constant.FilePath;
+import com.winsun.interfaces.PermissionVerification;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.net.util.Base64;
@@ -35,6 +36,7 @@ public class ImgController extends BaseController {
    private static String pathPre = "/vdb/springboot/school_center/manager/";
    //menuname = "图片路径"  只支持jpeg 和 png
+    @PermissionVerification(value = {"/school-center/userManager/PartnerManagement","/school-center/order/order"})
    @Permission(menuname = "图片查询", value =  "/images", method = RequestMethod.POST,produces ={MediaType.IMAGE_JPEG_VALUE,MediaType.IMAGE_PNG_VALUE})
    public String getbackground(String url) {
        ShiroUser shiroUser = getShiroUser();

--- a/service-manager/src/main/java/com/winsun/controller/NewUserController.java
+++ b/service-manager/src/main/java/com/winsun/controller/NewUserController.java
@@ -9,6 +9,7 @@ import com.winsun.auth.core.base.controller.BaseController;
 import com.winsun.auth.core.common.model.ResponseData;
 import com.winsun.auth.core.shiro.ShiroUser;
 import com.winsun.bean.*;
+import com.winsun.interfaces.PermissionVerification;
 import com.winsun.mapper.HhrUserMapper;
 import com.winsun.mapper.SchoolMapper;
 import com.winsun.mapper.SysUserMapper;
@@ -29,7 +30,6 @@ import java.util.*;
 /**
 * 〈新用户审核〉
 *
- *
 * @create 2020/5/20 10:19
 */
 @Slf4j
@@ -55,6 +55,7 @@ public class NewUserController extends BaseController {
     * @param id 需要删除的id
     * @return
     */
+    @PermissionVerification(value = "/school-center/userManager/newUser")
    @Permission(menuname = "删除正则信息", value = "delete", method = RequestMethod.POST)
    public ResponseData<String> deleteProduct(@RequestParam(name = "id", required = false) String id, @RequestParam(name = "isdel", required = false) String isdel) {
        ShiroUser user = getShiroUser();
@@ -80,6 +81,7 @@ public class NewUserController extends BaseController {
     * @param status
     * @return
     */
+    @PermissionVerification(value = "/school-center/userManager/newUser")
    @Permission(menuname = "修改新用户审核信息", value = "update", method = RequestMethod.POST)
    public ResponseData<String> updateProduct(@RequestParam("ids") String ids, @RequestParam("status") String status) {
        ShiroUser user = getShiroUser();
@@ -110,6 +112,7 @@ public class NewUserController extends BaseController {
     * @param pageSize
     * @return
     */
+    @PermissionVerification(value = "/school-center/userManager/newUser")
    @Permission(menuname = "查询新用户审核信息", value = "list", method = RequestMethod.POST)
    public ResponseData<Page<Map<String, Object>>> listProduct(
            @RequestParam(name = "account", required = false) String account,
@@ -245,7 +248,7 @@ public class NewUserController extends BaseController {
            if (map.get("account") != null && StringUtils.isNotBlank(map.get("account").toString())) {
                map.put("account", DesensitizationUtil.desensitizedPhoneNumber(map.get("account").toString()));
            }
-            if (map.get("idCard") != null && StringUtils.isNotBlank(map.get("idCard").toString())){
+            if (map.get("idCard") != null && StringUtils.isNotBlank(map.get("idCard").toString())) {
                map.put("idCard", DesensitizationUtil.desensitizedIdNumber2(map.get("idCard").toString()));
            }
            if (map.get("phone") != null && StringUtils.isNotBlank(map.get("phone").toString())) {
@@ -259,6 +262,7 @@ public class NewUserController extends BaseController {
    /**
     * @return
     */
+    @PermissionVerification(value = "/school-center/userManager/schoolAllocation")
    @Permission(menuname = "初始用户信息", value = "initUsers", method = RequestMethod.POST)
    public ResponseData<List<SysUser>> initUsers() {
        List<String> list = new ArrayList<>();
@@ -267,6 +271,15 @@ public class NewUserController extends BaseController {
        Wrapper<SysUser> hhrUserWrapper = new EntityWrapper<>();
        hhrUserWrapper.in("roleid", list);
        List<SysUser> hhrUserList = sysUserMapper.selectList(hhrUserWrapper);
+        for (SysUser sysUser : hhrUserList) {
+            sysUser.setPassword("");
+            if (StringUtils.isNotBlank(sysUser.getAccount())) {
+                sysUser.setAccount(DesensitizationUtil.desensitizedPhoneNumber(sysUser.getAccount()));
+            }
+            if (StringUtils.isNotBlank(sysUser.getPhone())) {
+                sysUser.setPhone(DesensitizationUtil.desensitizedPhoneNumber(sysUser.getPhone()));
+            }
+        }
        return ResponseData.success(hhrUserList);
    }
@@ -276,6 +289,8 @@ public class NewUserController extends BaseController {
     * @param substName
     * @return
     */
+    @PermissionVerification(value = {"/school-center/order/salesList", "/school-center/order/clsjSalesList","/school-center/order/yctSalesList","/school-center/order/salesProblemList","/school-center/order/yxtOrder"
+            ,"/school-center/userManager/PartnerManagement","/school-center/userManager/newUser","/school-center/userManager/schoolAllocation"})
    @Permission(menuname = "初始县分", value = "initSubstName", method = RequestMethod.POST)
    public ResponseData<List<School>> initSubstName(@RequestParam(name = "substName", required = false) String substName) {
        Wrapper<School> schoolWrapper = new EntityWrapper<>();
@@ -293,6 +308,8 @@ public class NewUserController extends BaseController {
     * @param substName
     * @return
     */
+    @PermissionVerification(value = {"/school-center/order/salesList", "/school-center/order/clsjSalesList","/school-center/order/yctSalesList","/school-center/order/salesProblemList","/school-center/order/yxtOrder"
+            ,"/school-center/userManager/PartnerManagement","/school-center/userManager/newUser","/school-center/userManager/schoolAllocation"})
    @Permission(menuname = "初始学校", value = "getSchoolNames", method = RequestMethod.POST)
    public ResponseData<List<School>> getSchoolNames(@RequestParam(name = "substName", required = false) String substName) {
        Wrapper<School> schoolWrapper = new EntityWrapper<>();

--- a/service-manager/src/main/java/com/winsun/controller/OrderController.java
+++ b/service-manager/src/main/java/com/winsun/controller/OrderController.java
@@ -19,6 +19,7 @@ import com.winsun.constant.DeliveryType;
 import com.winsun.constant.ExamineType;
 import com.winsun.constant.FilePath;
 import com.winsun.constant.UserType;
+import com.winsun.interfaces.PermissionVerification;
 import com.winsun.mapper.*;
 import com.winsun.rabbitmq.RabbitProducer;
 import com.winsun.service.IHhrUserService;
@@ -49,6 +50,9 @@ import org.apache.http.util.EntityUtils;
 import org.apache.poi.ss.usermodel.HorizontalAlignment;
 import org.apache.poi.ss.util.CellRangeAddressList;
 import org.apache.poi.xssf.usermodel.*;
+import org.apache.shiro.authz.annotation.Logical;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
+import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
@@ -181,6 +185,7 @@ public class OrderController extends BaseController {
    /**
     * 查询订单历史状态
     */
+    @PermissionVerification(value = {"/school-center/order/order"})
    @Permission(menuname = "查询订单历史状态", value = "selectOrderHis", method = RequestMethod.POST)
    public ResponseData<List<Map<String, Object>>> selectOrderHis(@RequestParam("orderId") String orderId) {
        List<Map<String, Object>> list = orderMapper.selectOrderHis(orderId);
@@ -194,6 +199,7 @@ public class OrderController extends BaseController {
     * @param sendType
     * @return
     */
+    @PermissionVerification(value = {"/school-center/order/order"})
    @Permission(menuname = "更新配送方式", value = "updateSendType", method = RequestMethod.POST)
    public ResponseData<String> updateSendType(@RequestParam("id") String id, @RequestParam("sendType") String sendType) {
        ShiroUser user = getShiroUser();
@@ -248,6 +254,7 @@ public class OrderController extends BaseController {
     * @param businessNumber
     * @return
     */
+    @PermissionVerification(value = {"/school-center/order/order"})
    @Permission(menuname = "更新iccid", value = "updateIccid", method = RequestMethod.POST)
    public ResponseData<String> updateIccid(@RequestParam("id") String id, @RequestParam("businessIccid") String businessIccid,
                                            @RequestParam("businessNumber") String businessNumber) {
@@ -427,6 +434,7 @@ public class OrderController extends BaseController {
    /**
     * 审核学生证
     */
+    @PermissionVerification(value = {"/school-center/order/order"})
    @Permission(menuname = "审核学生证", value = "reviewStudentIdCard", method = RequestMethod.POST)
    public ResponseData<String> reviewStudentIdCard(@RequestParam("studentCardCheckStatus") String studentCardCheckStatus, @RequestParam(name = "checkFail", required = false) String checkFail, @RequestParam("id") String id) {
        ShiroUser user = getShiroUser();
@@ -453,6 +461,7 @@ public class OrderController extends BaseController {
    /**
     * 修改为异常单
     */
+    @PermissionVerification(value = {"/school-center/order/order","/school-center/order/orderView"})
    @Permission(menuname = "修改为异常单", value = "setAbnormal", method = RequestMethod.POST)
    public ResponseData<String> abnormal(@RequestParam("orderId") String orderId, @RequestParam("errorMsg") String errorMsg) {
        ShiroUser user = getShiroUser();
@@ -490,6 +499,7 @@ public class OrderController extends BaseController {
     * @param pageSize
     * @return
     */
+    @PermissionVerification(value = {"/school-center/order/order"})
    @Permission(menuname = "查询订单信息", value = "list", method = RequestMethod.POST)
    public Map<String, Object> listOrder(
            @RequestParam(name = "createTimeStart", required = false) String createTimeStart,
@@ -583,6 +593,7 @@ public class OrderController extends BaseController {
     * @param broadBandOrder
     * @return
     */
+    @PermissionVerification(value = {"/school-center/order/orderView"})
    @Permission(menuname = "查询订单信息", value = "broadBandOrder", method = RequestMethod.POST)
    public ResponseData<Page<BroadBandOrder>> getBroadBandOrder(BroadBandOrder broadBandOrder) {
        ShiroUser user = getShiroUser();
@@ -613,6 +624,7 @@ public class OrderController extends BaseController {
     *
     * @return
     */
+    @PermissionVerification(value = {"/school-center/order/orderView"})
    @Permission(menuname = "编辑订单", value = "editOrder", method = RequestMethod.POST)
    public ResponseData<String> editOrder(@RequestParam("id") String id, @RequestParam(value = "studentNumber", required = false) String student_number,
                                          @RequestParam(value = "classNumber", required = false) String class_number, @RequestParam(value = "parentName", required = false) String parent_name,
@@ -815,6 +827,7 @@ public class OrderController extends BaseController {
        }
    }
+    @PermissionVerification(value = {"/school-center/order/order"})
    @Permission(menuname = "导出订单", value = "download", method = RequestMethod.POST)
    public ResponseData<String> downloadOrderView(
            @RequestParam(name = "createTimeStart", required = false) String createTimeStart,
@@ -2036,6 +2049,7 @@ public class OrderController extends BaseController {
     *
     * @return
     */
+    @PermissionVerification(value = {"/school-center/order/order"})
    @Permission(menuname = "受理单导入模板", method = RequestMethod.POST, value = "downloadMoBan")
    public ResponseData downloadMoBan() {
        ArrayList<String> columns = new ArrayList<>();
@@ -2081,6 +2095,7 @@ public class OrderController extends BaseController {
        return ResponseData.error("受理单模板出错");
    }
+    @PermissionVerification(value = {"/school-center/order/order"})
    @Permission(menuname = "快递导入模板", method = RequestMethod.POST, value = "downloadMoBanKD")
    public ResponseData downloadMoBanKD() {
        ArrayList<String> columns = new ArrayList<>();
@@ -2142,6 +2157,7 @@ public class OrderController extends BaseController {
        return ResponseData.error("快递模板出错");
    }
+    @PermissionVerification(value = {"/school-center/order/order"})
    @Permission(menuname = "预制卡批量填号导入模板", method = RequestMethod.POST, value = "downloadMoBanYZK")
    public ResponseData downloadMoBanYZK() {
        ArrayList<String> columns = new ArrayList<>();
@@ -2180,6 +2196,7 @@ public class OrderController extends BaseController {
        return ResponseData.error("预制卡批量填号模板出错");
    }
+    @PermissionVerification(value = {"/school-center/order/order"})
    @Permission(menuname = "5G批量受理导入模板", method = RequestMethod.POST, value = "downloadMoBanPackageOrder")
    public ResponseData downloadMoBanPackageOrder() {
        ArrayList<String> columns = new ArrayList<>();
@@ -2768,6 +2785,7 @@ public class OrderController extends BaseController {
        return ResponseData.success();
    }
+    @PermissionVerification(value = {"/school-center/order/order"})
    @Permission(menuname = "填写快递单号", value = "setKuanDiData", method = RequestMethod.POST)
    public ResponseData setKuanDiData(@RequestParam("orderId") String orderId,
                                      @RequestParam("company") String company,

--- a/service-manager/src/main/java/com/winsun/controller/OrderViewController.java
+++ b/service-manager/src/main/java/com/winsun/controller/OrderViewController.java
@@ -14,6 +14,7 @@ import com.winsun.bean.BroadBandOrder;
 import com.winsun.bean.Order;
 import com.winsun.bean.OrderView;
 import com.winsun.constant.OrderStatus;
+import com.winsun.interfaces.PermissionVerification;
 import com.winsun.mapper.OrderMapper;
 import com.winsun.mapper.OrderViewMapper;
 import com.winsun.service.IHhrUserService;
@@ -108,6 +109,7 @@ public class OrderViewController extends BaseController {
        return ResponseData.success(page, "查询成功！");
    }
+    @PermissionVerification(value = {"/school-center/order/orderView"})
    @Permission(menuname = "导出宽带订单", value = "download", method = RequestMethod.POST)
    public ResponseData<String> downloadOrderView(BroadBandOrder broadBandOrder){
        ShiroUser user = getShiroUser();

--- a/service-manager/src/main/java/com/winsun/controller/PartnerController.java
+++ b/service-manager/src/main/java/com/winsun/controller/PartnerController.java
@@ -13,6 +13,7 @@ import com.winsun.bean.HhrSupervisorSchool;
 import com.winsun.bean.HhrUser;
 import com.winsun.bean.School;
 import com.winsun.bean.SysUser;
+import com.winsun.interfaces.PermissionVerification;
 import com.winsun.mapper.*;
 import com.winsun.utils.*;
 import lombok.extern.slf4j.Slf4j;
@@ -58,6 +59,7 @@ public class PartnerController extends BaseController {
        PartnerController.hhrSupervisorSchoolMapper = hhrSupervisorSchoolMapper;
    }
+    @PermissionVerification(value = "/school-center/userManager/PartnerManagement")
    @Permission(menuname = "修改合伙人信息", value = "update", method = RequestMethod.POST)
    public ResponseData<String> updatePartner(@RequestParam("id") String id, @RequestParam("phone") String phone,
                                              @RequestParam("account") String account, @RequestParam("name") String name,
@@ -70,6 +72,10 @@ public class PartnerController extends BaseController {
                                              @RequestParam(name = "parentId", required = false) String parentId,
                                              @RequestParam(name = "parentIds", required = false) String parentIds) {
        try {
+            ShiroUser shiroUser = getShiroUser();
+            if (!shiroUser.getRoleNames().stream().anyMatch(roleName -> StringUtils.equalsAny(roleName, "超级管理员", "系统管理员", "县分管理员（订单）"))) {
+                return ResponseData.error("修改失败");
+            }
            SysUser user = sysUserMapper.selectById(id);
            password = StringUtils.isNotBlank(password) ? MD5Utils.md5(password, user.getSalt()) : user.getPassword();
            parentId = null == parentId ? "" : parentId.replaceAll("null", "");
@@ -137,6 +143,7 @@ public class PartnerController extends BaseController {
    }
    @SuppressWarnings("unchecked")
+    @PermissionVerification(value = "/school-center/userManager/PartnerManagement")
    @Permission(menuname = "查询合伙人信息", value = "list", method = RequestMethod.POST)
    public ResponseData<Page<Map<String, Object>>> listPartner(@RequestParam("id") String id,
                                                               @RequestParam("school") String school,
@@ -146,6 +153,8 @@ public class PartnerController extends BaseController {
                                                               @RequestParam("status") String status,
                                                               @RequestParam(name = "pageNo", required = false) int pageIndex,
                                                               @RequestParam(name = "pageSize", required = false) int pageSize) {
+        ShiroUser shiroUser = getShiroUser();
        Page<Map<String, Object>> page = new Page<>(pageIndex, pageSize);
        ShiroUser user = getShiroUser();
@@ -278,6 +287,7 @@ public class PartnerController extends BaseController {
        return ResponseData.success(page, "查询完毕！");
    }
+    @PermissionVerification(value = "/school-center/userManager/PartnerManagement")
    @Permission(menuname = "新增合伙人", value = "addPartner", method = RequestMethod.POST)
    public ResponseData<String> addPartner(@RequestParam("account") String account, @RequestParam("name") String name,
                                           @RequestParam("idCard") String idCard, @RequestParam("sex") String sex, @RequestParam("grade") String grade,
@@ -355,7 +365,7 @@ public class PartnerController extends BaseController {
        return ResponseData.error("新增失败");
    }
+    @PermissionVerification(value = "/school-center/userManager/PartnerManagement")
    @Permission(menuname = "更新分销商信息", value = "pushFxyList", method = RequestMethod.POST)
    public ResponseData pushFxyList(@RequestParam("id") String id, @RequestParam("fxy") String fxy) {
        Wrapper<HhrUser> wrapper = new EntityWrapper<>();
@@ -375,6 +385,7 @@ public class PartnerController extends BaseController {
        return ResponseData.success("更新完毕！");
    }
    @Permission(menuname = "获取学子公司职位下级成员", value = "getXzUserList", method = RequestMethod.POST)
    public ResponseData<List<HhrUser>> getXzUserList(@RequestParam("position") String position) {
        ShiroUser user = getShiroUser();
@@ -404,6 +415,7 @@ public class PartnerController extends BaseController {
        return ResponseData.success(list, "查询完毕！");
    }
+    @PermissionVerification(value = "/school-center/userManager/PartnerManagement")
    @Permission(menuname = "获取角色清单", value = "roleList", method = RequestMethod.POST)
    public ResponseData<List<Map<String, Object>>> roleList() {
        List<Map<String, Object>> list = partnerMapper.roleList();
@@ -413,6 +425,7 @@ public class PartnerController extends BaseController {
        return ResponseData.success(resultList, "查询完毕！");
    }
+    @PermissionVerification(value = "/school-center/userManager/PartnerManagement")
    @Permission(menuname = "导出合伙人信息", value = "exportUserList", method = RequestMethod.POST)
    public void exportUserList(@RequestParam("id") String id,
                               @RequestParam("school") String school,
@@ -529,6 +542,7 @@ public class PartnerController extends BaseController {
        }
    }
+    @PermissionVerification(value = "/school-center/userManager/PartnerManagement")
    @Permission(menuname = "删除用户", value = "deleteUser", method = RequestMethod.POST)
    public ResponseData<Object> deleteUser(@Param("id") String id) {
        SysUser sysUser = new SysUser();

--- a/service-manager/src/main/java/com/winsun/controller/SalesListController.java
+++ b/service-manager/src/main/java/com/winsun/controller/SalesListController.java
@@ -12,6 +12,7 @@ import com.winsun.bean.NetworkInfo;
 import com.winsun.bean.SalesList;
 import com.winsun.bean.SysUser;
 import com.winsun.constant.OrderType;
+import com.winsun.interfaces.PermissionVerification;
 import com.winsun.mapper.NetworkInfoMapper;
 import com.winsun.mapper.SalesListMapper;
 import com.winsun.mapper.SchoolMapper;
@@ -117,7 +118,8 @@ public class SalesListController extends BaseController{
 		SalesListController.schoolMapper = schoolMapper;
 		exportList.set(new ArrayList<>());
 	}
+	@PermissionVerification(value = {"/school-center/order/salesList","/school-center/order/clsjSalesList","/school-center/order/salesProblemList","/school-center/order/yctSalesList"})
 	@Permission(menuname = "获取销售订单列表", value ="/list", method = RequestMethod.POST)
 	public ResponseData<Page<SalesList>> getList(@RequestParam("orderPhone") String orderPhone,
 			@RequestParam("name") String name,@RequestParam("account") String account,
@@ -165,6 +167,7 @@ public class SalesListController extends BaseController{
 		return ResponseData.success(page, "查询完毕！");
 	}
+	@PermissionVerification(value = {"/school-center/order/salesList","/school-center/order/clsjSalesList","/school-center/order/yctSalesList"})
 	@Permission(menuname = "自定义备注", value = "/customRemark", method = RequestMethod.POST)
 	public ResponseData<String> customRemark(@RequestParam("id") Integer id, @RequestParam("customRemark") String customRemark ) {
 		SalesList salesList = new SalesList();
@@ -178,7 +181,8 @@ public class SalesListController extends BaseController{
 			return ResponseData.error("更新失败！");
 		}
 	}
+	@PermissionVerification(value = {"/school-center/order/salesList","/school-center/order/clsjSalesList"})
 	@Permission(menuname = "删除销售订单", value ="/deleteOrder", method = RequestMethod.POST)
 	public ResponseData<String> deleteOrder(@RequestParam("id") String id){
@@ -227,7 +231,8 @@ public class SalesListController extends BaseController{
 		return ResponseData.error("删除失败");
 	}
+	@PermissionVerification(value = {"/school-center/order/salesList","/school-center/order/clsjSalesList","/school-center/order/yctSalesList"})
 	@Permission(menuname = "导出订单清单", value = "exportList", method = RequestMethod.POST)
    public void downloadHhrOrder(HttpServletResponse response, @RequestParam("orderPhone") String orderPhone,
 			@RequestParam("name") String name,@RequestParam("account") String account,
@@ -273,6 +278,7 @@ public class SalesListController extends BaseController{
     * @return
     */
    @SuppressWarnings("unchecked")
+	@PermissionVerification(value = {"/school-center/order/salesList","/school-center/order/clsjSalesList","/school-center/order/yctSalesList"})
 	@Permission(menuname = "上传订单数据", value = "importOrder", method = RequestMethod.POST)
    public ResponseData<Map<String, Object>> importOrder(@RequestParam(name = "file") MultipartFile file) {
        StringBuffer info = new StringBuffer();
@@ -515,7 +521,8 @@ public class SalesListController extends BaseController{
     * @param file 上传的数据文件
     * @return
     */
-    @Permission(menuname = "充值审核", value = "importRechargeData", method = RequestMethod.POST)
+	@PermissionVerification(value = {"/school-center/order/salesList","/school-center/order/clsjSalesList","/school-center/order/yctSalesList"})
+	@Permission(menuname = "充值审核", value = "importRechargeData", method = RequestMethod.POST)
    public ResponseData<String> importRechargeData(@RequestParam(name = "file") MultipartFile file) {
        if (!StringUtils.endsWithAny(file.getOriginalFilename(), "xlsx", "xls")) {
            return ResponseData.error("手工上传数据仅支持Excel文件，其他格式不支持！");
@@ -773,6 +780,7 @@ public class SalesListController extends BaseController{
 	 * @param file 上传的数据文件
 	 * @return
 	 */
+	@PermissionVerification(value = {"/school-center/order/salesList","/school-center/order/clsjSalesList","/school-center/order/yctSalesList"})
 	@Permission(menuname = "审核锁定", value = "importAuditLock", method = RequestMethod.POST)
 	public ResponseData<String> importAuditLock(@RequestParam(name = "file") MultipartFile file) {
 		if (!StringUtils.endsWithAny(file.getOriginalFilename(), "xlsx", "xls")) {
@@ -869,6 +877,7 @@ public class SalesListController extends BaseController{
 	 * @param file 上传的数据文件
 	 * @return
 	 */
+	@PermissionVerification(value = {"/school-center/order/salesList","/school-center/order/clsjSalesList","/school-center/order/salesProblemList","/school-center/order/yctSalesList"})
 	@Permission(menuname = "批量更新", value = "importBatchUpdate", method = RequestMethod.POST)
 	public ResponseData<String> importBatchUpdate(@RequestParam(name = "file") MultipartFile file) {
 		if (!StringUtils.endsWithAny(file.getOriginalFilename(), "xlsx", "xls")) {
@@ -1063,7 +1072,8 @@ public class SalesListController extends BaseController{
 		}
 		return list;
 	}
+	@PermissionVerification(value = {"/school-center/order/salesList","/school-center/order/clsjSalesList","/school-center/order/yctSalesList"})
    @Permission(menuname = "放号上传模板", method = RequestMethod.POST, value = "downloadTemplateFH")
    public ResponseData<String> downloadTemplateFH() {
        ArrayList<String> columns = new ArrayList<>();
@@ -1110,7 +1120,8 @@ public class SalesListController extends BaseController{
        }
        return ResponseData.error("放号上传清单模板出错");
    }
+	@PermissionVerification(value = {"/school-center/order/salesList","/school-center/order/clsjSalesList","/school-center/order/yctSalesList"})
    @Permission(menuname = "充值审核模板", method = RequestMethod.POST, value = "downloadTemplateCZ")
    public ResponseData<String> downloadTemplateCZ() {
        ArrayList<String> columns = new ArrayList<>();
@@ -1153,6 +1164,7 @@ public class SalesListController extends BaseController{
        return ResponseData.error("充值审核清单模板出错");
    }
+	@PermissionVerification(value = {"/school-center/order/salesList","/school-center/order/clsjSalesList","/school-center/order/salesProblemList","/school-center/order/yctSalesList"})
 	@Permission(menuname = "批量修改模板下载", method = RequestMethod.POST, value = "downloadTemplatePL")
 	public ResponseData<String> downloadTemplatePL() {
 		ArrayList<String> columns = new ArrayList<>();
@@ -1220,6 +1232,7 @@ public class SalesListController extends BaseController{
 		return ResponseData.error("批量修改清单模板出错");
 	}
+	@PermissionVerification(value = {"/school-center/order/salesList","/school-center/order/clsjSalesList","/school-center/order/yctSalesList"})
 	@Permission(menuname = "审核锁定模板", method = RequestMethod.POST, value = "downloadTemplateSD")
 	public ResponseData<String> downloadTemplateSD() {
 		ArrayList<String> columns = new ArrayList<>();
@@ -1256,7 +1269,8 @@ public class SalesListController extends BaseController{
 		}
 		return ResponseData.error("审核锁定清单模板出错");
 	}
+	@PermissionVerification(value = {"/school-center/order/salesList","/school-center/order/clsjSalesList","/school-center/order/yctSalesList"})
    @Permission(menuname = "导出导入结果", value = "exportResult", method = RequestMethod.POST)
    public void exportResult(String key) {
@@ -1336,8 +1350,9 @@ public class SalesListController extends BaseController{
        }   
        SimpleDateFormat sdf = new SimpleDateFormat(format);  
        return sdf.format(new Date(Long.valueOf(seconds+"000")));  
-    } 
+    }
+	@PermissionVerification(value = {"/school-center/order/salesList","/school-center/order/clsjSalesList","/school-center/order/salesProblemList","/school-center/order/yctSalesList"})
    @Permission(menuname = "导出销售清单", value = "exportOrderList", method = RequestMethod.POST)
    public void exportOrderList(@RequestParam("orderPhone") String orderPhone,
 			@RequestParam("name") String name,@RequestParam("account") String account,

--- a/service-manager/src/main/java/com/winsun/controller/SchoolManagementController.java
+++ b/service-manager/src/main/java/com/winsun/controller/SchoolManagementController.java
@@ -15,6 +15,7 @@ import com.winsun.bean.Product;
 import com.winsun.bean.School;
 import com.winsun.bean.SchoolPackage;
 import com.winsun.constant.FilePath;
+import com.winsun.interfaces.PermissionVerification;
 import com.winsun.mapper.PackageMapper;
 import com.winsun.mapper.ProductMapper;
 import com.winsun.mapper.SchoolMapper;
@@ -357,6 +358,7 @@ public class SchoolManagementController extends BaseController {
        return ResponseData.success(substNameList, "查询完毕！");
    }
+    @PermissionVerification(value = "/school-center/userManager/PartnerManagement")
    @RequestMapping(name = "获取学校下拉列表", value = "schoolList", method = RequestMethod.POST)
    public ResponseData<List<Map<String, Object>>> schoolList(@RequestParam("substName") String substName) {
 //		ShiroUser user = getShiroUser();

--- a/service-manager/src/main/java/com/winsun/controller/YsmUserController.java
+++ b/service-manager/src/main/java/com/winsun/controller/YsmUserController.java
@@ -10,6 +10,7 @@ import com.winsun.auth.core.base.controller.BaseController;
 import com.winsun.auth.core.common.model.ResponseData;
 import com.winsun.auth.core.shiro.ShiroUser;
 import com.winsun.bean.YsmUser;
+import com.winsun.interfaces.PermissionVerification;
 import com.winsun.mapper.SchoolMapper;
 import com.winsun.mapper.YsmUserMapper;
 import com.winsun.utils.MyBatisPlusUpdateUtils;
@@ -45,6 +46,7 @@ public class YsmUserController extends BaseController {
     * @param ysmUser 添加对象的json字符串
     * @return
     */
+    @PermissionVerification(value = "/school-center/userManager/ysmUser")
    @Permission(menuname = "添加实名账号", value = "insert", method = RequestMethod.POST)
    public ResponseData<String> insertYsmUser(@RequestParam("ysmUser") String ysmUser) {
        ShiroUser user = getShiroUser();
@@ -61,6 +63,7 @@ public class YsmUserController extends BaseController {
     * @param id   不通过佣金系统账号的ID
     * @return
     */
+    @PermissionVerification(value = "/school-center/userManager/ysmUser")
    @Permission(menuname = "不通过佣金系统", value = "notThrough/{id}", method = RequestMethod.POST)
    public ResponseData<String> notThroughYsmUser(@PathVariable("id") Integer id,@RequestParam("status") Integer status) {
        ShiroUser user = getShiroUser();
@@ -80,6 +83,7 @@ public class YsmUserController extends BaseController {
     * @param ysmUser 编辑对象的json字符串
     * @return
     */
+    @PermissionVerification(value = "/school-center/userManager/ysmUser")
    @Permission(menuname = "编辑实名智能平台账号", value = "update", method = RequestMethod.POST)
    public ResponseData<String> updateYsmUser(@RequestParam("ysmUser") String ysmUser) {
        ShiroUser user = getShiroUser();
@@ -103,6 +107,7 @@ public class YsmUserController extends BaseController {
     * @param pageSize
     * @return
     */
+    @PermissionVerification(value = "/school-center/userManager/ysmUser")
    @Permission(menuname = "查询实名智能平台账号", value = "list", method = RequestMethod.POST)
    public ResponseData<Page<YsmUser>> listYsmUser(@RequestParam("userName") String userName,
                                                         @RequestParam(name = "pageNo") int pageIndex, @RequestParam(name = "pageSize") int pageSize) {
@@ -118,6 +123,7 @@ public class YsmUserController extends BaseController {
        return ResponseData.success(page, "查询成功！");
    }
+    @PermissionVerification(value = "/school-center/userManager/PartnerManagement")
    @Permission(menuname = "查询", value = "getlist", method = RequestMethod.POST)
    public ResponseData<List<Map<String,Object>>> getlistYsmUser() {
        Wrapper<YsmUser> wrapper = new EntityWrapper();

--- a/service-manager/src/main/java/com/winsun/controller/YxtOrderController.java
+++ b/service-manager/src/main/java/com/winsun/controller/YxtOrderController.java
@@ -11,6 +11,7 @@ import com.winsun.auth.core.shiro.ShiroUser;
 import com.winsun.auth.core.util.DateUtil;
 import com.winsun.auth.core.util.IOUtils;
 import com.winsun.bean.*;
+import com.winsun.interfaces.PermissionVerification;
 import com.winsun.mapper.*;
 import com.winsun.utils.ExcelDealUtils;
 import com.winsun.utils.MyBatisPlusUpdateUtils;
@@ -84,6 +85,7 @@ public class YxtOrderController extends BaseController {
     * @param id 需要取消的id
     * @return
     */
+    @PermissionVerification(value ={"/school-center/order/yxtOrder"})
    @Permission(menuname = "取消院线通订单", value = "delete", method = RequestMethod.POST)
    public ResponseData<String> deleteProduct(@RequestParam(name = "id", required = false) String id) {
        ShiroUser user = getShiroUser();
@@ -116,6 +118,7 @@ public class YxtOrderController extends BaseController {
     * @param orderId
     * @return
     */
+    @PermissionVerification(value ={"/school-center/order/yxtOrder"})
    @Permission(menuname = "通过ID获取院线通券信息", value = "getYxtCard", method = RequestMethod.POST)
    public ResponseData<Page<YxtCoupon>> getYxtCard(
            @RequestParam(name = "orderId", required = false) String orderId,
@@ -154,6 +157,7 @@ public class YxtOrderController extends BaseController {
     * @param pageSize
     * @return
     */
+    @PermissionVerification(value ={"/school-center/order/yxtOrder"})
    @Permission(menuname = "查询院线通订单信息", value = "list", method = RequestMethod.POST)
    public ResponseData<Page<Map<String, Object>>> listProduct(
            @RequestParam(name = "name", required = false) String name,
@@ -282,6 +286,7 @@ public class YxtOrderController extends BaseController {
     * @param pageSize
     * @return
     */
+    @PermissionVerification(value ={"/school-center/order/yxtOrder"})
    @Permission(menuname = "导出院线通订单信息", value = "excelOut", method = RequestMethod.POST)
    public void excelOut(
            @RequestParam(name = "name", required = false) String name,

--- a/service-manager/src/main/java/com/winsun/controller/school/SchoolAllocationController.java
+++ b/service-manager/src/main/java/com/winsun/controller/school/SchoolAllocationController.java
@@ -9,6 +9,7 @@ import com.winsun.auth.core.base.controller.BaseController;
 import com.winsun.auth.core.common.model.ResponseData;
 import com.winsun.bean.School;
 import com.winsun.bean.SysUser;
+import com.winsun.interfaces.PermissionVerification;
 import com.winsun.mapper.SchoolMapper;
 import com.winsun.mapper.SysUserMapper;
 import com.winsun.utils.DesensitizationUtil;
@@ -40,6 +41,7 @@ public class SchoolAllocationController extends BaseController {
        SchoolAllocationController.sysUserMapper = sysUserMapper;
    }
+    @PermissionVerification(value = "/school-center/userManager/schoolAllocation")
    @Permission(menuname = "添加学校分配信息", value = "addSchoolAllocation", method = RequestMethod.POST)
    public ResponseData<String> insertSchool(
            @RequestParam("account") String account,
@@ -62,6 +64,7 @@ public class SchoolAllocationController extends BaseController {
        return ResponseData.error("账号不存在！！");
    }
+    @PermissionVerification(value = "/school-center/userManager/schoolAllocation")
    @Permission(menuname = "删除学校分配信息", value = "deleteSchoolAllocation", method = RequestMethod.POST)
    public ResponseData<String> deleteSchool(@RequestParam("id") String id) {
@@ -83,6 +86,7 @@ public class SchoolAllocationController extends BaseController {
     * @param pageSize
     * @return
     */
+    @PermissionVerification(value = "/school-center/userManager/schoolAllocation")
    @Permission(menuname = "查询学校分配", value = "findByList", method = RequestMethod.POST)
    public ResponseData<Page<Map<String, Object>>> listSchool(
            @RequestParam("account") String account, @RequestParam("name") String name,