diff --git a/src/main/java/com/chinaunicom/mall/ebtp/extend/bizbidnotice/controller/BizBidNoticeController.java b/src/main/java/com/chinaunicom/mall/ebtp/extend/bizbidnotice/controller/BizBidNoticeController.java index a7563a2..b17fb7d 100644 --- a/src/main/java/com/chinaunicom/mall/ebtp/extend/bizbidnotice/controller/BizBidNoticeController.java +++ b/src/main/java/com/chinaunicom/mall/ebtp/extend/bizbidnotice/controller/BizBidNoticeController.java @@ -13,6 +13,7 @@ import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiParam; import org.apache.commons.lang.StringUtils; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.*; import javax.annotation.Resource; @@ -63,6 +64,7 @@ public class BizBidNoticeController { * @return */ @ApiOperation("查询所有列表") + @PreAuthorize("hasAnyAuthority('ebtp-system-admin')") @PostMapping("/allList") public BaseResponse> getAll(@RequestBody BizBidNoticeVO bizBidNotice) { @@ -83,6 +85,7 @@ public class BizBidNoticeController { * @return */ @ApiOperation("插入新数据") + @PreAuthorize("hasAnyAuthority('ebtp-system-admin')") @PostMapping("/add") public BaseResponse insert( @ApiParam(value = "对象数据", required = true) @RequestBody @Valid BizBidNotice bizBidNotice) { @@ -100,6 +103,7 @@ public class BizBidNoticeController { * @return */ @ApiOperation("修改数据") + @PreAuthorize("hasAnyAuthority('ebtp-system-admin')") @PostMapping("/update") public BaseResponse update( @ApiParam(value = "对象数据", required = true) @RequestBody BizBidNotice bizBidNotice) { @@ -114,6 +118,7 @@ public class BizBidNoticeController { * @return */ @ApiOperation("发布数据") + @PreAuthorize("hasAnyAuthority('ebtp-system-admin')") @PostMapping("/fabu/{id}") public BaseResponse fabu(@ApiParam(value = "主键id", required = true) @PathVariable String id) { BizBidNotice notice = new BizBidNotice(); @@ -129,6 +134,7 @@ public class BizBidNoticeController { * @return */ @ApiOperation("发布数据") + @PreAuthorize("hasAnyAuthority('ebtp-system-admin')") @PostMapping("/qxfabu/{id}") public BaseResponse qxfabu(@ApiParam(value = "主键id", required = true) @PathVariable String id) { @@ -145,6 +151,7 @@ public class BizBidNoticeController { * @return */ @ApiOperation("置顶数据") + @PreAuthorize("hasAnyAuthority('ebtp-system-admin')") @PostMapping("/top/{id}") public BaseResponse top(@ApiParam(value = "主键id", required = true) @PathVariable String id) { @@ -162,6 +169,7 @@ public class BizBidNoticeController { * @return */ @ApiOperation("取消置顶数据") + @PreAuthorize("hasAnyAuthority('ebtp-system-admin')") @PostMapping("/qxtop/{id}") public BaseResponse qxtop(@ApiParam(value = "主键id", required = true) @PathVariable String id) { @@ -190,6 +198,7 @@ public class BizBidNoticeController { * @return */ @ApiOperation("删除数据") + @PreAuthorize("hasAnyAuthority('ebtp-system-admin')") @PostMapping("/delete/{id}") public BaseResponse delete(@ApiParam(value = "主键id", required = true) @PathVariable String id) { return BaseResponse.success(ibizBidNoticeService.removeById(id)); diff --git a/src/main/java/com/chinaunicom/mall/ebtp/extend/bizbidshared/controller/BizBidSharedController.java b/src/main/java/com/chinaunicom/mall/ebtp/extend/bizbidshared/controller/BizBidSharedController.java index 995d15c..7744bfd 100644 --- a/src/main/java/com/chinaunicom/mall/ebtp/extend/bizbidshared/controller/BizBidSharedController.java +++ b/src/main/java/com/chinaunicom/mall/ebtp/extend/bizbidshared/controller/BizBidSharedController.java @@ -11,6 +11,7 @@ import com.chinaunicom.mall.ebtp.extend.bizbidshared.service.IBizBidSharedServic import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiParam; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.util.StringUtils; import org.springframework.web.bind.annotation.*; @@ -44,6 +45,7 @@ public class BizBidSharedController { * @return */ @ApiOperation("插入新数据") + @PreAuthorize("hasAnyAuthority('ebtp-system-admin')") @PostMapping("/add") public BaseResponse insert(@ApiParam(value = "对象数据", required = true) @RequestBody @Valid BizBidShared bizBidShared) { if (StringUtils.isEmpty(bizBidShared.getId())) { @@ -62,6 +64,7 @@ public class BizBidSharedController { * @return */ @ApiOperation("修改数据") + @PreAuthorize("hasAnyAuthority('ebtp-system-admin')") @PostMapping("") public BaseResponse update(@ApiParam(value = "对象数据", required = true) @RequestBody BizBidShared bizBidShared) { return BaseResponse.success(ibizBidSharedService.updateById(bizBidShared)); @@ -86,6 +89,7 @@ public class BizBidSharedController { * @return */ @ApiOperation("删除数据") + @PreAuthorize("hasAnyAuthority('ebtp-system-admin')") @PostMapping("/delete/{id}") public BaseResponse delete(@ApiParam(value = "主键id", required = true) @PathVariable String id) { return BaseResponse.success(ibizBidSharedService.removeById(id)); diff --git a/src/main/java/com/chinaunicom/mall/ebtp/extend/bizbidsharedrecord/controller/BizBidSharedRecordController.java b/src/main/java/com/chinaunicom/mall/ebtp/extend/bizbidsharedrecord/controller/BizBidSharedRecordController.java index 8b5d35b..743ec41 100644 --- a/src/main/java/com/chinaunicom/mall/ebtp/extend/bizbidsharedrecord/controller/BizBidSharedRecordController.java +++ b/src/main/java/com/chinaunicom/mall/ebtp/extend/bizbidsharedrecord/controller/BizBidSharedRecordController.java @@ -13,6 +13,7 @@ import com.chinaunicom.mall.ebtp.extend.bizbidsharedrecord.service.IBizBidShared import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiParam; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.*; import javax.annotation.Resource; @@ -35,6 +36,7 @@ public class BizBidSharedRecordController { * @return */ @ApiOperation("查询数据列表") + @PreAuthorize("hasAnyAuthority('ebtp-system-admin')") @PostMapping("/list/{id}") public BasePageResponse getList(@PathVariable("id") String id, @ApiParam(value = "对象数据", required = true) @RequestBody @Valid BizBidSharedRecordVO bizBidShared) { @@ -49,6 +51,7 @@ public class BizBidSharedRecordController { * @return */ @ApiOperation("插入新数据") + @PreAuthorize("hasAnyAuthority('ebtp-system-admin')") @PostMapping("/add") public BaseResponse insert( @ApiParam(value = "对象数据", required = true) @RequestBody @Valid BizBidShared bizBidShared) { @@ -72,6 +75,7 @@ public class BizBidSharedRecordController { * @return */ @ApiOperation("修改数据") + @PreAuthorize("hasAnyAuthority('ebtp-system-admin')") @PutMapping("") public BaseResponse update( @ApiParam(value = "对象数据", required = true) @RequestBody BizBidSharedRecord bizBidSharedRecord) { diff --git a/src/main/java/com/chinaunicom/mall/ebtp/extend/export/controller/ExportController.java b/src/main/java/com/chinaunicom/mall/ebtp/extend/export/controller/ExportController.java index c7bf2d6..0ed055a 100644 --- a/src/main/java/com/chinaunicom/mall/ebtp/extend/export/controller/ExportController.java +++ b/src/main/java/com/chinaunicom/mall/ebtp/extend/export/controller/ExportController.java @@ -7,6 +7,7 @@ import com.chinaunicom.mall.ebtp.extend.export.service.ExportServiceFactory; import com.chinaunicom.mall.ebtp.extend.export.service.IBizExportDictService; import io.swagger.annotations.Api; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestMapping; @@ -38,6 +39,7 @@ public class ExportController { * @param request * @param response */ + @PreAuthorize("hasAnyAuthority('ebtp-purchase','ebtp-agency-project-manager')") @GetMapping(value = "/{type}") public void export(@PathVariable String type, ExportParame param, HttpServletRequest request, HttpServletResponse response) { exportServiceFactory.getService(type).doExport(param, request, response); @@ -49,6 +51,7 @@ public class ExportController { * @param roomId * @return */ + @PreAuthorize("hasAnyAuthority('ebtp-purchase','ebtp-agency-project-manager')") @GetMapping("/list/{roomId}") public BaseResponse>> list(@PathVariable String roomId) {