完善权限

Author: 734839030

screenshots/login.png

@@ -1,18 +1,14 @@
 package com.seezoon.framework.common.file;
 
 import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
-import com.alibaba.fastjson.JSON;
 import com.seezoon.framework.common.Constants;
 import com.seezoon.framework.common.file.handler.AliFileFileHandler;
 import com.seezoon.framework.common.file.handler.FileHandler;
 import com.seezoon.framework.common.file.handler.LocalFileHandler;
 
 public class FileHandlerFactory {
 
-	private static Logger logger = LoggerFactory.getLogger(FileHandlerFactory.class);
 	private static FileHandler fileHandler = null;
 
 	// 文件配置
@@ -22,7 +18,6 @@ public static FileHandler getHandler() {
 		if (null != fileHandler) {
 			return fileHandler;
 		}
-		logger.info(JSON.toJSONString(fileConfig));
 		String fileStorage = fileConfig.getFileStorage();
 		if (Constants.FileStorage.LOCAL.getValue().equals(fileStorage)) {// 本地
 			fileHandler = new LocalFileHandler(fileConfig.getLocalStorePath());

src/main/java/com/seezoon/framework/common/file/FileHandlerFactory.java

@@ -3,29 +3,36 @@
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.stereotype.Component;
 import org.springframework.web.bind.annotation.RequestMethod;
 
+import com.seezoon.framework.common.web.HttpStatus;
+
 /**
- * 账密或者remember 的拦截器 
+ * 账密或者remember 的拦截器
  * 
  * 解决在remember的情况下，跨域请求options 请求无法携带cookie 的问题
- *   
- * @author hdf
- * 2018年4月19日
+ * 
+ * @author hdf 2018年4月19日
  */
 @Component
 public class UserFilter extends org.apache.shiro.web.filter.authc.UserFilter {
 
 	@Override
 	protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
-		HttpServletRequest req = (HttpServletRequest)request;
-		//跨域的options 请求直接过
+		HttpServletRequest req = (HttpServletRequest) request;
+		HttpServletResponse res = (HttpServletResponse) response;
+		// 跨域的options 请求直接过
 		if (RequestMethod.OPTIONS.name().equalsIgnoreCase(req.getMethod())) {
 			return true;
+		} else {
+			res.setStatus(HttpStatus.NEED_LOGIN.getValue());
+			//不走后续shiro 默认逻辑
+			return false;
 		}
-		return super.onAccessDenied(request, response);
+		//return super.onAccessDenied(request, response);
 	}
 
 	@Override

src/main/java/com/seezoon/framework/modules/system/shiro/UserFilter.java

@@ -4,6 +4,7 @@
 import java.util.List;
 
 import org.apache.commons.lang3.StringUtils;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.validation.BindingResult;
 import org.springframework.validation.annotation.Validated;
@@ -35,13 +36,13 @@ public ResponeModel qryAll(SysDept sysDept) {
 		//数据机构调整
 		return ResponeModel.ok(treeHelper.treeGridList(list));
 	}
-
+	@RequiresPermissions("sys:dept:qry")
 	@RequestMapping("/get.do")
 	public ResponeModel get(@RequestParam Serializable id) {
 		SysDept sysDept = sysDeptService.findById(id);
 		return ResponeModel.ok(sysDept);
 	}
-
+	@RequiresPermissions("sys:dept:save")
 	@PostMapping("/save.do")
 	public ResponeModel save(@Validated SysDept sysDept, BindingResult bindingResult) {
 		SysDept parent = null;
@@ -52,7 +53,7 @@ public ResponeModel save(@Validated SysDept sysDept, BindingResult bindingResult
 		int cnt = sysDeptService.save(sysDept);
 		return ResponeModel.ok(cnt);
 	}
-
+	@RequiresPermissions("sys:dept:update")
 	@PostMapping("/update.do")
 	public ResponeModel update(@Validated SysDept sysDept, BindingResult bindingResult) {
 		SysDept parent = null;
@@ -64,6 +65,7 @@ public ResponeModel update(@Validated SysDept sysDept, BindingResult bindingResu
 		return ResponeModel.ok(cnt);
 	}
 
+	@RequiresPermissions("sys:dept:delete")
 	@PostMapping("/delete.do")
 	public ResponeModel delete(@RequestParam Serializable id) {
 		int cnt = sysDeptService.deleteById(id);

src/main/java/com/seezoon/framework/modules/system/web/SysDeptController.java

@@ -2,6 +2,7 @@
 
 import java.io.Serializable;
 
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.validation.BindingResult;
 import org.springframework.validation.annotation.Validated;
@@ -23,35 +24,38 @@ public class SysDictController extends BaseController {
 	@Autowired
 	private SysDictService sysDictService;
 
+	@RequiresPermissions("sys:dict:qry")
 	@PostMapping("/qryPage.do")
 	public ResponeModel qryPage(SysDict sysDict) {
 		PageInfo<SysDict> page = sysDictService.findByPage(sysDict, sysDict.getPage(), sysDict.getPageSize());
 		return ResponeModel.ok(page);
 	}
 
+	@RequiresPermissions("sys:dict:qry")
 	@RequestMapping("/get.do")
 	public ResponeModel get(@RequestParam Serializable id) {
 		SysDict sysDict = sysDictService.findById(id);
 		return ResponeModel.ok(sysDict);
 	}
-
+	@RequiresPermissions("sys:dict:save")
 	@PostMapping("/save.do")
 	public ResponeModel save(@Validated SysDict sysDict, BindingResult bindingResult) {
 		int cnt = sysDictService.save(sysDict);
 		return ResponeModel.ok(cnt);
 	}
-
+	@RequiresPermissions("sys:dict:update")
 	@PostMapping("/update.do")
 	public ResponeModel update(@Validated SysDict sysDict,BindingResult bindingResult) {
 		int cnt = sysDictService.updateSelective(sysDict);
 		return ResponeModel.ok(cnt);
 	}
-
+	@RequiresPermissions("sys:dict:delete")
 	@PostMapping("/delete.do")
 	public ResponeModel delete(@RequestParam Serializable id) {
 		int cnt = sysDictService.deleteById(id);
 		return ResponeModel.ok(cnt);
 	}
+	
 	@RequestMapping("/getTypes.do")
 	public ResponeModel getTypes() {
 		return ResponeModel.ok(sysDictService.findTypes());

src/main/java/com/seezoon/framework/modules/system/web/SysDictController.java

@@ -3,6 +3,7 @@
 import java.io.Serializable;
 import java.util.Date;
 
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -22,7 +23,8 @@ public class SysFileController extends BaseController {
 
 	@Autowired
 	private SysFileService sysFileService;
-
+	
+	@RequiresPermissions("sys:file:qry")
 	@PostMapping("/qryPage.do")
 	public ResponeModel qryPage(SysFile sysFile,@RequestParam(required=false) Date startDate,@RequestParam(required=false) Date endDate) {
 		sysFile.addProperty("startDate", startDate);
@@ -33,6 +35,8 @@ public ResponeModel qryPage(SysFile sysFile,@RequestParam(required=false) Date s
 		}
 		return ResponeModel.ok(page);
 	}
+	
+	@RequiresPermissions("sys:file:delete")
 	@PostMapping("/delete.do")
 	public ResponeModel delete(@RequestParam Serializable id) {
 		int cnt = sysFileService.deleteById(id);

src/main/java/com/seezoon/framework/modules/system/web/SysFileController.java

@@ -4,6 +4,7 @@
 import java.util.List;
 
 import org.apache.commons.lang3.StringUtils;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.validation.BindingResult;
 import org.springframework.validation.annotation.Validated;
@@ -36,13 +37,13 @@ public ResponeModel qryAll(SysMenu sysMenu) {
 		List<SysMenu> list = sysMenuService.findList(sysMenu);
 		return ResponeModel.ok(treeHelper.treeGridList(list));
 	}
-
+	@RequiresPermissions("sys:menu:qry")
 	@RequestMapping("/get.do")
 	public ResponeModel get(@RequestParam Serializable id) {
 		SysMenu sysMenu = sysMenuService.findById(id);
 		return ResponeModel.ok(sysMenu);
 	}
-
+	@RequiresPermissions("sys:menu:save")
 	@PostMapping("/save.do")
 	public ResponeModel save(@Validated SysMenu sysMenu, BindingResult bindingResult) {
 		SysMenu parent = null;
@@ -53,7 +54,7 @@ public ResponeModel save(@Validated SysMenu sysMenu, BindingResult bindingResult
 		int cnt = sysMenuService.save(sysMenu);
 		return ResponeModel.ok(cnt);
 	}
-
+	@RequiresPermissions("sys:menu:update")
 	@PostMapping("/update.do")
 	public ResponeModel update(@Validated SysMenu sysMenu, BindingResult bindingResult) {
 		SysMenu parent = null;
@@ -64,12 +65,13 @@ public ResponeModel update(@Validated SysMenu sysMenu, BindingResult bindingResu
 		int cnt = sysMenuService.updateSelective(sysMenu);
 		return ResponeModel.ok(cnt);
 	}
-
+	@RequiresPermissions("sys:menu:delete")
 	@PostMapping("/delete.do")
 	public ResponeModel delete(@RequestParam Serializable id) {
 		int cnt = sysMenuService.deleteById(id);
 		return ResponeModel.ok(cnt);
 	}
+	@RequiresPermissions("sys:menu:save")
 	@PostMapping("/batchSave.do")
 	public ResponeModel batchSave(@RequestBody List<SysMenu> list ) {
 		//直接用list接收到的json 参数实际上是jsonObject，强转到SysMenu 会报错,下列性能不好，应该不想循环List 转化

src/main/java/com/seezoon/framework/modules/system/web/SysMenuController.java

@@ -4,6 +4,7 @@
 import java.util.HashMap;
 import java.util.Map;
 
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.validation.BindingResult;
 import org.springframework.validation.annotation.Validated;
@@ -26,30 +27,31 @@ public class SysParamController extends BaseController {
 	@Autowired
 	private SysParamService sysParamService;
 
+	@RequiresPermissions("sys:param:qry")
 	@PostMapping("/qryPage.do")
 	public ResponeModel qryPage(SysParam sysParam) {
 		PageInfo<SysParam> page = sysParamService.findByPage(sysParam, sysParam.getPage(), sysParam.getPageSize());
 		return ResponeModel.ok(page);
 	}
-
+	@RequiresPermissions("sys:param:qry")
 	@RequestMapping("/get.do")
 	public ResponeModel get(@RequestParam Serializable id) {
 		SysParam sysParam = sysParamService.findById(id);
 		return ResponeModel.ok(sysParam);
 	}
-
+	@RequiresPermissions("sys:param:save")
 	@PostMapping("/save.do")
 	public ResponeModel save(@Validated SysParam sysParam, BindingResult bindingResult) {
 		int cnt = sysParamService.save(sysParam);
 		return ResponeModel.ok(cnt);
 	}
-
+	@RequiresPermissions("sys:param:update")
 	@PostMapping("/update.do")
 	public ResponeModel update(@Validated SysParam sysParam, BindingResult bindingResult) {
 		int cnt = sysParamService.updateSelective(sysParam);
 		return ResponeModel.ok(cnt);
 	}
-
+	@RequiresPermissions("sys:param:delete")
 	@PostMapping("/delete.do")
 	public ResponeModel delete(@RequestParam Serializable id) {
 		int cnt = sysParamService.deleteById(id);

src/main/java/com/seezoon/framework/modules/system/web/SysParamController.java

@@ -2,6 +2,7 @@
 
 import java.io.Serializable;
 
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.validation.BindingResult;
 import org.springframework.validation.annotation.Validated;
@@ -23,34 +24,43 @@ public class SysRoleController extends BaseController {
 	@Autowired
 	private SysRoleService sysRoleService;
 
+	@RequiresPermissions("sys:role:qry")
 	@PostMapping("/qryPage.do")
 	public ResponeModel qryPage(SysRole sysRole) {
 		PageInfo<SysRole> page = sysRoleService.findByPage(sysRole, sysRole.getPage(), sysRole.getPageSize());
 		return ResponeModel.ok(page);
 	}
+	/**
+	 * 添加修改用户时候会调用
+	 * @return
+	 */
 	@PostMapping("/qryAll.do")
 	public ResponeModel qryAll() {
 		return ResponeModel.ok(this.sysRoleService.findList(null));
 	}
 
+	@RequiresPermissions("sys:role:qry")
 	@RequestMapping("/get.do")
 	public ResponeModel get(@RequestParam Serializable id) {
 		SysRole sysRole = sysRoleService.findById(id);
 		return ResponeModel.ok(sysRole);
 	}
 
+	@RequiresPermissions("sys:role:save")
 	@PostMapping("/save.do")
 	public ResponeModel save(@Validated SysRole sysRole, BindingResult bindingResult) {
 		int cnt = sysRoleService.save(sysRole);
 		return ResponeModel.ok(cnt);
 	}
 
+	@RequiresPermissions("sys:role:update")
 	@PostMapping("/update.do")
 	public ResponeModel update(@Validated SysRole sysRole, BindingResult bindingResult) {
 		int cnt = sysRoleService.updateSelective(sysRole);
 		return ResponeModel.ok(cnt);
 	}
 
+	@RequiresPermissions("sys:role:delete")
 	@PostMapping("/delete.do")
 	public ResponeModel delete(@RequestParam Serializable id) {
 		int cnt = sysRoleService.deleteById(id);

src/main/java/com/seezoon/framework/modules/system/web/SysRoleController.java

@@ -1,9 +1,7 @@
 package com.seezoon.framework.modules.system.web;
 
 import java.io.Serializable;
-import java.util.HashMap;
 import java.util.List;
-import java.util.Map;
 
 import javax.servlet.http.HttpServletRequest;