权限

src/main/java/com/izouma/wenlvju/web/ArtTypeController.java

@@ -23,7 +23,7 @@ public class ArtTypeController extends BaseController {
     private ArtTypeService artTypeService;
     private ArtTypeRepo    artTypeRepo;
 
-    //@PreAuthorize("hasRole('ADMIN')")
+    @PreAuthorize("hasRole('ADMIN')")
     @PostMapping("/save")
     public ArtType save(@RequestBody ArtType record) {
         if (record.getId() != null) {
@@ -51,6 +51,7 @@ public class ArtTypeController extends BaseController {
         return artTypeRepo.findById(id).orElseThrow(new BusinessException("无记录"));
     }
 
+    @PreAuthorize("hasRole('ADMIN')")
     @PostMapping("/del/{id}")
     public void del(@PathVariable Long id) {
         artTypeRepo.softDelete(id);

src/main/java/com/izouma/wenlvju/web/GradingOrganizationController.java

@@ -22,7 +22,7 @@ public class GradingOrganizationController extends BaseController {
     private GradingOrganizationService gradingOrganizationService;
     private GradingOrganizationRepo gradingOrganizationRepo;
 
-    //@PreAuthorize("hasRole('ADMIN')")
+    @PreAuthorize("hasRole('ADMIN')")
     @PostMapping("/save")
     public GradingOrganization save(@RequestBody GradingOrganization record) {
         if (record.getId() != null) {
@@ -45,6 +45,7 @@ public class GradingOrganizationController extends BaseController {
         return gradingOrganizationRepo.findById(id).orElseThrow(new BusinessException("无记录"));
     }
 
+    @PreAuthorize("hasRole('ADMIN')")
     @PostMapping("/del/{id}")
     public void del(@PathVariable Long id) {
         gradingOrganizationRepo.softDelete(id);

src/main/java/com/izouma/wenlvju/web/OrganizationController.java

@@ -70,6 +70,7 @@ public class OrganizationController extends BaseController {
         return organizationRepo.findByUserId(userId).orElseThrow(new BusinessException("无记录"));
     }
 
+    @PreAuthorize("hasRole('ADMIN')")
     @PostMapping("/del/{id}")
     public void del(@PathVariable Long id) {
         organizationService.del(id);

src/main/java/com/izouma/wenlvju/web/PerformanceController.java

@@ -22,7 +22,7 @@ public class PerformanceController extends BaseController {
     private PerformanceService performanceService;
     private PerformanceRepo performanceRepo;
 
-    //@PreAuthorize("hasRole('ADMIN')")
+    @PreAuthorize("hasRole('ADMIN')")
     @PostMapping("/save")
     public Performance save(@RequestBody Performance record) {
         if (record.getId() != null) {
@@ -45,6 +45,7 @@ public class PerformanceController extends BaseController {
         return performanceRepo.findById(id).orElseThrow(new BusinessException("无记录"));
     }
 
+    @PreAuthorize("hasRole('ADMIN')")
     @PostMapping("/del/{id}")
     public void del(@PathVariable Long id) {
         performanceRepo.softDelete(id);

src/main/java/com/izouma/wenlvju/web/RateAuditController.java

@@ -1,9 +1,10 @@
 package com.izouma.wenlvju.web;
+
 import com.izouma.wenlvju.domain.RateAudit;
-import com.izouma.wenlvju.service.RateAuditService;
 import com.izouma.wenlvju.dto.PageQuery;
 import com.izouma.wenlvju.exception.BusinessException;
 import com.izouma.wenlvju.repo.RateAuditRepo;
+import com.izouma.wenlvju.service.RateAuditService;
 import com.izouma.wenlvju.utils.ObjUtils;
 import com.izouma.wenlvju.utils.SecurityUtils;
 import com.izouma.wenlvju.utils.excel.ExcelUtils;
@@ -14,7 +15,6 @@ import org.springframework.web.bind.annotation.*;
 
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
-import java.time.LocalDateTime;
 import java.util.List;
 
 @RestController
@@ -50,6 +50,7 @@ public class RateAuditController extends BaseController {
         return rateAuditRepo.findById(id).orElseThrow(new BusinessException("无记录"));
     }
 
+    @PreAuthorize("hasRole('ADMIN')")
     @PostMapping("/del/{id}")
     public void del(@PathVariable Long id) {
         rateAuditRepo.softDelete(id);

src/main/java/com/izouma/wenlvju/web/RateController.java

@@ -3,12 +3,18 @@ package com.izouma.wenlvju.web;
 import cn.hutool.core.collection.CollUtil;
 import com.github.kevinsawicki.http.HttpRequest;
 import com.izouma.wenlvju.annotations.OperLog;
-import com.izouma.wenlvju.domain.*;
+import com.izouma.wenlvju.domain.GradingOrganization;
+import com.izouma.wenlvju.domain.Organization;
+import com.izouma.wenlvju.domain.Rate;
+import com.izouma.wenlvju.domain.User;
 import com.izouma.wenlvju.dto.PageQuery;
 import com.izouma.wenlvju.dto.RateDTO;
 import com.izouma.wenlvju.enums.RateStatus;
 import com.izouma.wenlvju.exception.BusinessException;
-import com.izouma.wenlvju.repo.*;
+import com.izouma.wenlvju.repo.GradingOrganizationRepo;
+import com.izouma.wenlvju.repo.OrganizationRepo;
+import com.izouma.wenlvju.repo.RateRepo;
+import com.izouma.wenlvju.repo.UserRepo;
 import com.izouma.wenlvju.service.RateService;
 import com.izouma.wenlvju.utils.SecurityUtils;
 import com.izouma.wenlvju.utils.excel.ExcelUtils;
@@ -38,7 +44,6 @@ public class RateController extends BaseController {
     private final OrganizationRepo        organizationRepo;
     private final UserRepo                userRepo;
     private final GradingOrganizationRepo gradingOrganizationRepo;
-    private final RateAuditRepo           rateAuditRepo;
 
     //@PreAuthorize("hasRole('ADMIN')")
     @PostMapping("/save")
@@ -92,6 +97,7 @@ public class RateController extends BaseController {
         return rate;
     }
 
+    @PreAuthorize("hasRole('ADMIN')")
     @PostMapping("/del/{id}")
     public void del(@PathVariable Long id) {
         rateRepo.softDelete(id);

src/main/java/com/izouma/wenlvju/web/RateExpertAuditController.java

@@ -43,6 +43,7 @@ public class RateExpertAuditController extends BaseController {
         return rateExpertAuditRepo.save(record);
     }
 
+    @PreAuthorize("hasAnyRole('ADMIN','DISTRICT','DISTRICT_STAFF','EXPERT')")
     @PostMapping("/batchSave")
     public void batchSave(String audits) {
         List<RateExpertAudit> rateExpertAudits = JSONObject.parseArray(audits, RateExpertAudit.class);
@@ -67,6 +68,7 @@ public class RateExpertAuditController extends BaseController {
         return rateExpertAuditRepo.findById(id).orElseThrow(new BusinessException("无记录"));
     }
 
+    @PreAuthorize("hasRole('ADMIN')")
     @PostMapping("/del/{id}")
     public void del(@PathVariable Long id) {
         rateExpertAuditRepo.softDelete(id);

src/main/java/com/izouma/wenlvju/web/RecordController.java

@@ -1,6 +1,5 @@
 package com.izouma.wenlvju.web;
 
-import cn.hutool.core.bean.BeanUtil;
 import com.izouma.wenlvju.domain.Record;
 import com.izouma.wenlvju.domain.User;
 import com.izouma.wenlvju.dto.PageQuery;
@@ -17,6 +16,7 @@ import com.izouma.wenlvju.utils.excel.ExcelUtils;
 import io.swagger.annotations.ApiOperation;
 import lombok.AllArgsConstructor;
 import org.springframework.data.domain.Page;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import javax.servlet.http.HttpServletResponse;
@@ -56,6 +56,7 @@ public class RecordController extends BaseController {
         return recordRepo.findById(id).orElseThrow(new BusinessException("无记录"));
     }
 
+    @PreAuthorize("hasRole('ADMIN')")
     @PostMapping("/del/{id}")
     public void del(@PathVariable Long id) {
         recordRepo.softDelete(id);