diff --git a/backend/src/main/java/com/qqchen/deploy/backend/deploy/api/TeamApiController.java b/backend/src/main/java/com/qqchen/deploy/backend/deploy/api/TeamApiController.java index 97220ac4..91f1d367 100644 --- a/backend/src/main/java/com/qqchen/deploy/backend/deploy/api/TeamApiController.java +++ b/backend/src/main/java/com/qqchen/deploy/backend/deploy/api/TeamApiController.java @@ -4,53 +4,36 @@ import com.qqchen.deploy.backend.deploy.dto.TeamDTO; import com.qqchen.deploy.backend.deploy.entity.Team; import com.qqchen.deploy.backend.deploy.query.TeamQuery; import com.qqchen.deploy.backend.deploy.service.ITeamService; -import com.qqchen.deploy.backend.framework.api.Response; import com.qqchen.deploy.backend.framework.controller.BaseController; -import com.qqchen.deploy.backend.framework.security.annotation.CheckPermission; import com.qqchen.deploy.backend.framework.security.annotation.PermissionPrefix; import io.swagger.v3.oas.annotations.tags.Tag; import jakarta.annotation.Resource; import jakarta.servlet.http.HttpServletResponse; -import jakarta.validation.Valid; import lombok.extern.slf4j.Slf4j; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; import java.util.List; /** * 团队API控制器 + * 继承 BaseController 自动具有基础CRUD权限: + * - deploy:team:create (创建) + * - deploy:team:update (修改) + * - deploy:team:delete (删除) + * - deploy:team:view (详情) + * - deploy:team:list (列表/分页/导出) */ @Slf4j @RestController @RequestMapping("/api/v1/teams") -@PermissionPrefix("deploy:team") // ✅ 定义权限前缀 +@PermissionPrefix("deploy:team") @Tag(name = "团队管理", description = "团队的增删改查接口") public class TeamApiController extends BaseController { @Resource private ITeamService teamService; - // ✅ 需要 "deploy:team:create" 权限 - @Override - @CheckPermission("create") - public Response create(@RequestBody @Valid TeamDTO dto) { - return super.create(dto); - } - - // ✅ 需要 "deploy:team:update" 权限 - @Override - @CheckPermission("update") - public Response update(@PathVariable Long id, @RequestBody @Valid TeamDTO dto) { - return super.update(id, dto); - } - - // ✅ 需要 "deploy:team:delete" 权限 - @Override - @CheckPermission("delete") - public Response delete(@PathVariable Long id) { - return super.delete(id); - } - @Override protected void exportData(HttpServletResponse response, List data) { // TODO: 实现导出功能 diff --git a/backend/src/main/java/com/qqchen/deploy/backend/framework/controller/BaseController.java b/backend/src/main/java/com/qqchen/deploy/backend/framework/controller/BaseController.java index 3e8da949..31976432 100644 --- a/backend/src/main/java/com/qqchen/deploy/backend/framework/controller/BaseController.java +++ b/backend/src/main/java/com/qqchen/deploy/backend/framework/controller/BaseController.java @@ -4,6 +4,7 @@ import com.qqchen.deploy.backend.framework.domain.Entity; import com.qqchen.deploy.backend.framework.dto.BaseDTO; import com.qqchen.deploy.backend.framework.query.BaseQuery; import com.qqchen.deploy.backend.framework.api.Response; +import com.qqchen.deploy.backend.framework.security.annotation.CheckPermission; import com.qqchen.deploy.backend.framework.service.IBaseService; import jakarta.servlet.http.HttpServletResponse; import org.springframework.data.domain.Page; @@ -16,6 +17,8 @@ import java.util.concurrent.CompletableFuture; /** * 通用REST控制器 + * 所有继承此类的Controller自动具有基础CRUD权限控制 + * 需要在子类上添加 @PermissionPrefix 注解指定权限前缀 */ @Validated public abstract class BaseController, D extends BaseDTO, ID extends Serializable, Q extends BaseQuery> { @@ -23,42 +26,50 @@ public abstract class BaseController, D extends BaseDTO, ID protected IBaseService service; @PostMapping + @CheckPermission("create") public Response create(@Validated @RequestBody D dto) { return Response.success(service.create(dto)); } @PutMapping("/{id}") + @CheckPermission("update") public Response update(@PathVariable ID id, @Validated @RequestBody D dto) { return Response.success(service.update(id, dto)); } @DeleteMapping("/{id}") + @CheckPermission("delete") public Response delete(@PathVariable ID id) { service.delete(id); return Response.success(); } @GetMapping("/{id}") + @CheckPermission("view") public Response findById(@PathVariable ID id) { return Response.success(service.findById(id)); } @GetMapping + @CheckPermission("list") public Response> findAll() { return Response.success(service.findAll()); } @GetMapping("/page") + @CheckPermission("list") public Response> page(Q query) { return Response.success(service.page(query)); } @GetMapping("/list") + @CheckPermission("list") public Response> findAll(Q query) { return Response.success(service.findAll(query)); } @PostMapping("/batch") + @CheckPermission("create") public CompletableFuture> batchProcess(@RequestBody List dtos) { return CompletableFuture.runAsync(() -> { service.batchProcess(dtos); @@ -66,6 +77,7 @@ public abstract class BaseController, D extends BaseDTO, ID } @GetMapping("/export") + @CheckPermission("list") public void export(HttpServletResponse response, Q query) { List data = service.findAll(query); exportData(response, data); diff --git a/backend/src/main/java/com/qqchen/deploy/backend/framework/security/aspect/PermissionCheckAspect.java b/backend/src/main/java/com/qqchen/deploy/backend/framework/security/aspect/PermissionCheckAspect.java index 0255d155..83547554 100644 --- a/backend/src/main/java/com/qqchen/deploy/backend/framework/security/aspect/PermissionCheckAspect.java +++ b/backend/src/main/java/com/qqchen/deploy/backend/framework/security/aspect/PermissionCheckAspect.java @@ -79,8 +79,7 @@ public class PermissionCheckAspect { if (!hasPermission) { log.warn("权限检查失败: user={}, required={}", authentication.getName(), requiredPermission); - throw new BusinessException(ResponseCode.FORBIDDEN, - new Object[]{"缺少权限: " + requiredPermission}); + throw new BusinessException(ResponseCode.FORBIDDEN); } log.debug("权限检查通过: {}", requiredPermission);