动态路由

backend/src/main/java/com/qqchen/deploy/backend/deploy/api/TeamApiController.java

@@ -4,53 +4,36 @@ import com.qqchen.deploy.backend.deploy.dto.TeamDTO;
 import com.qqchen.deploy.backend.deploy.entity.Team;
 import com.qqchen.deploy.backend.deploy.query.TeamQuery;
 import com.qqchen.deploy.backend.deploy.service.ITeamService;
-import com.qqchen.deploy.backend.framework.api.Response;
 import com.qqchen.deploy.backend.framework.controller.BaseController;
-import com.qqchen.deploy.backend.framework.security.annotation.CheckPermission;
 import com.qqchen.deploy.backend.framework.security.annotation.PermissionPrefix;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.annotation.Resource;
 import jakarta.servlet.http.HttpServletResponse;
-import jakarta.validation.Valid;
 import lombok.extern.slf4j.Slf4j;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
 
 import java.util.List;
 
 /**
  * 团队API控制器
+ * 继承 BaseController 自动具有基础CRUD权限：
+ * - deploy:team:create (创建)
+ * - deploy:team:update (修改)
+ * - deploy:team:delete (删除)
+ * - deploy:team:view   (详情)
+ * - deploy:team:list   (列表/分页/导出)
  */
 @Slf4j
 @RestController
 @RequestMapping("/api/v1/teams")
-@PermissionPrefix("deploy:team")  // ✅ 定义权限前缀
+@PermissionPrefix("deploy:team")
 @Tag(name = "团队管理", description = "团队的增删改查接口")
 public class TeamApiController extends BaseController<Team, TeamDTO, Long, TeamQuery> {
 
     @Resource
     private ITeamService teamService;
 
-    // ✅ 需要 "deploy:team:create" 权限
-    @Override
-    @CheckPermission("create")
-    public Response<TeamDTO> create(@RequestBody @Valid TeamDTO dto) {
-        return super.create(dto);
-    }
-
-    // ✅ 需要 "deploy:team:update" 权限
-    @Override
-    @CheckPermission("update")
-    public Response<TeamDTO> update(@PathVariable Long id, @RequestBody @Valid TeamDTO dto) {
-        return super.update(id, dto);
-    }
-
-    // ✅ 需要 "deploy:team:delete" 权限
-    @Override
-    @CheckPermission("delete")
-    public Response<Void> delete(@PathVariable Long id) {
-        return super.delete(id);
-    }
-
     @Override
     protected void exportData(HttpServletResponse response, List<TeamDTO> data) {
         // TODO: 实现导出功能

backend/src/main/java/com/qqchen/deploy/backend/framework/controller/BaseController.java

@@ -4,6 +4,7 @@ import com.qqchen.deploy.backend.framework.domain.Entity;
 import com.qqchen.deploy.backend.framework.dto.BaseDTO;
 import com.qqchen.deploy.backend.framework.query.BaseQuery;
 import com.qqchen.deploy.backend.framework.api.Response;
+import com.qqchen.deploy.backend.framework.security.annotation.CheckPermission;
 import com.qqchen.deploy.backend.framework.service.IBaseService;
 import jakarta.servlet.http.HttpServletResponse;
 import org.springframework.data.domain.Page;
@@ -16,6 +17,8 @@ import java.util.concurrent.CompletableFuture;
 
 /**
  * 通用REST控制器
+ * 所有继承此类的Controller自动具有基础CRUD权限控制
+ * 需要在子类上添加 @PermissionPrefix 注解指定权限前缀
  */
 @Validated
 public abstract class BaseController<T extends Entity<ID>, D extends BaseDTO, ID extends Serializable, Q extends BaseQuery> {
@@ -23,42 +26,50 @@ public abstract class BaseController<T extends Entity<ID>, D extends BaseDTO, ID
     protected IBaseService<T, D, Q, ID> service;
 
     @PostMapping
+    @CheckPermission("create")
     public Response<D> create(@Validated @RequestBody D dto) {
         return Response.success(service.create(dto));
     }
 
     @PutMapping("/{id}")
+    @CheckPermission("update")
     public Response<D> update(@PathVariable ID id, @Validated @RequestBody D dto) {
         return Response.success(service.update(id, dto));
     }
 
     @DeleteMapping("/{id}")
+    @CheckPermission("delete")
     public Response<Void> delete(@PathVariable ID id) {
         service.delete(id);
         return Response.success();
     }
 
     @GetMapping("/{id}")
+    @CheckPermission("view")
     public Response<D> findById(@PathVariable ID id) {
         return Response.success(service.findById(id));
     }
 
     @GetMapping
+    @CheckPermission("list")
     public Response<List<D>> findAll() {
         return Response.success(service.findAll());
     }
 
     @GetMapping("/page")
+    @CheckPermission("list")
     public Response<Page<D>> page(Q query) {
         return Response.success(service.page(query));
     }
 
     @GetMapping("/list")
+    @CheckPermission("list")
     public Response<List<D>> findAll(Q query) {
         return Response.success(service.findAll(query));
     }
 
     @PostMapping("/batch")
+    @CheckPermission("create")
     public CompletableFuture<Response<Void>> batchProcess(@RequestBody List<D> dtos) {
         return CompletableFuture.runAsync(() -> {
             service.batchProcess(dtos);
@@ -66,6 +77,7 @@ public abstract class BaseController<T extends Entity<ID>, D extends BaseDTO, ID
     }
 
     @GetMapping("/export")
+    @CheckPermission("list")
     public void export(HttpServletResponse response, Q query) {
         List<D> data = service.findAll(query);
         exportData(response, data);

backend/src/main/java/com/qqchen/deploy/backend/framework/security/aspect/PermissionCheckAspect.java

@@ -79,8 +79,7 @@ public class PermissionCheckAspect {
         if (!hasPermission) {
             log.warn("权限检查失败: user={}, required={}", 
                 authentication.getName(), requiredPermission);
-            throw new BusinessException(ResponseCode.FORBIDDEN, 
+            throw new BusinessException(ResponseCode.FORBIDDEN);
-                new Object[]{"缺少权限: " + requiredPermission});
         }
         
         log.debug("权限检查通过: {}", requiredPermission);