diff --git a/zt-module-base/zt-module-base-server/src/main/java/com/zt/plat/module/base/controller/admin/templtp/TemplateInstanceController.java b/zt-module-base/zt-module-base-server/src/main/java/com/zt/plat/module/base/controller/admin/templtp/TemplateInstanceController.java index 543602e3..b3fffa8d 100644 --- a/zt-module-base/zt-module-base-server/src/main/java/com/zt/plat/module/base/controller/admin/templtp/TemplateInstanceController.java +++ b/zt-module-base/zt-module-base-server/src/main/java/com/zt/plat/module/base/controller/admin/templtp/TemplateInstanceController.java @@ -147,7 +147,7 @@ public class TemplateInstanceController extends AbstractFileUploadController { //模版实例发布 @PostMapping("/publish-batch") @Operation(summary = "模版实例发布") - @PreAuthorize("@ss.hasPermission('base:template-instance:publish')") + @PreAuthorize("@ss.hasPermission('base:template-instance:update')") public CommonResult publishTemplateInstance(@Valid @RequestBody List publishReqVOS) { templateInstanceService.publishTemplateInstance(publishReqVOS); return success(true); @@ -172,7 +172,7 @@ public class TemplateInstanceController extends AbstractFileUploadController { //停用和启用接口 @PostMapping("/disable-enable") @Operation(summary = "实例停用和启用接口", description = "实例停用和启用接口") - @PreAuthorize("@ss.hasPermission('base:template-instance:disable-enable')") + @PreAuthorize("@ss.hasPermission('base:template-instance:update')") public CommonResult setDisableOrEnable(@Valid @RequestBody DisableEnableReqVO reqVO) { templateInstanceService.setDisableOrEnable(reqVO); return success(true); @@ -181,6 +181,7 @@ public class TemplateInstanceController extends AbstractFileUploadController { //根据id获取实例版本号 @GetMapping("/get-version") @Operation(summary = "根据id获取实例版本号") + @PreAuthorize("@ss.hasPermission('base:template-instance:query')") public CommonResult> getVersion(@Valid @NotEmpty(message = "模版实例id不能为空") @RequestParam("id") String id) { return success(templateInstanceService.getVersion(id)); } @@ -188,7 +189,7 @@ public class TemplateInstanceController extends AbstractFileUploadController { //创建版本 @PostMapping("/create-version") @Operation(summary = "创建版本") - @PreAuthorize("@ss.hasPermission('base:template-instance:create-version')") + @PreAuthorize("@ss.hasPermission('base:template-instance:create')") public CommonResult createVersion(@Valid @NotEmpty(message = "模版实例id不能为空") String id) { return success(templateInstanceService.createVersion(id)); } @@ -196,6 +197,7 @@ public class TemplateInstanceController extends AbstractFileUploadController { //通过模版编码查看历史版本 @GetMapping("/list-by-template-cdg") @Operation(summary = "通过模版编码(cdg)查看历史版本", description = "通过模版编码查看历史版本,已按照发布时间和创建时间降序排序") + @PreAuthorize("@ss.hasPermission('base:template-instance:query')") public CommonResult> listByTemplateCode(@RequestParam("cdg") @Valid @NotEmpty(message = "模版编号不能为空") String templateCode) { return success(templateInstanceService.listByCdg(templateCode)); } @@ -203,6 +205,7 @@ public class TemplateInstanceController extends AbstractFileUploadController { //通过实例id获取字段和条款详情 @GetMapping("/field-and-clause-detail") @Operation(summary = "通过实例id获取字段和条款详情") + @PreAuthorize("@ss.hasPermission('base:template-instance:query')") public CommonResult getFieldAndClauseDetail(@Valid @NotEmpty(message = "模版实例id不能为空") @RequestParam("id") String id) { return success(templateInstanceService.getFieldAndClauseDetail(id)); } diff --git a/zt-module-base/zt-module-base-server/src/main/java/com/zt/plat/module/base/controller/admin/templtp/TmplItmController.java b/zt-module-base/zt-module-base-server/src/main/java/com/zt/plat/module/base/controller/admin/templtp/TmplItmController.java index 288b802e..41516be2 100644 --- a/zt-module-base/zt-module-base-server/src/main/java/com/zt/plat/module/base/controller/admin/templtp/TmplItmController.java +++ b/zt-module-base/zt-module-base-server/src/main/java/com/zt/plat/module/base/controller/admin/templtp/TmplItmController.java @@ -37,6 +37,7 @@ public class TmplItmController { @PostMapping("/create") @Operation(summary = "创建模板条款") + @PreAuthorize("@ss.hasPermission('base:tmpl-ltm:create')") public CommonResult createTmplItm(@Valid @RequestBody TmplItmSaveReqVO createReqVO) { TmplItmRespVO tmplItm = tmplItmService.createTmplItm(createReqVO); return success(tmplItm); @@ -44,6 +45,7 @@ public class TmplItmController { @PutMapping("/update") @Operation(summary = "更新模板条款") + @PreAuthorize("@ss.hasPermission('base:tmpl-ltm:update')") public CommonResult updateTmplItm(@Valid @RequestBody TmplItmSaveReqVO updateReqVO) { tmplItmService.updateTmplItm(updateReqVO); return success(true); @@ -51,17 +53,20 @@ public class TmplItmController { @DeleteMapping("/delete") @Operation(summary = "删除模板条款", description = "") + @PreAuthorize("@ss.hasPermission('base:tmpl-ltm:delete')") public CommonResult deleteTmplItm(@RequestBody BatchDeleteReqVO req) { return success(tmplItmService.deleteTmplItm(req.getIds())); } @GetMapping("/id") @Operation(summary = "根据id获得模板条款") + @PreAuthorize("@ss.hasPermission('base:tmpl-ltm:query')") public CommonResult getTmplItm(@RequestBody String id) { return success(BeanUtils.toBean(tmplItmService.getById(id), TmplItmRespVO.class)); } @GetMapping("/list") + @Operation(summary = "获得模板条款") public CommonResult> listTmplItm(Map params) { // 创建查询条件构造器 QueryWrapper queryWrapper = new QueryWrapper<>(); @@ -86,6 +91,7 @@ public class TmplItmController { @GetMapping("/page") @Operation(summary = "分页获得模板条款") + @PreAuthorize("@ss.hasPermission('base:tmpl-ltm:query')") public CommonResult> pageTmplItm(@Validated TmpItmPageReqVO pageReqVO) { PageResult pageResult = tmplItmService.pageTmplItm(pageReqVO); return success(BeanUtils.toBean(pageResult, TmplItmRespVO.class)); diff --git a/zt-module-base/zt-module-base-server/src/main/java/com/zt/plat/module/base/controller/admin/templtp/TmplTpController.java b/zt-module-base/zt-module-base-server/src/main/java/com/zt/plat/module/base/controller/admin/templtp/TmplTpController.java index a09c4411..e62c682b 100644 --- a/zt-module-base/zt-module-base-server/src/main/java/com/zt/plat/module/base/controller/admin/templtp/TmplTpController.java +++ b/zt-module-base/zt-module-base-server/src/main/java/com/zt/plat/module/base/controller/admin/templtp/TmplTpController.java @@ -124,6 +124,7 @@ public class TmplTpController extends AbstractFileUploadController implements Bu //获取分类树 @GetMapping("/tree") @Operation(summary = "获得分类树--上级") + @PreAuthorize("@ss.hasPermission('base:tmpl-tp:query')") public CommonResult> getTree(@RequestParam(value = "num",required = false) String num,@RequestParam(value = "name",required = false) String name) { List tree = tmplTpService.buildTree(num,name); return success(tree); diff --git a/zt-module-base/zt-module-base-server/src/main/java/com/zt/plat/module/base/controller/admin/templtp/TmplTpFldController.java b/zt-module-base/zt-module-base-server/src/main/java/com/zt/plat/module/base/controller/admin/templtp/TmplTpFldController.java index 503b14c5..d7032dea 100644 --- a/zt-module-base/zt-module-base-server/src/main/java/com/zt/plat/module/base/controller/admin/templtp/TmplTpFldController.java +++ b/zt-module-base/zt-module-base-server/src/main/java/com/zt/plat/module/base/controller/admin/templtp/TmplTpFldController.java @@ -34,7 +34,7 @@ public class TmplTpFldController { private final TmplTpFldService tmplTpFldService; @PostMapping("/create") @Operation(summary = "创建模板字段") -// @PreAuthorize("@ss.hasPermission('base:tmpl-tp-fld:create')") + @PreAuthorize("@ss.hasPermission('base:tmpl-tp-fld:create')") public CommonResult createTmplFld(@Valid @RequestBody TmplTpFldSaveReqVO tmplTpFldSaveReqVO) { return success(tmplTpFldService.createTmplFld(tmplTpFldSaveReqVO)); } @@ -55,14 +55,14 @@ public class TmplTpFldController { } @GetMapping("/page") @Operation(summary = "获得模板字段列表") - @PreAuthorize("@ss.hasPermission('base:tmpl-tp-fld:list')") + @PreAuthorize("@ss.hasPermission('base:tmpl-tp-fld:query')") public CommonResult> getTmplTpList( @Valid TmplFldPageReqVO pageReqVO) { PageResult pageResult = tmplTpFldService.tmplTpFldPage(pageReqVO); return success(BeanUtils.toBean(pageResult, TmplFldRespVO.class)); } @GetMapping("/class-fld") @Operation(summary = "获得类固定模板字段列表", description = "clazz为VO类类名") - @PreAuthorize("@ss.hasPermission('base:tmpl-tp-fld:list')") + @PreAuthorize("@ss.hasPermission('base:tmpl-tp-fld:query')") public CommonResult>> getTmplTpListByClass(String clazz) { return success(tmplTpFldService.getTmplTpListByClass(clazz)); } diff --git a/zt-module-contract-order/zt-module-contract-order-server/src/main/java/com/zt/plat/module/contractorder/controller/admin/purchaseorder/PurchaseOrderController.java b/zt-module-contract-order/zt-module-contract-order-server/src/main/java/com/zt/plat/module/contractorder/controller/admin/purchaseorder/PurchaseOrderController.java index a2de655b..47f37e3d 100644 --- a/zt-module-contract-order/zt-module-contract-order-server/src/main/java/com/zt/plat/module/contractorder/controller/admin/purchaseorder/PurchaseOrderController.java +++ b/zt-module-contract-order/zt-module-contract-order-server/src/main/java/com/zt/plat/module/contractorder/controller/admin/purchaseorder/PurchaseOrderController.java @@ -159,6 +159,7 @@ public class PurchaseOrderController implements BusinessControllerMarker { //通过订单号查询订单信息 @PostMapping("/get-order-by-order-no") @Operation(summary = "通过订单号查询订单信息", description = "通过订单号查询订单信息") + @PreAuthorize("@ss.hasPermission('bse:purchase-order:query')") public CommonResult> getOrderByOrderNo(@RequestBody @Validated @NotEmpty(message = "采购订单不能为空") List orderNos) { return success(purchaseOrderService.getOrderByOrderNo(orderNos)); } @@ -166,6 +167,7 @@ public class PurchaseOrderController implements BusinessControllerMarker { //根据订单id修改订单状态 @PutMapping("/update-order-status") @Operation(summary = "批量修改订单状态", description = "sts取值于字典名称'采购订单状态',字典类型'PRCH_ORD_STS' 可以根据订单号和订单id修改") + @PreAuthorize("@ss.hasPermission('bse:purchase-order:update')") public CommonResult updateOrderStatus(@RequestBody @Validated OrderStsReqVO req) { purchaseOrderService.updateOrderStatusByIdOrOrderNo(req); return success(true); @@ -174,6 +176,7 @@ public class PurchaseOrderController implements BusinessControllerMarker { //查询物料接口 @GetMapping("/material") @Operation(summary = "查询物料接口") + @PreAuthorize("@ss.hasPermission('bse:purchase-order:query')") public CommonResult getMaterialList(@RequestParam @Schema(description = "采购订单号") @Validated @@ -185,12 +188,14 @@ public class PurchaseOrderController implements BusinessControllerMarker { //关联订单 @PostMapping("/link-order") @Operation(summary = "关联订单") + @PreAuthorize("@ss.hasPermission('bse:purchase-order:update')") public CommonResult linkOrder(@RequestBody @Validated LinkOrderReqVO req) { return success(purchaseOrderService.linkOrder(req)); } @PostMapping("/order-pass-reject") @Operation(summary = "订单审核") + @PreAuthorize("@ss.hasPermission('bse:purchase-order:update')") public CommonResult orderPassReject(@RequestBody PurchaseorderReqVO reqVO) { return success(purchaseOrderService.orderPassReject(reqVO)); } @@ -198,6 +203,7 @@ public class PurchaseOrderController implements BusinessControllerMarker { //根据订单id和方式获取上或下游订单 @PostMapping("/order-by-order-id-and-type") @Operation(summary = "根据订单id和方式获取上或下游订单") + @PreAuthorize("@ss.hasPermission('bse:purchase-order:query')") public CommonResult> getOrderByOrderIdAndType(@RequestBody DownOrUpOrderReqVO reqVO) { return success( purchaseOrderService.getOrderByOrderIdAndType(reqVO)); } @@ -205,6 +211,7 @@ public class PurchaseOrderController implements BusinessControllerMarker { @PostMapping("/bound-order") @Operation(summary = "获取已绑定的订单") + @PreAuthorize("@ss.hasPermission('bse:purchase-order:query')") public CommonResult> boundOrder(@RequestBody DownOrUpOrderReqVO reqVO) { return success(purchaseOrderService.getBindOrderByOrder(reqVO)); } diff --git a/zt-module-contract-order/zt-module-contract-order-server/src/main/java/com/zt/plat/module/contractorder/controller/admin/salesorder/SalesOrderController.java b/zt-module-contract-order/zt-module-contract-order-server/src/main/java/com/zt/plat/module/contractorder/controller/admin/salesorder/SalesOrderController.java index 2ee17b3a..e4814558 100644 --- a/zt-module-contract-order/zt-module-contract-order-server/src/main/java/com/zt/plat/module/contractorder/controller/admin/salesorder/SalesOrderController.java +++ b/zt-module-contract-order/zt-module-contract-order-server/src/main/java/com/zt/plat/module/contractorder/controller/admin/salesorder/SalesOrderController.java @@ -143,6 +143,7 @@ public class SalesOrderController implements BusinessControllerMarker { //推送erp091 @PostMapping("/push-erp091") @Operation(summary = "推送erp091") + @PreAuthorize("@ss.hasPermission('bse:purchase-order:update')") public CommonResult pushErp091(@RequestBody @Validated @NotEmpty(message = "销售订单id不能为空") List ids) { ids.forEach(id -> salesOrderService.pushErp091(id)); return success(true); @@ -151,6 +152,7 @@ public class SalesOrderController implements BusinessControllerMarker { //提交审批 @PostMapping("/submit-order") @Operation(summary = "提交审批") + @PreAuthorize("@ss.hasPermission('bse:purchase-order:update')") public CommonResult submitOrder(@RequestParam("id") String id) { return success(salesOrderService.submitOrder(id)); } @@ -167,6 +169,7 @@ public class SalesOrderController implements BusinessControllerMarker { //提交审批 @PostMapping("/order-pass-reject") @Operation(summary = "订单审核") + @PreAuthorize("@ss.hasPermission('bse:purchase-order:update')") public CommonResult orderPassReject(@RequestBody SalesOrderReviewReqVO reqVO) { return success(salesOrderService.orderPassReject(reqVO)); } @@ -174,6 +177,7 @@ public class SalesOrderController implements BusinessControllerMarker { //关联订单 @PostMapping("/link-order") @Operation(summary = "关联订单") + @PreAuthorize("@ss.hasPermission('bse:purchase-order:update')") public CommonResult linkOrder(@RequestBody @Validated LinkOrderReqVO req) { return success(salesOrderService.linkOrder(req)); } @@ -181,6 +185,7 @@ public class SalesOrderController implements BusinessControllerMarker { //根据订单id和方式获取上或下游订单 @PostMapping("/order-by-order-id-and-type") @Operation(summary = "根据订单id和方式获取上或下游订单") + @PreAuthorize("@ss.hasPermission('bse:purchase-order:query')") public CommonResult> getOrderByOrderIdAndType(@RequestBody DownOrUpOrderReqVO reqVO) { return success(salesOrderService.getOrderByOrderIdAndType(reqVO)); } @@ -188,12 +193,14 @@ public class SalesOrderController implements BusinessControllerMarker { @PostMapping("/bound-order") @Operation(summary = "获取已绑定的订单") + @PreAuthorize("@ss.hasPermission('bse:purchase-order:query')") public CommonResult> boundOrder(@RequestBody DownOrUpOrderReqVO reqVO) { return success(salesOrderService.getBindOrderByOrder(reqVO)); } @PutMapping("/update-order-status") @Operation(summary = "批量修改订单状态", description = "sts取值于字典名称'销售订单状态',字典类型'PRCH_ORD_STS' 可以根据订单号和订单id修改") + @PreAuthorize("@ss.hasPermission('bse:purchase-order:update')") public CommonResult updateOrderStatus(@RequestBody @Validated OrderStsReqVO req) { salesOrderService.updateOrderStatusByIdOrOrderNo(req); return success(true);