fix: 菜单和字典表管理只能是超级管理员和平台管理员可以操作

黄 x
1 parent 9d8e6eb1
Showing 3 changed files with 7 additions and 3 deletions
application/src/main/java/org/thingsboard/server/controller/yunteng/YtDictController.java
application/src/main/java/org/thingsboard/server/controller/yunteng/YtDictItemController.java
application/src/main/java/org/thingsboard/server/controller/yunteng/YtMenuController.java
--- a/application/src/main/java/org/thingsboard/server/controller/yunteng/YtDictController.java
View file @60255ce
+++ b/application/src/main/java/org/thingsboard/server/controller/yunteng/YtDictController.java
View file @60255ce
 package org.thingsboard.server.controller.yunteng;
 
 import lombok.RequiredArgsConstructor;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
@@ -23,6 +24,7 @@ import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.
 @RestController
 @RequestMapping("api/yt/dict")
 @RequiredArgsConstructor
+@PreAuthorize("hasAnyAuthority('SYS_ADMIN','PLATFORM_ADMIN')")
 public class YtDictController extends BaseController {
   private final SysDictService sysDictService;
 
--- a/application/src/main/java/org/thingsboard/server/controller/yunteng/YtDictItemController.java
View file @60255ce
+++ b/application/src/main/java/org/thingsboard/server/controller/yunteng/YtDictItemController.java
View file @60255ce
@@ -2,6 +2,7 @@ package org.thingsboard.server.controller.yunteng;
 
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
@@ -26,6 +27,7 @@ import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.
 @RestController
 @RequestMapping("api/yt/dictItem")
 @RequiredArgsConstructor
+@PreAuthorize("hasAnyAuthority('SYS_ADMIN','PLATFORM_ADMIN')")
 public class YtDictItemController extends BaseController {
   private final SysDictItemService sysDictItemService;
 
--- a/application/src/main/java/org/thingsboard/server/controller/yunteng/YtMenuController.java
View file @60255ce
+++ b/application/src/main/java/org/thingsboard/server/controller/yunteng/YtMenuController.java
View file @60255ce
@@ -51,7 +51,7 @@ public class YtMenuController extends BaseController {
   }
 
   @PutMapping
-  //  @PreAuthorize("@iot.check('menu:update')")
+  @PreAuthorize("hasAnyAuthority('SYS_ADMIN','PLATFORM_ADMIN')")
   public MenuDTO updateMenu(@RequestBody MenuDTO menuDTO) throws ThingsboardException {
     Assert.notNull(menuDTO.getId(), "menuId cannot be null");
     return menuService.updateMenu(
@@ -59,7 +59,7 @@ public class YtMenuController extends BaseController {
   }
 
   @PostMapping
-  @PreAuthorize("hasAnyAuthority('SYS_ADMIN')")
+  @PreAuthorize("hasAnyAuthority('SYS_ADMIN','PLATFORM_ADMIN')")
   public ResponseEntity<MenuDTO> saveMenu(@RequestBody MenuDTO menuDTO)
       throws ThingsboardException {
     MenuDTO newMenuDTO =
@@ -79,7 +79,7 @@ public class YtMenuController extends BaseController {
   }
 
   @DeleteMapping
-  @PreAuthorize("hasAnyAuthority('SYS_ADMIN')")
+  @PreAuthorize("hasAnyAuthority('SYS_ADMIN','PLATFORM_ADMIN')")
   public void deleteMenus(@RequestBody String[] ids) throws ThingsboardException {
     if (ids.length == 0) {
       throw new YtDataValidationException("please provide menu ids to delete");