简柏林 / thingskit · Commits

Commit dc32fe140d74d11bb32b2a198a4bfd0cd6ffae2b

Authored by xp.Huang
2 parents 4c71b7d9 0263eb6b

Merge branch '20220907' into 'master' 

feat: 后端接口添加角色权限标识

See merge request huang/thingsboard3.3.2!130
Inline Side-by-side
Showing 37 changed files with 191 additions and 74 deletions
... ... @@ -25,7 +25,7 @@ import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.
25 25 @RequestMapping("api/yt/alarm/profile")
26 26 @Api(tags = {"告警配置"})
27 27 @RequiredArgsConstructor
28   -@PreAuthorize("hasAnyAuthority('TENANT_ADMIN','CUSTOMER_USER')")
  28 +@PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{})")
29 29 public class AlarmProfileController extends BaseController {
30 30
31 31 private final AlarmProfileService alarmProfileService;
... ... @@ -61,6 +61,7 @@ public class AlarmProfileController extends BaseController {
61 61
62 62 @PostMapping
63 63 @ApiOperation("新增|编辑")
  64 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:alarm:profile:post','api:yt:alarm:profile:update'})")
64 65 public AlarmProfileDTO saveOrUpdateAlarmProfile(
65 66 @Validated @RequestBody AlarmProfileDTO alarmProfileDTO) throws ThingsboardException {
66 67 alarmProfileDTO.setTenantId(getCurrentUser().getCurrentTenantId());
... ... @@ -69,6 +70,7 @@ public class AlarmProfileController extends BaseController {
69 70
70 71 @DeleteMapping
71 72 @ApiOperation("删除")
  73 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:alarm:profile:delete'})")
72 74 public boolean deleteAlarmProfile(@Validated(DeleteGroup.class) @RequestBody DeleteDTO deleteDTO)
73 75 throws ThingsboardException {
74 76 deleteDTO.setTenantId(getCurrentUser().getCurrentTenantId());
... ... @@ -77,6 +79,7 @@ public class AlarmProfileController extends BaseController {
77 79
78 80 @GetMapping("{alarmProfileId}/{status}")
79 81 @ApiOperation("更新状态")
  82 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:alarm:profile:update'})")
80 83 public AlarmProfileDTO saveOrUpdateAlarmProfile(
81 84 @PathVariable("alarmProfileId") String alarmProfileId, @PathVariable("status") Integer status)
82 85 throws ThingsboardException {
... ...
... ... @@ -14,7 +14,9 @@ import org.springframework.web.context.request.async.DeferredResult;
14 14 import org.thingsboard.server.common.data.exception.ThingsboardException;
15 15 import org.thingsboard.server.common.data.query.TsValue;
16 16 import org.thingsboard.server.common.data.yunteng.core.message.ErrorMessage;
17   -import org.thingsboard.server.common.data.yunteng.dto.*;
  17 +import org.thingsboard.server.common.data.yunteng.dto.HomePageLeftTopDTO;
  18 +import org.thingsboard.server.common.data.yunteng.dto.TenantDTO;
  19 +import org.thingsboard.server.common.data.yunteng.dto.TenantTransportMessageDTO;
18 20 import org.thingsboard.server.common.data.yunteng.dto.statistics.HomePageAppDTO;
19 21 import org.thingsboard.server.common.data.yunteng.enums.TrendType;
20 22 import org.thingsboard.server.common.data.yunteng.utils.tools.YtPageData;
... ... @@ -52,7 +54,7 @@ public class HomePageController extends BaseController {
52 54
53 55 @GetMapping("right/overdue")
54 56 @ApiOperation(value = "获取右侧过期租户信息")
55   - @PreAuthorize("hasAnyAuthority('SYS_ADMIN','PLATFORM_ADMIN')")
  57 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN'},{})")
56 58 public ResponseEntity<YtPageData<TenantDTO>> getRightTopInfo(
57 59 @RequestParam(PAGE) int page, @RequestParam(PAGE_SIZE) int pageSize) {
58 60 HashMap<String, Object> queryMap = new HashMap<>();
... ... @@ -63,14 +65,14 @@ public class HomePageController extends BaseController {
63 65
64 66 @GetMapping("right/top10")
65 67 @ApiOperation(value = "获取右侧Top10")
66   - @PreAuthorize("hasAnyAuthority('SYS_ADMIN','PLATFORM_ADMIN')")
  68 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN'},{})")
67 69 public DeferredResult<List<TenantTransportMessageDTO>> getTop10() {
68 70 return homePageService.getTop10();
69 71 }
70 72
71 73 @GetMapping("left/bottom")
72 74 @ApiOperation(value = "获取左侧底部信息")
73   - @PreAuthorize("hasAnyAuthority('SYS_ADMIN','PLATFORM_ADMIN','CUSTOMER_USER')")
  75 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN','CUSTOMER_USER'},{})")
74 76 public DeferredResult<List<TsValue>> getLeftBottomInfo(
75 77 @RequestParam(value = "startTs") long startTs,
76 78 @RequestParam("endTs") long endTs,
... ...
... ... @@ -37,7 +37,10 @@ import org.thingsboard.server.service.install.InstallScripts;
37 37 import org.thingsboard.server.service.security.permission.Operation;
38 38
39 39 import java.net.URI;
40   -import java.util.*;
  40 +import java.util.HashMap;
  41 +import java.util.List;
  42 +import java.util.Optional;
  43 +import java.util.UUID;
41 44
42 45 import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.*;
43 46
... ... @@ -45,7 +48,7 @@ import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.
45 48 @RequestMapping("api/yt/admin")
46 49 @Api(tags = {"租户管理", "菜单管理"})
47 50 @RequiredArgsConstructor
48   -@PreAuthorize("hasAnyAuthority('SYS_ADMIN','PLATFORM_ADMIN')")
  51 +@PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN'},{})")
49 52 public class YtAdminController extends BaseController {
50 53
51 54 private final YtTenantService ytTenantService;
... ... @@ -56,7 +59,7 @@ public class YtAdminController extends BaseController {
56 59 private final UserService tbUserService;
57 60
58 61 @PostMapping("/tenant")
59   - @PreAuthorize("hasAnyAuthority('api:yt:admin:saveTenant')")
  62 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN'},{'api:yt:admin:tenant:post'})")
60 63 public ResponseEntity<TenantDTO> saveTenant(@RequestBody TenantReqDTO tenantReqDTO) {
61 64 TenantDTO newTenant = ytTenantService.createNewTenant(tenantReqDTO);
62 65 URI location =
... ... @@ -88,6 +91,7 @@ public class YtAdminController extends BaseController {
88 91 }
89 92
90 93 @PutMapping("/tenant")
  94 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN'},{'api:yt:admin:tenant:update'})")
91 95 public TenantDTO updateTenant(@RequestBody TenantDTO tenantDTO) {
92 96 Assert.notNull(tenantDTO, "tenant cannot be null");
93 97 Assert.notNull(tenantDTO.getId(), "tenant id cannot be null when update");
... ... @@ -101,6 +105,7 @@ public class YtAdminController extends BaseController {
101 105 }
102 106
103 107 @DeleteMapping("/tenant")
  108 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN'},{'api:yt:admin:tenant:delete'})")
104 109 public void deleteTenant(@Validated(DeleteGroup.class) @RequestBody DeleteDTO deleteDTO)
105 110 throws ThingsboardException {
106 111
... ... @@ -124,6 +129,7 @@ public class YtAdminController extends BaseController {
124 129 }
125 130
126 131 @DeleteMapping("/user/deleteTenantAdmin")
  132 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN'},{'api:yt:admin:user:deleteTenantAdmin:delete'})")
127 133 public ResponseEntity<Boolean> deleteTenantAdmin(
128 134 @Validated(DeleteGroup.class) @RequestBody DeleteDTO deleteDTO) throws ThingsboardException {
129 135 for (String strUserId : deleteDTO.getIds()) {
... ... @@ -146,6 +152,7 @@ public class YtAdminController extends BaseController {
146 152 }
147 153
148 154 @PostMapping("/tenant/adminUser")
  155 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN'},{'api:yt:admin:tenant:adminUser:post'})")
149 156 public ResponseEntity<UserDTO> createTenantAdmin(
150 157 @RequestParam(value = "sendEmail", required = false, defaultValue = "false")
151 158 boolean sendEmail,
... ...
... ... @@ -43,6 +43,7 @@ public class YtAlarmContactController extends BaseController {
43 43
44 44 @ApiOperation(value = "新增联系人|编辑")
45 45 @PostMapping
  46 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:alarmContact:post','api:yt:alarmContact:update'})")
46 47 public ResponseEntity<AlarmContactDTO> saveAlarmContact(
47 48 @Validated(AddGroup.class) @RequestBody AlarmContactDTO alarmContactDTO)
48 49 throws ThingsboardException {
... ... @@ -70,8 +71,9 @@ public class YtAlarmContactController extends BaseController {
70 71 return ResponseEntity.ok(all);
71 72 }
72 73
73   - @PreAuthorize("hasAnyAuthority('TENANT_ADMIN','CUSTOMER_USER')")
  74 +
74 75 @ApiOperation(value = "分页查询")
  76 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{})")
75 77 @GetMapping(params = {PAGE_SIZE, PAGE})
76 78 public YtPageData<AlarmContactDTO> pageAlarm(
77 79 @RequestParam(PAGE_SIZE) int pageSize,
... ... @@ -97,6 +99,7 @@ public class YtAlarmContactController extends BaseController {
97 99
98 100 @ApiOperation(value = "删除")
99 101 @DeleteMapping
  102 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:alarmContact:delete'})")
100 103 public void deleteById(@RequestBody String[] ids) throws ThingsboardException {
101 104 if (ids.length == 0) {
102 105 throw new YtDataValidationException("please provide alarm ids to delete");
... ... @@ -117,6 +120,7 @@ public class YtAlarmContactController extends BaseController {
117 120
118 121 @ApiOperation(value = "修改告警联系人信息")
119 122 @PostMapping("/update")
  123 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:alarmContact:update:update'})")
120 124 public void update(@RequestBody AlarmContactDTO alarmContactDTO) {
121 125
122 126 alarmService.update(alarmContactDTO);
... ...
... ... @@ -3,7 +3,6 @@ package org.thingsboard.server.controller.yunteng;
3 3 import io.swagger.annotations.Api;
4 4 import io.swagger.annotations.ApiOperation;
5 5 import lombok.RequiredArgsConstructor;
6   -import org.apache.commons.lang3.StringUtils;
7 6 import org.springframework.http.ResponseEntity;
8 7 import org.springframework.security.access.prepost.PreAuthorize;
9 8 import org.springframework.web.bind.annotation.GetMapping;
... ... @@ -14,8 +13,6 @@ import org.thingsboard.server.common.data.EntityType;
14 13 import org.thingsboard.server.common.data.alarm.AlarmSeverity;
15 14 import org.thingsboard.server.common.data.alarm.AlarmStatus;
16 15 import org.thingsboard.server.common.data.exception.ThingsboardException;
17   -import org.thingsboard.server.common.data.id.CustomerId;
18   -import org.thingsboard.server.common.data.page.TimePageLink;
19 16 import org.thingsboard.server.common.data.yunteng.dto.SysDictDTO;
20 17 import org.thingsboard.server.common.data.yunteng.enums.DeviceTypeEnum;
21 18 import org.thingsboard.server.common.data.yunteng.enums.OrderTypeEnum;
... ... @@ -46,8 +43,8 @@ public class YtAlarmInfoController extends BaseController {
46 43
47 44
48 45 //分页测试通过
49   - @PreAuthorize("hasAnyAuthority('TENANT_ADMIN','CUSTOMER_USER')")
50 46 @ApiOperation(value = "查询")
  47 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{})")
51 48 @GetMapping(params = {PAGE_SIZE, PAGE})
52 49 public YtPageData<YtAlarmEntity> pageAlarmInfo(
53 50 @RequestParam(PAGE_SIZE) int pageSize,
... ...
... ... @@ -4,6 +4,7 @@ import io.swagger.annotations.Api;
4 4 import io.swagger.annotations.ApiOperation;
5 5 import lombok.RequiredArgsConstructor;
6 6 import org.springframework.http.ResponseEntity;
  7 +import org.springframework.security.access.prepost.PreAuthorize;
7 8 import org.springframework.web.bind.annotation.*;
8 9 import org.thingsboard.server.common.data.exception.ThingsboardException;
9 10 import org.thingsboard.server.common.data.yunteng.dto.SysAppDesignDTO;
... ... @@ -25,12 +26,14 @@ public class YtAppDesignController extends BaseController {
25 26
26 27 @GetMapping("get")
27 28 @ApiOperation("查询详情")
  29 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{'api:yt:appDesign:get:get'})")
28 30 public ResponseEntity<SysAppDesignDTO> get() throws ThingsboardException {
29 31 return ResponseEntity.ok(sysAppDesignService.get(getCurrentUser().getCurrentTenantId()));
30 32 }
31 33
32 34 @PutMapping("update")
33 35 @ApiOperation("更新")
  36 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{'api:yt:appDesign:update:update'})")
34 37 public ResponseEntity update(@RequestBody SysAppDesignDTO sysAppDesignDTO)
35 38 throws ThingsboardException {
36 39 sysAppDesignDTO.setId(null);
... ...
... ... @@ -23,13 +23,12 @@ import org.thingsboard.server.dao.yunteng.service.YtConfigurationCenterService;
23 23 import java.util.HashMap;
24 24
25 25 import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.*;
26   -import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.ORDER_TYPE;
27 26
28 27 @RestController
29 28 @RequestMapping("/api/yt/configuration/center")
30 29 @RequiredArgsConstructor
31 30 @Api(tags = "组态中心")
32   -@PreAuthorize("hasAnyAuthority('TENANT_ADMIN','CUSTOMER_USER')")
  31 +@PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{})")
33 32 public class YtConfigurationCenterController extends BaseController {
34 33
35 34 private final YtConfigurationCenterService ytConfigurationCenterService;
... ... @@ -68,6 +67,7 @@ public class YtConfigurationCenterController extends BaseController {
68 67
69 68 @PostMapping
70 69 @ApiOperation("新增")
  70 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:configuration:center:post'})")
71 71 public ResponseEntity<ConfigurationCenterDTO> save(
72 72 @Validated({AddGroup.class}) @RequestBody ConfigurationCenterDTO configurationCenterDTO)
73 73 throws ThingsboardException {
... ... @@ -78,6 +78,7 @@ public class YtConfigurationCenterController extends BaseController {
78 78
79 79 @PutMapping
80 80 @ApiOperation("修改")
  81 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:configuration:center:update'})")
81 82 public ResponseEntity<ConfigurationCenterDTO> update(
82 83 @Validated({UpdateGroup.class}) @RequestBody ConfigurationCenterDTO configurationCenterDTO)
83 84 throws ThingsboardException {
... ... @@ -88,6 +89,7 @@ public class YtConfigurationCenterController extends BaseController {
88 89
89 90 @DeleteMapping
90 91 @ApiOperation("删除")
  92 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:configuration:center:delete'})")
91 93 public ResponseEntity<Boolean> delete(
92 94 @Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO)
93 95 throws ThingsboardException {
... ...
... ... @@ -4,6 +4,7 @@ import io.swagger.annotations.Api;
4 4 import io.swagger.annotations.ApiOperation;
5 5 import lombok.RequiredArgsConstructor;
6 6 import org.springframework.http.ResponseEntity;
  7 +import org.springframework.security.access.prepost.PreAuthorize;
7 8 import org.springframework.validation.annotation.Validated;
8 9 import org.springframework.web.bind.annotation.*;
9 10 import org.thingsboard.server.common.data.exception.ThingsboardException;
... ... @@ -26,6 +27,7 @@ public class YtConfigurationContentController extends BaseController {
26 27
27 28 @PostMapping
28 29 @ApiOperation("新增")
  30 + @PreAuthorize("@check.checkPermissions({},{'api:yt:configuration:content:post'})")
29 31 public ResponseEntity<ConfigurationContentDTO> save(
30 32 @Validated({AddGroup.class}) @RequestBody ConfigurationContentDTO configurationContentDTO)
31 33 throws ThingsboardException {
... ... @@ -36,6 +38,7 @@ public class YtConfigurationContentController extends BaseController {
36 38
37 39 @PutMapping
38 40 @ApiOperation("修改")
  41 + @PreAuthorize("@check.checkPermissions({},{'api:yt:configuration:content:update'})")
39 42 public ResponseEntity<ConfigurationContentInfoDTO> update(
40 43 @Validated({UpdateGroup.class}) @RequestBody ConfigurationContentInfoDTO contentReqDTO)
41 44 throws ThingsboardException {
... ... @@ -50,6 +53,7 @@ public class YtConfigurationContentController extends BaseController {
50 53
51 54 @DeleteMapping
52 55 @ApiOperation("删除")
  56 + @PreAuthorize("@check.checkPermissions({},{'api:yt:configuration:content:delete'})")
53 57 public ResponseEntity<Boolean> delete(
54 58 @Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO)
55 59 throws ThingsboardException {
... ...
... ... @@ -5,15 +5,13 @@ import io.swagger.annotations.ApiOperation;
5 5 import io.swagger.annotations.ApiParam;
6 6 import lombok.RequiredArgsConstructor;
7 7 import org.springframework.http.ResponseEntity;
  8 +import org.springframework.security.access.prepost.PreAuthorize;
8 9 import org.springframework.validation.annotation.Validated;
9 10 import org.springframework.web.bind.annotation.*;
10 11 import org.thingsboard.server.common.data.exception.ThingsboardException;
11 12 import org.thingsboard.server.common.data.yunteng.common.AddGroup;
12   -import org.thingsboard.server.common.data.yunteng.core.exception.YtDataValidationException;
13   -import org.thingsboard.server.common.data.yunteng.core.message.ErrorMessage;
14 13 import org.thingsboard.server.common.data.yunteng.dto.*;
15 14 import org.thingsboard.server.common.data.yunteng.utils.JacksonUtil;
16   -import org.thingsboard.server.common.transport.util.JsonUtils;
17 15 import org.thingsboard.server.controller.BaseController;
18 16 import org.thingsboard.server.dao.yunteng.service.YtConfigurationActService;
19 17 import org.thingsboard.server.dao.yunteng.service.YtConfigurationDatasourceService;
... ... @@ -37,6 +35,7 @@ public class YtConfigurationNodeController extends BaseController {
37 35
38 36 @PostMapping
39 37 @ApiOperation("保存节点数据源并刷新节点的交互和动效信息")
  38 + @PreAuthorize("@check.checkPermissions({},{'api:yt:configuration:node:post'})")
40 39 public ResponseEntity<ConfigurationNodeStateDTO> saveNode(
41 40 @Validated({AddGroup.class}) @RequestBody ConfigurationNodeStateDTO nodeDTO)
42 41 throws ThingsboardException {
... ... @@ -75,6 +74,7 @@ public class YtConfigurationNodeController extends BaseController {
75 74
76 75 @PostMapping("datascource")
77 76 @ApiOperation("编辑数据源")
  77 + @PreAuthorize("@check.checkPermissions({},{'api:yt:configuration:node:datascource:post'})")
78 78 public ResponseEntity<ConfigurationDatasourceDTO> saveDatascource(
79 79 @Validated({AddGroup.class}) @RequestBody ConfigurationDatasourceDTO datasourceDTO)
80 80 throws ThingsboardException {
... ... @@ -85,6 +85,7 @@ public class YtConfigurationNodeController extends BaseController {
85 85
86 86 @PostMapping("event")
87 87 @ApiOperation("编辑数据交互")
  88 + @PreAuthorize("@check.checkPermissions({},{'api:yt:configuration:node:event:post'})")
88 89 public ResponseEntity<ConfigurationEventDTO> saveEvent(
89 90 @Validated({AddGroup.class}) @RequestBody ConfigurationEventDTO eventDTO)
90 91 throws ThingsboardException {
... ... @@ -95,6 +96,7 @@ public class YtConfigurationNodeController extends BaseController {
95 96
96 97 @PostMapping("act")
97 98 @ApiOperation("编辑动画效果")
  99 + @PreAuthorize("@check.checkPermissions({},{'api:yt:configuration:node:act:post'})")
98 100 public ResponseEntity<ConfigurationActDTO> saveAct(
99 101 @Validated({AddGroup.class}) @RequestBody ConfigurationActDTO actDTO)
100 102 throws ThingsboardException {
... ... @@ -106,6 +108,7 @@ public class YtConfigurationNodeController extends BaseController {
106 108
107 109 @DeleteMapping("datascource")
108 110 @ApiOperation("删除数据源")
  111 + @PreAuthorize("@check.checkPermissions({},{'api:yt:configuration:node:datascource:delete'})")
109 112 public ResponseEntity<Boolean> deleteDatascource(@RequestBody ConfigurationDatasourceDTO deleteDTO)
110 113 throws ThingsboardException {
111 114 deleteDTO.setTenantId(getCurrentUser().getCurrentTenantId());
... ... @@ -114,6 +117,7 @@ public class YtConfigurationNodeController extends BaseController {
114 117
115 118 @DeleteMapping("event")
116 119 @ApiOperation("删除数据交互")
  120 + @PreAuthorize("@check.checkPermissions({},{'api:yt:configuration:node:event:delete'})")
117 121 public ResponseEntity<Boolean> deleteEvent( @RequestBody ConfigurationEventDTO deleteDTO)
118 122 throws ThingsboardException {
119 123 deleteDTO.setTenantId(getCurrentUser().getCurrentTenantId());
... ... @@ -121,6 +125,7 @@ public class YtConfigurationNodeController extends BaseController {
121 125 }
122 126 @DeleteMapping("act")
123 127 @ApiOperation("删除动画效果")
  128 + @PreAuthorize("@check.checkPermissions({},{'api:yt:configuration:node:act:delete'})")
124 129 public ResponseEntity<Boolean> deleteAct( @RequestBody ConfigurationActDTO deleteDTO)
125 130 throws ThingsboardException {
126 131 deleteDTO.setTenantId(getCurrentUser().getCurrentTenantId());
... ...
... ... @@ -41,13 +41,12 @@ import java.util.*;
41 41 import java.util.concurrent.ConcurrentMap;
42 42
43 43 import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.*;
44   -import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.ORDER_TYPE;
45 44
46 45 @RestController
47 46 @RequiredArgsConstructor
48   -@PreAuthorize("hasAnyAuthority('TENANT_ADMIN')")
49 47 @RequestMapping("api/yt/convert")
50 48 @Api(tags = {"数据流转控制器"})
  49 +@PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{})")
51 50 public class YtConvertDataToController extends BaseController {
52 51 private final YtRuleChainService ytRuleChainService;
53 52
... ... @@ -89,6 +88,7 @@ public class YtConvertDataToController extends BaseController {
89 88
90 89 @PostMapping("config")
91 90 @ApiOperation("添加或修改转换配置")
  91 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{'api:yt:convert:config:post','api:yt:convert:config:update'})")
92 92 public ResponseEntity<ConvertConfigDTO> createOrUpdateConvertData(
93 93 @Validated @RequestBody ConvertConfigDTO convertConfigDTO) throws ThingsboardException {
94 94 convertConfigDTO.setTenantId(getCurrentUser().getCurrentTenantId());
... ... @@ -98,6 +98,7 @@ public class YtConvertDataToController extends BaseController {
98 98
99 99 @PostMapping("js")
100 100 @ApiOperation("添加或修改转换脚本")
  101 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{'api:yt:convert:js:post','api:yt:convert:js:update'})")
101 102 public ResponseEntity<ConvertConfigDTO> createOrUpdateConvertJS(
102 103 @Validated @RequestBody ConvertConfigDTO convertConfigDTO) throws ThingsboardException {
103 104 convertConfigDTO.setTenantId(getCurrentUser().getCurrentTenantId());
... ... @@ -121,6 +122,7 @@ public class YtConvertDataToController extends BaseController {
121 122
122 123 @DeleteMapping("config")
123 124 @ApiOperation("删除转换配置")
  125 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{'api:yt:convert:config:delete'})")
124 126 public ResponseEntity<Boolean> deleteConfig(
125 127 @Validated(DeleteGroup.class) @RequestBody DeleteDTO deleteDTO) throws ThingsboardException {
126 128 return delete(deleteDTO, FastIotConstants.CONVERT_DATA);
... ... @@ -128,6 +130,7 @@ public class YtConvertDataToController extends BaseController {
128 130
129 131 @DeleteMapping("js")
130 132 @ApiOperation("删除转换脚本")
  133 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{'api:yt:convert:js:delete'})")
131 134 public ResponseEntity<Boolean> deleteJS(
132 135 @Validated(DeleteGroup.class) @RequestBody DeleteDTO deleteDTO) throws ThingsboardException {
133 136 return delete(deleteDTO, FastIotConstants.JAVA_SCRIPT);
... ...
... ... @@ -28,12 +28,11 @@ import java.util.List;
28 28 import java.util.Map;
29 29
30 30 import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.*;
31   -import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.ORDER_TYPE;
32 31
33 32 @RestController
34 33 @RequiredArgsConstructor
35   -@PreAuthorize("hasAnyAuthority('TENANT_ADMIN','CUSTOMER_USER')")
36 34 @RequestMapping("api/yt/data_board")
  35 +@PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{})")
37 36 @Api(tags = {"数据看板"})
38 37 public class YtDataBoardController extends BaseController {
39 38 private final YtDataBoardService ytDataBoardService;
... ... @@ -57,6 +56,7 @@ public class YtDataBoardController extends BaseController {
57 56
58 57 @DeleteMapping
59 58 @ApiOperation(value = "删除数据看板")
  59 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:data_board:delete'})")
60 60 public ResponseResult<Boolean> deleteDataBoard(
61 61 @Validated(DeleteGroup.class) @RequestBody DeleteDTO deleteDTO) throws ThingsboardException {
62 62 deleteDTO.setTenantId(getCurrentUser().getCurrentTenantId());
... ... @@ -65,6 +65,7 @@ public class YtDataBoardController extends BaseController {
65 65
66 66 @PostMapping("/add")
67 67 @ApiOperation(value = "新增数据看板")
  68 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:data_board:add:post'})")
68 69 public ResponseResult<DataBoardDTO> save(
69 70 @RequestBody @Validated(AddGroup.class) DataBoardDTO dataBoard)
70 71 throws SchedulerException, ThingsboardException {
... ... @@ -75,6 +76,7 @@ public class YtDataBoardController extends BaseController {
75 76 }
76 77
77 78 @PostMapping("/update")
  79 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:data_board:update:update'})")
78 80 @ApiOperation(value = "编辑数据看板")
79 81 public ResponseResult<DataBoardDTO> update(
80 82 @RequestBody @Validated(UpdateGroup.class) DataBoardDTO dataBoard)
... ...
... ... @@ -61,8 +61,7 @@ public class YtDeviceController extends BaseController {
61 61
62 62 @PostMapping
63 63 @ApiOperation("创建|编辑")
64   -// @PreAuthorize("hasAnyAuthority('TENANT_ADMIN')")
65   - @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{})")
  64 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{'api:yt:device:post','api:yt:device:update'})")
66 65 public ResponseEntity<DeviceDTO> saveDevice(
67 66 @Validated(AddGroup.class) @RequestBody DeviceDTO deviceDTO) throws ThingsboardException, ExecutionException, InterruptedException {
68 67 String currentTenantId = getCurrentUser().getCurrentTenantId();
... ... @@ -222,12 +221,13 @@ public class YtDeviceController extends BaseController {
222 221
223 222 @GetMapping("{id}")
224 223 @ApiOperation("详情")
  224 + @PreAuthorize("@check.checkPermissions({},{'api:yt:device:get'})")
225 225 public ResponseEntity<DeviceDTO> getDevice(@PathVariable("id") String id)
226 226 throws ThingsboardException {
227 227 return ResponseEntity.of(deviceService.getDevice(getCurrentUser().getCurrentTenantId(), id));
228 228 }
229 229
230   - @PreAuthorize("hasAnyAuthority('TENANT_ADMIN','CUSTOMER_USER')")
  230 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{})")
231 231 @GetMapping(params = {PAGE_SIZE, PAGE})
232 232 @ApiOperation("查询")
233 233 public YtPageData<DeviceDTO> pageDevice(
... ... @@ -272,7 +272,7 @@ public class YtDeviceController extends BaseController {
272 272 return deviceService.page(getCurrentUser().getCurrentTenantId(), queryMap);
273 273 }
274 274
275   - @PreAuthorize("hasAnyAuthority('TENANT_ADMIN','CUSTOMER_USER')")
  275 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{})")
276 276 @GetMapping(path = {"/relation"}, params = {PAGE_SIZE, PAGE})
277 277 @ApiOperation("子设备查询")
278 278 public YtPageData<RelationDeviceDTO> pageRelationDevice(
... ... @@ -309,6 +309,7 @@ public class YtDeviceController extends BaseController {
309 309
310 310 @PostMapping("/import")
311 311 @ApiOperation("导入配置")
  312 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{'api:yt:device:import'})")
312 313 public ResponseEntity<String> importDeviceProfile() {
313 314 // TODO 实现的业务功能
314 315 return ResponseEntity.ok("");
... ... @@ -316,6 +317,7 @@ public class YtDeviceController extends BaseController {
316 317
317 318 @PostMapping("/export")
318 319 @ApiOperation("导出")
  320 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{'api:yt:device:export'})")
319 321 public ResponseEntity<String> exportDeviceProfile() {
320 322 // TODO 实现的业务功能
321 323 return ResponseEntity.ok("");
... ... @@ -323,6 +325,7 @@ public class YtDeviceController extends BaseController {
323 325
324 326 @DeleteMapping
325 327 @ApiOperation("删除")
  328 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{'api:yt:device:delete'})")
326 329 public void deleteDevices(@Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO)
327 330 throws ThingsboardException {
328 331 String currentTenantId = getCurrentUser().getCurrentTenantId();
... ... @@ -349,7 +352,7 @@ public class YtDeviceController extends BaseController {
349 352 }
350 353
351 354 @GetMapping("/list/{deviceType}")
352   - @PreAuthorize("hasAnyAuthority('TENANT_ADMIN')")
  355 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{})")
353 356 @ApiOperation("获取该组织的所有设备")
354 357 public List<DeviceDTO> getGatewayDevices(
355 358 @ApiParam(value = "组织ID") @RequestParam("organizationId") String organizationId,
... ... @@ -358,7 +361,7 @@ public class YtDeviceController extends BaseController {
358 361 }
359 362
360 363 @GetMapping("/list/master/{organizationId}")
361   - @PreAuthorize("hasAnyAuthority('TENANT_ADMIN','CUSTOMER_USER')")
  364 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{})")
362 365 @ApiOperation("主设备列表")
363 366 public List<SelectItemDTO> getMasterDevices(
364 367 @ApiParam(value = "组织ID") @PathVariable("organizationId") String organizationId) throws ThingsboardException {
... ... @@ -367,7 +370,7 @@ public class YtDeviceController extends BaseController {
367 370 , organizationId);
368 371 }
369 372 @GetMapping("/list/slave/{organizationId}")
370   - @PreAuthorize("hasAnyAuthority('TENANT_ADMIN','CUSTOMER_USER')")
  373 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{})")
371 374 @ApiOperation("从设备列表")
372 375 public List<SelectItemDTO> getSlaveDevices(
373 376 @ApiParam(value = "组织ID") @PathVariable("organizationId") String organizationId,
... ... @@ -378,7 +381,7 @@ public class YtDeviceController extends BaseController {
378 381 }
379 382
380 383 @GetMapping("/keys/{organizationId}")
381   - @PreAuthorize("hasAnyAuthority('TENANT_ADMIN','CUSTOMER_USER')")
  384 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{})")
382 385 @ApiOperation("设备遥测指标名称")
383 386 public List<String> listKeys(
384 387 @ApiParam(value = "组织ID") @PathVariable("organizationId") String organizationId,
... ...
... ... @@ -13,7 +13,10 @@ import org.thingsboard.server.common.data.DeviceProfileProvisionType;
13 13 import org.thingsboard.server.common.data.DeviceProfileType;
14 14 import org.thingsboard.server.common.data.DeviceTransportType;
15 15 import org.thingsboard.server.common.data.audit.ActionType;
16   -import org.thingsboard.server.common.data.device.profile.*;
  16 +import org.thingsboard.server.common.data.device.profile.DefaultDeviceProfileConfiguration;
  17 +import org.thingsboard.server.common.data.device.profile.DefaultDeviceProfileTransportConfiguration;
  18 +import org.thingsboard.server.common.data.device.profile.DeviceProfileData;
  19 +import org.thingsboard.server.common.data.device.profile.DisabledDeviceProfileProvisionConfiguration;
17 20 import org.thingsboard.server.common.data.edge.EdgeEventActionType;
18 21 import org.thingsboard.server.common.data.exception.ThingsboardException;
19 22 import org.thingsboard.server.common.data.id.DeviceProfileId;
... ... @@ -36,7 +39,9 @@ import org.thingsboard.server.service.security.permission.Operation;
36 39
37 40 import java.time.LocalDateTime;
38 41 import java.time.ZoneOffset;
39   -import java.util.*;
  42 +import java.util.List;
  43 +import java.util.Objects;
  44 +import java.util.UUID;
40 45
41 46 import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.*;
42 47
... ... @@ -48,7 +53,7 @@ public class YtDeviceProfileController extends BaseController {
48 53 private final YtDeviceProfileService ytDeviceProfileService;
49 54
50 55 @PostMapping()
51   - @PreAuthorize("hasAnyAuthority('TENANT_ADMIN')")
  56 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{'api:yt:deviceProfile:post','api:yt:deviceProfile:update'})")
52 57 @ApiOperation("创建 | 编辑")
53 58 public ResponseEntity<DeviceProfileDTO> saveDeviceProfile(
54 59 @RequestBody DeviceProfileDTO deviceProfileDTO) throws ThingsboardException {
... ... @@ -111,6 +116,7 @@ public class YtDeviceProfileController extends BaseController {
111 116
112 117 @GetMapping("{id}")
113 118 @ApiOperation("详情")
  119 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{'api:yt:deviceProfile:get'})")
114 120 public ResponseEntity<DeviceProfileDTO> getDevice(@PathVariable("id") String id) throws ThingsboardException {
115 121 return ResponseEntity.of(ytDeviceProfileService.getDeviceProfile(getCurrentUser().getCurrentTenantId(), id));
116 122 }
... ... @@ -138,6 +144,7 @@ public class YtDeviceProfileController extends BaseController {
138 144
139 145 @DeleteMapping
140 146 @ApiOperation("删除")
  147 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{'api:yt:deviceProfile:delete'})")
141 148 public void deleteDevices(@Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO) throws ThingsboardException {
142 149 ytDeviceProfileService.checkDeviceProfiles(getCurrentUser().getCurrentTenantId(), deleteDTO.getIds());
143 150
... ... @@ -170,6 +177,7 @@ public class YtDeviceProfileController extends BaseController {
170 177 }
171 178
172 179 @PostMapping("/import")
  180 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{'api:yt:deviceProfile:import'})")
173 181 @ApiOperation("导入配置")
174 182 public ResponseEntity<String> importDeviceProfile(){
175 183 //TODO 实现的业务功能
... ... @@ -177,6 +185,7 @@ public class YtDeviceProfileController extends BaseController {
177 185 }
178 186
179 187 @PostMapping("/export")
  188 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{'api:yt:deviceProfile:export'})")
180 189 @ApiOperation("导出")
181 190 public ResponseEntity<String> exportDeviceProfile(){
182 191 //TODO 实现的业务功能
... ...
... ... @@ -5,6 +5,7 @@ import io.swagger.annotations.ApiOperation;
5 5 import io.swagger.annotations.ApiParam;
6 6 import lombok.RequiredArgsConstructor;
7 7 import org.springframework.http.ResponseEntity;
  8 +import org.springframework.security.access.prepost.PreAuthorize;
8 9 import org.springframework.validation.annotation.Validated;
9 10 import org.springframework.web.bind.annotation.*;
10 11 import org.thingsboard.server.common.data.exception.ThingsboardException;
... ... @@ -35,6 +36,7 @@ public class YtDeviceTypeController extends BaseController {
35 36
36 37 @PostMapping
37 38 @ApiOperation(value = "保存设备类型")
  39 + @PreAuthorize("@check.checkPermissions({},{'api:yt:device_type:post'})")
38 40 public ResponseEntity<DeviceTypeDTO> saveDeviceType(
39 41 @Validated({AddGroup.class}) @RequestBody DeviceTypeDTO deviceTypeDTO) throws ThingsboardException {
40 42 return ResponseEntity.ok(deviceTypeService.saveDeviceTye(getCurrentUser().getCurrentTenantId(), deviceTypeDTO));
... ... @@ -42,6 +44,7 @@ public class YtDeviceTypeController extends BaseController {
42 44
43 45 @PutMapping
44 46 @ApiOperation(value = "修改设备类型")
  47 + @PreAuthorize("@check.checkPermissions({},{'api:yt:device_type:update'})")
45 48 public ResponseEntity<DeviceTypeDTO> updateDeviceType(
46 49 @Validated({UpdateGroup.class}) @RequestBody DeviceTypeDTO deviceTypeDTO) {
47 50 return ResponseEntity.ok(deviceTypeService.updateDeviceType(deviceTypeDTO));
... ... @@ -49,6 +52,7 @@ public class YtDeviceTypeController extends BaseController {
49 52
50 53 @DeleteMapping
51 54 @ApiOperation(value = "删除设备类型")
  55 + @PreAuthorize("@check.checkPermissions({},{'api:yt:device_type:delete'})")
52 56 public ResponseResult<Boolean> deleteDeviceType(
53 57 @Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO) {
54 58 return ResponseResult.success(deviceTypeService.deleteDeviceType(deleteDTO));
... ...
... ... @@ -12,8 +12,8 @@ import org.thingsboard.server.common.data.yunteng.constant.FastIotConstants;
12 12 import org.thingsboard.server.common.data.yunteng.dto.DeleteDTO;
13 13 import org.thingsboard.server.common.data.yunteng.dto.SysDictDTO;
14 14 import org.thingsboard.server.common.data.yunteng.enums.OrderTypeEnum;
15   -import org.thingsboard.server.common.data.yunteng.utils.tools.YtPageData;
16 15 import org.thingsboard.server.common.data.yunteng.utils.tools.ResponseResult;
  16 +import org.thingsboard.server.common.data.yunteng.utils.tools.YtPageData;
17 17 import org.thingsboard.server.controller.BaseController;
18 18 import org.thingsboard.server.dao.yunteng.service.SysDictService;
19 19
... ... @@ -24,7 +24,7 @@ import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.
24 24 @RestController
25 25 @RequestMapping("api/yt/dict")
26 26 @RequiredArgsConstructor
27   -@PreAuthorize("hasAnyAuthority('SYS_ADMIN','PLATFORM_ADMIN')")
  27 +@PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN'},{})")
28 28 public class YtDictController extends BaseController {
29 29 private final SysDictService sysDictService;
30 30
... ... @@ -50,6 +50,7 @@ public class YtDictController extends BaseController {
50 50 }
51 51
52 52 @PostMapping
  53 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN'},{'api:yt:dict:post'})")
53 54 public ResponseResult<SysDictDTO> saveSysDict(
54 55 @Validated({AddGroup.class}) @RequestBody SysDictDTO sysDictDTO) throws ThingsboardException {
55 56 SysDictDTO newDTO =
... ... @@ -58,6 +59,7 @@ public class YtDictController extends BaseController {
58 59 }
59 60
60 61 @DeleteMapping
  62 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN'},{'api:yt:dict:delete'})")
61 63 public ResponseResult<String> deleteSysDict(
62 64 @Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO) {
63 65 return sysDictService.deleteSysDict(deleteDTO.getIds())
... ... @@ -66,6 +68,7 @@ public class YtDictController extends BaseController {
66 68 }
67 69
68 70 @PutMapping
  71 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN'},{'api:yt:dict:update'})")
69 72 public ResponseResult<SysDictDTO> updateSysDict(
70 73 @Validated({UpdateGroup.class}) @RequestBody SysDictDTO SysDictDTO)
71 74 throws ThingsboardException {
... ...
... ... @@ -13,8 +13,8 @@ import org.thingsboard.server.common.data.yunteng.constant.FastIotConstants;
13 13 import org.thingsboard.server.common.data.yunteng.dto.DeleteDTO;
14 14 import org.thingsboard.server.common.data.yunteng.dto.SysDictItemDTO;
15 15 import org.thingsboard.server.common.data.yunteng.enums.OrderTypeEnum;
16   -import org.thingsboard.server.common.data.yunteng.utils.tools.YtPageData;
17 16 import org.thingsboard.server.common.data.yunteng.utils.tools.ResponseResult;
  17 +import org.thingsboard.server.common.data.yunteng.utils.tools.YtPageData;
18 18 import org.thingsboard.server.controller.BaseController;
19 19 import org.thingsboard.server.dao.yunteng.service.SysDictItemService;
20 20
... ... @@ -30,7 +30,7 @@ import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.
30 30 public class YtDictItemController extends BaseController {
31 31 private final SysDictItemService sysDictItemService;
32 32
33   - @PreAuthorize("hasAnyAuthority('SYS_ADMIN','PLATFORM_ADMIN')")
  33 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN'},{})")
34 34 @GetMapping(params = {PAGE_SIZE, PAGE})
35 35 public YtPageData<SysDictItemDTO> pageSysDictItem(
36 36 @RequestParam(PAGE_SIZE) int pageSize,
... ... @@ -55,7 +55,7 @@ public class YtDictItemController extends BaseController {
55 55 }
56 56
57 57 @PostMapping
58   - @PreAuthorize("hasAnyAuthority('SYS_ADMIN','PLATFORM_ADMIN')")
  58 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN'},{'api:yt:dictItem:post'})")
59 59 public ResponseResult<SysDictItemDTO> saveSysDictItem(
60 60 @Validated({AddGroup.class}) @RequestBody SysDictItemDTO sysDictItemDTO)
61 61 throws ThingsboardException {
... ... @@ -65,7 +65,7 @@ public class YtDictItemController extends BaseController {
65 65 }
66 66
67 67 @DeleteMapping
68   - @PreAuthorize("hasAnyAuthority('SYS_ADMIN','PLATFORM_ADMIN')")
  68 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN'},{'api:yt:dictItem:delete'})")
69 69 public ResponseResult<String> deleteSysDictItem(
70 70 @Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO) {
71 71 return sysDictItemService.deleteSysDictItem(deleteDTO.getIds())
... ... @@ -74,7 +74,7 @@ public class YtDictItemController extends BaseController {
74 74 }
75 75
76 76 @PutMapping
77   - @PreAuthorize("hasAnyAuthority('SYS_ADMIN','PLATFORM_ADMIN')")
  77 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN'},{'api:yt:dictItem:update'})")
78 78 public ResponseResult<SysDictItemDTO> updateSysDictItem(
79 79 @Validated({UpdateGroup.class}) @RequestBody SysDictItemDTO SysDictItemDTO)
80 80 throws ThingsboardException {
... ...
... ... @@ -4,6 +4,7 @@ import io.swagger.annotations.Api;
4 4 import io.swagger.annotations.ApiOperation;
5 5 import lombok.RequiredArgsConstructor;
6 6 import org.springframework.http.ResponseEntity;
  7 +import org.springframework.security.access.prepost.PreAuthorize;
7 8 import org.springframework.web.bind.annotation.*;
8 9 import org.thingsboard.server.common.data.exception.ThingsboardException;
9 10 import org.thingsboard.server.common.data.yunteng.dto.SysEnterpriseDTO;
... ... @@ -24,12 +25,14 @@ public class YtEnterpriseController extends BaseController {
24 25 private final SysEnterpriseService sysEnterpriseService;
25 26
26 27 @GetMapping("get")
  28 + @PreAuthorize("@check.checkPermissions({},{'api:yt:enterprise:get:get'})")
27 29 @ApiOperation("查询详情")
28 30 public ResponseEntity<SysEnterpriseDTO> get() throws ThingsboardException {
29 31 return ResponseEntity.ok(sysEnterpriseService.get(getCurrentUser().getCurrentTenantId()));
30 32 }
31 33
32 34 @PutMapping("update")
  35 + @PreAuthorize("@check.checkPermissions({},{'api:yt:enterprise:update:update'})")
33 36 @ApiOperation("更新")
34 37 public ResponseEntity<Boolean> update(@RequestBody SysEnterpriseDTO sysEnterpriseDTO)
35 38 throws ThingsboardException {
... ...
... ... @@ -13,7 +13,7 @@ import org.thingsboard.server.dao.yunteng.service.YtFrpInfoService;
13 13 @RequestMapping("api/yt/frp")
14 14 @Api(tags = "Frp内网穿透信息")
15 15 @RequiredArgsConstructor
16   -@PreAuthorize("hasAnyAuthority('TENANT_ADMIN','CUSTOMER_USER')")
  16 +@PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{})")
17 17 public class YtFrpInfoController {
18 18
19 19 private final YtFrpInfoService frpInfoService;
... ...
... ... @@ -53,7 +53,7 @@ public class YtMenuController extends BaseController {
53 53 }
54 54
55 55 @PutMapping
56   - @PreAuthorize("hasAnyAuthority('SYS_ADMIN','PLATFORM_ADMIN')")
  56 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN'},{})")
57 57 public MenuDTO updateMenu(@RequestBody MenuDTO menuDTO) throws ThingsboardException {
58 58 Assert.notNull(menuDTO.getId(), "menuId cannot be null");
59 59 return menuService.updateMenu(
... ... @@ -61,7 +61,7 @@ public class YtMenuController extends BaseController {
61 61 }
62 62
63 63 @PostMapping
64   - @PreAuthorize("hasAnyAuthority('SYS_ADMIN','PLATFORM_ADMIN')")
  64 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN'},{})")
65 65 public ResponseEntity<MenuDTO> saveMenu(@RequestBody MenuDTO menuDTO)
66 66 throws ThingsboardException {
67 67 MenuDTO newMenuDTO =
... ... @@ -81,7 +81,7 @@ public class YtMenuController extends BaseController {
81 81 }
82 82
83 83 @DeleteMapping
84   - @PreAuthorize("hasAnyAuthority('SYS_ADMIN','PLATFORM_ADMIN')")
  84 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN'},{})")
85 85 public void deleteMenus(@RequestBody String[] ids) throws ThingsboardException {
86 86 if (ids.length == 0) {
87 87 throw new YtDataValidationException("需要删除的菜单不能为空");
... ...
... ... @@ -2,6 +2,7 @@ package org.thingsboard.server.controller.yunteng;
2 2
3 3 import lombok.RequiredArgsConstructor;
4 4 import org.springframework.http.ResponseEntity;
  5 +import org.springframework.security.access.prepost.PreAuthorize;
5 6 import org.springframework.validation.annotation.Validated;
6 7 import org.springframework.web.bind.annotation.*;
7 8 import org.thingsboard.server.common.data.exception.ThingsboardException;
... ... @@ -12,8 +13,8 @@ import org.thingsboard.server.common.data.yunteng.constant.FastIotConstants;
12 13 import org.thingsboard.server.common.data.yunteng.dto.DeleteDTO;
13 14 import org.thingsboard.server.common.data.yunteng.dto.MessageConfigDTO;
14 15 import org.thingsboard.server.common.data.yunteng.enums.OrderTypeEnum;
15   -import org.thingsboard.server.common.data.yunteng.utils.tools.YtPageData;
16 16 import org.thingsboard.server.common.data.yunteng.utils.tools.ResponseResult;
  17 +import org.thingsboard.server.common.data.yunteng.utils.tools.YtPageData;
17 18 import org.thingsboard.server.controller.BaseController;
18 19 import org.thingsboard.server.dao.yunteng.service.YtMessageConfigService;
19 20
... ... @@ -54,6 +55,7 @@ public class YtMessageConfigController extends BaseController {
54 55 }
55 56
56 57 @PostMapping
  58 + @PreAuthorize("@check.checkPermissions({},{'api:yt:message:post'})")
57 59 public ResponseResult<MessageConfigDTO> saveMessageConfig(
58 60 @Validated({AddGroup.class}) @RequestBody MessageConfigDTO configDTO)
59 61 throws ThingsboardException {
... ... @@ -63,11 +65,13 @@ public class YtMessageConfigController extends BaseController {
63 65 }
64 66
65 67 @GetMapping("/{id}")
  68 + @PreAuthorize("@check.checkPermissions({},{'api:yt:message:get'})")
66 69 public ResponseResult<MessageConfigDTO> findMessageConfigById(@PathVariable String id) {
67 70 return ResponseResult.success(messageConfigService.findMessageConfigById(id));
68 71 }
69 72
70 73 @DeleteMapping
  74 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{'api:yt:message:delete'})")
71 75 public ResponseResult<String> deleteMessageConfig(
72 76 @Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO) {
73 77 return messageConfigService.deleteMessageConfig(deleteDTO.getIds())
... ... @@ -76,6 +80,7 @@ public class YtMessageConfigController extends BaseController {
76 80 }
77 81
78 82 @PutMapping
  83 + @PreAuthorize("@check.checkPermissions({},{'api:yt:message:update'})")
79 84 public MessageConfigDTO updateMessageConfig(
80 85 @Validated({UpdateGroup.class}) @RequestBody MessageConfigDTO configDTO)
81 86 throws ThingsboardException {
... ...
1 1 package org.thingsboard.server.controller.yunteng;
2 2
3 3 import lombok.RequiredArgsConstructor;
  4 +import org.springframework.security.access.prepost.PreAuthorize;
4 5 import org.springframework.util.Assert;
5 6 import org.springframework.validation.annotation.Validated;
6 7 import org.springframework.web.bind.annotation.*;
... ... @@ -16,13 +17,15 @@ import org.thingsboard.server.common.data.yunteng.dto.request.SmsReqDTO;
16 17 import org.thingsboard.server.common.data.yunteng.enums.AssetStatusEnum;
17 18 import org.thingsboard.server.common.data.yunteng.enums.OrderTypeEnum;
18 19 import org.thingsboard.server.common.data.yunteng.enums.ResponseCodeEnum;
19   -import org.thingsboard.server.common.data.yunteng.utils.tools.YtPageData;
20 20 import org.thingsboard.server.common.data.yunteng.utils.tools.ResponseResult;
  21 +import org.thingsboard.server.common.data.yunteng.utils.tools.YtPageData;
21 22 import org.thingsboard.server.controller.BaseController;
22 23 import org.thingsboard.server.dao.yunteng.service.YtMailService;
23 24 import org.thingsboard.server.dao.yunteng.service.YtMessageTemplateService;
24 25 import org.thingsboard.server.dao.yunteng.service.YtSmsService;
  26 +
25 27 import java.util.HashMap;
  28 +
26 29 import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.*;
27 30
28 31 @RestController
... ... @@ -59,6 +62,7 @@ public class YtMessageTemplateController extends BaseController {
59 62 }
60 63
61 64 @PostMapping
  65 + @PreAuthorize("@check.checkPermissions({},{'api:yt:template:post'})")
62 66 public ResponseResult<MessageTemplateDTO> saveMessageTemplate(
63 67 @Validated({AddGroup.class}) @RequestBody MessageTemplateDTO templateDTO) throws ThingsboardException {
64 68 templateDTO.setTenantId(getCurrentUser().getCurrentTenantId());
... ... @@ -68,6 +72,7 @@ public class YtMessageTemplateController extends BaseController {
68 72 }
69 73
70 74 @DeleteMapping
  75 + @PreAuthorize("@check.checkPermissions({},{'api:yt:template:delete'})")
71 76 public ResponseResult<String> deleteMessageTemplate(
72 77 @Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO) {
73 78 return messageTemplateService.deleteMessageTemplate(deleteDTO.getIds())
... ... @@ -76,6 +81,7 @@ public class YtMessageTemplateController extends BaseController {
76 81 }
77 82
78 83 @PutMapping
  84 + @PreAuthorize("@check.checkPermissions({},{'api:yt:template:update'})")
79 85 public MessageTemplateDTO updateMessageTemplate(
80 86 @Validated({UpdateGroup.class}) @RequestBody MessageTemplateDTO templateDTO) {
81 87 Assert.notNull(templateDTO.getId(), "messageTemplate id cannot be null");
... ...
... ... @@ -4,6 +4,7 @@ import io.swagger.annotations.Api;
4 4 import io.swagger.annotations.ApiOperation;
5 5 import lombok.RequiredArgsConstructor;
6 6 import org.springframework.http.ResponseEntity;
  7 +import org.springframework.security.access.prepost.PreAuthorize;
7 8 import org.springframework.validation.annotation.Validated;
8 9 import org.springframework.web.bind.annotation.*;
9 10 import org.thingsboard.server.common.data.exception.ThingsboardException;
... ... @@ -64,6 +65,7 @@ public class YtNoticeController extends BaseController {
64 65 }
65 66
66 67 @GetMapping("{id}")
  68 + @PreAuthorize("@check.checkPermissions({},{'api:yt:notice:get'})")
67 69 @ApiOperation("详情")
68 70 public ResponseEntity<SysNoticeDTO> get(@PathVariable("id") String id)
69 71 throws ThingsboardException {
... ... @@ -71,12 +73,14 @@ public class YtNoticeController extends BaseController {
71 73 }
72 74
73 75 @DeleteMapping("delete")
  76 + @PreAuthorize("@check.checkPermissions({},{'api:yt:notice:delete:delete'})")
74 77 @ApiOperation("批量删除")
75 78 public void delete(@Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO) throws ThingsboardException {
76 79 sysNoticeService.delete(deleteDTO.getIds(), getCurrentUser().getCurrentTenantId());
77 80 }
78 81
79 82 @PostMapping("save")
  83 + @PreAuthorize("@check.checkPermissions({},{'api:yt:notice:post'})")
80 84 @ApiOperation("保存草稿")
81 85 public ResponseEntity<SysNoticeDTO> save(@Validated(AddGroup.class) @RequestBody SysNoticeDTO sysNoticeDTO) throws ThingsboardException {
82 86 sysNoticeDTO.setStatus(FastIotConstants.DraftStatus.DRAFT);
... ...
... ... @@ -4,6 +4,7 @@ import io.swagger.annotations.ApiOperation;
4 4 import lombok.RequiredArgsConstructor;
5 5 import org.jetbrains.annotations.NotNull;
6 6 import org.springframework.http.ResponseEntity;
  7 +import org.springframework.security.access.prepost.PreAuthorize;
7 8 import org.springframework.web.bind.annotation.*;
8 9 import org.thingsboard.server.common.data.exception.ThingsboardException;
9 10 import org.thingsboard.server.common.data.yunteng.dto.SysNoticeUserDTO;
... ...
... ... @@ -58,7 +58,7 @@ public class YtOpinionController extends BaseController {
58 58 }
59 59
60 60 @DeleteMapping
61   - @PreAuthorize("hasAnyAuthority('PLATFORM_ADMIN','SYS_ADMIN')")
  61 + @PreAuthorize("@check.checkPermissions({'PLATFORM_ADMIN','SYS_ADMIN'},{'api:yt:opinion:delete'})")
62 62 @ApiOperation("删除")
63 63 public boolean deleteAlarmProfile(@Validated(DeleteGroup.class) @RequestBody DeleteDTO deleteDTO)
64 64 throws ThingsboardException {
... ... @@ -67,7 +67,6 @@ public class YtOpinionController extends BaseController {
67 67 }
68 68
69 69 @GetMapping("{entityId}")
70   - @PreAuthorize("hasAnyAuthority('PLATFORM_ADMIN','SYS_ADMIN')")
71 70 @ApiOperation("详情")
72 71 public YtOpinionDTO detail(@PathVariable("entityId") String entityId)
73 72 throws ThingsboardException {
... ...
1 1 package org.thingsboard.server.controller.yunteng;
  2 +
2 3 import io.swagger.annotations.Api;
3 4 import io.swagger.annotations.ApiOperation;
4 5 import lombok.RequiredArgsConstructor;
5 6 import org.springframework.http.HttpStatus;
6 7 import org.springframework.http.ResponseEntity;
  8 +import org.springframework.security.access.prepost.PreAuthorize;
7 9 import org.springframework.validation.annotation.Validated;
8 10 import org.springframework.web.bind.annotation.*;
9 11 import org.springframework.web.servlet.support.ServletUriComponentsBuilder;
... ... @@ -14,6 +16,7 @@ import org.thingsboard.server.common.data.yunteng.dto.DeleteDTO;
14 16 import org.thingsboard.server.common.data.yunteng.dto.OrganizationDTO;
15 17 import org.thingsboard.server.controller.BaseController;
16 18 import org.thingsboard.server.dao.yunteng.service.YtOrganizationService;
  19 +
17 20 import java.net.URI;
18 21 import java.util.List;
19 22 import java.util.Optional;
... ... @@ -27,6 +30,7 @@ public class YtOrganizationController extends BaseController {
27 30 private final YtOrganizationService organizationService;
28 31
29 32 @PostMapping
  33 + @PreAuthorize("@check.checkPermissions({},{'api:yt:organization:post'})")
30 34 public ResponseEntity<OrganizationDTO> saveGroup(@RequestBody OrganizationDTO groupDTO)
31 35 throws ThingsboardException {
32 36 //如果当前登录的用户不是超级管理员或者租户管理员
... ... @@ -47,6 +51,7 @@ public class YtOrganizationController extends BaseController {
47 51 }
48 52
49 53 @DeleteMapping
  54 + @PreAuthorize("@check.checkPermissions({},{'api:yt:organization:delete'})")
50 55 public ResponseEntity<Boolean> deleteOrganizations(
51 56 @Validated(DeleteGroup.class) @RequestBody DeleteDTO deleteDTO) throws ThingsboardException {
52 57 return ResponseEntity.ok(
... ... @@ -65,6 +70,7 @@ public class YtOrganizationController extends BaseController {
65 70 }
66 71
67 72 @PutMapping
  73 + @PreAuthorize("@check.checkPermissions({},{'api:yt:organization:update'})")
68 74 public ResponseEntity updateOrganization(@Validated(UpdateGroup.class) @RequestBody OrganizationDTO groupDTO) throws ThingsboardException {
69 75 //如果当前登录的用户不是超级管理员或者租户管理员
70 76 boolean isCustomerOrPlatform = !getCurrentUser().isPtSysadmin() && !getCurrentUser().isPtTenantAdmin();
... ...
... ... @@ -4,6 +4,7 @@ import io.swagger.annotations.Api;
4 4 import io.swagger.annotations.ApiOperation;
5 5 import lombok.RequiredArgsConstructor;
6 6 import org.springframework.http.ResponseEntity;
  7 +import org.springframework.security.access.prepost.PreAuthorize;
7 8 import org.springframework.web.bind.annotation.*;
8 9 import org.thingsboard.server.common.data.exception.ThingsboardException;
9 10 import org.thingsboard.server.common.data.yunteng.dto.SysPlatformDesignDTO;
... ... @@ -24,12 +25,14 @@ public class YtPlatformDesignController extends BaseController {
24 25 private final SysPlatformDesignService sysPlatformDesignService;
25 26
26 27 @GetMapping("get")
  28 + @PreAuthorize("@check.checkPermissions({},{'api:yt:platform:get:get'})")
27 29 @ApiOperation("查询详情")
28 30 public ResponseEntity<SysPlatformDesignDTO> get() throws ThingsboardException {
29 31 return ResponseEntity.ok(sysPlatformDesignService.get(getCurrentUser().getCurrentTenantId()));
30 32 }
31 33
32 34 @PutMapping("update")
  35 + @PreAuthorize("@check.checkPermissions({},{'api:yt:platform:update:update'})")
33 36 @ApiOperation("更新")
34 37 public ResponseEntity update(@RequestBody SysPlatformDesignDTO sysPlatformDesignDTO)
35 38 throws ThingsboardException {
... ...
... ... @@ -33,7 +33,7 @@ import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.
33 33 @RequestMapping("api/yt/report_form/config")
34 34 @Api(tags = "报表配置信息")
35 35 @RequiredArgsConstructor
36   -@PreAuthorize("hasAnyAuthority('TENANT_ADMIN','CUSTOMER_USER')")
  36 +@PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{})")
37 37 public class YtReportFormConfigController extends BaseController {
38 38
39 39 private final YtReportFormConfigService reportFormConfigService;
... ... @@ -76,6 +76,7 @@ public class YtReportFormConfigController extends BaseController {
76 76
77 77 @PostMapping
78 78 @ApiOperation("新增")
  79 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:report_form:config:post'})")
79 80 public ResponseResult<ReportFormConfigDTO> saveReportFromConfig(
80 81 @Validated({AddGroup.class}) @RequestBody ReportFormConfigDTO configDTO)
81 82 throws ThingsboardException, SchedulerException {
... ... @@ -87,6 +88,7 @@ public class YtReportFormConfigController extends BaseController {
87 88
88 89 @PutMapping
89 90 @ApiOperation("编辑")
  91 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:report_form:config:update'})")
90 92 public ResponseResult<ReportFormConfigDTO> updateReportFromConfig(
91 93 @Validated({UpdateGroup.class}) @RequestBody ReportFormConfigDTO configDTO)
92 94 throws ThingsboardException, SchedulerException {
... ... @@ -105,6 +107,7 @@ public class YtReportFormConfigController extends BaseController {
105 107
106 108 @DeleteMapping
107 109 @ApiOperation("删除")
  110 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:report_form:config:delete'})")
108 111 public ResponseResult<Boolean> deleteReportFormConfig(
109 112 @Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO) throws SchedulerException {
110 113 return reportFormConfigService.deleteReportFormConfig(deleteDTO)
... ...
... ... @@ -37,7 +37,7 @@ import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.
37 37 @RequestMapping("api/yt/report/generate/record")
38 38 @Api(tags = "报表生成记录")
39 39 @RequiredArgsConstructor
40   -@PreAuthorize("hasAnyAuthority('TENANT_ADMIN','CUSTOMER_USER')")
  40 +@PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{})")
41 41 public class YtReportGenerateRecordController extends BaseController {
42 42
43 43 private final YtReportGenerateRecordService reportFormGenerateRecordService;
... ... @@ -80,6 +80,7 @@ public class YtReportGenerateRecordController extends BaseController {
80 80
81 81 @DeleteMapping
82 82 @ApiOperation("删除")
  83 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:report:generate:record:delete'})")
83 84 public ResponseResult<Boolean> deleteReportGenerateRecord(
84 85 @Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO) {
85 86 return reportFormGenerateRecordService.deleteReportGenerateRecord(deleteDTO)
... ...
... ... @@ -56,6 +56,7 @@ public class YtRoleController extends BaseController {
56 56 }
57 57
58 58 @DeleteMapping
  59 + @PreAuthorize("@check.checkPermissions({},{'api:yt:role:delete'})")
59 60 public void deleteRole(@RequestBody String[] ids) throws ThingsboardException {
60 61 roleService.deleteRole(ids,getCurrentUser().getCurrentTenantId());
61 62 }
... ... @@ -73,6 +74,7 @@ public class YtRoleController extends BaseController {
73 74 }
74 75
75 76 @PostMapping("saveOrUpdateRoleInfoWithMenu")
  77 + @PreAuthorize("@check.checkPermissions({},{'api:yt:role:saveOrUpdateRoleInfoWithMenu:post','api:yt:role:saveOrUpdateRoleInfoWithMenu:update'})")
76 78 public RoleDTO saveOrUpdateRoleInfoWithMenu(@RequestBody RoleReqDTO roleReqDTO) throws ThingsboardException {
77 79 return roleService.saveOrUpdateRoleInfoWithMenu(
78 80 roleReqDTO,
... ...
... ... @@ -38,13 +38,14 @@ import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.
38 38 @RequestMapping("/api/yt/sceneLinkage")
39 39 @RequiredArgsConstructor
40 40 @Api(tags = "场景联动")
41   -@PreAuthorize("hasAnyAuthority('TENANT_ADMIN','CUSTOMER_USER')")
  41 +@PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{})")
42 42 public class YtSceneLinkageController extends BaseController {
43 43
44 44 private final SceneLinkageService sceneLinkageService;
45 45
46 46 @ApiOperation(value = "新增场景联动")
47 47 @PostMapping
  48 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:sceneLinkage:post'})")
48 49 public ResponseEntity<SceneLinkageDTO> saveSceneLinkage(
49 50 @Validated(AddGroup.class) @RequestBody SceneLinkageDTO sceneLinkageDTO)
50 51 throws ThingsboardException {
... ... @@ -73,6 +74,7 @@ public class YtSceneLinkageController extends BaseController {
73 74
74 75 @ApiOperation("编辑")
75 76 @PostMapping("/update")
  77 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:sceneLinkage:update'})")
76 78 public SceneLinkageDTO updateSceneLinkage(
77 79 @Validated(UpdateGroup.class) @RequestBody SceneLinkageDTO sceneLinkageDTO)
78 80 throws ThingsboardException {
... ... @@ -109,6 +111,7 @@ public class YtSceneLinkageController extends BaseController {
109 111
110 112 @ApiOperation(value = "删除")
111 113 @DeleteMapping
  114 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:sceneLinkage:delete'})")
112 115 @AutoLog(value = EntityType.SCENE_ACT,actionType = ActionType.DELETED)
113 116 public void delete(@Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO)
114 117 throws ThingsboardException {
... ...
... ... @@ -18,14 +18,14 @@ import org.thingsboard.server.controller.BaseController;
18 18 import java.util.List;
19 19
20 20 import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.*;
21   -import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.PAGE;
22 21
23 22 @RestController
24 23 @RequestMapping("/api/yt/tenantProfiles")
25 24 @RequiredArgsConstructor
26 25 public class YtTenantProfilesController extends BaseController {
27 26
28   - @PreAuthorize("hasAnyAuthority('SYS_ADMIN')")
  27 +
  28 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN'},{})")
29 29 @GetMapping(
30 30 name = "page",
31 31 params = {PAGE_SIZE, PAGE})
... ...
... ... @@ -27,8 +27,6 @@ import org.thingsboard.server.common.data.yunteng.common.UpdateGroup;
27 27 import org.thingsboard.server.common.data.yunteng.core.exception.YtDataValidationException;
28 28 import org.thingsboard.server.common.data.yunteng.core.message.ErrorMessage;
29 29 import org.thingsboard.server.common.data.yunteng.core.utils.AccountProperties;
30   -import org.thingsboard.server.common.data.yunteng.utils.Demo;
31   -import org.thingsboard.server.common.data.yunteng.utils.ExcelUtil;
32 30 import org.thingsboard.server.common.data.yunteng.dto.DeleteDTO;
33 31 import org.thingsboard.server.common.data.yunteng.dto.UserDTO;
34 32 import org.thingsboard.server.common.data.yunteng.dto.UserInfoDTO;
... ... @@ -36,8 +34,10 @@ import org.thingsboard.server.common.data.yunteng.dto.request.AccountReqDTO;
36 34 import org.thingsboard.server.common.data.yunteng.dto.request.RoleOrOrganizationReqDTO;
37 35 import org.thingsboard.server.common.data.yunteng.enums.OrderTypeEnum;
38 36 import org.thingsboard.server.common.data.yunteng.enums.RoleEnum;
39   -import org.thingsboard.server.common.data.yunteng.utils.tools.YtPageData;
  37 +import org.thingsboard.server.common.data.yunteng.utils.Demo;
  38 +import org.thingsboard.server.common.data.yunteng.utils.ExcelUtil;
40 39 import org.thingsboard.server.common.data.yunteng.utils.tools.ResponseResult;
  40 +import org.thingsboard.server.common.data.yunteng.utils.tools.YtPageData;
41 41 import org.thingsboard.server.dao.user.UserService;
42 42 import org.thingsboard.server.dao.yunteng.service.YtUserService;
43 43 import org.thingsboard.server.service.security.model.SecurityUser;
... ... @@ -70,6 +70,7 @@ public class YtUserController extends AbstractUserAccount {
70 70 this.accountProperties = accountProperties;
71 71 }
72 72 @GetMapping("{userId}")
  73 + @PreAuthorize("@check.checkPermissions({},{'api:yt:user:get'})")
73 74 public ResponseEntity<UserDTO> getUser(@PathVariable("userId") String userId)
74 75 throws ThingsboardException {
75 76 return ResponseEntity.of(
... ... @@ -127,6 +128,7 @@ public class YtUserController extends AbstractUserAccount {
127 128
128 129 @PutMapping
129 130 @ApiOperation(value = "修改用户信息")
  131 + @PreAuthorize("@check.checkPermissions({},{'api:yt:user:update'})")
130 132 public UserDTO updateUser(@Validated(UpdateGroup.class) @RequestBody UserDTO userDTO)
131 133 throws ThingsboardException {
132 134 return userService.updateUser(
... ... @@ -144,7 +146,7 @@ public class YtUserController extends AbstractUserAccount {
144 146 }
145 147
146 148 @PostMapping
147   - @PreAuthorize("hasAnyAuthority('SYS_ADMIN','TENANT_ADMIN')")
  149 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','TENANT_ADMIN'},{'api:yt:user:post'})")
148 150 @ApiOperation(value = "新增用户")
149 151 public ResponseEntity<UserDTO> addUser(
150 152 @RequestParam(value = "sendEmail", required = false, defaultValue = "false")
... ... @@ -177,7 +179,8 @@ public class YtUserController extends AbstractUserAccount {
177 179 getCurrentUser().getCurrentTenantId()));
178 180 }
179 181
180   - @PreAuthorize("hasAnyAuthority('SYS_ADMIN')")
  182 +
  183 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN'},{'api:yt:user:saveTenantAdmin:post'})")
181 184 @PostMapping("saveTenantAdmin")
182 185 public UserDTO saveTenantAdmin(@Validated(AddGroup.class) @RequestBody UserDTO userDTO)
183 186 throws ThingsboardException {
... ... @@ -207,7 +210,7 @@ public class YtUserController extends AbstractUserAccount {
207 210 }
208 211
209 212 @DeleteMapping
210   - @PreAuthorize("hasAnyAuthority('SYS_ADMIN','TENANT_ADMIN')")
  213 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','TENANT_ADMIN'},{'api:yt:user:delete'})")
211 214 public void deleteUser(@Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO)
212 215 throws ThingsboardException {
213 216 // 如果当前用户是租户管理员,则代表创建的用户为CUSTOMER_USER,则需要调用TB,否则为本平台的管理员不需要调用TB
... ... @@ -274,7 +277,8 @@ public class YtUserController extends AbstractUserAccount {
274 277 return ResponseResult.success(userService.changePassword(user));
275 278 }
276 279
277   - @PreAuthorize("hasAnyAuthority('TENANT_ADMIN')")
  280 +
  281 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{})")
278 282 @ApiOperation(value = "获取租户下对应组织的所有客户")
279 283 @GetMapping("/customers/{organizationId}")
280 284 public ResponseEntity<List<UserDTO>> getMyCustomers(@PathVariable String organizationId)
... ...
... ... @@ -12,7 +12,6 @@ import org.thingsboard.server.common.data.yunteng.common.DeleteGroup;
12 12 import org.thingsboard.server.common.data.yunteng.dto.DeleteDTO;
13 13 import org.thingsboard.server.common.data.yunteng.dto.YtVideoDTO;
14 14 import org.thingsboard.server.common.data.yunteng.enums.OrderTypeEnum;
15   -import org.thingsboard.server.common.data.yunteng.utils.tools.ProtocolType;
16 15 import org.thingsboard.server.common.data.yunteng.utils.tools.ResponseResult;
17 16 import org.thingsboard.server.common.data.yunteng.utils.tools.YtPageData;
18 17 import org.thingsboard.server.controller.BaseController;
... ... @@ -28,7 +27,7 @@ import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.
28 27 @RequestMapping("api/yt/video")
29 28 @Api(tags = {"视频流"})
30 29 @RequiredArgsConstructor
31   -@PreAuthorize("hasAnyAuthority('TENANT_ADMIN','CUSTOMER_USER')")
  30 +@PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{})")
32 31 public class YtVideoController extends BaseController {
33 32
34 33 private final YtVideoService videoService;
... ... @@ -56,6 +55,7 @@ public class YtVideoController extends BaseController {
56 55
57 56 @PostMapping
58 57 @ApiOperation("新增|编辑")
  58 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:video:post','api:yt:video:update'})")
59 59 public YtVideoDTO saveOrUpdateAlarmProfile(
60 60 @Validated @RequestBody YtVideoDTO dto) throws ThingsboardException {
61 61 dto.setTenantId(getCurrentUser().getCurrentTenantId());
... ... @@ -64,6 +64,7 @@ public class YtVideoController extends BaseController {
64 64
65 65 @DeleteMapping
66 66 @ApiOperation("删除")
  67 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:video:delete'})")
67 68 public boolean deleteAlarmProfile(@Validated(DeleteGroup.class) @RequestBody DeleteDTO deleteDTO)
68 69 throws ThingsboardException {
69 70 deleteDTO.setTenantId(getCurrentUser().getCurrentTenantId());
... ... @@ -72,6 +73,7 @@ public class YtVideoController extends BaseController {
72 73
73 74 @GetMapping("{entityId}")
74 75 @ApiOperation("详情")
  76 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:video:get'})")
75 77 public YtVideoDTO detail(@PathVariable("entityId") String entityId)
76 78 throws ThingsboardException {
77 79 return videoService.detail(getCurrentUser().getCurrentTenantId(), entityId);
... ...
... ... @@ -25,7 +25,7 @@ import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.
25 25 @RequestMapping("api/yt/video/platform")
26 26 @Api(tags = {"流媒体平台配置"})
27 27 @RequiredArgsConstructor
28   -@PreAuthorize("hasAnyAuthority('TENANT_ADMIN','CUSTOMER_USER')")
  28 +@PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{})")
29 29 public class YtVideoPlatformController extends BaseController {
30 30
31 31 private final YtVideoPlatformService videoPlatformService;
... ... @@ -49,6 +49,7 @@ public class YtVideoPlatformController extends BaseController {
49 49
50 50 @PostMapping
51 51 @ApiOperation("新增|编辑")
  52 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:video:platform:post','api:yt:video:platform:update'})")
52 53 public YtVideoPlatformDTO saveOrUpdateVideoPlatform(
53 54 @Validated @RequestBody YtVideoPlatformDTO dto) throws ThingsboardException {
54 55 dto.setTenantId(getCurrentUser().getCurrentTenantId());
... ... @@ -57,6 +58,7 @@ public class YtVideoPlatformController extends BaseController {
57 58
58 59 @DeleteMapping
59 60 @ApiOperation("删除")
  61 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:video:platform:delete'})")
60 62 public boolean deleteVideoPlatform(@Validated(DeleteGroup.class) @RequestBody DeleteDTO deleteDTO)
61 63 throws ThingsboardException {
62 64 deleteDTO.setTenantId(getCurrentUser().getCurrentTenantId());
... ...
... ... @@ -42,6 +42,7 @@ import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
42 42 import org.thingsboard.server.common.data.exception.ThingsboardException;
43 43 import org.thingsboard.server.common.data.yunteng.core.Result;
44 44 import org.thingsboard.server.common.data.yunteng.core.exception.ThingsKitException;
  45 +import org.thingsboard.server.common.data.yunteng.core.message.ErrorMessage;
45 46 import org.thingsboard.server.common.msg.tools.TbRateLimitsException;
46 47 import org.thingsboard.server.dao.exception.DataValidationException;
47 48 import org.thingsboard.server.service.security.exception.AuthMethodNotSupportedException;
... ... @@ -199,7 +200,7 @@ public class ThingsboardErrorResponseHandler extends ResponseEntityExceptionHand
199 200 } else if (authenticationException instanceof DisabledException) {
200 201 mapper.writeValue(response.getWriter(), ThingsboardErrorResponse.of("User account is not active", ThingsboardErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED));
201 202 } else if (authenticationException instanceof LockedException) {
202   - mapper.writeValue(response.getWriter(), ThingsboardErrorResponse.of("User account is locked due to security policy", ThingsboardErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED));
  203 + mapper.writeValue(response.getWriter(), ThingsboardErrorResponse.of(ErrorMessage.ACCOUNT_LOCKED.getMessage(), ThingsboardErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED));
203 204 } else if (authenticationException instanceof JwtExpiredTokenException) {
204 205 mapper.writeValue(response.getWriter(), ThingsboardErrorResponse.of("Token has expired", ThingsboardErrorCode.JWT_TOKEN_EXPIRED, HttpStatus.UNAUTHORIZED));
205 206 } else if (authenticationException instanceof AuthMethodNotSupportedException) {
... ...
... ... @@ -11,6 +11,7 @@ public enum ErrorMessage {
11 11 ACCOUNT_DISABLED(403002, "账号已禁用"),
12 12 ACCESS_DENIED(403003, "拒绝访问"),
13 13 AUTHENTICATION_METHOD_NOT_SUPPORTED(403004, "authentication method not supported"),
  14 + ACCOUNT_LOCKED(403002, "根据相关安全策略账号已锁定!"),
14 15 USERNAME_PASSWORD_INCORRECT(401001, "incorrect username or password"),
15 16 TOKEN_EXPIRED(401002, "token has expired"),
16 17 NONE_TENANT_ASSET(401003, "not current tenant asset"),
... ...
... ... @@ -27,10 +27,7 @@ import org.thingsboard.server.dao.yunteng.service.AbstractBaseService;
27 27 import org.thingsboard.server.dao.yunteng.service.MenuService;
28 28 import org.thingsboard.server.dao.yunteng.service.RoleService;
29 29
30   -import java.util.List;
31   -import java.util.Map;
32   -import java.util.Optional;
33   -import java.util.Set;
  30 +import java.util.*;
34 31 import java.util.stream.Collectors;
35 32
36 33 @Service
... ... @@ -183,32 +180,55 @@ public class RoleServiceImpl extends AbstractBaseService<RoleMapper, Role> imple
183 180 role.setTenantId(tenantId);
184 181 baseMapper.insert(role);
185 182 }
  183 + Set<String> oldMenus = menuMapper.selectRoleMenuIds(role.getId());
186 184 // do update or save menu associate with this roleId
187 185 menuService.assignMenuToRole(
188 186 roleReqDTO.getMenu().toArray(new String[roleReqDTO.getMenu().size()]), role.getId());
189 187 // 如果是租户管理员角色并且是更新,则需要更新租户菜单表
190 188 if (role.getRoleType().equals(RoleEnum.TENANT_ADMIN.name()) && update) {
191   - List<String> menus = roleReqDTO.getMenu();
  189 + List<String> newMenus = roleReqDTO.getMenu();
  190 + Set<String> removeMenus = new HashSet<>();
  191 + for(String menu: oldMenus){
  192 + if(newMenus.contains(menu)){
  193 + newMenus.remove(menu);
  194 + }else{
  195 + removeMenus.add(menu);
  196 + }
  197 + }
192 198 // 先删除以前的租户菜单,再更新新的租户菜单
193 199 // 1、查询这个角色有几个租户用户
194 200 // 2、删除并更新对应租户的信息
  201 + // 3、超级管理员删除租户角色菜单时,同步删除租户内客户角色的权限,租户ID+菜单ID
195 202 List<TenantRole> tenantRoles =
196 203 tenantRoleMapper.selectList(
197 204 new QueryWrapper<TenantRole>().lambda().eq(TenantRole::getRoleId, role.getId()));
198 205 tenantRoles.forEach(
199 206 tenantRole -> {
200 207 String updateTenantId = tenantRole.getTenantId();
201   - tenantMenuMapper.delete(
202   - new QueryWrapper<TenantMenu>()
203   - .lambda()
204   - .eq(TenantMenu::getTenantId, updateTenantId));
205   - menus.forEach(
  208 +
  209 + if(!removeMenus.isEmpty()){
  210 + //刷新租户的菜单
  211 + tenantMenuMapper.delete(
  212 + new QueryWrapper<TenantMenu>()
  213 + .lambda()
  214 + .eq(TenantMenu::getTenantId, updateTenantId)
  215 + .in(TenantMenu::getMenuId,removeMenus));
  216 + //刷新客户的菜单
  217 + List<Role> customerRoles = baseMapper.selectList(
  218 + new QueryWrapper<Role>()
  219 + .lambda()
  220 + .eq(Role::getTenantId, updateTenantId)
  221 + .eq(Role::getRoleType,RoleEnum.CUSTOMER_USER.name()));
  222 + customerRoles.forEach(cr -> menuMapper.removeMenuFromRole(cr.getId(),removeMenus));
  223 + }
  224 + newMenus.forEach(
206 225 menu -> {
207 226 TenantMenu tenantMenu = new TenantMenu();
208 227 tenantMenu.setMenuId(menu);
209 228 tenantMenu.setTenantId(updateTenantId);
210 229 tenantMenuMapper.insert(tenantMenu);
211 230 });
  231 +
212 232 });
213 233 }
214 234 cacheUtils.invalidateCacheName(FastIotConstants.CacheConfigKey.CACHE_CONFIG_KEY);
... ...