简柏林 / thingskit · Commits

Commit dc32fe140d74d11bb32b2a198a4bfd0cd6ffae2b

Authored by xp.Huang
2 parents 4c71b7d9 0263eb6b

Merge branch '20220907' into 'master' 

feat: 后端接口添加角色权限标识

See merge request huang/thingsboard3.3.2!130
Inline Side-by-side
Showing 37 changed files with 191 additions and 74 deletions
@@ -25,7 +25,7 @@ import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant. @@ -25,7 +25,7 @@ import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.
25 @RequestMapping("api/yt/alarm/profile") 25 @RequestMapping("api/yt/alarm/profile")
26 @Api(tags = {"告警配置"}) 26 @Api(tags = {"告警配置"})
27 @RequiredArgsConstructor 27 @RequiredArgsConstructor
28 -@PreAuthorize("hasAnyAuthority('TENANT_ADMIN','CUSTOMER_USER')") 28 +@PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{})")
29 public class AlarmProfileController extends BaseController { 29 public class AlarmProfileController extends BaseController {
30 30
31 private final AlarmProfileService alarmProfileService; 31 private final AlarmProfileService alarmProfileService;
@@ -61,6 +61,7 @@ public class AlarmProfileController extends BaseController { @@ -61,6 +61,7 @@ public class AlarmProfileController extends BaseController {
61 61
62 @PostMapping 62 @PostMapping
63 @ApiOperation("新增|编辑") 63 @ApiOperation("新增|编辑")
  64 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:alarm:profile:post','api:yt:alarm:profile:update'})")
64 public AlarmProfileDTO saveOrUpdateAlarmProfile( 65 public AlarmProfileDTO saveOrUpdateAlarmProfile(
65 @Validated @RequestBody AlarmProfileDTO alarmProfileDTO) throws ThingsboardException { 66 @Validated @RequestBody AlarmProfileDTO alarmProfileDTO) throws ThingsboardException {
66 alarmProfileDTO.setTenantId(getCurrentUser().getCurrentTenantId()); 67 alarmProfileDTO.setTenantId(getCurrentUser().getCurrentTenantId());
@@ -69,6 +70,7 @@ public class AlarmProfileController extends BaseController { @@ -69,6 +70,7 @@ public class AlarmProfileController extends BaseController {
69 70
70 @DeleteMapping 71 @DeleteMapping
71 @ApiOperation("删除") 72 @ApiOperation("删除")
  73 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:alarm:profile:delete'})")
72 public boolean deleteAlarmProfile(@Validated(DeleteGroup.class) @RequestBody DeleteDTO deleteDTO) 74 public boolean deleteAlarmProfile(@Validated(DeleteGroup.class) @RequestBody DeleteDTO deleteDTO)
73 throws ThingsboardException { 75 throws ThingsboardException {
74 deleteDTO.setTenantId(getCurrentUser().getCurrentTenantId()); 76 deleteDTO.setTenantId(getCurrentUser().getCurrentTenantId());
@@ -77,6 +79,7 @@ public class AlarmProfileController extends BaseController { @@ -77,6 +79,7 @@ public class AlarmProfileController extends BaseController {
77 79
78 @GetMapping("{alarmProfileId}/{status}") 80 @GetMapping("{alarmProfileId}/{status}")
79 @ApiOperation("更新状态") 81 @ApiOperation("更新状态")
  82 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:alarm:profile:update'})")
80 public AlarmProfileDTO saveOrUpdateAlarmProfile( 83 public AlarmProfileDTO saveOrUpdateAlarmProfile(
81 @PathVariable("alarmProfileId") String alarmProfileId, @PathVariable("status") Integer status) 84 @PathVariable("alarmProfileId") String alarmProfileId, @PathVariable("status") Integer status)
82 throws ThingsboardException { 85 throws ThingsboardException {
@@ -14,7 +14,9 @@ import org.springframework.web.context.request.async.DeferredResult; @@ -14,7 +14,9 @@ import org.springframework.web.context.request.async.DeferredResult;
14 import org.thingsboard.server.common.data.exception.ThingsboardException; 14 import org.thingsboard.server.common.data.exception.ThingsboardException;
15 import org.thingsboard.server.common.data.query.TsValue; 15 import org.thingsboard.server.common.data.query.TsValue;
16 import org.thingsboard.server.common.data.yunteng.core.message.ErrorMessage; 16 import org.thingsboard.server.common.data.yunteng.core.message.ErrorMessage;
17 -import org.thingsboard.server.common.data.yunteng.dto.*; 17 +import org.thingsboard.server.common.data.yunteng.dto.HomePageLeftTopDTO;
  18 +import org.thingsboard.server.common.data.yunteng.dto.TenantDTO;
  19 +import org.thingsboard.server.common.data.yunteng.dto.TenantTransportMessageDTO;
18 import org.thingsboard.server.common.data.yunteng.dto.statistics.HomePageAppDTO; 20 import org.thingsboard.server.common.data.yunteng.dto.statistics.HomePageAppDTO;
19 import org.thingsboard.server.common.data.yunteng.enums.TrendType; 21 import org.thingsboard.server.common.data.yunteng.enums.TrendType;
20 import org.thingsboard.server.common.data.yunteng.utils.tools.YtPageData; 22 import org.thingsboard.server.common.data.yunteng.utils.tools.YtPageData;
@@ -52,7 +54,7 @@ public class HomePageController extends BaseController { @@ -52,7 +54,7 @@ public class HomePageController extends BaseController {
52 54
53 @GetMapping("right/overdue") 55 @GetMapping("right/overdue")
54 @ApiOperation(value = "获取右侧过期租户信息") 56 @ApiOperation(value = "获取右侧过期租户信息")
55 - @PreAuthorize("hasAnyAuthority('SYS_ADMIN','PLATFORM_ADMIN')") 57 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN'},{})")
56 public ResponseEntity<YtPageData<TenantDTO>> getRightTopInfo( 58 public ResponseEntity<YtPageData<TenantDTO>> getRightTopInfo(
57 @RequestParam(PAGE) int page, @RequestParam(PAGE_SIZE) int pageSize) { 59 @RequestParam(PAGE) int page, @RequestParam(PAGE_SIZE) int pageSize) {
58 HashMap<String, Object> queryMap = new HashMap<>(); 60 HashMap<String, Object> queryMap = new HashMap<>();
@@ -63,14 +65,14 @@ public class HomePageController extends BaseController { @@ -63,14 +65,14 @@ public class HomePageController extends BaseController {
63 65
64 @GetMapping("right/top10") 66 @GetMapping("right/top10")
65 @ApiOperation(value = "获取右侧Top10") 67 @ApiOperation(value = "获取右侧Top10")
66 - @PreAuthorize("hasAnyAuthority('SYS_ADMIN','PLATFORM_ADMIN')") 68 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN'},{})")
67 public DeferredResult<List<TenantTransportMessageDTO>> getTop10() { 69 public DeferredResult<List<TenantTransportMessageDTO>> getTop10() {
68 return homePageService.getTop10(); 70 return homePageService.getTop10();
69 } 71 }
70 72
71 @GetMapping("left/bottom") 73 @GetMapping("left/bottom")
72 @ApiOperation(value = "获取左侧底部信息") 74 @ApiOperation(value = "获取左侧底部信息")
73 - @PreAuthorize("hasAnyAuthority('SYS_ADMIN','PLATFORM_ADMIN','CUSTOMER_USER')") 75 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN','CUSTOMER_USER'},{})")
74 public DeferredResult<List<TsValue>> getLeftBottomInfo( 76 public DeferredResult<List<TsValue>> getLeftBottomInfo(
75 @RequestParam(value = "startTs") long startTs, 77 @RequestParam(value = "startTs") long startTs,
76 @RequestParam("endTs") long endTs, 78 @RequestParam("endTs") long endTs,
@@ -37,7 +37,10 @@ import org.thingsboard.server.service.install.InstallScripts; @@ -37,7 +37,10 @@ import org.thingsboard.server.service.install.InstallScripts;
37 import org.thingsboard.server.service.security.permission.Operation; 37 import org.thingsboard.server.service.security.permission.Operation;
38 38
39 import java.net.URI; 39 import java.net.URI;
40 -import java.util.*; 40 +import java.util.HashMap;
  41 +import java.util.List;
  42 +import java.util.Optional;
  43 +import java.util.UUID;
41 44
42 import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.*; 45 import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.*;
43 46
@@ -45,7 +48,7 @@ import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant. @@ -45,7 +48,7 @@ import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.
45 @RequestMapping("api/yt/admin") 48 @RequestMapping("api/yt/admin")
46 @Api(tags = {"租户管理", "菜单管理"}) 49 @Api(tags = {"租户管理", "菜单管理"})
47 @RequiredArgsConstructor 50 @RequiredArgsConstructor
48 -@PreAuthorize("hasAnyAuthority('SYS_ADMIN','PLATFORM_ADMIN')") 51 +@PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN'},{})")
49 public class YtAdminController extends BaseController { 52 public class YtAdminController extends BaseController {
50 53
51 private final YtTenantService ytTenantService; 54 private final YtTenantService ytTenantService;
@@ -56,7 +59,7 @@ public class YtAdminController extends BaseController { @@ -56,7 +59,7 @@ public class YtAdminController extends BaseController {
56 private final UserService tbUserService; 59 private final UserService tbUserService;
57 60
58 @PostMapping("/tenant") 61 @PostMapping("/tenant")
59 - @PreAuthorize("hasAnyAuthority('api:yt:admin:saveTenant')") 62 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN'},{'api:yt:admin:tenant:post'})")
60 public ResponseEntity<TenantDTO> saveTenant(@RequestBody TenantReqDTO tenantReqDTO) { 63 public ResponseEntity<TenantDTO> saveTenant(@RequestBody TenantReqDTO tenantReqDTO) {
61 TenantDTO newTenant = ytTenantService.createNewTenant(tenantReqDTO); 64 TenantDTO newTenant = ytTenantService.createNewTenant(tenantReqDTO);
62 URI location = 65 URI location =
@@ -88,6 +91,7 @@ public class YtAdminController extends BaseController { @@ -88,6 +91,7 @@ public class YtAdminController extends BaseController {
88 } 91 }
89 92
90 @PutMapping("/tenant") 93 @PutMapping("/tenant")
  94 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN'},{'api:yt:admin:tenant:update'})")
91 public TenantDTO updateTenant(@RequestBody TenantDTO tenantDTO) { 95 public TenantDTO updateTenant(@RequestBody TenantDTO tenantDTO) {
92 Assert.notNull(tenantDTO, "tenant cannot be null"); 96 Assert.notNull(tenantDTO, "tenant cannot be null");
93 Assert.notNull(tenantDTO.getId(), "tenant id cannot be null when update"); 97 Assert.notNull(tenantDTO.getId(), "tenant id cannot be null when update");
@@ -101,6 +105,7 @@ public class YtAdminController extends BaseController { @@ -101,6 +105,7 @@ public class YtAdminController extends BaseController {
101 } 105 }
102 106
103 @DeleteMapping("/tenant") 107 @DeleteMapping("/tenant")
  108 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN'},{'api:yt:admin:tenant:delete'})")
104 public void deleteTenant(@Validated(DeleteGroup.class) @RequestBody DeleteDTO deleteDTO) 109 public void deleteTenant(@Validated(DeleteGroup.class) @RequestBody DeleteDTO deleteDTO)
105 throws ThingsboardException { 110 throws ThingsboardException {
106 111
@@ -124,6 +129,7 @@ public class YtAdminController extends BaseController { @@ -124,6 +129,7 @@ public class YtAdminController extends BaseController {
124 } 129 }
125 130
126 @DeleteMapping("/user/deleteTenantAdmin") 131 @DeleteMapping("/user/deleteTenantAdmin")
  132 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN'},{'api:yt:admin:user:deleteTenantAdmin:delete'})")
127 public ResponseEntity<Boolean> deleteTenantAdmin( 133 public ResponseEntity<Boolean> deleteTenantAdmin(
128 @Validated(DeleteGroup.class) @RequestBody DeleteDTO deleteDTO) throws ThingsboardException { 134 @Validated(DeleteGroup.class) @RequestBody DeleteDTO deleteDTO) throws ThingsboardException {
129 for (String strUserId : deleteDTO.getIds()) { 135 for (String strUserId : deleteDTO.getIds()) {
@@ -146,6 +152,7 @@ public class YtAdminController extends BaseController { @@ -146,6 +152,7 @@ public class YtAdminController extends BaseController {
146 } 152 }
147 153
148 @PostMapping("/tenant/adminUser") 154 @PostMapping("/tenant/adminUser")
  155 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN'},{'api:yt:admin:tenant:adminUser:post'})")
149 public ResponseEntity<UserDTO> createTenantAdmin( 156 public ResponseEntity<UserDTO> createTenantAdmin(
150 @RequestParam(value = "sendEmail", required = false, defaultValue = "false") 157 @RequestParam(value = "sendEmail", required = false, defaultValue = "false")
151 boolean sendEmail, 158 boolean sendEmail,
@@ -43,6 +43,7 @@ public class YtAlarmContactController extends BaseController { @@ -43,6 +43,7 @@ public class YtAlarmContactController extends BaseController {
43 43
44 @ApiOperation(value = "新增联系人|编辑") 44 @ApiOperation(value = "新增联系人|编辑")
45 @PostMapping 45 @PostMapping
  46 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:alarmContact:post','api:yt:alarmContact:update'})")
46 public ResponseEntity<AlarmContactDTO> saveAlarmContact( 47 public ResponseEntity<AlarmContactDTO> saveAlarmContact(
47 @Validated(AddGroup.class) @RequestBody AlarmContactDTO alarmContactDTO) 48 @Validated(AddGroup.class) @RequestBody AlarmContactDTO alarmContactDTO)
48 throws ThingsboardException { 49 throws ThingsboardException {
@@ -70,8 +71,9 @@ public class YtAlarmContactController extends BaseController { @@ -70,8 +71,9 @@ public class YtAlarmContactController extends BaseController {
70 return ResponseEntity.ok(all); 71 return ResponseEntity.ok(all);
71 } 72 }
72 73
73 - @PreAuthorize("hasAnyAuthority('TENANT_ADMIN','CUSTOMER_USER')") 74 +
74 @ApiOperation(value = "分页查询") 75 @ApiOperation(value = "分页查询")
  76 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{})")
75 @GetMapping(params = {PAGE_SIZE, PAGE}) 77 @GetMapping(params = {PAGE_SIZE, PAGE})
76 public YtPageData<AlarmContactDTO> pageAlarm( 78 public YtPageData<AlarmContactDTO> pageAlarm(
77 @RequestParam(PAGE_SIZE) int pageSize, 79 @RequestParam(PAGE_SIZE) int pageSize,
@@ -97,6 +99,7 @@ public class YtAlarmContactController extends BaseController { @@ -97,6 +99,7 @@ public class YtAlarmContactController extends BaseController {
97 99
98 @ApiOperation(value = "删除") 100 @ApiOperation(value = "删除")
99 @DeleteMapping 101 @DeleteMapping
  102 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:alarmContact:delete'})")
100 public void deleteById(@RequestBody String[] ids) throws ThingsboardException { 103 public void deleteById(@RequestBody String[] ids) throws ThingsboardException {
101 if (ids.length == 0) { 104 if (ids.length == 0) {
102 throw new YtDataValidationException("please provide alarm ids to delete"); 105 throw new YtDataValidationException("please provide alarm ids to delete");
@@ -117,6 +120,7 @@ public class YtAlarmContactController extends BaseController { @@ -117,6 +120,7 @@ public class YtAlarmContactController extends BaseController {
117 120
118 @ApiOperation(value = "修改告警联系人信息") 121 @ApiOperation(value = "修改告警联系人信息")
119 @PostMapping("/update") 122 @PostMapping("/update")
  123 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:alarmContact:update:update'})")
120 public void update(@RequestBody AlarmContactDTO alarmContactDTO) { 124 public void update(@RequestBody AlarmContactDTO alarmContactDTO) {
121 125
122 alarmService.update(alarmContactDTO); 126 alarmService.update(alarmContactDTO);
@@ -3,7 +3,6 @@ package org.thingsboard.server.controller.yunteng; @@ -3,7 +3,6 @@ package org.thingsboard.server.controller.yunteng;
3 import io.swagger.annotations.Api; 3 import io.swagger.annotations.Api;
4 import io.swagger.annotations.ApiOperation; 4 import io.swagger.annotations.ApiOperation;
5 import lombok.RequiredArgsConstructor; 5 import lombok.RequiredArgsConstructor;
6 -import org.apache.commons.lang3.StringUtils;  
7 import org.springframework.http.ResponseEntity; 6 import org.springframework.http.ResponseEntity;
8 import org.springframework.security.access.prepost.PreAuthorize; 7 import org.springframework.security.access.prepost.PreAuthorize;
9 import org.springframework.web.bind.annotation.GetMapping; 8 import org.springframework.web.bind.annotation.GetMapping;
@@ -14,8 +13,6 @@ import org.thingsboard.server.common.data.EntityType; @@ -14,8 +13,6 @@ import org.thingsboard.server.common.data.EntityType;
14 import org.thingsboard.server.common.data.alarm.AlarmSeverity; 13 import org.thingsboard.server.common.data.alarm.AlarmSeverity;
15 import org.thingsboard.server.common.data.alarm.AlarmStatus; 14 import org.thingsboard.server.common.data.alarm.AlarmStatus;
16 import org.thingsboard.server.common.data.exception.ThingsboardException; 15 import org.thingsboard.server.common.data.exception.ThingsboardException;
17 -import org.thingsboard.server.common.data.id.CustomerId;  
18 -import org.thingsboard.server.common.data.page.TimePageLink;  
19 import org.thingsboard.server.common.data.yunteng.dto.SysDictDTO; 16 import org.thingsboard.server.common.data.yunteng.dto.SysDictDTO;
20 import org.thingsboard.server.common.data.yunteng.enums.DeviceTypeEnum; 17 import org.thingsboard.server.common.data.yunteng.enums.DeviceTypeEnum;
21 import org.thingsboard.server.common.data.yunteng.enums.OrderTypeEnum; 18 import org.thingsboard.server.common.data.yunteng.enums.OrderTypeEnum;
@@ -46,8 +43,8 @@ public class YtAlarmInfoController extends BaseController { @@ -46,8 +43,8 @@ public class YtAlarmInfoController extends BaseController {
46 43
47 44
48 //分页测试通过 45 //分页测试通过
49 - @PreAuthorize("hasAnyAuthority('TENANT_ADMIN','CUSTOMER_USER')")  
50 @ApiOperation(value = "查询") 46 @ApiOperation(value = "查询")
  47 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{})")
51 @GetMapping(params = {PAGE_SIZE, PAGE}) 48 @GetMapping(params = {PAGE_SIZE, PAGE})
52 public YtPageData<YtAlarmEntity> pageAlarmInfo( 49 public YtPageData<YtAlarmEntity> pageAlarmInfo(
53 @RequestParam(PAGE_SIZE) int pageSize, 50 @RequestParam(PAGE_SIZE) int pageSize,
@@ -4,6 +4,7 @@ import io.swagger.annotations.Api; @@ -4,6 +4,7 @@ import io.swagger.annotations.Api;
4 import io.swagger.annotations.ApiOperation; 4 import io.swagger.annotations.ApiOperation;
5 import lombok.RequiredArgsConstructor; 5 import lombok.RequiredArgsConstructor;
6 import org.springframework.http.ResponseEntity; 6 import org.springframework.http.ResponseEntity;
  7 +import org.springframework.security.access.prepost.PreAuthorize;
7 import org.springframework.web.bind.annotation.*; 8 import org.springframework.web.bind.annotation.*;
8 import org.thingsboard.server.common.data.exception.ThingsboardException; 9 import org.thingsboard.server.common.data.exception.ThingsboardException;
9 import org.thingsboard.server.common.data.yunteng.dto.SysAppDesignDTO; 10 import org.thingsboard.server.common.data.yunteng.dto.SysAppDesignDTO;
@@ -25,12 +26,14 @@ public class YtAppDesignController extends BaseController { @@ -25,12 +26,14 @@ public class YtAppDesignController extends BaseController {
25 26
26 @GetMapping("get") 27 @GetMapping("get")
27 @ApiOperation("查询详情") 28 @ApiOperation("查询详情")
  29 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{'api:yt:appDesign:get:get'})")
28 public ResponseEntity<SysAppDesignDTO> get() throws ThingsboardException { 30 public ResponseEntity<SysAppDesignDTO> get() throws ThingsboardException {
29 return ResponseEntity.ok(sysAppDesignService.get(getCurrentUser().getCurrentTenantId())); 31 return ResponseEntity.ok(sysAppDesignService.get(getCurrentUser().getCurrentTenantId()));
30 } 32 }
31 33
32 @PutMapping("update") 34 @PutMapping("update")
33 @ApiOperation("更新") 35 @ApiOperation("更新")
  36 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{'api:yt:appDesign:update:update'})")
34 public ResponseEntity update(@RequestBody SysAppDesignDTO sysAppDesignDTO) 37 public ResponseEntity update(@RequestBody SysAppDesignDTO sysAppDesignDTO)
35 throws ThingsboardException { 38 throws ThingsboardException {
36 sysAppDesignDTO.setId(null); 39 sysAppDesignDTO.setId(null);
@@ -23,13 +23,12 @@ import org.thingsboard.server.dao.yunteng.service.YtConfigurationCenterService; @@ -23,13 +23,12 @@ import org.thingsboard.server.dao.yunteng.service.YtConfigurationCenterService;
23 import java.util.HashMap; 23 import java.util.HashMap;
24 24
25 import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.*; 25 import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.*;
26 -import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.ORDER_TYPE;  
27 26
28 @RestController 27 @RestController
29 @RequestMapping("/api/yt/configuration/center") 28 @RequestMapping("/api/yt/configuration/center")
30 @RequiredArgsConstructor 29 @RequiredArgsConstructor
31 @Api(tags = "组态中心") 30 @Api(tags = "组态中心")
32 -@PreAuthorize("hasAnyAuthority('TENANT_ADMIN','CUSTOMER_USER')") 31 +@PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{})")
33 public class YtConfigurationCenterController extends BaseController { 32 public class YtConfigurationCenterController extends BaseController {
34 33
35 private final YtConfigurationCenterService ytConfigurationCenterService; 34 private final YtConfigurationCenterService ytConfigurationCenterService;
@@ -68,6 +67,7 @@ public class YtConfigurationCenterController extends BaseController { @@ -68,6 +67,7 @@ public class YtConfigurationCenterController extends BaseController {
68 67
69 @PostMapping 68 @PostMapping
70 @ApiOperation("新增") 69 @ApiOperation("新增")
  70 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:configuration:center:post'})")
71 public ResponseEntity<ConfigurationCenterDTO> save( 71 public ResponseEntity<ConfigurationCenterDTO> save(
72 @Validated({AddGroup.class}) @RequestBody ConfigurationCenterDTO configurationCenterDTO) 72 @Validated({AddGroup.class}) @RequestBody ConfigurationCenterDTO configurationCenterDTO)
73 throws ThingsboardException { 73 throws ThingsboardException {
@@ -78,6 +78,7 @@ public class YtConfigurationCenterController extends BaseController { @@ -78,6 +78,7 @@ public class YtConfigurationCenterController extends BaseController {
78 78
79 @PutMapping 79 @PutMapping
80 @ApiOperation("修改") 80 @ApiOperation("修改")
  81 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:configuration:center:update'})")
81 public ResponseEntity<ConfigurationCenterDTO> update( 82 public ResponseEntity<ConfigurationCenterDTO> update(
82 @Validated({UpdateGroup.class}) @RequestBody ConfigurationCenterDTO configurationCenterDTO) 83 @Validated({UpdateGroup.class}) @RequestBody ConfigurationCenterDTO configurationCenterDTO)
83 throws ThingsboardException { 84 throws ThingsboardException {
@@ -88,6 +89,7 @@ public class YtConfigurationCenterController extends BaseController { @@ -88,6 +89,7 @@ public class YtConfigurationCenterController extends BaseController {
88 89
89 @DeleteMapping 90 @DeleteMapping
90 @ApiOperation("删除") 91 @ApiOperation("删除")
  92 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:configuration:center:delete'})")
91 public ResponseEntity<Boolean> delete( 93 public ResponseEntity<Boolean> delete(
92 @Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO) 94 @Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO)
93 throws ThingsboardException { 95 throws ThingsboardException {
@@ -4,6 +4,7 @@ import io.swagger.annotations.Api; @@ -4,6 +4,7 @@ import io.swagger.annotations.Api;
4 import io.swagger.annotations.ApiOperation; 4 import io.swagger.annotations.ApiOperation;
5 import lombok.RequiredArgsConstructor; 5 import lombok.RequiredArgsConstructor;
6 import org.springframework.http.ResponseEntity; 6 import org.springframework.http.ResponseEntity;
  7 +import org.springframework.security.access.prepost.PreAuthorize;
7 import org.springframework.validation.annotation.Validated; 8 import org.springframework.validation.annotation.Validated;
8 import org.springframework.web.bind.annotation.*; 9 import org.springframework.web.bind.annotation.*;
9 import org.thingsboard.server.common.data.exception.ThingsboardException; 10 import org.thingsboard.server.common.data.exception.ThingsboardException;
@@ -26,6 +27,7 @@ public class YtConfigurationContentController extends BaseController { @@ -26,6 +27,7 @@ public class YtConfigurationContentController extends BaseController {
26 27
27 @PostMapping 28 @PostMapping
28 @ApiOperation("新增") 29 @ApiOperation("新增")
  30 + @PreAuthorize("@check.checkPermissions({},{'api:yt:configuration:content:post'})")
29 public ResponseEntity<ConfigurationContentDTO> save( 31 public ResponseEntity<ConfigurationContentDTO> save(
30 @Validated({AddGroup.class}) @RequestBody ConfigurationContentDTO configurationContentDTO) 32 @Validated({AddGroup.class}) @RequestBody ConfigurationContentDTO configurationContentDTO)
31 throws ThingsboardException { 33 throws ThingsboardException {
@@ -36,6 +38,7 @@ public class YtConfigurationContentController extends BaseController { @@ -36,6 +38,7 @@ public class YtConfigurationContentController extends BaseController {
36 38
37 @PutMapping 39 @PutMapping
38 @ApiOperation("修改") 40 @ApiOperation("修改")
  41 + @PreAuthorize("@check.checkPermissions({},{'api:yt:configuration:content:update'})")
39 public ResponseEntity<ConfigurationContentInfoDTO> update( 42 public ResponseEntity<ConfigurationContentInfoDTO> update(
40 @Validated({UpdateGroup.class}) @RequestBody ConfigurationContentInfoDTO contentReqDTO) 43 @Validated({UpdateGroup.class}) @RequestBody ConfigurationContentInfoDTO contentReqDTO)
41 throws ThingsboardException { 44 throws ThingsboardException {
@@ -50,6 +53,7 @@ public class YtConfigurationContentController extends BaseController { @@ -50,6 +53,7 @@ public class YtConfigurationContentController extends BaseController {
50 53
51 @DeleteMapping 54 @DeleteMapping
52 @ApiOperation("删除") 55 @ApiOperation("删除")
  56 + @PreAuthorize("@check.checkPermissions({},{'api:yt:configuration:content:delete'})")
53 public ResponseEntity<Boolean> delete( 57 public ResponseEntity<Boolean> delete(
54 @Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO) 58 @Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO)
55 throws ThingsboardException { 59 throws ThingsboardException {
@@ -5,15 +5,13 @@ import io.swagger.annotations.ApiOperation; @@ -5,15 +5,13 @@ import io.swagger.annotations.ApiOperation;
5 import io.swagger.annotations.ApiParam; 5 import io.swagger.annotations.ApiParam;
6 import lombok.RequiredArgsConstructor; 6 import lombok.RequiredArgsConstructor;
7 import org.springframework.http.ResponseEntity; 7 import org.springframework.http.ResponseEntity;
  8 +import org.springframework.security.access.prepost.PreAuthorize;
8 import org.springframework.validation.annotation.Validated; 9 import org.springframework.validation.annotation.Validated;
9 import org.springframework.web.bind.annotation.*; 10 import org.springframework.web.bind.annotation.*;
10 import org.thingsboard.server.common.data.exception.ThingsboardException; 11 import org.thingsboard.server.common.data.exception.ThingsboardException;
11 import org.thingsboard.server.common.data.yunteng.common.AddGroup; 12 import org.thingsboard.server.common.data.yunteng.common.AddGroup;
12 -import org.thingsboard.server.common.data.yunteng.core.exception.YtDataValidationException;  
13 -import org.thingsboard.server.common.data.yunteng.core.message.ErrorMessage;  
14 import org.thingsboard.server.common.data.yunteng.dto.*; 13 import org.thingsboard.server.common.data.yunteng.dto.*;
15 import org.thingsboard.server.common.data.yunteng.utils.JacksonUtil; 14 import org.thingsboard.server.common.data.yunteng.utils.JacksonUtil;
16 -import org.thingsboard.server.common.transport.util.JsonUtils;  
17 import org.thingsboard.server.controller.BaseController; 15 import org.thingsboard.server.controller.BaseController;
18 import org.thingsboard.server.dao.yunteng.service.YtConfigurationActService; 16 import org.thingsboard.server.dao.yunteng.service.YtConfigurationActService;
19 import org.thingsboard.server.dao.yunteng.service.YtConfigurationDatasourceService; 17 import org.thingsboard.server.dao.yunteng.service.YtConfigurationDatasourceService;
@@ -37,6 +35,7 @@ public class YtConfigurationNodeController extends BaseController { @@ -37,6 +35,7 @@ public class YtConfigurationNodeController extends BaseController {
37 35
38 @PostMapping 36 @PostMapping
39 @ApiOperation("保存节点数据源并刷新节点的交互和动效信息") 37 @ApiOperation("保存节点数据源并刷新节点的交互和动效信息")
  38 + @PreAuthorize("@check.checkPermissions({},{'api:yt:configuration:node:post'})")
40 public ResponseEntity<ConfigurationNodeStateDTO> saveNode( 39 public ResponseEntity<ConfigurationNodeStateDTO> saveNode(
41 @Validated({AddGroup.class}) @RequestBody ConfigurationNodeStateDTO nodeDTO) 40 @Validated({AddGroup.class}) @RequestBody ConfigurationNodeStateDTO nodeDTO)
42 throws ThingsboardException { 41 throws ThingsboardException {
@@ -75,6 +74,7 @@ public class YtConfigurationNodeController extends BaseController { @@ -75,6 +74,7 @@ public class YtConfigurationNodeController extends BaseController {
75 74
76 @PostMapping("datascource") 75 @PostMapping("datascource")
77 @ApiOperation("编辑数据源") 76 @ApiOperation("编辑数据源")
  77 + @PreAuthorize("@check.checkPermissions({},{'api:yt:configuration:node:datascource:post'})")
78 public ResponseEntity<ConfigurationDatasourceDTO> saveDatascource( 78 public ResponseEntity<ConfigurationDatasourceDTO> saveDatascource(
79 @Validated({AddGroup.class}) @RequestBody ConfigurationDatasourceDTO datasourceDTO) 79 @Validated({AddGroup.class}) @RequestBody ConfigurationDatasourceDTO datasourceDTO)
80 throws ThingsboardException { 80 throws ThingsboardException {
@@ -85,6 +85,7 @@ public class YtConfigurationNodeController extends BaseController { @@ -85,6 +85,7 @@ public class YtConfigurationNodeController extends BaseController {
85 85
86 @PostMapping("event") 86 @PostMapping("event")
87 @ApiOperation("编辑数据交互") 87 @ApiOperation("编辑数据交互")
  88 + @PreAuthorize("@check.checkPermissions({},{'api:yt:configuration:node:event:post'})")
88 public ResponseEntity<ConfigurationEventDTO> saveEvent( 89 public ResponseEntity<ConfigurationEventDTO> saveEvent(
89 @Validated({AddGroup.class}) @RequestBody ConfigurationEventDTO eventDTO) 90 @Validated({AddGroup.class}) @RequestBody ConfigurationEventDTO eventDTO)
90 throws ThingsboardException { 91 throws ThingsboardException {
@@ -95,6 +96,7 @@ public class YtConfigurationNodeController extends BaseController { @@ -95,6 +96,7 @@ public class YtConfigurationNodeController extends BaseController {
95 96
96 @PostMapping("act") 97 @PostMapping("act")
97 @ApiOperation("编辑动画效果") 98 @ApiOperation("编辑动画效果")
  99 + @PreAuthorize("@check.checkPermissions({},{'api:yt:configuration:node:act:post'})")
98 public ResponseEntity<ConfigurationActDTO> saveAct( 100 public ResponseEntity<ConfigurationActDTO> saveAct(
99 @Validated({AddGroup.class}) @RequestBody ConfigurationActDTO actDTO) 101 @Validated({AddGroup.class}) @RequestBody ConfigurationActDTO actDTO)
100 throws ThingsboardException { 102 throws ThingsboardException {
@@ -106,6 +108,7 @@ public class YtConfigurationNodeController extends BaseController { @@ -106,6 +108,7 @@ public class YtConfigurationNodeController extends BaseController {
106 108
107 @DeleteMapping("datascource") 109 @DeleteMapping("datascource")
108 @ApiOperation("删除数据源") 110 @ApiOperation("删除数据源")
  111 + @PreAuthorize("@check.checkPermissions({},{'api:yt:configuration:node:datascource:delete'})")
109 public ResponseEntity<Boolean> deleteDatascource(@RequestBody ConfigurationDatasourceDTO deleteDTO) 112 public ResponseEntity<Boolean> deleteDatascource(@RequestBody ConfigurationDatasourceDTO deleteDTO)
110 throws ThingsboardException { 113 throws ThingsboardException {
111 deleteDTO.setTenantId(getCurrentUser().getCurrentTenantId()); 114 deleteDTO.setTenantId(getCurrentUser().getCurrentTenantId());
@@ -114,6 +117,7 @@ public class YtConfigurationNodeController extends BaseController { @@ -114,6 +117,7 @@ public class YtConfigurationNodeController extends BaseController {
114 117
115 @DeleteMapping("event") 118 @DeleteMapping("event")
116 @ApiOperation("删除数据交互") 119 @ApiOperation("删除数据交互")
  120 + @PreAuthorize("@check.checkPermissions({},{'api:yt:configuration:node:event:delete'})")
117 public ResponseEntity<Boolean> deleteEvent( @RequestBody ConfigurationEventDTO deleteDTO) 121 public ResponseEntity<Boolean> deleteEvent( @RequestBody ConfigurationEventDTO deleteDTO)
118 throws ThingsboardException { 122 throws ThingsboardException {
119 deleteDTO.setTenantId(getCurrentUser().getCurrentTenantId()); 123 deleteDTO.setTenantId(getCurrentUser().getCurrentTenantId());
@@ -121,6 +125,7 @@ public class YtConfigurationNodeController extends BaseController { @@ -121,6 +125,7 @@ public class YtConfigurationNodeController extends BaseController {
121 } 125 }
122 @DeleteMapping("act") 126 @DeleteMapping("act")
123 @ApiOperation("删除动画效果") 127 @ApiOperation("删除动画效果")
  128 + @PreAuthorize("@check.checkPermissions({},{'api:yt:configuration:node:act:delete'})")
124 public ResponseEntity<Boolean> deleteAct( @RequestBody ConfigurationActDTO deleteDTO) 129 public ResponseEntity<Boolean> deleteAct( @RequestBody ConfigurationActDTO deleteDTO)
125 throws ThingsboardException { 130 throws ThingsboardException {
126 deleteDTO.setTenantId(getCurrentUser().getCurrentTenantId()); 131 deleteDTO.setTenantId(getCurrentUser().getCurrentTenantId());
@@ -41,13 +41,12 @@ import java.util.*; @@ -41,13 +41,12 @@ import java.util.*;
41 import java.util.concurrent.ConcurrentMap; 41 import java.util.concurrent.ConcurrentMap;
42 42
43 import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.*; 43 import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.*;
44 -import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.ORDER_TYPE;  
45 44
46 @RestController 45 @RestController
47 @RequiredArgsConstructor 46 @RequiredArgsConstructor
48 -@PreAuthorize("hasAnyAuthority('TENANT_ADMIN')")  
49 @RequestMapping("api/yt/convert") 47 @RequestMapping("api/yt/convert")
50 @Api(tags = {"数据流转控制器"}) 48 @Api(tags = {"数据流转控制器"})
  49 +@PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{})")
51 public class YtConvertDataToController extends BaseController { 50 public class YtConvertDataToController extends BaseController {
52 private final YtRuleChainService ytRuleChainService; 51 private final YtRuleChainService ytRuleChainService;
53 52
@@ -89,6 +88,7 @@ public class YtConvertDataToController extends BaseController { @@ -89,6 +88,7 @@ public class YtConvertDataToController extends BaseController {
89 88
90 @PostMapping("config") 89 @PostMapping("config")
91 @ApiOperation("添加或修改转换配置") 90 @ApiOperation("添加或修改转换配置")
  91 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{'api:yt:convert:config:post','api:yt:convert:config:update'})")
92 public ResponseEntity<ConvertConfigDTO> createOrUpdateConvertData( 92 public ResponseEntity<ConvertConfigDTO> createOrUpdateConvertData(
93 @Validated @RequestBody ConvertConfigDTO convertConfigDTO) throws ThingsboardException { 93 @Validated @RequestBody ConvertConfigDTO convertConfigDTO) throws ThingsboardException {
94 convertConfigDTO.setTenantId(getCurrentUser().getCurrentTenantId()); 94 convertConfigDTO.setTenantId(getCurrentUser().getCurrentTenantId());
@@ -98,6 +98,7 @@ public class YtConvertDataToController extends BaseController { @@ -98,6 +98,7 @@ public class YtConvertDataToController extends BaseController {
98 98
99 @PostMapping("js") 99 @PostMapping("js")
100 @ApiOperation("添加或修改转换脚本") 100 @ApiOperation("添加或修改转换脚本")
  101 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{'api:yt:convert:js:post','api:yt:convert:js:update'})")
101 public ResponseEntity<ConvertConfigDTO> createOrUpdateConvertJS( 102 public ResponseEntity<ConvertConfigDTO> createOrUpdateConvertJS(
102 @Validated @RequestBody ConvertConfigDTO convertConfigDTO) throws ThingsboardException { 103 @Validated @RequestBody ConvertConfigDTO convertConfigDTO) throws ThingsboardException {
103 convertConfigDTO.setTenantId(getCurrentUser().getCurrentTenantId()); 104 convertConfigDTO.setTenantId(getCurrentUser().getCurrentTenantId());
@@ -121,6 +122,7 @@ public class YtConvertDataToController extends BaseController { @@ -121,6 +122,7 @@ public class YtConvertDataToController extends BaseController {
121 122
122 @DeleteMapping("config") 123 @DeleteMapping("config")
123 @ApiOperation("删除转换配置") 124 @ApiOperation("删除转换配置")
  125 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{'api:yt:convert:config:delete'})")
124 public ResponseEntity<Boolean> deleteConfig( 126 public ResponseEntity<Boolean> deleteConfig(
125 @Validated(DeleteGroup.class) @RequestBody DeleteDTO deleteDTO) throws ThingsboardException { 127 @Validated(DeleteGroup.class) @RequestBody DeleteDTO deleteDTO) throws ThingsboardException {
126 return delete(deleteDTO, FastIotConstants.CONVERT_DATA); 128 return delete(deleteDTO, FastIotConstants.CONVERT_DATA);
@@ -128,6 +130,7 @@ public class YtConvertDataToController extends BaseController { @@ -128,6 +130,7 @@ public class YtConvertDataToController extends BaseController {
128 130
129 @DeleteMapping("js") 131 @DeleteMapping("js")
130 @ApiOperation("删除转换脚本") 132 @ApiOperation("删除转换脚本")
  133 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{'api:yt:convert:js:delete'})")
131 public ResponseEntity<Boolean> deleteJS( 134 public ResponseEntity<Boolean> deleteJS(
132 @Validated(DeleteGroup.class) @RequestBody DeleteDTO deleteDTO) throws ThingsboardException { 135 @Validated(DeleteGroup.class) @RequestBody DeleteDTO deleteDTO) throws ThingsboardException {
133 return delete(deleteDTO, FastIotConstants.JAVA_SCRIPT); 136 return delete(deleteDTO, FastIotConstants.JAVA_SCRIPT);
@@ -28,12 +28,11 @@ import java.util.List; @@ -28,12 +28,11 @@ import java.util.List;
28 import java.util.Map; 28 import java.util.Map;
29 29
30 import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.*; 30 import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.*;
31 -import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.ORDER_TYPE;  
32 31
33 @RestController 32 @RestController
34 @RequiredArgsConstructor 33 @RequiredArgsConstructor
35 -@PreAuthorize("hasAnyAuthority('TENANT_ADMIN','CUSTOMER_USER')")  
36 @RequestMapping("api/yt/data_board") 34 @RequestMapping("api/yt/data_board")
  35 +@PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{})")
37 @Api(tags = {"数据看板"}) 36 @Api(tags = {"数据看板"})
38 public class YtDataBoardController extends BaseController { 37 public class YtDataBoardController extends BaseController {
39 private final YtDataBoardService ytDataBoardService; 38 private final YtDataBoardService ytDataBoardService;
@@ -57,6 +56,7 @@ public class YtDataBoardController extends BaseController { @@ -57,6 +56,7 @@ public class YtDataBoardController extends BaseController {
57 56
58 @DeleteMapping 57 @DeleteMapping
59 @ApiOperation(value = "删除数据看板") 58 @ApiOperation(value = "删除数据看板")
  59 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:data_board:delete'})")
60 public ResponseResult<Boolean> deleteDataBoard( 60 public ResponseResult<Boolean> deleteDataBoard(
61 @Validated(DeleteGroup.class) @RequestBody DeleteDTO deleteDTO) throws ThingsboardException { 61 @Validated(DeleteGroup.class) @RequestBody DeleteDTO deleteDTO) throws ThingsboardException {
62 deleteDTO.setTenantId(getCurrentUser().getCurrentTenantId()); 62 deleteDTO.setTenantId(getCurrentUser().getCurrentTenantId());
@@ -65,6 +65,7 @@ public class YtDataBoardController extends BaseController { @@ -65,6 +65,7 @@ public class YtDataBoardController extends BaseController {
65 65
66 @PostMapping("/add") 66 @PostMapping("/add")
67 @ApiOperation(value = "新增数据看板") 67 @ApiOperation(value = "新增数据看板")
  68 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:data_board:add:post'})")
68 public ResponseResult<DataBoardDTO> save( 69 public ResponseResult<DataBoardDTO> save(
69 @RequestBody @Validated(AddGroup.class) DataBoardDTO dataBoard) 70 @RequestBody @Validated(AddGroup.class) DataBoardDTO dataBoard)
70 throws SchedulerException, ThingsboardException { 71 throws SchedulerException, ThingsboardException {
@@ -75,6 +76,7 @@ public class YtDataBoardController extends BaseController { @@ -75,6 +76,7 @@ public class YtDataBoardController extends BaseController {
75 } 76 }
76 77
77 @PostMapping("/update") 78 @PostMapping("/update")
  79 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:data_board:update:update'})")
78 @ApiOperation(value = "编辑数据看板") 80 @ApiOperation(value = "编辑数据看板")
79 public ResponseResult<DataBoardDTO> update( 81 public ResponseResult<DataBoardDTO> update(
80 @RequestBody @Validated(UpdateGroup.class) DataBoardDTO dataBoard) 82 @RequestBody @Validated(UpdateGroup.class) DataBoardDTO dataBoard)
@@ -61,8 +61,7 @@ public class YtDeviceController extends BaseController { @@ -61,8 +61,7 @@ public class YtDeviceController extends BaseController {
61 61
62 @PostMapping 62 @PostMapping
63 @ApiOperation("创建|编辑") 63 @ApiOperation("创建|编辑")
64 -// @PreAuthorize("hasAnyAuthority('TENANT_ADMIN')")  
65 - @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{})") 64 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{'api:yt:device:post','api:yt:device:update'})")
66 public ResponseEntity<DeviceDTO> saveDevice( 65 public ResponseEntity<DeviceDTO> saveDevice(
67 @Validated(AddGroup.class) @RequestBody DeviceDTO deviceDTO) throws ThingsboardException, ExecutionException, InterruptedException { 66 @Validated(AddGroup.class) @RequestBody DeviceDTO deviceDTO) throws ThingsboardException, ExecutionException, InterruptedException {
68 String currentTenantId = getCurrentUser().getCurrentTenantId(); 67 String currentTenantId = getCurrentUser().getCurrentTenantId();
@@ -222,12 +221,13 @@ public class YtDeviceController extends BaseController { @@ -222,12 +221,13 @@ public class YtDeviceController extends BaseController {
222 221
223 @GetMapping("{id}") 222 @GetMapping("{id}")
224 @ApiOperation("详情") 223 @ApiOperation("详情")
  224 + @PreAuthorize("@check.checkPermissions({},{'api:yt:device:get'})")
225 public ResponseEntity<DeviceDTO> getDevice(@PathVariable("id") String id) 225 public ResponseEntity<DeviceDTO> getDevice(@PathVariable("id") String id)
226 throws ThingsboardException { 226 throws ThingsboardException {
227 return ResponseEntity.of(deviceService.getDevice(getCurrentUser().getCurrentTenantId(), id)); 227 return ResponseEntity.of(deviceService.getDevice(getCurrentUser().getCurrentTenantId(), id));
228 } 228 }
229 229
230 - @PreAuthorize("hasAnyAuthority('TENANT_ADMIN','CUSTOMER_USER')") 230 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{})")
231 @GetMapping(params = {PAGE_SIZE, PAGE}) 231 @GetMapping(params = {PAGE_SIZE, PAGE})
232 @ApiOperation("查询") 232 @ApiOperation("查询")
233 public YtPageData<DeviceDTO> pageDevice( 233 public YtPageData<DeviceDTO> pageDevice(
@@ -272,7 +272,7 @@ public class YtDeviceController extends BaseController { @@ -272,7 +272,7 @@ public class YtDeviceController extends BaseController {
272 return deviceService.page(getCurrentUser().getCurrentTenantId(), queryMap); 272 return deviceService.page(getCurrentUser().getCurrentTenantId(), queryMap);
273 } 273 }
274 274
275 - @PreAuthorize("hasAnyAuthority('TENANT_ADMIN','CUSTOMER_USER')") 275 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{})")
276 @GetMapping(path = {"/relation"}, params = {PAGE_SIZE, PAGE}) 276 @GetMapping(path = {"/relation"}, params = {PAGE_SIZE, PAGE})
277 @ApiOperation("子设备查询") 277 @ApiOperation("子设备查询")
278 public YtPageData<RelationDeviceDTO> pageRelationDevice( 278 public YtPageData<RelationDeviceDTO> pageRelationDevice(
@@ -309,6 +309,7 @@ public class YtDeviceController extends BaseController { @@ -309,6 +309,7 @@ public class YtDeviceController extends BaseController {
309 309
310 @PostMapping("/import") 310 @PostMapping("/import")
311 @ApiOperation("导入配置") 311 @ApiOperation("导入配置")
  312 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{'api:yt:device:import'})")
312 public ResponseEntity<String> importDeviceProfile() { 313 public ResponseEntity<String> importDeviceProfile() {
313 // TODO 实现的业务功能 314 // TODO 实现的业务功能
314 return ResponseEntity.ok(""); 315 return ResponseEntity.ok("");
@@ -316,6 +317,7 @@ public class YtDeviceController extends BaseController { @@ -316,6 +317,7 @@ public class YtDeviceController extends BaseController {
316 317
317 @PostMapping("/export") 318 @PostMapping("/export")
318 @ApiOperation("导出") 319 @ApiOperation("导出")
  320 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{'api:yt:device:export'})")
319 public ResponseEntity<String> exportDeviceProfile() { 321 public ResponseEntity<String> exportDeviceProfile() {
320 // TODO 实现的业务功能 322 // TODO 实现的业务功能
321 return ResponseEntity.ok(""); 323 return ResponseEntity.ok("");
@@ -323,6 +325,7 @@ public class YtDeviceController extends BaseController { @@ -323,6 +325,7 @@ public class YtDeviceController extends BaseController {
323 325
324 @DeleteMapping 326 @DeleteMapping
325 @ApiOperation("删除") 327 @ApiOperation("删除")
  328 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{'api:yt:device:delete'})")
326 public void deleteDevices(@Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO) 329 public void deleteDevices(@Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO)
327 throws ThingsboardException { 330 throws ThingsboardException {
328 String currentTenantId = getCurrentUser().getCurrentTenantId(); 331 String currentTenantId = getCurrentUser().getCurrentTenantId();
@@ -349,7 +352,7 @@ public class YtDeviceController extends BaseController { @@ -349,7 +352,7 @@ public class YtDeviceController extends BaseController {
349 } 352 }
350 353
351 @GetMapping("/list/{deviceType}") 354 @GetMapping("/list/{deviceType}")
352 - @PreAuthorize("hasAnyAuthority('TENANT_ADMIN')") 355 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{})")
353 @ApiOperation("获取该组织的所有设备") 356 @ApiOperation("获取该组织的所有设备")
354 public List<DeviceDTO> getGatewayDevices( 357 public List<DeviceDTO> getGatewayDevices(
355 @ApiParam(value = "组织ID") @RequestParam("organizationId") String organizationId, 358 @ApiParam(value = "组织ID") @RequestParam("organizationId") String organizationId,
@@ -358,7 +361,7 @@ public class YtDeviceController extends BaseController { @@ -358,7 +361,7 @@ public class YtDeviceController extends BaseController {
358 } 361 }
359 362
360 @GetMapping("/list/master/{organizationId}") 363 @GetMapping("/list/master/{organizationId}")
361 - @PreAuthorize("hasAnyAuthority('TENANT_ADMIN','CUSTOMER_USER')") 364 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{})")
362 @ApiOperation("主设备列表") 365 @ApiOperation("主设备列表")
363 public List<SelectItemDTO> getMasterDevices( 366 public List<SelectItemDTO> getMasterDevices(
364 @ApiParam(value = "组织ID") @PathVariable("organizationId") String organizationId) throws ThingsboardException { 367 @ApiParam(value = "组织ID") @PathVariable("organizationId") String organizationId) throws ThingsboardException {
@@ -367,7 +370,7 @@ public class YtDeviceController extends BaseController { @@ -367,7 +370,7 @@ public class YtDeviceController extends BaseController {
367 , organizationId); 370 , organizationId);
368 } 371 }
369 @GetMapping("/list/slave/{organizationId}") 372 @GetMapping("/list/slave/{organizationId}")
370 - @PreAuthorize("hasAnyAuthority('TENANT_ADMIN','CUSTOMER_USER')") 373 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{})")
371 @ApiOperation("从设备列表") 374 @ApiOperation("从设备列表")
372 public List<SelectItemDTO> getSlaveDevices( 375 public List<SelectItemDTO> getSlaveDevices(
373 @ApiParam(value = "组织ID") @PathVariable("organizationId") String organizationId, 376 @ApiParam(value = "组织ID") @PathVariable("organizationId") String organizationId,
@@ -378,7 +381,7 @@ public class YtDeviceController extends BaseController { @@ -378,7 +381,7 @@ public class YtDeviceController extends BaseController {
378 } 381 }
379 382
380 @GetMapping("/keys/{organizationId}") 383 @GetMapping("/keys/{organizationId}")
381 - @PreAuthorize("hasAnyAuthority('TENANT_ADMIN','CUSTOMER_USER')") 384 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{})")
382 @ApiOperation("设备遥测指标名称") 385 @ApiOperation("设备遥测指标名称")
383 public List<String> listKeys( 386 public List<String> listKeys(
384 @ApiParam(value = "组织ID") @PathVariable("organizationId") String organizationId, 387 @ApiParam(value = "组织ID") @PathVariable("organizationId") String organizationId,
@@ -13,7 +13,10 @@ import org.thingsboard.server.common.data.DeviceProfileProvisionType; @@ -13,7 +13,10 @@ import org.thingsboard.server.common.data.DeviceProfileProvisionType;
13 import org.thingsboard.server.common.data.DeviceProfileType; 13 import org.thingsboard.server.common.data.DeviceProfileType;
14 import org.thingsboard.server.common.data.DeviceTransportType; 14 import org.thingsboard.server.common.data.DeviceTransportType;
15 import org.thingsboard.server.common.data.audit.ActionType; 15 import org.thingsboard.server.common.data.audit.ActionType;
16 -import org.thingsboard.server.common.data.device.profile.*; 16 +import org.thingsboard.server.common.data.device.profile.DefaultDeviceProfileConfiguration;
  17 +import org.thingsboard.server.common.data.device.profile.DefaultDeviceProfileTransportConfiguration;
  18 +import org.thingsboard.server.common.data.device.profile.DeviceProfileData;
  19 +import org.thingsboard.server.common.data.device.profile.DisabledDeviceProfileProvisionConfiguration;
17 import org.thingsboard.server.common.data.edge.EdgeEventActionType; 20 import org.thingsboard.server.common.data.edge.EdgeEventActionType;
18 import org.thingsboard.server.common.data.exception.ThingsboardException; 21 import org.thingsboard.server.common.data.exception.ThingsboardException;
19 import org.thingsboard.server.common.data.id.DeviceProfileId; 22 import org.thingsboard.server.common.data.id.DeviceProfileId;
@@ -36,7 +39,9 @@ import org.thingsboard.server.service.security.permission.Operation; @@ -36,7 +39,9 @@ import org.thingsboard.server.service.security.permission.Operation;
36 39
37 import java.time.LocalDateTime; 40 import java.time.LocalDateTime;
38 import java.time.ZoneOffset; 41 import java.time.ZoneOffset;
39 -import java.util.*; 42 +import java.util.List;
  43 +import java.util.Objects;
  44 +import java.util.UUID;
40 45
41 import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.*; 46 import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.*;
42 47
@@ -48,7 +53,7 @@ public class YtDeviceProfileController extends BaseController { @@ -48,7 +53,7 @@ public class YtDeviceProfileController extends BaseController {
48 private final YtDeviceProfileService ytDeviceProfileService; 53 private final YtDeviceProfileService ytDeviceProfileService;
49 54
50 @PostMapping() 55 @PostMapping()
51 - @PreAuthorize("hasAnyAuthority('TENANT_ADMIN')") 56 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{'api:yt:deviceProfile:post','api:yt:deviceProfile:update'})")
52 @ApiOperation("创建 | 编辑") 57 @ApiOperation("创建 | 编辑")
53 public ResponseEntity<DeviceProfileDTO> saveDeviceProfile( 58 public ResponseEntity<DeviceProfileDTO> saveDeviceProfile(
54 @RequestBody DeviceProfileDTO deviceProfileDTO) throws ThingsboardException { 59 @RequestBody DeviceProfileDTO deviceProfileDTO) throws ThingsboardException {
@@ -111,6 +116,7 @@ public class YtDeviceProfileController extends BaseController { @@ -111,6 +116,7 @@ public class YtDeviceProfileController extends BaseController {
111 116
112 @GetMapping("{id}") 117 @GetMapping("{id}")
113 @ApiOperation("详情") 118 @ApiOperation("详情")
  119 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{'api:yt:deviceProfile:get'})")
114 public ResponseEntity<DeviceProfileDTO> getDevice(@PathVariable("id") String id) throws ThingsboardException { 120 public ResponseEntity<DeviceProfileDTO> getDevice(@PathVariable("id") String id) throws ThingsboardException {
115 return ResponseEntity.of(ytDeviceProfileService.getDeviceProfile(getCurrentUser().getCurrentTenantId(), id)); 121 return ResponseEntity.of(ytDeviceProfileService.getDeviceProfile(getCurrentUser().getCurrentTenantId(), id));
116 } 122 }
@@ -138,6 +144,7 @@ public class YtDeviceProfileController extends BaseController { @@ -138,6 +144,7 @@ public class YtDeviceProfileController extends BaseController {
138 144
139 @DeleteMapping 145 @DeleteMapping
140 @ApiOperation("删除") 146 @ApiOperation("删除")
  147 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{'api:yt:deviceProfile:delete'})")
141 public void deleteDevices(@Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO) throws ThingsboardException { 148 public void deleteDevices(@Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO) throws ThingsboardException {
142 ytDeviceProfileService.checkDeviceProfiles(getCurrentUser().getCurrentTenantId(), deleteDTO.getIds()); 149 ytDeviceProfileService.checkDeviceProfiles(getCurrentUser().getCurrentTenantId(), deleteDTO.getIds());
143 150
@@ -170,6 +177,7 @@ public class YtDeviceProfileController extends BaseController { @@ -170,6 +177,7 @@ public class YtDeviceProfileController extends BaseController {
170 } 177 }
171 178
172 @PostMapping("/import") 179 @PostMapping("/import")
  180 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{'api:yt:deviceProfile:import'})")
173 @ApiOperation("导入配置") 181 @ApiOperation("导入配置")
174 public ResponseEntity<String> importDeviceProfile(){ 182 public ResponseEntity<String> importDeviceProfile(){
175 //TODO 实现的业务功能 183 //TODO 实现的业务功能
@@ -177,6 +185,7 @@ public class YtDeviceProfileController extends BaseController { @@ -177,6 +185,7 @@ public class YtDeviceProfileController extends BaseController {
177 } 185 }
178 186
179 @PostMapping("/export") 187 @PostMapping("/export")
  188 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{'api:yt:deviceProfile:export'})")
180 @ApiOperation("导出") 189 @ApiOperation("导出")
181 public ResponseEntity<String> exportDeviceProfile(){ 190 public ResponseEntity<String> exportDeviceProfile(){
182 //TODO 实现的业务功能 191 //TODO 实现的业务功能
@@ -5,6 +5,7 @@ import io.swagger.annotations.ApiOperation; @@ -5,6 +5,7 @@ import io.swagger.annotations.ApiOperation;
5 import io.swagger.annotations.ApiParam; 5 import io.swagger.annotations.ApiParam;
6 import lombok.RequiredArgsConstructor; 6 import lombok.RequiredArgsConstructor;
7 import org.springframework.http.ResponseEntity; 7 import org.springframework.http.ResponseEntity;
  8 +import org.springframework.security.access.prepost.PreAuthorize;
8 import org.springframework.validation.annotation.Validated; 9 import org.springframework.validation.annotation.Validated;
9 import org.springframework.web.bind.annotation.*; 10 import org.springframework.web.bind.annotation.*;
10 import org.thingsboard.server.common.data.exception.ThingsboardException; 11 import org.thingsboard.server.common.data.exception.ThingsboardException;
@@ -35,6 +36,7 @@ public class YtDeviceTypeController extends BaseController { @@ -35,6 +36,7 @@ public class YtDeviceTypeController extends BaseController {
35 36
36 @PostMapping 37 @PostMapping
37 @ApiOperation(value = "保存设备类型") 38 @ApiOperation(value = "保存设备类型")
  39 + @PreAuthorize("@check.checkPermissions({},{'api:yt:device_type:post'})")
38 public ResponseEntity<DeviceTypeDTO> saveDeviceType( 40 public ResponseEntity<DeviceTypeDTO> saveDeviceType(
39 @Validated({AddGroup.class}) @RequestBody DeviceTypeDTO deviceTypeDTO) throws ThingsboardException { 41 @Validated({AddGroup.class}) @RequestBody DeviceTypeDTO deviceTypeDTO) throws ThingsboardException {
40 return ResponseEntity.ok(deviceTypeService.saveDeviceTye(getCurrentUser().getCurrentTenantId(), deviceTypeDTO)); 42 return ResponseEntity.ok(deviceTypeService.saveDeviceTye(getCurrentUser().getCurrentTenantId(), deviceTypeDTO));
@@ -42,6 +44,7 @@ public class YtDeviceTypeController extends BaseController { @@ -42,6 +44,7 @@ public class YtDeviceTypeController extends BaseController {
42 44
43 @PutMapping 45 @PutMapping
44 @ApiOperation(value = "修改设备类型") 46 @ApiOperation(value = "修改设备类型")
  47 + @PreAuthorize("@check.checkPermissions({},{'api:yt:device_type:update'})")
45 public ResponseEntity<DeviceTypeDTO> updateDeviceType( 48 public ResponseEntity<DeviceTypeDTO> updateDeviceType(
46 @Validated({UpdateGroup.class}) @RequestBody DeviceTypeDTO deviceTypeDTO) { 49 @Validated({UpdateGroup.class}) @RequestBody DeviceTypeDTO deviceTypeDTO) {
47 return ResponseEntity.ok(deviceTypeService.updateDeviceType(deviceTypeDTO)); 50 return ResponseEntity.ok(deviceTypeService.updateDeviceType(deviceTypeDTO));
@@ -49,6 +52,7 @@ public class YtDeviceTypeController extends BaseController { @@ -49,6 +52,7 @@ public class YtDeviceTypeController extends BaseController {
49 52
50 @DeleteMapping 53 @DeleteMapping
51 @ApiOperation(value = "删除设备类型") 54 @ApiOperation(value = "删除设备类型")
  55 + @PreAuthorize("@check.checkPermissions({},{'api:yt:device_type:delete'})")
52 public ResponseResult<Boolean> deleteDeviceType( 56 public ResponseResult<Boolean> deleteDeviceType(
53 @Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO) { 57 @Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO) {
54 return ResponseResult.success(deviceTypeService.deleteDeviceType(deleteDTO)); 58 return ResponseResult.success(deviceTypeService.deleteDeviceType(deleteDTO));
@@ -12,8 +12,8 @@ import org.thingsboard.server.common.data.yunteng.constant.FastIotConstants; @@ -12,8 +12,8 @@ import org.thingsboard.server.common.data.yunteng.constant.FastIotConstants;
12 import org.thingsboard.server.common.data.yunteng.dto.DeleteDTO; 12 import org.thingsboard.server.common.data.yunteng.dto.DeleteDTO;
13 import org.thingsboard.server.common.data.yunteng.dto.SysDictDTO; 13 import org.thingsboard.server.common.data.yunteng.dto.SysDictDTO;
14 import org.thingsboard.server.common.data.yunteng.enums.OrderTypeEnum; 14 import org.thingsboard.server.common.data.yunteng.enums.OrderTypeEnum;
15 -import org.thingsboard.server.common.data.yunteng.utils.tools.YtPageData;  
16 import org.thingsboard.server.common.data.yunteng.utils.tools.ResponseResult; 15 import org.thingsboard.server.common.data.yunteng.utils.tools.ResponseResult;
  16 +import org.thingsboard.server.common.data.yunteng.utils.tools.YtPageData;
17 import org.thingsboard.server.controller.BaseController; 17 import org.thingsboard.server.controller.BaseController;
18 import org.thingsboard.server.dao.yunteng.service.SysDictService; 18 import org.thingsboard.server.dao.yunteng.service.SysDictService;
19 19
@@ -24,7 +24,7 @@ import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant. @@ -24,7 +24,7 @@ import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.
24 @RestController 24 @RestController
25 @RequestMapping("api/yt/dict") 25 @RequestMapping("api/yt/dict")
26 @RequiredArgsConstructor 26 @RequiredArgsConstructor
27 -@PreAuthorize("hasAnyAuthority('SYS_ADMIN','PLATFORM_ADMIN')") 27 +@PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN'},{})")
28 public class YtDictController extends BaseController { 28 public class YtDictController extends BaseController {
29 private final SysDictService sysDictService; 29 private final SysDictService sysDictService;
30 30
@@ -50,6 +50,7 @@ public class YtDictController extends BaseController { @@ -50,6 +50,7 @@ public class YtDictController extends BaseController {
50 } 50 }
51 51
52 @PostMapping 52 @PostMapping
  53 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN'},{'api:yt:dict:post'})")
53 public ResponseResult<SysDictDTO> saveSysDict( 54 public ResponseResult<SysDictDTO> saveSysDict(
54 @Validated({AddGroup.class}) @RequestBody SysDictDTO sysDictDTO) throws ThingsboardException { 55 @Validated({AddGroup.class}) @RequestBody SysDictDTO sysDictDTO) throws ThingsboardException {
55 SysDictDTO newDTO = 56 SysDictDTO newDTO =
@@ -58,6 +59,7 @@ public class YtDictController extends BaseController { @@ -58,6 +59,7 @@ public class YtDictController extends BaseController {
58 } 59 }
59 60
60 @DeleteMapping 61 @DeleteMapping
  62 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN'},{'api:yt:dict:delete'})")
61 public ResponseResult<String> deleteSysDict( 63 public ResponseResult<String> deleteSysDict(
62 @Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO) { 64 @Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO) {
63 return sysDictService.deleteSysDict(deleteDTO.getIds()) 65 return sysDictService.deleteSysDict(deleteDTO.getIds())
@@ -66,6 +68,7 @@ public class YtDictController extends BaseController { @@ -66,6 +68,7 @@ public class YtDictController extends BaseController {
66 } 68 }
67 69
68 @PutMapping 70 @PutMapping
  71 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN'},{'api:yt:dict:update'})")
69 public ResponseResult<SysDictDTO> updateSysDict( 72 public ResponseResult<SysDictDTO> updateSysDict(
70 @Validated({UpdateGroup.class}) @RequestBody SysDictDTO SysDictDTO) 73 @Validated({UpdateGroup.class}) @RequestBody SysDictDTO SysDictDTO)
71 throws ThingsboardException { 74 throws ThingsboardException {
@@ -13,8 +13,8 @@ import org.thingsboard.server.common.data.yunteng.constant.FastIotConstants; @@ -13,8 +13,8 @@ import org.thingsboard.server.common.data.yunteng.constant.FastIotConstants;
13 import org.thingsboard.server.common.data.yunteng.dto.DeleteDTO; 13 import org.thingsboard.server.common.data.yunteng.dto.DeleteDTO;
14 import org.thingsboard.server.common.data.yunteng.dto.SysDictItemDTO; 14 import org.thingsboard.server.common.data.yunteng.dto.SysDictItemDTO;
15 import org.thingsboard.server.common.data.yunteng.enums.OrderTypeEnum; 15 import org.thingsboard.server.common.data.yunteng.enums.OrderTypeEnum;
16 -import org.thingsboard.server.common.data.yunteng.utils.tools.YtPageData;  
17 import org.thingsboard.server.common.data.yunteng.utils.tools.ResponseResult; 16 import org.thingsboard.server.common.data.yunteng.utils.tools.ResponseResult;
  17 +import org.thingsboard.server.common.data.yunteng.utils.tools.YtPageData;
18 import org.thingsboard.server.controller.BaseController; 18 import org.thingsboard.server.controller.BaseController;
19 import org.thingsboard.server.dao.yunteng.service.SysDictItemService; 19 import org.thingsboard.server.dao.yunteng.service.SysDictItemService;
20 20
@@ -30,7 +30,7 @@ import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant. @@ -30,7 +30,7 @@ import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.
30 public class YtDictItemController extends BaseController { 30 public class YtDictItemController extends BaseController {
31 private final SysDictItemService sysDictItemService; 31 private final SysDictItemService sysDictItemService;
32 32
33 - @PreAuthorize("hasAnyAuthority('SYS_ADMIN','PLATFORM_ADMIN')") 33 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN'},{})")
34 @GetMapping(params = {PAGE_SIZE, PAGE}) 34 @GetMapping(params = {PAGE_SIZE, PAGE})
35 public YtPageData<SysDictItemDTO> pageSysDictItem( 35 public YtPageData<SysDictItemDTO> pageSysDictItem(
36 @RequestParam(PAGE_SIZE) int pageSize, 36 @RequestParam(PAGE_SIZE) int pageSize,
@@ -55,7 +55,7 @@ public class YtDictItemController extends BaseController { @@ -55,7 +55,7 @@ public class YtDictItemController extends BaseController {
55 } 55 }
56 56
57 @PostMapping 57 @PostMapping
58 - @PreAuthorize("hasAnyAuthority('SYS_ADMIN','PLATFORM_ADMIN')") 58 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN'},{'api:yt:dictItem:post'})")
59 public ResponseResult<SysDictItemDTO> saveSysDictItem( 59 public ResponseResult<SysDictItemDTO> saveSysDictItem(
60 @Validated({AddGroup.class}) @RequestBody SysDictItemDTO sysDictItemDTO) 60 @Validated({AddGroup.class}) @RequestBody SysDictItemDTO sysDictItemDTO)
61 throws ThingsboardException { 61 throws ThingsboardException {
@@ -65,7 +65,7 @@ public class YtDictItemController extends BaseController { @@ -65,7 +65,7 @@ public class YtDictItemController extends BaseController {
65 } 65 }
66 66
67 @DeleteMapping 67 @DeleteMapping
68 - @PreAuthorize("hasAnyAuthority('SYS_ADMIN','PLATFORM_ADMIN')") 68 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN'},{'api:yt:dictItem:delete'})")
69 public ResponseResult<String> deleteSysDictItem( 69 public ResponseResult<String> deleteSysDictItem(
70 @Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO) { 70 @Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO) {
71 return sysDictItemService.deleteSysDictItem(deleteDTO.getIds()) 71 return sysDictItemService.deleteSysDictItem(deleteDTO.getIds())
@@ -74,7 +74,7 @@ public class YtDictItemController extends BaseController { @@ -74,7 +74,7 @@ public class YtDictItemController extends BaseController {
74 } 74 }
75 75
76 @PutMapping 76 @PutMapping
77 - @PreAuthorize("hasAnyAuthority('SYS_ADMIN','PLATFORM_ADMIN')") 77 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN'},{'api:yt:dictItem:update'})")
78 public ResponseResult<SysDictItemDTO> updateSysDictItem( 78 public ResponseResult<SysDictItemDTO> updateSysDictItem(
79 @Validated({UpdateGroup.class}) @RequestBody SysDictItemDTO SysDictItemDTO) 79 @Validated({UpdateGroup.class}) @RequestBody SysDictItemDTO SysDictItemDTO)
80 throws ThingsboardException { 80 throws ThingsboardException {
@@ -4,6 +4,7 @@ import io.swagger.annotations.Api; @@ -4,6 +4,7 @@ import io.swagger.annotations.Api;
4 import io.swagger.annotations.ApiOperation; 4 import io.swagger.annotations.ApiOperation;
5 import lombok.RequiredArgsConstructor; 5 import lombok.RequiredArgsConstructor;
6 import org.springframework.http.ResponseEntity; 6 import org.springframework.http.ResponseEntity;
  7 +import org.springframework.security.access.prepost.PreAuthorize;
7 import org.springframework.web.bind.annotation.*; 8 import org.springframework.web.bind.annotation.*;
8 import org.thingsboard.server.common.data.exception.ThingsboardException; 9 import org.thingsboard.server.common.data.exception.ThingsboardException;
9 import org.thingsboard.server.common.data.yunteng.dto.SysEnterpriseDTO; 10 import org.thingsboard.server.common.data.yunteng.dto.SysEnterpriseDTO;
@@ -24,12 +25,14 @@ public class YtEnterpriseController extends BaseController { @@ -24,12 +25,14 @@ public class YtEnterpriseController extends BaseController {
24 private final SysEnterpriseService sysEnterpriseService; 25 private final SysEnterpriseService sysEnterpriseService;
25 26
26 @GetMapping("get") 27 @GetMapping("get")
  28 + @PreAuthorize("@check.checkPermissions({},{'api:yt:enterprise:get:get'})")
27 @ApiOperation("查询详情") 29 @ApiOperation("查询详情")
28 public ResponseEntity<SysEnterpriseDTO> get() throws ThingsboardException { 30 public ResponseEntity<SysEnterpriseDTO> get() throws ThingsboardException {
29 return ResponseEntity.ok(sysEnterpriseService.get(getCurrentUser().getCurrentTenantId())); 31 return ResponseEntity.ok(sysEnterpriseService.get(getCurrentUser().getCurrentTenantId()));
30 } 32 }
31 33
32 @PutMapping("update") 34 @PutMapping("update")
  35 + @PreAuthorize("@check.checkPermissions({},{'api:yt:enterprise:update:update'})")
33 @ApiOperation("更新") 36 @ApiOperation("更新")
34 public ResponseEntity<Boolean> update(@RequestBody SysEnterpriseDTO sysEnterpriseDTO) 37 public ResponseEntity<Boolean> update(@RequestBody SysEnterpriseDTO sysEnterpriseDTO)
35 throws ThingsboardException { 38 throws ThingsboardException {
@@ -13,7 +13,7 @@ import org.thingsboard.server.dao.yunteng.service.YtFrpInfoService; @@ -13,7 +13,7 @@ import org.thingsboard.server.dao.yunteng.service.YtFrpInfoService;
13 @RequestMapping("api/yt/frp") 13 @RequestMapping("api/yt/frp")
14 @Api(tags = "Frp内网穿透信息") 14 @Api(tags = "Frp内网穿透信息")
15 @RequiredArgsConstructor 15 @RequiredArgsConstructor
16 -@PreAuthorize("hasAnyAuthority('TENANT_ADMIN','CUSTOMER_USER')") 16 +@PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{})")
17 public class YtFrpInfoController { 17 public class YtFrpInfoController {
18 18
19 private final YtFrpInfoService frpInfoService; 19 private final YtFrpInfoService frpInfoService;
@@ -53,7 +53,7 @@ public class YtMenuController extends BaseController { @@ -53,7 +53,7 @@ public class YtMenuController extends BaseController {
53 } 53 }
54 54
55 @PutMapping 55 @PutMapping
56 - @PreAuthorize("hasAnyAuthority('SYS_ADMIN','PLATFORM_ADMIN')") 56 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN'},{})")
57 public MenuDTO updateMenu(@RequestBody MenuDTO menuDTO) throws ThingsboardException { 57 public MenuDTO updateMenu(@RequestBody MenuDTO menuDTO) throws ThingsboardException {
58 Assert.notNull(menuDTO.getId(), "menuId cannot be null"); 58 Assert.notNull(menuDTO.getId(), "menuId cannot be null");
59 return menuService.updateMenu( 59 return menuService.updateMenu(
@@ -61,7 +61,7 @@ public class YtMenuController extends BaseController { @@ -61,7 +61,7 @@ public class YtMenuController extends BaseController {
61 } 61 }
62 62
63 @PostMapping 63 @PostMapping
64 - @PreAuthorize("hasAnyAuthority('SYS_ADMIN','PLATFORM_ADMIN')") 64 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN'},{})")
65 public ResponseEntity<MenuDTO> saveMenu(@RequestBody MenuDTO menuDTO) 65 public ResponseEntity<MenuDTO> saveMenu(@RequestBody MenuDTO menuDTO)
66 throws ThingsboardException { 66 throws ThingsboardException {
67 MenuDTO newMenuDTO = 67 MenuDTO newMenuDTO =
@@ -81,7 +81,7 @@ public class YtMenuController extends BaseController { @@ -81,7 +81,7 @@ public class YtMenuController extends BaseController {
81 } 81 }
82 82
83 @DeleteMapping 83 @DeleteMapping
84 - @PreAuthorize("hasAnyAuthority('SYS_ADMIN','PLATFORM_ADMIN')") 84 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN'},{})")
85 public void deleteMenus(@RequestBody String[] ids) throws ThingsboardException { 85 public void deleteMenus(@RequestBody String[] ids) throws ThingsboardException {
86 if (ids.length == 0) { 86 if (ids.length == 0) {
87 throw new YtDataValidationException("需要删除的菜单不能为空"); 87 throw new YtDataValidationException("需要删除的菜单不能为空");
@@ -2,6 +2,7 @@ package org.thingsboard.server.controller.yunteng; @@ -2,6 +2,7 @@ package org.thingsboard.server.controller.yunteng;
2 2
3 import lombok.RequiredArgsConstructor; 3 import lombok.RequiredArgsConstructor;
4 import org.springframework.http.ResponseEntity; 4 import org.springframework.http.ResponseEntity;
  5 +import org.springframework.security.access.prepost.PreAuthorize;
5 import org.springframework.validation.annotation.Validated; 6 import org.springframework.validation.annotation.Validated;
6 import org.springframework.web.bind.annotation.*; 7 import org.springframework.web.bind.annotation.*;
7 import org.thingsboard.server.common.data.exception.ThingsboardException; 8 import org.thingsboard.server.common.data.exception.ThingsboardException;
@@ -12,8 +13,8 @@ import org.thingsboard.server.common.data.yunteng.constant.FastIotConstants; @@ -12,8 +13,8 @@ import org.thingsboard.server.common.data.yunteng.constant.FastIotConstants;
12 import org.thingsboard.server.common.data.yunteng.dto.DeleteDTO; 13 import org.thingsboard.server.common.data.yunteng.dto.DeleteDTO;
13 import org.thingsboard.server.common.data.yunteng.dto.MessageConfigDTO; 14 import org.thingsboard.server.common.data.yunteng.dto.MessageConfigDTO;
14 import org.thingsboard.server.common.data.yunteng.enums.OrderTypeEnum; 15 import org.thingsboard.server.common.data.yunteng.enums.OrderTypeEnum;
15 -import org.thingsboard.server.common.data.yunteng.utils.tools.YtPageData;  
16 import org.thingsboard.server.common.data.yunteng.utils.tools.ResponseResult; 16 import org.thingsboard.server.common.data.yunteng.utils.tools.ResponseResult;
  17 +import org.thingsboard.server.common.data.yunteng.utils.tools.YtPageData;
17 import org.thingsboard.server.controller.BaseController; 18 import org.thingsboard.server.controller.BaseController;
18 import org.thingsboard.server.dao.yunteng.service.YtMessageConfigService; 19 import org.thingsboard.server.dao.yunteng.service.YtMessageConfigService;
19 20
@@ -54,6 +55,7 @@ public class YtMessageConfigController extends BaseController { @@ -54,6 +55,7 @@ public class YtMessageConfigController extends BaseController {
54 } 55 }
55 56
56 @PostMapping 57 @PostMapping
  58 + @PreAuthorize("@check.checkPermissions({},{'api:yt:message:post'})")
57 public ResponseResult<MessageConfigDTO> saveMessageConfig( 59 public ResponseResult<MessageConfigDTO> saveMessageConfig(
58 @Validated({AddGroup.class}) @RequestBody MessageConfigDTO configDTO) 60 @Validated({AddGroup.class}) @RequestBody MessageConfigDTO configDTO)
59 throws ThingsboardException { 61 throws ThingsboardException {
@@ -63,11 +65,13 @@ public class YtMessageConfigController extends BaseController { @@ -63,11 +65,13 @@ public class YtMessageConfigController extends BaseController {
63 } 65 }
64 66
65 @GetMapping("/{id}") 67 @GetMapping("/{id}")
  68 + @PreAuthorize("@check.checkPermissions({},{'api:yt:message:get'})")
66 public ResponseResult<MessageConfigDTO> findMessageConfigById(@PathVariable String id) { 69 public ResponseResult<MessageConfigDTO> findMessageConfigById(@PathVariable String id) {
67 return ResponseResult.success(messageConfigService.findMessageConfigById(id)); 70 return ResponseResult.success(messageConfigService.findMessageConfigById(id));
68 } 71 }
69 72
70 @DeleteMapping 73 @DeleteMapping
  74 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{'api:yt:message:delete'})")
71 public ResponseResult<String> deleteMessageConfig( 75 public ResponseResult<String> deleteMessageConfig(
72 @Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO) { 76 @Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO) {
73 return messageConfigService.deleteMessageConfig(deleteDTO.getIds()) 77 return messageConfigService.deleteMessageConfig(deleteDTO.getIds())
@@ -76,6 +80,7 @@ public class YtMessageConfigController extends BaseController { @@ -76,6 +80,7 @@ public class YtMessageConfigController extends BaseController {
76 } 80 }
77 81
78 @PutMapping 82 @PutMapping
  83 + @PreAuthorize("@check.checkPermissions({},{'api:yt:message:update'})")
79 public MessageConfigDTO updateMessageConfig( 84 public MessageConfigDTO updateMessageConfig(
80 @Validated({UpdateGroup.class}) @RequestBody MessageConfigDTO configDTO) 85 @Validated({UpdateGroup.class}) @RequestBody MessageConfigDTO configDTO)
81 throws ThingsboardException { 86 throws ThingsboardException {
1 package org.thingsboard.server.controller.yunteng; 1 package org.thingsboard.server.controller.yunteng;
2 2
3 import lombok.RequiredArgsConstructor; 3 import lombok.RequiredArgsConstructor;
  4 +import org.springframework.security.access.prepost.PreAuthorize;
4 import org.springframework.util.Assert; 5 import org.springframework.util.Assert;
5 import org.springframework.validation.annotation.Validated; 6 import org.springframework.validation.annotation.Validated;
6 import org.springframework.web.bind.annotation.*; 7 import org.springframework.web.bind.annotation.*;
@@ -16,13 +17,15 @@ import org.thingsboard.server.common.data.yunteng.dto.request.SmsReqDTO; @@ -16,13 +17,15 @@ import org.thingsboard.server.common.data.yunteng.dto.request.SmsReqDTO;
16 import org.thingsboard.server.common.data.yunteng.enums.AssetStatusEnum; 17 import org.thingsboard.server.common.data.yunteng.enums.AssetStatusEnum;
17 import org.thingsboard.server.common.data.yunteng.enums.OrderTypeEnum; 18 import org.thingsboard.server.common.data.yunteng.enums.OrderTypeEnum;
18 import org.thingsboard.server.common.data.yunteng.enums.ResponseCodeEnum; 19 import org.thingsboard.server.common.data.yunteng.enums.ResponseCodeEnum;
19 -import org.thingsboard.server.common.data.yunteng.utils.tools.YtPageData;  
20 import org.thingsboard.server.common.data.yunteng.utils.tools.ResponseResult; 20 import org.thingsboard.server.common.data.yunteng.utils.tools.ResponseResult;
  21 +import org.thingsboard.server.common.data.yunteng.utils.tools.YtPageData;
21 import org.thingsboard.server.controller.BaseController; 22 import org.thingsboard.server.controller.BaseController;
22 import org.thingsboard.server.dao.yunteng.service.YtMailService; 23 import org.thingsboard.server.dao.yunteng.service.YtMailService;
23 import org.thingsboard.server.dao.yunteng.service.YtMessageTemplateService; 24 import org.thingsboard.server.dao.yunteng.service.YtMessageTemplateService;
24 import org.thingsboard.server.dao.yunteng.service.YtSmsService; 25 import org.thingsboard.server.dao.yunteng.service.YtSmsService;
  26 +
25 import java.util.HashMap; 27 import java.util.HashMap;
  28 +
26 import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.*; 29 import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.*;
27 30
28 @RestController 31 @RestController
@@ -59,6 +62,7 @@ public class YtMessageTemplateController extends BaseController { @@ -59,6 +62,7 @@ public class YtMessageTemplateController extends BaseController {
59 } 62 }
60 63
61 @PostMapping 64 @PostMapping
  65 + @PreAuthorize("@check.checkPermissions({},{'api:yt:template:post'})")
62 public ResponseResult<MessageTemplateDTO> saveMessageTemplate( 66 public ResponseResult<MessageTemplateDTO> saveMessageTemplate(
63 @Validated({AddGroup.class}) @RequestBody MessageTemplateDTO templateDTO) throws ThingsboardException { 67 @Validated({AddGroup.class}) @RequestBody MessageTemplateDTO templateDTO) throws ThingsboardException {
64 templateDTO.setTenantId(getCurrentUser().getCurrentTenantId()); 68 templateDTO.setTenantId(getCurrentUser().getCurrentTenantId());
@@ -68,6 +72,7 @@ public class YtMessageTemplateController extends BaseController { @@ -68,6 +72,7 @@ public class YtMessageTemplateController extends BaseController {
68 } 72 }
69 73
70 @DeleteMapping 74 @DeleteMapping
  75 + @PreAuthorize("@check.checkPermissions({},{'api:yt:template:delete'})")
71 public ResponseResult<String> deleteMessageTemplate( 76 public ResponseResult<String> deleteMessageTemplate(
72 @Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO) { 77 @Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO) {
73 return messageTemplateService.deleteMessageTemplate(deleteDTO.getIds()) 78 return messageTemplateService.deleteMessageTemplate(deleteDTO.getIds())
@@ -76,6 +81,7 @@ public class YtMessageTemplateController extends BaseController { @@ -76,6 +81,7 @@ public class YtMessageTemplateController extends BaseController {
76 } 81 }
77 82
78 @PutMapping 83 @PutMapping
  84 + @PreAuthorize("@check.checkPermissions({},{'api:yt:template:update'})")
79 public MessageTemplateDTO updateMessageTemplate( 85 public MessageTemplateDTO updateMessageTemplate(
80 @Validated({UpdateGroup.class}) @RequestBody MessageTemplateDTO templateDTO) { 86 @Validated({UpdateGroup.class}) @RequestBody MessageTemplateDTO templateDTO) {
81 Assert.notNull(templateDTO.getId(), "messageTemplate id cannot be null"); 87 Assert.notNull(templateDTO.getId(), "messageTemplate id cannot be null");
@@ -4,6 +4,7 @@ import io.swagger.annotations.Api; @@ -4,6 +4,7 @@ import io.swagger.annotations.Api;
4 import io.swagger.annotations.ApiOperation; 4 import io.swagger.annotations.ApiOperation;
5 import lombok.RequiredArgsConstructor; 5 import lombok.RequiredArgsConstructor;
6 import org.springframework.http.ResponseEntity; 6 import org.springframework.http.ResponseEntity;
  7 +import org.springframework.security.access.prepost.PreAuthorize;
7 import org.springframework.validation.annotation.Validated; 8 import org.springframework.validation.annotation.Validated;
8 import org.springframework.web.bind.annotation.*; 9 import org.springframework.web.bind.annotation.*;
9 import org.thingsboard.server.common.data.exception.ThingsboardException; 10 import org.thingsboard.server.common.data.exception.ThingsboardException;
@@ -64,6 +65,7 @@ public class YtNoticeController extends BaseController { @@ -64,6 +65,7 @@ public class YtNoticeController extends BaseController {
64 } 65 }
65 66
66 @GetMapping("{id}") 67 @GetMapping("{id}")
  68 + @PreAuthorize("@check.checkPermissions({},{'api:yt:notice:get'})")
67 @ApiOperation("详情") 69 @ApiOperation("详情")
68 public ResponseEntity<SysNoticeDTO> get(@PathVariable("id") String id) 70 public ResponseEntity<SysNoticeDTO> get(@PathVariable("id") String id)
69 throws ThingsboardException { 71 throws ThingsboardException {
@@ -71,12 +73,14 @@ public class YtNoticeController extends BaseController { @@ -71,12 +73,14 @@ public class YtNoticeController extends BaseController {
71 } 73 }
72 74
73 @DeleteMapping("delete") 75 @DeleteMapping("delete")
  76 + @PreAuthorize("@check.checkPermissions({},{'api:yt:notice:delete:delete'})")
74 @ApiOperation("批量删除") 77 @ApiOperation("批量删除")
75 public void delete(@Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO) throws ThingsboardException { 78 public void delete(@Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO) throws ThingsboardException {
76 sysNoticeService.delete(deleteDTO.getIds(), getCurrentUser().getCurrentTenantId()); 79 sysNoticeService.delete(deleteDTO.getIds(), getCurrentUser().getCurrentTenantId());
77 } 80 }
78 81
79 @PostMapping("save") 82 @PostMapping("save")
  83 + @PreAuthorize("@check.checkPermissions({},{'api:yt:notice:post'})")
80 @ApiOperation("保存草稿") 84 @ApiOperation("保存草稿")
81 public ResponseEntity<SysNoticeDTO> save(@Validated(AddGroup.class) @RequestBody SysNoticeDTO sysNoticeDTO) throws ThingsboardException { 85 public ResponseEntity<SysNoticeDTO> save(@Validated(AddGroup.class) @RequestBody SysNoticeDTO sysNoticeDTO) throws ThingsboardException {
82 sysNoticeDTO.setStatus(FastIotConstants.DraftStatus.DRAFT); 86 sysNoticeDTO.setStatus(FastIotConstants.DraftStatus.DRAFT);
@@ -4,6 +4,7 @@ import io.swagger.annotations.ApiOperation; @@ -4,6 +4,7 @@ import io.swagger.annotations.ApiOperation;
4 import lombok.RequiredArgsConstructor; 4 import lombok.RequiredArgsConstructor;
5 import org.jetbrains.annotations.NotNull; 5 import org.jetbrains.annotations.NotNull;
6 import org.springframework.http.ResponseEntity; 6 import org.springframework.http.ResponseEntity;
  7 +import org.springframework.security.access.prepost.PreAuthorize;
7 import org.springframework.web.bind.annotation.*; 8 import org.springframework.web.bind.annotation.*;
8 import org.thingsboard.server.common.data.exception.ThingsboardException; 9 import org.thingsboard.server.common.data.exception.ThingsboardException;
9 import org.thingsboard.server.common.data.yunteng.dto.SysNoticeUserDTO; 10 import org.thingsboard.server.common.data.yunteng.dto.SysNoticeUserDTO;
@@ -58,7 +58,7 @@ public class YtOpinionController extends BaseController { @@ -58,7 +58,7 @@ public class YtOpinionController extends BaseController {
58 } 58 }
59 59
60 @DeleteMapping 60 @DeleteMapping
61 - @PreAuthorize("hasAnyAuthority('PLATFORM_ADMIN','SYS_ADMIN')") 61 + @PreAuthorize("@check.checkPermissions({'PLATFORM_ADMIN','SYS_ADMIN'},{'api:yt:opinion:delete'})")
62 @ApiOperation("删除") 62 @ApiOperation("删除")
63 public boolean deleteAlarmProfile(@Validated(DeleteGroup.class) @RequestBody DeleteDTO deleteDTO) 63 public boolean deleteAlarmProfile(@Validated(DeleteGroup.class) @RequestBody DeleteDTO deleteDTO)
64 throws ThingsboardException { 64 throws ThingsboardException {
@@ -67,7 +67,6 @@ public class YtOpinionController extends BaseController { @@ -67,7 +67,6 @@ public class YtOpinionController extends BaseController {
67 } 67 }
68 68
69 @GetMapping("{entityId}") 69 @GetMapping("{entityId}")
70 - @PreAuthorize("hasAnyAuthority('PLATFORM_ADMIN','SYS_ADMIN')")  
71 @ApiOperation("详情") 70 @ApiOperation("详情")
72 public YtOpinionDTO detail(@PathVariable("entityId") String entityId) 71 public YtOpinionDTO detail(@PathVariable("entityId") String entityId)
73 throws ThingsboardException { 72 throws ThingsboardException {
1 package org.thingsboard.server.controller.yunteng; 1 package org.thingsboard.server.controller.yunteng;
  2 +
2 import io.swagger.annotations.Api; 3 import io.swagger.annotations.Api;
3 import io.swagger.annotations.ApiOperation; 4 import io.swagger.annotations.ApiOperation;
4 import lombok.RequiredArgsConstructor; 5 import lombok.RequiredArgsConstructor;
5 import org.springframework.http.HttpStatus; 6 import org.springframework.http.HttpStatus;
6 import org.springframework.http.ResponseEntity; 7 import org.springframework.http.ResponseEntity;
  8 +import org.springframework.security.access.prepost.PreAuthorize;
7 import org.springframework.validation.annotation.Validated; 9 import org.springframework.validation.annotation.Validated;
8 import org.springframework.web.bind.annotation.*; 10 import org.springframework.web.bind.annotation.*;
9 import org.springframework.web.servlet.support.ServletUriComponentsBuilder; 11 import org.springframework.web.servlet.support.ServletUriComponentsBuilder;
@@ -14,6 +16,7 @@ import org.thingsboard.server.common.data.yunteng.dto.DeleteDTO; @@ -14,6 +16,7 @@ import org.thingsboard.server.common.data.yunteng.dto.DeleteDTO;
14 import org.thingsboard.server.common.data.yunteng.dto.OrganizationDTO; 16 import org.thingsboard.server.common.data.yunteng.dto.OrganizationDTO;
15 import org.thingsboard.server.controller.BaseController; 17 import org.thingsboard.server.controller.BaseController;
16 import org.thingsboard.server.dao.yunteng.service.YtOrganizationService; 18 import org.thingsboard.server.dao.yunteng.service.YtOrganizationService;
  19 +
17 import java.net.URI; 20 import java.net.URI;
18 import java.util.List; 21 import java.util.List;
19 import java.util.Optional; 22 import java.util.Optional;
@@ -27,6 +30,7 @@ public class YtOrganizationController extends BaseController { @@ -27,6 +30,7 @@ public class YtOrganizationController extends BaseController {
27 private final YtOrganizationService organizationService; 30 private final YtOrganizationService organizationService;
28 31
29 @PostMapping 32 @PostMapping
  33 + @PreAuthorize("@check.checkPermissions({},{'api:yt:organization:post'})")
30 public ResponseEntity<OrganizationDTO> saveGroup(@RequestBody OrganizationDTO groupDTO) 34 public ResponseEntity<OrganizationDTO> saveGroup(@RequestBody OrganizationDTO groupDTO)
31 throws ThingsboardException { 35 throws ThingsboardException {
32 //如果当前登录的用户不是超级管理员或者租户管理员 36 //如果当前登录的用户不是超级管理员或者租户管理员
@@ -47,6 +51,7 @@ public class YtOrganizationController extends BaseController { @@ -47,6 +51,7 @@ public class YtOrganizationController extends BaseController {
47 } 51 }
48 52
49 @DeleteMapping 53 @DeleteMapping
  54 + @PreAuthorize("@check.checkPermissions({},{'api:yt:organization:delete'})")
50 public ResponseEntity<Boolean> deleteOrganizations( 55 public ResponseEntity<Boolean> deleteOrganizations(
51 @Validated(DeleteGroup.class) @RequestBody DeleteDTO deleteDTO) throws ThingsboardException { 56 @Validated(DeleteGroup.class) @RequestBody DeleteDTO deleteDTO) throws ThingsboardException {
52 return ResponseEntity.ok( 57 return ResponseEntity.ok(
@@ -65,6 +70,7 @@ public class YtOrganizationController extends BaseController { @@ -65,6 +70,7 @@ public class YtOrganizationController extends BaseController {
65 } 70 }
66 71
67 @PutMapping 72 @PutMapping
  73 + @PreAuthorize("@check.checkPermissions({},{'api:yt:organization:update'})")
68 public ResponseEntity updateOrganization(@Validated(UpdateGroup.class) @RequestBody OrganizationDTO groupDTO) throws ThingsboardException { 74 public ResponseEntity updateOrganization(@Validated(UpdateGroup.class) @RequestBody OrganizationDTO groupDTO) throws ThingsboardException {
69 //如果当前登录的用户不是超级管理员或者租户管理员 75 //如果当前登录的用户不是超级管理员或者租户管理员
70 boolean isCustomerOrPlatform = !getCurrentUser().isPtSysadmin() && !getCurrentUser().isPtTenantAdmin(); 76 boolean isCustomerOrPlatform = !getCurrentUser().isPtSysadmin() && !getCurrentUser().isPtTenantAdmin();
@@ -4,6 +4,7 @@ import io.swagger.annotations.Api; @@ -4,6 +4,7 @@ import io.swagger.annotations.Api;
4 import io.swagger.annotations.ApiOperation; 4 import io.swagger.annotations.ApiOperation;
5 import lombok.RequiredArgsConstructor; 5 import lombok.RequiredArgsConstructor;
6 import org.springframework.http.ResponseEntity; 6 import org.springframework.http.ResponseEntity;
  7 +import org.springframework.security.access.prepost.PreAuthorize;
7 import org.springframework.web.bind.annotation.*; 8 import org.springframework.web.bind.annotation.*;
8 import org.thingsboard.server.common.data.exception.ThingsboardException; 9 import org.thingsboard.server.common.data.exception.ThingsboardException;
9 import org.thingsboard.server.common.data.yunteng.dto.SysPlatformDesignDTO; 10 import org.thingsboard.server.common.data.yunteng.dto.SysPlatformDesignDTO;
@@ -24,12 +25,14 @@ public class YtPlatformDesignController extends BaseController { @@ -24,12 +25,14 @@ public class YtPlatformDesignController extends BaseController {
24 private final SysPlatformDesignService sysPlatformDesignService; 25 private final SysPlatformDesignService sysPlatformDesignService;
25 26
26 @GetMapping("get") 27 @GetMapping("get")
  28 + @PreAuthorize("@check.checkPermissions({},{'api:yt:platform:get:get'})")
27 @ApiOperation("查询详情") 29 @ApiOperation("查询详情")
28 public ResponseEntity<SysPlatformDesignDTO> get() throws ThingsboardException { 30 public ResponseEntity<SysPlatformDesignDTO> get() throws ThingsboardException {
29 return ResponseEntity.ok(sysPlatformDesignService.get(getCurrentUser().getCurrentTenantId())); 31 return ResponseEntity.ok(sysPlatformDesignService.get(getCurrentUser().getCurrentTenantId()));
30 } 32 }
31 33
32 @PutMapping("update") 34 @PutMapping("update")
  35 + @PreAuthorize("@check.checkPermissions({},{'api:yt:platform:update:update'})")
33 @ApiOperation("更新") 36 @ApiOperation("更新")
34 public ResponseEntity update(@RequestBody SysPlatformDesignDTO sysPlatformDesignDTO) 37 public ResponseEntity update(@RequestBody SysPlatformDesignDTO sysPlatformDesignDTO)
35 throws ThingsboardException { 38 throws ThingsboardException {
@@ -33,7 +33,7 @@ import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant. @@ -33,7 +33,7 @@ import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.
33 @RequestMapping("api/yt/report_form/config") 33 @RequestMapping("api/yt/report_form/config")
34 @Api(tags = "报表配置信息") 34 @Api(tags = "报表配置信息")
35 @RequiredArgsConstructor 35 @RequiredArgsConstructor
36 -@PreAuthorize("hasAnyAuthority('TENANT_ADMIN','CUSTOMER_USER')") 36 +@PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{})")
37 public class YtReportFormConfigController extends BaseController { 37 public class YtReportFormConfigController extends BaseController {
38 38
39 private final YtReportFormConfigService reportFormConfigService; 39 private final YtReportFormConfigService reportFormConfigService;
@@ -76,6 +76,7 @@ public class YtReportFormConfigController extends BaseController { @@ -76,6 +76,7 @@ public class YtReportFormConfigController extends BaseController {
76 76
77 @PostMapping 77 @PostMapping
78 @ApiOperation("新增") 78 @ApiOperation("新增")
  79 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:report_form:config:post'})")
79 public ResponseResult<ReportFormConfigDTO> saveReportFromConfig( 80 public ResponseResult<ReportFormConfigDTO> saveReportFromConfig(
80 @Validated({AddGroup.class}) @RequestBody ReportFormConfigDTO configDTO) 81 @Validated({AddGroup.class}) @RequestBody ReportFormConfigDTO configDTO)
81 throws ThingsboardException, SchedulerException { 82 throws ThingsboardException, SchedulerException {
@@ -87,6 +88,7 @@ public class YtReportFormConfigController extends BaseController { @@ -87,6 +88,7 @@ public class YtReportFormConfigController extends BaseController {
87 88
88 @PutMapping 89 @PutMapping
89 @ApiOperation("编辑") 90 @ApiOperation("编辑")
  91 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:report_form:config:update'})")
90 public ResponseResult<ReportFormConfigDTO> updateReportFromConfig( 92 public ResponseResult<ReportFormConfigDTO> updateReportFromConfig(
91 @Validated({UpdateGroup.class}) @RequestBody ReportFormConfigDTO configDTO) 93 @Validated({UpdateGroup.class}) @RequestBody ReportFormConfigDTO configDTO)
92 throws ThingsboardException, SchedulerException { 94 throws ThingsboardException, SchedulerException {
@@ -105,6 +107,7 @@ public class YtReportFormConfigController extends BaseController { @@ -105,6 +107,7 @@ public class YtReportFormConfigController extends BaseController {
105 107
106 @DeleteMapping 108 @DeleteMapping
107 @ApiOperation("删除") 109 @ApiOperation("删除")
  110 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:report_form:config:delete'})")
108 public ResponseResult<Boolean> deleteReportFormConfig( 111 public ResponseResult<Boolean> deleteReportFormConfig(
109 @Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO) throws SchedulerException { 112 @Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO) throws SchedulerException {
110 return reportFormConfigService.deleteReportFormConfig(deleteDTO) 113 return reportFormConfigService.deleteReportFormConfig(deleteDTO)
@@ -37,7 +37,7 @@ import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant. @@ -37,7 +37,7 @@ import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.
37 @RequestMapping("api/yt/report/generate/record") 37 @RequestMapping("api/yt/report/generate/record")
38 @Api(tags = "报表生成记录") 38 @Api(tags = "报表生成记录")
39 @RequiredArgsConstructor 39 @RequiredArgsConstructor
40 -@PreAuthorize("hasAnyAuthority('TENANT_ADMIN','CUSTOMER_USER')") 40 +@PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{})")
41 public class YtReportGenerateRecordController extends BaseController { 41 public class YtReportGenerateRecordController extends BaseController {
42 42
43 private final YtReportGenerateRecordService reportFormGenerateRecordService; 43 private final YtReportGenerateRecordService reportFormGenerateRecordService;
@@ -80,6 +80,7 @@ public class YtReportGenerateRecordController extends BaseController { @@ -80,6 +80,7 @@ public class YtReportGenerateRecordController extends BaseController {
80 80
81 @DeleteMapping 81 @DeleteMapping
82 @ApiOperation("删除") 82 @ApiOperation("删除")
  83 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:report:generate:record:delete'})")
83 public ResponseResult<Boolean> deleteReportGenerateRecord( 84 public ResponseResult<Boolean> deleteReportGenerateRecord(
84 @Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO) { 85 @Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO) {
85 return reportFormGenerateRecordService.deleteReportGenerateRecord(deleteDTO) 86 return reportFormGenerateRecordService.deleteReportGenerateRecord(deleteDTO)
@@ -56,6 +56,7 @@ public class YtRoleController extends BaseController { @@ -56,6 +56,7 @@ public class YtRoleController extends BaseController {
56 } 56 }
57 57
58 @DeleteMapping 58 @DeleteMapping
  59 + @PreAuthorize("@check.checkPermissions({},{'api:yt:role:delete'})")
59 public void deleteRole(@RequestBody String[] ids) throws ThingsboardException { 60 public void deleteRole(@RequestBody String[] ids) throws ThingsboardException {
60 roleService.deleteRole(ids,getCurrentUser().getCurrentTenantId()); 61 roleService.deleteRole(ids,getCurrentUser().getCurrentTenantId());
61 } 62 }
@@ -73,6 +74,7 @@ public class YtRoleController extends BaseController { @@ -73,6 +74,7 @@ public class YtRoleController extends BaseController {
73 } 74 }
74 75
75 @PostMapping("saveOrUpdateRoleInfoWithMenu") 76 @PostMapping("saveOrUpdateRoleInfoWithMenu")
  77 + @PreAuthorize("@check.checkPermissions({},{'api:yt:role:saveOrUpdateRoleInfoWithMenu:post','api:yt:role:saveOrUpdateRoleInfoWithMenu:update'})")
76 public RoleDTO saveOrUpdateRoleInfoWithMenu(@RequestBody RoleReqDTO roleReqDTO) throws ThingsboardException { 78 public RoleDTO saveOrUpdateRoleInfoWithMenu(@RequestBody RoleReqDTO roleReqDTO) throws ThingsboardException {
77 return roleService.saveOrUpdateRoleInfoWithMenu( 79 return roleService.saveOrUpdateRoleInfoWithMenu(
78 roleReqDTO, 80 roleReqDTO,
@@ -38,13 +38,14 @@ import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant. @@ -38,13 +38,14 @@ import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.
38 @RequestMapping("/api/yt/sceneLinkage") 38 @RequestMapping("/api/yt/sceneLinkage")
39 @RequiredArgsConstructor 39 @RequiredArgsConstructor
40 @Api(tags = "场景联动") 40 @Api(tags = "场景联动")
41 -@PreAuthorize("hasAnyAuthority('TENANT_ADMIN','CUSTOMER_USER')") 41 +@PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{})")
42 public class YtSceneLinkageController extends BaseController { 42 public class YtSceneLinkageController extends BaseController {
43 43
44 private final SceneLinkageService sceneLinkageService; 44 private final SceneLinkageService sceneLinkageService;
45 45
46 @ApiOperation(value = "新增场景联动") 46 @ApiOperation(value = "新增场景联动")
47 @PostMapping 47 @PostMapping
  48 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:sceneLinkage:post'})")
48 public ResponseEntity<SceneLinkageDTO> saveSceneLinkage( 49 public ResponseEntity<SceneLinkageDTO> saveSceneLinkage(
49 @Validated(AddGroup.class) @RequestBody SceneLinkageDTO sceneLinkageDTO) 50 @Validated(AddGroup.class) @RequestBody SceneLinkageDTO sceneLinkageDTO)
50 throws ThingsboardException { 51 throws ThingsboardException {
@@ -73,6 +74,7 @@ public class YtSceneLinkageController extends BaseController { @@ -73,6 +74,7 @@ public class YtSceneLinkageController extends BaseController {
73 74
74 @ApiOperation("编辑") 75 @ApiOperation("编辑")
75 @PostMapping("/update") 76 @PostMapping("/update")
  77 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:sceneLinkage:update'})")
76 public SceneLinkageDTO updateSceneLinkage( 78 public SceneLinkageDTO updateSceneLinkage(
77 @Validated(UpdateGroup.class) @RequestBody SceneLinkageDTO sceneLinkageDTO) 79 @Validated(UpdateGroup.class) @RequestBody SceneLinkageDTO sceneLinkageDTO)
78 throws ThingsboardException { 80 throws ThingsboardException {
@@ -109,6 +111,7 @@ public class YtSceneLinkageController extends BaseController { @@ -109,6 +111,7 @@ public class YtSceneLinkageController extends BaseController {
109 111
110 @ApiOperation(value = "删除") 112 @ApiOperation(value = "删除")
111 @DeleteMapping 113 @DeleteMapping
  114 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:sceneLinkage:delete'})")
112 @AutoLog(value = EntityType.SCENE_ACT,actionType = ActionType.DELETED) 115 @AutoLog(value = EntityType.SCENE_ACT,actionType = ActionType.DELETED)
113 public void delete(@Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO) 116 public void delete(@Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO)
114 throws ThingsboardException { 117 throws ThingsboardException {
@@ -18,14 +18,14 @@ import org.thingsboard.server.controller.BaseController; @@ -18,14 +18,14 @@ import org.thingsboard.server.controller.BaseController;
18 import java.util.List; 18 import java.util.List;
19 19
20 import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.*; 20 import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.*;
21 -import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.PAGE;  
22 21
23 @RestController 22 @RestController
24 @RequestMapping("/api/yt/tenantProfiles") 23 @RequestMapping("/api/yt/tenantProfiles")
25 @RequiredArgsConstructor 24 @RequiredArgsConstructor
26 public class YtTenantProfilesController extends BaseController { 25 public class YtTenantProfilesController extends BaseController {
27 26
28 - @PreAuthorize("hasAnyAuthority('SYS_ADMIN')") 27 +
  28 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN'},{})")
29 @GetMapping( 29 @GetMapping(
30 name = "page", 30 name = "page",
31 params = {PAGE_SIZE, PAGE}) 31 params = {PAGE_SIZE, PAGE})
@@ -27,8 +27,6 @@ import org.thingsboard.server.common.data.yunteng.common.UpdateGroup; @@ -27,8 +27,6 @@ import org.thingsboard.server.common.data.yunteng.common.UpdateGroup;
27 import org.thingsboard.server.common.data.yunteng.core.exception.YtDataValidationException; 27 import org.thingsboard.server.common.data.yunteng.core.exception.YtDataValidationException;
28 import org.thingsboard.server.common.data.yunteng.core.message.ErrorMessage; 28 import org.thingsboard.server.common.data.yunteng.core.message.ErrorMessage;
29 import org.thingsboard.server.common.data.yunteng.core.utils.AccountProperties; 29 import org.thingsboard.server.common.data.yunteng.core.utils.AccountProperties;
30 -import org.thingsboard.server.common.data.yunteng.utils.Demo;  
31 -import org.thingsboard.server.common.data.yunteng.utils.ExcelUtil;  
32 import org.thingsboard.server.common.data.yunteng.dto.DeleteDTO; 30 import org.thingsboard.server.common.data.yunteng.dto.DeleteDTO;
33 import org.thingsboard.server.common.data.yunteng.dto.UserDTO; 31 import org.thingsboard.server.common.data.yunteng.dto.UserDTO;
34 import org.thingsboard.server.common.data.yunteng.dto.UserInfoDTO; 32 import org.thingsboard.server.common.data.yunteng.dto.UserInfoDTO;
@@ -36,8 +34,10 @@ import org.thingsboard.server.common.data.yunteng.dto.request.AccountReqDTO; @@ -36,8 +34,10 @@ import org.thingsboard.server.common.data.yunteng.dto.request.AccountReqDTO;
36 import org.thingsboard.server.common.data.yunteng.dto.request.RoleOrOrganizationReqDTO; 34 import org.thingsboard.server.common.data.yunteng.dto.request.RoleOrOrganizationReqDTO;
37 import org.thingsboard.server.common.data.yunteng.enums.OrderTypeEnum; 35 import org.thingsboard.server.common.data.yunteng.enums.OrderTypeEnum;
38 import org.thingsboard.server.common.data.yunteng.enums.RoleEnum; 36 import org.thingsboard.server.common.data.yunteng.enums.RoleEnum;
39 -import org.thingsboard.server.common.data.yunteng.utils.tools.YtPageData; 37 +import org.thingsboard.server.common.data.yunteng.utils.Demo;
  38 +import org.thingsboard.server.common.data.yunteng.utils.ExcelUtil;
40 import org.thingsboard.server.common.data.yunteng.utils.tools.ResponseResult; 39 import org.thingsboard.server.common.data.yunteng.utils.tools.ResponseResult;
  40 +import org.thingsboard.server.common.data.yunteng.utils.tools.YtPageData;
41 import org.thingsboard.server.dao.user.UserService; 41 import org.thingsboard.server.dao.user.UserService;
42 import org.thingsboard.server.dao.yunteng.service.YtUserService; 42 import org.thingsboard.server.dao.yunteng.service.YtUserService;
43 import org.thingsboard.server.service.security.model.SecurityUser; 43 import org.thingsboard.server.service.security.model.SecurityUser;
@@ -70,6 +70,7 @@ public class YtUserController extends AbstractUserAccount { @@ -70,6 +70,7 @@ public class YtUserController extends AbstractUserAccount {
70 this.accountProperties = accountProperties; 70 this.accountProperties = accountProperties;
71 } 71 }
72 @GetMapping("{userId}") 72 @GetMapping("{userId}")
  73 + @PreAuthorize("@check.checkPermissions({},{'api:yt:user:get'})")
73 public ResponseEntity<UserDTO> getUser(@PathVariable("userId") String userId) 74 public ResponseEntity<UserDTO> getUser(@PathVariable("userId") String userId)
74 throws ThingsboardException { 75 throws ThingsboardException {
75 return ResponseEntity.of( 76 return ResponseEntity.of(
@@ -127,6 +128,7 @@ public class YtUserController extends AbstractUserAccount { @@ -127,6 +128,7 @@ public class YtUserController extends AbstractUserAccount {
127 128
128 @PutMapping 129 @PutMapping
129 @ApiOperation(value = "修改用户信息") 130 @ApiOperation(value = "修改用户信息")
  131 + @PreAuthorize("@check.checkPermissions({},{'api:yt:user:update'})")
130 public UserDTO updateUser(@Validated(UpdateGroup.class) @RequestBody UserDTO userDTO) 132 public UserDTO updateUser(@Validated(UpdateGroup.class) @RequestBody UserDTO userDTO)
131 throws ThingsboardException { 133 throws ThingsboardException {
132 return userService.updateUser( 134 return userService.updateUser(
@@ -144,7 +146,7 @@ public class YtUserController extends AbstractUserAccount { @@ -144,7 +146,7 @@ public class YtUserController extends AbstractUserAccount {
144 } 146 }
145 147
146 @PostMapping 148 @PostMapping
147 - @PreAuthorize("hasAnyAuthority('SYS_ADMIN','TENANT_ADMIN')") 149 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','TENANT_ADMIN'},{'api:yt:user:post'})")
148 @ApiOperation(value = "新增用户") 150 @ApiOperation(value = "新增用户")
149 public ResponseEntity<UserDTO> addUser( 151 public ResponseEntity<UserDTO> addUser(
150 @RequestParam(value = "sendEmail", required = false, defaultValue = "false") 152 @RequestParam(value = "sendEmail", required = false, defaultValue = "false")
@@ -177,7 +179,8 @@ public class YtUserController extends AbstractUserAccount { @@ -177,7 +179,8 @@ public class YtUserController extends AbstractUserAccount {
177 getCurrentUser().getCurrentTenantId())); 179 getCurrentUser().getCurrentTenantId()));
178 } 180 }
179 181
180 - @PreAuthorize("hasAnyAuthority('SYS_ADMIN')") 182 +
  183 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN'},{'api:yt:user:saveTenantAdmin:post'})")
181 @PostMapping("saveTenantAdmin") 184 @PostMapping("saveTenantAdmin")
182 public UserDTO saveTenantAdmin(@Validated(AddGroup.class) @RequestBody UserDTO userDTO) 185 public UserDTO saveTenantAdmin(@Validated(AddGroup.class) @RequestBody UserDTO userDTO)
183 throws ThingsboardException { 186 throws ThingsboardException {
@@ -207,7 +210,7 @@ public class YtUserController extends AbstractUserAccount { @@ -207,7 +210,7 @@ public class YtUserController extends AbstractUserAccount {
207 } 210 }
208 211
209 @DeleteMapping 212 @DeleteMapping
210 - @PreAuthorize("hasAnyAuthority('SYS_ADMIN','TENANT_ADMIN')") 213 + @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','TENANT_ADMIN'},{'api:yt:user:delete'})")
211 public void deleteUser(@Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO) 214 public void deleteUser(@Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO)
212 throws ThingsboardException { 215 throws ThingsboardException {
213 // 如果当前用户是租户管理员,则代表创建的用户为CUSTOMER_USER,则需要调用TB,否则为本平台的管理员不需要调用TB 216 // 如果当前用户是租户管理员,则代表创建的用户为CUSTOMER_USER,则需要调用TB,否则为本平台的管理员不需要调用TB
@@ -274,7 +277,8 @@ public class YtUserController extends AbstractUserAccount { @@ -274,7 +277,8 @@ public class YtUserController extends AbstractUserAccount {
274 return ResponseResult.success(userService.changePassword(user)); 277 return ResponseResult.success(userService.changePassword(user));
275 } 278 }
276 279
277 - @PreAuthorize("hasAnyAuthority('TENANT_ADMIN')") 280 +
  281 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN'},{})")
278 @ApiOperation(value = "获取租户下对应组织的所有客户") 282 @ApiOperation(value = "获取租户下对应组织的所有客户")
279 @GetMapping("/customers/{organizationId}") 283 @GetMapping("/customers/{organizationId}")
280 public ResponseEntity<List<UserDTO>> getMyCustomers(@PathVariable String organizationId) 284 public ResponseEntity<List<UserDTO>> getMyCustomers(@PathVariable String organizationId)
@@ -12,7 +12,6 @@ import org.thingsboard.server.common.data.yunteng.common.DeleteGroup; @@ -12,7 +12,6 @@ import org.thingsboard.server.common.data.yunteng.common.DeleteGroup;
12 import org.thingsboard.server.common.data.yunteng.dto.DeleteDTO; 12 import org.thingsboard.server.common.data.yunteng.dto.DeleteDTO;
13 import org.thingsboard.server.common.data.yunteng.dto.YtVideoDTO; 13 import org.thingsboard.server.common.data.yunteng.dto.YtVideoDTO;
14 import org.thingsboard.server.common.data.yunteng.enums.OrderTypeEnum; 14 import org.thingsboard.server.common.data.yunteng.enums.OrderTypeEnum;
15 -import org.thingsboard.server.common.data.yunteng.utils.tools.ProtocolType;  
16 import org.thingsboard.server.common.data.yunteng.utils.tools.ResponseResult; 15 import org.thingsboard.server.common.data.yunteng.utils.tools.ResponseResult;
17 import org.thingsboard.server.common.data.yunteng.utils.tools.YtPageData; 16 import org.thingsboard.server.common.data.yunteng.utils.tools.YtPageData;
18 import org.thingsboard.server.controller.BaseController; 17 import org.thingsboard.server.controller.BaseController;
@@ -28,7 +27,7 @@ import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant. @@ -28,7 +27,7 @@ import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.
28 @RequestMapping("api/yt/video") 27 @RequestMapping("api/yt/video")
29 @Api(tags = {"视频流"}) 28 @Api(tags = {"视频流"})
30 @RequiredArgsConstructor 29 @RequiredArgsConstructor
31 -@PreAuthorize("hasAnyAuthority('TENANT_ADMIN','CUSTOMER_USER')") 30 +@PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{})")
32 public class YtVideoController extends BaseController { 31 public class YtVideoController extends BaseController {
33 32
34 private final YtVideoService videoService; 33 private final YtVideoService videoService;
@@ -56,6 +55,7 @@ public class YtVideoController extends BaseController { @@ -56,6 +55,7 @@ public class YtVideoController extends BaseController {
56 55
57 @PostMapping 56 @PostMapping
58 @ApiOperation("新增|编辑") 57 @ApiOperation("新增|编辑")
  58 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:video:post','api:yt:video:update'})")
59 public YtVideoDTO saveOrUpdateAlarmProfile( 59 public YtVideoDTO saveOrUpdateAlarmProfile(
60 @Validated @RequestBody YtVideoDTO dto) throws ThingsboardException { 60 @Validated @RequestBody YtVideoDTO dto) throws ThingsboardException {
61 dto.setTenantId(getCurrentUser().getCurrentTenantId()); 61 dto.setTenantId(getCurrentUser().getCurrentTenantId());
@@ -64,6 +64,7 @@ public class YtVideoController extends BaseController { @@ -64,6 +64,7 @@ public class YtVideoController extends BaseController {
64 64
65 @DeleteMapping 65 @DeleteMapping
66 @ApiOperation("删除") 66 @ApiOperation("删除")
  67 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:video:delete'})")
67 public boolean deleteAlarmProfile(@Validated(DeleteGroup.class) @RequestBody DeleteDTO deleteDTO) 68 public boolean deleteAlarmProfile(@Validated(DeleteGroup.class) @RequestBody DeleteDTO deleteDTO)
68 throws ThingsboardException { 69 throws ThingsboardException {
69 deleteDTO.setTenantId(getCurrentUser().getCurrentTenantId()); 70 deleteDTO.setTenantId(getCurrentUser().getCurrentTenantId());
@@ -72,6 +73,7 @@ public class YtVideoController extends BaseController { @@ -72,6 +73,7 @@ public class YtVideoController extends BaseController {
72 73
73 @GetMapping("{entityId}") 74 @GetMapping("{entityId}")
74 @ApiOperation("详情") 75 @ApiOperation("详情")
  76 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:video:get'})")
75 public YtVideoDTO detail(@PathVariable("entityId") String entityId) 77 public YtVideoDTO detail(@PathVariable("entityId") String entityId)
76 throws ThingsboardException { 78 throws ThingsboardException {
77 return videoService.detail(getCurrentUser().getCurrentTenantId(), entityId); 79 return videoService.detail(getCurrentUser().getCurrentTenantId(), entityId);
@@ -25,7 +25,7 @@ import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant. @@ -25,7 +25,7 @@ import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.
25 @RequestMapping("api/yt/video/platform") 25 @RequestMapping("api/yt/video/platform")
26 @Api(tags = {"流媒体平台配置"}) 26 @Api(tags = {"流媒体平台配置"})
27 @RequiredArgsConstructor 27 @RequiredArgsConstructor
28 -@PreAuthorize("hasAnyAuthority('TENANT_ADMIN','CUSTOMER_USER')") 28 +@PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{})")
29 public class YtVideoPlatformController extends BaseController { 29 public class YtVideoPlatformController extends BaseController {
30 30
31 private final YtVideoPlatformService videoPlatformService; 31 private final YtVideoPlatformService videoPlatformService;
@@ -49,6 +49,7 @@ public class YtVideoPlatformController extends BaseController { @@ -49,6 +49,7 @@ public class YtVideoPlatformController extends BaseController {
49 49
50 @PostMapping 50 @PostMapping
51 @ApiOperation("新增|编辑") 51 @ApiOperation("新增|编辑")
  52 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:video:platform:post','api:yt:video:platform:update'})")
52 public YtVideoPlatformDTO saveOrUpdateVideoPlatform( 53 public YtVideoPlatformDTO saveOrUpdateVideoPlatform(
53 @Validated @RequestBody YtVideoPlatformDTO dto) throws ThingsboardException { 54 @Validated @RequestBody YtVideoPlatformDTO dto) throws ThingsboardException {
54 dto.setTenantId(getCurrentUser().getCurrentTenantId()); 55 dto.setTenantId(getCurrentUser().getCurrentTenantId());
@@ -57,6 +58,7 @@ public class YtVideoPlatformController extends BaseController { @@ -57,6 +58,7 @@ public class YtVideoPlatformController extends BaseController {
57 58
58 @DeleteMapping 59 @DeleteMapping
59 @ApiOperation("删除") 60 @ApiOperation("删除")
  61 + @PreAuthorize("@check.checkPermissions({'TENANT_ADMIN','CUSTOMER_USER'},{'api:yt:video:platform:delete'})")
60 public boolean deleteVideoPlatform(@Validated(DeleteGroup.class) @RequestBody DeleteDTO deleteDTO) 62 public boolean deleteVideoPlatform(@Validated(DeleteGroup.class) @RequestBody DeleteDTO deleteDTO)
61 throws ThingsboardException { 63 throws ThingsboardException {
62 deleteDTO.setTenantId(getCurrentUser().getCurrentTenantId()); 64 deleteDTO.setTenantId(getCurrentUser().getCurrentTenantId());
@@ -42,6 +42,7 @@ import org.thingsboard.server.common.data.exception.ThingsboardErrorCode; @@ -42,6 +42,7 @@ import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
42 import org.thingsboard.server.common.data.exception.ThingsboardException; 42 import org.thingsboard.server.common.data.exception.ThingsboardException;
43 import org.thingsboard.server.common.data.yunteng.core.Result; 43 import org.thingsboard.server.common.data.yunteng.core.Result;
44 import org.thingsboard.server.common.data.yunteng.core.exception.ThingsKitException; 44 import org.thingsboard.server.common.data.yunteng.core.exception.ThingsKitException;
  45 +import org.thingsboard.server.common.data.yunteng.core.message.ErrorMessage;
45 import org.thingsboard.server.common.msg.tools.TbRateLimitsException; 46 import org.thingsboard.server.common.msg.tools.TbRateLimitsException;
46 import org.thingsboard.server.dao.exception.DataValidationException; 47 import org.thingsboard.server.dao.exception.DataValidationException;
47 import org.thingsboard.server.service.security.exception.AuthMethodNotSupportedException; 48 import org.thingsboard.server.service.security.exception.AuthMethodNotSupportedException;
@@ -199,7 +200,7 @@ public class ThingsboardErrorResponseHandler extends ResponseEntityExceptionHand @@ -199,7 +200,7 @@ public class ThingsboardErrorResponseHandler extends ResponseEntityExceptionHand
199 } else if (authenticationException instanceof DisabledException) { 200 } else if (authenticationException instanceof DisabledException) {
200 mapper.writeValue(response.getWriter(), ThingsboardErrorResponse.of("User account is not active", ThingsboardErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED)); 201 mapper.writeValue(response.getWriter(), ThingsboardErrorResponse.of("User account is not active", ThingsboardErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED));
201 } else if (authenticationException instanceof LockedException) { 202 } else if (authenticationException instanceof LockedException) {
202 - mapper.writeValue(response.getWriter(), ThingsboardErrorResponse.of("User account is locked due to security policy", ThingsboardErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED)); 203 + mapper.writeValue(response.getWriter(), ThingsboardErrorResponse.of(ErrorMessage.ACCOUNT_LOCKED.getMessage(), ThingsboardErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED));
203 } else if (authenticationException instanceof JwtExpiredTokenException) { 204 } else if (authenticationException instanceof JwtExpiredTokenException) {
204 mapper.writeValue(response.getWriter(), ThingsboardErrorResponse.of("Token has expired", ThingsboardErrorCode.JWT_TOKEN_EXPIRED, HttpStatus.UNAUTHORIZED)); 205 mapper.writeValue(response.getWriter(), ThingsboardErrorResponse.of("Token has expired", ThingsboardErrorCode.JWT_TOKEN_EXPIRED, HttpStatus.UNAUTHORIZED));
205 } else if (authenticationException instanceof AuthMethodNotSupportedException) { 206 } else if (authenticationException instanceof AuthMethodNotSupportedException) {
@@ -11,6 +11,7 @@ public enum ErrorMessage { @@ -11,6 +11,7 @@ public enum ErrorMessage {
11 ACCOUNT_DISABLED(403002, "账号已禁用"), 11 ACCOUNT_DISABLED(403002, "账号已禁用"),
12 ACCESS_DENIED(403003, "拒绝访问"), 12 ACCESS_DENIED(403003, "拒绝访问"),
13 AUTHENTICATION_METHOD_NOT_SUPPORTED(403004, "authentication method not supported"), 13 AUTHENTICATION_METHOD_NOT_SUPPORTED(403004, "authentication method not supported"),
  14 + ACCOUNT_LOCKED(403002, "根据相关安全策略账号已锁定!"),
14 USERNAME_PASSWORD_INCORRECT(401001, "incorrect username or password"), 15 USERNAME_PASSWORD_INCORRECT(401001, "incorrect username or password"),
15 TOKEN_EXPIRED(401002, "token has expired"), 16 TOKEN_EXPIRED(401002, "token has expired"),
16 NONE_TENANT_ASSET(401003, "not current tenant asset"), 17 NONE_TENANT_ASSET(401003, "not current tenant asset"),
@@ -27,10 +27,7 @@ import org.thingsboard.server.dao.yunteng.service.AbstractBaseService; @@ -27,10 +27,7 @@ import org.thingsboard.server.dao.yunteng.service.AbstractBaseService;
27 import org.thingsboard.server.dao.yunteng.service.MenuService; 27 import org.thingsboard.server.dao.yunteng.service.MenuService;
28 import org.thingsboard.server.dao.yunteng.service.RoleService; 28 import org.thingsboard.server.dao.yunteng.service.RoleService;
29 29
30 -import java.util.List;  
31 -import java.util.Map;  
32 -import java.util.Optional;  
33 -import java.util.Set; 30 +import java.util.*;
34 import java.util.stream.Collectors; 31 import java.util.stream.Collectors;
35 32
36 @Service 33 @Service
@@ -183,32 +180,55 @@ public class RoleServiceImpl extends AbstractBaseService<RoleMapper, Role> imple @@ -183,32 +180,55 @@ public class RoleServiceImpl extends AbstractBaseService<RoleMapper, Role> imple
183 role.setTenantId(tenantId); 180 role.setTenantId(tenantId);
184 baseMapper.insert(role); 181 baseMapper.insert(role);
185 } 182 }
  183 + Set<String> oldMenus = menuMapper.selectRoleMenuIds(role.getId());
186 // do update or save menu associate with this roleId 184 // do update or save menu associate with this roleId
187 menuService.assignMenuToRole( 185 menuService.assignMenuToRole(
188 roleReqDTO.getMenu().toArray(new String[roleReqDTO.getMenu().size()]), role.getId()); 186 roleReqDTO.getMenu().toArray(new String[roleReqDTO.getMenu().size()]), role.getId());
189 // 如果是租户管理员角色并且是更新,则需要更新租户菜单表 187 // 如果是租户管理员角色并且是更新,则需要更新租户菜单表
190 if (role.getRoleType().equals(RoleEnum.TENANT_ADMIN.name()) && update) { 188 if (role.getRoleType().equals(RoleEnum.TENANT_ADMIN.name()) && update) {
191 - List<String> menus = roleReqDTO.getMenu(); 189 + List<String> newMenus = roleReqDTO.getMenu();
  190 + Set<String> removeMenus = new HashSet<>();
  191 + for(String menu: oldMenus){
  192 + if(newMenus.contains(menu)){
  193 + newMenus.remove(menu);
  194 + }else{
  195 + removeMenus.add(menu);
  196 + }
  197 + }
192 // 先删除以前的租户菜单,再更新新的租户菜单 198 // 先删除以前的租户菜单,再更新新的租户菜单
193 // 1、查询这个角色有几个租户用户 199 // 1、查询这个角色有几个租户用户
194 // 2、删除并更新对应租户的信息 200 // 2、删除并更新对应租户的信息
  201 + // 3、超级管理员删除租户角色菜单时,同步删除租户内客户角色的权限,租户ID+菜单ID
195 List<TenantRole> tenantRoles = 202 List<TenantRole> tenantRoles =
196 tenantRoleMapper.selectList( 203 tenantRoleMapper.selectList(
197 new QueryWrapper<TenantRole>().lambda().eq(TenantRole::getRoleId, role.getId())); 204 new QueryWrapper<TenantRole>().lambda().eq(TenantRole::getRoleId, role.getId()));
198 tenantRoles.forEach( 205 tenantRoles.forEach(
199 tenantRole -> { 206 tenantRole -> {
200 String updateTenantId = tenantRole.getTenantId(); 207 String updateTenantId = tenantRole.getTenantId();
201 - tenantMenuMapper.delete(  
202 - new QueryWrapper<TenantMenu>()  
203 - .lambda()  
204 - .eq(TenantMenu::getTenantId, updateTenantId));  
205 - menus.forEach( 208 +
  209 + if(!removeMenus.isEmpty()){
  210 + //刷新租户的菜单
  211 + tenantMenuMapper.delete(
  212 + new QueryWrapper<TenantMenu>()
  213 + .lambda()
  214 + .eq(TenantMenu::getTenantId, updateTenantId)
  215 + .in(TenantMenu::getMenuId,removeMenus));
  216 + //刷新客户的菜单
  217 + List<Role> customerRoles = baseMapper.selectList(
  218 + new QueryWrapper<Role>()
  219 + .lambda()
  220 + .eq(Role::getTenantId, updateTenantId)
  221 + .eq(Role::getRoleType,RoleEnum.CUSTOMER_USER.name()));
  222 + customerRoles.forEach(cr -> menuMapper.removeMenuFromRole(cr.getId(),removeMenus));
  223 + }
  224 + newMenus.forEach(
206 menu -> { 225 menu -> {
207 TenantMenu tenantMenu = new TenantMenu(); 226 TenantMenu tenantMenu = new TenantMenu();
208 tenantMenu.setMenuId(menu); 227 tenantMenu.setMenuId(menu);
209 tenantMenu.setTenantId(updateTenantId); 228 tenantMenu.setTenantId(updateTenantId);
210 tenantMenuMapper.insert(tenantMenu); 229 tenantMenuMapper.insert(tenantMenu);
211 }); 230 });
  231 +
212 }); 232 });
213 } 233 }
214 cacheUtils.invalidateCacheName(FastIotConstants.CacheConfigKey.CACHE_CONFIG_KEY); 234 cacheUtils.invalidateCacheName(FastIotConstants.CacheConfigKey.CACHE_CONFIG_KEY);