权限字符

25a3a8ec · 万成波 · a0f3b82d · 25a3a8ec · 25a3a8ec · 25a3a8ec
Commit 25a3a8ec authored Oct 09, 2025 by 万成波
7 changed files
--- a/safe-campus-admin/src/main/java/com/tangguo/web/controller/system/SysLoginController.java
+++ b/safe-campus-admin/src/main/java/com/tangguo/web/controller/system/SysLoginController.java
@@ -159,12 +159,9 @@ public class SysLoginController {
 	public AjaxResult getUserProfile() {
 		final String bbsAdmin = "bbs_admin";
 		SysUser sysUser = SecurityUtils.getLoginUser().getUser();
-		for (SysRole role : sysUser.getRoles()) {
-			if (bbsAdmin.equals(role.getRoleKey())) {
-				sysUser.setBbsAdmin(true);
-				break;
-			}
-		}
+		List<SysRole> roles = SecurityUtils.getLoginUser().getUser().getRoles();
+		boolean anyMatch = roles.stream().anyMatch(r -> bbsAdmin.equals(r.getRoleKey()));
+		sysUser.setBbsAdmin(anyMatch);
 		return AjaxResult.success(sysUser);
 	}


--- a/safe-campus-common/src/main/java/com/tangguo/common/utils/SecurityUtils.java
+++ b/safe-campus-common/src/main/java/com/tangguo/common/utils/SecurityUtils.java
 package com.tangguo.common.utils;

 import com.tangguo.common.constant.HttpStatus;
+import com.tangguo.common.core.domain.entity.SysRole;
+import com.tangguo.common.core.domain.entity.SysUser;
 import com.tangguo.common.core.domain.model.LoginUser;
 import com.tangguo.common.exception.ServiceException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

+import java.util.List;
+
 /**
 * 安全服务工具类
 *
@@ -108,4 +112,17 @@ public class SecurityUtils {
 	public static boolean isAdmin(Long userId) {
 		return userId != null && 1L == userId;
 	}
+
+
+	/**
+	 * 是否为移动端管理员
+	 *
+	 * @return
+	 */
+	public static boolean isBbsAdmin() {
+		final String bbsAdmin = "bbs_admin";
+		List<SysRole> roles = getLoginUser().getUser().getRoles();
+		return roles.stream().anyMatch(r -> bbsAdmin.equals(r.getRoleKey()));
+	}
+
 }
--- a/safe-campus-moment/src/main/java/com/tangguo/controller/pc/BbsMomentController.java
+++ b/safe-campus-moment/src/main/java/com/tangguo/controller/pc/BbsMomentController.java
@@ -50,7 +50,7 @@ public class BbsMomentController extends BaseController {
     * 导出动态列表
     */
    @ApiOperation("导出动态列表")
-    @PreAuthorize("@ss.hasPermi('points:points:export')")
+    @PreAuthorize("@ss.hasPermi('bbs:moment:export')")
    @Log(title = "导出动态列表", businessType = BusinessType.EXPORT)
    @PostMapping("/list/export")
    public void export(HttpServletResponse response, BbsMoment bbsMoment) {

--- a/safe-campus-moment/src/main/java/com/tangguo/controller/pc/BbsSensitiveWordController.java
+++ b/safe-campus-moment/src/main/java/com/tangguo/controller/pc/BbsSensitiveWordController.java
@@ -99,7 +99,7 @@ public class BbsSensitiveWordController extends BaseController {
 	 * 导入敏感词库
 	 */
 	@ApiOperation("导入敏感词库")
-	@PreAuthorize("@ss.hasPermi('bbs:word:edit')")
+	@PreAuthorize("@ss.hasPermi('bbs:word:import')")
 	@Log(title = "敏感词库", businessType = BusinessType.IMPORT)
 	@PostMapping("/import")
 	public AjaxResult importWords(MultipartFile file) {

--- a/safe-campus-moment/src/main/java/com/tangguo/service/impl/BbsMomentServiceImpl.java
+++ b/safe-campus-moment/src/main/java/com/tangguo/service/impl/BbsMomentServiceImpl.java
@@ -223,7 +223,9 @@ public class BbsMomentServiceImpl extends ServiceImpl<BbsMomentMapper, BbsMoment
        if (Objects.isNull(dbMoment)) {
            throw new ServiceException("删除失败，未查询到当前动态数据。");
        }
-        if (!dbMoment.getUserName().equals(username)) {
+
+        boolean isBbsAdmin = SecurityUtils.isBbsAdmin();
+        if (!dbMoment.getUserName().equals(username) && !isBbsAdmin) {
            throw new ServiceException("删除失败，没有对当前动态数据的操作权限。");
        }

@@ -407,7 +409,8 @@ public class BbsMomentServiceImpl extends ServiceImpl<BbsMomentMapper, BbsMoment
        }

        String userName = SecurityUtils.getUsername();
-        if (!dbComment.getUserName().equals(userName)) {
+        boolean isBbsAdmin = SecurityUtils.isBbsAdmin();
+        if (!dbComment.getUserName().equals(userName) && !isBbsAdmin) {
            throw new ServiceException("删除失败，没有对当前动态评论的操作权限。");
        }


--- a/safe-campus-points/src/main/java/com/tangguo/controller/BbsPointsSettingController.java
+++ b/safe-campus-points/src/main/java/com/tangguo/controller/BbsPointsSettingController.java
@@ -48,7 +48,7 @@ public class BbsPointsSettingController extends BaseController {
 	 * 获取积分规则配置详细信息
 	 */
 	@ApiOperation("获取积分规则配置详细信息")
-	@PreAuthorize("@ss.hasPermi('points:points:query')")
+	@PreAuthorize("@ss.hasPermi('points:points:list')")
 	@GetMapping(value = "/{id}")
 	public AjaxResult getInfo(@PathVariable("id") Long id) {
 		return success(bbsPointsSettingService.getById(id));
@@ -59,7 +59,7 @@ public class BbsPointsSettingController extends BaseController {
 	 * 新增积分规则配置
 	 */
 	@ApiOperation("新增积分规则配置")
-	@PreAuthorize("@ss.hasPermi('points:points:add')")
+	@PreAuthorize("@ss.hasPermi('points:points:list')")
 	@Log(title = "积分规则配置", businessType = BusinessType.INSERT)
 	@PostMapping
 	public AjaxResult add(@RequestBody BbsPointsSetting setting) {
@@ -72,7 +72,7 @@ public class BbsPointsSettingController extends BaseController {
 	 * 修改积分规则配置
 	 */
 	@ApiOperation("修改积分规则配置")
-	@PreAuthorize("@ss.hasPermi('points:points:edit')")
+	@PreAuthorize("@ss.hasPermi('points:points:list')")
 	@Log(title = "积分规则配置", businessType = BusinessType.UPDATE)
 	@PutMapping
 	public AjaxResult edit(@RequestBody BbsPointsSetting setting) {
@@ -85,7 +85,7 @@ public class BbsPointsSettingController extends BaseController {
 	 * 修改积分规则配置
 	 */
 	@ApiOperation("修改积分规则配置")
-	@PreAuthorize("@ss.hasPermi('points:points:edit')")
+	@PreAuthorize("@ss.hasPermi('points:points:list')")
 	@Log(title = "积分规则配置", businessType = BusinessType.UPDATE)
 	@PutMapping("/batch")
 	public AjaxResult batchEdit(@RequestBody Map<String, List<BbsPointsSetting>> pointMap) {
@@ -104,7 +104,7 @@ public class BbsPointsSettingController extends BaseController {
 	 * 删除积分规则配置
 	 */
 	@ApiOperation("删除积分规则配置")
-	@PreAuthorize("@ss.hasPermi('points:points:remove')")
+	@PreAuthorize("@ss.hasPermi('points:points:list')")
 	@Log(title = "积分规则配置", businessType = BusinessType.DELETE)
 	@DeleteMapping("/{id}")
 	public AjaxResult remove(@PathVariable Long id) {

--- a/safe-campus-points/src/main/java/com/tangguo/controller/BbsUserPointsExchangeController.java
+++ b/safe-campus-points/src/main/java/com/tangguo/controller/BbsUserPointsExchangeController.java
@@ -37,7 +37,7 @@ public class BbsUserPointsExchangeController extends BaseController {
 	 * 查询用户积分兑换列表
 	 */
 	@ApiOperation("查询用户积分兑换列表")
-	@PreAuthorize("@ss.hasPermi('points:points:list')")
+	@PreAuthorize("@ss.hasPermi('points:exchange:list')")
 	@GetMapping("/list")
 	public TableDataInfo list(BbsUserPointsExchange exchange) {
 		startPage();
@@ -50,7 +50,7 @@ public class BbsUserPointsExchangeController extends BaseController {
 	 * 导出用户积分列表
 	 */
 	@ApiOperation("导出用户积分列表")
-	@PreAuthorize("@ss.hasPermi('points:points:export')")
+	@PreAuthorize("@ss.hasPermi('points:exchange:export')")
 	@Log(title = "用户积分", businessType = BusinessType.EXPORT)
 	@PostMapping("/export")
 	public void export(HttpServletResponse response, BbsUserPointsExchange exchange) {
@@ -65,7 +65,7 @@ public class BbsUserPointsExchangeController extends BaseController {
 	 */
 	@RepeatSubmit(interval = 1000)
 	@ApiOperation("用户积分兑换")
-	@PreAuthorize("@ss.hasPermi('points:points:exchange')")
+	@PreAuthorize("@ss.hasPermi('points:exchange:exchange')")
 	@Log(title = "用户积分兑换", businessType = BusinessType.INSERT)
 	@PostMapping("/exchange")
 	public AjaxResult exchange(@RequestBody BbsUserPointsExchange exchange) {