fix

ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysDeptController.java

@@ -11,7 +11,6 @@ import com.ruoyi.common.enums.BusinessType;
 import com.ruoyi.common.utils.StringUtils;
 import com.ruoyi.system.service.ISysDeptService;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -42,7 +41,7 @@ public class SysDeptController extends BaseController {
     /**
      * 获取部门列表
      */
-    @PreAuthorize("@ss.hasPermi('system:dept:list')")
+//    @PreAuthorize("@ss.hasPermi('system:dept:list')")
     @GetMapping("/list")
     public AjaxResult list(SysDept dept) {
         List<SysDept> depts = deptService.selectDeptList(dept);
@@ -52,7 +51,7 @@ public class SysDeptController extends BaseController {
     /**
      * 查询部门列表（排除节点）
      */
-    @PreAuthorize("@ss.hasPermi('system:dept:list')")
+//    @PreAuthorize("@ss.hasPermi('system:dept:list')")
     @GetMapping("/list/exclude/{deptId}")
     public AjaxResult excludeChild(@PathVariable(value = "deptId", required = false) String deptId) {
         List<SysDept> depts = deptService.selectDeptList(new SysDept());
@@ -64,7 +63,7 @@ public class SysDeptController extends BaseController {
     /**
      * 根据部门编号获取详细信息
      */
-    @PreAuthorize("@ss.hasPermi('system:dept:query')")
+//    @PreAuthorize("@ss.hasPermi('system:dept:query')")
     @GetMapping(value = "/{deptId}")
     public AjaxResult getInfo(@PathVariable String deptId) {
         deptService.checkDeptDataScope(deptId);
@@ -95,7 +94,7 @@ public class SysDeptController extends BaseController {
     /**
      * 新增部门
      */
-    @PreAuthorize("@ss.hasPermi('system:dept:add')")
+//    @PreAuthorize("@ss.hasPermi('system:dept:add')")
     @Log(title = "部门管理", businessType = BusinessType.INSERT)
     @PostMapping
     public AjaxResult add(@Validated @RequestBody SysDept dept) {
@@ -109,7 +108,7 @@ public class SysDeptController extends BaseController {
     /**
      * 修改部门
      */
-    @PreAuthorize("@ss.hasPermi('system:dept:edit')")
+//    @PreAuthorize("@ss.hasPermi('system:dept:edit')")
     @Log(title = "部门管理", businessType = BusinessType.UPDATE)
     @PutMapping
     public AjaxResult edit(@Validated @RequestBody SysDept dept) {
@@ -128,7 +127,7 @@ public class SysDeptController extends BaseController {
     /**
      * 删除部门
      */
-    @PreAuthorize("@ss.hasPermi('system:dept:remove')")
+//    @PreAuthorize("@ss.hasPermi('system:dept:remove')")
     @Log(title = "部门管理", businessType = BusinessType.DELETE)
     @DeleteMapping("/{deptId}")
     public AjaxResult remove(@PathVariable String deptId) {

ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysLoginController.java

@@ -1,11 +1,12 @@
 package com.ruoyi.web.controller.system;
 
+import com.ruoyi.common.annotation.Security;
 import com.ruoyi.common.constant.Constants;
 import com.ruoyi.common.core.domain.AjaxResult;
 import com.ruoyi.common.core.domain.entity.SysMenu;
 import com.ruoyi.common.core.domain.entity.SysUser;
 import com.ruoyi.common.core.domain.model.LoginBody;
-import com.ruoyi.common.utils.SecurityUtils;
+import com.ruoyi.common.utils.UserUtil;
 import com.ruoyi.framework.web.service.SysLoginService;
 import com.ruoyi.framework.web.service.SysPermissionService;
 import com.ruoyi.system.service.ISysMenuService;
@@ -58,8 +59,9 @@ public class SysLoginController {
      * @return 用户信息
      */
     @GetMapping("/getInfo")
+    @Security
     public AjaxResult getInfo() {
-        SysUser user = SecurityUtils.getLoginUser().getUser();
+        SysUser user = UserUtil.getCacheLoginUser().getUser();
         // 角色集合
         Set<String> roles = permissionService.getRolePermission(user);
         // 权限集合
@@ -78,7 +80,7 @@ public class SysLoginController {
      */
     @GetMapping("/getRouters")
     public AjaxResult getRouters() {
-        String userId = SecurityUtils.getUserId();
+        String userId = UserUtil.getCacheLoginUser().getUserId();
         List<SysMenu> menus = menuService.selectMenuTreeByUserId(userId);
         return AjaxResult.success(menuService.buildMenus(menus));
     }

ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysMenuController.java

@@ -1,6 +1,7 @@
 package com.ruoyi.web.controller.system;
 
 import com.ruoyi.common.annotation.Log;
+import com.ruoyi.common.annotation.Security;
 import com.ruoyi.common.constant.UserConstants;
 import com.ruoyi.common.core.controller.BaseController;
 import com.ruoyi.common.core.domain.AjaxResult;
@@ -9,9 +10,15 @@ import com.ruoyi.common.enums.BusinessType;
 import com.ruoyi.common.utils.StringUtils;
 import com.ruoyi.system.service.ISysMenuService;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
 
 import java.util.HashMap;
 import java.util.List;
@@ -24,18 +31,17 @@ import java.util.Map;
  */
 @RestController
 @RequestMapping("/system/menu")
-public class SysMenuController extends BaseController
-{
+public class SysMenuController extends BaseController {
     @Autowired
     private ISysMenuService menuService;
 
     /**
      * 获取菜单列表
      */
-    @PreAuthorize("@ss.hasPermi('system:menu:list')")
+//    @PreAuthorize("@ss.hasPermi('system:menu:list')")
     @GetMapping("/list")
-    public AjaxResult list(SysMenu menu)
-    {
+    @Security
+    public AjaxResult list(SysMenu menu) {
         List<SysMenu> menus = menuService.selectMenuList(menu, getUserId());
         return AjaxResult.success(menus);
     }
@@ -43,10 +49,9 @@ public class SysMenuController extends BaseController
     /**
      * 根据菜单编号获取详细信息
      */
-    @PreAuthorize("@ss.hasPermi('system:menu:query')")
+//    @PreAuthorize("@ss.hasPermi('system:menu:query')")
     @GetMapping(value = "/{menuId}")
-    public AjaxResult getInfo(@PathVariable String menuId)
-    {
+    public AjaxResult getInfo(@PathVariable String menuId) {
         return AjaxResult.success(menuService.selectMenuById(menuId));
     }
 
@@ -54,8 +59,8 @@ public class SysMenuController extends BaseController
      * 获取菜单下拉树列表
      */
     @GetMapping("/treeselect")
-    public AjaxResult treeselect(SysMenu menu)
-    {
+    @Security
+    public AjaxResult treeselect(SysMenu menu) {
         List<SysMenu> menus = menuService.selectMenuList(menu, getUserId());
         return AjaxResult.success(menuService.buildMenuTreeSelect(menus));
     }
@@ -64,10 +69,10 @@ public class SysMenuController extends BaseController
      * 加载对应角色菜单列表树
      */
     @GetMapping(value = "/roleMenuTreeselect/{roleId}")
-    public AjaxResult roleMenuTreeselect(@PathVariable("roleId") String roleId)
-    {
-		List<SysMenu> menus = menuService.selectMenuList(getUserId());
-		Map<String,Object> ajax = new HashMap<>();
+    @Security
+    public AjaxResult roleMenuTreeselect(@PathVariable("roleId") String roleId) {
+        List<SysMenu> menus = menuService.selectMenuList(getUserId());
+        Map<String, Object> ajax = new HashMap<>();
         ajax.put("checkedKeys", menuService.selectMenuListByRoleId(roleId));
         ajax.put("menus", menuService.buildMenuTreeSelect(menus));
         return AjaxResult.success(ajax);
@@ -76,17 +81,13 @@ public class SysMenuController extends BaseController
     /**
      * 新增菜单
      */
-    @PreAuthorize("@ss.hasPermi('system:menu:add')")
+//    @PreAuthorize("@ss.hasPermi('system:menu:add')")
     @Log(title = "菜单管理", businessType = BusinessType.INSERT)
     @PostMapping
-    public AjaxResult add(@Validated @RequestBody SysMenu menu)
-    {
-        if (UserConstants.NOT_UNIQUE.equals(menuService.checkMenuNameUnique(menu)))
-        {
+    public AjaxResult add(@Validated @RequestBody SysMenu menu) {
+        if (UserConstants.NOT_UNIQUE.equals(menuService.checkMenuNameUnique(menu))) {
             return AjaxResult.error("新增菜单'" + menu.getMenuName() + "'失败，菜单名称已存在");
-        }
-        else if (UserConstants.YES_FRAME.equals(menu.getIsFrame()) && !StringUtils.ishttp(menu.getPath()))
-        {
+        } else if (UserConstants.YES_FRAME.equals(menu.getIsFrame()) && !StringUtils.ishttp(menu.getPath())) {
             return AjaxResult.error("新增菜单'" + menu.getMenuName() + "'失败，地址必须以http(s)://开头");
         }
         menu.setCreateBy(getUsername());
@@ -96,21 +97,15 @@ public class SysMenuController extends BaseController
     /**
      * 修改菜单
      */
-    @PreAuthorize("@ss.hasPermi('system:menu:edit')")
+//    @PreAuthorize("@ss.hasPermi('system:menu:edit')")
     @Log(title = "菜单管理", businessType = BusinessType.UPDATE)
     @PutMapping
-    public AjaxResult edit(@Validated @RequestBody SysMenu menu)
-    {
-        if (UserConstants.NOT_UNIQUE.equals(menuService.checkMenuNameUnique(menu)))
-        {
+    public AjaxResult edit(@Validated @RequestBody SysMenu menu) {
+        if (UserConstants.NOT_UNIQUE.equals(menuService.checkMenuNameUnique(menu))) {
             return AjaxResult.error("修改菜单'" + menu.getMenuName() + "'失败，菜单名称已存在");
-        }
-        else if (UserConstants.YES_FRAME.equals(menu.getIsFrame()) && !StringUtils.ishttp(menu.getPath()))
-        {
+        } else if (UserConstants.YES_FRAME.equals(menu.getIsFrame()) && !StringUtils.ishttp(menu.getPath())) {
             return AjaxResult.error("修改菜单'" + menu.getMenuName() + "'失败，地址必须以http(s)://开头");
-        }
-        else if (menu.getMenuId().equals(menu.getParentId()))
-        {
+        } else if (menu.getMenuId().equals(menu.getParentId())) {
             return AjaxResult.error("修改菜单'" + menu.getMenuName() + "'失败，上级菜单不能选择自己");
         }
         menu.setUpdateBy(getUsername());
@@ -120,17 +115,14 @@ public class SysMenuController extends BaseController
     /**
      * 删除菜单
      */
-    @PreAuthorize("@ss.hasPermi('system:menu:remove')")
+//    @PreAuthorize("@ss.hasPermi('system:menu:remove')")
     @Log(title = "菜单管理", businessType = BusinessType.DELETE)
     @DeleteMapping("/{menuId}")
-    public AjaxResult remove(@PathVariable("menuId") String menuId)
-    {
-        if (menuService.hasChildByMenuId(menuId))
-        {
+    public AjaxResult remove(@PathVariable("menuId") String menuId) {
+        if (menuService.hasChildByMenuId(menuId)) {
             return AjaxResult.error("存在子菜单,不允许删除");
         }
-        if (menuService.checkMenuExistRole(menuId))
-        {
+        if (menuService.checkMenuExistRole(menuId)) {
             return AjaxResult.error("菜单已分配,不允许删除");
         }
         return toAjax(menuService.deleteMenuById(menuId));

ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java

@@ -17,9 +17,15 @@ import com.ruoyi.system.domain.SysUserRole;
 import com.ruoyi.system.service.ISysRoleService;
 import com.ruoyi.system.service.ISysUserService;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
 
 import javax.servlet.http.HttpServletResponse;
 import java.util.List;
@@ -31,8 +37,7 @@ import java.util.List;
  */
 @RestController
 @RequestMapping("/system/role")
-public class SysRoleController extends BaseController
-{
+public class SysRoleController extends BaseController {
     @Autowired
     private ISysRoleService roleService;
 
@@ -45,29 +50,26 @@ public class SysRoleController extends BaseController
     @Autowired
     private ISysUserService userService;
 
-    @PreAuthorize("@ss.hasPermi('system:role:list')")
+    //    @PreAuthorize("@ss.hasPermi('system:role:list')")
     @GetMapping("/list")
-    public TableDataInfo list(SysRole role)
-    {
+    public TableDataInfo list(SysRole role) {
         return roleService.selectPageRoleList(role);
     }
 
     @Log(title = "角色管理", businessType = BusinessType.EXPORT)
-    @PreAuthorize("@ss.hasPermi('system:role:export')")
+//    @PreAuthorize("@ss.hasPermi('system:role:export')")
     @GetMapping("/export")
-    public void export(SysRole role, HttpServletResponse response)
-    {
+    public void export(SysRole role, HttpServletResponse response) {
         List<SysRole> list = roleService.selectRoleList(role);
-		ExcelUtil.exportExcel(list, "角色数据", SysRole.class, response);
+        ExcelUtil.exportExcel(list, "角色数据", SysRole.class, response);
     }
 
     /**
      * 根据角色编号获取详细信息
      */
-    @PreAuthorize("@ss.hasPermi('system:role:query')")
+//    @PreAuthorize("@ss.hasPermi('system:role:query')")
     @GetMapping(value = "/{roleId}")
-    public AjaxResult getInfo(@PathVariable String roleId)
-    {
+    public AjaxResult getInfo(@PathVariable String roleId) {
         roleService.checkRoleDataScope(roleId);
         return AjaxResult.success(roleService.selectRoleById(roleId));
     }
@@ -75,17 +77,13 @@ public class SysRoleController extends BaseController
     /**
      * 新增角色
      */
-    @PreAuthorize("@ss.hasPermi('system:role:add')")
+//    @PreAuthorize("@ss.hasPermi('system:role:add')")
     @Log(title = "角色管理", businessType = BusinessType.INSERT)
     @PostMapping
-    public AjaxResult add(@Validated @RequestBody SysRole role)
-    {
-        if (UserConstants.NOT_UNIQUE.equals(roleService.checkRoleNameUnique(role)))
-        {
+    public AjaxResult add(@Validated @RequestBody SysRole role) {
+        if (UserConstants.NOT_UNIQUE.equals(roleService.checkRoleNameUnique(role))) {
             return AjaxResult.error("新增角色'" + role.getRoleName() + "'失败，角色名称已存在");
-        }
-        else if (UserConstants.NOT_UNIQUE.equals(roleService.checkRoleKeyUnique(role)))
-        {
+        } else if (UserConstants.NOT_UNIQUE.equals(roleService.checkRoleKeyUnique(role))) {
             return AjaxResult.error("新增角色'" + role.getRoleName() + "'失败，角色权限已存在");
         }
         role.setCreateBy(getUsername());
@@ -96,28 +94,22 @@ public class SysRoleController extends BaseController
     /**
      * 修改保存角色
      */
-    @PreAuthorize("@ss.hasPermi('system:role:edit')")
+//    @PreAuthorize("@ss.hasPermi('system:role:edit')")
     @Log(title = "角色管理", businessType = BusinessType.UPDATE)
     @PutMapping
-    public AjaxResult edit(@Validated @RequestBody SysRole role)
-    {
+    public AjaxResult edit(@Validated @RequestBody SysRole role) {
         roleService.checkRoleAllowed(role);
-        if (UserConstants.NOT_UNIQUE.equals(roleService.checkRoleNameUnique(role)))
-        {
+        if (UserConstants.NOT_UNIQUE.equals(roleService.checkRoleNameUnique(role))) {
             return AjaxResult.error("修改角色'" + role.getRoleName() + "'失败，角色名称已存在");
-        }
-        else if (UserConstants.NOT_UNIQUE.equals(roleService.checkRoleKeyUnique(role)))
-        {
+        } else if (UserConstants.NOT_UNIQUE.equals(roleService.checkRoleKeyUnique(role))) {
             return AjaxResult.error("修改角色'" + role.getRoleName() + "'失败，角色权限已存在");
         }
         role.setUpdateBy(getUsername());
 
-        if (roleService.updateRole(role) > 0)
-        {
+        if (roleService.updateRole(role) > 0) {
             // 更新缓存用户权限
             LoginUser loginUser = getLoginUser();
-            if (StringUtils.isNotNull(loginUser.getUser()) && !loginUser.getUser().isAdmin())
-            {
+            if (StringUtils.isNotNull(loginUser.getUser()) && !loginUser.getUser().isAdmin()) {
                 loginUser.setPermissions(permissionService.getMenuPermission(loginUser.getUser()));
                 loginUser.setUser(userService.selectUserByUserName(loginUser.getUser().getUserName()));
                 tokenService.setLoginUser(loginUser);
@@ -130,11 +122,10 @@ public class SysRoleController extends BaseController
     /**
      * 修改保存数据权限
      */
-    @PreAuthorize("@ss.hasPermi('system:role:edit')")
+//    @PreAuthorize("@ss.hasPermi('system:role:edit')")
     @Log(title = "角色管理", businessType = BusinessType.UPDATE)
     @PutMapping("/dataScope")
-    public AjaxResult dataScope(@RequestBody SysRole role)
-    {
+    public AjaxResult dataScope(@RequestBody SysRole role) {
         roleService.checkRoleAllowed(role);
         return toAjax(roleService.authDataScope(role));
     }
@@ -142,11 +133,10 @@ public class SysRoleController extends BaseController
     /**
      * 状态修改
      */
-    @PreAuthorize("@ss.hasPermi('system:role:edit')")
+//    @PreAuthorize("@ss.hasPermi('system:role:edit')")
     @Log(title = "角色管理", businessType = BusinessType.UPDATE)
     @PutMapping("/changeStatus")
-    public AjaxResult changeStatus(@RequestBody SysRole role)
-    {
+    public AjaxResult changeStatus(@RequestBody SysRole role) {
         roleService.checkRoleAllowed(role);
         role.setUpdateBy(getUsername());
         return toAjax(roleService.updateRoleStatus(role));
@@ -155,74 +145,67 @@ public class SysRoleController extends BaseController
     /**
      * 删除角色
      */
-    @PreAuthorize("@ss.hasPermi('system:role:remove')")
+//    @PreAuthorize("@ss.hasPermi('system:role:remove')")
     @Log(title = "角色管理", businessType = BusinessType.DELETE)
     @DeleteMapping("/{roleIds}")
-    public AjaxResult remove(@PathVariable String[] roleIds)
-    {
+    public AjaxResult remove(@PathVariable String[] roleIds) {
         return toAjax(roleService.deleteRoleByIds(roleIds));
     }
 
     /**
      * 获取角色选择框列表
      */
-    @PreAuthorize("@ss.hasPermi('system:role:query')")
+//    @PreAuthorize("@ss.hasPermi('system:role:query')")
     @GetMapping("/optionselect")
-    public AjaxResult optionselect()
-    {
+    public AjaxResult optionselect() {
         return AjaxResult.success(roleService.selectRoleAll());
     }
 
     /**
      * 查询已分配用户角色列表
      */
-    @PreAuthorize("@ss.hasPermi('system:role:list')")
+//    @PreAuthorize("@ss.hasPermi('system:role:list')")
     @GetMapping("/authUser/allocatedList")
-    public TableDataInfo allocatedList(SysUser user)
-    {
-		return userService.selectAllocatedList(user);
+    public TableDataInfo allocatedList(SysUser user) {
+        return userService.selectAllocatedList(user);
     }
 
     /**
      * 查询未分配用户角色列表
      */
-    @PreAuthorize("@ss.hasPermi('system:role:list')")
+//    @PreAuthorize("@ss.hasPermi('system:role:list')")
     @GetMapping("/authUser/unallocatedList")
-    public TableDataInfo unallocatedList(SysUser user)
-    {
+    public TableDataInfo unallocatedList(SysUser user) {
         return userService.selectUnallocatedList(user);
     }
 
     /**
      * 取消授权用户
      */
-    @PreAuthorize("@ss.hasPermi('system:role:edit')")
+//    @PreAuthorize("@ss.hasPermi('system:role:edit')")
     @Log(title = "角色管理", businessType = BusinessType.GRANT)
     @PutMapping("/authUser/cancel")
-    public AjaxResult cancelAuthUser(@RequestBody SysUserRole userRole)
-    {
+    public AjaxResult cancelAuthUser(@RequestBody SysUserRole userRole) {
         return toAjax(roleService.deleteAuthUser(userRole));
     }
 
     /**
      * 批量取消授权用户
      */
-    @PreAuthorize("@ss.hasPermi('system:role:edit')")
+//    @PreAuthorize("@ss.hasPermi('system:role:edit')")
     @Log(title = "角色管理", businessType = BusinessType.GRANT)
     @PutMapping("/authUser/cancelAll")
-    public AjaxResult cancelAuthUserAll(String roleId, String[] userIds)
-    {
+    public AjaxResult cancelAuthUserAll(String roleId, String[] userIds) {
         return toAjax(roleService.deleteAuthUsers(roleId, userIds));
     }
 
     /**
      * 批量选择用户授权
      */
-    @PreAuthorize("@ss.hasPermi('system:role:edit')")
+//    @PreAuthorize("@ss.hasPermi('system:role:edit')")
     @Log(title = "角色管理", businessType = BusinessType.GRANT)
     @PutMapping("/authUser/selectAll")
-    public AjaxResult selectAuthUserAll(String roleId, String[] userIds)
-    {
+    public AjaxResult selectAuthUserAll(String roleId, String[] userIds) {
         return toAjax(roleService.insertAuthUsers(roleId, userIds));
     }
 }

ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java

@@ -15,8 +15,8 @@ import com.ruoyi.common.core.page.TableDataInfo;
 import com.ruoyi.common.enums.BusinessType;
 import com.ruoyi.common.utils.SecurityUtils;
 import com.ruoyi.common.utils.StringUtils;
+import com.ruoyi.common.utils.UserUtil;
 import com.ruoyi.common.utils.poi.ExcelUtil;
-import com.ruoyi.framework.web.service.UserUtil;
 import com.ruoyi.system.domain.vo.SysUserExportVo;
 import com.ruoyi.system.domain.vo.SysUserImportVo;
 import com.ruoyi.system.mapper.SysUserRoleMapper;
@@ -108,7 +108,7 @@ public class SysUserController extends BaseController {
     /**
      * 根据用户编号获取详细信息
      */
-    @PreAuthorize("@ss.hasPermi('system:user:query')")
+//    @PreAuthorize("@ss.hasPermi('system:user:query')")
     @GetMapping(value = {"/", "/{userId}"})
     public AjaxResult getInfo(@PathVariable(value = "userId", required = false) String userId) {
         userService.checkUserDataScope(userId);
@@ -127,7 +127,7 @@ public class SysUserController extends BaseController {
     /**
      * 新增用户
      */
-    @PreAuthorize("@ss.hasPermi('system:user:add')")
+//    @PreAuthorize("@ss.hasPermi('system:user:add')")
     @Log(title = "用户管理", businessType = BusinessType.INSERT)
     @PostMapping
     public AjaxResult add(@Validated @RequestBody SysUser user) {
@@ -168,9 +168,10 @@ public class SysUserController extends BaseController {
     /**
      * 删除用户
      */
-    @PreAuthorize("@ss.hasPermi('system:user:remove')")
+//    @PreAuthorize("@ss.hasPermi('system:user:remove')")
     @Log(title = "用户管理", businessType = BusinessType.DELETE)
     @DeleteMapping("/{userIds}")
+    @Security
     public AjaxResult remove(@PathVariable String[] userIds) {
         if (ArrayUtil.contains(userIds, getUserId())) {
             return error("当前用户不能删除");
@@ -194,7 +195,7 @@ public class SysUserController extends BaseController {
     /**
      * 状态修改
      */
-    @PreAuthorize("@ss.hasPermi('system:user:edit')")
+//    @PreAuthorize("@ss.hasPermi('system:user:edit')")
     @Log(title = "用户管理", businessType = BusinessType.UPDATE)
     @PutMapping("/changeStatus")
     public AjaxResult changeStatus(@RequestBody SysUser user) {
@@ -206,7 +207,7 @@ public class SysUserController extends BaseController {
     /**
      * 根据用户编号获取授权角色
      */
-    @PreAuthorize("@ss.hasPermi('system:user:query')")
+//    @PreAuthorize("@ss.hasPermi('system:user:query')")
     @GetMapping("/authRole/{userId}")
     public AjaxResult authRole(@PathVariable("userId") String userId) {
         SysUser user = userService.selectUserById(userId);
@@ -220,7 +221,7 @@ public class SysUserController extends BaseController {
     /**
      * 用户授权角色
      */
-    @PreAuthorize("@ss.hasPermi('system:user:edit')")
+//    @PreAuthorize("@ss.hasPermi('system:user:edit')")
     @Log(title = "用户管理", businessType = BusinessType.GRANT)
     @PutMapping("/authRole")
     public AjaxResult insertAuthRole(String userId, String[] roleIds) {

ruoyi-admin/src/main/java/com/ruoyi/web/controller/task/NoticeInfoListiner.java

@@ -124,7 +124,7 @@ public class NoticeInfoListiner {
                 incidentId = incidentTaskVo.getIncidentId();
                 IncidentVo incidentVo = incidentService.queryById(incidentTaskVo.getIncidentId());
                 title = "应急处置";
-                synopsis = "请查看应急事件处置指令消息";
+                synopsis = incidentTaskVo.getTaskName();
                 text = getDetail(incidentVo);
                 String taskName = "<tr><td style=\"color: darkgray;width: 20%;vertical-align: top;\">处置指令</td><td style=\"text-align:left;\">#taskName</td></tr>".replace("#taskName", incidentTaskVo.getTaskName());
                 text = text.replace("#task", taskName);
@@ -170,6 +170,7 @@ public class NoticeInfoListiner {
                     BacklogMessagePushBo backlogMessagePushBo = new BacklogMessagePushBo();
                     backlogMessagePushBo.setUuid(incidentProcess.getId());
                     backlogMessagePushBo.setTitle(title);
+                    backlogMessagePushBo.setSubhead(synopsis);
                     backlogMessagePushBo.setText(text);
                     backlogMessagePushBo.setUrl(url);
                     List<String> userIds = messagePushUsers.stream().map(MessagePushUser::getUserId).collect(Collectors.toList());

ruoyi-admin/src/main/java/com/ruoyi/web/controller/zhdd/IncidentController.java

@@ -25,8 +25,8 @@ import com.ruoyi.common.core.validate.EditGroup;
 import com.ruoyi.common.core.validate.QueryGroup;
 import com.ruoyi.common.enums.BusinessType;
 import com.ruoyi.common.utils.RedisUtils;
+import com.ruoyi.common.utils.UserUtil;
 import com.ruoyi.common.utils.poi.ExcelUtil;
-import com.ruoyi.framework.web.service.UserUtil;
 import com.ruoyi.system.service.ISysDeptService;
 import com.ruoyi.system.service.ISysDictDataService;
 import com.ruoyi.system.service.ISysUserService;

ruoyi-admin/src/main/java/com/ruoyi/web/controller/zhdd/ResourceController.java

@@ -16,8 +16,8 @@ import com.ruoyi.common.core.validate.AddGroup;
 import com.ruoyi.common.core.validate.EditGroup;
 import com.ruoyi.common.core.validate.QueryGroup;
 import com.ruoyi.common.enums.BusinessType;
+import com.ruoyi.common.utils.UserUtil;
 import com.ruoyi.common.utils.poi.ExcelUtil;
-import com.ruoyi.framework.web.service.UserUtil;
 import com.ruoyi.zhdd.domain.Resource;
 import com.ruoyi.zhdd.domain.ResourceDetail;
 import com.ruoyi.zhdd.domain.bo.ResourceBo;

ruoyi-common/src/main/java/com/ruoyi/common/core/controller/BaseController.java

@@ -7,8 +7,8 @@ import cn.hutool.json.JSONUtil;
 import com.ruoyi.common.core.domain.AjaxResult;
 import com.ruoyi.common.core.domain.GatewayUser;
 import com.ruoyi.common.core.domain.model.LoginUser;
-import com.ruoyi.common.utils.SecurityUtils;
 import com.ruoyi.common.utils.StringUtils;
+import com.ruoyi.common.utils.UserUtil;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.web.context.request.RequestContextHolder;
@@ -84,7 +84,8 @@ public class BaseController {
      * 获取用户缓存信息
      */
     public LoginUser getLoginUser() {
-        return SecurityUtils.getLoginUser();
+//        return SecurityUtils.getLoginUser();
+        return UserUtil.getCacheLoginUser();
     }
 
     /**

ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/UserUtil.java → ruoyi-common/src/main/java/com/ruoyi/common/utils/UserUtil.java

@@ -1,4 +1,4 @@
-package com.ruoyi.framework.web.service;
+package com.ruoyi.common.utils;
 
 import cn.hutool.core.util.ObjectUtil;
 import cn.hutool.core.util.StrUtil;
@@ -7,8 +7,6 @@ import cn.hutool.json.JSONUtil;
 import com.ruoyi.common.constant.Constants;
 import com.ruoyi.common.core.domain.model.LoginUser;
 import com.ruoyi.common.exception.ServiceException;
-import com.ruoyi.common.utils.RedisUtils;
-import com.ruoyi.common.utils.ServletUtils;
 import lombok.SneakyThrows;
 
 import java.net.URLDecoder;

ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/LogAspect.java

@@ -7,9 +7,9 @@ import com.ruoyi.common.enums.HttpMethod;
 import com.ruoyi.common.utils.JsonUtils;
 import com.ruoyi.common.utils.ServletUtils;
 import com.ruoyi.common.utils.StringUtils;
+import com.ruoyi.common.utils.UserUtil;
 import com.ruoyi.common.utils.spring.SpringUtils;
 import com.ruoyi.framework.web.service.AsyncService;
-import com.ruoyi.framework.web.service.UserUtil;
 import com.ruoyi.system.domain.SysOperLog;
 import org.aspectj.lang.JoinPoint;
 import org.aspectj.lang.Signature;

ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java

@@ -117,7 +117,9 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
             .antMatchers("/actuator/**").anonymous()
             // 应急指挥相关
             .antMatchers("/zhdd/**").permitAll()
-            .antMatchers("/system/dict/**").permitAll()
+            .antMatchers("/system/**").permitAll()
+            .antMatchers("/getInfo").permitAll()
+            .antMatchers("/getRouters").permitAll()
             .antMatchers("/common/upload", "/common/download/resource").permitAll()
 
             // 系统层面

ruoyi-framework/src/main/java/com/ruoyi/framework/mybatisplus/CreateAndUpdateMetaObjectHandler.java

@@ -4,7 +4,7 @@ import cn.hutool.http.HttpStatus;
 import com.baomidou.mybatisplus.core.handlers.MetaObjectHandler;
 import com.ruoyi.common.core.domain.model.LoginUser;
 import com.ruoyi.common.exception.ServiceException;
-import com.ruoyi.framework.web.service.UserUtil;
+import com.ruoyi.common.utils.UserUtil;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.ibatis.reflection.MetaObject;
 

ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java

@@ -2,12 +2,11 @@ package com.ruoyi.system.service.impl;
 
 import cn.hutool.core.util.StrUtil;
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
-import com.ruoyi.common.annotation.DataScope;
 import com.ruoyi.common.constant.UserConstants;
 import com.ruoyi.common.core.domain.entity.SysRole;
+import com.ruoyi.common.core.domain.entity.SysUser;
 import com.ruoyi.common.core.mybatisplus.core.ServicePlusImpl;
 import com.ruoyi.common.core.page.TableDataInfo;
-import com.ruoyi.common.core.domain.entity.SysUser;
 import com.ruoyi.common.exception.ServiceException;
 import com.ruoyi.common.utils.PageUtils;
 import com.ruoyi.common.utils.SecurityUtils;
@@ -25,7 +24,11 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
 
 /**
  * 角色 业务层处理
@@ -45,7 +48,7 @@ public class SysRoleServiceImpl extends ServicePlusImpl<SysRoleMapper, SysRole,
     private SysRoleDeptMapper roleDeptMapper;
 
     @Override
-    @DataScope(deptAlias = "d")
+//    @DataScope(deptAlias = "d")
     public TableDataInfo<SysRole> selectPageRoleList(SysRole role) {
         return PageUtils.buildDataInfo(baseMapper.selectPageRoleList(PageUtils.buildPage(), role));
     }
@@ -57,7 +60,7 @@ public class SysRoleServiceImpl extends ServicePlusImpl<SysRoleMapper, SysRole,
      * @return 角色数据集合信息
      */
     @Override
-    @DataScope(deptAlias = "d")
+//    @DataScope(deptAlias = "d")
     public List<SysRole> selectRoleList(SysRole role) {
         return baseMapper.selectRoleList(role);
     }
@@ -143,7 +146,7 @@ public class SysRoleServiceImpl extends ServicePlusImpl<SysRoleMapper, SysRole,
     public String checkRoleNameUnique(SysRole role) {
         String roleId = StrUtil.isBlank(role.getRoleId()) ? "-1" : role.getRoleId();
         SysRole info = getOne(new LambdaQueryWrapper<SysRole>()
-                .eq(SysRole::getRoleName, role.getRoleName()).last("limit 1"));
+            .eq(SysRole::getRoleName, role.getRoleName()).last("limit 1"));
         if (StringUtils.isNotNull(info) && !info.getRoleId().equals(roleId)) {
             return UserConstants.NOT_UNIQUE;
         }
@@ -160,7 +163,7 @@ public class SysRoleServiceImpl extends ServicePlusImpl<SysRoleMapper, SysRole,
     public String checkRoleKeyUnique(SysRole role) {
         String roleId = StrUtil.isBlank(role.getRoleId()) ? "-1" : role.getRoleId();
         SysRole info = getOne(new LambdaQueryWrapper<SysRole>()
-                .eq(SysRole::getRoleKey, role.getRoleKey()).last("limit 1"));
+            .eq(SysRole::getRoleKey, role.getRoleKey()).last("limit 1"));
         if (StringUtils.isNotNull(info) && !info.getRoleId().equals(roleId)) {
             return UserConstants.NOT_UNIQUE;
         }
@@ -281,7 +284,7 @@ public class SysRoleServiceImpl extends ServicePlusImpl<SysRoleMapper, SysRole,
             list.add(rm);
         }
         if (list.size() > 0) {
-			rows = roleMenuMapper.insertAll(list);
+            rows = roleMenuMapper.insertAll(list);
         }
         return rows;
     }
@@ -302,7 +305,7 @@ public class SysRoleServiceImpl extends ServicePlusImpl<SysRoleMapper, SysRole,
             list.add(rd);
         }
         if (list.size() > 0) {
-			rows = roleDeptMapper.insertAll(list);
+            rows = roleDeptMapper.insertAll(list);
         }
         return rows;
     }
@@ -356,45 +359,45 @@ public class SysRoleServiceImpl extends ServicePlusImpl<SysRoleMapper, SysRole,
     @Override
     public int deleteAuthUser(SysUserRole userRole) {
         return userRoleMapper.delete(new LambdaQueryWrapper<SysUserRole>()
-			.eq(SysUserRole::getRoleId, userRole.getRoleId())
-			.eq(SysUserRole::getUserId, userRole.getUserId()));
+            .eq(SysUserRole::getRoleId, userRole.getRoleId())
+            .eq(SysUserRole::getUserId, userRole.getUserId()));
     }
 
     /**
      * 批量取消授权用户角色
      *
-     * @param roleId 角色ID
+     * @param roleId  角色ID
      * @param userIds 需要取消授权的用户数据ID
      * @return 结果
      */
     @Override
     public int deleteAuthUsers(String roleId, String[] userIds) {
-		return userRoleMapper.delete(new LambdaQueryWrapper<SysUserRole>()
-			.eq(SysUserRole::getRoleId, roleId)
-			.in(SysUserRole::getUserId, Arrays.asList(userIds)));
+        return userRoleMapper.delete(new LambdaQueryWrapper<SysUserRole>()
+            .eq(SysUserRole::getRoleId, roleId)
+            .in(SysUserRole::getUserId, Arrays.asList(userIds)));
     }
 
     /**
      * 批量选择授权用户角色
      *
-     * @param roleId 角色ID
+     * @param roleId  角色ID
      * @param userIds 需要删除的用户数据ID
      * @return 结果
      */
     @Override
     public int insertAuthUsers(String roleId, String[] userIds) {
         // 新增用户与角色管理
-		int rows = 1;
-		List<SysUserRole> list = new ArrayList<SysUserRole>();
+        int rows = 1;
+        List<SysUserRole> list = new ArrayList<SysUserRole>();
         for (String userId : userIds) {
             SysUserRole ur = new SysUserRole();
             ur.setUserId(userId);
             ur.setRoleId(roleId);
             list.add(ur);
         }
-		if (list.size() > 0) {
-			rows = userRoleMapper.insertAll(list);
-		}
+        if (list.size() > 0) {
+            rows = userRoleMapper.insertAll(list);
+        }
         return rows;
     }
 }

ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java

@@ -3,7 +3,6 @@ package com.ruoyi.system.service.impl;
 import cn.hutool.core.util.StrUtil;
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.baomidou.mybatisplus.core.conditions.update.LambdaUpdateWrapper;
-import com.ruoyi.common.annotation.DataScope;
 import com.ruoyi.common.constant.UserConstants;
 import com.ruoyi.common.core.domain.entity.SysDept;
 import com.ruoyi.common.core.domain.entity.SysRole;
@@ -75,7 +74,7 @@ public class SysUserServiceImpl extends ServicePlusImpl<SysUserMapper, SysUser,
      * @return 用户信息集合信息
      */
     @Override
-    @DataScope(deptAlias = "d", userAlias = "u", isUser = true)
+//    @DataScope(deptAlias = "d", userAlias = "u", isUser = true)
     public List<SysUser> selectUserList(SysUser user) {
         return baseMapper.selectUserList(user);
     }
@@ -87,7 +86,7 @@ public class SysUserServiceImpl extends ServicePlusImpl<SysUserMapper, SysUser,
      * @return 用户信息集合信息
      */
     @Override
-    @DataScope(deptAlias = "d", userAlias = "u", isUser = true)
+//    @DataScope(deptAlias = "d", userAlias = "u", isUser = true)
     public TableDataInfo<SysUser> selectAllocatedList(SysUser user) {
         return PageUtils.buildDataInfo(baseMapper.selectAllocatedList(PageUtils.buildPage(), user));
     }
@@ -99,7 +98,7 @@ public class SysUserServiceImpl extends ServicePlusImpl<SysUserMapper, SysUser,
      * @return 用户信息集合信息
      */
     @Override
-    @DataScope(deptAlias = "d", userAlias = "u", isUser = true)
+//    @DataScope(deptAlias = "d", userAlias = "u", isUser = true)
     public TableDataInfo<SysUser> selectUnallocatedList(SysUser user) {
         return PageUtils.buildDataInfo(baseMapper.selectUnallocatedList(PageUtils.buildPage(), user));
     }

ruoyi-system/src/main/resources/mapper/system/SysMenuMapper.xml

@@ -112,7 +112,7 @@
                  left join sys_user u on ur.user_id = u.user_id
         where u.user_id = #{userId}
           and m.menu_type in ('M', 'C')
-          and m.status = 0
+          and m.status = '0'
           AND ro.status = '0'
         order by m.parent_id, m.order_num
     </select>

ruoyi-zhdd/src/main/java/com/ruoyi/zhdd/domain/bo/BacklogMessagePushBo.java

@@ -16,6 +16,8 @@ public class BacklogMessagePushBo {
     private String uuid;
     // 标题（必填）
     private String title;
+    // 副标题
+    private String subhead;
     // 内容（必填）
     private String text;
     // 发送部门/人