web.admin.sys 需要有 admin role 才可访问

web/src/main/java/cn/reghao/devops/web/admin/sys/controller/EmailController.java

@@ -8,7 +8,9 @@ import cn.reghao.devops.web.admin.sys.model.po.NotifyReceiver;
 import cn.reghao.jutil.jdk.result.WebResult;
 import cn.reghao.jutil.jdk.string.StringRegexp;
 import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiOperation;
 import org.springframework.http.MediaType;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
@@ -31,6 +33,8 @@ public class EmailController {
         this.emailAccountRepository = emailAccountRepository;
     }
 
+    @ApiOperation(value = "添加邮箱帐号")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
     @PostMapping(value = "/save", produces = MediaType.APPLICATION_JSON_VALUE)
     public String saveReceiver(@Validated EmailAccount emailAccount) {
         String email = emailAccount.getUsername();
@@ -54,15 +58,17 @@ public class EmailController {
         return WebResult.success();
     }
 
+    @ApiOperation(value = "删除邮箱帐号")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
     @DeleteMapping(value = "/delete/{username}", produces = MediaType.APPLICATION_JSON_VALUE)
     public String deleteEmail(@PathVariable("username") String username) {
-        NotifyReceiver notifyReceiver = notifyReceiverRepository.findByType(NotifyType.email.name());
+        /*NotifyReceiver notifyReceiver = notifyReceiverRepository.findByType(NotifyType.email.name());
         if (notifyReceiver != null) {
             return WebResult.failWithMsg("系统中存在接收通知的邮箱地址, 不能删除发送通知的邮箱");
         }
 
         List<EmailAccount> list = emailAccountRepository.findAll();
-        emailAccountRepository.delete(list.get(0));
-        return WebResult.success();
+        emailAccountRepository.delete(list.get(0));*/
+        return WebResult.failWithMsg("接口未实现");
     }
 }

web/src/main/java/cn/reghao/devops/web/admin/sys/controller/ReceiverController.java

@@ -8,7 +8,9 @@ import cn.reghao.devops.web.admin.sys.model.po.NotifyReceiver;
 import cn.reghao.jutil.jdk.result.WebResult;
 import cn.reghao.jutil.jdk.string.StringRegexp;
 import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiOperation;
 import org.springframework.http.MediaType;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
@@ -31,6 +33,8 @@ public class ReceiverController {
         this.emailAccountRepository = emailAccountRepository;
     }
 
+    @ApiOperation(value = "添加通知接收")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
     @PostMapping(value = "/save", produces = MediaType.APPLICATION_JSON_VALUE)
     public String saveReceiver(@Validated NotifyReceiver notifyReceiver) {
         String type = notifyReceiver.getType();
@@ -57,6 +61,8 @@ public class ReceiverController {
         return WebResult.success();
     }
 
+    @ApiOperation(value = "更新通知接收")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
     @PostMapping(value = "/edit", produces = MediaType.APPLICATION_JSON_VALUE)
     public String editReceiver(@Validated NotifyReceiver notifyReceiver) {
         String name = notifyReceiver.getName();
@@ -71,6 +77,8 @@ public class ReceiverController {
         return WebResult.success();
     }
 
+    @ApiOperation(value = "删除通知接收")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
     @DeleteMapping(value = "/delete/{name}", produces = MediaType.APPLICATION_JSON_VALUE)
     public String deleteReceiver(@PathVariable("name") String name) {
         NotifyReceiver notifyReceiver = notifyReceiverRepository.findByName(name);

web/src/main/java/cn/reghao/devops/web/admin/sys/controller/SysMessageController.java

@@ -3,7 +3,9 @@ package cn.reghao.devops.web.admin.sys.controller;
 import cn.reghao.devops.web.admin.sys.service.SysMessageService;
 import cn.reghao.jutil.jdk.result.WebResult;
 import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiOperation;
 import org.springframework.http.MediaType;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.ResponseBody;
@@ -23,6 +25,8 @@ public class SysMessageController {
         this.sysMessageService = sysMessageService;
     }
 
+    @ApiOperation(value = "清空系统消息")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
     @PostMapping(value = "/message/clear", produces = MediaType.APPLICATION_JSON_VALUE)
     @ResponseBody
     public String clearMessage() {

web/src/main/java/cn/reghao/devops/web/admin/sys/controller/page/EmailPageController.java

@@ -3,8 +3,10 @@ package cn.reghao.devops.web.admin.sys.controller.page;
 import cn.reghao.devops.web.admin.sys.db.repository.EmailAccountRepository;
 import cn.reghao.devops.web.admin.sys.model.po.EmailAccount;
 import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiOperation;
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.PageRequest;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.*;
@@ -25,6 +27,8 @@ public class EmailPageController {
         this.emailAccountRepository = emailAccountRepository;
     }
 
+    @ApiOperation(value = "邮箱帐号列表页面")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
     @GetMapping("")
     public String emailIndex(Model model) {
         PageRequest pageRequest = PageRequest.of(0, 100);
@@ -38,11 +42,15 @@ public class EmailPageController {
         return "/admin/notify/email";
     }
 
+    @ApiOperation(value = "添加邮箱帐号页面")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
     @GetMapping("/add")
     public String emailAdd(Model model) {
         return "/admin/notify/emailadd";
     }
 
+    @ApiOperation(value = "更新邮箱帐号页面")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
     @GetMapping("/edit/{username}")
     public String emailEdit(@PathVariable("username") String username, Model model) throws Exception {
         List<EmailAccount> list = emailAccountRepository.findAll();

web/src/main/java/cn/reghao/devops/web/admin/sys/controller/page/ReceiverPageController.java

@@ -3,8 +3,10 @@ package cn.reghao.devops.web.admin.sys.controller.page;
 import cn.reghao.devops.web.admin.sys.db.repository.NotifyReceiverRepository;
 import cn.reghao.devops.web.admin.sys.model.po.NotifyReceiver;
 import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiOperation;
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.PageRequest;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.*;
@@ -23,6 +25,8 @@ public class ReceiverPageController {
         this.notifyReceiverRepository = notifyReceiverRepository;
     }
 
+    @ApiOperation(value = "通知接收列表页面")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
     @GetMapping("")
     public String receiverIndex(Model model) throws Exception {
         PageRequest pageRequest = PageRequest.of(0, 100);
@@ -32,11 +36,15 @@ public class ReceiverPageController {
         return "/admin/notify/receiver";
     }
 
+    @ApiOperation(value = "添加通知接收页面")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
     @GetMapping("/add")
     public String receiverAdd(Model model) throws Exception {
         return "/admin/notify/receiveradd";
     }
 
+    @ApiOperation(value = "更新通知接收页面")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
     @GetMapping("/edit/{name}")
     public String receiverEdit(@PathVariable("name") String name, Model model) throws Exception {
         NotifyReceiver notifyReceiver = notifyReceiverRepository.findByName(name);

web/src/main/java/cn/reghao/devops/web/admin/sys/controller/page/SysLogPageController.java

@@ -2,6 +2,7 @@ package cn.reghao.devops.web.admin.sys.controller.page;
 
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -15,12 +16,14 @@ import org.springframework.web.bind.annotation.RequestMapping;
 @RequestMapping("/sys/log")
 public class SysLogPageController {
     @ApiOperation(value = "系统运行日志页面")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
     @GetMapping("/rt")
     public String runtimeLogPage() {
         return "/admin/log/rtlog";
     }
 
     @ApiOperation(value = "系统访问日志页面")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
     @GetMapping("/access")
     public String accessLogPage() {
         return "/admin/log/accesslog";

web/src/main/java/cn/reghao/devops/web/admin/sys/controller/page/SysMessagePageController.java

@@ -7,6 +7,7 @@ import io.swagger.annotations.ApiOperation;
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.PageRequest;
 import org.springframework.data.domain.Sort;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -28,6 +29,7 @@ public class SysMessagePageController {
     }
 
     @ApiOperation(value = "系统消息页面")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
     @GetMapping("")
     public String messagePage(Model model) {
         PageRequest pageRequest = PageRequest.of(0, 10, Sort.by(Sort.Direction.DESC, "createTime"));
@@ -38,6 +40,7 @@ public class SysMessagePageController {
     }
 
     @ApiOperation(value = "系统消息内容")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
     @GetMapping("/detail/{id}")
     public String messageDetail(@PathVariable("id") int id, Model model) {
         SysMessage sysMessage = sysMessageRepository.findById(id).orElse(null);