后端功能权限控制

business-css/src/main/java/com/yfd/business/css/controller/AlgorithmController.java

@@ -46,7 +46,7 @@ public class AlgorithmController {
     }
 
     @Log(value = "新增算法", module = "算法管理")
-    // @PreAuthorize("hasAuthority('algorithm:add')")
+    @PreAuthorize("hasAuthority('algorithm:add')")
     @PostMapping
     @Operation(summary = "新增算法", description = "请求体传入算法对象，返回是否新增成功")
     public boolean createAlgorithm(@RequestBody Algorithm algorithm) {
@@ -57,7 +57,7 @@ public class AlgorithmController {
     }
 
     @Log(value = "修改算法", module = "算法管理")
-    // @PreAuthorize("hasAuthority('algorithm:update')")
+    @PreAuthorize("hasAuthority('algorithm:update')")
     @PutMapping
     @Operation(summary = "修改算法", description = "请求体传入算法对象（需包含主键），返回是否修改成功")
     public boolean updateAlgorithm(@RequestBody Algorithm algorithm) {
@@ -67,7 +67,7 @@ public class AlgorithmController {
     }
 
     @Log(value = "删除算法", module = "算法管理")
-    // @PreAuthorize("hasAuthority('algorithm:delete')")
+    @PreAuthorize("hasAuthority('algorithm:del')")
     @DeleteMapping("/{id}")
     @Operation(summary = "删除算法（单条）", description = "根据算法ID删除算法")
     public boolean deleteAlgorithm(@PathVariable String id) {
@@ -75,7 +75,7 @@ public class AlgorithmController {
     }
 
     @Log(value = "批量删除算法", module = "算法管理")
-    // @PreAuthorize("hasAuthority('algorithm:deleteBatch')")
+    @PreAuthorize("hasAuthority('algorithm:del')")
     @DeleteMapping
     @Operation(summary = "删除算法（批量）", description = "请求体传入算法ID列表，批量删除算法")
     public boolean deleteAlgorithms(@RequestBody List<String> ids) {

business-css/src/main/java/com/yfd/business/css/controller/AlgorithmModelController.java

@@ -55,7 +55,7 @@ public class AlgorithmModelController {
 
     @Log(value = "新增模型版本", module = "算法模型管理")
     // @PreAuthorize("hasAuthority('algorithmModel:add')")
-    @PostMapping
+    // @PostMapping
     @Operation(summary = "新增模型版本", description = "请求体传入模型版本对象，返回是否新增成功")
     public boolean create(@RequestBody AlgorithmModel model) {
         model.setModifier(currentUsername());
@@ -66,7 +66,7 @@ public class AlgorithmModelController {
 
     @Log(value = "修改模型版本", module = "算法模型管理")
     // @PreAuthorize("hasAuthority('algorithmModel:update')")
-    @PutMapping
+    // @PutMapping
     @Operation(summary = "修改模型版本", description = "请求体传入模型版本对象（需包含主键），返回是否修改成功")
     public boolean update(@RequestBody AlgorithmModel model) {
         model.setModifier(currentUsername());
@@ -75,7 +75,7 @@ public class AlgorithmModelController {
     }
 
     @Log(value = "删除模型版本", module = "算法模型管理")
-    // @PreAuthorize("hasAuthority('algorithmModel:delete')")
+    @PreAuthorize("hasAuthority('algorithmModel:del')")
     @DeleteMapping("/{id}")
     @Operation(summary = "删除模型版本（单条）", description = "根据模型ID删除模型版本")
     public boolean delete(@PathVariable String id) {
@@ -83,7 +83,7 @@ public class AlgorithmModelController {
     }
 
     @Log(value = "批量删除模型版本", module = "算法模型管理")
-    // @PreAuthorize("hasAuthority('algorithmModel:deleteBatch')")
+    @PreAuthorize("hasAuthority('algorithmModel:del')")
     @DeleteMapping
     @Operation(summary = "删除模型版本（批量）", description = "请求体传入模型ID列表，批量删除模型版本")
     public boolean deleteBatch(@RequestBody List<String> ids) {
@@ -181,7 +181,7 @@ public class AlgorithmModelController {
     }
 
     @Log(value = "激活模型版本", module = "算法模型管理")
-    // @PreAuthorize("hasAuthority('algorithmModel:activate')")
+    @PreAuthorize("hasAuthority('algorithmModel:activate')")
     @PostMapping("/activate")
     @Operation(summary = "激活模型版本", description = "将目标模型版本设为当前，并将同组（算法+设备+材料）其他版本设为非当前")
     public boolean activate(@RequestParam String algorithmModelId) {
@@ -214,7 +214,7 @@ public class AlgorithmModelController {
 
     @Log(value = "在线训练(Excel)", module = "算法模型管理")
     // 在线训练（Excel 数据集）
-    @PostMapping("/train/excel")
+    // @PostMapping("/train/excel")
     @Operation(summary = "在线训练（Excel）", description = "传入算法类型、设备类型与Excel路径，训练完成新增模型版本记录，可选激活")
     public Map<String, Object> trainExcel(@RequestBody Map<String, Object> body) {
         String algorithmType = str(body.get("algorithm_type"));
@@ -292,7 +292,7 @@ public class AlgorithmModelController {
 
     @Log(value = "在线训练(样本)", module = "算法模型管理")
     // 在线训练（样本集合）
-    @PostMapping("/train/samples")
+    // @PostMapping("/train/samples")
     @Operation(summary = "在线训练（样本集合）", description = "传入算法类型、设备类型与样本集，训练完成新增模型版本记录，可选激活")
     public Map<String, Object> trainSamples(@RequestBody Map<String, Object> body) {
         String algorithmType = str(body.get("algorithm_type"));

business-css/src/main/java/com/yfd/business/css/controller/CriticalDataController.java

@@ -16,6 +16,7 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
+import org.springframework.security.access.prepost.PreAuthorize;
 
 import jakarta.annotation.Resource;
 
@@ -39,6 +40,7 @@ public class CriticalDataController {
      * @param data 临界数据对象
      * @return 是否新增成功
      */
+    @PreAuthorize("hasAuthority('criticalData:add')")
     @Log(value = "新增临界数据", module = "临界数据管理")
     @PostMapping
     public boolean create(@RequestBody CriticalData data) {
@@ -74,6 +76,7 @@ public class CriticalDataController {
      * @param data 临界数据对象
      * @return 是否修改成功
      */
+    @PreAuthorize("hasAuthority('criticalData:update')")
     @Log(value = "修改临界数据", module = "临界数据管理")
     @PutMapping
     public boolean update(@RequestBody CriticalData data) {
@@ -89,6 +92,7 @@ public class CriticalDataController {
      * @param id 临界数据ID
      * @return 是否删除成功
      */
+    @PreAuthorize("hasAuthority('criticalData:del')")
     @Log(value = "删除临界数据", module = "临界数据管理")
     @DeleteMapping("/{id}")
     public boolean delete(@PathVariable String id) {
@@ -102,6 +106,7 @@ public class CriticalDataController {
      * @param ids 临界数据ID列表
      * @return 是否删除成功
      */
+    @PreAuthorize("hasAuthority('criticalData:del')")
     @Log(value = "批量删除临界数据", module = "临界数据管理")
     @DeleteMapping
     public boolean deleteBatch(@RequestBody List<String> ids) {
@@ -118,6 +123,7 @@ public class CriticalDataController {
      * @param file Excel/CSV 文件
      * @return 是否导入成功
      */
+    @PreAuthorize("hasAuthority('criticalData:import')")
     @Log(value = "导入临界数据", module = "临界数据管理")
     @PostMapping("/import")
     public boolean importCriticalData(@RequestParam("file") MultipartFile file,
@@ -125,18 +131,24 @@ public class CriticalDataController {
         return criticalDataService.importCriticalData(file, deviceType);
     }
 
+    
+    @PreAuthorize("hasAuthority('criticalData:import')")
+    @Log(value = "导入临界数据（V2）", module = "临界数据管理")
     @PostMapping("/v2/import")
     public boolean importCriticalDataV2(@RequestParam("file") MultipartFile file,
                                         @RequestParam String deviceType) {
         return criticalDataService.importCriticalDataV2(file, deviceType);
     }
 
+    @PreAuthorize("hasAuthority('criticalData:import')")
     @PostMapping("/v2/validate")
     public Map<String, Object> validateCriticalDataV2(@RequestParam("file") MultipartFile file,
                                                       @RequestParam String deviceType) {
         return criticalDataService.validateCriticalDataV2(file, deviceType);
     }
 
+    @PreAuthorize("hasAuthority('criticalData:export')")
+    @Log(value = "导出临界数据（V2）", module = "临界数据管理")
     @GetMapping("/v2/export")
     public ResponseEntity<byte[]> exportCriticalDataV2(@RequestParam String deviceType,
                                                        @RequestParam(required = false) List<String> ids) {
@@ -147,6 +159,7 @@ public class CriticalDataController {
                 .body(bytes);
     }
 
+    @PreAuthorize("hasAuthority('criticalData:import')")
     @GetMapping("/v2/template")
     public ResponseEntity<byte[]> templateCriticalDataV2(@RequestParam String deviceType) {
         byte[] bytes = criticalDataService.templateCriticalDataV2(deviceType);

business-css/src/main/java/com/yfd/business/css/controller/DeviceController.java

@@ -16,6 +16,8 @@ import org.springframework.web.multipart.MultipartFile;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.Authentication;
 import com.yfd.platform.annotation.Log;
+
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 
 import jakarta.annotation.Resource;
@@ -46,6 +48,7 @@ public class DeviceController {
      * @param device 设备对象
      * @return 是否新增成功
      */
+    @PreAuthorize("hasAuthority('device:add')")
     @Log(value = "新增设备", module = "设备管理")
     @PostMapping
     public boolean create(@RequestBody Device device) {
@@ -56,6 +59,7 @@ public class DeviceController {
         return deviceService.createDevice(device);
     }
 
+    @PreAuthorize("hasAnyAuthority('device:add','device:update')")
     @Log(value = "保存或更新设备", module = "设备管理")
     @PostMapping("/saveOrUpdate")
     public boolean saveOrUpdate(@RequestBody Device device) {
@@ -73,6 +77,7 @@ public class DeviceController {
      * @param device 设备对象
      * @return 是否修改成功
      */
+    @PreAuthorize("hasAuthority('device:update')")
     @Log(value = "编辑设备", module = "设备管理")
     @PutMapping
     public boolean update(@RequestBody Device device) {
@@ -94,6 +99,7 @@ public class DeviceController {
      * @param id 设备ID
      * @return 是否删除成功
      */
+    @PreAuthorize("hasAuthority('device:del')")
     @Log(value = "删除设备", module = "设备管理")
     @DeleteMapping("/{id}")
     public boolean delete(@PathVariable String id) {
@@ -111,6 +117,7 @@ public class DeviceController {
      * @param ids 设备ID列表
      * @return 是否删除成功
      */
+    @PreAuthorize("hasAuthority('device:del')")
     @Log(value = "批量删除设备", module = "设备管理")
     @DeleteMapping
     public boolean deleteBatch(@RequestBody List<String> ids) {
@@ -134,6 +141,7 @@ public class DeviceController {
      * @param file Excel/CSV 文件
      * @return 是否导入成功
      */
+    @PreAuthorize("hasAuthority('device:import')")
     @Log(value = "导入设备", module = "设备管理")
     @PostMapping("/import")
     public boolean importDevices(@RequestParam("file") MultipartFile file,
@@ -152,6 +160,8 @@ public class DeviceController {
      * @param deviceType 设备类型（可选）
      * @return 是否导入成功
      */
+    @PreAuthorize("hasAuthority('device:import')")
+    @Log(value = "导入设备（V2）", module = "设备管理")
     @PostMapping("/v2/import")
     @Operation(summary = "导入设备（V2）", description = "支持按 size-schema 收拢尺寸列为 size(JSON)；projectId 为空默认 -1（模板库）")
     public boolean importDevicesV2(@RequestParam("file") MultipartFile file,
@@ -198,6 +208,8 @@ public class DeviceController {
      * @param ids 指定导出设备ID列表（可选；为空则按筛选条件导出）
      * @return xlsx 文件字节流
      */
+    @PreAuthorize("hasAuthority('device:export')")
+    @Log(value = "导出设备（V2）", module = "设备管理")
     @GetMapping("/v2/export")
     @Operation(summary = "导出设备（V2）", description = "按 size-schema 将 size(JSON) 展开为多列输出；支持按 ids 定向导出")
     public ResponseEntity<byte[]> exportDevicesV2(@RequestParam(required = false) String projectId,

business-css/src/main/java/com/yfd/business/css/controller/MaterialController.java

@@ -15,6 +15,8 @@ import org.springframework.web.multipart.MultipartFile;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.Authentication;
 import com.yfd.platform.annotation.Log;
+
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 
 import jakarta.annotation.Resource;
@@ -39,6 +41,7 @@ public class MaterialController {
      * @param material 物料对象
      * @return 是否新增成功
      */
+    @PreAuthorize("hasAuthority('material:add')")
     @Log(value = "新增物料", module = "物料管理")
     @PostMapping
     public boolean create(@RequestBody Material material) {
@@ -49,6 +52,7 @@ public class MaterialController {
         return materialService.saveMaterial(material);
     }
 
+    @PreAuthorize("hasAnyAuthority('material:add','material:update')")
     @Log(value = "保存或更新物料", module = "物料管理")
     @PostMapping("/saveOrUpdate")
     public boolean saveOrUpdate(@RequestBody Material material) {
@@ -66,6 +70,7 @@ public class MaterialController {
      * @param material 物料对象
      * @return 是否修改成功
      */
+    @PreAuthorize("hasAuthority('material:update')")
     @Log(value = "编辑物料", module = "物料管理")
     @PutMapping
     public boolean update(@RequestBody Material material) {
@@ -87,6 +92,7 @@ public class MaterialController {
      * @param id 物料ID
      * @return 是否删除成功
      */
+    @PreAuthorize("hasAuthority('material:del')")
     @Log(value = "删除物料", module = "物料管理")
     @DeleteMapping("/{id}")
     public boolean delete(@PathVariable String id) {
@@ -104,6 +110,7 @@ public class MaterialController {
      * @param ids 物料ID列表
      * @return 是否删除成功
      */
+    @PreAuthorize("hasAuthority('material:del')")
     @Log(value = "批量删除物料", module = "物料管理")
     @DeleteMapping
     public boolean deleteBatch(@RequestBody List<String> ids) {
@@ -127,12 +134,15 @@ public class MaterialController {
      * @param file Excel/CSV 文件
      * @return 是否导入成功
      */
+    @PreAuthorize("hasAuthority('material:import')")
     @Log(value = "导入物料", module = "物料管理")
     @PostMapping("/import")
     public boolean importMaterials(@RequestParam("file") MultipartFile file) {
         return materialService.importMaterials(file);
     }
 
+    @PreAuthorize("hasAuthority('material:export')")
+    @Log(value = "导出物料", module = "物料管理")
     @GetMapping("/export")
     public ResponseEntity<byte[]> exportMaterialsV2(@RequestParam String projectId,
                                                     @RequestParam(required = false) List<String> ids,

business-css/src/main/java/com/yfd/business/css/controller/ModelTrainController.java

@@ -64,7 +64,7 @@ public class ModelTrainController {
      * 提交训练任务 (支持文件上传和 JSON 参数)
      */
     @Log(value = "提交训练任务", module = "模型训练")
-    // @PreAuthorize("hasAuthority('modelTrain:submit')")
+    @PreAuthorize("hasAuthority('modelTrain:add')")
     @PostMapping("/submit")
     public ResponseResult submit(@RequestPart("task") String taskJson, 
                                @RequestPart(value = "file", required = false) MultipartFile file) {
@@ -141,7 +141,7 @@ public class ModelTrainController {
      * 发布模型
      */
     @Log(value = "发布训练模型", module = "模型训练")
-    // @PreAuthorize("hasAuthority('modelTrain:publish')")
+    @PreAuthorize("hasAuthority('modelTrain:publish')")
     @PostMapping("/publish")
     public ResponseResult publish(@RequestBody Map<String, String> body) {
         String taskId = body.get("taskId");
@@ -154,7 +154,7 @@ public class ModelTrainController {
      * 删除训练任务
      */
     @Log(value = "删除训练任务", module = "模型训练")
-    // @PreAuthorize("hasAuthority('modelTrain:delete')")
+    @PreAuthorize("hasAuthority('modelTrain:del')")
     //删除训练任务
     @DeleteMapping("/{taskId}")
     public ResponseResult delete(@PathVariable String taskId) {