3 ani în urmă · 5eef27da6e
--- a/yudao-admin-server/src/main/java/cn/iocoder/yudao/adminserver/modules/bpm/controller/definition/BpmDefinitionController.java
+++ b/yudao-admin-server/src/main/java/cn/iocoder/yudao/adminserver/modules/bpm/controller/definition/BpmDefinitionController.java
@@ -8,6 +8,7 @@ import cn.iocoder.yudao.framework.common.pojo.PageResult;
 
				 import io.swagger.annotations.Api;
			
 
				 import io.swagger.annotations.ApiImplicitParam;
			
 
				 import io.swagger.annotations.ApiOperation;
			
 
				+import org.springframework.security.access.prepost.PreAuthorize;
			
 
				 import org.springframework.validation.annotation.Validated;
			
 
				 import org.springframework.web.bind.annotation.GetMapping;
			
 
				 import org.springframework.web.bind.annotation.RequestMapping;
			
@@ -27,10 +28,9 @@ public class BpmDefinitionController {
 
				     @Resource
			
 
				     private BpmDefinitionService bpmDefinitionService;
			
 
				 
			
 
				-    // TODO 芋艿：权限
			
 
				-
			
 
				     @GetMapping ("/page")
			
 
				     @ApiOperation(value = "获得流程定义分页")
			
 
				+    @PreAuthorize("@ss.hasPermission('bpm:model:query')") // 暂时使用 model 的权限标识
			
 
				     public CommonResult<PageResult<BpmProcessDefinitionPageItemRespVO>> getDefinitionPage(BpmProcessDefinitionPageReqVO pageReqVO) {
			
 
				         return success(bpmDefinitionService.getDefinitionPage(pageReqVO));
			
 
				     }
			
@@ -48,6 +48,7 @@ public class BpmDefinitionController {
 
				     @GetMapping ("/get-bpmn-xml")
			
 
				     @ApiOperation(value = "获得流程定义的 BPMN XML")
			
 
				     @ApiImplicitParam(name = "id", value = "编号", required = true, example = "1024", dataTypeClass = String.class)
			
 
				+    @PreAuthorize("@ss.hasPermission('bpm:model:query')") // 暂时使用 model 的权限标识
			
 
				     public CommonResult<String> getDefinitionBpmnXML(@RequestParam("id") String id) {
			
 
				         String bpmnXML = bpmDefinitionService.getDefinitionBpmnXML(id);
			
 
				         return success(bpmnXML);
			
--- a/yudao-admin-server/src/main/java/cn/iocoder/yudao/adminserver/modules/bpm/controller/model/BpmModelController.java
+++ b/yudao-admin-server/src/main/java/cn/iocoder/yudao/adminserver/modules/bpm/controller/model/BpmModelController.java
@@ -9,10 +9,12 @@ import cn.iocoder.yudao.framework.common.util.io.IoUtils;
 
				 import io.swagger.annotations.Api;
			
 
				 import io.swagger.annotations.ApiImplicitParam;
			
 
				 import io.swagger.annotations.ApiOperation;
			
 
				+import org.springframework.security.access.prepost.PreAuthorize;
			
 
				 import org.springframework.validation.annotation.Validated;
			
 
				 import org.springframework.web.bind.annotation.*;
			
 
				 
			
 
				 import javax.annotation.Resource;
			
 
				+import javax.validation.Valid;
			
 
				 import java.io.IOException;
			
 
				 
			
 
				 import static cn.iocoder.yudao.framework.common.pojo.CommonResult.success;
			
@@ -26,8 +28,6 @@ public class BpmModelController {
 
				     @Resource
			
 
				     private BpmModelService bpmModelService;
			
 
				 
			
 
				-    // TODO @芋艿：权限、参数校验
			
 
				-
			
 
				     @GetMapping("/page")
			
 
				     @ApiOperation(value = "获得模型分页")
			
 
				     public CommonResult<PageResult<BpmModelPageItemRespVO>> getModelPage(ModelPageReqVO pageVO) {
			
@@ -37,7 +37,7 @@ public class BpmModelController {
 
				     @GetMapping("/get")
			
 
				     @ApiOperation("获得模型")
			
 
				     @ApiImplicitParam(name = "id", value = "编号", required = true, example = "1024", dataTypeClass = String.class)
			
 
				-//    @PreAuthorize("@ss.hasPermission('bpm:form:query')")
			
 
				+    @PreAuthorize("@ss.hasPermission('bpm:model:query')")
			
 
				     public CommonResult<BpmModelRespVO> getModel(@RequestParam("id") String id) {
			
 
				         BpmModelRespVO model = bpmModelService.getModel(id);
			
 
				         return success(model);
			
@@ -45,13 +45,15 @@ public class BpmModelController {
 
				 
			
 
				     @PostMapping("/create")
			
 
				     @ApiOperation(value = "新建模型")
			
 
				-    public CommonResult<String> createModel(@RequestBody BpmModelCreateReqVO createRetVO) {
			
 
				+    @PreAuthorize("@ss.hasPermission('bpm:model:create')")
			
 
				+    public CommonResult<String> createModel(@Valid @RequestBody BpmModelCreateReqVO createRetVO) {
			
 
				         return success(bpmModelService.createModel(createRetVO));
			
 
				     }
			
 
				 
			
 
				     @PostMapping("/import")
			
 
				     @ApiOperation(value = "导入模型")
			
 
				-    public CommonResult<String> importModel(BpmModeImportReqVO importReqVO) throws IOException {
			
 
				+    @PreAuthorize("@ss.hasPermission('bpm:model:import')")
			
 
				+    public CommonResult<String> importModel(@Valid BpmModeImportReqVO importReqVO) throws IOException {
			
 
				         BpmModelCreateReqVO createReqVO = BpmModelConvert.INSTANCE.convert(importReqVO);
			
 
				         // 读取文件
			
 
				         createReqVO.setBpmnXml(IoUtils.readUtf8(importReqVO.getBpmnFile().getInputStream(), false));
			
@@ -60,7 +62,8 @@ public class BpmModelController {
 
				 
			
 
				     @PutMapping("/update")
			
 
				     @ApiOperation(value = "修改模型")
			
 
				-    public CommonResult<Boolean> updateModel(@RequestBody BpmModelUpdateReqVO modelVO) {
			
 
				+    @PreAuthorize("@ss.hasPermission('bpm:model:update')")
			
 
				+    public CommonResult<Boolean> updateModel(@Valid @RequestBody BpmModelUpdateReqVO modelVO) {
			
 
				         bpmModelService.updateModel(modelVO);
			
 
				         return success(true);
			
 
				     }
			
@@ -68,6 +71,7 @@ public class BpmModelController {
 
				     @DeleteMapping("/delete")
			
 
				     @ApiOperation("删除模型")
			
 
				     @ApiImplicitParam(name = "id", value = "编号", required = true, example = "1024", dataTypeClass = String.class)
			
 
				+    @PreAuthorize("@ss.hasPermission('bpm:model:delete')")
			
 
				     public CommonResult<Boolean> deleteModel(@RequestParam("id") String id) {
			
 
				         bpmModelService.deleteModel(id);
			
 
				         return success(true);
			
@@ -76,6 +80,7 @@ public class BpmModelController {
 
				     @PostMapping("/deploy")
			
 
				     @ApiOperation(value = "部署模型")
			
 
				     @ApiImplicitParam(name = "id", value = "编号", required = true, example = "1024", dataTypeClass = String.class)
			
 
				+    @PreAuthorize("@ss.hasPermission('bpm:model:deploy')")
			
 
				     public CommonResult<Boolean> deployModel(@RequestParam("id") String id) {
			
 
				         bpmModelService.deployModel(id);
			
 
				         return success(true);
			
@@ -83,7 +88,8 @@ public class BpmModelController {
 
				 
			
 
				     @PutMapping("/update-state")
			
 
				     @ApiOperation(value = "修改模型的状态", notes = "实际更新的部署的流程定义的状态")
			
 
				-    public CommonResult<Boolean> updateModelState(@RequestBody BpmModelUpdateStateReqVO reqVO) {
			
 
				+    @PreAuthorize("@ss.hasPermission('bpm:model:update')")
			
 
				+    public CommonResult<Boolean> updateModelState(@Valid @RequestBody BpmModelUpdateStateReqVO reqVO) {
			
 
				         bpmModelService.updateModelState(reqVO.getId(), reqVO.getState());
			
 
				         return success(true);
			
 
				     }
			
--- a/yudao-admin-ui/src/views/bpm/model/index.vue
+++ b/yudao-admin-ui/src/views/bpm/model/index.vue
@@ -26,11 +26,11 @@
 
				     <el-row :gutter="10" class="mb8">
			
 
				       <el-col :span="1.5">
			
 
				         <el-button type="primary" icon="el-icon-plus" size="mini" @click="handleAdd"
			
 
				-                   v-hasPermi="['infra:config:create']">新建流程模型</el-button>
			
 
				+                   v-hasPermi="['bpm:model:create']">新建流程模型</el-button>
			
 
				       </el-col>
			
 
				       <el-col :span="1.5">
			
 
				         <el-button type="info" icon="el-icon-upload2" size="mini" @click="handleImport"
			
 
				-                   v-hasPermi="['system:user:import']">导入流程模型</el-button>
			
 
				+                   v-hasPermi="['bpm:model:import']">导入流程模型</el-button>
			
 
				       </el-col>
			
 
				       <right-toolbar :showSearch.sync="showSearch" @queryTable="getList"></right-toolbar>
			
 
				     </el-row>
			
@@ -84,10 +84,14 @@
 
				       </el-table-column>
			
 
				       <el-table-column label="操作" align="center" width="300">
			
 
				         <template slot-scope="scope">
			
 
				-          <el-button size="mini" type="text" icon="el-icon-setting" @click="handleUpdate(scope.row)">设计流程</el-button>
			
 
				-          <el-button size="mini" type="text" icon="el-icon-thumb" @click="handleDeploy(scope.row)">发布流程</el-button>
			
 
				-          <el-button size="mini" type="text" icon="el-icon-ice-cream-round" @click="handleDefinitionList(scope.row)">流程定义</el-button>
			
 
				-          <el-button size="mini" type="text" icon="el-icon-delete" @click="handleDelete(scope.row)">删除</el-button>
			
 
				+          <el-button size="mini" type="text" icon="el-icon-setting" @click="handleUpdate(scope.row)"
			
 
				+                     v-hasPermi="['bpm:model:update']">设计流程</el-button>
			
 
				+          <el-button size="mini" type="text" icon="el-icon-thumb" @click="handleDeploy(scope.row)"
			
 
				+                     v-hasPermi="['bpm:model:deploy']">发布流程</el-button>
			
 
				+          <el-button size="mini" type="text" icon="el-icon-ice-cream-round" @click="handleDefinitionList(scope.row)"
			
 
				+                     v-hasPermi="['bpm:model:query']">流程定义</el-button>
			
 
				+          <el-button size="mini" type="text" icon="el-icon-delete" @click="handleDelete(scope.row)"
			
 
				+                     v-hasPermi="['bpm:model:delete']">删除</el-button>
			
 
				         </template>
			
 
				       </el-table-column>
			
 
				     </el-table>