feat(用户管理): 添加用户角色功能并实现权限控制

- 在用户表中添加role字段并设置默认值为'USER' - 前端添加isAdmin getter判断用户角色 - 后端实现角色字段的VO映射和默认值设置 - 为关键接口添加@PreAuthorize权限控制 - 移除图片控制器中冗余的权限检查代码
2026-03-03 21:09:42 +08:00
parent 375ccb89ff
commit a4f95e7315
10 changed files with 29 additions and 69 deletions
--- a/biji-houdaun/src/main/java/com/test/bijihoudaun/controller/MarkdownController.java
+++ b/biji-houdaun/src/main/java/com/test/bijihoudaun/controller/MarkdownController.java
@@ -12,6 +12,7 @@ import io.swagger.v3.oas.annotations.Parameters;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Profile;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;

 import java.util.Date;
@@ -55,6 +56,7 @@ public class MarkdownController {


    @Operation(summary = "更新Markdown文件")
+    @PreAuthorize("hasRole('ADMIN')")
    @PostMapping("/updateMarkdown")
    public R<MarkdownFile> updateMarkdown(@RequestBody MarkdownFile markdownFile) {
        MarkdownFile file = markdownFileService.updateMarkdownContent(markdownFile);
@@ -69,6 +71,7 @@ public class MarkdownController {
    }
    
    @Operation(summary = "删除Markdown文件")
+    @PreAuthorize("hasRole('ADMIN')")
    @Parameters({
            @Parameter(name = "id", description = "Markdown文件ID", required = true),
    })
@@ -95,6 +98,7 @@ public class MarkdownController {
    }

    @Operation(summary = "更新Markdown文件标题")
+    @PreAuthorize("hasRole('ADMIN')")
    @PostMapping("/{id}/title")
    public R<MarkdownFile> updateMarkdownTitle(
            @PathVariable Long id,