diff --git a/ruoyi-admin/src/main/java/com/ruoyi/tc/controller/AssetCurrentController.java b/ruoyi-admin/src/main/java/com/ruoyi/tc/controller/AssetCurrentController.java index a497979..6834f6b 100644 --- a/ruoyi-admin/src/main/java/com/ruoyi/tc/controller/AssetCurrentController.java +++ b/ruoyi-admin/src/main/java/com/ruoyi/tc/controller/AssetCurrentController.java @@ -63,11 +63,9 @@ public class AssetCurrentController extends BaseController { Page page = new Page<>(); page.setSize(as.getSize()); page.setCurrent(as.getCurrent()); - String nickName = null; try { - if (!SecurityUtils.getLoginUser().getUser().isAdmin() || !SecurityUtils.hasRole("common")) { - nickName = SecurityUtils.getLoginUser().getUser().getNickName(); - as.setDwmc(nickName); + if (!SecurityUtils.getLoginUser().getUser().isAdmin() && !SecurityUtils.hasRole("common")) { + as.setDwmc(SecurityUtils.getLoginUser().getUser().getNickName()); } } catch (Exception e) { throw new ServiceException("获取用户信息异常"); diff --git a/ruoyi-admin/src/main/java/com/ruoyi/tc/controller/UnitController.java b/ruoyi-admin/src/main/java/com/ruoyi/tc/controller/UnitController.java index 8cd59f0..5951c73 100644 --- a/ruoyi-admin/src/main/java/com/ruoyi/tc/controller/UnitController.java +++ b/ruoyi-admin/src/main/java/com/ruoyi/tc/controller/UnitController.java @@ -30,7 +30,7 @@ import java.util.List; */ @Api(tags = "单位表控制层") @RestController -//@PreAuthorize("@ss.hasAnyRoles('admin,common')") +@PreAuthorize("@ss.hasAnyRoles('admin,common')") @RequestMapping("/tc/unit") public class UnitController { diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java index 4b138e6..033a7e3 100644 --- a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java +++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java @@ -115,7 +115,7 @@ public class SecurityConfig // 静态资源,可匿名访问 .antMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**").permitAll() .antMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**").permitAll() - .antMatchers("/tc/**").permitAll() +// .antMatchers("/tc/**").permitAll() // 除上面外的所有请求全部需要鉴权认证 .anyRequest().authenticated(); })