资产修改

ruoyi-admin/src/main/java/com/ruoyi/tc/controller/AssetCurrentController.java

@@ -63,11 +63,9 @@ public class AssetCurrentController extends BaseController {
         Page<AssetCurrent> page = new Page<>();
         page.setSize(as.getSize());
         page.setCurrent(as.getCurrent());
-        String nickName = null;
         try {
-            if (!SecurityUtils.getLoginUser().getUser().isAdmin() || !SecurityUtils.hasRole("common")) {
+            if (!SecurityUtils.getLoginUser().getUser().isAdmin() && !SecurityUtils.hasRole("common")) {
-                nickName = SecurityUtils.getLoginUser().getUser().getNickName();
+                as.setDwmc(SecurityUtils.getLoginUser().getUser().getNickName());
-                as.setDwmc(nickName);
             }
         } catch (Exception e) {
             throw new ServiceException("获取用户信息异常");

ruoyi-admin/src/main/java/com/ruoyi/tc/controller/UnitController.java

@@ -30,7 +30,7 @@ import java.util.List;
  */
 @Api(tags = "单位表控制层")
 @RestController
-//@PreAuthorize("@ss.hasAnyRoles('admin,common')")
+@PreAuthorize("@ss.hasAnyRoles('admin,common')")
 @RequestMapping("/tc/unit")
 public class UnitController {
 

ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java

@@ -115,7 +115,7 @@ public class SecurityConfig
                     // 静态资源，可匿名访问
                     .antMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**").permitAll()
                     .antMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**").permitAll()
-                        .antMatchers("/tc/**").permitAll()
+//                        .antMatchers("/tc/**").permitAll()
                         // 除上面外的所有请求全部需要鉴权认证
                     .anyRequest().authenticated();
             })