优化工作流权限配置

src/main/java/com/aizuda/boot/modules/common/controller/OssController.java

@@ -2,18 +2,14 @@ package com.aizuda.boot.modules.common.controller;
 
 import com.aizuda.oss.IFileStorage;
 import com.aizuda.oss.model.OssResult;
-import com.baomidou.kisso.annotation.LoginIgnore;
 import com.baomidou.kisso.annotation.Permission;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.annotation.Resource;
+import jakarta.servlet.http.HttpServletResponse;
 import org.springframework.http.MediaType;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
 
-import jakarta.annotation.Resource;
-import jakarta.servlet.http.HttpServletResponse;
 import java.net.URLEncoder;
 
 @Tag(name = "oss文件存储")
@@ -24,9 +20,9 @@ public class OssController {
     private IFileStorage fileStorage;
 
     @Permission(ignore = true)
-    @LoginIgnore
     @PostMapping(value = "/upload", consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
-    public OssResult upload(MultipartFile file) {
+    public OssResult upload(@RequestPart("file") MultipartFile file) {
+        // 其它参数 @ParameterObject AttachmentDTO dto
         OssResult ossResult = null;
         try {
             ossResult = fileStorage.upload(file);
@@ -37,7 +33,6 @@ public class OssController {
     }
 
     @Permission(ignore = true)
-    @LoginIgnore
     @GetMapping("/download")
     public void download(HttpServletResponse response, String objectName) {
         try {
@@ -50,7 +45,6 @@ public class OssController {
     }
 
     @Permission(ignore = true)
-    @LoginIgnore
     @GetMapping("/delete")
     public boolean delete(String objectName) {
         boolean result = false;

src/main/java/com/aizuda/boot/modules/flw/controller/FlwCategoryController.java

@@ -6,6 +6,7 @@ import com.aizuda.core.api.ApiController;
 import com.aizuda.core.api.PageParam;
 import com.aizuda.core.validation.Create;
 import com.aizuda.core.validation.Update;
+import com.baomidou.kisso.annotation.Permission;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
@@ -30,30 +31,35 @@ public class FlwCategoryController extends ApiController {
     private IFlwCategoryService flwCategoryService;
 
     @Operation(summary = "分页列表")
+    @Permission("flw:category:page")
     @PostMapping("/page")
     public Page<FlwCategory> getPage(@RequestBody PageParam<FlwCategory> dto) {
         return flwCategoryService.page(dto.page(), dto.getData());
     }
 
     @Operation(summary = "查询 id 信息")
+    @Permission("flw:category:get")
     @GetMapping("/get")
     public FlwCategory get(@RequestParam Long id) {
         return flwCategoryService.getById(id);
     }
 
     @Operation(summary = "根据 id 修改信息")
+    @Permission("flw:category:update")
     @PostMapping("/update")
     public boolean update(@Validated(Update.class) @RequestBody FlwCategory flwCategory) {
         return flwCategoryService.updateById(flwCategory);
     }
 
     @Operation(summary = "创建添加")
+    @Permission("flw:category:create")
     @PostMapping("/create")
     public boolean create(@Validated(Create.class) @RequestBody FlwCategory flwCategory) {
         return flwCategoryService.save(flwCategory);
     }
 
     @Operation(summary = "根据 ids 删除")
+    @Permission("flw:category:delete")
     @PostMapping("/delete")
     public boolean delete(@NotEmpty @RequestBody List<Long> ids) {
         return flwCategoryService.removeByIds(ids);

src/main/java/com/aizuda/boot/modules/flw/controller/FlwFormController.java

@@ -1,19 +1,20 @@
 package com.aizuda.boot.modules.flw.controller;
 
+import com.aizuda.boot.modules.flw.entity.FlwForm;
+import com.aizuda.boot.modules.flw.service.IFlwFormService;
 import com.aizuda.core.api.ApiController;
 import com.aizuda.core.api.PageParam;
 import com.aizuda.core.validation.Create;
 import com.aizuda.core.validation.Update;
-import com.aizuda.boot.modules.flw.entity.FlwForm;
-import com.aizuda.boot.modules.flw.service.IFlwFormService;
+import com.baomidou.kisso.annotation.Permission;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.validation.constraints.NotEmpty;
 import lombok.AllArgsConstructor;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
-import jakarta.validation.constraints.NotEmpty;
 import java.util.List;
 
 /**
@@ -30,30 +31,35 @@ public class FlwFormController extends ApiController {
     private IFlwFormService flwFormService;
 
     @Operation(summary = "分页列表")
+    @Permission("flw:form:page")
     @PostMapping("/page")
     public Page<FlwForm> getPage(@RequestBody PageParam<FlwForm> dto) {
         return flwFormService.page(dto.page(), dto.getData());
     }
 
     @Operation(summary = "查询 id 信息")
+    @Permission("flw:form:get")
     @GetMapping("/get")
     public FlwForm get(@RequestParam Long id) {
         return flwFormService.getById(id);
     }
 
     @Operation(summary = "根据 id 修改信息")
+    @Permission("flw:form:update")
     @PostMapping("/update")
     public boolean update(@Validated(Update.class) @RequestBody FlwForm flwForm) {
         return flwFormService.updateById(flwForm);
     }
 
     @Operation(summary = "创建添加")
+    @Permission("flw:form:create")
     @PostMapping("/create")
     public boolean create(@Validated(Create.class) @RequestBody FlwForm flwForm) {
         return flwFormService.save(flwForm);
     }
 
     @Operation(summary = "根据 ids 删除")
+    @Permission("flw:form:delete")
     @PostMapping("/delete")
     public boolean delete(@NotEmpty @RequestBody List<Long> ids) {
         return flwFormService.removeByIds(ids);

src/main/java/com/aizuda/boot/modules/system/controller/SysUserController.java

@@ -48,6 +48,13 @@ public class SysUserController extends ApiController {
         return sysUserService.page(dto.page(), dto.getData());
     }
 
+    @Operation(summary = "查询满足条件20条记录的用户列表")
+    @Permission(ignore = true)
+    @PostMapping("/list20")
+    public List<SysUser> list20ByUsername(@RequestParam(required = false) String username) {
+        return sysUserService.list20ByUsername(username);
+    }
+
     @Operation(summary = "查询 id 信息")
     @Permission("sys:user:get")
     @GetMapping("/get")

src/main/java/com/aizuda/boot/modules/system/service/ISysUserService.java

@@ -12,6 +12,8 @@ import com.aizuda.boot.modules.system.entity.SysUser;
 import com.aizuda.boot.modules.system.entity.vo.SysUserVO;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 
+import java.util.List;
+
 /**
  * 系统用户 服务类
  *
@@ -22,6 +24,11 @@ public interface ISysUserService extends IBaseService<SysUser> {
 
     Page<SysUser> page(Page<SysUser> page, SysUserVO vo);
 
+    /**
+     * 查询满足 20 条记录的用户列表
+     */
+    List<SysUser> list20ByUsername(String username);
+
     boolean save(SysUserParam param);
 
     boolean updateById(SysUserParam param);

src/main/java/com/aizuda/boot/modules/system/service/impl/SysUserServiceImpl.java

@@ -19,6 +19,8 @@ import com.aizuda.service.service.BaseServiceImpl;
 import com.baomidou.kisso.common.encrypt.MD5;
 import com.baomidou.kisso.common.encrypt.MD5Salt;
 import com.baomidou.kisso.common.util.RandomUtil;
+import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
+import com.baomidou.mybatisplus.core.toolkit.StringUtils;
 import com.baomidou.mybatisplus.core.toolkit.Wrappers;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import jakarta.annotation.Resource;
@@ -56,6 +58,16 @@ public class SysUserServiceImpl extends BaseServiceImpl<SysUserMapper, SysUser>
         return page.setRecords(sysUsers);
     }
 
+    @Override
+    public List<SysUser> list20ByUsername(String username) {
+        LambdaQueryWrapper<SysUser> lqw = Wrappers.lambdaQuery();
+        if (StringUtils.isNotBlank(username)) {
+            lqw.like(SysUser::getUsername, username);
+            lqw.or().like(SysUser::getRealName, username);
+        }
+        return super.page(Page.of(1, 20, false), lqw).getRecords();
+    }
+
     @Transactional(rollbackFor = Exception.class)
     @Override
     public boolean save(SysUserParam param) {