UI 权限细化

src/main/java/org/ssssssss/magicapi/controller/MagicAPIController.java

@@ -48,6 +48,7 @@ public class MagicAPIController extends MagicController implements MagicExceptio
 	 */
 	@RequestMapping("/list")
 	@ResponseBody
+	@Valid(authorization = Authorization.VIEW)
 	public JsonBean<List<ApiInfo>> list() {
 		return new JsonBean<>(magicApiService.list());
 	}
@@ -59,7 +60,7 @@ public class MagicAPIController extends MagicController implements MagicExceptio
 	 */
 	@RequestMapping("/get")
 	@ResponseBody
-	@Valid(authorization = Authorization.DETAIL)
+	@Valid(authorization = Authorization.VIEW)
 	public JsonBean<ApiInfo> get(String id) {
 		return new JsonBean<>(magicApiService.get(id));
 	}
@@ -71,6 +72,7 @@ public class MagicAPIController extends MagicController implements MagicExceptio
 	 */
 	@RequestMapping("/backups")
 	@ResponseBody
+	@Valid(authorization = Authorization.VIEW)
 	public JsonBean<List<Long>> backups(String id) {
 		return new JsonBean<>(magicApiService.backupList(id));
 	}
@@ -83,6 +85,7 @@ public class MagicAPIController extends MagicController implements MagicExceptio
 	 */
 	@RequestMapping("/backup/get")
 	@ResponseBody
+	@Valid(authorization = Authorization.VIEW)
 	public JsonBean<ApiInfo> backups(String id, Long timestamp) {
 		return new JsonBean<>(magicApiService.backupInfo(id, timestamp));
 	}

src/main/java/org/ssssssss/magicapi/controller/MagicDataSourceController.java

@@ -51,6 +51,7 @@ public class MagicDataSourceController extends MagicController implements MagicE
 	 */
 	@RequestMapping("/datasource/list")
 	@ResponseBody
+	@Valid(authorization = Authorization.VIEW)
 	public JsonBean<List<Map<String, Object>>> list() {
 		List<Map<String, Object>> list = configuration.getMagicDynamicDataSource().datasourceNodes().stream().map(it -> {
 			Map<String, Object> row = new HashMap<>();
@@ -80,7 +81,7 @@ public class MagicDataSourceController extends MagicController implements MagicE
 	 * @param properties 数据源配置信息
 	 */
 	@RequestMapping("/datasource/save")
-	@Valid(readonly = false, authorization = Authorization.SAVE)
+	@Valid(readonly = false, authorization = Authorization.DATASOURCE_SAVE)
 	@ResponseBody
 	public JsonBean<String> save(@RequestBody Map<String, String> properties) {
 		String key = properties.get("key");
@@ -113,7 +114,7 @@ public class MagicDataSourceController extends MagicController implements MagicE
 	 * @param id 数据源ID
 	 */
 	@RequestMapping("/datasource/delete")
-	@Valid(readonly = false, authorization = Authorization.DELETE)
+	@Valid(readonly = false, authorization = Authorization.DATASOURCE_DELETE)
 	@ResponseBody
 	public JsonBean<Boolean> delete(String id) {
 		// 查询数据源是否存在
@@ -131,7 +132,7 @@ public class MagicDataSourceController extends MagicController implements MagicE
 	}
 
 	@RequestMapping("/datasource/detail")
-	@Valid(authorization = Authorization.DETAIL)
+	@Valid(authorization = Authorization.DATASOURCE_VIEW)
 	@ResponseBody
 	public JsonBean<Object> detail(String id) {
 		Resource resource = this.resource.getResource(id + ".json");

src/main/java/org/ssssssss/magicapi/controller/MagicFunctionController.java

@@ -25,25 +25,28 @@ public class MagicFunctionController extends MagicController implements MagicExc
 
 	@RequestMapping("/function/list")
 	@ResponseBody
+	@Valid(authorization = Authorization.VIEW)
 	public JsonBean<List<FunctionInfo>> list() {
 		return new JsonBean<>(functionService.list());
 	}
 
 	@RequestMapping("/function/get")
 	@ResponseBody
-	@Valid(authorization = Authorization.DETAIL)
+	@Valid(authorization = Authorization.VIEW)
 	public JsonBean<FunctionInfo> get(String id) {
 		return new JsonBean<>(functionService.get(id));
 	}
 
 	@RequestMapping("/function/backup/get")
 	@ResponseBody
+	@Valid(authorization = Authorization.VIEW)
 	public JsonBean<FunctionInfo> backups(String id, Long timestamp) {
 		return new JsonBean<>(functionService.backupInfo(id, timestamp));
 	}
 
 	@RequestMapping("/function/backups")
 	@ResponseBody
+	@Valid(authorization = Authorization.VIEW)
 	public JsonBean<List<Long>> backups(String id) {
 		return new JsonBean<>(functionService.backupList(id));
 	}

src/main/java/org/ssssssss/magicapi/controller/MagicGroupController.java

@@ -98,6 +98,7 @@ public class MagicGroupController extends MagicController implements MagicExcept
 	 */
 	@RequestMapping("/group/list")
 	@ResponseBody
+	@Valid(authorization = Authorization.VIEW)
 	public JsonBean<List<Group>> groupList(String type) {
 		return new JsonBean<>(groupServiceProvider.groupList(type));
 	}

src/main/java/org/ssssssss/magicapi/controller/MagicWorkbenchController.java

@@ -128,7 +128,7 @@ public class MagicWorkbenchController extends MagicController implements MagicEx
 	@RequestMapping(value = "/config-js")
 	@ResponseBody
 	@Valid(requireLogin = false)
-	public ResponseEntity<?> configjs() {
+	public ResponseEntity<?> configJs() {
 		ResponseEntity.BodyBuilder responseBuilder = ResponseEntity.ok().contentType(MediaType.parseMediaType("application/javascript"));
 		if (configuration.getEditorConfig() != null) {
 			try {

src/main/java/org/ssssssss/magicapi/interceptor/Authorization.java

@@ -1,5 +1,5 @@
 package org.ssssssss.magicapi.interceptor;
 
 public enum Authorization {
-	NONE, SAVE, DETAIL, DELETE, DOWNLOAD, UPLOAD
+	NONE, SAVE, VIEW, DELETE, DOWNLOAD, UPLOAD, DATASOURCE_SAVE, DATASOURCE_VIEW, DATASOURCE_DELETE
 }

src/main/java/org/ssssssss/magicapi/interceptor/AuthorizationInterceptor.java

@@ -7,7 +7,6 @@ import javax.servlet.http.HttpServletRequest;
 public interface AuthorizationInterceptor {
 
 
-
 	/**
 	 * 是否需要登录
 	 */
@@ -18,7 +17,9 @@ public interface AuthorizationInterceptor {
 	/**
 	 * 根据Token获取User对象
 	 */
-	MagicUser getUserByToken(String token) throws MagicLoginException;
+	default MagicUser getUserByToken(String token) throws MagicLoginException {
+		return null;
+	}
 
 	/**
 	 * 根据用户名，密码登录
@@ -26,7 +27,9 @@ public interface AuthorizationInterceptor {
 	 * @param username 用户名
 	 * @param password 密码
 	 */
-	MagicUser login(String username, String password) throws MagicLoginException;
+	default MagicUser login(String username, String password) throws MagicLoginException {
+		return null;
+	}
 
 	/**
 	 * 是否拥有页面按钮的权限