添加滑块验证

zksy-admin/src/main/java/com/zksy/web/controller/basicData/OwLeavingMessageController.java

@@ -5,8 +5,10 @@ import com.zksy.common.annotation.Log;
 import com.zksy.common.core.controller.BaseController;
 import com.zksy.common.core.domain.AjaxResult;
 import com.zksy.common.enums.BusinessType;
+import com.zksy.common.utils.StringUtils;
 import com.zksy.common.utils.file.ExcelUtils;
 import com.zksy.system.basicData.domain.OwLeavingMessage;
+import com.zksy.system.basicData.service.CaptchaService;
 import com.zksy.system.basicData.service.OwLeavingMessageService;
 import com.zksy.utils.DowntemplateUtil;
 import com.zksy.utils.SearchUtil;
@@ -34,6 +36,8 @@ public class OwLeavingMessageController extends BaseController{
 
     @Autowired
     private OwLeavingMessageService service;
+    @Autowired
+    private CaptchaService captchaService;
 
     @GetMapping("/getById/{borrowId}")
     @ApiOperation(value = "官网留言搜索getById")
@@ -60,6 +64,12 @@ public class OwLeavingMessageController extends BaseController{
     @ApiOperation(value = "官网留言新增")
     @Log(title = "新增官网留言", businessType = BusinessType.INSERT)
     public AjaxResult save(@RequestBody OwLeavingMessage owLeavingMessage) {
+        if (owLeavingMessage.getNeedAuthCode()) {
+            String msg = captchaService.checkImageCode(owLeavingMessage.getImageKey(),owLeavingMessage.getImageCode());
+            if (StringUtils.isNotBlank(msg)) {
+                return AjaxResult.error(msg);
+            }
+        }
         owLeavingMessage.setCreateTime(new Date());
         Boolean flag = service.save(owLeavingMessage);
         if(flag){

zksy-admin/src/main/java/com/zksy/web/controller/common/CaptchaSliderController.java

@@ -0,0 +1,31 @@
+package com.zksy.web.controller.common;
+
+import com.zksy.common.core.domain.AjaxResult;
+import com.zksy.system.basicData.domain.Captcha;
+import com.zksy.system.basicData.service.CaptchaService;
+import io.swagger.annotations.ApiOperation;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+/**
+ * @author Administrator
+ * @version 1.0
+ * @project credit-rating
+ * @description 滑块验证码
+ * @date 2024/12/2 14:35:08
+ */
+@RestController
+@RequestMapping("/captchaSlider")
+public class CaptchaSliderController {
+    @Autowired
+    private CaptchaService captchaService;
+
+    @ApiOperation(value = "生成验证码拼图")
+    @PostMapping("getCaptcha")
+    public AjaxResult getCaptcha(@RequestBody Captcha captcha) {
+        return AjaxResult.success(captchaService.getCaptcha(captcha));
+    }
+}

zksy-admin/src/main/java/com/zksy/web/controller/system/SysConfigController.java

@@ -12,6 +12,7 @@ import com.zksy.system.service.ISysConfigService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
@@ -34,7 +35,7 @@ public class SysConfigController extends BaseController {
      * 获取参数配置列表
      */
     @ApiOperation(value = "获取参数配置列表")
-    //@PreAuthorize("@ss.hasPermi('system:config:list')")
+    @PreAuthorize("@ss.hasPermi('system:config:list')")
     @GetMapping("/list")
     public TableDataInfo list(SysConfig config) {
         startPage();
@@ -44,7 +45,7 @@ public class SysConfigController extends BaseController {
 
     @Log(title = "参数管理", businessType = BusinessType.EXPORT)
     @ApiOperation(value = "导出参数配置")
-    // @PreAuthorize("@ss.hasPermi('system:config:export')")
+    @PreAuthorize("@ss.hasPermi('system:config:export')")
     @PostMapping("/export")
     public void export(HttpServletResponse response, SysConfig config) {
         List<SysConfig> list = configService.selectConfigList(config);
@@ -56,7 +57,7 @@ public class SysConfigController extends BaseController {
      * 根据参数编号获取详细信息
      */
     @ApiOperation(value = "根据参数编号获取详细信息")
-    // @PreAuthorize("@ss.hasPermi('system:config:query')")
+    @PreAuthorize("@ss.hasPermi('system:config:query')")
     @GetMapping(value = "/{configId}")
     public AjaxResult getInfo(@PathVariable Long configId) {
         return AjaxResult.success(configService.selectConfigById(configId));
@@ -104,7 +105,7 @@ public class SysConfigController extends BaseController {
     /**
      * 删除参数配置
      */
-    //@PreAuthorize("@ss.hasPermi('system:config:remove')")
+    @PreAuthorize("@ss.hasPermi('system:config:remove')")
     @Log(title = "参数管理", businessType = BusinessType.DELETE)
     @ApiOperation(value = "删除参数配置")
     @DeleteMapping("/{configIds}")
@@ -116,7 +117,7 @@ public class SysConfigController extends BaseController {
     /**
      * 刷新参数缓存
      */
-    // @PreAuthorize("@ss.hasPermi('system:config:remove')")
+    @PreAuthorize("@ss.hasPermi('system:config:remove')")
     @Log(title = "参数管理", businessType = BusinessType.CLEAN)
     @ApiOperation(value = "刷新参数缓存")
     @DeleteMapping("/refreshCache")

zksy-admin/src/main/java/com/zksy/web/controller/system/SysDeptController.java

@@ -23,6 +23,7 @@ import io.swagger.annotations.ApiParam;
 import org.apache.commons.lang3.ArrayUtils;
 import org.apache.commons.lang3.ObjectUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
@@ -56,7 +57,7 @@ public class SysDeptController extends BaseController {
     /**
      * 查询部门列表（排除节点）
      */
-    //@PreAuthorize("@ss.hasPermi('system:dept:list')")
+    @PreAuthorize("@ss.hasPermi('system:dept:list')")
     @GetMapping("/list/exclude/{deptId}")
     @ApiOperation(value = "查询部门列表（排除节点）", notes = "查询部门列表（排除节点）")
     public AjaxResult excludeChild(@PathVariable(value = "deptId", required = false) Long deptId) {
@@ -75,7 +76,7 @@ public class SysDeptController extends BaseController {
     /**
      * 根据部门编号获取详细信息
      */
-    //@PreAuthorize("@ss.hasPermi('system:dept:query')")
+    @PreAuthorize("@ss.hasPermi('system:dept:query')")
     @GetMapping(value = "/{deptId}")
     @ApiOperation(value = "根据部门编号获取详细信息", notes = "根据部门编号获取详细信息")
     public AjaxResult getInfo(@PathVariable Long deptId) {
@@ -124,7 +125,7 @@ public class SysDeptController extends BaseController {
     /**
      * 新增部门
      */
-    //@PreAuthorize("@ss.hasPermi('system:dept:add')")
+    @PreAuthorize("@ss.hasPermi('system:dept:add')")
     @Log(title = "部门管理", businessType = BusinessType.INSERT)
     @PostMapping
     @ApiOperation(value = "新增部门", notes = "新增部门")
@@ -139,7 +140,7 @@ public class SysDeptController extends BaseController {
     /**
      * 修改部门
      */
-    // @PreAuthorize("@ss.hasPermi('system:dept:edit')")
+    @PreAuthorize("@ss.hasPermi('system:dept:edit')")
     @Log(title = "部门管理", businessType = BusinessType.UPDATE)
     @PutMapping
     @ApiOperation(value = "修改部门", notes = "修改部门")
@@ -160,7 +161,7 @@ public class SysDeptController extends BaseController {
     /**
      * 删除部门
      */
-    //@PreAuthorize("@ss.hasPermi('system:dept:remove')")
+    @PreAuthorize("@ss.hasPermi('system:dept:remove')")
     @Log(title = "部门管理", businessType = BusinessType.DELETE)
     @DeleteMapping("/{deptId}")
     @ApiOperation(value = "删除部门", notes = "删除部门")

zksy-admin/src/main/java/com/zksy/web/controller/system/SysDictDataController.java

@@ -17,6 +17,7 @@ import com.zksy.system.service.ISysDictTypeService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
@@ -39,7 +40,7 @@ public class SysDictDataController extends BaseController {
     @Autowired
     private ISysDictTypeService dictTypeService;
 
-    //@PreAuthorize("@ss.hasPermi('system:dict:list')")
+    @PreAuthorize("@ss.hasPermi('system:dict:list')")
     @GetMapping("/list")
     @ApiOperation(value = "数据字典信息列表", notes = "数据字典信息列表")
     public TableDataInfo list(SysDictData dictData) {
@@ -49,7 +50,7 @@ public class SysDictDataController extends BaseController {
     }
 
     @Log(title = "字典数据", businessType = BusinessType.EXPORT)
-    // @PreAuthorize("@ss.hasPermi('system:dict:export')")
+    @PreAuthorize("@ss.hasPermi('system:dict:export')")
     @PostMapping("/export")
     @ApiOperation(value = "导出字典数据", notes = "导出字典数据")
     public void export(HttpServletResponse response, SysDictData dictData) {
@@ -61,7 +62,7 @@ public class SysDictDataController extends BaseController {
     /**
      * 查询字典数据详细
      */
-    //@PreAuthorize("@ss.hasPermi('system:dict:query')")
+    @PreAuthorize("@ss.hasPermi('system:dict:query')")
     @GetMapping(value = "/{dictCode}")
     @ApiOperation(value = "查询字典数据详细", notes = "查询字典数据详细")
     public AjaxResult getInfo(@PathVariable Long dictCode) {

zksy-admin/src/main/java/com/zksy/web/controller/system/SysDictTypeController.java

@@ -12,6 +12,7 @@ import com.zksy.system.service.ISysDictTypeService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
@@ -30,7 +31,7 @@ public class SysDictTypeController extends BaseController {
     @Autowired
     private ISysDictTypeService dictTypeService;
 
-    // @PreAuthorize("@ss.hasPermi('system:dict:list')")
+    @PreAuthorize("@ss.hasPermi('system:dict:list')")
     @ApiOperation(value = "根据条件分页查询字典类型")
     @GetMapping("/list")
     public TableDataInfo list(SysDictType dictType) {
@@ -41,7 +42,7 @@ public class SysDictTypeController extends BaseController {
 
     @Log(title = "字典类型", businessType = BusinessType.EXPORT)
     @ApiOperation(value = "字典类型导出")
-    //@PreAuthorize("@ss.hasPermi('system:dict:export')")
+    @PreAuthorize("@ss.hasPermi('system:dict:export')")
     @PostMapping("/export")
     public void export(HttpServletResponse response, SysDictType dictType) {
         List<SysDictType> list = dictTypeService.selectDictTypeList(dictType);
@@ -52,7 +53,7 @@ public class SysDictTypeController extends BaseController {
     /**
      * 查询字典类型详细
      */
-    //@PreAuthorize("@ss.hasPermi('system:dict:query')")
+    @PreAuthorize("@ss.hasPermi('system:dict:query')")
     @ApiOperation(value = "查询字典类型详细")
     @GetMapping(value = "/{dictId}")
     public AjaxResult getInfo(@PathVariable Long dictId) {
@@ -62,7 +63,7 @@ public class SysDictTypeController extends BaseController {
     /**
      * 新增字典类型
      */
-    //@PreAuthorize("@ss.hasPermi('system:dict:add')")
+    @PreAuthorize("@ss.hasPermi('system:dict:add')")
     @Log(title = "字典类型", businessType = BusinessType.INSERT)
     @ApiOperation(value = "新增字典类型")
     @PostMapping
@@ -77,7 +78,7 @@ public class SysDictTypeController extends BaseController {
     /**
      * 修改字典类型
      */
-    //@PreAuthorize("@ss.hasPermi('system:dict:edit')")
+    @PreAuthorize("@ss.hasPermi('system:dict:edit')")
     @Log(title = "字典类型", businessType = BusinessType.UPDATE)
     @ApiOperation(value = "修改字典类型")
     @PutMapping
@@ -92,7 +93,7 @@ public class SysDictTypeController extends BaseController {
     /**
      * 删除字典类型
      */
-    //@PreAuthorize("@ss.hasPermi('system:dict:remove')")
+    @PreAuthorize("@ss.hasPermi('system:dict:remove')")
     @Log(title = "字典类型", businessType = BusinessType.DELETE)
     @ApiOperation(value = "字典类型")
     @DeleteMapping("/{dictIds}")
@@ -104,7 +105,7 @@ public class SysDictTypeController extends BaseController {
     /**
      * 刷新字典缓存
      */
-    //@PreAuthorize("@ss.hasPermi('system:dict:remove')")
+    @PreAuthorize("@ss.hasPermi('system:dict:remove')")
     @Log(title = "字典类型", businessType = BusinessType.CLEAN)
     @ApiOperation(value = "刷新字典缓存")
     @DeleteMapping("/refreshCache")

zksy-admin/src/main/java/com/zksy/web/controller/system/SysMenuController.java

@@ -11,6 +11,7 @@ import com.zksy.system.service.ISysMenuService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
@@ -31,7 +32,7 @@ public class SysMenuController extends BaseController {
     /**
      * 获取菜单列表
      */
-    //@PreAuthorize("@ss.hasPermi('system:menu:list')")
+    @PreAuthorize("@ss.hasPermi('system:menu:list')")
     @GetMapping("/list")
     @ApiOperation(value = "获取菜单列表", notes = "获取菜单列表")
     public AjaxResult list(SysMenu menu) {
@@ -42,7 +43,7 @@ public class SysMenuController extends BaseController {
     /**
      * 根据菜单编号获取详细信息
      */
-    // @PreAuthorize("@ss.hasPermi('system:menu:query')")
+    @PreAuthorize("@ss.hasPermi('system:menu:query')")
     @GetMapping(value = "/{menuId}")
     @ApiOperation(value = "根据菜单编号获取详细信息", notes = "根据菜单编号获取详细信息")
     public AjaxResult getInfo(@PathVariable Long menuId) {
@@ -75,7 +76,7 @@ public class SysMenuController extends BaseController {
     /**
      * 新增菜单
      */
-    // @PreAuthorize("@ss.hasPermi('system:menu:add')")
+    @PreAuthorize("@ss.hasPermi('system:menu:add')")
     @Log(title = "菜单管理", businessType = BusinessType.INSERT)
     @PostMapping
     @ApiOperation(value = "新增菜单", notes = "新增菜单")
@@ -90,7 +91,7 @@ public class SysMenuController extends BaseController {
     /**
      * 修改菜单
      */
-    //  @PreAuthorize("@ss.hasPermi('system:menu:edit')")
+    @PreAuthorize("@ss.hasPermi('system:menu:edit')")
     @Log(title = "菜单管理", businessType = BusinessType.UPDATE)
     @PutMapping
     @ApiOperation(value = "修改菜单", notes = "修改菜单")
@@ -107,7 +108,7 @@ public class SysMenuController extends BaseController {
     /**
      * 删除菜单
      */
-    //@PreAuthorize("@ss.hasPermi('system:menu:remove')")
+    @PreAuthorize("@ss.hasPermi('system:menu:remove')")
     @Log(title = "菜单管理", businessType = BusinessType.DELETE)
     @DeleteMapping("/{menuId}")
     @ApiOperation(value = "删除菜单", notes = "删除菜单")

zksy-admin/src/main/java/com/zksy/web/controller/system/SysNoticeController.java

@@ -10,6 +10,7 @@ import com.zksy.system.service.ISysNoticeService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
@@ -30,7 +31,7 @@ public class SysNoticeController extends BaseController {
     /**
      * 获取通知公告列表
      */
-    // @PreAuthorize("@ss.hasPermi('system:notice:list')")
+    @PreAuthorize("@ss.hasPermi('system:notice:list')")
     @ApiOperation(value = "获取通知公告列表")
     @GetMapping("/list")
     public TableDataInfo list(SysNotice notice) {
@@ -43,7 +44,7 @@ public class SysNoticeController extends BaseController {
      * 根据通知公告编号获取详细信息
      */
     @ApiOperation(value = "根据通知公告编号获取详细信息")
-    // @PreAuthorize("@ss.hasPermi('system:notice:query')")
+    @PreAuthorize("@ss.hasPermi('system:notice:query')")
     @GetMapping(value = "/{noticeId}")
     public AjaxResult getInfo(@PathVariable Long noticeId) {
         return AjaxResult.success(noticeService.selectNoticeById(noticeId));
@@ -53,7 +54,7 @@ public class SysNoticeController extends BaseController {
      * 新增通知公告
      */
     @ApiOperation(value = "新增通知公告")
-    //@PreAuthorize("@ss.hasPermi('system:notice:add')")
+    @PreAuthorize("@ss.hasPermi('system:notice:add')")
     @Log(title = "通知公告", businessType = BusinessType.INSERT)
     @PostMapping
     public AjaxResult add(@Validated @RequestBody SysNotice notice) {
@@ -65,7 +66,7 @@ public class SysNoticeController extends BaseController {
      * 修改通知公告
      */
     @ApiOperation(value = "修改通知公告")
-    //@PreAuthorize("@ss.hasPermi('system:notice:edit')")
+    @PreAuthorize("@ss.hasPermi('system:notice:edit')")
     @Log(title = "通知公告", businessType = BusinessType.UPDATE)
     @PutMapping
     public AjaxResult edit(@Validated @RequestBody SysNotice notice) {
@@ -77,7 +78,7 @@ public class SysNoticeController extends BaseController {
      * 删除通知公告
      */
     @ApiOperation(value = "删除通知公告")
-    // @PreAuthorize("@ss.hasPermi('system:notice:remove')")
+    @PreAuthorize("@ss.hasPermi('system:notice:remove')")
     @Log(title = "通知公告", businessType = BusinessType.DELETE)
     @DeleteMapping("/{noticeIds}")
     public AjaxResult remove(@PathVariable Long[] noticeIds) {

zksy-admin/src/main/java/com/zksy/web/controller/system/SysPostController.java

@@ -12,6 +12,7 @@ import com.zksy.system.service.ISysPostService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
@@ -34,7 +35,7 @@ public class SysPostController extends BaseController {
      * 获取岗位列表
      */
     @ApiOperation(value = "查询岗位信息列表")
-    // @PreAuthorize("@ss.hasPermi('system:post:list')")
+    @PreAuthorize("@ss.hasPermi('system:post:list')")
     @GetMapping("/list")
     public TableDataInfo list(SysPost post) {
         startPage();
@@ -44,7 +45,7 @@ public class SysPostController extends BaseController {
 
     @Log(title = "岗位管理", businessType = BusinessType.EXPORT)
     @ApiOperation(value = "导出岗位信息")
-    // @PreAuthorize("@ss.hasPermi('system:post:export')")
+    @PreAuthorize("@ss.hasPermi('system:post:export')")
     @PostMapping("/export")
     public void export(HttpServletResponse response, SysPost post) {
         List<SysPost> list = postService.selectPostList(post);
@@ -56,7 +57,7 @@ public class SysPostController extends BaseController {
      * 根据岗位编号获取详细信息
      */
     @ApiOperation(value = "根据岗位编号获取详细信息")
-    // @PreAuthorize("@ss.hasPermi('system:post:query')")
+    @PreAuthorize("@ss.hasPermi('system:post:query')")
     @GetMapping(value = "/{postId}")
     public AjaxResult getInfo(@PathVariable Long postId) {
         return AjaxResult.success(postService.selectPostById(postId));
@@ -66,7 +67,7 @@ public class SysPostController extends BaseController {
      * 新增岗位
      */
     @ApiOperation(value = "新增岗位")
-    // @PreAuthorize("@ss.hasPermi('system:post:add')")
+    @PreAuthorize("@ss.hasPermi('system:post:add')")
     @Log(title = "岗位管理", businessType = BusinessType.INSERT)
     @PostMapping
     public AjaxResult add(@Validated @RequestBody SysPost post) {
@@ -83,7 +84,7 @@ public class SysPostController extends BaseController {
      * 修改岗位
      */
     @ApiOperation(value = "修改岗位")
-    // @PreAuthorize("@ss.hasPermi('system:post:edit')")
+    @PreAuthorize("@ss.hasPermi('system:post:edit')")
     @Log(title = "岗位管理", businessType = BusinessType.UPDATE)
     @PutMapping
     public AjaxResult edit(@Validated @RequestBody SysPost post) {
@@ -100,7 +101,7 @@ public class SysPostController extends BaseController {
      * 删除岗位
      */
     @ApiOperation(value = "删除岗位")
-    // @PreAuthorize("@ss.hasPermi('system:post:remove')")
+    @PreAuthorize("@ss.hasPermi('system:post:remove')")
     @Log(title = "岗位管理", businessType = BusinessType.DELETE)
     @DeleteMapping("/{postIds}")
     public AjaxResult remove(@PathVariable Long[] postIds) {

zksy-admin/src/main/java/com/zksy/web/controller/system/SysRoleController.java

@@ -23,6 +23,7 @@ import com.zksy.system.service.ISysUserService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
@@ -50,7 +51,7 @@ public class SysRoleController extends BaseController {
     @Autowired
     private ISysUserService userService;
 
-    //@PreAuthorize("@ss.hasPermi('system:role:list')")
+    @PreAuthorize("@ss.hasPermi('system:role:list')")
     @GetMapping("/list")
     @ApiOperation(value = "角色信息列表", notes = "角色信息列表")
     public TableDataInfo list(SysRole role) {
@@ -60,7 +61,7 @@ public class SysRoleController extends BaseController {
     }
 
     @Log(title = "角色管理", businessType = BusinessType.EXPORT)
-    //@PreAuthorize("@ss.hasPermi('system:role:export')")
+    @PreAuthorize("@ss.hasPermi('system:role:export')")
     @PostMapping("/export")
     @ApiOperation(value = "角色信息导出", notes = "角色信息导出")
     public void export(HttpServletResponse response, SysRole role) {
@@ -72,7 +73,7 @@ public class SysRoleController extends BaseController {
     /**
      * 根据角色编号获取详细信息
      */
-    //@PreAuthorize("@ss.hasPermi('system:role:query')")
+    @PreAuthorize("@ss.hasPermi('system:role:query')")
     @GetMapping(value = "/{roleId}")
     @ApiOperation(value = "根据角色编号获取详细信息", notes = "根据角色编号获取详细信息")
     public AjaxResult getInfo(@PathVariable Long roleId) {
@@ -83,7 +84,7 @@ public class SysRoleController extends BaseController {
     /**
      * 新增角色
      */
-    //@PreAuthorize("@ss.hasPermi('system:role:add')")
+    @PreAuthorize("@ss.hasPermi('system:role:add')")
     @Log(title = "角色管理", businessType = BusinessType.INSERT)
     @ApiOperation(value = "新增角色", notes = "新增角色")
     @PostMapping
@@ -101,7 +102,7 @@ public class SysRoleController extends BaseController {
     /**
      * 修改保存角色
      */
-    //@PreAuthorize("@ss.hasPermi('system:role:edit')")
+    @PreAuthorize("@ss.hasPermi('system:role:edit')")
     @Log(title = "角色管理", businessType = BusinessType.UPDATE)
     @ApiOperation(value = "修改保存角色", notes = "修改保存角色")
     @PutMapping
@@ -131,7 +132,7 @@ public class SysRoleController extends BaseController {
     /**
      * 修改保存数据权限
      */
-    // @PreAuthorize("@ss.hasPermi('system:role:edit')")
+    @PreAuthorize("@ss.hasPermi('system:role:edit')")
     @Log(title = "角色管理", businessType = BusinessType.UPDATE)
     @PutMapping("/dataScope")
     @ApiOperation(value = "修改保存数据权限", notes = "修改保存数据权限")
@@ -144,7 +145,7 @@ public class SysRoleController extends BaseController {
     /**
      * 状态修改
      */
-    // @PreAuthorize("@ss.hasPermi('system:role:edit')")
+    @PreAuthorize("@ss.hasPermi('system:role:edit')")
     @Log(title = "角色管理", businessType = BusinessType.UPDATE)
     @ApiOperation(value = "状态修改", notes = "状态修改")
     @PutMapping("/changeStatus")
@@ -158,7 +159,7 @@ public class SysRoleController extends BaseController {
     /**
      * 删除角色
      */
-    // @PreAuthorize("@ss.hasPermi('system:role:remove')")
+    @PreAuthorize("@ss.hasPermi('system:role:remove')")
     @Log(title = "角色管理", businessType = BusinessType.DELETE)
     @ApiOperation(value = "删除角色", notes = "删除角色")
     @DeleteMapping("/{roleIds}")
@@ -169,7 +170,7 @@ public class SysRoleController extends BaseController {
     /**
      * 获取角色选择框列表
      */
-    // @PreAuthorize("@ss.hasPermi('system:role:query')")
+    @PreAuthorize("@ss.hasPermi('system:role:query')")
     @GetMapping("/optionselect")
     @ApiOperation(value = "获取角色选择框列表", notes = "获取角色选择框列表")
     public AjaxResult optionselect() {
@@ -179,7 +180,7 @@ public class SysRoleController extends BaseController {
     /**
      * 查询已分配用户角色列表
      */
-    //@PreAuthorize("@ss.hasPermi('system:role:list')")
+    @PreAuthorize("@ss.hasPermi('system:role:list')")
     @GetMapping("/authUser/allocatedList")
     @ApiOperation(value = "查询已分配用户角色列表", notes = "查询已分配用户角色列表")
     public TableDataInfo allocatedList(SysUser user) {
@@ -191,7 +192,7 @@ public class SysRoleController extends BaseController {
     /**
      * 查询未分配用户角色列表
      */
-    //@PreAuthorize("@ss.hasPermi('system:role:list')")
+    @PreAuthorize("@ss.hasPermi('system:role:list')")
     @GetMapping("/authUser/unallocatedList")
     @ApiOperation(value = "查询未分配用户角色列表", notes = "查询未分配用户角色列表")
     public TableDataInfo unallocatedList(SysUser user) {
@@ -203,7 +204,7 @@ public class SysRoleController extends BaseController {
     /**
      * 取消授权用户
      */
-    //@PreAuthorize("@ss.hasPermi('system:role:edit')")
+    @PreAuthorize("@ss.hasPermi('system:role:edit')")
     @Log(title = "角色管理", businessType = BusinessType.GRANT)
     @ApiOperation(value = "取消授权用户", notes = "取消授权用户")
     @PutMapping("/authUser/cancel")
@@ -214,7 +215,7 @@ public class SysRoleController extends BaseController {
     /**
      * 批量取消授权用户
      */
-    // @PreAuthorize("@ss.hasPermi('system:role:edit')")
+    @PreAuthorize("@ss.hasPermi('system:role:edit')")
     @Log(title = "角色管理", businessType = BusinessType.GRANT)
     @ApiOperation(value = "批量取消授权用户", notes = "批量取消授权用户")
     @PutMapping("/authUser/cancelAll")
@@ -225,7 +226,7 @@ public class SysRoleController extends BaseController {
     /**
      * 批量选择用户授权
      */
-    // @PreAuthorize("@ss.hasPermi('system:role:edit')")
+    @PreAuthorize("@ss.hasPermi('system:role:edit')")
     @Log(title = "角色管理", businessType = BusinessType.GRANT)
     @ApiOperation(value = "批量选择用户授权", notes = "批量选择用户授权")
     @PutMapping("/authUser/selectAll")

zksy-admin/src/main/java/com/zksy/web/controller/system/SysUserController.java

@@ -25,6 +25,7 @@ import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
 import org.apache.commons.lang3.ArrayUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.util.ObjectUtils;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
@@ -58,7 +59,7 @@ public class SysUserController extends BaseController {
     /**
      * 获取用户列表
      */
-    //@PreAuthorize("@ss.hasPermi('system:user:list')")
+    @PreAuthorize("@ss.hasPermi('system:user:list')")
     @GetMapping("/list")
     @ApiOperation(value = "获取用户列表")
     public TableDataInfo list(SysUserListReq user) {
@@ -83,7 +84,7 @@ public class SysUserController extends BaseController {
     }
 
     @Log(title = "用户管理", businessType = BusinessType.EXPORT)
-    //@PreAuthorize("@ss.hasPermi('system:user:export')")
+    @PreAuthorize("@ss.hasPermi('system:user:export')")
     @PostMapping("/export")
     @ApiOperation(value = "用户数据导出")
     public void export(HttpServletResponse response, SysUserListReq user) {
@@ -93,7 +94,7 @@ public class SysUserController extends BaseController {
     }
 
     @Log(title = "用户管理", businessType = BusinessType.IMPORT)
-    //@PreAuthorize("@ss.hasPermi('system:user:import')")
+    @PreAuthorize("@ss.hasPermi('system:user:import')")
     @PostMapping("/importData")
     @ApiOperation(value = "用户数据导入")
     public AjaxResult importData(MultipartFile file, boolean updateSupport) throws Exception {
@@ -114,7 +115,7 @@ public class SysUserController extends BaseController {
     /**
      * 根据用户编号获取详细信息
      */
-    //@PreAuthorize("@ss.hasPermi('system:user:query')")
+    @PreAuthorize("@ss.hasPermi('system:user:query')")
     @GetMapping(value = {"/", "/{userId}"})
     @ApiOperation(value = "根据用户编号获取详细信息")
     public AjaxResult getInfo(@PathVariable(value = "userId", required = false) Long userId) {
@@ -139,7 +140,7 @@ public class SysUserController extends BaseController {
     /**
      * 新增用户
      */
-    //@PreAuthorize("@ss.hasPermi('system:user:add')")
+    @PreAuthorize("@ss.hasPermi('system:user:add')")
     @Log(title = "用户管理", businessType = BusinessType.INSERT)
     @PostMapping("/addMember")
     @ApiOperation(value = "用户新增")
@@ -160,7 +161,7 @@ public class SysUserController extends BaseController {
     /**
      * 修改用户
      */
-    //@PreAuthorize("@ss.hasPermi('system:user:edit')")
+    @PreAuthorize("@ss.hasPermi('system:user:edit')")
     @Log(title = "用户管理", businessType = BusinessType.UPDATE)
     @PostMapping("/edit")
     @ApiOperation(value = "修改用户")
@@ -182,7 +183,7 @@ public class SysUserController extends BaseController {
     /**
      * 删除用户
      */
-    //@PreAuthorize("@ss.hasPermi('system:user:remove')")
+    @PreAuthorize("@ss.hasPermi('system:user:remove')")
     @Log(title = "用户管理", businessType = BusinessType.DELETE)
     @DeleteMapping("/{userIds}")
     @ApiOperation(value = "删除用户")
@@ -196,7 +197,7 @@ public class SysUserController extends BaseController {
     /**
      * 重置密码
      */
-    //@PreAuthorize("@ss.hasPermi('system:user:resetPwd')")
+    @PreAuthorize("@ss.hasPermi('system:user:resetPwd')")
     @Log(title = "用户管理", businessType = BusinessType.UPDATE)
     @ApiOperation(value = "重置密码（有权限控制）")
     @PutMapping("/resetPwd")
@@ -233,7 +234,7 @@ public class SysUserController extends BaseController {
     /**
      * 账号状态修改
      */
-    //@PreAuthorize("@ss.hasPermi('system:user:edit')")
+    @PreAuthorize("@ss.hasPermi('system:user:edit')")
     @Log(title = "用户管理", businessType = BusinessType.UPDATE)
     @PutMapping("/changeStatus")
     @ApiOperation(value = "账号状态修改")
@@ -247,7 +248,7 @@ public class SysUserController extends BaseController {
     /**
      * 根据用户编号获取授权角色
      */
-    // @PreAuthorize("@ss.hasPermi('system:user:query')")
+    @PreAuthorize("@ss.hasPermi('system:user:query')")
     @GetMapping("/authRole/{userId}")
     @ApiOperation(value = "根据用户编号获取授权角色")
     public AjaxResult authRole(@PathVariable("userId") Long userId) {
@@ -262,7 +263,7 @@ public class SysUserController extends BaseController {
     /**
      * 用户授权角色
      */
-    //@PreAuthorize("@ss.hasPermi('system:user:edit')")
+    @PreAuthorize("@ss.hasPermi('system:user:edit')")
     @Log(title = "用户管理", businessType = BusinessType.GRANT)
     @PutMapping("/authRole")
     @ApiOperation(value = "用户授权角色")

zksy-framework/src/main/java/com/zksy/framework/config/SecurityConfig.java

@@ -150,7 +150,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
                 //.antMatchers("/swagger-resources/**").anonymous()
                 .antMatchers("/webjars/**").anonymous()
-                .antMatchers("/*/api-docs").anonymous()
+                //.antMatchers("/*/api-docs").anonymous()
                 .antMatchers("/druid/**").anonymous()
                 .antMatchers("/dev-api/**").anonymous()
                 //.antMatchers("/tool/swagger/**").anonymous()

zksy-system/src/main/java/com/zksy/system/basicData/domain/Captcha.java

@@ -0,0 +1,56 @@
+package com.zksy.system.basicData.domain;
+
+import lombok.Data;
+
+@Data
+public class Captcha {
+
+    /**
+     * 随机字符串
+     **/
+    private String nonceStr;
+    /**
+     * 验证值
+     **/
+    private String value;
+    /**
+     * 生成的画布的base64
+     **/
+    private String canvasSrc;
+    /**
+     * 画布宽度
+     **/
+    private Integer canvasWidth;
+    /**
+     * 画布高度
+     **/
+    private Integer canvasHeight;
+    /**
+     * 生成的阻塞块的base64
+     **/
+    private String blockSrc;
+    /**
+     * 阻塞块宽度
+     **/
+    private Integer blockWidth;
+    /**
+     * 阻塞块高度
+     **/
+    private Integer blockHeight;
+    /**
+     * 阻塞块凸凹半径
+     **/
+    private Integer blockRadius;
+    /**
+     * 阻塞块的横轴坐标
+     **/
+    private Integer blockX;
+    /**
+     * 阻塞块的纵轴坐标
+     **/
+    private Integer blockY;
+    /**
+     * 图片获取位置
+     **/
+    private Integer place;
+}

zksy-system/src/main/java/com/zksy/system/basicData/domain/OwLeavingMessage.java

@@ -1,6 +1,7 @@
 package com.zksy.system.basicData.domain;
 
 import com.baomidou.mybatisplus.annotation.IdType;
+import com.baomidou.mybatisplus.annotation.TableField;
 import com.baomidou.mybatisplus.annotation.TableId;
 import com.baomidou.mybatisplus.annotation.TableName;
 import com.baomidou.mybatisplus.extension.activerecord.Model;
@@ -80,4 +81,10 @@ private static final long serialVersionUID=1L;
     private Date createTime;
     @ApiModelProperty(value = "更新时间")
     private Date updateTime;
+    @TableField(exist = false)
+    private String imageKey;
+    @TableField(exist = false)
+    private String imageCode;
+    @TableField(exist = false)
+    private Boolean needAuthCode;
         }

zksy-system/src/main/java/com/zksy/system/utils/CaptchaUtils.java

@@ -0,0 +1,226 @@
+package com.zksy.system.utils;
+
+import com.zksy.system.basicData.domain.Captcha;
+import org.apache.commons.lang3.RandomUtils;
+
+import javax.imageio.ImageIO;
+import java.awt.*;
+import java.awt.image.BufferedImage;
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.IOException;
+import java.net.URL;
+import java.util.Base64;
+import java.util.Objects;
+import java.util.Random;
+
+public class CaptchaUtils {
+
+    /**
+     * 网络图片地址
+     **/
+    private final static String IMG_URL = "https://picsum.photos/id/%s/320/240";
+
+    /**
+     * 本地图片地址
+     **/
+    private final static String IMG_PATH = "E:/Temp/wallpaper/%s.jpg";
+
+    /**
+     * 入参校验设置默认值
+     **/
+    public static void checkCaptcha(Captcha captcha) {
+        //设置画布宽度默认值
+        if (captcha.getCanvasWidth() == null) {
+            captcha.setCanvasWidth(320);
+        }
+        //设置画布高度默认值
+        if (captcha.getCanvasHeight() == null) {
+            captcha.setCanvasHeight(155);
+        }
+        //设置阻塞块宽度默认值
+        if (captcha.getBlockWidth() == null) {
+            captcha.setBlockWidth(65);
+        }
+        //设置阻塞块高度默认值
+        if (captcha.getBlockHeight() == null) {
+            captcha.setBlockHeight(55);
+        }
+        //设置阻塞块凹凸半径默认值
+        if (captcha.getBlockRadius() == null) {
+            captcha.setBlockRadius(9);
+        }
+        //设置图片来源默认值
+        if (captcha.getPlace() == null) {
+            captcha.setPlace(0);
+        }
+    }
+
+    /**
+     * 获取指定范围内的随机数
+     **/
+    public static int getNonceByRange(int start, int end) {
+        Random random = new Random();
+        return random.nextInt(end - start + 1) + start;
+    }
+
+    /**
+     * 获取验证码资源图
+     **/
+    public static BufferedImage getBufferedImage(Integer place) {
+        try {
+            //随机图片
+            int nonce = getNonceByRange(0, 1000);
+            //获取网络资源图片
+            if (0 == place) {
+                String imgUrl = String.format(IMG_URL, nonce);
+                URL url = new URL(imgUrl);
+                return ImageIO.read(url.openStream());
+            }
+            //获取本地图片
+            else {
+                String imgPath = String.format(IMG_PATH, nonce);
+                File file = new File(imgPath);
+                return ImageIO.read(file);
+            }
+        } catch (Exception e) {
+            System.out.println("获取拼图资源失败");
+            //异常处理
+            return null;
+        }
+    }
+
+    /**
+     * 调整图片大小
+     **/
+    public static BufferedImage imageResize(BufferedImage bufferedImage, int width, int height) {
+        Image image = bufferedImage.getScaledInstance(width, height, Image.SCALE_SMOOTH);
+        BufferedImage resultImage = new BufferedImage(width, height, BufferedImage.TYPE_INT_ARGB);
+        Graphics2D graphics2D = resultImage.createGraphics();
+        graphics2D.drawImage(image, 0, 0, null);
+        graphics2D.dispose();
+        return resultImage;
+    }
+
+    /**
+     * 抠图，并生成阻塞块
+     **/
+    public static void cutByTemplate(BufferedImage canvasImage, BufferedImage blockImage, int blockWidth, int blockHeight, int blockRadius, int blockX, int blockY) {
+        BufferedImage waterImage = new BufferedImage(blockWidth, blockHeight, BufferedImage.TYPE_4BYTE_ABGR);
+        //阻塞块的轮廓图
+        int[][] blockData = getBlockData(blockWidth, blockHeight, blockRadius);
+        //创建阻塞块具体形状
+        for (int i = 0; i < blockWidth; i++) {
+            for (int j = 0; j < blockHeight; j++) {
+                try {
+                    //原图中对应位置变色处理
+                    if (blockData[i][j] == 1) {
+                        //背景设置为黑色
+                        waterImage.setRGB(i, j, Color.BLACK.getRGB());
+                        blockImage.setRGB(i, j, canvasImage.getRGB(blockX + i, blockY + j));
+                        //轮廓设置为白色，取带像素和无像素的界点，判断该点是不是临界轮廓点
+                        if (blockData[i + 1][j] == 0 || blockData[i][j + 1] == 0 || blockData[i - 1][j] == 0 || blockData[i][j - 1] == 0) {
+                            blockImage.setRGB(i, j, Color.WHITE.getRGB());
+                            waterImage.setRGB(i, j, Color.WHITE.getRGB());
+                        }
+                    }
+                    //这里把背景设为透明
+                    else {
+                        blockImage.setRGB(i, j, Color.TRANSLUCENT);
+                        waterImage.setRGB(i, j, Color.TRANSLUCENT);
+                    }
+                } catch (ArrayIndexOutOfBoundsException e) {
+                    //防止数组下标越界异常
+                }
+            }
+        }
+        //在画布上添加阻塞块水印
+        addBlockWatermark(canvasImage, waterImage, blockX, blockY);
+    }
+
+    /**
+     * 构建拼图轮廓轨迹
+     **/
+    private static int[][] getBlockData(int blockWidth, int blockHeight, int blockRadius) {
+        int[][] data = new int[blockWidth][blockHeight];
+        double po = Math.pow(blockRadius, 2);
+        //随机生成两个圆的坐标，在4个方向上 随机找到2个方向添加凸/凹
+        //凸/凹1
+        int face1 = RandomUtils.nextInt(0,4);
+        //凸/凹2
+        int face2;
+        //保证两个凸/凹不在同一位置
+        do {
+            face2 = RandomUtils.nextInt(0,4);
+        } while (face1 == face2);
+        //获取凸/凹起位置坐标
+        int[] circle1 = getCircleCoords(face1, blockWidth, blockHeight, blockRadius);
+        int[] circle2 = getCircleCoords(face2, blockWidth, blockHeight, blockRadius);
+        //随机凸/凹类型
+        int shape = getNonceByRange(0, 1);
+        //圆的标准方程 (x-a)²+(y-b)²=r²,标识圆心（a,b）,半径为r的圆
+        //计算需要的小图轮廓，用二维数组来表示，二维数组有两张值，0和1，其中0表示没有颜色，1有颜色
+        for (int i = 0; i < blockWidth; i++) {
+            for (int j = 0; j < blockHeight; j++) {
+                data[i][j] = 0;
+                //创建中间的方形区域
+                if ((i >= blockRadius && i <= blockWidth - blockRadius && j >= blockRadius && j <= blockHeight - blockRadius)) {
+                    data[i][j] = 1;
+                }
+                double d1 = Math.pow(i - Objects.requireNonNull(circle1)[0], 2) + Math.pow(j - circle1[1], 2);
+                double d2 = Math.pow(i - Objects.requireNonNull(circle2)[0], 2) + Math.pow(j - circle2[1], 2);
+                //创建两个凸/凹
+                if (d1 <= po || d2 <= po) {
+                    data[i][j] = shape;
+                }
+            }
+        }
+        return data;
+    }
+    /**
+     * 根据朝向获取圆心坐标
+     */
+    private static int[] getCircleCoords(int face, int blockWidth, int blockHeight, int blockRadius) {
+        //上
+        if (0 == face) {
+            return new int[]{blockWidth / 2 - 1, blockRadius};
+        }
+        //左
+        else if (1 == face) {
+            return new int[]{blockRadius, blockHeight / 2 - 1};
+        }
+        //下
+        else if (2 == face) {
+            return new int[]{blockWidth / 2 - 1, blockHeight - blockRadius - 1};
+        }
+        //右
+        else if (3 == face) {
+            return new int[]{blockWidth - blockRadius - 1, blockHeight / 2 - 1};
+        }
+        return null;
+    }
+    /**
+     * 在画布上添加阻塞块水印
+     */
+    private static void addBlockWatermark(BufferedImage canvasImage, BufferedImage blockImage, int x, int y) {
+        Graphics2D graphics2D = canvasImage.createGraphics();
+        graphics2D.setComposite(AlphaComposite.getInstance(AlphaComposite.SRC_ATOP, 0.8f));
+        graphics2D.drawImage(blockImage, x, y, null);
+        graphics2D.dispose();
+    }
+    /**
+     * BufferedImage转BASE64
+     */
+    public static String toBase64(BufferedImage bufferedImage, String type) {
+        try {
+            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
+            ImageIO.write(bufferedImage, type, byteArrayOutputStream);
+            String base64 = Base64.getEncoder().encodeToString(byteArrayOutputStream.toByteArray());
+            return String.format("data:image/%s;base64,%s", type, base64);
+        } catch (IOException e) {
+            System.out.println("图片资源转换BASE64失败");
+            //异常处理
+            return null;
+        }
+    }
+}