From 697ce840e0bdc1091da99d4a566a7f175e57ed85 Mon Sep 17 00:00:00 2001
From: vran <vran_dev@foxmail.com>
Date: Sat, 12 Mar 2022 13:30:58 +0800
Subject: [PATCH] feat: add permission control to databaseType api

---
 .../main/java/com/databasir/api/DatabaseTypeController.java   | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/api/src/main/java/com/databasir/api/DatabaseTypeController.java b/api/src/main/java/com/databasir/api/DatabaseTypeController.java
index 2488f5c..7d312bd 100644
--- a/api/src/main/java/com/databasir/api/DatabaseTypeController.java
+++ b/api/src/main/java/com/databasir/api/DatabaseTypeController.java
@@ -9,6 +9,7 @@ import lombok.RequiredArgsConstructor;
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.Pageable;
 import org.springframework.data.web.PageableDefault;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
@@ -42,6 +43,7 @@ public class DatabaseTypeController {
 
     @PostMapping(Routes.DatabaseType.CREATE)
     @Operation(module = Operation.Modules.DATABASE_TYPE, name = "创建数据库类型")
+    @PreAuthorize("hasAnyAuthority('SYS_OWNER')")
     public JsonData<Integer> create(@RequestBody @Valid DatabaseTypeCreateRequest request) {
         databaseTypeValidator.isValidUrlPattern(request.getUrlPattern());
         Integer id = databaseTypeService.create(request);
@@ -50,6 +52,7 @@ public class DatabaseTypeController {
 
     @PatchMapping(Routes.DatabaseType.UPDATE)
     @Operation(module = Operation.Modules.DATABASE_TYPE, name = "更新数据库类型")
+    @PreAuthorize("hasAnyAuthority('SYS_OWNER')")
     public JsonData<Void> update(@RequestBody @Valid DatabaseTypeUpdateRequest request) {
         databaseTypeValidator.isValidUrlPattern(request.getUrlPattern());
         databaseTypeService.update(request);
@@ -58,6 +61,7 @@ public class DatabaseTypeController {
 
     @DeleteMapping(Routes.DatabaseType.DELETE_ONE)
     @Operation(module = Operation.Modules.DATABASE_TYPE, name = "删除数据库类型")
+    @PreAuthorize("hasAnyAuthority('SYS_OWNER')")
     public JsonData<Void> delete(@PathVariable Integer id) {
         databaseTypeService.deleteById(id);
         return JsonData.ok();