Merge branch 'cherry-pick-49e9b030' into 'dev-23.11'23.11

fix：CN-1509 权限相关配置功能修改 See merge request cyber-narrator/cn-web!4
author: 唐浩 <[email protected]> 2023-12-08 09:52:25 +0000
committer: 唐浩 <[email protected]> 2023-12-08 09:52:25 +0000
commit: 6cc2b0a50673618b00568cc02b643ab8e6e897ff (patch)
tree: b2426a2a407c95ab96ca349fa431727899559532
parent: 1edc9f1d8f55a98864a24395b363f5ce01bf8d21 (diff)
parent: 52025c95978f487d50ce1ca25632587cbab63125 (diff)
8 files changed, 43 insertions, 24 deletions
diff --git a/cn-admin/pom.xml b/cn-admin/pom.xml
index c3aa4c9..8a3210c 100644
--- a/cn-admin/pom.xml
+++ b/cn-admin/pom.xml
@@ -488,7 +488,7 @@
 					<buildArgs>
 						<!--向Dockerfile中传入参数,k-v格式-->
 						<!--						<JDK_IMAGE>${docker.registry}:${docker.registry.port}/common/jdk:1.8.0_73</JDK_IMAGE>-->
-						<JDK_IMAGE>${docker.registry}:${docker.registry.port}/common/amazon-corretto:11.0.21.9.1</JDK_IMAGE>
+						<JDK_IMAGE>${docker.registry}:${docker.registry.port}/common/jdk-node-cn:11.0.21</JDK_IMAGE>
 						<JAR_FILE>${project.build.finalName}.xjar</JAR_FILE>
 					</buildArgs>
 					<resources>
diff --git a/cn-admin/src/main/java/net/geedge/modules/knowledge/controller/KnowledgeBaseController.java b/cn-admin/src/main/java/net/geedge/modules/knowledge/controller/KnowledgeBaseController.java
index 5b5f276..299e284 100644
--- a/cn-admin/src/main/java/net/geedge/modules/knowledge/controller/KnowledgeBaseController.java
+++ b/cn-admin/src/main/java/net/geedge/modules/knowledge/controller/KnowledgeBaseController.java
@@ -5,6 +5,8 @@ import java.util.List;
 import java.util.Map;
 import net.geedge.common.annotation.SysLog;
 import net.geedge.common.utils.*;
+
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.repository.query.Param;
 import org.springframework.transaction.annotation.Transactional;
@@ -31,6 +33,7 @@ public class KnowledgeBaseController {
 
 	@DeleteMapping
 	@SysLog(operation = OperationEnum.DELETE, type = TypeEnum.KNOWLEDGEBASE)
+	@RequiresPermissions({"knowledge:base:delete"})
 	public R remove(@RequestParam("knowledgeIds") String knowledgeIds) {
 		ValidateUtils.is(knowledgeIds).notNull(RCode.KNOWLEDGE_IDS_ISNULL);
 		List<Integer> result = knowledgeBaseService.remove(knowledgeIds);
@@ -38,6 +41,7 @@ public class KnowledgeBaseController {
 	}
 	
 	@PostMapping("/parser")
+	@RequiresPermissions({"knowledge:base:add"})
 	public R importKnowledgeBase(@Param("file") MultipartFile file,@Param("source")String source) {
 		ValidateUtils.is(file).notNull(RCode.KNOWLEDGE_FILE_ISNULL);
 		ValidateUtils.is(source).notNull(RCode.KNOWLEDGE_SOURCE_ISNULL);
@@ -69,6 +73,7 @@ public class KnowledgeBaseController {
 	
 	@PostMapping
 	@SysLog(operation = OperationEnum.ADD, type = TypeEnum.KNOWLEDGEBASE)
+	@RequiresPermissions({"knowledge:base:add"})
 	public R addKnowledgeBase(@RequestBody Map<String,Object> params) {
 		Integer id = knowledgeBaseService.addOrModifyKnowledgeBase(params);
 		return R.ok().put("knowledgeId", id);
@@ -76,6 +81,7 @@ public class KnowledgeBaseController {
 	
 	@PutMapping
 	@SysLog(operation = OperationEnum.UPDATE, type = TypeEnum.KNOWLEDGEBASE)
+	@RequiresPermissions({"knowledge:base:update"})
 	public R modifyKnowledgeBase(@RequestBody Map<String,Object> params) {
 		Integer knowledgeId = (Integer) params.get("knowledgeId");
 		ValidateUtils.is(knowledgeId).notNull(RCode.KNOWLEDGE_ID_ISNULL);
@@ -84,6 +90,7 @@ public class KnowledgeBaseController {
 	}
 	
 	@PostMapping("/items/batch")
+	@RequiresPermissions({"knowledge:base:add"})
 	public R importBatch(@Param("file") MultipartFile file,@Param("knowledgeId")Integer knowledgeId,@Param("action")String action
 			,@Param("status")Integer status,@Param("color")String color,@Param("description")String description) {
 		ValidateUtils.is(file).notNull(RCode.KNOWLEDGE_FILE_ISNULL);
diff --git a/cn-admin/src/main/java/net/geedge/modules/report/controller/ReportJobController.java b/cn-admin/src/main/java/net/geedge/modules/report/controller/ReportJobController.java
index fffeaa2..14a64ad 100644
--- a/cn-admin/src/main/java/net/geedge/modules/report/controller/ReportJobController.java
+++ b/cn-admin/src/main/java/net/geedge/modules/report/controller/ReportJobController.java
@@ -85,12 +85,14 @@ public class ReportJobController extends AbstractController{
 	}
 	
 	@PutMapping("/restart")
+	@RequiresPermissions({"report:job:update"})
 	public R restartJob(@RequestBody Map<String,Object> param) {
 		reportJobService.restartJob(param);
 		return R.ok();
 	}
 	
 	@PutMapping("/reupload")
+	@RequiresPermissions({"report:job:update"})
 	public R reuploadJob(@RequestParam String ids) {
 		ValidateUtils.is(ids).notNull(RCode.REPORT_JOB_ID_ISNULL);
 		reportJobService.reuploadJob(ids);
diff --git a/cn-admin/src/main/java/net/geedge/modules/rule/controller/DetectionRuleController.java b/cn-admin/src/main/java/net/geedge/modules/rule/controller/DetectionRuleController.java
index 88c8328..dad2a47 100644
--- a/cn-admin/src/main/java/net/geedge/modules/rule/controller/DetectionRuleController.java
+++ b/cn-admin/src/main/java/net/geedge/modules/rule/controller/DetectionRuleController.java
@@ -3,6 +3,8 @@ package net.geedge.modules.rule.controller;
 import java.util.Arrays;
 import java.util.List;
 import java.util.Map;
+
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -44,6 +46,7 @@ public class DetectionRuleController {
 	
 	@DeleteMapping
 	@SysLog(operation = OperationEnum.DELETE,type = TypeEnum.DETECTIONRULE)
+	@RequiresPermissions({"detection:rule:delete"})
 	public R removeRule(@RequestParam Integer... ruleIds) {
 		ValidateUtils.is(ruleIds).notNull(RCode.RULE_ID_ISNULL);
 		List<Integer> removeRuleIds = detectionRuleService.removeRules(Arrays.asList(ruleIds));
@@ -52,6 +55,7 @@ public class DetectionRuleController {
 	
 	@PostMapping
 	@SysLog(operation = OperationEnum.ADD,type = TypeEnum.DETECTIONRULE)
+	@RequiresPermissions({"detection:rule:add"})
 	public R saveDetectionRule(@RequestBody DetectionRule detectionRule) {
 		DetectionRule rule = detectionRuleService.saveDetectionRule(detectionRule);
 		return R.ok(rule.getRuleId());
@@ -59,6 +63,7 @@ public class DetectionRuleController {
 	
 	@PutMapping
 	@SysLog(operation = OperationEnum.UPDATE,type = TypeEnum.DETECTIONRULE)
+	@RequiresPermissions({"detection:rule:update"})
 	public R modifyDetectionRule(@RequestBody DetectionRule detectionRule) {
 		ValidateUtils.is(detectionRule.getRuleId()).notNull(RCode.RULE_ID_ISNULL);
 		DetectionRule rule = detectionRuleService.modifyDetectionRule(detectionRule);
diff --git a/cn-admin/src/main/java/net/geedge/modules/sys/controller/SysConfigController.java b/cn-admin/src/main/java/net/geedge/modules/sys/controller/SysConfigController.java
index 7daf022..2f0d7c2 100644
--- a/cn-admin/src/main/java/net/geedge/modules/sys/controller/SysConfigController.java
+++ b/cn-admin/src/main/java/net/geedge/modules/sys/controller/SysConfigController.java
@@ -67,6 +67,7 @@ public class SysConfigController extends AbstractController {
 	 */
 	@SysLog
 	@PostMapping("/config")
+	@RequiresPermissions("sys:config:add")
 	public R save(@RequestBody SysConfigEntity config) {
 		ValidatorUtils.validateEntity(config);
 		sysConfigService.saveConfig(config);
@@ -78,6 +79,7 @@ public class SysConfigController extends AbstractController {
 	 */
 	@SysLog
 	@PutMapping("/config")
+	@RequiresPermissions("sys:config:update")
 	public R update(@RequestBody SysConfigEntity config) {
 		ValidatorUtils.validateEntity(config);
 		sysConfigService.update(config);
@@ -89,6 +91,7 @@ public class SysConfigController extends AbstractController {
 	 */
 	@SysLog
 	@DeleteMapping("/config")
+	@RequiresPermissions("sys:config:delete")
 	public R delete(@RequestBody Long[] ids) {
 		sysConfigService.deleteBatch(ids);
 		return R.ok();
@@ -109,6 +112,7 @@ public class SysConfigController extends AbstractController {
 	 */
 	@PutMapping("/appearance")
 	@SysLog(operation = OperationEnum.UPDATE, type = TypeEnum.SYSTEM)
+	@RequiresPermissions("sys:config:update")
 	public R updateAppearance(@RequestBody Map<String, String> params) {
 		sysConfigService.saveBasic(params);
 		return R.ok();
@@ -130,6 +134,7 @@ public class SysConfigController extends AbstractController {
 	 */
 	@PutMapping("/batchModify")
 	@SysLog(operation = OperationEnum.UPDATE, type = TypeEnum.SYSTEM)
+	@RequiresPermissions("sys:config:update")
 	public R updateSecurity(@RequestBody Map<String,String> params) {
 		sysConfigService.updateByKey(params);
 		return R.ok();
diff --git a/cn-admin/src/main/java/net/geedge/modules/sys/controller/SysRoleController.java b/cn-admin/src/main/java/net/geedge/modules/sys/controller/SysRoleController.java
index 77eaa4e..513a70d 100644
--- a/cn-admin/src/main/java/net/geedge/modules/sys/controller/SysRoleController.java
+++ b/cn-admin/src/main/java/net/geedge/modules/sys/controller/SysRoleController.java
@@ -66,7 +66,7 @@ public class SysRoleController extends AbstractController {
      */
 	@PostMapping
 	@SysLog(operation = OperationEnum.ADD,type = TypeEnum.SYSTEM)
-	/*@RequiresPermissions("sys:role:save")*/
+	@RequiresPermissions("sys:role:add")
 	public R save(@RequestBody SysRoleEntity role){
 		sysRoleService.saveRole(role);
 		return R.ok().put("id", role.getId());
@@ -79,7 +79,7 @@ public class SysRoleController extends AbstractController {
 	 */
 	@PutMapping
 	@SysLog(operation = OperationEnum.UPDATE,type = TypeEnum.SYSTEM)
-	/*@RequiresPermissions("sys:role:update")*/
+	@RequiresPermissions("sys:role:update")
 	public R update(@RequestBody SysRoleEntity role){
 		ValidateUtils.is(role.getId()).notNull(RCode.SYS_ROLE_ID_ISNULL);
 		sysRoleService.update(role);
@@ -93,7 +93,7 @@ public class SysRoleController extends AbstractController {
 	 */
 	@DeleteMapping
 	@SysLog(operation = OperationEnum.DELETE,type = TypeEnum.SYSTEM)
-	/*@RequiresPermissions("sys:role:delete")*/
+	@RequiresPermissions("sys:role:delete")
 	public R delete(@RequestParam Integer[] ids, @RequestParam Map<String, Object> params) {
 		ValidateUtils.is(ids).notNull(RCode.SYS_ROLE_ID_ISNULL);
 
diff --git a/cn-admin/src/main/java/net/geedge/modules/sys/controller/SysUserController.java b/cn-admin/src/main/java/net/geedge/modules/sys/controller/SysUserController.java
index f3c684e..a916b87 100644
--- a/cn-admin/src/main/java/net/geedge/modules/sys/controller/SysUserController.java
+++ b/cn-admin/src/main/java/net/geedge/modules/sys/controller/SysUserController.java
@@ -81,7 +81,7 @@ public class SysUserController extends AbstractController {
 	 */
 	@PostMapping
 	@SysLog(operation = OperationEnum.ADD,type = TypeEnum.ACCOUNT)
-	/*    @RequiresPermissions("sys:user:save")*/
+	@RequiresPermissions("sys:user:add")
 	public R save(@RequestBody SysUserEntity user){
 		Integer id = sysUserService.saveUser(user);
 		return R.ok().putData("id", id);
@@ -92,7 +92,7 @@ public class SysUserController extends AbstractController {
 	 */
 	@PutMapping
 	@SysLog(operation = OperationEnum.UPDATE,type = TypeEnum.ACCOUNT)
-	/*@RequiresPermissions("sys:user:update")*/
+	@RequiresPermissions("sys:user:update")
 	public R update(@RequestBody SysUserEntity user){
 		ValidateUtils.is(user).notNull(RCode.SYS_USER_ID_ISNULL)
 			.and(user.getId()).notNull(RCode.SYS_USER_ID_ISNULL);
@@ -105,7 +105,7 @@ public class SysUserController extends AbstractController {
 	 */
 	@DeleteMapping
 	@SysLog(operation = OperationEnum.DELETE,type = TypeEnum.ACCOUNT)
-	/*@RequiresPermissions("sys:user:delete")*/
+	@RequiresPermissions("sys:user:delete")
 	public R delete(String ids) {
 		sysUserService.deleteUsers(ids);
 		return R.ok();
diff --git a/cn-admin/src/main/resources/db/R__AZ_sys_menu.sql b/cn-admin/src/main/resources/db/R__AZ_sys_menu.sql
index 5c0d174..ed4535d 100644
--- a/cn-admin/src/main/resources/db/R__AZ_sys_menu.sql
+++ b/cn-admin/src/main/resources/db/R__AZ_sys_menu.sql
@@ -35,31 +35,31 @@ INSERT INTO `sys_menu` VALUES (8, 'Detections', 'detections', 'overall.detection
 INSERT INTO `sys_menu` VALUES (9, 'Security events', 'securityEvents', 'entities.securityEvents', 8, NULL, 1, '/detection/securityEvent', '', NULL, 1, 1);
 INSERT INTO `sys_menu` VALUES (10, 'Performance events', 'performanceEvents', 'overall.performanceEvents', 8, NULL, 1, '/detection/performanceEvent', '', NULL, 21, 1);
 INSERT INTO `sys_menu` VALUES (11, 'Detection policy', 'detectionPolicy', 'overall.policies', 8, NULL, 1, '/detection/policy', '', NULL, 21, 1);
-INSERT INTO `sys_menu` VALUES (12, 'Create detection policy', 'createDetectionPolicy', 'overall.create', 11, NULL, 1, '/detection/policy/create', '', NULL, 1, 1);
-INSERT INTO `sys_menu` VALUES (13, 'Edit detection policy', 'editDetectionPolicy', 'overall.edit', 11, NULL, 1, '/detection/policy/edit', '', NULL, 11, 1);
-INSERT INTO `sys_menu` VALUES (14, 'Delete detection policy', 'deleteDetectionPolicy', 'overall.delete', 11, NULL, 2, '', '', NULL, 21, 1);
+INSERT INTO `sys_menu` VALUES (12, 'Create detection policy', 'createDetectionPolicy', 'overall.create', 11, 'detection:rule:add', 1, '/detection/policy/create', '', NULL, 1, 1);
+INSERT INTO `sys_menu` VALUES (13, 'Edit detection policy', 'editDetectionPolicy', 'overall.edit', 11, 'detection:rule:update', 1, '/detection/policy/edit', '', NULL, 11, 1);
+INSERT INTO `sys_menu` VALUES (14, 'Delete detection policy', 'deleteDetectionPolicy', 'overall.delete', 11, 'detection:rule:delete', 2, '', '', NULL, 21, 1);
 INSERT INTO `sys_menu` VALUES (15, 'Report', 'report', 'overall.report', 0, NULL, 1, '/report', 'cn-icon cn-icon-report1', NULL, 31, 1);
-INSERT INTO `sys_menu` VALUES (16, 'Create report', 'createReport', 'overall.create', 15, NULL, 2, '', '', NULL, 1, 1);
-INSERT INTO `sys_menu` VALUES (17, 'Edit report', 'editReport', 'overall.edit', 15, NULL, 2, '', '', NULL, 11, 1);
-INSERT INTO `sys_menu` VALUES (18, 'Delete report', 'deleteReport', 'overall.delete', 15, NULL, 2, '', '', NULL, 21, 1);
+INSERT INTO `sys_menu` VALUES (16, 'Create report', 'createReport', 'overall.create', 15, 'report:job:add,report:temp:add', 2, '', '', NULL, 1, 1);
+INSERT INTO `sys_menu` VALUES (17, 'Edit report', 'editReport', 'overall.edit', 15, 'report:job:update,report:temp:update', 2, '', '', NULL, 11, 1);
+INSERT INTO `sys_menu` VALUES (18, 'Delete report', 'deleteReport', 'overall.delete', 15, 'report:job:delete,report:temp:delete', 2, '', '', NULL, 21, 1);
 INSERT INTO `sys_menu` VALUES (19, 'Knowledge base', 'knowledgeBase', 'overall.knowledgeBase', 0, NULL, 1, '/knowledgeBase', 'cn-icon cn-icon-knowledge-base', NULL, 41, 1);
-INSERT INTO `sys_menu` VALUES (20, 'Edit built-in knowledge base', 'editBuiltInKnowledgeBase', 'overall.edit', 19, NULL, 2, '', '', NULL, 1, 1);
+INSERT INTO `sys_menu` VALUES (20, 'Edit built-in knowledge base', 'editBuiltInKnowledgeBase', 'overall.edit', 19, 'knowledge:base:add', 2, '', '', NULL, 1, 1);
 INSERT INTO `sys_menu` VALUES (21, 'User-defined library', 'userDefinedLibrary', 'knowledgeBase.userDefinedLibrary', 19, NULL, 1, '/knowledgeBase/userDefined', '', NULL, 11, 1);
-INSERT INTO `sys_menu` VALUES (22, 'Create user-defined library', 'createUserDefinedLibrary', 'overall.create', 21, NULL, 1, '/knowledgeBase/userDefined/create', '', NULL, 1, 1);
-INSERT INTO `sys_menu` VALUES (23, 'Edit user-defined library', 'editUserDefinedLibrary', 'overall.edit', 21, NULL, 1, '/knowledgeBase/userDefined/edit', '', NULL, 11, 1);
-INSERT INTO `sys_menu` VALUES (24, 'Delete user-defined library', 'deleteUserDefinedLibrary', 'overall.delete', 21, NULL, 2, '', '', NULL, 21, 1);
+INSERT INTO `sys_menu` VALUES (22, 'Create user-defined library', 'createUserDefinedLibrary', 'overall.create', 21, 'knowledge:base:add', 1, '/knowledgeBase/userDefined/create', '', NULL, 1, 1);
+INSERT INTO `sys_menu` VALUES (23, 'Edit user-defined library', 'editUserDefinedLibrary', 'overall.edit', 21, 'knowledge:base:update', 1, '/knowledgeBase/userDefined/edit', '', NULL, 11, 1);
+INSERT INTO `sys_menu` VALUES (24, 'Delete user-defined library', 'deleteUserDefinedLibrary', 'overall.delete', 21, 'knowledge:base:delete', 2, '', '', NULL, 21, 1);
 INSERT INTO `sys_menu` VALUES (25, 'Administration', 'administration', 'overall.administration', 0, NULL, 1, 'redirect:/administration', 'cn-icon cn-icon-administrations', NULL, 51, 1);
 INSERT INTO `sys_menu` VALUES (26, 'User', 'user', 'overall.user', 25, NULL, 1, '/administration/user', 'cn-icon cn-icon-user2', NULL, 1, 1);
-INSERT INTO `sys_menu` VALUES (27, 'Create user', 'createUser', 'overall.create', 26, NULL, 2, '', '', NULL, 1, 1);
-INSERT INTO `sys_menu` VALUES (28, 'Edit user', 'editUser', 'overall.edit', 26, NULL, 2, '', '', NULL, 11, 1);
-INSERT INTO `sys_menu` VALUES (29, 'Delete user', 'deleteUser', 'overall.delete', 26, NULL, 2, '', '', NULL, 21, 1);
+INSERT INTO `sys_menu` VALUES (27, 'Create user', 'createUser', 'overall.create', 26, 'sys:user:add', 2, '', '', NULL, 1, 1);
+INSERT INTO `sys_menu` VALUES (28, 'Edit user', 'editUser', 'overall.edit', 26, 'sys:user:update', 2, '', '', NULL, 11, 1);
+INSERT INTO `sys_menu` VALUES (29, 'Delete user', 'deleteUser', 'overall.delete', 26, 'sys:user:delete', 2, '', '', NULL, 21, 1);
 INSERT INTO `sys_menu` VALUES (30, 'Role', 'role', 'overall.role', 25, NULL, 1, '/administration/role', 'cn-icon cn-icon-role2', NULL, 11, 1);
-INSERT INTO `sys_menu` VALUES (31, 'Create role', 'createRole', 'overall.create', 30, NULL, 2, '', '', NULL, 1, 1);
-INSERT INTO `sys_menu` VALUES (32, 'Edit role', 'editRole', 'overall.edit', 30, NULL, 2, '', '', NULL, 11, 1);
-INSERT INTO `sys_menu` VALUES (33, 'Delete role', 'deleteRole', 'overall.delete', 30, NULL, 2, '', '', NULL, 21, 1);
+INSERT INTO `sys_menu` VALUES (31, 'Create role', 'createRole', 'overall.create', 30, 'sys:role:add', 2, '', '', NULL, 1, 1);
+INSERT INTO `sys_menu` VALUES (32, 'Edit role', 'editRole', 'overall.edit', 30, 'sys:role:update', 2, '', '', NULL, 11, 1);
+INSERT INTO `sys_menu` VALUES (33, 'Delete role', 'deleteRole', 'overall.delete', 30, 'sys:role:delete', 2, '', '', NULL, 21, 1);
 INSERT INTO `sys_menu` VALUES (34, 'Operation log', 'operationLog', 'overall.operationLog', 25, NULL, 1, '/administration/operationLog', 'cn-icon cn-icon-operation-log', NULL, 21, 1);
 INSERT INTO `sys_menu` VALUES (35, 'Appearance', 'appearance', 'appearance.appearance', 25, NULL, 1, '/administration/appearance', 'cn-icon cn-icon-preview', NULL, 31, 1);
-INSERT INTO `sys_menu` VALUES (36, 'Edit appearence', 'editAppearence', 'overall.edit', 35, NULL, 2, '', '', NULL, 1, 1);
+INSERT INTO `sys_menu` VALUES (36, 'Edit appearence', 'editAppearence', 'overall.edit', 35, 'sys:config:update', 2, '', '', NULL, 1, 1);
 INSERT INTO `sys_menu` VALUES (37, 'I18n', 'I18N', 'I18N', 0, NULL, 1, '/i18n', 'cn-icon cn-icon-i18n', NULL, 91, 1);
 INSERT INTO `sys_menu` VALUES (38, 'Link monitor', 'linkMonitor', 'overall.linkMonitor', 1, NULL, 1, '/panel/linkMonitor', '', NULL, 31, 1);
author	唐浩 <[email protected]>	2023-12-08 09:52:25 +0000
committer	唐浩 <[email protected]>	2023-12-08 09:52:25 +0000
commit	6cc2b0a50673618b00568cc02b643ab8e6e897ff (patch)
tree	b2426a2a407c95ab96ca349fa431727899559532
parent	1edc9f1d8f55a98864a24395b363f5ce01bf8d21 (diff)
parent	52025c95978f487d50ce1ca25632587cbab63125 (diff)