From 8e0008f5168302b007864582607322e2ae618aef Mon Sep 17 00:00:00 2001
From: CaptainB <bin@fit2cloud.com>
Date: Wed, 8 Jun 2022 13:49:00 +0800
Subject: [PATCH] =?UTF-8?q?refactor:=20=E7=94=A8=E6=88=B7=E7=9B=B8?=
 =?UTF-8?q?=E5=85=B3=E8=AE=BE=E7=BD=AE=E6=9D=83=E9=99=90?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../main/java/io/metersphere/controller/UserController.java  | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/backend/src/main/java/io/metersphere/controller/UserController.java b/backend/src/main/java/io/metersphere/controller/UserController.java
index b82c6c8627..aceb33f869 100644
--- a/backend/src/main/java/io/metersphere/controller/UserController.java
+++ b/backend/src/main/java/io/metersphere/controller/UserController.java
@@ -39,6 +39,7 @@ public class UserController {
 
     @PostMapping("/special/add")
     @MsAuditLog(module = OperLogModule.SYSTEM_USER, type = OperLogConstants.CREATE, content = "#msClass.getLogDetails(#user)", msClass = UserService.class)
+    @RequiresPermissions(PermissionConstants.SYSTEM_USER_READ_CREATE)
     public UserDTO insertUser(@RequestBody UserRequest user) {
         return userService.insert(user);
     }
@@ -56,6 +57,7 @@ public class UserController {
 
     @GetMapping("/special/delete/{userId}")
     @MsAuditLog(module = OperLogModule.SYSTEM_USER, type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#userId)", msClass = UserService.class)
+    @RequiresPermissions(PermissionConstants.SYSTEM_USER_READ_DELETE)
     public void deleteUser(@PathVariable(value = "userId") String userId) {
         userService.deleteUser(userId);
         // 剔除在线用户
@@ -64,12 +66,14 @@ public class UserController {
 
     @PostMapping("/special/update")
     @MsAuditLog(module = OperLogModule.SYSTEM_USER, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#user)", content = "#msClass.getLogDetails(#user)", msClass = UserService.class)
+    @RequiresPermissions(PermissionConstants.SYSTEM_USER_READ_EDIT)
     public void updateUser(@RequestBody UserRequest user) {
         userService.updateUserRole(user);
     }
 
     @PostMapping("/special/update_status")
     @MsAuditLog(module = OperLogModule.SYSTEM_USER, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#user.id)", content = "#msClass.getLogDetails(#user.id)", msClass = UserService.class)
+    @RequiresPermissions(PermissionConstants.SYSTEM_USER_READ_EDIT)
     public void updateStatus(@RequestBody User user) {
         userService.updateUser(user);
     }
@@ -240,6 +244,7 @@ public class UserController {
     /*管理员修改用户密码*/
     @PostMapping("/special/password")
     @MsAuditLog(module = OperLogModule.SYSTEM_USER, type = OperLogConstants.UPDATE, beforeEvent = "#msClass.getLogDetails(#request.id)", content = "#msClass.getLogDetails(#request.id)", msClass = UserService.class)
+    @RequiresPermissions(PermissionConstants.SYSTEM_USER_READ_EDIT_PASSWORD)
     public int updateUserPassword(@RequestBody EditPassWordRequest request) {
         return userService.updateUserPassword(request);
     }