角色菜单改造完成，去除权限管理，采用按钮方式显示在菜单管理中

d5d48015 · dqjdda · e1366ee4 · d5d48015 · d5d48015 · d5d48015
Commit d5d48015 authored Oct 29, 2019 by dqjdda
--- a/eladmin-common/src/main/java/me/zhengjie/config/ElPermissionConfig.java
+++ b/eladmin-common/src/main/java/me/zhengjie/config/ElPermissionConfig.java
+package me.zhengjie.config;
+import me.zhengjie.utils.SecurityUtils;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.stereotype.Service;
+import java.util.Arrays;
+import java.util.List;
+import java.util.stream.Collectors;
+@Service(value = "el")
+public class ElPermissionConfig {
+    public Boolean check(String ...permissions){
+        List<String> elPermissions = SecurityUtils.getUserDetails().getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toList());
+        List<String> list = Arrays.stream(permissions).filter(elPermissions::contains).map(s -> s).collect(Collectors.toList());
+        if(elPermissions.contains("admin") || list.size() != 0){
+            return true;
+        }
+        return false;
+    }
+}
--- a/eladmin-logging/src/main/java/me/zhengjie/rest/LogController.java
+++ b/eladmin-logging/src/main/java/me/zhengjie/rest/LogController.java
@@ -31,7 +31,7 @@ public class LogController {
    @GetMapping
    @ApiOperation("日志查询")
-    @PreAuthorize("hasAnyRole('admin')")
+    @PreAuthorize("@el.check()")
    public ResponseEntity getLogs(LogQueryCriteria criteria, Pageable pageable){
        criteria.setLogType("INFO");
        return new ResponseEntity<>(logService.queryAll(criteria,pageable), HttpStatus.OK);
@@ -47,7 +47,7 @@ public class LogController {
    @GetMapping(value = "/error")
    @ApiOperation("错误日志查询")
-    @PreAuthorize("hasAnyRole('admin')")
+    @PreAuthorize("@el.check()")
    public ResponseEntity getErrorLogs(LogQueryCriteria criteria, Pageable pageable){
        criteria.setLogType("ERROR");
        return new ResponseEntity<>(logService.queryAll(criteria,pageable), HttpStatus.OK);
@@ -55,7 +55,7 @@ public class LogController {
    @GetMapping(value = "/error/{id}")
    @ApiOperation("日志异常详情查询")
-    @PreAuthorize("hasAnyRole('admin')")
+    @PreAuthorize("@el.check()")
    public ResponseEntity getErrorLogs(@PathVariable Long id){
        return new ResponseEntity<>(logService.findByErrDetail(id), HttpStatus.OK);
    }

--- a/eladmin-system/src/main/java/me/zhengjie/modules/monitor/rest/RedisController.java
+++ b/eladmin-system/src/main/java/me/zhengjie/modules/monitor/rest/RedisController.java
@@ -29,7 +29,7 @@ public class RedisController {
    @Log("查询Redis缓存")
    @GetMapping
    @ApiOperation("查询Redis缓存")
-    @PreAuthorize("hasAnyRole('admin','REDIS_ALL','REDIS_SELECT')")
+    @PreAuthorize("@el.check('redis:list')")
    public ResponseEntity getRedis(String key, Pageable pageable){
        return new ResponseEntity<>(redisService.findByKey(key,pageable), HttpStatus.OK);
    }
@@ -37,7 +37,7 @@ public class RedisController {
    @Log("删除Redis缓存")
    @DeleteMapping
    @ApiOperation("删除Redis缓存")
-    @PreAuthorize("hasAnyRole('admin','REDIS_ALL','REDIS_DELETE')")
+    @PreAuthorize("@el.check('redis:del')")
    public ResponseEntity delete(@RequestBody RedisVo resources){
        redisService.delete(resources.getKey());
        return new ResponseEntity(HttpStatus.OK);
@@ -46,7 +46,7 @@ public class RedisController {
    @Log("清空Redis缓存")
    @DeleteMapping(value = "/all")
    @ApiOperation("清空Redis缓存")
-    @PreAuthorize("hasAnyRole('admin','REDIS_ALL','REDIS_DELETE')")
+    @PreAuthorize("@el.check('redis:del')")
    public ResponseEntity deleteAll(){
        redisService.deleteAll();
        return new ResponseEntity(HttpStatus.OK);

--- a/eladmin-system/src/main/java/me/zhengjie/modules/quartz/rest/QuartzJobController.java
+++ b/eladmin-system/src/main/java/me/zhengjie/modules/quartz/rest/QuartzJobController.java
@@ -36,14 +36,14 @@ public class QuartzJobController {
    @Log("查询定时任务")
    @ApiOperation("查询定时任务")
    @GetMapping
-    @PreAuthorize("hasAnyRole('admin','JOB_ALL','JOB_SELECT')")
+    @PreAuthorize("@el.check('timing:list')")
    public ResponseEntity getJobs(JobQueryCriteria criteria, Pageable pageable){
        return new ResponseEntity<>(quartzJobService.queryAll(criteria,pageable), HttpStatus.OK);
    }
    @ApiOperation("查询任务执行日志")
    @GetMapping(value = "/logs")
-    @PreAuthorize("hasAnyRole('admin','JOB_ALL','JOB_SELECT')")
+    @PreAuthorize("@el.check('timing:list')")
    public ResponseEntity getJobLogs(JobQueryCriteria criteria, Pageable pageable){
        return new ResponseEntity<>(quartzJobService.queryAllLog(criteria,pageable), HttpStatus.OK);
    }
@@ -51,7 +51,7 @@ public class QuartzJobController {
    @Log("新增定时任务")
    @ApiOperation("新增定时任务")
    @PostMapping
-    @PreAuthorize("hasAnyRole('admin','JOB_ALL','JOB_CREATE')")
+    @PreAuthorize("@el.check('timing:add')")
    public ResponseEntity create(@Validated @RequestBody QuartzJob resources){
        if (resources.getId() != null) {
            throw new BadRequestException("A new "+ ENTITY_NAME +" cannot already have an ID");
@@ -62,7 +62,7 @@ public class QuartzJobController {
    @Log("修改定时任务")
    @ApiOperation("修改定时任务")
    @PutMapping
-    @PreAuthorize("hasAnyRole('admin','JOB_ALL','JOB_EDIT')")
+    @PreAuthorize("@el.check('timing:edit')")
    public ResponseEntity update(@Validated(QuartzJob.Update.class) @RequestBody QuartzJob resources){
        quartzJobService.update(resources);
        return new ResponseEntity(HttpStatus.NO_CONTENT);
@@ -71,7 +71,7 @@ public class QuartzJobController {
    @Log("更改定时任务状态")
    @ApiOperation("更改定时任务状态")
    @PutMapping(value = "/{id}")
-    @PreAuthorize("hasAnyRole('admin','JOB_ALL','JOB_EDIT')")
+    @PreAuthorize("@el.check('timing:edit')")
    public ResponseEntity updateIsPause(@PathVariable Long id){
        quartzJobService.updateIsPause(quartzJobService.findById(id));
        return new ResponseEntity(HttpStatus.NO_CONTENT);
@@ -80,7 +80,7 @@ public class QuartzJobController {
    @Log("执行定时任务")
    @ApiOperation("执行定时任务")
    @PutMapping(value = "/exec/{id}")
-    @PreAuthorize("hasAnyRole('admin','JOB_ALL','JOB_EDIT')")
+    @PreAuthorize("@el.check('timing:edit')")
    public ResponseEntity execution(@PathVariable Long id){
        quartzJobService.execution(quartzJobService.findById(id));
        return new ResponseEntity(HttpStatus.NO_CONTENT);
@@ -89,7 +89,7 @@ public class QuartzJobController {
    @Log("删除定时任务")
    @ApiOperation("删除定时任务")
    @DeleteMapping(value = "/{id}")
-    @PreAuthorize("hasAnyRole('admin','JOB_ALL','JOB_DELETE')")
+    @PreAuthorize("@el.check('timing:del')")
    public ResponseEntity delete(@PathVariable Long id){
        quartzJobService.delete(quartzJobService.findById(id));
        return new ResponseEntity(HttpStatus.OK);

--- a/eladmin-system/src/main/java/me/zhengjie/modules/security/rest/OnlineController.java
+++ b/eladmin-system/src/main/java/me/zhengjie/modules/security/rest/OnlineController.java
@@ -22,14 +22,14 @@ public class OnlineController {
    @ApiOperation("查询在线用户")
    @GetMapping
-    @PreAuthorize("hasRole('ADMIN')")
+    @PreAuthorize("@el.check()")
    public ResponseEntity getAll(String filter, Pageable pageable){
        return new ResponseEntity<>(onlineUserService.getAll(filter, pageable),HttpStatus.OK);
    }
    @ApiOperation("踢出用户")
    @DeleteMapping(value = "/{key}")
-    @PreAuthorize("hasRole('ADMIN')")
+    @PreAuthorize("@el.check()")
    public ResponseEntity delete(@PathVariable String key) throws Exception {
        onlineUserService.kickOut(key);
        return new ResponseEntity(HttpStatus.OK);

--- a/eladmin-system/src/main/java/me/zhengjie/modules/security/service/JwtPermissionService.java
+++ b/eladmin-system/src/main/java/me/zhengjie/modules/security/service/JwtPermissionService.java
 package me.zhengjie.modules.security.service;
+import me.zhengjie.modules.system.domain.Menu;
 import me.zhengjie.modules.system.domain.Role;
 import me.zhengjie.modules.system.repository.RoleRepository;
 import me.zhengjie.modules.system.service.dto.UserDTO;
+import me.zhengjie.utils.StringUtils;
 import org.springframework.cache.annotation.CacheConfig;
 import org.springframework.cache.annotation.Cacheable;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.stereotype.Service;
 import java.util.Collection;
+import java.util.List;
 import java.util.Set;
 import java.util.stream.Collectors;
@@ -33,9 +36,13 @@ public class JwtPermissionService {
        System.out.println("--------------------loadPermissionByUser:" + user.getUsername() + "---------------------");
        Set<Role> roles = roleRepository.findByUsers_Id(user.getId());
+        Set<String> permissions = roles.stream().filter(role -> StringUtils.isNotBlank(role.getPermission())).map(Role::getPermission).collect(Collectors.toSet());
-        return roles.stream().flatMap(role -> role.getPermissions().stream())
+        permissions.addAll(
-                .map(permission -> new SimpleGrantedAuthority(permission.getName()))
+                roles.stream().flatMap(role -> role.getMenus().stream())
+                        .filter(menu -> StringUtils.isNotBlank(menu.getPermission()))
+                        .map(Menu::getPermission).collect(Collectors.toSet())
+        );
+        return permissions.stream().map(permission -> new SimpleGrantedAuthority(permission))
                .collect(Collectors.toList());
    }
 }
--- a/eladmin-system/src/main/java/me/zhengjie/modules/system/domain/Permission.java
+++ b/eladmin-system/src/main/java/me/zhengjie/modules/system/domain/Permission.java
-package me.zhengjie.modules.system.domain;
-import com.fasterxml.jackson.annotation.JsonIgnore;
-import lombok.Getter;
-import lombok.Setter;
-import org.hibernate.annotations.CreationTimestamp;
-import javax.persistence.*;
-import javax.validation.constraints.NotBlank;
-import javax.validation.constraints.NotNull;
-import java.sql.Timestamp;
-import java.util.Set;
-/**
- * @author Zheng Jie
- * @date 2018-12-03
- */
-@Entity
-@Getter
-@Setter
-@Table(name = "permission")
-public class Permission{
-	@Id
-	@GeneratedValue(strategy = GenerationType.IDENTITY)
-	@NotNull(groups = {Update.class})
-	private Long id;
-	@NotBlank
-	private String name;
-	// 上级类目
-	@NotNull
-	@Column(name = "pid",nullable = false)
-	private Long pid;
-	@NotBlank
-	private String alias;
-	@Column(name = "create_time")
-	@CreationTimestamp
-	private Timestamp createTime;
-	@JsonIgnore
-	@ManyToMany(mappedBy = "permissions")
-	private Set<Role> roles;
-	public @interface Update {}
-}
--- a/eladmin-system/src/main/java/me/zhengjie/modules/system/domain/Role.java
+++ b/eladmin-system/src/main/java/me/zhengjie/modules/system/domain/Role.java
@@ -50,10 +50,6 @@ public class Role{
    @ManyToMany(mappedBy = "roles")
    private Set<User> users;
-    @ManyToMany
-    @JoinTable(name = "roles_permissions", joinColumns = {@JoinColumn(name = "role_id",referencedColumnName = "id")}, inverseJoinColumns = {@JoinColumn(name = "permission_id",referencedColumnName = "id")})
-    private Set<Permission> permissions;
    @ManyToMany
    @JoinTable(name = "roles_menus", joinColumns = {@JoinColumn(name = "role_id",referencedColumnName = "id")}, inverseJoinColumns = {@JoinColumn(name = "menu_id",referencedColumnName = "id")})
    private Set<Menu> menus;

--- a/eladmin-system/src/main/java/me/zhengjie/modules/system/repository/PermissionRepository.java
+++ b/eladmin-system/src/main/java/me/zhengjie/modules/system/repository/PermissionRepository.java
-package me.zhengjie.modules.system.repository;
-import me.zhengjie.modules.system.domain.Permission;
-import org.springframework.data.jpa.repository.JpaRepository;
-import org.springframework.data.jpa.repository.JpaSpecificationExecutor;
-import java.util.List;
-/**
- * @author Zheng Jie
- * @date 2018-12-03
- */
-public interface PermissionRepository extends JpaRepository<Permission, Long>, JpaSpecificationExecutor<Permission> {
-    Permission findByName(String name);
-    List<Permission> findByPid(long pid);
-}
--- a/eladmin-system/src/main/java/me/zhengjie/modules/system/repository/RoleRepository.java
+++ b/eladmin-system/src/main/java/me/zhengjie/modules/system/repository/RoleRepository.java
@@ -17,10 +17,6 @@ public interface RoleRepository extends JpaRepository<Role, Long>, JpaSpecificat
    Set<Role> findByUsers_Id(Long id);
-    @Modifying
-    @Query(value = "delete from roles_permissions where permission_id = ?1",nativeQuery = true)
-    void untiedPermission(Long id);
    @Modifying
    @Query(value = "delete from roles_menus where menu_id = ?1",nativeQuery = true)
    void untiedMenu(Long id);

--- a/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/DeptController.java
+++ b/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/DeptController.java
@@ -40,7 +40,7 @@ public class DeptController {
    @Log("查询部门")
    @ApiOperation("查询部门")
    @GetMapping
-    @PreAuthorize("hasAnyRole('admin','user:all','user:select','DEPT_ALL','DEPT_SELECT')")
+    @PreAuthorize("@el.check('user:list','dept:list')")
    public ResponseEntity getDepts(DeptQueryCriteria criteria){
        // 数据权限
        criteria.setIds(dataScope.getDeptIds());
@@ -51,7 +51,7 @@ public class DeptController {
    @Log("新增部门")
    @ApiOperation("新增部门")
    @PostMapping
-    @PreAuthorize("hasAnyRole('admin','DEPT_ALL','DEPT_CREATE')")
+    @PreAuthorize("@el.check('dept:add')")
    public ResponseEntity create(@Validated @RequestBody Dept resources){
        if (resources.getId() != null) {
            throw new BadRequestException("A new "+ ENTITY_NAME +" cannot already have an ID");
@@ -62,7 +62,7 @@ public class DeptController {
    @Log("修改部门")
    @ApiOperation("修改部门")
    @PutMapping
-    @PreAuthorize("hasAnyRole('admin','DEPT_ALL','DEPT_EDIT')")
+    @PreAuthorize("@el.check('dept:edit')")
    public ResponseEntity update(@Validated(Dept.Update.class) @RequestBody Dept resources){
        deptService.update(resources);
        return new ResponseEntity(HttpStatus.NO_CONTENT);
@@ -71,7 +71,7 @@ public class DeptController {
    @Log("删除部门")
    @ApiOperation("删除部门")
    @DeleteMapping(value = "/{id}")
-    @PreAuthorize("hasAnyRole('admin','DEPT_ALL','DEPT_DELETE')")
+    @PreAuthorize("@el.check('dept:del')")
    public ResponseEntity delete(@PathVariable Long id){
        try {
            deptService.delete(id);

--- a/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/DictController.java
+++ b/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/DictController.java
@@ -34,7 +34,7 @@ public class DictController {
    @Log("查询字典")
    @ApiOperation("查询字典")
    @GetMapping
-    @PreAuthorize("hasAnyRole('admin','DICT_ALL','DICT_SELECT')")
+    @PreAuthorize("@el.check('dict:list')")
    public ResponseEntity getDicts(DictQueryCriteria resources, Pageable pageable){
        return new ResponseEntity<>(dictService.queryAll(resources,pageable),HttpStatus.OK);
    }
@@ -42,7 +42,7 @@ public class DictController {
    @Log("新增字典")
    @ApiOperation("新增字典")
    @PostMapping
-    @PreAuthorize("hasAnyRole('admin','DICT_ALL','DICT_CREATE')")
+    @PreAuthorize("@el.check('dict:add')")
    public ResponseEntity create(@Validated @RequestBody Dict resources){
        if (resources.getId() != null) {
            throw new BadRequestException("A new "+ ENTITY_NAME +" cannot already have an ID");
@@ -53,7 +53,7 @@ public class DictController {
    @Log("修改字典")
    @ApiOperation("修改字典")
    @PutMapping
-    @PreAuthorize("hasAnyRole('admin','DICT_ALL','DICT_EDIT')")
+    @PreAuthorize("@el.check('dict:edit')")
    public ResponseEntity update(@Validated(Dict.Update.class) @RequestBody Dict resources){
        dictService.update(resources);
        return new ResponseEntity(HttpStatus.NO_CONTENT);
@@ -62,7 +62,7 @@ public class DictController {
    @Log("删除字典")
    @ApiOperation("删除字典")
    @DeleteMapping(value = "/{id}")
-    @PreAuthorize("hasAnyRole('admin','DICT_ALL','DICT_DELETE')")
+    @PreAuthorize("@el.check('dict:del')")
    public ResponseEntity delete(@PathVariable Long id){
        dictService.delete(id);
        return new ResponseEntity(HttpStatus.OK);

--- a/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/DictDetailController.java
+++ b/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/DictDetailController.java
@@ -60,7 +60,7 @@ public class DictDetailController {
    @Log("新增字典详情")
    @ApiOperation("新增字典详情")
    @PostMapping
-    @PreAuthorize("hasAnyRole('admin','DICT_ALL','DICT_CREATE')")
+    @PreAuthorize("@el.check('dict:add')")
    public ResponseEntity create(@Validated @RequestBody DictDetail resources){
        if (resources.getId() != null) {
            throw new BadRequestException("A new "+ ENTITY_NAME +" cannot already have an ID");
@@ -71,7 +71,7 @@ public class DictDetailController {
    @Log("修改字典详情")
    @ApiOperation("修改字典详情")
    @PutMapping
-    @PreAuthorize("hasAnyRole('admin','DICT_ALL','DICT_EDIT')")
+    @PreAuthorize("@el.check('dict:edit')")
    public ResponseEntity update(@Validated(DictDetail.Update.class) @RequestBody DictDetail resources){
        dictDetailService.update(resources);
        return new ResponseEntity(HttpStatus.NO_CONTENT);
@@ -80,7 +80,7 @@ public class DictDetailController {
    @Log("删除字典详情")
    @ApiOperation("删除字典详情")
    @DeleteMapping(value = "/{id}")
-    @PreAuthorize("hasAnyRole('admin','DICT_ALL','DICT_DELETE')")
+    @PreAuthorize("@el.check('dict:del')")
    public ResponseEntity delete(@PathVariable Long id){
        dictDetailService.delete(id);
        return new ResponseEntity(HttpStatus.OK);

--- a/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/JobController.java
+++ b/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/JobController.java
@@ -39,7 +39,7 @@ public class JobController {
    @Log("查询岗位")
    @ApiOperation("查询岗位")
    @GetMapping
-    @PreAuthorize("hasAnyRole('admin','USERJOB_ALL','USERJOB_SELECT','user:all','user:select')")
+    @PreAuthorize("@el.check('job:list','user:list')")
    public ResponseEntity getJobs(JobQueryCriteria criteria,
                                  Pageable pageable){
        // 数据权限
@@ -50,7 +50,7 @@ public class JobController {
    @Log("新增岗位")
    @ApiOperation("新增岗位")
    @PostMapping
-    @PreAuthorize("hasAnyRole('admin','USERJOB_ALL','USERJOB_CREATE')")
+    @PreAuthorize("@el.check('job:add')")
    public ResponseEntity create(@Validated @RequestBody Job resources){
        if (resources.getId() != null) {
            throw new BadRequestException("A new "+ ENTITY_NAME +" cannot already have an ID");
@@ -61,7 +61,7 @@ public class JobController {
    @Log("修改岗位")
    @ApiOperation("修改岗位")
    @PutMapping
-    @PreAuthorize("hasAnyRole('admin','USERJOB_ALL','USERJOB_EDIT')")
+    @PreAuthorize("@el.check('job:edit')")
    public ResponseEntity update(@Validated(Job.Update.class) @RequestBody Job resources){
        jobService.update(resources);
        return new ResponseEntity(HttpStatus.NO_CONTENT);
@@ -70,7 +70,7 @@ public class JobController {
    @Log("删除岗位")
    @ApiOperation("删除岗位")
    @DeleteMapping(value = "/{id}")
-    @PreAuthorize("hasAnyRole('admin','USERJOB_ALL','USERJOB_DELETE')")
+    @PreAuthorize("@el.check('job:del')")
    public ResponseEntity delete(@PathVariable Long id){
        try {
            jobService.delete(id);

--- a/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/MenuController.java
+++ b/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/MenuController.java
@@ -56,7 +56,7 @@ public class MenuController {
    @ApiOperation("返回全部的菜单")
    @GetMapping(value = "/tree")
-    @PreAuthorize("hasAnyRole('admin','MENU_ALL','MENU_CREATE','MENU_EDIT','ROLES_SELECT','ROLES_ALL')")
+    @PreAuthorize("@el.check('menu:list','roles:list')")
    public ResponseEntity getMenuTree(){
        return new ResponseEntity<>(menuService.getMenuTree(menuService.findByPid(0L)),HttpStatus.OK);
    }
@@ -64,7 +64,7 @@ public class MenuController {
    @Log("查询菜单")
    @ApiOperation("查询菜单")
    @GetMapping
-    @PreAuthorize("hasAnyRole('admin','MENU_ALL','MENU_SELECT')")
+    @PreAuthorize("@el.check('menu:list')")
    public ResponseEntity getMenus(MenuQueryCriteria criteria){
        List<MenuDTO> menuDTOList = menuService.queryAll(criteria);
        return new ResponseEntity<>(menuService.buildTree(menuDTOList),HttpStatus.OK);
@@ -73,7 +73,7 @@ public class MenuController {
    @Log("新增菜单")
    @ApiOperation("新增菜单")
    @PostMapping
-    @PreAuthorize("hasAnyRole('admin','MENU_ALL','MENU_CREATE')")
+    @PreAuthorize("@el.check('menu:add')")
    public ResponseEntity create(@Validated @RequestBody Menu resources){
        if (resources.getId() != null) {
            throw new BadRequestException("A new "+ ENTITY_NAME +" cannot already have an ID");
@@ -84,7 +84,7 @@ public class MenuController {
    @Log("修改菜单")
    @ApiOperation("修改菜单")
    @PutMapping
-    @PreAuthorize("hasAnyRole('admin','MENU_ALL','MENU_EDIT')")
+    @PreAuthorize("@el.check('menu:edit')")
    public ResponseEntity update(@Validated(Menu.Update.class) @RequestBody Menu resources){
        menuService.update(resources);
        return new ResponseEntity(HttpStatus.NO_CONTENT);
@@ -93,7 +93,7 @@ public class MenuController {
    @Log("删除菜单")
    @ApiOperation("删除菜单")
    @DeleteMapping(value = "/{id}")
-    @PreAuthorize("hasAnyRole('admin','MENU_ALL','MENU_DELETE')")
+    @PreAuthorize("@el.check('menu:del')")
    public ResponseEntity delete(@PathVariable Long id){
        List<Menu> menuList = menuService.findByPid(id);
        Set<Menu> menuSet = new HashSet<>();

--- a/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/PermissionController.java
+++ b/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/PermissionController.java
-package me.zhengjie.modules.system.rest;
-import io.swagger.annotations.Api;
-import io.swagger.annotations.ApiOperation;
-import me.zhengjie.aop.log.Log;
-import me.zhengjie.modules.system.domain.Permission;
-import me.zhengjie.exception.BadRequestException;
-import me.zhengjie.modules.system.service.PermissionService;
-import me.zhengjie.modules.system.service.dto.PermissionDTO;
-import me.zhengjie.modules.system.service.dto.PermissionQueryCriteria;
-import me.zhengjie.modules.system.service.mapper.PermissionMapper;
-import org.springframework.http.HttpStatus;
-import org.springframework.http.ResponseEntity;
-import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.validation.annotation.Validated;
-import org.springframework.web.bind.annotation.*;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-/**
- * @author Zheng Jie
- * @date 2018-12-03
- */
-@Api(tags = "系统：权限管理")
-@RestController
-@RequestMapping("/api/permissions")
-public class PermissionController {
-    private final PermissionService permissionService;
-    private final PermissionMapper permissionMapper;
-    private static final String ENTITY_NAME = "permission";
-    public PermissionController(PermissionService permissionService, PermissionMapper permissionMapper) {
-        this.permissionService = permissionService;
-        this.permissionMapper = permissionMapper;
-    }
-    @ApiOperation("返回全部的权限，新增角色时下拉选择")
-    @GetMapping(value = "/tree")
-    @PreAuthorize("hasAnyRole('admin','PERMISSION_ALL','PERMISSION_CREATE','PERMISSION_EDIT','ROLES_SELECT','ROLES_ALL')")
-    public ResponseEntity getTree(){
-        return new ResponseEntity<>(permissionService.getPermissionTree(permissionService.findByPid(0L)),HttpStatus.OK);
-    }
-    @Log("查询权限")
-    @ApiOperation("查询权限")
-    @GetMapping
-    @PreAuthorize("hasAnyRole('admin','PERMISSION_ALL','PERMISSION_SELECT')")
-    public ResponseEntity getPermissions(PermissionQueryCriteria criteria){
-        List<PermissionDTO> permissionDTOS = permissionService.queryAll(criteria);
-        return new ResponseEntity<>(permissionService.buildTree(permissionDTOS),HttpStatus.OK);
-    }
-    @Log("新增权限")
-    @ApiOperation("新增权限")
-    @PostMapping
-    @PreAuthorize("hasAnyRole('admin','PERMISSION_ALL','PERMISSION_CREATE')")
-    public ResponseEntity create(@Validated @RequestBody Permission resources){
-        if (resources.getId() != null) {
-            throw new BadRequestException("A new "+ ENTITY_NAME +" cannot already have an ID");
-        }
-        return new ResponseEntity<>(permissionService.create(resources),HttpStatus.CREATED);
-    }
-    @Log("修改权限")
-    @ApiOperation("修改权限")
-    @PutMapping
-    @PreAuthorize("hasAnyRole('admin','PERMISSION_ALL','PERMISSION_EDIT')")
-    public ResponseEntity update(@Validated(Permission.Update.class) @RequestBody Permission resources){
-        permissionService.update(resources);
-        return new ResponseEntity(HttpStatus.NO_CONTENT);
-    }
-    @Log("删除权限")
-    @ApiOperation("删除权限")
-    @DeleteMapping(value = "/{id}")
-    @PreAuthorize("hasAnyRole('admin','PERMISSION_ALL','PERMISSION_DELETE')")
-    public ResponseEntity delete(@PathVariable Long id){
-        List<Permission> permissions = permissionService.findByPid(id);
-        Set<Permission> permissionSet = new HashSet<>();
-        permissionSet.add(permissionMapper.toEntity(permissionService.findById(id)));
-        permissionSet = permissionService.getDeletePermission(permissions, permissionSet);
-        permissionService.delete(permissionSet);
-        return new ResponseEntity(HttpStatus.OK);
-    }
-}
--- a/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/RoleController.java
+++ b/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/RoleController.java
@@ -42,14 +42,14 @@ public class RoleController {
    @ApiOperation("获取单个role")
    @GetMapping(value = "/{id}")
-    @PreAuthorize("hasAnyRole('admin','ROLES_ALL','ROLES_SELECT')")
+    @PreAuthorize("@el.check('roles:list')")
    public ResponseEntity getRoles(@PathVariable Long id){
        return new ResponseEntity<>(roleService.findById(id), HttpStatus.OK);
    }
    @ApiOperation("返回全部的角色")
    @GetMapping(value = "/all")
-    @PreAuthorize("hasAnyRole('admin','ROLES_ALL','user:all','user:add','user:edit')")
+    @PreAuthorize("@el.check('roles:list','user:add','user:edit')")
    public ResponseEntity getAll(@PageableDefault(value = 2000, sort = {"level"}, direction = Sort.Direction.ASC) Pageable pageable){
        return new ResponseEntity<>(roleService.queryAll(pageable),HttpStatus.OK);
    }
@@ -57,7 +57,7 @@ public class RoleController {
    @Log("查询角色")
    @ApiOperation("查询角色")
    @GetMapping
-    @PreAuthorize("hasAnyRole('admin','ROLES_ALL','ROLES_SELECT')")
+    @PreAuthorize("@el.check('roles:list')")
    public ResponseEntity getRoles(RoleQueryCriteria criteria, Pageable pageable){
        return new ResponseEntity<>(roleService.queryAll(criteria,pageable),HttpStatus.OK);
    }
@@ -72,7 +72,7 @@ public class RoleController {
    @Log("新增角色")
    @ApiOperation("新增角色")
    @PostMapping
-    @PreAuthorize("hasAnyRole('admin','ROLES_ALL','ROLES_CREATE')")
+    @PreAuthorize("@el.check('roles:add')")
    public ResponseEntity create(@Validated @RequestBody Role resources){
        if (resources.getId() != null) {
            throw new BadRequestException("A new "+ ENTITY_NAME +" cannot already have an ID");
@@ -83,25 +83,16 @@ public class RoleController {
    @Log("修改角色")
    @ApiOperation("修改角色")
    @PutMapping
-    @PreAuthorize("hasAnyRole('admin','ROLES_ALL','ROLES_EDIT')")
+    @PreAuthorize("@el.check('roles:edit')")
    public ResponseEntity update(@Validated(Role.Update.class) @RequestBody Role resources){
        roleService.update(resources);
        return new ResponseEntity(HttpStatus.NO_CONTENT);
    }
-    @Log("修改角色权限")
-    @ApiOperation("修改角色权限")
-    @PutMapping(value = "/permission")
-    @PreAuthorize("hasAnyRole('admin','ROLES_ALL','ROLES_EDIT')")
-    public ResponseEntity updatePermission(@RequestBody Role resources){
-        roleService.updatePermission(resources,roleService.findById(resources.getId()));
-        return new ResponseEntity(HttpStatus.NO_CONTENT);
-    }
    @Log("修改角色菜单")
    @ApiOperation("修改角色菜单")
    @PutMapping(value = "/menu")
-    @PreAuthorize("hasAnyRole('admin','ROLES_ALL','ROLES_EDIT')")
+    @PreAuthorize("@el.check('roles:edit')")
    public ResponseEntity updateMenu(@RequestBody Role resources){
        roleService.updateMenu(resources,roleService.findById(resources.getId()));
        return new ResponseEntity(HttpStatus.NO_CONTENT);
@@ -110,7 +101,7 @@ public class RoleController {
    @Log("删除角色")
    @ApiOperation("删除角色")
    @DeleteMapping(value = "/{id}")
-    @PreAuthorize("hasAnyRole('admin','ROLES_ALL','ROLES_DELETE')")
+    @PreAuthorize("@el.check('roles:del')")
    public ResponseEntity delete(@PathVariable Long id){
        try {
            roleService.delete(id);

--- a/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/UserController.java
+++ b/eladmin-system/src/main/java/me/zhengjie/modules/system/rest/UserController.java
@@ -60,7 +60,7 @@ public class UserController {
    @Log("导出用户数据")
    @ApiOperation("导出用户数据")
    @GetMapping(value = "/download")
-    @PreAuthorize("hasAnyRole('admin','user:all','user:select')")
+    @PreAuthorize("@el.check('user:list')")
    public void update(HttpServletResponse response, UserQueryCriteria criteria) throws IOException {
        userService.download(userService.queryAll(criteria), response);
    }
@@ -68,26 +68,21 @@ public class UserController {
    @Log("查询用户")
    @ApiOperation("查询用户")
    @GetMapping
-    @PreAuthorize("hasAnyRole('admin','user:all','user:select')")
+    @PreAuthorize("@el.check('user:list')")
    public ResponseEntity getUsers(UserQueryCriteria criteria, Pageable pageable){
        Set<Long> deptSet = new HashSet<>();
        Set<Long> result = new HashSet<>();
        if (!ObjectUtils.isEmpty(criteria.getDeptId())) {
            deptSet.add(criteria.getDeptId());
            deptSet.addAll(dataScope.getDeptChildren(deptService.findByPid(criteria.getDeptId())));
        }
        // 数据权限
        Set<Long> deptIds = dataScope.getDeptIds();
        // 查询条件不为空并且数据权限不为空则取交集
        if (!CollectionUtils.isEmpty(deptIds) && !CollectionUtils.isEmpty(deptSet)){
            // 取交集
            result.addAll(deptSet);
            result.retainAll(deptIds);
            // 若无交集，则代表无数据权限
            criteria.setDeptIds(result);
            if(result.size() == 0){
@@ -105,7 +100,7 @@ public class UserController {
    @Log("新增用户")
    @ApiOperation("新增用户")
    @PostMapping
-    @PreAuthorize("hasAnyRole('admin','user:all','user:add')")
+    @PreAuthorize("@el.check('user:add')")
    public ResponseEntity create(@Validated @RequestBody User resources){
        checkLevel(resources);
        return new ResponseEntity<>(userService.create(resources),HttpStatus.CREATED);
@@ -114,7 +109,7 @@ public class UserController {
    @Log("修改用户")
    @ApiOperation("修改用户")
    @PutMapping
-    @PreAuthorize("hasAnyRole('admin','user:all','user:edit')")
+    @PreAuthorize("@el.check('user:edit')")
    public ResponseEntity update(@Validated(User.Update.class) @RequestBody User resources){
        checkLevel(resources);
        userService.update(resources);
@@ -124,7 +119,7 @@ public class UserController {
    @Log("删除用户")
    @ApiOperation("删除用户")
    @DeleteMapping(value = "/{id}")
-    @PreAuthorize("hasAnyRole('admin','user:all','user:del')")
+    @PreAuthorize("@el.check('user:del')")
    public ResponseEntity delete(@PathVariable Long id){
        Integer currentLevel =  Collections.min(roleService.findByUsers_Id(SecurityUtils.getUserId()).stream().map(RoleSmallDTO::getLevel).collect(Collectors.toList()));
        Integer optLevel =  Collections.min(roleService.findByUsers_Id(id).stream().map(RoleSmallDTO::getLevel).collect(Collectors.toList()));
@@ -171,8 +166,6 @@ public class UserController {
        return new ResponseEntity(HttpStatus.OK);
    }
    /**
     * 如果当前用户的角色级别低于创建用户的角色级别，则抛出权限不足的错误
     * @param resources /

--- a/eladmin-system/src/main/java/me/zhengjie/modules/system/service/PermissionService.java
+++ b/eladmin-system/src/main/java/me/zhengjie/modules/system/service/PermissionService.java
-package me.zhengjie.modules.system.service;
-import me.zhengjie.modules.system.domain.Permission;
-import me.zhengjie.modules.system.service.dto.PermissionDTO;
-import me.zhengjie.modules.system.service.dto.PermissionQueryCriteria;
-import java.util.List;
-import java.util.Set;
-/**
- * @author Zheng Jie
- * @date 2018-12-08
- */
-public interface PermissionService {
-    PermissionDTO findById(long id);
-    PermissionDTO create(Permission resources);
-    void update(Permission resources);
-    void delete(Set<Permission> permissions);
-    Object getPermissionTree(List<Permission> permissions);
-    List<Permission> findByPid(long pid);
-    Object buildTree(List<PermissionDTO> permissionDTOS);
-    List<PermissionDTO> queryAll(PermissionQueryCriteria criteria);
-    Set<Permission> getDeletePermission(List<Permission> permissions, Set<Permission> permissionSet);
-}
--- a/eladmin-system/src/main/java/me/zhengjie/modules/system/service/RoleService.java
+++ b/eladmin-system/src/main/java/me/zhengjie/modules/system/service/RoleService.java
@@ -26,8 +26,6 @@ public interface RoleService {
    Integer findByRoles(Set<Role> roles);
-    void updatePermission(Role resources, RoleDTO roleDTO);
    void updateMenu(Role resources, RoleDTO roleDTO);
    void untiedMenu(Long id);
@@ -37,6 +35,4 @@ public interface RoleService {
    Object queryAll(RoleQueryCriteria criteria, Pageable pageable);
    List<RoleDTO> queryAll(RoleQueryCriteria criteria);
-    void untiedPermission(Long id);
 }