chakra-coder
diff --git a/‎hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/ShiroAutoconfiguration.java
Lines changed: 4 additions & 3 deletions b/‎hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/ShiroAutoconfiguration.java
Lines changed: 4 additions & 3 deletions
diff --git a/‎hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/boost/BoostAuthorizationAttributeSourceAdvisor.java
Lines changed: 16 additions & 5 deletions b/‎hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/boost/BoostAuthorizationAttributeSourceAdvisor.java
Lines changed: 16 additions & 5 deletions
diff --git a/‎hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/boost/DefaultFieldAccessController.java
Lines changed: 6 additions & 0 deletions b/‎hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/boost/DefaultFieldAccessController.java
Lines changed: 6 additions & 0 deletions
diff --git a/‎hsweb-commons/hsweb-commons-controller/src/main/java/org/hswebframework/web/controller/CreateController.java
Lines changed: 4 additions & 3 deletions b/‎hsweb-commons/hsweb-commons-controller/src/main/java/org/hswebframework/web/controller/CreateController.java
Lines changed: 4 additions & 3 deletions
diff --git a/‎hsweb-commons/hsweb-commons-controller/src/main/java/org/hswebframework/web/controller/DeleteController.java
Lines changed: 3 additions & 2 deletions b/‎hsweb-commons/hsweb-commons-controller/src/main/java/org/hswebframework/web/controller/DeleteController.java
Lines changed: 3 additions & 2 deletions
diff --git a/‎hsweb-commons/hsweb-commons-controller/src/main/java/org/hswebframework/web/controller/GenericEntityUpdateController.java
Lines changed: 3 additions & 2 deletions b/‎hsweb-commons/hsweb-commons-controller/src/main/java/org/hswebframework/web/controller/GenericEntityUpdateController.java
Lines changed: 3 additions & 2 deletions
diff --git a/‎hsweb-commons/hsweb-commons-controller/src/main/java/org/hswebframework/web/controller/QueryController.java
Lines changed: 6 additions & 5 deletions b/‎hsweb-commons/hsweb-commons-controller/src/main/java/org/hswebframework/web/controller/QueryController.java
Lines changed: 6 additions & 5 deletions
diff --git a/‎hsweb-commons/hsweb-commons-controller/src/main/java/org/hswebframework/web/controller/UpdateController.java
Lines changed: 3 additions & 2 deletions b/‎hsweb-commons/hsweb-commons-controller/src/main/java/org/hswebframework/web/controller/UpdateController.java
Lines changed: 3 additions & 2 deletions
@@ -184,7 +184,8 @@ public MethodInterceptorHolderAdvisor methodInterceptorHolderAdvisor() {
     static class MethodInterceptorHolderAdvisor {
         @Around(value = "@annotation(org.hswebframework.web.authorization.annotation.RequiresExpression)" +
                 "||@annotation(org.hswebframework.web.authorization.annotation.RequiresDataAccess)" +
-                "||@annotation(org.hswebframework.web.authorization.annotation.Authorize)")
+                "||@annotation(org.hswebframework.web.authorization.annotation.Authorize)" +
+                "||within(@org.hswebframework.web.authorization.annotation.Authorize *)")
         public Object around(ProceedingJoinPoint pjp) throws Throwable {
             MethodSignature signature = (MethodSignature) pjp.getSignature();
             String methodName = AopUtils.getMethodBody(pjp);
@@ -202,14 +203,14 @@ public static class UnAuthControllerAdvice {
         @ResponseStatus(HttpStatus.FORBIDDEN)
         @ResponseBody
         ResponseMessage handleException(AuthorizationException exception) {
-            return ResponseMessage.error(exception.getMessage(), 403);
+            return ResponseMessage.error(403, exception.getMessage());
         }
 
         @ExceptionHandler(UnauthenticatedException.class)
         @ResponseStatus(HttpStatus.UNAUTHORIZED)
         @ResponseBody
         ResponseMessage handleException(UnauthenticatedException exception) {
-            return ResponseMessage.error(exception.getMessage() == null ? "{access_denied}" : exception.getMessage(), 401);
+            return ResponseMessage.error(401, exception.getMessage() == null ? "{access_denied}" : exception.getMessage());
         }
     }
 
 
@@ -28,11 +28,11 @@
 import org.hswebframework.web.authorization.annotation.RequiresExpression;
 import org.hswebframework.web.authorization.annotation.RequiresFieldAccess;
 import org.springframework.aop.support.StaticMethodMatcherPointcutAdvisor;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.core.annotation.AnnotationUtils;
 
 import java.lang.annotation.Annotation;
 import java.lang.reflect.Method;
+import java.util.Arrays;
 
 /**
  * @author zhouhao
@@ -100,16 +100,28 @@ public void setSecurityManager(org.apache.shiro.mgt.SecurityManager securityMana
      */
     public boolean matches(Method method, Class targetClass) {
         Method m = method;
-
         if (isAuthzAnnotationPresent(m)) {
             return true;
         }
-
         //The 'method' parameter could be from an interface that doesn't have the annotation.
         //Check to see if the implementation has it.
         if (targetClass != null) {
             try {
-                m = targetClass.getMethod(m.getName(), m.getParameterTypes());
+                //尝试解决由于被拦截的方法使用了泛型,并且重写了方法，导致无法获取父类方法的问题
+                Class[] parameter = Arrays
+                        .stream(m.getParameterTypes())
+                        .map(type -> {
+                            if (type.isInterface()) return type;
+                            Class<?>[] interfaces = type.getInterfaces();
+                            if (interfaces.length > 0) return interfaces[0];
+                            Class superclass = type.getSuperclass();
+                            if (null != superclass && superclass != Object.class) {
+                                return superclass;
+                            }
+                            return type;
+                        })
+                        .toArray(Class[]::new);
+                m = targetClass.getMethod(m.getName(), parameter);
                 if (isAuthzAnnotationPresent(m)) {
                     return true;
                 }
@@ -131,5 +143,4 @@ private boolean isAuthzAnnotationPresent(Method method) {
         }
         return false;
     }
-
 }
@@ -6,6 +6,7 @@
 import org.hswebframework.web.authorization.access.FieldAccessController;
 import org.hswebframework.web.authorization.access.ParamContext;
 import org.hswebframework.web.commons.entity.Entity;
+import org.hswebframework.web.commons.entity.RecordCreationEntity;
 import org.hswebframework.web.commons.entity.param.QueryParamEntity;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -64,6 +65,11 @@ protected boolean doUpdateAccess(Set<FieldAccess> accesses, ParamContext params)
                 } catch (Exception e) {
                 }
             }
+            if (entity instanceof RecordCreationEntity) {
+                RecordCreationEntity creationEntity = ((RecordCreationEntity) entity);
+                creationEntity.setCreateTime(null);
+                creationEntity.setCreatorId(null);
+            }
         } else {
             logger.warn("doUpdateAccess skip ,because can not found any entity in param!");
         }
 
@@ -17,6 +17,7 @@
 
 package org.hswebframework.web.controller;
 
+import org.hswebframework.web.authorization.Permission;
 import org.hswebframework.web.authorization.annotation.Authorize;
 import org.hswebframework.web.controller.message.ResponseMessage;
 import org.hswebframework.web.logging.AccessLogger;
@@ -39,13 +40,13 @@
  * @author zhouhao
  * @since 3.0
  */
-public interface CreateController<E, PK>  {
+public interface CreateController<E, PK> {
 
     InsertService<E, PK> getService();
 
-    @Authorize(action = "add")
+    @Authorize(action = Permission.ACTION_ADD)
     @PostMapping
-    @AccessLogger("添加数据")
+    @AccessLogger("{action_add}")
     @ResponseStatus(HttpStatus.CREATED)
     default ResponseMessage add(@RequestBody E data) {
         return ok(getService().insert(data));
 
@@ -17,6 +17,7 @@
 
 package org.hswebframework.web.controller;
 
+import org.hswebframework.web.authorization.Permission;
 import org.hswebframework.web.authorization.annotation.Authorize;
 import org.hswebframework.web.controller.message.ResponseMessage;
 import org.hswebframework.web.logging.AccessLogger;
@@ -35,9 +36,9 @@ public interface DeleteController<PK> {
 
     DeleteService<PK> getService();
 
-    @Authorize(action = "delete")
+    @Authorize(action = Permission.ACTION_DELETE)
     @DeleteMapping(path = "/{id}")
-    @AccessLogger("根据主键删除数据")
+    @AccessLogger("{delete_by_primary_key}")
     default ResponseMessage deleteByPrimaryKey(@PathVariable PK id) {
         return ok(getService().deleteByPk(id));
     }
 
@@ -17,6 +17,7 @@
 
 package org.hswebframework.web.controller;
 
+import org.hswebframework.web.authorization.Permission;
 import org.hswebframework.web.authorization.annotation.Authorize;
 import org.hswebframework.web.commons.entity.GenericEntity;
 import org.hswebframework.web.controller.message.ResponseMessage;
@@ -37,9 +38,9 @@ public interface GenericEntityUpdateController<E extends GenericEntity<PK>, PK>
 
     UpdateService<E> getService();
 
-    @Authorize(action = "update")
+    @Authorize(action = Permission.ACTION_UPDATE)
     @PutMapping(path = "/{id}")
-    @AccessLogger("根据主键修改数据")
+    @AccessLogger("{update_by_primary_key}")
     default ResponseMessage updateByPrimaryKey(@PathVariable PK id, @RequestBody E data) {
         data.setId(id);
         return ResponseMessage.ok(getService().updateByPk(data));
 
@@ -17,6 +17,7 @@
 
 package org.hswebframework.web.controller;
 
+import org.hswebframework.web.authorization.Permission;
 import org.hswebframework.web.authorization.annotation.Authorize;
 import org.hswebframework.web.commons.entity.Entity;
 import org.hswebframework.web.commons.entity.param.QueryParamEntity;
@@ -39,7 +40,7 @@
  * @see QueryParamEntity
  * @see 3.0
  */
-public interface QueryController<E, PK, Q extends Entity>  {
+public interface QueryController<E, PK, Q extends Entity> {
 
     /**
      * 获取实现了{@link QueryByEntityService}和{@link QueryService}的服务类
@@ -59,16 +60,16 @@ public interface QueryController<E, PK, Q extends Entity>  {
      * @param param 参数
      * @return 查询结果
      */
-    @Authorize(action = "read")
+    @Authorize(action = Permission.ACTION_QUERY)
     @GetMapping
-    @AccessLogger("根据条件查询")
+    @AccessLogger("{dynamic_query}")
     default ResponseMessage list(Q param) {
         return ok(getService().selectPager(param));
     }
 
-    @Authorize(action = "read")
+    @Authorize(action = Permission.ACTION_GET)
     @GetMapping(path = "/{id}")
-    @AccessLogger("根据主键查询")
+    @AccessLogger("{get_by_id}")
     default ResponseMessage getByPrimaryKey(@PathVariable PK id) {
         return ok(getService().selectByPk(id));
     }
 
@@ -17,6 +17,7 @@
 
 package org.hswebframework.web.controller;
 
+import org.hswebframework.web.authorization.Permission;
 import org.hswebframework.web.authorization.annotation.Authorize;
 import org.hswebframework.web.controller.message.ResponseMessage;
 import org.hswebframework.web.logging.AccessLogger;
@@ -30,8 +31,8 @@
  * @author zhouhao
  */
 public interface UpdateController<E, PK> {
-    @Authorize(action = "update")
+    @Authorize(action = Permission.ACTION_UPDATE)
     @PutMapping(path = "/{id}")
-    @AccessLogger("根据主键修改数据")
+    @AccessLogger("{update_by_primary_key}")
     ResponseMessage updateByPrimaryKey(@PathVariable PK id, @RequestBody E data);
 }
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,7 @@`
`6`	`6`	`import org.hswebframework.web.authorization.access.FieldAccessController;`
`7`	`7`	`import org.hswebframework.web.authorization.access.ParamContext;`
`8`	`8`	`import org.hswebframework.web.commons.entity.Entity;`
	`9`	`+import org.hswebframework.web.commons.entity.RecordCreationEntity;`
`9`	`10`	`import org.hswebframework.web.commons.entity.param.QueryParamEntity;`
`10`	`11`	`import org.slf4j.Logger;`
`11`	`12`	`import org.slf4j.LoggerFactory;`
`@@ -64,6 +65,11 @@ protected boolean doUpdateAccess(Set<FieldAccess> accesses, ParamContext params)`
`64`	`65`	`} catch (Exception e) {`
`65`	`66`	`}`
`66`	`67`	`}`
	`68`	`+ if (entity instanceof RecordCreationEntity) {`
	`69`	`+ RecordCreationEntity creationEntity = ((RecordCreationEntity) entity);`
	`70`	`+ creationEntity.setCreateTime(null);`
	`71`	`+ creationEntity.setCreatorId(null);`
	`72`	`+ }`
`67`	`73`	`} else {`
`68`	`74`	`logger.warn("doUpdateAccess skip ,because can not found any entity in param!");`
`69`	`75`	`}`