// 给更新用户头像入口加上权限控制字符串(user:updateAvatar)
@PreAuthorize("hasAuthority('user:updateAvatar')")
@ApiOperation("修改用户头像")
@PostMapping(value = "/updateAvatar")
public ResponseEntity<Object> updateAvatar(@RequestParam MultipartFile avatar) {
return ResponseEntity.ok(sysUserService.updateAvatar(avatar));
}
/** * 用户认证 * * @author zhuhuix * @date 2020-06-15 * @date 2021-08-23 静态模拟给用户加上权限控制字符 user:updateAvatar */
@RequiredArgsConstructor
@Service("userDetailsService")
public class UserDetailsServiceImpl implements UserDetailsService {
private final SysUserService sysUserService;
@Override
public JwtUserDto loadUserByUsername(String username) {
SysUser user;
try {
user = sysUserService.findByUserName(username);
} catch (RuntimeException e) {
// SpringSecurity会自动转换UsernameNotFoundException为BadCredentialsException
throw new UsernameNotFoundException("无此用户", e);
}
if (user == null) {
throw new UsernameNotFoundException("无此用户");
} else {
if (!user.getEnabled()) {
throw new RuntimeException("账号未激活");
}
return new JwtUserDto(
user,
null,
AuthorityUtils.commaSeparatedStringToAuthorityList("user:updateAvatar")
);
}
}
}
版权说明 : 本文为转载文章, 版权归原作者所有 版权申明
原文链接 : https://blog.csdn.net/jpgzhu/article/details/119870279
内容来源于网络,如有侵权,请联系作者删除!