完善用户权限判断

1. 完善用户权限判断 2. 升级相关依赖 3. 解决 slf4j 无法正常加载问题 4. 修复修改昵称为空的问题
2024-03-19 10:08:57 +08:00 · 2024-03-19 10:08:57 +08:00 · c438bf4cdd
commit c438bf4cdd
parent 661da90a34 b3805555fb
20 changed files with 130 additions and 78 deletions
--- a/pom.xml
+++ b/pom.xml
@ -5,7 +5,7 @@
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
-        <version>2.7.17</version>
+        <version>2.7.18</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
    <groupId>com.rymcu</groupId>
@ -19,7 +19,8 @@
    <properties>
        <java.version>1.8</java.version>
        <lucene.version>8.11.2</lucene.version>
-        <hutool.version>5.8.24</hutool.version>
+        <hutool.version>5.8.26</hutool.version>
        <okio.version>3.9.0</okio.version>
    </properties>
    <dependencies>
@ -27,14 +28,14 @@
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-redis</artifactId>
            <exclusions>
                <exclusion>
                    <groupId>org.apache.logging.log4j</groupId>
                    <artifactId>log4j-to-slf4j</artifactId>
                </exclusion>
                <exclusion>
                    <groupId>io.netty</groupId>
                    <artifactId>netty-codec</artifactId>
                </exclusion>
                <exclusion>
                    <groupId>org.apache.logging.log4j</groupId>
                    <artifactId>log4j-to-slf4j</artifactId>
                </exclusion>
                <exclusion>
                    <groupId>org.yaml</groupId>
                    <artifactId>snakeyaml</artifactId>
@ -49,30 +50,6 @@
                </exclusion>
            </exclusions>
        </dependency>
        <dependency>
            <groupId>ch.qos.logback</groupId>
            <artifactId>logback-classic</artifactId>
            <version>1.4.12</version>
        </dependency>
        <dependency>
            <groupId>ch.qos.logback</groupId>
            <artifactId>logback-core</artifactId>
            <version>1.4.12</version>
        </dependency>
        <dependency>
            <groupId>io.netty</groupId>
            <artifactId>netty-codec</artifactId>
            <version>4.1.86.Final</version>
        </dependency>
        <dependency>
            <groupId>org.yaml</groupId>
            <artifactId>snakeyaml</artifactId>
            <version>1.33</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-mail</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
@ -84,6 +61,41 @@
                </exclusion>
            </exclusions>
        </dependency>
        <dependency>
            <groupId>ch.qos.logback</groupId>
            <artifactId>logback-classic</artifactId>
            <version>1.5.3</version>
        </dependency>
        <dependency>
            <groupId>ch.qos.logback</groupId>
            <artifactId>logback-core</artifactId>
            <version>1.5.3</version>
        </dependency>
        <dependency>
            <groupId>org.slf4j</groupId>
            <artifactId>slf4j-simple</artifactId>
            <version>1.7.36</version>
        </dependency>
        <dependency>
            <groupId>org.apache.logging.log4j</groupId>
            <artifactId>log4j-to-slf4j</artifactId>
            <version>2.19.0</version>
        </dependency>
        <dependency>
            <groupId>io.netty</groupId>
            <artifactId>netty-codec</artifactId>
            <version>4.1.86.Final</version>
        </dependency>
        <dependency>
            <groupId>org.yaml</groupId>
            <artifactId>snakeyaml</artifactId>
            <version>2.2</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-mail</artifactId>
        </dependency>
        <!-- https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind -->
        <dependency>
            <groupId>com.fasterxml.jackson.core</groupId>
@ -91,19 +103,19 @@
            <version>2.14.0</version>
        </dependency>
        <dependency>
            <groupId>org.mybatis.spring.boot</groupId>
            <artifactId>mybatis-spring-boot-starter</artifactId>
            <version>3.0.0</version>
        </dependency>
        <!-- https://mvnrepository.com/artifact/com.mysql/mysql-connector-j -->
        <dependency>
-            <groupId>mysql</groupId>
+            <groupId>com.mysql</groupId>
-            <artifactId>mysql-connector-java</artifactId>
+            <artifactId>mysql-connector-j</artifactId>
-            <version>8.0.33</version>
+            <version>8.3.0</version>
            <scope>runtime</scope>
        </dependency>
        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
@ -177,7 +189,7 @@
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-spring</artifactId>
-            <version>1.10.0</version>
+            <version>1.13.0</version>
            <exclusions>
                <exclusion>
                    <groupId>commons-collections</groupId>
@ -240,23 +252,6 @@
                </exclusion>
            </exclusions>
        </dependency>
        <dependency>
            <groupId>org.apache.logging.log4j</groupId>
            <artifactId>log4j-to-slf4j</artifactId>
            <version>2.19.0</version>
            <exclusions>
                <exclusion>
                    <groupId>org.apache.logging.log4j</groupId>
                    <artifactId>log4j-api</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
        <dependency>
            <groupId>org.apache.logging.log4j</groupId>
            <artifactId>log4j-api</artifactId>
            <version>2.19.0</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-configuration-processor</artifactId>
@ -353,6 +348,17 @@
            <groupId>com.squareup.retrofit2</groupId>
            <artifactId>retrofit</artifactId>
            <version>2.9.0</version>
            <exclusions>
                <exclusion>
                    <groupId>com.squareup.okio</groupId>
                    <artifactId>okio</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
        <dependency>
            <groupId>com.squareup.okio</groupId>
            <artifactId>okio</artifactId>
            <version>${okio.version}</version>
        </dependency>
        <dependency>
            <groupId>com.squareup.retrofit2</groupId>
--- a/src/main/java/com/rymcu/forest/service/impl/TransactionRecordServiceImpl.java
+++ b/src/main/java/com/rymcu/forest/service/impl/TransactionRecordServiceImpl.java
@ -67,12 +67,7 @@ public class TransactionRecordServiceImpl extends AbstractService<TransactionRec
    private ReentrantLock getUserTransferLocks(String formBankAccount) {
        synchronized (userTransferLocks) {
-            ReentrantLock lock = userTransferLocks.get(formBankAccount);
+            return userTransferLocks.computeIfAbsent(formBankAccount, k -> new ReentrantLock());
            if (lock == null) {
                lock = new ReentrantLock();
                userTransferLocks.put(formBankAccount, lock);
            }
            return lock;
        }
    }
@ -83,15 +78,15 @@ public class TransactionRecordServiceImpl extends AbstractService<TransactionRec
        return list;
    }
-    private TransactionRecordDTO genTransactionRecord(TransactionRecordDTO transactionRecordDTO) {
+    private void genTransactionRecord(TransactionRecordDTO transactionRecordDTO) {
        BankAccountDTO toBankAccount = bankAccountMapper.selectByBankAccount(transactionRecordDTO.getToBankAccount());
        BankAccountDTO formBankAccount = bankAccountMapper.selectByBankAccount(transactionRecordDTO.getFormBankAccount());
        transactionRecordDTO.setFormBankAccountInfo(formBankAccount);
        transactionRecordDTO.setToBankAccountInfo(toBankAccount);
        return transactionRecordDTO;
    }
    @Override
    @Transactional(rollbackFor = Exception.class)
    public TransactionRecord userTransfer(Long toUserId, Long formUserId, TransactionEnum transactionType) {
        BankAccountDTO toBankAccount = bankAccountMapper.findPersonBankAccountByIdUser(toUserId);
        BankAccountDTO formBankAccount = bankAccountMapper.findPersonBankAccountByIdUser(formUserId);
@ -107,6 +102,7 @@ public class TransactionRecordServiceImpl extends AbstractService<TransactionRec
    }
    @Override
    @Transactional(rollbackFor = Exception.class)
    public TransactionRecord bankTransfer(Long idUser, TransactionEnum transactionType) {
        BankAccountDTO toBankAccount = bankAccountMapper.findPersonBankAccountByIdUser(idUser);
        if (Objects.isNull(toBankAccount)) {
@ -143,6 +139,7 @@ public class TransactionRecordServiceImpl extends AbstractService<TransactionRec
    }
    @Override
    @Transactional(rollbackFor = Exception.class)
    public TransactionRecord newbieRewards(TransactionRecord transactionRecord) {
        // 判断是否重复发放
        Boolean result = transactionRecordMapper.existsWithNewbieRewards(transactionRecord.getToBankAccount());
--- a/src/main/java/com/rymcu/forest/service/impl/UserServiceImpl.java
+++ b/src/main/java/com/rymcu/forest/service/impl/UserServiceImpl.java
@ -188,11 +188,11 @@ public class UserServiceImpl extends AbstractService<User> implements UserServic
    @Override
    @Transactional(rollbackFor = Exception.class)
    public UserInfoDTO updateUserInfo(UserInfoDTO user) throws ServiceException {
-        user.setNickname(formatNickname(user.getNickname()));
+        boolean number = checkNicknameByIdUser(user.getIdUser(), user.getNickname());
-        Integer number = userMapper.checkNicknameByIdUser(user.getIdUser(), user.getNickname());
+        if (number) {
        if (number > 0) {
            throw new NicknameOccupyException("该昵称已使用!");
        }
        user.setNickname(formatNickname(user.getNickname()));
        if (FileDataType.BASE64.equals(user.getAvatarType())) {
            String avatarUrl = UploadController.uploadBase64File(user.getAvatarUrl(), FilePath.AVATAR);
            user.setAvatarUrl(avatarUrl);
@ -216,11 +216,11 @@ public class UserServiceImpl extends AbstractService<User> implements UserServic
    }
    public boolean checkNicknameByIdUser(Long idUser, String nickname) {
-        Integer number = userMapper.checkNicknameByIdUser(idUser, nickname);
+        if (StringUtils.isBlank(formatNickname(nickname))) {
-        if (number > 0) {
+            throw new IllegalArgumentException("昵称不能为空!");
            return false;
        }
-        return true;
+        Integer number = userMapper.checkNicknameByIdUser(idUser, nickname);
        return number <= 0;
    }
    @Override
--- a/src/main/java/com/rymcu/forest/web/api/admin/AdminArticleController.java
+++ b/src/main/java/com/rymcu/forest/web/api/admin/AdminArticleController.java
@ -5,6 +5,8 @@ import com.rymcu.forest.core.result.GlobalResultGenerator;
 import com.rymcu.forest.dto.ArticleUpdateStatusDTO;
 import com.rymcu.forest.entity.Article;
 import com.rymcu.forest.service.ArticleService;
 import org.apache.shiro.authz.annotation.Logical;
 import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.web.bind.annotation.PatchMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@ -20,6 +22,7 @@ import javax.annotation.Resource;
 */
@RestController
@RequestMapping("/api/v1/admin/article")
@RequiresRoles(value = {"blog_admin", "admin"}, logical = Logical.OR)
 public class AdminArticleController {
    @Resource
--- a/src/main/java/com/rymcu/forest/web/api/admin/AdminController.java
+++ b/src/main/java/com/rymcu/forest/web/api/admin/AdminController.java
@ -12,6 +12,8 @@ import com.rymcu.forest.dto.admin.UserRoleDTO;
 import com.rymcu.forest.entity.*;
 import com.rymcu.forest.service.*;
 import org.apache.commons.lang.StringUtils;
 import org.apache.shiro.authz.annotation.Logical;
 import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.web.bind.annotation.*;
 import javax.annotation.Resource;
@ -23,6 +25,7 @@ import java.util.List;
 */
@RestController
@RequestMapping("/api/v1/admin")
@RequiresRoles(value = {"blog_admin", "admin"}, logical = Logical.OR)
 public class AdminController {
    @Resource
--- a/src/main/java/com/rymcu/forest/web/api/admin/AdminCurrencyRuleController.java
+++ b/src/main/java/com/rymcu/forest/web/api/admin/AdminCurrencyRuleController.java
@ -7,6 +7,8 @@ import com.rymcu.forest.core.result.GlobalResultGenerator;
 import com.rymcu.forest.dto.TransactionRecordDTO;
 import com.rymcu.forest.entity.CurrencyRule;
 import com.rymcu.forest.service.CurrencyRuleService;
 import org.apache.shiro.authz.annotation.Logical;
 import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
@ -24,6 +26,7 @@ import java.util.List;
 */
@RestController
@RequestMapping("/api/v1/admin/rule/currency")
@RequiresRoles(value = {"blog_admin", "admin"}, logical = Logical.OR)
 public class AdminCurrencyRuleController {
    @Resource
    private CurrencyRuleService currencyRuleService;
--- a/src/main/java/com/rymcu/forest/web/api/admin/DashboardController.java
+++ b/src/main/java/com/rymcu/forest/web/api/admin/DashboardController.java
@ -9,6 +9,8 @@ import com.rymcu.forest.dto.BankAccountDTO;
 import com.rymcu.forest.dto.UserInfoDTO;
 import com.rymcu.forest.dto.admin.Dashboard;
 import com.rymcu.forest.service.DashboardService;
 import org.apache.shiro.authz.annotation.Logical;
 import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
@ -23,6 +25,7 @@ import java.util.Map;
 */
@RestController
@RequestMapping("/api/v1/admin/dashboard")
@RequiresRoles(value = {"blog_admin", "admin"}, logical = Logical.OR)
 public class DashboardController {
    @Resource
--- a/src/main/java/com/rymcu/forest/web/api/article/ArticleController.java
+++ b/src/main/java/com/rymcu/forest/web/api/article/ArticleController.java
@ -18,6 +18,9 @@ import com.rymcu.forest.service.ArticleThumbsUpService;
 import com.rymcu.forest.service.CommentService;
 import com.rymcu.forest.service.SponsorService;
 import com.rymcu.forest.util.UserUtils;
 import org.apache.shiro.authz.annotation.Logical;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.web.bind.annotation.*;
 import javax.annotation.Resource;
@ -48,6 +51,7 @@ public class ArticleController {
    }
    @PostMapping("/post")
    @RequiresPermissions(value = "user")
    public GlobalResult<Long> postArticle(@RequestBody ArticleDTO article) throws UnsupportedEncodingException {
        User user = UserUtils.getCurrentUserByToken();
        return GlobalResultGenerator.genSuccessResult(articleService.postArticle(article, user));
@ -75,6 +79,7 @@ public class ArticleController {
    }
    @GetMapping("/drafts")
    @RequiresPermissions(value = "user")
    public GlobalResult<PageInfo<ArticleDTO>> drafts(@RequestParam(defaultValue = "0") Integer page, @RequestParam(defaultValue = "10") Integer rows) {
        PageHelper.startPage(page, rows);
        User user = UserUtils.getCurrentUserByToken();
@ -84,12 +89,14 @@ public class ArticleController {
    }
    @GetMapping("/{idArticle}/share")
    @RequiresPermissions(value = "user")
    public GlobalResult<String> share(@PathVariable Integer idArticle) {
        User user = UserUtils.getCurrentUserByToken();
        return GlobalResultGenerator.genResult(true, articleService.share(idArticle, user.getAccount()), "");
    }
    @PostMapping("/update-tags")
    @RequiresPermissions(value = "user")
    @AuthorshipInterceptor(moduleName = Module.ARTICLE_TAG)
    public GlobalResult<Boolean> updateTags(@RequestBody Article article) throws UnsupportedEncodingException {
        Long idArticle = article.getIdArticle();
@ -99,6 +106,7 @@ public class ArticleController {
    }
    @PostMapping("/thumbs-up")
    @RequiresPermissions(value = "user")
    public GlobalResult<Integer> thumbsUp(@RequestBody ArticleThumbsUp articleThumbsUp) {
        if (Objects.isNull(articleThumbsUp) || Objects.isNull(articleThumbsUp.getIdArticle())) {
            throw new BusinessException("数据异常,文章不存在!");
@ -109,6 +117,7 @@ public class ArticleController {
    }
    @PostMapping("/sponsor")
    @RequiresPermissions(value = "user")
    public GlobalResult<Boolean> sponsor(@RequestBody Sponsor sponsor) {
        if (Objects.isNull(sponsor) || Objects.isNull(sponsor.getDataId()) || Objects.isNull(sponsor.getDataType())) {
            throw new IllegalArgumentException("数据异常");
--- a/src/main/java/com/rymcu/forest/web/api/bank/BankAccountController.java
+++ b/src/main/java/com/rymcu/forest/web/api/bank/BankAccountController.java
@ -8,6 +8,8 @@ import com.rymcu.forest.dto.BankAccountDTO;
 import com.rymcu.forest.dto.BankAccountSearchDTO;
 import com.rymcu.forest.dto.TransactionRecordDTO;
 import com.rymcu.forest.service.BankAccountService;
 import org.apache.shiro.authz.annotation.Logical;
 import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.web.bind.annotation.*;
 import javax.annotation.Resource;
@ -19,6 +21,7 @@ import java.util.List;
 */
@RestController
@RequestMapping("/api/v1/admin/bank-account")
@RequiresRoles(value = {"blog_admin", "admin"}, logical = Logical.OR)
 public class BankAccountController {
    @Resource
--- a/src/main/java/com/rymcu/forest/web/api/bank/TransactionRecordController.java
+++ b/src/main/java/com/rymcu/forest/web/api/bank/TransactionRecordController.java
@ -4,6 +4,8 @@ import com.rymcu.forest.core.result.GlobalResult;
 import com.rymcu.forest.core.result.GlobalResultGenerator;
 import com.rymcu.forest.entity.TransactionRecord;
 import com.rymcu.forest.service.TransactionRecordService;
 import org.apache.shiro.authz.annotation.Logical;
 import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@ -16,19 +18,20 @@ import javax.annotation.Resource;
 */
@RestController
@RequestMapping("/api/v1/transaction")
@RequiresRoles(value = {"blog_admin", "admin"}, logical = Logical.OR)
 public class TransactionRecordController {
    @Resource
    private TransactionRecordService transactionRecordService;
    @PostMapping("/transfer")
-    public GlobalResult transfer(@RequestBody TransactionRecord transactionRecord) {
+    public GlobalResult<TransactionRecord> transfer(@RequestBody TransactionRecord transactionRecord) {
        transactionRecord = transactionRecordService.transfer(transactionRecord);
        return GlobalResultGenerator.genSuccessResult(transactionRecord);
    }
    @PostMapping("/newbie-rewards")
-    public GlobalResult newbieRewards(@RequestBody TransactionRecord transactionRecord) {
+    public GlobalResult<TransactionRecord> newbieRewards(@RequestBody TransactionRecord transactionRecord) {
        transactionRecord = transactionRecordService.newbieRewards(transactionRecord);
        return GlobalResultGenerator.genSuccessResult(transactionRecord);
    }
--- a/src/main/java/com/rymcu/forest/web/api/bank/WalletController.java
+++ b/src/main/java/com/rymcu/forest/web/api/bank/WalletController.java
@ -49,7 +49,7 @@ public class WalletController {
        }
        PageHelper.startPage(page, rows);
        List<TransactionRecordDTO> list = bankAccountService.findUserTransactionRecords(bankAccount.getBankAccount(), startDate, endDate);
-        PageInfo<TransactionRecordDTO> pageInfo = new PageInfo(list);
+        PageInfo<TransactionRecordDTO> pageInfo = new PageInfo<>(list);
        return GlobalResultGenerator.genSuccessResult(pageInfo);
    }
--- a/src/main/java/com/rymcu/forest/web/api/comment/CommentController.java
+++ b/src/main/java/com/rymcu/forest/web/api/comment/CommentController.java
@ -5,6 +5,7 @@ import com.rymcu.forest.core.result.GlobalResultGenerator;
 import com.rymcu.forest.entity.Comment;
 import com.rymcu.forest.service.CommentService;
 import com.rymcu.forest.util.UserUtils;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@ -18,6 +19,7 @@ import javax.servlet.http.HttpServletRequest;
 */
@RestController
@RequestMapping("/api/v1/comment")
@RequiresPermissions(value = "user")
 public class CommentController {
    @Resource
--- a/src/main/java/com/rymcu/forest/web/api/common/UploadController.java
+++ b/src/main/java/com/rymcu/forest/web/api/common/UploadController.java
@ -15,6 +15,9 @@ import com.rymcu.forest.util.Utils;
 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.lang.StringUtils;
 import org.apache.shiro.authz.UnauthorizedException;
 import org.apache.shiro.authz.annotation.Logical;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.slf4j.LoggerFactory;
 import org.springframework.core.env.Environment;
 import org.springframework.transaction.annotation.Transactional;
@ -40,6 +43,7 @@ import com.rymcu.forest.util.SSRFUtil;
 */
@RestController
@RequestMapping("/api/v1/upload")
@RequiresPermissions(value = "user")
 public class UploadController {
    private final static String UPLOAD_SIMPLE_URL = "/api/upload/file";
--- a/src/main/java/com/rymcu/forest/web/api/common/WebSocketController.java
+++ b/src/main/java/com/rymcu/forest/web/api/common/WebSocketController.java
@ -1,6 +1,7 @@
 package com.rymcu.forest.web.api.common;
 import com.alibaba.fastjson.JSONObject;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.messaging.handler.annotation.MessageMapping;
 import org.springframework.messaging.handler.annotation.SendTo;
 import org.springframework.messaging.simp.SimpMessagingTemplate;
@ -14,6 +15,7 @@ import javax.annotation.Resource;
 * @author ronger
 */
@Controller
@RequiresPermissions(value = "user")
 public class WebSocketController {
    @Resource
--- a/src/main/java/com/rymcu/forest/web/api/follow/FollowController.java
+++ b/src/main/java/com/rymcu/forest/web/api/follow/FollowController.java
@ -6,6 +6,7 @@ import com.rymcu.forest.entity.Follow;
 import com.rymcu.forest.entity.User;
 import com.rymcu.forest.service.FollowService;
 import com.rymcu.forest.util.UserUtils;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.web.bind.annotation.*;
 import javax.annotation.Resource;
@ -15,6 +16,7 @@ import javax.annotation.Resource;
 */
@RestController
@RequestMapping("/api/v1/follow")
@RequiresPermissions(value = "user")
 public class FollowController {
    @Resource
--- a/src/main/java/com/rymcu/forest/web/api/notification/NotificationController.java
+++ b/src/main/java/com/rymcu/forest/web/api/notification/NotificationController.java
@ -9,6 +9,7 @@ import com.rymcu.forest.entity.Notification;
 import com.rymcu.forest.entity.User;
 import com.rymcu.forest.service.NotificationService;
 import com.rymcu.forest.util.UserUtils;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.web.bind.annotation.*;
 import javax.annotation.Resource;
@ -22,6 +23,7 @@ import java.util.Objects;
 */
@RestController
@RequestMapping("/api/v1/notification")
@RequiresPermissions(value = "user")
 public class NotificationController {
    @Resource
--- a/src/main/java/com/rymcu/forest/web/api/portfolio/PortfolioController.java
+++ b/src/main/java/com/rymcu/forest/web/api/portfolio/PortfolioController.java
@ -13,6 +13,7 @@ import com.rymcu.forest.enumerate.Module;
 import com.rymcu.forest.service.PortfolioService;
 import com.rymcu.forest.service.UserService;
 import com.rymcu.forest.util.UserUtils;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.web.bind.annotation.*;
 import javax.annotation.Resource;
@ -38,6 +39,7 @@ public class PortfolioController {
    }
    @PostMapping("/post")
    @RequiresPermissions(value = "user")
    public GlobalResult<Portfolio> add(@RequestBody Portfolio portfolio) {
        User user = UserUtils.getCurrentUserByToken();
        portfolio.setPortfolioAuthorId(user.getIdUser());
--- a/src/main/java/com/rymcu/forest/web/api/product/ProductController.java
+++ b/src/main/java/com/rymcu/forest/web/api/product/ProductController.java
@ -11,6 +11,8 @@ import com.rymcu.forest.entity.User;
 import com.rymcu.forest.enumerate.Module;
 import com.rymcu.forest.service.ProductService;
 import com.rymcu.forest.util.UserUtils;
 import org.apache.shiro.authz.annotation.Logical;
 import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.web.bind.annotation.*;
 import javax.annotation.Resource;
@ -36,12 +38,14 @@ public class ProductController {
    }
    @PostMapping("/post")
    @RequiresRoles(value = {"blog_admin", "admin"}, logical = Logical.OR)
    public GlobalResult<Product> add(@RequestBody ProductDTO product) {
        Product newProduct = productService.postProduct(product);
        return GlobalResultGenerator.genSuccessResult(newProduct);
    }
    @PutMapping("/post")
    @RequiresRoles(value = {"blog_admin", "admin"}, logical = Logical.OR)
    public GlobalResult<Product> update(@RequestBody ProductDTO product) {
        if (product.getIdProduct() == null || product.getIdProduct() == 0) {
            throw new IllegalArgumentException("产品主键参数异常!");
@ -52,6 +56,7 @@ public class ProductController {
    @PatchMapping("/update-status")
    @RequiresRoles(value = {"blog_admin", "admin"}, logical = Logical.OR)
    public GlobalResult<Boolean> updateStatus(@RequestBody Product product) {
        boolean flag = productService.updateStatus(product.getIdProduct(), product.getStatus());
        return GlobalResultGenerator.genSuccessResult(flag);
--- a/src/main/java/com/rymcu/forest/web/api/user/UserController.java
+++ b/src/main/java/com/rymcu/forest/web/api/user/UserController.java
@ -36,7 +36,7 @@ public class UserController {
    @GetMapping("/{account}")
    @VisitLogger
-    public GlobalResult detail(@PathVariable String account) {
+    public GlobalResult<UserDTO> detail(@PathVariable String account) {
        UserDTO userDTO = userService.findUserDTOByAccount(account);
        return GlobalResultGenerator.genSuccessResult(userDTO);
    }
@ -49,7 +49,7 @@ public class UserController {
        }
        PageHelper.startPage(page, rows);
        List<ArticleDTO> list = articleService.findUserArticlesByIdUser(userDTO.getIdUser());
-        PageInfo<ArticleDTO> pageInfo = new PageInfo(list);
+        PageInfo<ArticleDTO> pageInfo = new PageInfo<>(list);
        return GlobalResultGenerator.genSuccessResult(pageInfo);
    }
@ -61,7 +61,7 @@ public class UserController {
        }
        PageHelper.startPage(page, rows);
        List<PortfolioDTO> list = portfolioService.findUserPortfoliosByUser(userDTO);
-        PageInfo<PortfolioDTO> pageInfo = new PageInfo(list);
+        PageInfo<PortfolioDTO> pageInfo = new PageInfo<>(list);
        return GlobalResultGenerator.genSuccessResult(pageInfo);
    }
@ -73,7 +73,7 @@ public class UserController {
        }
        PageHelper.startPage(page, rows);
        List<UserDTO> list = followService.findUserFollowersByUser(userDTO);
-        PageInfo<UserDTO> pageInfo = new PageInfo(list);
+        PageInfo<UserDTO> pageInfo = new PageInfo<>(list);
        return GlobalResultGenerator.genSuccessResult(pageInfo);
    }
@ -85,7 +85,7 @@ public class UserController {
        }
        PageHelper.startPage(page, rows);
        List<UserDTO> list = followService.findUserFollowingsByUser(userDTO);
-        PageInfo<UserDTO> pageInfo = new PageInfo(list);
+        PageInfo<UserDTO> pageInfo = new PageInfo<>(list);
        return GlobalResultGenerator.genSuccessResult(pageInfo);
    }
--- a/src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java
+++ b/src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java
@ -13,6 +13,9 @@ import com.rymcu.forest.entity.LoginRecord;
 import com.rymcu.forest.entity.UserExtend;
 import com.rymcu.forest.service.LoginRecordService;
 import com.rymcu.forest.service.UserService;
 import org.apache.shiro.authz.annotation.Logical;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.web.bind.annotation.*;
 import javax.annotation.Resource;
@ -23,6 +26,7 @@ import java.util.List;
 */
@RestController
@RequestMapping("/api/v1/user-info")
@RequiresPermissions(value = "user")
 public class UserInfoController {
    @Resource
@ -45,8 +49,7 @@ public class UserInfoController {
    }
    @GetMapping("/check-nickname")
-    @SecurityInterceptor
+    public GlobalResult<Boolean> checkNickname(@RequestParam Long idUser, @RequestParam String nickname) {
    public GlobalResult checkNickname(@RequestParam Long idUser, @RequestParam String nickname) {
        boolean flag = userService.checkNicknameByIdUser(idUser, nickname);
        return GlobalResultGenerator.genSuccessResult(flag);
    }