fixed 角色权限问题

fuint-application/src/main/java/com/fuint/common/config/SecurityConfig.java

@@ -58,7 +58,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
                 // 允许匿名访问
                 .antMatchers(
                         "/clientApi/**",
-                        "/backendApi/**"
+                        "/backendApi/**",
+                        "/merchantApi/**"
                         ).anonymous()
                 .antMatchers(
                         HttpMethod.GET,

fuint-application/src/main/java/com/fuint/common/service/DutyService.java

@@ -64,7 +64,7 @@ public interface DutyService extends IService<TDuty> {
      * @param merchantId
      * @param dutyId
      */
-    void deleteDuty(Integer merchantId, long dutyId);
+    void deleteDuty(Integer merchantId, long dutyId) throws BusinessCheckException;
 
     /**
      * 更新状态

fuint-application/src/main/java/com/fuint/module/backendApi/controller/BackendDutyController.java

@@ -9,7 +9,6 @@ import com.fuint.common.service.DutyService;
 import com.fuint.common.service.SourceService;
 import com.fuint.common.util.TokenUtil;
 import com.fuint.framework.exception.BusinessCheckException;
-import com.fuint.framework.exception.BusinessRuntimeException;
 import com.fuint.framework.pagination.PaginationRequest;
 import com.fuint.framework.pagination.PaginationResponse;
 import com.fuint.framework.web.BaseController;
@@ -258,17 +257,13 @@ public class BackendDutyController extends BaseController {
     @RequestMapping(value = "/delete/{roleId}", method = RequestMethod.POST)
     @CrossOrigin
     @PreAuthorize("@pms.hasPermission('system:role:delete')")
-    public ResponseObject deleteRole(HttpServletRequest request, @PathVariable("roleId") Long roleId) {
+    public ResponseObject deleteRole(HttpServletRequest request, @PathVariable("roleId") Long roleId) throws BusinessCheckException {
         String token = request.getHeader("Access-Token");
         AccountInfo accountInfo = TokenUtil.getAccountInfoByToken(token);
         if (accountInfo == null) {
             return getFailureResult(1001, "请先登录");
         }
-        try {
-            tDutyService.deleteDuty(accountInfo.getMerchantId(), roleId);
-        } catch (BusinessRuntimeException e) {
-            return getFailureResult(201, e.getMessage() == null ? "角色删除失败" : e.getMessage());
-        }
+        tDutyService.deleteDuty(accountInfo.getMerchantId(), roleId);
         return getSuccessResult(true);
     }
 
@@ -282,18 +277,13 @@ public class BackendDutyController extends BaseController {
     @RequestMapping(value = "/changeStatus", method = RequestMethod.POST)
     @CrossOrigin
     @PreAuthorize("@pms.hasPermission('system:role:edit')")
-    public ResponseObject changeStatus(HttpServletRequest request, @RequestBody DutyStatusRequest dutyStatusRequest) {
+    public ResponseObject changeStatus(HttpServletRequest request, @RequestBody DutyStatusRequest dutyStatusRequest) throws BusinessCheckException {
         String token = request.getHeader("Access-Token");
         AccountInfo accountInfo = TokenUtil.getAccountInfoByToken(token);
         if (accountInfo == null) {
             return getFailureResult(1001, "请先登录");
         }
-
-        try {
-            tDutyService.updateStatus(accountInfo.getMerchantId(), dutyStatusRequest);
-        } catch (BusinessCheckException e) {
-            return getFailureResult(201, e.getMessage() == null ? "操作失败" : e.getMessage());
-        }
+        tDutyService.updateStatus(accountInfo.getMerchantId(), dutyStatusRequest);
         return getSuccessResult(true);
     }
 }