feat: 扩展问卷问题管理权限，支持问卷管理员权限

- 后端：PrisonQuestionController 接口增加 prison:questionnaire:update 和 prison:questionnaire:query 权限判断 - 前端：QuestionList.vue 按钮增加 prison:questionnaire:update 权限判断 - 允许拥有问卷模板管理权限的用户也能管理问卷问题
2026-01-28 11:54:39 +08:00
1 changed files with 8 additions and 8 deletions
--- a/yudao-module-prison/src/main/java/cn/iocoder/yudao/module/prison/controller/admin/question/PrisonQuestionController.java
+++ b/yudao-module-prison/src/main/java/cn/iocoder/yudao/module/prison/controller/admin/question/PrisonQuestionController.java
@ -40,7 +40,7 @@ public class PrisonQuestionController {

    @PostMapping("/create")
    @Operation(summary = "创建问卷问题")
-    @PreAuthorize("@ss.hasPermission('prison:question:create')")
+    @PreAuthorize("@ss.hasPermission('prison:question:create') or @ss.hasPermission('prison:questionnaire:update')")
    @ApiAccessLog(operateType = CREATE)
    public CommonResult<Long> createQuestion(@Valid @RequestBody QuestionSaveReqVO createReqVO) {
        return success(questionService.createQuestion(createReqVO));
@ -48,7 +48,7 @@ public class PrisonQuestionController {

    @PutMapping("/update")
    @Operation(summary = "更新问卷问题")
-    @PreAuthorize("@ss.hasPermission('prison:question:update')")
+    @PreAuthorize("@ss.hasPermission('prison:question:update') or @ss.hasPermission('prison:questionnaire:update')")
    @ApiAccessLog(operateType = UPDATE)
    public CommonResult<Boolean> updateQuestion(@Valid @RequestBody QuestionSaveReqVO updateReqVO) {
        questionService.updateQuestion(updateReqVO);
@ -58,7 +58,7 @@ public class PrisonQuestionController {
    @DeleteMapping("/delete")
    @Operation(summary = "删除问卷问题")
    @Parameter(name = "id", description = "编号", required = true)
-    @PreAuthorize("@ss.hasPermission('prison:question:delete')")
+    @PreAuthorize("@ss.hasPermission('prison:question:delete') or @ss.hasPermission('prison:questionnaire:update')")
    @ApiAccessLog(operateType = DELETE)
    public CommonResult<Boolean> deleteQuestion(@NotNull(message = "编号不能为空") @RequestParam("id") Long id) {
        questionService.deleteQuestion(id);
@ -68,7 +68,7 @@ public class PrisonQuestionController {
    @DeleteMapping("/delete-list")
    @Parameter(name = "ids", description = "编号", required = true)
    @Operation(summary = "批量删除问卷问题")
-    @PreAuthorize("@ss.hasPermission('prison:question:delete')")
+    @PreAuthorize("@ss.hasPermission('prison:question:delete') or @ss.hasPermission('prison:questionnaire:update')")
    @ApiAccessLog(operateType = DELETE)
    public CommonResult<Boolean> deleteQuestionList(@NotEmpty(message = "编号列表不能为空") @RequestParam("ids") List<Long> ids) {
        questionService.deleteQuestionListByIds(ids);
@ -78,7 +78,7 @@ public class PrisonQuestionController {
    @GetMapping("/get")
    @Operation(summary = "获得问卷问题")
    @Parameter(name = "id", description = "编号", required = true, example = "1024")
-    @PreAuthorize("@ss.hasPermission('prison:question:query')")
+    @PreAuthorize("@ss.hasPermission('prison:question:query') or @ss.hasPermission('prison:questionnaire:query') or @ss.hasPermission('prison:questionnaire:update')")
    public CommonResult<QuestionRespVO> getQuestion(@RequestParam("id") Long id) {
        QuestionDO question = questionService.getQuestion(id);
        return success(QuestionConvert.INSTANCE.convert(question));
@ -86,7 +86,7 @@ public class PrisonQuestionController {

    @GetMapping("/page")
    @Operation(summary = "获得问卷问题分页")
-    @PreAuthorize("@ss.hasPermission('prison:question:query')")
+    @PreAuthorize("@ss.hasPermission('prison:question:query') or @ss.hasPermission('prison:questionnaire:query') or @ss.hasPermission('prison:questionnaire:update')")
    public CommonResult<PageResult<QuestionRespVO>> getQuestionPage(@Valid QuestionPageReqVO pageReqVO) {
        PageResult<QuestionDO> pageResult = questionService.getQuestionPage(pageReqVO);
        return success(QuestionConvert.INSTANCE.convertPage(pageResult));
@ -94,7 +94,7 @@ public class PrisonQuestionController {

    @PostMapping("/batch-update")
    @Operation(summary = "批量更新问卷问题")
-    @PreAuthorize("@ss.hasPermission('prison:question:update')")
+    @PreAuthorize("@ss.hasPermission('prison:question:update') or @ss.hasPermission('prison:questionnaire:update')")
    @ApiAccessLog(operateType = UPDATE)
    public CommonResult<Boolean> batchUpdateQuestion(@Valid @RequestBody QuestionBatchUpdateReqVO reqVO) {
        // 转换为 Service 需要的格式
@ -113,7 +113,7 @@ public class PrisonQuestionController {

    @GetMapping("/export-excel")
    @Operation(summary = "导出问卷问题 Excel")
-    @PreAuthorize("@ss.hasPermission('prison:question:export')")
+    @PreAuthorize("@ss.hasPermission('prison:question:export') or @ss.hasPermission('prison:questionnaire:export') or @ss.hasPermission('prison:questionnaire:update')")
    @ApiAccessLog(operateType = EXPORT)
    public void exportQuestionExcel(@Valid QuestionPageReqVO pageReqVO,
              HttpServletResponse response) throws IOException {