完成部分权限的认证操作的迁移

src/main/java/cn/iocoder/dashboard/framework/logger/operatelog/core/aop/OperateLogAspect.java

@@ -233,11 +233,6 @@ public class OperateLogAspect {
         }
     }
 
-    private static void fillContentFields(SysOperateLogCreateReqVO operateLogVO) {
-        operateLogVO.setContent(CONTENT.get());
-        operateLogVO.setExts(EXTS.get());
-    }
-
     private static boolean isLogEnable(ProceedingJoinPoint joinPoint, OperateLog operateLog) {
         // 有 @OperateLog 注解的情况下
         if (operateLog != null) {

src/main/java/cn/iocoder/dashboard/framework/security/core/handler/LogoutSuccessHandlerImpl.java

@@ -2,7 +2,7 @@ package cn.iocoder.dashboard.framework.security.core.handler;
 
 import cn.hutool.core.util.StrUtil;
 import cn.iocoder.dashboard.framework.security.config.SecurityProperties;
-import cn.iocoder.dashboard.framework.security.core.service.SecurityFrameworkService;
+import cn.iocoder.dashboard.framework.security.core.service.SecurityAuthFrameworkService;
 import cn.iocoder.dashboard.framework.security.core.util.SecurityUtils;
 import cn.iocoder.dashboard.util.servlet.ServletUtils;
 import org.springframework.security.core.Authentication;
@@ -26,7 +26,7 @@ public class LogoutSuccessHandlerImpl implements LogoutSuccessHandler {
     private SecurityProperties securityProperties;
 
     @Resource
-    private SecurityFrameworkService securityFrameworkService;
+    private SecurityAuthFrameworkService securityFrameworkService;
 
     @Override
     public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {

src/main/java/cn/iocoder/dashboard/framework/security/core/service/SecurityAuthFrameworkService.java

@@ -4,16 +4,11 @@ import cn.iocoder.dashboard.framework.security.core.LoginUser;
 import org.springframework.security.core.userdetails.UserDetailsService;
 
 /**
- * Security 框架 Service 接口，定义 security 组件需要的功能
+ * Security 框架 Auth Service 接口，定义 security 组件需要的功能
+ *
+ * @author 芋道源码
  */
-public interface SecurityFrameworkService extends UserDetailsService {
-
-    /**
-     * 基于 token 退出登录
-     *
-     * @param token token
-     */
-    void logout(String token);
+public interface SecurityAuthFrameworkService extends UserDetailsService {
 
     /**
      * 校验 token 的有效性，并获取用户信息
@@ -32,4 +27,11 @@ public interface SecurityFrameworkService extends UserDetailsService {
      */
     LoginUser mockLogin(Long userId);
 
+    /**
+     * 基于 token 退出登录
+     *
+     * @param token token
+     */
+    void logout(String token);
+
 }

src/main/java/cn/iocoder/dashboard/framework/security/core/service/SecurityPermissionFrameworkService.java

@@ -0,0 +1,26 @@
+package cn.iocoder.dashboard.framework.security.core.service;
+
+/**
+ * Security 框架 Permission Service 接口，定义 security 组件需要的功能
+ *
+ * @author 芋道源码
+ */
+public interface SecurityPermissionFrameworkService {
+
+    /**
+     * 判断是否有权限
+     *
+     * @param permission 权限
+     * @return 是否
+     */
+    boolean hasPermission(String permission);
+
+    /**
+     * 判断是否有权限，任一一个即可
+     *
+     * @param permissions 权限
+     * @return 是否
+     */
+    boolean hasAnyPermissions(String... permissions);
+
+}

src/main/java/cn/iocoder/dashboard/framework/web/core/handler/GlobalExceptionHandler.java

@@ -3,7 +3,9 @@ package cn.iocoder.dashboard.framework.web.core.handler;
 import cn.iocoder.dashboard.common.exception.GlobalException;
 import cn.iocoder.dashboard.common.exception.ServiceException;
 import cn.iocoder.dashboard.common.pojo.CommonResult;
+import cn.iocoder.dashboard.framework.security.core.util.SecurityUtils;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.access.AccessDeniedException;
 import org.springframework.validation.BindException;
 import org.springframework.validation.FieldError;
 import org.springframework.web.HttpRequestMethodNotSupportedException;
@@ -64,6 +66,9 @@ public class GlobalExceptionHandler {
         if (ex instanceof ServiceException) {
             return serviceExceptionHandler((ServiceException) ex);
         }
+        if (ex instanceof AccessDeniedException) {
+            return accessDeniedExceptionHandler(request, (AccessDeniedException) ex);
+        }
         if (ex instanceof GlobalException) {
             return globalExceptionHandler(request, (GlobalException) ex);
         }
@@ -131,7 +136,7 @@ public class GlobalExceptionHandler {
     public CommonResult<?> validationException(ValidationException ex) {
         log.warn("[constraintViolationExceptionHandler]", ex);
         // 无法拼接明细的错误信息，因为 Dubbo Consumer 抛出 ValidationException 异常时，是直接的字符串信息，且人类不可读
-        return CommonResult.error(BAD_REQUEST.getCode(), "请求参数不正确");
+        return CommonResult.error(BAD_REQUEST);
     }
 
     /**
@@ -158,6 +163,18 @@ public class GlobalExceptionHandler {
         return CommonResult.error(METHOD_NOT_ALLOWED.getCode(), String.format("请求方法不正确:%s", ex.getMessage()));
     }
 
+    /**
+     * 处理 Spring Security 权限不足的异常
+     *
+     * 来源是，使用 @PreAuthorize 注解，AOP 进行权限拦截
+     */
+    @ExceptionHandler(value = AccessDeniedException.class)
+    public CommonResult<?> accessDeniedExceptionHandler(HttpServletRequest req, AccessDeniedException ex) {
+        log.warn("[accessDeniedExceptionHandler][userId({}) 无法访问 url({})]", SecurityUtils.getLoginUserId(),
+                req.getRequestURL(), ex);
+        return CommonResult.error(FORBIDDEN);
+    }
+
     /**
      * 处理业务异常 ServiceException
      *