From f689fc6bc9e621c651ce793789bf10b85e90f083 Mon Sep 17 00:00:00 2001
From: hucs <huchuansai@foxmail.com>
Date: Mon, 24 Jun 2024 16:09:55 +0800
Subject: [PATCH] fix

---
 .../admin/common/component/JwtToken.java      | 21 ++++---
 .../filter/JwtAuthenticationTokenFilter.java  |  4 ++
 .../PlayCustomArticleInfoController.java      |  1 -
 .../controller/PlayServiceInfoController.java |  6 --
 .../controller/CouponInfoController.java      |  6 --
 .../PlayCustomUserInfoController.java         |  7 ---
 .../controller/PlayGiftInfoController.java    |  6 --
 .../platform/service/ISysTenantService.java   |  2 +
 .../service/impl/SysTenantServiceImpl.java    | 60 +++++++++++--------
 .../PlayCommodityInfoController.java          |  6 --
 .../controller/PlayNoticeInfoController.java  |  6 --
 .../PlayResourcesInfoController.java          |  6 --
 .../system/controller/SysRoleController.java  |  3 -
 .../system/service/SysUserService.java        |  2 +
 .../service/impl/SysUserRoleServiceImpl.java  |  6 ++
 .../service/impl/SysUserServiceImpl.java      | 16 ++++-
 .../weichat/controller/WxPlayController.java  | 13 ++--
 .../src/main/resources/application-dev.yml    |  2 +-
 .../src/main/resources/application-prod.yml   |  2 +-
 .../src/main/resources/application-test.yml   |  2 +-
 20 files changed, 84 insertions(+), 93 deletions(-)

diff --git a/play-admin/src/main/java/com/starry/admin/common/component/JwtToken.java b/play-admin/src/main/java/com/starry/admin/common/component/JwtToken.java
index 73f0ea0..274df18 100644
--- a/play-admin/src/main/java/com/starry/admin/common/component/JwtToken.java
+++ b/play-admin/src/main/java/com/starry/admin/common/component/JwtToken.java
@@ -1,6 +1,5 @@
 package com.starry.admin.common.component;
 
-import com.starry.common.utils.IdUtils;
 import cn.hutool.core.util.StrUtil;
 import cn.hutool.extra.servlet.ServletUtil;
 import cn.hutool.http.useragent.UserAgent;
@@ -12,8 +11,8 @@ import com.starry.common.constant.Constants;
 import com.starry.common.constant.SecurityConstants;
 import com.starry.common.context.CustomSecurityContextHolder;
 import com.starry.common.redis.RedisCache;
+import com.starry.common.utils.IdUtils;
 import com.starry.common.utils.ServletUtils;
-import com.starry.common.utils.StringUtils;
 import com.starry.common.utils.ip.AddressUtils;
 import com.starry.common.utils.ip.IpUtils;
 import io.jsonwebtoken.Claims;
@@ -173,6 +172,8 @@ public class JwtToken {
         jwtUser.setExpireTime(jwtUser.getLoginTime() + expire * 1000);
         String userKey = getTokenKey(jwtUser.getToken());
         redisCache.setCacheObject(userKey, jwtUser, expire, TimeUnit.SECONDS);
+        String key = "login:resource:" + jwtUser.getUserId();
+        redisCache.setCacheObject(key, userKey, expire, TimeUnit.SECONDS);
     }
 
     private String getTokenKey(String uuid) {
@@ -221,13 +222,6 @@ public class JwtToken {
      * @param jwtUser
      * @return 令牌
      */
-    public void verifyToken(JwtUser jwtUser) {
-        long expireTime = jwtUser.getExpireTime();
-        long currentTime = System.currentTimeMillis();
-        if (expireTime - currentTime <= MILLIS_MINUTE_TEN) {
-            refersToken(jwtUser);
-        }
-    }
 
     /**
      * 删除用户身份信息
@@ -254,7 +248,10 @@ public class JwtToken {
         loginUser.setIpaddr(IpUtils.getIpAddr(ServletUtils.getRequest()));
         // 添加地址信息
         setUserAgent(loginUser);
-        refreshToken(loginUser);
+        String userRedisKey = refreshToken(loginUser);
+
+        String key = "login:resource:" + loginUser.getUserId();
+        redisCache.setCacheObject(key, userRedisKey, expire, TimeUnit.SECONDS);
 
         // Jwt存储信息
         Map<String, Object> claimsMap = new HashMap<>(8);
@@ -292,13 +289,15 @@ public class JwtToken {
      * 刷新令牌有效期
      *
      * @param loginUser 登录信息
+     * @return
      */
-    public void refreshToken(LoginUser loginUser) {
+    public String refreshToken(LoginUser loginUser) {
         loginUser.setLoginTime(System.currentTimeMillis());
         loginUser.setExpireTime(loginUser.getLoginTime() + expire * 1000);
         // 根据uuid将loginUser缓存
         String userKey = getTokenKey(loginUser.getToken());
         redisCache.setCacheObject(userKey, loginUser, expire, TimeUnit.MINUTES);
+        return userKey;
     }
 
     /**
diff --git a/play-admin/src/main/java/com/starry/admin/common/security/filter/JwtAuthenticationTokenFilter.java b/play-admin/src/main/java/com/starry/admin/common/security/filter/JwtAuthenticationTokenFilter.java
index cfa0ec9..0588a64 100644
--- a/play-admin/src/main/java/com/starry/admin/common/security/filter/JwtAuthenticationTokenFilter.java
+++ b/play-admin/src/main/java/com/starry/admin/common/security/filter/JwtAuthenticationTokenFilter.java
@@ -13,6 +13,7 @@ import com.starry.admin.modules.custom.module.entity.PlayCustomUserInfoEntity;
 import com.starry.admin.modules.custom.service.impl.PlayCustomUserInfoServiceImpl;
 import com.starry.admin.modules.platform.entity.SysTenantEntity;
 import com.starry.admin.modules.platform.service.ISysTenantService;
+import com.starry.admin.modules.system.service.SysUserService;
 import com.starry.admin.modules.weichat.service.WxTokenService;
 import com.starry.admin.utils.SecurityUtils;
 import com.starry.common.constant.Constants;
@@ -68,6 +69,8 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
 
     @Resource
     private RedisCache redisCache;
+    @Resource
+    private SysUserService userService;
 
 
     /**
@@ -134,6 +137,7 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
             LoginUser jwtUser = jwtToken.getNewLoginUser(httpServletRequest);
             if (null != jwtUser && null == SecurityContextHolder.getContext().getAuthentication()) {
                 jwtToken.verifyToken(jwtUser);
+                userService.selectUserById(jwtUser.getUserId());
                 UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(jwtUser, null, jwtUser.getAuthorities());
                 authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpServletRequest));
                 SecurityContextHolder.getContext().setAuthentication(authentication);
diff --git a/play-admin/src/main/java/com/starry/admin/modules/clerk/controller/PlayCustomArticleInfoController.java b/play-admin/src/main/java/com/starry/admin/modules/clerk/controller/PlayCustomArticleInfoController.java
index 469df5d..c36423d 100644
--- a/play-admin/src/main/java/com/starry/admin/modules/clerk/controller/PlayCustomArticleInfoController.java
+++ b/play-admin/src/main/java/com/starry/admin/modules/clerk/controller/PlayCustomArticleInfoController.java
@@ -26,7 +26,6 @@ public class PlayCustomArticleInfoController {
     /**
      * 查询陪聊点赞动态信息列表
      */
-    @PreAuthorize("@customSs.hasPermission('play:info:list')")
     @GetMapping("/list")
     public R list(PlayCustomArticleInfoEntity playCustomArticleInfo) {
         IPage<PlayCustomArticleInfoEntity> list = playCustomArticleInfoService.selectPlayCustomArticleInfoByPage(playCustomArticleInfo);
diff --git a/play-admin/src/main/java/com/starry/admin/modules/commodity/controller/PlayServiceInfoController.java b/play-admin/src/main/java/com/starry/admin/modules/commodity/controller/PlayServiceInfoController.java
index 394a363..127a69b 100644
--- a/play-admin/src/main/java/com/starry/admin/modules/commodity/controller/PlayServiceInfoController.java
+++ b/play-admin/src/main/java/com/starry/admin/modules/commodity/controller/PlayServiceInfoController.java
@@ -6,7 +6,6 @@ import com.starry.admin.modules.commodity.service.IPlayServiceInfoService;
 import com.starry.common.annotation.Log;
 import com.starry.common.enums.BusinessType;
 import com.starry.common.result.R;
-import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import javax.annotation.Resource;
@@ -28,7 +27,6 @@ public class PlayServiceInfoController {
     /**
      * 查询服务项目列表列表
      */
-    @PreAuthorize("@customSs.hasPermission('play:info:list')")
     @GetMapping("/list")
     public R list(PlayServiceInfoEntity playServiceInfo) {
         IPage<PlayServiceInfoEntity> list = playServiceInfoService.selectPlayServiceInfoByPage(playServiceInfo);
@@ -38,7 +36,6 @@ public class PlayServiceInfoController {
     /**
      * 获取服务项目列表详细信息
      */
-    @PreAuthorize("@customSs.hasPermission('play:info:query')")
     @GetMapping(value = "/{id}")
     public R getInfo(@PathVariable("id") String id) {
         return R.ok(playServiceInfoService.selectPlayServiceInfoById(id));
@@ -47,7 +44,6 @@ public class PlayServiceInfoController {
     /**
      * 新增服务项目列表
      */
-    @PreAuthorize("@customSs.hasPermission('play:info:create')")
     @Log(title = "服务项目列表", businessType = BusinessType.INSERT)
     @PostMapping("/create")
     public R create(@RequestBody PlayServiceInfoEntity playServiceInfo) {
@@ -61,7 +57,6 @@ public class PlayServiceInfoController {
     /**
      * 修改服务项目列表
      */
-    @PreAuthorize("@customSs.hasPermission('play:info:edit')")
     @Log(title = "服务项目列表", businessType = BusinessType.UPDATE)
     @PostMapping(value = "/update/{id}")
     public R update(@PathVariable String id, @RequestBody PlayServiceInfoEntity playServiceInfo) {
@@ -76,7 +71,6 @@ public class PlayServiceInfoController {
     /**
      * 删除服务项目列表
      */
-    @PreAuthorize("@customSs.hasPermission('play:info:remove')")
     @Log(title = "服务项目列表", businessType = BusinessType.DELETE)
     @DeleteMapping("/{ids}")
     public R remove(@PathVariable String[] ids) {
diff --git a/play-admin/src/main/java/com/starry/admin/modules/coupon/controller/CouponInfoController.java b/play-admin/src/main/java/com/starry/admin/modules/coupon/controller/CouponInfoController.java
index 5ec3c51..469e0f8 100644
--- a/play-admin/src/main/java/com/starry/admin/modules/coupon/controller/CouponInfoController.java
+++ b/play-admin/src/main/java/com/starry/admin/modules/coupon/controller/CouponInfoController.java
@@ -6,7 +6,6 @@ import com.starry.admin.modules.coupon.service.ICouponInfoService;
 import com.starry.common.annotation.Log;
 import com.starry.common.enums.BusinessType;
 import com.starry.common.result.R;
-import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import javax.annotation.Resource;
@@ -26,7 +25,6 @@ public class CouponInfoController {
     /**
      * 查询商品列表
      */
-    @PreAuthorize("@customSs.hasPermission('coupon/infolist')")
     @GetMapping("/list")
     public R list(CouponInfoEntity couponInfo) {
 
@@ -38,7 +36,6 @@ public class CouponInfoController {
     /**
      * 获取商品详细信息
      */
-    @PreAuthorize("@customSs.hasPermission('coupon/infoquery')")
     @GetMapping(value = "/{id}")
     public R getInfo(@PathVariable("id") String id) {
         return R.ok(couponInfoService.selectCouponInfoById(id));
@@ -47,7 +44,6 @@ public class CouponInfoController {
     /**
      * 新增商品
      */
-    @PreAuthorize("@customSs.hasPermission('coupon/infocreate')")
     @Log(title = "商品", businessType = BusinessType.INSERT)
     @PostMapping("/create")
     public R create(@RequestBody CouponInfoEntity couponInfo) {
@@ -61,7 +57,6 @@ public class CouponInfoController {
     /**
      * 修改商品
      */
-    @PreAuthorize("@customSs.hasPermission('coupon/infoedit')")
     @Log(title = "商品", businessType = BusinessType.UPDATE)
     @PostMapping(value = "/update/{id}")
     public R update(@PathVariable String id, @RequestBody CouponInfoEntity couponInfo) {
@@ -76,7 +71,6 @@ public class CouponInfoController {
     /**
      * 删除商品
      */
-    @PreAuthorize("@customSs.hasPermission('coupon/inforemove')")
     @Log(title = "商品", businessType = BusinessType.DELETE)
     @DeleteMapping("/{ids}")
     public R remove(@PathVariable String[] ids) {
diff --git a/play-admin/src/main/java/com/starry/admin/modules/custom/controller/PlayCustomUserInfoController.java b/play-admin/src/main/java/com/starry/admin/modules/custom/controller/PlayCustomUserInfoController.java
index d20f465..d84d1e5 100644
--- a/play-admin/src/main/java/com/starry/admin/modules/custom/controller/PlayCustomUserInfoController.java
+++ b/play-admin/src/main/java/com/starry/admin/modules/custom/controller/PlayCustomUserInfoController.java
@@ -10,7 +10,6 @@ import com.starry.common.annotation.Log;
 import com.starry.common.enums.BusinessType;
 import com.starry.common.result.R;
 import com.starry.common.utils.ConvertUtil;
-import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
@@ -31,7 +30,6 @@ public class PlayCustomUserInfoController {
     /**
      * 查询顾客列表
      */
-    @PreAuthorize("@customSs.hasPermission('custom:user:list')")
     @PostMapping("/listByPage")
     public R list(@Validated @RequestBody PlayCustomUserQueryVo vo) {
         IPage<PlayCustomUserReturnVo> list = playCustomUserInfoService.selectByPage(vo);
@@ -41,7 +39,6 @@ public class PlayCustomUserInfoController {
     /**
      * 获取顾客详细信息
      */
-    @PreAuthorize("@customSs.hasPermission('custom:user:list')")
     @GetMapping(value = "/{id}")
     public R getInfo(@PathVariable("id") String id) {
         return R.ok(playCustomUserInfoService.selectById(id));
@@ -50,7 +47,6 @@ public class PlayCustomUserInfoController {
     /**
      * 新增顾客
      */
-    @PreAuthorize("@customSs.hasPermission('custom:user:add')")
     @Log(title = "顾客", businessType = BusinessType.INSERT)
     @PostMapping("/create")
     public R create(@RequestBody PlayCustomUserInfoEntity playCustomUserInfo) {
@@ -64,7 +60,6 @@ public class PlayCustomUserInfoController {
     /**
      * 修改顾客状态
      */
-    @PreAuthorize("@customSs.hasPermission('custom:user:update')")
     @Log(title = "顾客", businessType = BusinessType.UPDATE)
     @PostMapping(value = "/updateState")
     public R updateState(@Validated @RequestBody PlayCustomUserStateEditVo vo) {
@@ -79,7 +74,6 @@ public class PlayCustomUserInfoController {
     /**
      * 修改顾客
      */
-    @PreAuthorize("@customSs.hasPermission('custom:user:update')")
     @Log(title = "顾客", businessType = BusinessType.UPDATE)
     @PostMapping(value = "/update/{id}")
     public R update(@PathVariable String id, @RequestBody PlayCustomUserInfoEntity playCustomUserInfo) {
@@ -94,7 +88,6 @@ public class PlayCustomUserInfoController {
     /**
      * 删除顾客
      */
-    @PreAuthorize("@customSs.hasPermission('custom:user:delete')")
     @Log(title = "顾客", businessType = BusinessType.DELETE)
     @DeleteMapping("/{ids}")
     public R remove(@PathVariable String[] ids) {
diff --git a/play-admin/src/main/java/com/starry/admin/modules/gift/controller/PlayGiftInfoController.java b/play-admin/src/main/java/com/starry/admin/modules/gift/controller/PlayGiftInfoController.java
index a8df0af..e0921b0 100644
--- a/play-admin/src/main/java/com/starry/admin/modules/gift/controller/PlayGiftInfoController.java
+++ b/play-admin/src/main/java/com/starry/admin/modules/gift/controller/PlayGiftInfoController.java
@@ -6,7 +6,6 @@ import com.starry.admin.modules.gift.service.IPlayGiftInfoService;
 import com.starry.common.annotation.Log;
 import com.starry.common.enums.BusinessType;
 import com.starry.common.result.R;
-import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import javax.annotation.Resource;
@@ -26,7 +25,6 @@ public class PlayGiftInfoController {
     /**
      * 查询礼物列表
      */
-    @PreAuthorize("@customSs.hasPermission('play:info:list')")
     @GetMapping("/list")
     public R list(PlayGiftInfoEntity playGiftInfo) {
         IPage<PlayGiftInfoEntity> list = playGiftInfoService.selectPlayGiftInfoByPage(playGiftInfo);
@@ -36,7 +34,6 @@ public class PlayGiftInfoController {
     /**
      * 获取礼物详细信息
      */
-    @PreAuthorize("@customSs.hasPermission('play:info:query')")
     @GetMapping(value = "/{id}")
     public R getInfo(@PathVariable("id") String id) {
         return R.ok(playGiftInfoService.selectPlayGiftInfoById(id));
@@ -45,7 +42,6 @@ public class PlayGiftInfoController {
     /**
      * 新增礼物
      */
-    @PreAuthorize("@customSs.hasPermission('play:info:create')")
     @Log(title = "礼物", businessType = BusinessType.INSERT)
     @PostMapping("/create")
     public R create(@RequestBody PlayGiftInfoEntity playGiftInfo) {
@@ -59,7 +55,6 @@ public class PlayGiftInfoController {
     /**
      * 修改礼物
      */
-    @PreAuthorize("@customSs.hasPermission('play:info:edit')")
     @Log(title = "礼物", businessType = BusinessType.UPDATE)
     @PostMapping(value = "/update/{id}")
     public R update(@PathVariable String id, @RequestBody PlayGiftInfoEntity playGiftInfo) {
@@ -74,7 +69,6 @@ public class PlayGiftInfoController {
     /**
      * 删除礼物
      */
-    @PreAuthorize("@customSs.hasPermission('play:info:remove')")
     @Log(title = "礼物", businessType = BusinessType.DELETE)
     @DeleteMapping("/{ids}")
     public R remove(@PathVariable String[] ids) {
diff --git a/play-admin/src/main/java/com/starry/admin/modules/platform/service/ISysTenantService.java b/play-admin/src/main/java/com/starry/admin/modules/platform/service/ISysTenantService.java
index 7f3b703..95f35fa 100644
--- a/play-admin/src/main/java/com/starry/admin/modules/platform/service/ISysTenantService.java
+++ b/play-admin/src/main/java/com/starry/admin/modules/platform/service/ISysTenantService.java
@@ -104,4 +104,6 @@ public interface ISysTenantService extends IService<SysTenantEntity> {
      */
     List<SysTenantEntity> queryByPackage(String packageId);
 
+    void initRole(SysTenantEntity sysTenantEntity);
+
 }
diff --git a/play-admin/src/main/java/com/starry/admin/modules/platform/service/impl/SysTenantServiceImpl.java b/play-admin/src/main/java/com/starry/admin/modules/platform/service/impl/SysTenantServiceImpl.java
index 006b612..a85fcb8 100644
--- a/play-admin/src/main/java/com/starry/admin/modules/platform/service/impl/SysTenantServiceImpl.java
+++ b/play-admin/src/main/java/com/starry/admin/modules/platform/service/impl/SysTenantServiceImpl.java
@@ -19,7 +19,6 @@ import com.starry.admin.modules.platform.vo.SysTenantQueryVo;
 import com.starry.admin.modules.system.entity.SysRoleEntity;
 import com.starry.admin.modules.system.entity.SysRoleMenuEntity;
 import com.starry.admin.modules.system.entity.SysUserEntity;
-import com.starry.admin.modules.system.entity.SysUserRoleEntity;
 import com.starry.admin.modules.system.mapper.*;
 import com.starry.admin.modules.system.service.SysRoleMenuService;
 import com.starry.admin.utils.SecurityUtils;
@@ -37,10 +36,7 @@ import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
 import javax.annotation.Resource;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Date;
-import java.util.List;
+import java.util.*;
 import java.util.stream.Collectors;
 
 /**
@@ -70,8 +66,6 @@ public class SysTenantServiceImpl extends ServiceImpl<SysTenantMapper, SysTenant
     private SysRoleMenuMapper sysRoleMenuMapper;
     @Resource
     private RedisCache redisCache;
-    @Resource
-    private SysMenuMapper menuMapper;
 
 
     @Override
@@ -245,14 +239,6 @@ public class SysTenantServiceImpl extends ServiceImpl<SysTenantMapper, SysTenant
         //createUserRole(sysTenant.getTenantId(), user.getUserId(), roleId);
     }
 
-    private void createUserRole(String tenantId, String userId, Long roleId) {
-        SysUserRoleEntity userRole = new SysUserRoleEntity();
-        userRole.setUserId(userId);
-        userRole.setRoleId(roleId);
-        userRole.setTenantId(tenantId);
-        userRoleMapper.insert(userRole);
-    }
-
     @Override
     public R updateTenant(SysTenantEntity sysTenantEntity) {
         // 判断最新的租户套餐是否改变 重新授权 租户二级管理员账号需重新分配三级账号权限
@@ -308,7 +294,7 @@ public class SysTenantServiceImpl extends ServiceImpl<SysTenantMapper, SysTenant
         log.info("腾讯云域名映射结果：{}", JSONObject.toJSONString(createRecordResponse));
     }
 
-    private void initRole(SysTenantEntity sysTenantEntity) {
+    public void initRole(SysTenantEntity sysTenantEntity) {
 
         SysRoleEntity operator = new SysRoleEntity();
         operator.setRoleName("管理员");
@@ -322,16 +308,21 @@ public class SysTenantServiceImpl extends ServiceImpl<SysTenantMapper, SysTenant
 
 
         SysTenantPackageEntity sysTenantPackage = tenantPackageMapper.selectById(sysTenantEntity.getPackageId());
-        List<String> subMeuns = Arrays.asList(sysTenantPackage.getMenuIds().split(","));
-        if (CollectionUtil.isNotEmpty(subMeuns)) {
-            List<SysRoleMenuEntity> roleMenuEntityList = subMeuns.stream().map(menu -> {
-                SysRoleMenuEntity rm = new SysRoleMenuEntity();
-                rm.setRoleId(operator.getRoleId());
-                rm.setMenuId(Long.valueOf(menu));
-                return rm;
-            }).collect(Collectors.toList());
-            roleMenuService.saveBatch(roleMenuEntityList);
+        List<String> subMeuns = new ArrayList<>(Arrays.asList(sysTenantPackage.getMenuIds().split(",")));
+        if (CollectionUtil.isEmpty(subMeuns)) {
+            subMeuns = new ArrayList<>();
         }
+        subMeuns.remove("2089");
+        subMeuns.remove("2088");
+        subMeuns.remove("2093");
+        subMeuns.remove("6");
+        List<SysRoleMenuEntity> roleMenuEntityList = subMeuns.stream().map(menu -> {
+            SysRoleMenuEntity rm = new SysRoleMenuEntity();
+            rm.setRoleId(operator.getRoleId());
+            rm.setMenuId(Long.valueOf(menu));
+            return rm;
+        }).collect(Collectors.toList());
+        roleMenuService.saveBatch(roleMenuEntityList);
 
         SysRoleEntity waiter = new SysRoleEntity();
         waiter.setRoleName("客服");
@@ -343,6 +334,15 @@ public class SysTenantServiceImpl extends ServiceImpl<SysTenantMapper, SysTenant
         waiter.setTenantId(sysTenantEntity.getTenantId());
         roleMapper.insert(waiter);
 
+        List<Long> waiterMenuIdList = Arrays.asList(1100L, 1101L, 1103L, 1104L, 1105L);
+        List<SysRoleMenuEntity> waiterMenuList = waiterMenuIdList.stream().map(menu -> {
+            SysRoleMenuEntity rm = new SysRoleMenuEntity();
+            rm.setRoleId(waiter.getRoleId());
+            rm.setMenuId(menu);
+            return rm;
+        }).collect(Collectors.toList());
+        roleMenuService.saveBatch(waiterMenuList);
+
         SysRoleEntity leader = new SysRoleEntity();
         leader.setRoleName("组长");
         leader.setRoleKey("leader");
@@ -352,5 +352,15 @@ public class SysTenantServiceImpl extends ServiceImpl<SysTenantMapper, SysTenant
         leader.setDeptCheckStrictly(true);
         leader.setTenantId(sysTenantEntity.getTenantId());
         roleMapper.insert(leader);
+
+        List<Long> leaderMenuIdList = Arrays.asList(1000L, 10001L, 2087L, 1100L, 1101L, 2094L);
+        List<SysRoleMenuEntity> leaderMenuList = leaderMenuIdList.stream().map(menu -> {
+            SysRoleMenuEntity rm = new SysRoleMenuEntity();
+            rm.setRoleId(leader.getRoleId());
+            rm.setMenuId(menu);
+            return rm;
+        }).collect(Collectors.toList());
+        roleMenuService.saveBatch(leaderMenuList);
+
     }
 }
diff --git a/play-admin/src/main/java/com/starry/admin/modules/play/controller/PlayCommodityInfoController.java b/play-admin/src/main/java/com/starry/admin/modules/play/controller/PlayCommodityInfoController.java
index 65aea0b..9c0defe 100644
--- a/play-admin/src/main/java/com/starry/admin/modules/play/controller/PlayCommodityInfoController.java
+++ b/play-admin/src/main/java/com/starry/admin/modules/play/controller/PlayCommodityInfoController.java
@@ -8,7 +8,6 @@ import com.starry.common.annotation.Log;
 import com.starry.common.enums.BusinessType;
 import com.starry.common.result.R;
 import com.starry.common.utils.ConvertUtil;
-import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import javax.annotation.Resource;
@@ -28,7 +27,6 @@ public class PlayCommodityInfoController {
     /**
      * 查询服务项目列表
      */
-    @PreAuthorize("@customSs.hasPermission('play:info:list')")
     @GetMapping("/list")
     public R list(PlayCommodityInfoEntity playCommodityInfo) {
         IPage<PlayCommodityInfoEntity> list = playCommodityInfoService.selectPlayCommodityInfoByPage(playCommodityInfo);
@@ -38,7 +36,6 @@ public class PlayCommodityInfoController {
     /**
      * 获取服务项目详细信息
      */
-    @PreAuthorize("@customSs.hasPermission('play:info:query')")
     @GetMapping(value = "/{id}")
     public R getInfo(@PathVariable("id") String id) {
         return R.ok(playCommodityInfoService.selectPlayCommodityInfoById(id));
@@ -47,7 +44,6 @@ public class PlayCommodityInfoController {
     /**
      * 新增服务项目
      */
-    @PreAuthorize("@customSs.hasPermission('play:info:create')")
     @Log(title = "服务项目", businessType = BusinessType.INSERT)
     @PostMapping("/create")
     public R create(@RequestBody PlayCommodityInfoAddVo vo) {
@@ -62,7 +58,6 @@ public class PlayCommodityInfoController {
     /**
      * 修改服务项目
      */
-    @PreAuthorize("@customSs.hasPermission('play:info:edit')")
     @Log(title = "服务项目", businessType = BusinessType.UPDATE)
     @PostMapping(value = "/update/{id}")
     public R update(@PathVariable String id, @RequestBody PlayCommodityInfoEntity playCommodityInfo) {
@@ -77,7 +72,6 @@ public class PlayCommodityInfoController {
     /**
      * 删除服务项目
      */
-    @PreAuthorize("@customSs.hasPermission('play:info:remove')")
     @Log(title = "服务项目", businessType = BusinessType.DELETE)
     @DeleteMapping("/{ids}")
     public R remove(@PathVariable String[] ids) {
diff --git a/play-admin/src/main/java/com/starry/admin/modules/play/controller/PlayNoticeInfoController.java b/play-admin/src/main/java/com/starry/admin/modules/play/controller/PlayNoticeInfoController.java
index 94b3767..032c42c 100644
--- a/play-admin/src/main/java/com/starry/admin/modules/play/controller/PlayNoticeInfoController.java
+++ b/play-admin/src/main/java/com/starry/admin/modules/play/controller/PlayNoticeInfoController.java
@@ -8,7 +8,6 @@ import com.starry.common.annotation.Log;
 import com.starry.common.enums.BusinessType;
 import com.starry.common.result.R;
 import com.starry.common.utils.ConvertUtil;
-import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
@@ -30,7 +29,6 @@ public class PlayNoticeInfoController {
     /**
      * 查询公告列表
      */
-    @PreAuthorize("@customSs.hasPermission('play:info:list')")
     @GetMapping("/listAll")
     public R listAll(PlayNoticeInfoEntity playNoticeInfo) {
         IPage<PlayNoticeInfoEntity> list = playNoticeInfoService.selectPlayNoticeInfoByPage(playNoticeInfo);
@@ -40,7 +38,6 @@ public class PlayNoticeInfoController {
     /**
      * 查询公告列表
      */
-    @PreAuthorize("@customSs.hasPermission('play:info:list')")
     @GetMapping("/list")
     public R list(PlayNoticeInfoEntity playNoticeInfo) {
         IPage<PlayNoticeInfoEntity> list = playNoticeInfoService.selectPlayNoticeInfoByPage(playNoticeInfo);
@@ -50,7 +47,6 @@ public class PlayNoticeInfoController {
     /**
      * 获取公告详细信息
      */
-    @PreAuthorize("@customSs.hasPermission('play:info:query')")
     @GetMapping(value = "/{id}")
     public R getInfo(@PathVariable("id") String id) {
         return R.ok(playNoticeInfoService.selectPlayNoticeInfoById(id));
@@ -59,7 +55,6 @@ public class PlayNoticeInfoController {
     /**
      * 新增公告
      */
-    @PreAuthorize("@customSs.hasPermission('play:info:create')")
     @Log(title = "公告", businessType = BusinessType.INSERT)
     @PostMapping("/create")
     public R create(@Validated @RequestBody PlayNoticeInfoAddVo vo) {
@@ -75,7 +70,6 @@ public class PlayNoticeInfoController {
     /**
      * 删除公告
      */
-    @PreAuthorize("@customSs.hasPermission('play:info:remove')")
     @Log(title = "公告", businessType = BusinessType.DELETE)
     @DeleteMapping("/{ids}")
     public R remove(@PathVariable String[] ids) {
diff --git a/play-admin/src/main/java/com/starry/admin/modules/play/controller/PlayResourcesInfoController.java b/play-admin/src/main/java/com/starry/admin/modules/play/controller/PlayResourcesInfoController.java
index 6e8d6d7..2730b27 100644
--- a/play-admin/src/main/java/com/starry/admin/modules/play/controller/PlayResourcesInfoController.java
+++ b/play-admin/src/main/java/com/starry/admin/modules/play/controller/PlayResourcesInfoController.java
@@ -10,7 +10,6 @@ import com.starry.common.annotation.Log;
 import com.starry.common.enums.BusinessType;
 import com.starry.common.result.R;
 import com.starry.common.utils.ConvertUtil;
-import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
 
@@ -36,7 +35,6 @@ public class PlayResourcesInfoController {
     /**
      * 查询陪聊资源列表
      */
-    @PreAuthorize("@customSs.hasPermission('play:info:list')")
     @GetMapping("/list")
     public R list(PlayResourcesInfoEntity playResourcesInfo) {
         IPage<PlayResourcesInfoEntity> list = playResourcesInfoService.selectPlayResourcesInfoByPage(playResourcesInfo);
@@ -47,7 +45,6 @@ public class PlayResourcesInfoController {
     /**
      * 获取陪聊资源详细信息
      */
-    @PreAuthorize("@customSs.hasPermission('play:info:query')")
     @GetMapping(value = "/{id}")
     public R getInfo(@PathVariable("id") String id) {
         return R.ok(playResourcesInfoService.selectPlayResourcesInfoById(id));
@@ -56,7 +53,6 @@ public class PlayResourcesInfoController {
     /**
      * 陪聊上传资源（图片/签名/视频/录音小样等）
      */
-    @PreAuthorize("@customSs.hasPermission('play:info:create')")
     @Log(title = "陪聊资源", businessType = BusinessType.INSERT)
     @PostMapping("/create")
     public R create(@RequestBody PlayResourcesInfoAddVo vo, @RequestParam("file") MultipartFile file) throws IOException {
@@ -82,7 +78,6 @@ public class PlayResourcesInfoController {
     /**
      * 陪聊资料审核
      */
-    @PreAuthorize("@customSs.hasPermission('play:info:edit')")
     @Log(title = "陪聊资源审核", businessType = BusinessType.UPDATE)
     @PostMapping("/examine")
     public R examinePlayResourcesInfo(@RequestBody PlayResourcesInfoReviewVo vo) {
@@ -97,7 +92,6 @@ public class PlayResourcesInfoController {
     /**
      * 删除陪聊资源
      */
-    @PreAuthorize("@customSs.hasPermission('play:info:remove')")
     @Log(title = "陪聊资源", businessType = BusinessType.DELETE)
     @DeleteMapping("/{ids}")
     public R remove(@PathVariable String[] ids) {
diff --git a/play-admin/src/main/java/com/starry/admin/modules/system/controller/SysRoleController.java b/play-admin/src/main/java/com/starry/admin/modules/system/controller/SysRoleController.java
index aa066d8..0d06a61 100644
--- a/play-admin/src/main/java/com/starry/admin/modules/system/controller/SysRoleController.java
+++ b/play-admin/src/main/java/com/starry/admin/modules/system/controller/SysRoleController.java
@@ -138,7 +138,6 @@ public class SysRoleController {
     /**
      * 根据角色编号获取详细信息
      */
-    @PreAuthorize("@customSs.hasPermission('system:role:query')")
     @GetMapping(value = "/{roleId}")
     public R getInfo(@PathVariable Long roleId) {
         roleService.checkRoleDataScope(roleId);
@@ -149,7 +148,6 @@ public class SysRoleController {
      * 获取对应角色部门树列表
      */
     @ApiOperation("获取对应角色部门树列表")
-    @PreAuthorize("@customSs.hasPermission('system:role:query')")
     @GetMapping(value = "/deptTree/{roleId}")
     public R deptTree(@PathVariable("roleId") Long roleId) {
         Map<String, Object> resultMap = new HashMap<>(8);
@@ -162,7 +160,6 @@ public class SysRoleController {
      * 修改保存数据权限
      */
     @ApiOperation("修改保存数据权限")
-    @PreAuthorize("@customSs.hasPermission('system:role:query')")
     @Log(title = "角色管理-保存数据权限", businessType = BusinessType.UPDATE)
     @PostMapping("/dataScope")
     public R dataScope(@RequestBody SysRoleEntity role) {
diff --git a/play-admin/src/main/java/com/starry/admin/modules/system/service/SysUserService.java b/play-admin/src/main/java/com/starry/admin/modules/system/service/SysUserService.java
index c9e5532..1e45f33 100644
--- a/play-admin/src/main/java/com/starry/admin/modules/system/service/SysUserService.java
+++ b/play-admin/src/main/java/com/starry/admin/modules/system/service/SysUserService.java
@@ -146,4 +146,6 @@ public interface SysUserService extends IService<SysUserEntity> {
     void updatePassword(UpdateUserPasswordParam param);
 
     void updateMobile(UpdateUserMobileParam param);
+
+    void logoutUser(String uid);
 }
diff --git a/play-admin/src/main/java/com/starry/admin/modules/system/service/impl/SysUserRoleServiceImpl.java b/play-admin/src/main/java/com/starry/admin/modules/system/service/impl/SysUserRoleServiceImpl.java
index be33ca6..278e497 100644
--- a/play-admin/src/main/java/com/starry/admin/modules/system/service/impl/SysUserRoleServiceImpl.java
+++ b/play-admin/src/main/java/com/starry/admin/modules/system/service/impl/SysUserRoleServiceImpl.java
@@ -5,8 +5,11 @@ import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
 import com.starry.admin.modules.system.entity.SysUserRoleEntity;
 import com.starry.admin.modules.system.mapper.SysUserRoleMapper;
 import com.starry.admin.modules.system.service.SysUserRoleService;
+import com.starry.admin.modules.system.service.SysUserService;
 import org.springframework.stereotype.Service;
 
+import javax.annotation.Resource;
+
 /**
  * <p>
  * 用户角色关联表 服务实现类
@@ -18,6 +21,8 @@ import org.springframework.stereotype.Service;
 @Service
 public class SysUserRoleServiceImpl extends ServiceImpl<SysUserRoleMapper, SysUserRoleEntity> implements SysUserRoleService {
 
+    @Resource
+    private SysUserService userService;
 
     @Override
     public void delUserRole(String userId, Long roleId) {
@@ -25,6 +30,7 @@ public class SysUserRoleServiceImpl extends ServiceImpl<SysUserRoleMapper, SysUs
         queryWrapper.eq(SysUserRoleEntity::getUserId, userId);
         queryWrapper.eq(SysUserRoleEntity::getRoleId, roleId);
         this.remove(queryWrapper);
+        userService.logoutUser(userId);
     }
 
 
diff --git a/play-admin/src/main/java/com/starry/admin/modules/system/service/impl/SysUserServiceImpl.java b/play-admin/src/main/java/com/starry/admin/modules/system/service/impl/SysUserServiceImpl.java
index bad73d6..b5ba94e 100644
--- a/play-admin/src/main/java/com/starry/admin/modules/system/service/impl/SysUserServiceImpl.java
+++ b/play-admin/src/main/java/com/starry/admin/modules/system/service/impl/SysUserServiceImpl.java
@@ -29,6 +29,7 @@ import com.starry.admin.modules.system.vo.*;
 import com.starry.admin.utils.SecurityUtils;
 import com.starry.common.annotation.DataScope;
 import com.starry.common.constant.UserConstants;
+import com.starry.common.redis.RedisCache;
 import com.starry.common.utils.IdUtils;
 import com.starry.common.utils.StringUtils;
 import lombok.extern.slf4j.Slf4j;
@@ -69,6 +70,8 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUserEntity
     private IPlayPersonnelGroupInfoService playClerkGroupInfoService;
     @Resource
     private IPlayPersonnelWaiterInfoService playClerkWaiterInfoService;
+    @Resource
+    private RedisCache redisCache;
 
 
     @Override
@@ -204,9 +207,10 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUserEntity
         if (StringUtils.isEmpty(userId)) {
             userId = SecurityUtils.getUserId();
         }
+        baseMapper.selectById(userId);
         SysUserEntity data = baseMapper.selectUserById(userId);
         if (Objects.isNull(data)) {
-            throw new RuntimeException("未查询到指定用户");
+            throw new RuntimeException("未查询到指定用户或该用户状态异常");
         }
         return data;
     }
@@ -336,4 +340,14 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUserEntity
         }
         this.update(Wrappers.lambdaUpdate(SysUserEntity.class).eq(SysUserEntity::getUserId, param.getUserId()).set(SysUserEntity::getUserCode, param.getMobile()).set(SysUserEntity::getMobile, param.getMobile()));
     }
+
+    @Override
+    public void logoutUser(String uid) {
+        String key = "login:resource:" + uid;
+        Object object = redisCache.getCacheObject(key);
+        if(Objects.isNull(object)) return;
+
+        String key2 = object.toString();
+        redisCache.deleteObject(key2);
+    }
 }
diff --git a/play-admin/src/main/java/com/starry/admin/modules/weichat/controller/WxPlayController.java b/play-admin/src/main/java/com/starry/admin/modules/weichat/controller/WxPlayController.java
index a637013..2d78b48 100644
--- a/play-admin/src/main/java/com/starry/admin/modules/weichat/controller/WxPlayController.java
+++ b/play-admin/src/main/java/com/starry/admin/modules/weichat/controller/WxPlayController.java
@@ -11,10 +11,8 @@ import com.starry.admin.modules.custom.module.entity.PlayCustomUserInfoEntity;
 import com.starry.admin.modules.custom.service.IPlayCustomUserInfoService;
 import com.starry.admin.modules.order.module.entity.PlayOrderInfoEntity;
 import com.starry.admin.modules.order.service.IPlayOrderInfoService;
-import com.starry.admin.modules.order.service.impl.PlayOrderInfoServiceImpl;
 import com.starry.admin.modules.platform.entity.SysTenantEntity;
 import com.starry.admin.modules.platform.service.impl.SysTenantServiceImpl;
-import com.starry.admin.modules.weichat.service.WxCustomMpService;
 import com.starry.admin.utils.SecurityUtils;
 import com.starry.common.result.R;
 import com.starry.common.utils.StringUtils;
@@ -45,12 +43,14 @@ public class WxPlayController {
     private IPlayCustomUserInfoService customUserInfoService;
     @Resource
     private IPlayOrderInfoService orderInfoService;
-    @Resource
-    private WxCustomMpService mpService;
 
-    @Resource
-    PlayOrderInfoServiceImpl playOrderInfoService;
 
+    @GetMapping("/test")
+    public String test() {
+        SysTenantEntity tenant = tenantService.getById("7f7ecd75fd29464db2867982f88e8ef0");
+        tenantService.initRole(tenant);
+        return WxPayNotifyResponse.success("成功");
+    }
 
     /**
      * 微信支付-微信回调地址（https://pay.weixin.qq.com/wiki/doc/api/wxa/wxa_api.php?chapter=9_7&index=8）
@@ -130,6 +130,7 @@ public class WxPlayController {
         BigDecimal paymentAmount = customUserInfoService.getCustomPaymentAmount(new BigDecimal(money), ThreadLocalRequestDetail.getCustomUserInfo().getId());
         return R.ok(paymentAmount);
     }
+
     @CustomUserLogin
     @GetMapping("/custom/createOrder")
     public R createOrder(@RequestParam("money") String money) {
diff --git a/play-admin/src/main/resources/application-dev.yml b/play-admin/src/main/resources/application-dev.yml
index dc78890..4153900 100644
--- a/play-admin/src/main/resources/application-dev.yml
+++ b/play-admin/src/main/resources/application-dev.yml
@@ -82,7 +82,7 @@ jwt:
   tokenHeader: X-Token #JWT存储的请求头
   tokenHead: Bearer  #JWT负载中拿到开头
   secret: yz-admin-secret #JWT加解密使用的密钥
-  expiration: 3600 #JWT的超期限时间秒(60*60*24)
+  expiration: 360000 #JWT的超期限时间秒(60*60*24)
 
 # xl自定义配置
 xl:
diff --git a/play-admin/src/main/resources/application-prod.yml b/play-admin/src/main/resources/application-prod.yml
index ceebfc6..f6e4f6b 100644
--- a/play-admin/src/main/resources/application-prod.yml
+++ b/play-admin/src/main/resources/application-prod.yml
@@ -78,7 +78,7 @@ jwt:
   tokenHeader: X-Token #JWT存储的请求头
   tokenHead: Bearer  #JWT负载中拿到开头
   secret: yz-admin-secret #JWT加解密使用的密钥
-  expiration: 3600 #JWT的超期限时间秒(60*60*24)
+  expiration: 360000 #JWT的超期限时间秒(60*60*24)
 
 # xl自定义配置
 xl:
diff --git a/play-admin/src/main/resources/application-test.yml b/play-admin/src/main/resources/application-test.yml
index 89a957f..55fe51a 100644
--- a/play-admin/src/main/resources/application-test.yml
+++ b/play-admin/src/main/resources/application-test.yml
@@ -84,7 +84,7 @@ jwt:
   tokenHeader: X-Token #JWT存储的请求头
   tokenHead: Bearer  #JWT负载中拿到开头
   secret: yz-admin-secret #JWT加解密使用的密钥
-  expiration: 3600 #JWT的超期限时间秒(60*60*24)
+  expiration: 360000 #JWT的超期限时间秒(60*60*24)
 
 # token配置
 token: