简化权限校验

SLN/%PUBPRJ%-provider/%PUBPRJ%-provider-%SYSAPI_PKGPATH%/src/main/java/%SYS_PKGPATH%/%SYSAPI_PKGPATH%/rest/%ITEM%Resource.java.ftl

@@ -141,11 +141,7 @@ public class ${itemCodeName}Resource {
                 <#assign deactionName = deaction.getName()>
                 <#assign deactionCodeName = deaction.getCodeName()>
                 <#if deaction.codeName?lower_case == 'create'>
-                    <#if noDEPrefield>
-    <@outputHasAnyAuthorityAnnotation '${sys.codeName}-${de.codeName}-${deaction.codeName}-all'/>
-                    <#else>
-    <@outputHasPermissionAnnotation 'this.${itemCodeNameLC}Mapping.toDomain(#${itemCodeNameLC}dto)' '${sys.codeName}-${de.codeName}-${deaction.codeName}' />
-                    </#if>
+                <@SecurityAnnotation deaction/>
     @ApiOperation(value = "${deaction.getLogicName()}", tags = {"${itemCodeName}" },  notes = "${deaction.getLogicName()}")
 	@RequestMapping(method = RequestMethod.POST, value = "${fullPath}")
 <#if de.getStorageMode()==4><#else>    @Transactional</#if>
@@ -156,7 +152,7 @@ public class ${itemCodeName}Resource {
 		return ResponseEntity.status(HttpStatus.OK).body(dto);
     }
 
-    <@outputBatchPermissionAnnotation deaction.codeName deStorageMode/>
+                <@SecurityBatchAnnotation deaction/>
     @ApiOperation(value = "createBatch", tags = {"${itemCodeName}" },  notes = "createBatch")
 	@RequestMapping(method = RequestMethod.POST, value = "${fullPath}/batch")
     public ResponseEntity<Boolean> createBatch(${etParamsList}) {
@@ -165,11 +161,7 @@ public class ${itemCodeName}Resource {
     }
 
                 <#elseif deaction.codeName?lower_case == 'update'>
-                    <#if noDEPrefield>
-    <@outputHasAnyAuthorityAnnotation '${sys.codeName}-${de.codeName}-${deaction.codeName}-all'/>
-                    <#else>
-    <@outputHasPermissionAnnotation 'this.${deCodeNameLC}Service.get(#${itemCodeNameLC + keyCNLC})' '${sys.codeName}-${de.codeName}-${deaction.codeName}' />
-                    </#if>
+                <@SecurityAnnotation deaction/>
     @ApiOperation(value = "${deaction.getLogicName()}", tags = {"${itemCodeName}" },  notes = "${deaction.getLogicName()}")
 	@RequestMapping(method = RequestMethod.PUT, value = "${fullPath}/{${itemCodeNameLC + keyCNLC}}")
 <#if de.getStorageMode()==4><#else>    @Transactional</#if>
@@ -181,7 +173,7 @@ public class ${itemCodeName}Resource {
         return ResponseEntity.status(HttpStatus.OK).body(dto);
     }
 
-    <@outputBatchPermissionAnnotation deaction.codeName deStorageMode/>
+                <@SecurityBatchAnnotation deaction/>
     @ApiOperation(value = "UpdateBatch", tags = {"${itemCodeName}" },  notes = "UpdateBatch")
 	@RequestMapping(method = RequestMethod.PUT, value = "${fullPath}/batch")
     public ResponseEntity<Boolean> updateBatch(${etParamsList}) {
@@ -190,18 +182,14 @@ public class ${itemCodeName}Resource {
     }
 
                 <#elseif deaction.codeName?lower_case == 'save'>
-                    <#if noDEPrefield>
-    <@outputHasAnyAuthorityAnnotation '${sys.codeName}-${de.codeName}-${deaction.codeName}-all'/>
-                    <#else>
-    //@PreAuthorize("hasPermission('','Save',{'${deStorageMode}',this.${itemCodeNameLC}Mapping,#${itemCodeNameLC}dto})")
-                    </#if>
+                <@SecurityAnnotation deaction/>
     @ApiOperation(value = "${deaction.getLogicName()}", tags = {"${itemCodeName}" },  notes = "${deaction.getLogicName()}")
 	@RequestMapping(method = RequestMethod.${reqMtd}, value = "${fullPath}/${deactionCodeName?lower_case}")
     public ResponseEntity<Boolean> save(${etParams}) {
         return ResponseEntity.status(HttpStatus.OK).body(${deCodeNameLC}Service.save(${itemCodeNameLC}Mapping.toDomain(${itemCodeNameLC}dto)));
     }
 
-    <@outputBatchPermissionAnnotation deaction.codeName deStorageMode/>
+                <@SecurityBatchAnnotation deaction/>
     @ApiOperation(value = "SaveBatch", tags = {"${itemCodeName}" },  notes = "SaveBatch")
 	@RequestMapping(method = RequestMethod.POST, value = "${fullPath}/savebatch")
     public ResponseEntity<Boolean> saveBatch(${etParamsList}) {
@@ -210,11 +198,7 @@ public class ${itemCodeName}Resource {
     }
 
                 <#elseif deaction.codeName?lower_case == 'remove'>
-                    <#if noDEPrefield>
-    <@outputHasAnyAuthorityAnnotation '${sys.codeName}-${de.codeName}-${deaction.codeName}-all'/>
-                    <#else>
-    <@outputHasPermissionAnnotation 'this.${deCodeNameLC}Service.get(#${itemCodeNameLC + keyCNLC})' '${sys.codeName}-${de.codeName}-${deaction.codeName}' />
-                    </#if>
+                <@SecurityAnnotation deaction/>
     @ApiOperation(value = "${deaction.getLogicName()}", tags = {"${itemCodeName}" },  notes = "${deaction.getLogicName()}")
 	@RequestMapping(method = RequestMethod.DELETE, value = "${fullPath}/{${itemCodeNameLC + keyCNLC}}")
 <#if de.getStorageMode()==4><#else>    @Transactional</#if>
@@ -222,7 +206,7 @@ public class ${itemCodeName}Resource {
          return ResponseEntity.status(HttpStatus.OK).body(${deCodeNameLC}Service.remove(${itemCodeNameLC + keyCNLC}));
     }
 
-    <@outputBatchPermissionAnnotation deaction.codeName deStorageMode/>
+                <@SecurityBatchAnnotation deaction/>
     @ApiOperation(value = "RemoveBatch", tags = {"${itemCodeName}" },  notes = "RemoveBatch")
 	@RequestMapping(method = RequestMethod.DELETE, value = "${fullPath}/batch")
     public ResponseEntity<Boolean> removeBatch(@RequestBody List<${srfjavatype(de.getKeyPSDEField().getStdDataType())}> ids) {
@@ -231,11 +215,7 @@ public class ${itemCodeName}Resource {
     }
 
                 <#elseif deaction.codeName?lower_case == 'get'>
-                    <#if noDEPrefield>
-    <@outputHasAnyAuthorityAnnotation '${sys.codeName}-${de.codeName}-${deaction.codeName}-all'/>
-                    <#else>
-    @PostAuthorize("hasPermission(this.${itemCodeNameLC}Mapping.toDomain(returnObject.body),'${sys.codeName}-${de.codeName}-${deaction.codeName}')")
-                    </#if>
+                <@SecurityAnnotation deaction/>
     @ApiOperation(value = "${deaction.getLogicName()}", tags = {"${itemCodeName}" },  notes = "${deaction.getLogicName()}")
 	@RequestMapping(method = RequestMethod.GET, value = "${fullPath}/{${itemCodeNameLC + keyCNLC}}")
     public ResponseEntity<${itemCodeName}DTO> get(${idParams}) {
@@ -264,7 +244,7 @@ public class ${itemCodeName}Resource {
                <#elseif deaction.codeName?lower_case == 'savebatch'>
                <#elseif deaction.getUserTag()?? && deaction.getActionType()?? && deaction.getUserTag() == 'REGIST' && deaction.getActionType() == 'USERCREATE'>
                <#else>
-    <@outputHasAnyAuthorityAnnotation '${sys.codeName}-${de.codeName}-${deaction.codeName}-all'/>
+            <@SecurityAnnotation deaction/>
     @ApiOperation(value = "${deaction.getLogicName()}", tags = {"${itemCodeName}" },  notes = "${deaction.getLogicName()}")
 	@RequestMapping(method = RequestMethod.${reqMtd}, value = "${fullPath}/{${itemCodeNameLC + keyCNLC}}/${deactionCodeName?lower_case}")
 <#if de.getStorageMode()==4><#else>    @Transactional</#if>
@@ -279,7 +259,7 @@ public class ${itemCodeName}Resource {
                 </#if>
             <#elseif apiMethod.getActionType()=='FETCH'>
                 <#assign deds = apiMethod.getPSDEDataSet()>
-    <@outputHasAnyAuthorityAnnotation '${sys.codeName}-${de.codeName}-${deds.codeName}-all'/>
+                <@SecurityAnnotation deds/>
 	@ApiOperation(value = "fetch${deds.getLogicName()}", tags = {"${itemCodeName}" } ,notes = "fetch${deds.getLogicName()}")
     @RequestMapping(method= RequestMethod.${reqMtd} , value="${fullPath}/fetch<#if (deds.getName()=='DEFAULT')>${deds.getCodeName()?lower_case}<#else>${deds.getCodeName()?lower_case}</#if>")
 	public ResponseEntity<List<<#if deds.isEnableGroup()>HashMap<#else>${itemCodeName}DTO</#if>>> fetch<#if (deds.getName()=='DEFAULT')>${deds.getCodeName()}<#else>${deds.getCodeName()}</#if>(${deCodeName}SearchContext context) {
@@ -302,7 +282,7 @@ public class ${itemCodeName}Resource {
         </#if>
 	}
 
-    <@outputHasAnyAuthorityAnnotation '${sys.codeName}-${de.codeName}-${deds.codeName}-all'/>
+                <@SecurityAnnotation deds/>
 	@ApiOperation(value = "search${deds.getLogicName()}", tags = {"${itemCodeName}" } ,notes = "search${deds.getLogicName()}")
     @RequestMapping(method= RequestMethod.POST , value="${fullPath}/search<#if (deds.getName()=='DEFAULT')>${deds.getCodeName()?lower_case}<#else>${deds.getCodeName()?lower_case}</#if>")
 	public ResponseEntity<Page<<#if deds.isEnableGroup()>HashMap<#else>${itemCodeName}DTO</#if>>> search<#if (deds.getName()=='DEFAULT')>${deds.getCodeName()}<#else>${deds.getCodeName()}</#if>(@RequestBody ${deCodeName}SearchContext context) {
@@ -405,11 +385,7 @@ public class ${itemCodeName}Resource {
                 <#assign deactionName = deaction.getName()>
                 <#assign deactionCodeName = deaction.getCodeName()>
                 <#if deaction.codeName?lower_case == 'create'>
-                    <#if noDEPrefield>
-    <@outputHasAnyAuthorityAnnotation '${sys.codeName}-${de.codeName}-${deaction.codeName}-all'/>
-                    <#else>
-    //@PreAuthorize("hasPermission('','Create',{'${deStorageMode}',this.${itemCodeNameLC}Mapping,#${itemCodeNameLC}dto})")
-                    </#if>
+                <@SecurityAnnotation deaction/>
     @ApiOperation(value = "${deaction.getLogicName()}${byParams}", tags = {"${itemCodeName}" },  notes = "${deaction.getLogicName()}${byParams}")
 	@RequestMapping(method = RequestMethod.POST, value = "${fullPath}")
 <#if de.getStorageMode()==4><#else>    @Transactional</#if>
@@ -421,7 +397,7 @@ public class ${itemCodeName}Resource {
 		return ResponseEntity.status(HttpStatus.OK).body(dto);
     }
 
-    <@outputBatchPermissionAnnotation deaction.codeName deStorageMode/>
+            <@SecurityBatchAnnotation deaction/>
     @ApiOperation(value = "createBatch${byParams}", tags = {"${itemCodeName}" },  notes = "createBatch${byParams}")
 	@RequestMapping(method = RequestMethod.POST, value = "${fullPath}/batch")
     public ResponseEntity<Boolean> createBatch${byParams}(${etParamsList}) {
@@ -434,11 +410,7 @@ public class ${itemCodeName}Resource {
     }
 
                 <#elseif deaction.codeName?lower_case == 'update'>
-                    <#if noDEPrefield>
-    <@outputHasAnyAuthorityAnnotation '${sys.codeName}-${de.codeName}-${deaction.codeName}-all'/>
-                    <#else>
-    //@PreAuthorize("hasPermission(#${itemCodeNameLC + keyCNLC},'Update',{'${deStorageMode}',this.${itemCodeNameLC}Mapping,#${itemCodeNameLC}dto})")
-                    </#if>
+                <@SecurityAnnotation deaction/>
     @ApiOperation(value = "${deaction.getLogicName()}${byParams}", tags = {"${itemCodeName}" },  notes = "${deaction.getLogicName()}${byParams}")
 	@RequestMapping(method = RequestMethod.PUT, value = "${fullPath}/{${itemCodeNameLC + keyCNLC}}")
 <#if de.getStorageMode()==4><#else>    @Transactional</#if>
@@ -490,7 +462,7 @@ public class ${itemCodeName}Resource {
         return ResponseEntity.status(HttpStatus.OK).body(dto);
     }
 
-    <@outputBatchPermissionAnnotation deaction.codeName deStorageMode/>
+            <@SecurityBatchAnnotation deaction/>
     @ApiOperation(value = "UpdateBatch${byParams}", tags = {"${itemCodeName}" },  notes = "UpdateBatch${byParams}")
 	@RequestMapping(method = RequestMethod.PUT, value = "${fullPath}/batch")
     public ResponseEntity<Boolean> updateBatch${byParams}(${etParamsList}) {
@@ -503,11 +475,7 @@ public class ${itemCodeName}Resource {
     }
 
                 <#elseif deaction.codeName?lower_case == 'remove'>
-                    <#if noDEPrefield>
-    <@outputHasAnyAuthorityAnnotation '${sys.codeName}-${de.codeName}-${deaction.codeName}-all'/>
-                    <#else>
-    //@PreAuthorize("hasPermission(#${itemCodeNameLC + keyCNLC},'Remove',{'${deStorageMode}',this.${itemCodeNameLC}Mapping,this.permissionDTO})")
-                    </#if>
+                <@SecurityAnnotation deaction/>
     @ApiOperation(value = "${deaction.getLogicName()}${byParams}", tags = {"${itemCodeName}" },  notes = "${deaction.getLogicName()}${byParams}")
 	@RequestMapping(method = RequestMethod.DELETE, value = "${fullPath}/{${itemCodeNameLC + keyCNLC}}")
 <#if de.getStorageMode()==4><#else>    @Transactional</#if>
@@ -515,7 +483,7 @@ public class ${itemCodeName}Resource {
 		return ResponseEntity.status(HttpStatus.OK).body(${deCodeNameLC}Service.remove(${itemCodeNameLC + keyCNLC}));
     }
 
-    <@outputBatchPermissionAnnotation deaction.codeName deStorageMode/>
+                <@SecurityBatchAnnotation deaction/>
     @ApiOperation(value = "RemoveBatch${byParams}", tags = {"${itemCodeName}" },  notes = "RemoveBatch${byParams}")
 	@RequestMapping(method = RequestMethod.DELETE, value = "${fullPath}/batch")
     public ResponseEntity<Boolean> removeBatch${byParams}(@RequestBody List<${srfjavatype(de.getKeyPSDEField().getStdDataType())}> ids) {
@@ -524,11 +492,7 @@ public class ${itemCodeName}Resource {
     }
 
                 <#elseif deaction.codeName?lower_case == 'save'>
-                    <#if noDEPrefield>
-    <@outputHasAnyAuthorityAnnotation '${sys.codeName}-${de.codeName}-${deaction.codeName}-all'/>
-                    <#else>
-    //@PreAuthorize("hasPermission('','Save',{'${deStorageMode}',this.${itemCodeNameLC}Mapping,#${itemCodeNameLC}dto})")
-                    </#if>
+                <@SecurityAnnotation deaction/>
     @ApiOperation(value = "${deaction.getLogicName()}${byParams}", tags = {"${itemCodeName}" },  notes = "${deaction.getLogicName()}${byParams}")
 	@RequestMapping(method = RequestMethod.${reqMtd}, value = "${fullPath}/${deactionCodeName?lower_case}")
     public ResponseEntity<Boolean> ${deactionCodeName?uncap_first}${byParams}(${etParams}) {
@@ -537,7 +501,7 @@ public class ${itemCodeName}Resource {
         return ResponseEntity.status(HttpStatus.OK).body(${deCodeNameLC}Service.save(domain));
     }
 
-    <@outputBatchPermissionAnnotation deaction.codeName deStorageMode/>
+                <@SecurityBatchAnnotation deaction/>
     @ApiOperation(value = "SaveBatch${byParams}", tags = {"${itemCodeName}" },  notes = "SaveBatch${byParams}")
 	@RequestMapping(method = RequestMethod.POST, value = "${fullPath}/savebatch")
     public ResponseEntity<Boolean> saveBatch${byParams}(${etParamsList}) {
@@ -550,11 +514,7 @@ public class ${itemCodeName}Resource {
     }
 
                 <#elseif deaction.codeName?lower_case == 'get'>
-                    <#if noDEPrefield>
-    <@outputHasAnyAuthorityAnnotation '${sys.codeName}-${de.codeName}-${deaction.codeName}-all'/>
-                    <#else>
-    //@PreAuthorize("hasPermission(#${itemCodeNameLC + keyCNLC},'Get',{'${deStorageMode}',this.${itemCodeNameLC}Mapping,this.permissionDTO})")
-                    </#if>
+                <@SecurityAnnotation deaction/>
     @ApiOperation(value = "${deaction.getLogicName()}${byParams}", tags = {"${itemCodeName}" },  notes = "${deaction.getLogicName()}${byParams}")
 	@RequestMapping(method = RequestMethod.GET, value = "${fullPath}/{${itemCodeNameLC + keyCNLC}}")
     public ResponseEntity<${itemCodeName}DTO> ${deactionCodeName?uncap_first}${byParams}(${idParams}) {
@@ -585,7 +545,7 @@ public class ${itemCodeName}Resource {
                <#elseif deaction.codeName?lower_case == 'savebatch'>
                <#elseif deaction.getUserTag()?? && deaction.getActionType()?? && deaction.getUserTag() == 'REGIST' && deaction.getActionType() == 'USERCREATE'>
                <#else>
-    <@outputHasAnyAuthorityAnnotation '${sys.codeName}-${de.codeName}-${deaction.codeName}-all'/>
+                <@SecurityAnnotation deaction/>
     @ApiOperation(value = "${deaction.getLogicName()}${byParams}", tags = {"${itemCodeName}" },  notes = "${deaction.getLogicName()}${byParams}")
 	@RequestMapping(method = RequestMethod.${reqMtd}, value = "${fullPath}/{${itemCodeNameLC + keyCNLC}}/${deactionCodeName?lower_case}")
     <#if de.getStorageMode()==4><#else>    @Transactional</#if>
@@ -600,7 +560,7 @@ public class ${itemCodeName}Resource {
                </#if>
             <#elseif apiMethod.getActionType()=='FETCH'>
                 <#assign deds = apiMethod.getPSDEDataSet()>
-    <@outputHasAnyAuthorityAnnotation '${sys.codeName}-${de.codeName}-${deds.codeName}-all'/>
+                <@SecurityAnnotation deds/>
 	@ApiOperation(value = "fetch${deds.getLogicName()}${byParams}", tags = {"${itemCodeName}" } ,notes = "fetch${deds.getLogicName()}${byParams}")
     @RequestMapping(method= RequestMethod.${reqMtd} , value="${fullPath}/fetch<#if (deds.getName()=='DEFAULT')>${deds.getCodeName()?lower_case}<#else>${deds.getCodeName()?lower_case}</#if>")
 	public ResponseEntity<List<<#if deds.isEnableGroup()>HashMap<#else>${itemCodeName}DTO</#if>>> fetch${itemCodeName}<#if (deds.getName()=='DEFAULT')>${deds.getCodeName()}<#else>${deds.getCodeName()}</#if>${byParams}(<#if parentParams!="">${parentParams},</#if>${deCodeName}SearchContext context) {
@@ -623,7 +583,7 @@ public class ${itemCodeName}Resource {
         </#if>
 	}
 
-    <@outputHasAnyAuthorityAnnotation '${sys.codeName}-${de.codeName}-${deds.codeName}-all'/>
+            <@SecurityAnnotation deds/>
 	@ApiOperation(value = "search${deds.getLogicName()}${byParams}", tags = {"${itemCodeName}" } ,notes = "search${deds.getLogicName()}${byParams}")
     @RequestMapping(method= RequestMethod.POST , value="${fullPath}/search<#if (deds.getName()=='DEFAULT')>${deds.getCodeName()?lower_case}<#else>${deds.getCodeName()?lower_case}</#if>")
 	public ResponseEntity<Page<<#if deds.isEnableGroup()>HashMap<#else>${itemCodeName}DTO</#if>>> search${itemCodeName}<#if (deds.getName()=='DEFAULT')>${deds.getCodeName()}<#else>${deds.getCodeName()}</#if>${byParams}(<#if parentParams!="">${parentParams}, @RequestBody </#if>${deCodeName}SearchContext context) {
@@ -648,21 +608,50 @@ public class ${itemCodeName}Resource {
 }
 </#if>
 </#if>
-<#comment>输出实体资源鉴权注解[hasAnyAuthority]</#comment>
-<#macro outputHasAnyAuthorityAnnotation permissionTag>
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','${permissionTag}')")
-</#macro>
-
-<#comment>输出实体资源鉴权注解[hasAnyAuthority]</#comment>
-<#macro outputHasPermissionAnnotation param1 param2>
-    @PreAuthorize("hasPermission(${param1},'${param2}')")
+<#--<#comment>输出实体资源鉴权注解[hasAnyAuthority]</#comment>-->
+<#--<#macro outputHasAnyAuthorityAnnotation permissionTag>-->
+    <#--@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','${permissionTag}')")-->
+<#--</#macro>-->
+
+<#--<#comment>输出实体资源鉴权注解[hasAnyAuthority]</#comment>-->
+<#--<#macro outputHasPermissionAnnotation param1 param2>-->
+    <#--@PreAuthorize("hasPermission(${param1},'${param2}')")-->
+<#--</#macro>-->
+
+<#--<#comment>输出实体批处理权限注解[hasAnyAuthority]</#comment>-->
+<#--<#macro outputBatchPermissionAnnotation deAction >-->
+    <#--<#if deAction=='Remove'>-->
+    <#--//-->
+    <#--<#else>-->
+    <#--//@PreAuthorize("hasPermission(this.${itemCodeNameLC}Mapping.toDomain(#${itemCodeNameLC}dtos),'${sys.codeName}-${de.codeName}-${deAction.codeName}')")-->
+    <#--</#if>-->
+<#--</#macro>-->
+
+
+<#macro SecurityAnnotation deaction>
+    <#if noDEPrefield>
+        @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','${sys.codeName}-${de.codeName}-${deaction.codeName}-all')")
+    <#else>
+        <#if deaction.codeName?lower_case=='create' || deaction.codeName?lower_case=='save'>
+        @PreAuthorize("hasPermission(this.${itemCodeNameLC}Mapping.toDomain(#${itemCodeNameLC}dto),'${sys.codeName}-${de.codeName}-${deaction.codeName}')")
+        <#elseif deaction.codeName?lower_case=='update' || deaction.codeName?lower_case=='remove'>
+        @PreAuthorize("hasPermission(this.${deCodeNameLC}Service.get(#${itemCodeNameLC + keyCNLC}),'${sys.codeName}-${de.codeName}-${deaction.codeName}')")
+        <#elseif deaction.codeName?lower_case=='get'>
+        @PostAuthorize("hasPermission(this.${itemCodeNameLC}Mapping.toDomain(returnObject.body),'${sys.codeName}-${de.codeName}-${deaction.codeName}')")
+        <#else>
+        @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','${sys.codeName}-${de.codeName}-${deaction.codeName}-all')")
+        </#if>
+    </#if>
 </#macro>
 
-<#comment>输出实体批处理权限注解[hasAnyAuthority]</#comment>
-<#macro outputBatchPermissionAnnotation deAction deStorageMode>
-    <#if deAction=='Remove'>
-    //@PreAuthorize("hasPermission('${deAction}',{'${deStorageMode}',this.${itemCodeNameLC}Mapping,this.permissionDTO,#ids})")
+<#macro SecurityBatchAnnotation deaction>
+    <#if deaction.codeName?lower_case=='Remove'>
+    //
     <#else>
-    //@PreAuthorize("hasPermission('${deAction}',{'${deStorageMode}',this.${itemCodeNameLC}Mapping,#${itemCodeNameLC}dtos})")
+    //@PreAuthorize("hasPermission(this.${itemCodeNameLC}Mapping.toDomain(#${itemCodeNameLC}dtos),'${sys.codeName}-${de.codeName}-${deaction.codeName}')")
     </#if>
 </#macro>
+
+
+
+