Security Guardian
Security Guardian Skill
This skill ensures the application complies with the RuoYi Security Model and general Web Security standards.
🛡️ Core Principles
- Zero Trust: Never trust frontend input. Validate everything on the server.
- Permission First: Every Controller method (except public ones) MUST have
@PreAuthorize. - Data Isolation: Users should only see their own data.
🛠️ Common Workflows
1. Data Scoping (Multi-Tenancy/Isolation)
Context: A user should only see their OWN cart or orders. Pattern:
// Controller
public TableDataInfo list(AgOrder order) {
// FORCE the query to be filtered by current User ID
order.setUserId(SecurityUtils.getUserId());
More from chrysaliscat/designgraduation
ui/ux pro max
Expert UI/UX design intelligence for creating professional, modern, and accessible interfaces in RuoYi-Vue.
8frontend expert
Expert guidance for Vue.js 2.x and Element UI development in the RuoYi-Vue framework.
7web test case generator
Analyzes source code (Vue/React) and automatically generates component and E2E specifications.
7mini program expert
Expert guidance for transforming RuoYi-Vue into a WeChat Mini Program backend and developing the corresponding frontend (Native or UniApp).
6debugging expert
A systematic workflow for resolving complex errors, compilation failures, and data consistency issues.
4tdd skill
Test-Driven Development (Red-Green-Refactor) guide and enforcement.
4