From 9ed5b521d613edb51b160cca931ee680019e2896 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期二, 07 三月 2023 22:26:13 +0800
Subject: [PATCH] fix 修复 用户密码暴露问题
---
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysUserController.java | 49 ++++++++++++++++++++-----------------------------
1 files changed, 20 insertions(+), 29 deletions(-)
diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysUserController.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysUserController.java
index 0efea3d..ed4d5ef 100644
--- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysUserController.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysUserController.java
@@ -2,12 +2,11 @@
import cn.dev33.satoken.annotation.SaCheckPermission;
import cn.dev33.satoken.secure.BCrypt;
-import cn.hutool.core.bean.BeanUtil;
import cn.hutool.core.lang.tree.Tree;
import cn.hutool.core.util.ArrayUtil;
import cn.hutool.core.util.ObjectUtil;
-import com.ruoyi.common.core.constant.UserConstants;
import com.ruoyi.common.core.domain.R;
+import com.ruoyi.common.core.utils.MapstructUtils;
import com.ruoyi.common.core.utils.StreamUtils;
import com.ruoyi.common.core.utils.StringUtils;
import com.ruoyi.common.excel.core.ExcelResult;
@@ -17,15 +16,13 @@
import com.ruoyi.common.mybatis.core.page.PageQuery;
import com.ruoyi.common.mybatis.core.page.TableDataInfo;
import com.ruoyi.common.satoken.utils.LoginHelper;
+import com.ruoyi.common.tenant.helper.TenantHelper;
import com.ruoyi.common.web.core.BaseController;
-import com.ruoyi.system.domain.SysDept;
+import com.ruoyi.system.domain.bo.SysDeptBo;
import com.ruoyi.system.domain.bo.SysUserBo;
import com.ruoyi.system.domain.vo.*;
import com.ruoyi.system.listener.SysUserImportListener;
-import com.ruoyi.system.service.ISysDeptService;
-import com.ruoyi.system.service.ISysPostService;
-import com.ruoyi.system.service.ISysRoleService;
-import com.ruoyi.system.service.ISysUserService;
+import com.ruoyi.system.service.*;
import jakarta.servlet.http.HttpServletResponse;
import lombok.RequiredArgsConstructor;
import org.springframework.http.MediaType;
@@ -51,6 +48,7 @@
private final ISysRoleService roleService;
private final ISysPostService postService;
private final ISysDeptService deptService;
+ private final ISysTenantService tenantService;
/**
* 鑾峰彇鐢ㄦ埛鍒楄〃
@@ -69,15 +67,7 @@
@PostMapping("/export")
public void export(SysUserBo user, HttpServletResponse response) {
List<SysUserVo> list = userService.selectUserList(user);
- List<SysUserExportVo> listVo = BeanUtil.copyToList(list, SysUserExportVo.class);
- for (int i = 0; i < list.size(); i++) {
- SysDeptVo dept = list.get(i).getDept();
- SysUserExportVo vo = listVo.get(i);
- if (ObjectUtil.isNotEmpty(dept)) {
- vo.setDeptName(dept.getDeptName());
- vo.setLeader(dept.getLeader());
- }
- }
+ List<SysUserExportVo> listVo = MapstructUtils.convert(list, SysUserExportVo.class);
ExcelUtil.exportExcel(listVo, "鐢ㄦ埛鏁版嵁", SysUserExportVo.class, response);
}
@@ -114,7 +104,7 @@
userService.checkUserDataScope(userId);
SysUserInfoVo userInfoVo = new SysUserInfoVo();
List<SysRoleVo> roles = roleService.selectRoleAll();
- userInfoVo.setRoles(LoginHelper.isAdmin(userId) ? roles : StreamUtils.filter(roles, r -> !r.isAdmin()));
+ userInfoVo.setRoles(LoginHelper.isSuperAdmin(userId) ? roles : StreamUtils.filter(roles, r -> !r.isSuperAdmin()));
userInfoVo.setPosts(postService.selectPostAll());
if (ObjectUtil.isNotNull(userId)) {
SysUserVo sysUser = userService.selectUserById(userId);
@@ -132,14 +122,17 @@
@Log(title = "鐢ㄦ埛绠$悊", businessType = BusinessType.INSERT)
@PostMapping
public R<Void> add(@Validated @RequestBody SysUserBo user) {
- if (UserConstants.NOT_UNIQUE.equals(userService.checkUserNameUnique(user))) {
+ if (!userService.checkUserNameUnique(user)) {
return R.fail("鏂板鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛岀櫥褰曡处鍙峰凡瀛樺湪");
- } else if (StringUtils.isNotEmpty(user.getPhonenumber())
- && UserConstants.NOT_UNIQUE.equals(userService.checkPhoneUnique(user))) {
+ } else if (StringUtils.isNotEmpty(user.getPhonenumber()) && !userService.checkPhoneUnique(user)) {
return R.fail("鏂板鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛屾墜鏈哄彿鐮佸凡瀛樺湪");
- } else if (StringUtils.isNotEmpty(user.getEmail())
- && UserConstants.NOT_UNIQUE.equals(userService.checkEmailUnique(user))) {
+ } else if (StringUtils.isNotEmpty(user.getEmail()) && !userService.checkEmailUnique(user)) {
return R.fail("鏂板鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛岄偖绠辫处鍙峰凡瀛樺湪");
+ }
+ if (TenantHelper.isEnable()) {
+ if (!tenantService.checkAccountBalance(LoginHelper.getTenantId())) {
+ return R.fail("褰撳墠绉熸埛涓嬬敤鎴峰悕棰濅笉瓒筹紝璇疯仈绯荤鐞嗗憳");
+ }
}
user.setPassword(BCrypt.hashpw(user.getPassword()));
return toAjax(userService.insertUser(user));
@@ -154,13 +147,11 @@
public R<Void> edit(@Validated @RequestBody SysUserBo user) {
userService.checkUserAllowed(user);
userService.checkUserDataScope(user.getUserId());
- if (UserConstants.NOT_UNIQUE.equals(userService.checkUserNameUnique(user))) {
+ if (!userService.checkUserNameUnique(user)) {
return R.fail("淇敼鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛岀櫥褰曡处鍙峰凡瀛樺湪");
- } else if (StringUtils.isNotEmpty(user.getPhonenumber())
- && UserConstants.NOT_UNIQUE.equals(userService.checkPhoneUnique(user))) {
+ } else if (StringUtils.isNotEmpty(user.getPhonenumber()) && !userService.checkPhoneUnique(user)) {
return R.fail("淇敼鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛屾墜鏈哄彿鐮佸凡瀛樺湪");
- } else if (StringUtils.isNotEmpty(user.getEmail())
- && UserConstants.NOT_UNIQUE.equals(userService.checkEmailUnique(user))) {
+ } else if (StringUtils.isNotEmpty(user.getEmail()) && !userService.checkEmailUnique(user)) {
return R.fail("淇敼鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛岄偖绠辫处鍙峰凡瀛樺湪");
}
return toAjax(userService.updateUser(user));
@@ -218,7 +209,7 @@
List<SysRoleVo> roles = roleService.selectRolesByUserId(userId);
SysUserInfoVo userInfoVo = new SysUserInfoVo();
userInfoVo.setUser(user);
- userInfoVo.setRoles(LoginHelper.isAdmin(userId) ? roles : StreamUtils.filter(roles, r -> !r.isAdmin()));
+ userInfoVo.setRoles(LoginHelper.isSuperAdmin(userId) ? roles : StreamUtils.filter(roles, r -> !r.isSuperAdmin()));
return R.ok(userInfoVo);
}
@@ -242,7 +233,7 @@
*/
@SaCheckPermission("system:user:list")
@GetMapping("/deptTree")
- public R<List<Tree<Long>>> deptTree(SysDept dept) {
+ public R<List<Tree<Long>>> deptTree(SysDeptBo dept) {
return R.ok(deptService.selectDeptTreeList(dept));
}
--
Gitblit v1.9.3