From 9ed5b521d613edb51b160cca931ee680019e2896 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期二, 07 三月 2023 22:26:13 +0800
Subject: [PATCH] fix 修复 用户密码暴露问题
---
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysUserController.java | 96 ++++++++++++++++++++++--------------------------
1 files changed, 44 insertions(+), 52 deletions(-)
diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysUserController.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysUserController.java
index 55350db..ed4d5ef 100644
--- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysUserController.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysUserController.java
@@ -2,15 +2,13 @@
import cn.dev33.satoken.annotation.SaCheckPermission;
import cn.dev33.satoken.secure.BCrypt;
-import cn.hutool.core.bean.BeanUtil;
import cn.hutool.core.lang.tree.Tree;
import cn.hutool.core.util.ArrayUtil;
import cn.hutool.core.util.ObjectUtil;
-import com.ruoyi.common.core.constant.UserConstants;
import com.ruoyi.common.core.domain.R;
+import com.ruoyi.common.core.utils.MapstructUtils;
import com.ruoyi.common.core.utils.StreamUtils;
import com.ruoyi.common.core.utils.StringUtils;
-import com.ruoyi.common.web.core.BaseController;
import com.ruoyi.common.excel.core.ExcelResult;
import com.ruoyi.common.excel.utils.ExcelUtil;
import com.ruoyi.common.log.annotation.Log;
@@ -18,12 +16,11 @@
import com.ruoyi.common.mybatis.core.page.PageQuery;
import com.ruoyi.common.mybatis.core.page.TableDataInfo;
import com.ruoyi.common.satoken.utils.LoginHelper;
-import com.ruoyi.system.domain.SysDept;
-import com.ruoyi.system.domain.SysRole;
-import com.ruoyi.system.domain.SysUser;
-import com.ruoyi.system.domain.vo.SysRoleVo;
-import com.ruoyi.system.domain.vo.SysUserExportVo;
-import com.ruoyi.system.domain.vo.SysUserImportVo;
+import com.ruoyi.common.tenant.helper.TenantHelper;
+import com.ruoyi.common.web.core.BaseController;
+import com.ruoyi.system.domain.bo.SysDeptBo;
+import com.ruoyi.system.domain.bo.SysUserBo;
+import com.ruoyi.system.domain.vo.*;
import com.ruoyi.system.listener.SysUserImportListener;
import com.ruoyi.system.service.*;
import jakarta.servlet.http.HttpServletResponse;
@@ -33,7 +30,8 @@
import org.springframework.web.bind.annotation.*;
import org.springframework.web.multipart.MultipartFile;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.List;
/**
* 鐢ㄦ埛淇℃伅
@@ -50,13 +48,14 @@
private final ISysRoleService roleService;
private final ISysPostService postService;
private final ISysDeptService deptService;
+ private final ISysTenantService tenantService;
/**
* 鑾峰彇鐢ㄦ埛鍒楄〃
*/
@SaCheckPermission("system:user:list")
@GetMapping("/list")
- public TableDataInfo<SysUser> list(SysUser user, PageQuery pageQuery) {
+ public TableDataInfo<SysUserVo> list(SysUserBo user, PageQuery pageQuery) {
return userService.selectPageUserList(user, pageQuery);
}
@@ -66,17 +65,9 @@
@Log(title = "鐢ㄦ埛绠$悊", businessType = BusinessType.EXPORT)
@SaCheckPermission("system:user:export")
@PostMapping("/export")
- public void export(SysUser user, HttpServletResponse response) {
- List<SysUser> list = userService.selectUserList(user);
- List<SysUserExportVo> listVo = BeanUtil.copyToList(list, SysUserExportVo.class);
- for (int i = 0; i < list.size(); i++) {
- SysDept dept = list.get(i).getDept();
- SysUserExportVo vo = listVo.get(i);
- if (ObjectUtil.isNotEmpty(dept)) {
- vo.setDeptName(dept.getDeptName());
- vo.setLeader(dept.getLeader());
- }
- }
+ public void export(SysUserBo user, HttpServletResponse response) {
+ List<SysUserVo> list = userService.selectUserList(user);
+ List<SysUserExportVo> listVo = MapstructUtils.convert(list, SysUserExportVo.class);
ExcelUtil.exportExcel(listVo, "鐢ㄦ埛鏁版嵁", SysUserExportVo.class, response);
}
@@ -109,19 +100,19 @@
*/
@SaCheckPermission("system:user:query")
@GetMapping(value = {"/", "/{userId}"})
- public R<Map<String, Object>> getInfo(@PathVariable(value = "userId", required = false) Long userId) {
+ public R<SysUserInfoVo> getInfo(@PathVariable(value = "userId", required = false) Long userId) {
userService.checkUserDataScope(userId);
- Map<String, Object> ajax = new HashMap<>();
+ SysUserInfoVo userInfoVo = new SysUserInfoVo();
List<SysRoleVo> roles = roleService.selectRoleAll();
- ajax.put("roles", LoginHelper.isAdmin(userId) ? roles : StreamUtils.filter(roles, r -> !r.isAdmin()));
- ajax.put("posts", postService.selectPostAll());
+ userInfoVo.setRoles(LoginHelper.isSuperAdmin(userId) ? roles : StreamUtils.filter(roles, r -> !r.isSuperAdmin()));
+ userInfoVo.setPosts(postService.selectPostAll());
if (ObjectUtil.isNotNull(userId)) {
- SysUser sysUser = userService.selectUserById(userId);
- ajax.put("user", sysUser);
- ajax.put("postIds", postService.selectPostListByUserId(userId));
- ajax.put("roleIds", StreamUtils.toList(sysUser.getRoles(), SysRole::getRoleId));
+ SysUserVo sysUser = userService.selectUserById(userId);
+ userInfoVo.setUser(sysUser);
+ userInfoVo.setRoleIds(StreamUtils.toList(sysUser.getRoles(), SysRoleVo::getRoleId));
+ userInfoVo.setPostIds(postService.selectPostListByUserId(userId));
}
- return R.ok(ajax);
+ return R.ok(userInfoVo);
}
/**
@@ -130,15 +121,18 @@
@SaCheckPermission("system:user:add")
@Log(title = "鐢ㄦ埛绠$悊", businessType = BusinessType.INSERT)
@PostMapping
- public R<Void> add(@Validated @RequestBody SysUser user) {
- if (UserConstants.NOT_UNIQUE.equals(userService.checkUserNameUnique(user))) {
+ public R<Void> add(@Validated @RequestBody SysUserBo user) {
+ if (!userService.checkUserNameUnique(user)) {
return R.fail("鏂板鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛岀櫥褰曡处鍙峰凡瀛樺湪");
- } else if (StringUtils.isNotEmpty(user.getPhonenumber())
- && UserConstants.NOT_UNIQUE.equals(userService.checkPhoneUnique(user))) {
+ } else if (StringUtils.isNotEmpty(user.getPhonenumber()) && !userService.checkPhoneUnique(user)) {
return R.fail("鏂板鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛屾墜鏈哄彿鐮佸凡瀛樺湪");
- } else if (StringUtils.isNotEmpty(user.getEmail())
- && UserConstants.NOT_UNIQUE.equals(userService.checkEmailUnique(user))) {
+ } else if (StringUtils.isNotEmpty(user.getEmail()) && !userService.checkEmailUnique(user)) {
return R.fail("鏂板鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛岄偖绠辫处鍙峰凡瀛樺湪");
+ }
+ if (TenantHelper.isEnable()) {
+ if (!tenantService.checkAccountBalance(LoginHelper.getTenantId())) {
+ return R.fail("褰撳墠绉熸埛涓嬬敤鎴峰悕棰濅笉瓒筹紝璇疯仈绯荤鐞嗗憳");
+ }
}
user.setPassword(BCrypt.hashpw(user.getPassword()));
return toAjax(userService.insertUser(user));
@@ -150,16 +144,14 @@
@SaCheckPermission("system:user:edit")
@Log(title = "鐢ㄦ埛绠$悊", businessType = BusinessType.UPDATE)
@PutMapping
- public R<Void> edit(@Validated @RequestBody SysUser user) {
+ public R<Void> edit(@Validated @RequestBody SysUserBo user) {
userService.checkUserAllowed(user);
userService.checkUserDataScope(user.getUserId());
- if (UserConstants.NOT_UNIQUE.equals(userService.checkUserNameUnique(user))) {
+ if (!userService.checkUserNameUnique(user)) {
return R.fail("淇敼鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛岀櫥褰曡处鍙峰凡瀛樺湪");
- } else if (StringUtils.isNotEmpty(user.getPhonenumber())
- && UserConstants.NOT_UNIQUE.equals(userService.checkPhoneUnique(user))) {
+ } else if (StringUtils.isNotEmpty(user.getPhonenumber()) && !userService.checkPhoneUnique(user)) {
return R.fail("淇敼鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛屾墜鏈哄彿鐮佸凡瀛樺湪");
- } else if (StringUtils.isNotEmpty(user.getEmail())
- && UserConstants.NOT_UNIQUE.equals(userService.checkEmailUnique(user))) {
+ } else if (StringUtils.isNotEmpty(user.getEmail()) && !userService.checkEmailUnique(user)) {
return R.fail("淇敼鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛岄偖绠辫处鍙峰凡瀛樺湪");
}
return toAjax(userService.updateUser(user));
@@ -186,7 +178,7 @@
@SaCheckPermission("system:user:resetPwd")
@Log(title = "鐢ㄦ埛绠$悊", businessType = BusinessType.UPDATE)
@PutMapping("/resetPwd")
- public R<Void> resetPwd(@RequestBody SysUser user) {
+ public R<Void> resetPwd(@RequestBody SysUserBo user) {
userService.checkUserAllowed(user);
userService.checkUserDataScope(user.getUserId());
user.setPassword(BCrypt.hashpw(user.getPassword()));
@@ -199,7 +191,7 @@
@SaCheckPermission("system:user:edit")
@Log(title = "鐢ㄦ埛绠$悊", businessType = BusinessType.UPDATE)
@PutMapping("/changeStatus")
- public R<Void> changeStatus(@RequestBody SysUser user) {
+ public R<Void> changeStatus(@RequestBody SysUserBo user) {
userService.checkUserAllowed(user);
userService.checkUserDataScope(user.getUserId());
return toAjax(userService.updateUserStatus(user));
@@ -212,13 +204,13 @@
*/
@SaCheckPermission("system:user:query")
@GetMapping("/authRole/{userId}")
- public R<Map<String, Object>> authRole(@PathVariable Long userId) {
- SysUser user = userService.selectUserById(userId);
+ public R<SysUserInfoVo> authRole(@PathVariable Long userId) {
+ SysUserVo user = userService.selectUserById(userId);
List<SysRoleVo> roles = roleService.selectRolesByUserId(userId);
- return R.ok(Map.of(
- "user", user,
- "roles", LoginHelper.isAdmin(userId) ? roles : StreamUtils.filter(roles, r -> !r.isAdmin())
- ));
+ SysUserInfoVo userInfoVo = new SysUserInfoVo();
+ userInfoVo.setUser(user);
+ userInfoVo.setRoles(LoginHelper.isSuperAdmin(userId) ? roles : StreamUtils.filter(roles, r -> !r.isSuperAdmin()));
+ return R.ok(userInfoVo);
}
/**
@@ -241,7 +233,7 @@
*/
@SaCheckPermission("system:user:list")
@GetMapping("/deptTree")
- public R<List<Tree<Long>>> deptTree(SysDept dept) {
+ public R<List<Tree<Long>>> deptTree(SysDeptBo dept) {
return R.ok(deptService.selectDeptTreeList(dept));
}
--
Gitblit v1.9.3