From 9ed5b521d613edb51b160cca931ee680019e2896 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期二, 07 三月 2023 22:26:13 +0800
Subject: [PATCH] fix 修复 用户密码暴露问题
---
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysTenantServiceImpl.java | 71 +++++++++++++++++++++++++----------
1 files changed, 50 insertions(+), 21 deletions(-)
diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysTenantServiceImpl.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysTenantServiceImpl.java
index e22f651..8721111 100644
--- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysTenantServiceImpl.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysTenantServiceImpl.java
@@ -1,7 +1,6 @@
package com.ruoyi.system.service.impl;
import cn.dev33.satoken.secure.BCrypt;
-import cn.hutool.core.bean.BeanUtil;
import cn.hutool.core.convert.Convert;
import cn.hutool.core.util.ObjectUtil;
import cn.hutool.core.util.RandomUtil;
@@ -12,6 +11,7 @@
import com.ruoyi.common.core.constant.Constants;
import com.ruoyi.common.core.constant.TenantConstants;
import com.ruoyi.common.core.exception.ServiceException;
+import com.ruoyi.common.core.utils.MapstructUtils;
import com.ruoyi.common.core.utils.SpringUtils;
import com.ruoyi.common.core.utils.StringUtils;
import com.ruoyi.common.mybatis.core.page.PageQuery;
@@ -115,7 +115,7 @@
public Boolean insertByBo(SysTenantBo bo) {
TenantHelper.enableIgnore();
- SysTenant add = BeanUtil.toBean(bo, SysTenant.class);
+ SysTenant add = MapstructUtils.convert(bo, SysTenant.class);
// 鑾峰彇鎵�鏈夌鎴风紪鍙�
List<String> tenantIds = baseMapper.selectObjs(
@@ -124,6 +124,7 @@
add.setTenantId(tenantId);
boolean flag = baseMapper.insert(add) > 0;
if (!flag) {
+ TenantHelper.disableIgnore();
throw new ServiceException("鍒涘缓绉熸埛澶辫触");
}
bo.setId(add.getId());
@@ -251,7 +252,7 @@
@CacheEvict(cacheNames = CacheNames.SYS_TENANT, key = "#bo.tenantId")
@Override
public Boolean updateByBo(SysTenantBo bo) {
- SysTenant tenant = BeanUtil.toBean(bo, SysTenant.class);
+ SysTenant tenant = MapstructUtils.convert(bo, SysTenant.class);
tenant.setTenantId(null);
tenant.setPackageId(null);
return baseMapper.updateById(tenant) > 0;
@@ -266,7 +267,7 @@
@CacheEvict(cacheNames = CacheNames.SYS_TENANT, key = "#bo.tenantId")
@Override
public int updateTenantStatus(SysTenantBo bo) {
- SysTenant tenant = BeanUtil.toBean(bo, SysTenant.class);
+ SysTenant tenant = MapstructUtils.convert(bo, SysTenant.class);
return baseMapper.updateById(tenant);
}
@@ -278,6 +279,9 @@
public Boolean deleteWithValidByIds(Collection<Long> ids, Boolean isValid) {
if (isValid) {
// 鍋氫竴浜涗笟鍔′笂鐨勬牎楠�,鍒ゆ柇鏄惁闇�瑕佹牎楠�
+ if (ids.contains(TenantConstants.SUPER_ADMIN_ID)) {
+ throw new ServiceException("瓒呯绉熸埛涓嶈兘鍒犻櫎");
+ }
}
return baseMapper.deleteBatchIds(ids) > 0;
}
@@ -286,49 +290,74 @@
* 鏍¢獙浼佷笟鍚嶇О鏄惁鍞竴
*/
@Override
- public String checkCompanyNameUnique(SysTenantBo bo) {
+ public boolean checkCompanyNameUnique(SysTenantBo bo) {
boolean exist = baseMapper.exists(new LambdaQueryWrapper<SysTenant>()
.eq(SysTenant::getCompanyName, bo.getCompanyName())
.ne(ObjectUtil.isNotNull(bo.getTenantId()), SysTenant::getTenantId, bo.getTenantId()));
- if (exist) {
- return TenantConstants.NOT_PASS;
- }
- return TenantConstants.PASS;
+ return !exist;
}
/**
* 鏍¢獙璐﹀彿浣欓
*/
@Override
- public String checkAccountBalance(String tenantId) {
+ public boolean checkAccountBalance(String tenantId) {
SysTenantVo tenant = SpringUtils.getAopProxy(this).queryByTenantId(tenantId);
// 濡傛灉浣欓涓�-1浠h〃涓嶉檺鍒�
if (tenant.getAccountCount() == -1) {
- return TenantConstants.PASS;
+ return true;
}
Long userNumber = sysUserMapper.selectCount(new LambdaQueryWrapper<>());
// 濡傛灉浣欓澶т簬0浠h〃杩樻湁鍙敤鍚嶉
- if (tenant.getAccountCount() - userNumber > 0) {
- return TenantConstants.PASS;
- }
- return TenantConstants.NOT_PASS;
+ return tenant.getAccountCount() - userNumber > 0;
}
/**
* 鏍¢獙鏈夋晥鏈�
*/
@Override
- public String checkExpireTime(String tenantId) {
+ public boolean checkExpireTime(String tenantId) {
SysTenantVo tenant = SpringUtils.getAopProxy(this).queryByTenantId(tenantId);
// 濡傛灉鏈缃繃鏈熸椂闂翠唬琛ㄤ笉闄愬埗
if (ObjectUtil.isNull(tenant.getExpireTime())) {
- return TenantConstants.PASS;
+ return true;
}
// 濡傛灉褰撳墠鏃堕棿鍦ㄨ繃鏈熸椂闂翠箣鍓嶅垯閫氳繃
- if (new Date().before(tenant.getExpireTime())) {
- return TenantConstants.PASS;
- }
- return TenantConstants.NOT_PASS;
+ return new Date().before(tenant.getExpireTime());
}
+ /**
+ * 鍚屾绉熸埛濂楅
+ */
+ @Override
+ @Transactional(rollbackFor = Exception.class)
+ public Boolean syncTenantPackage(String tenantId, String packageId) {
+ TenantHelper.enableIgnore();
+ SysTenantPackage tenantPackage = sysTenantPackageMapper.selectById(packageId);
+ List<SysRole> roles = sysRoleMapper.selectList(
+ new LambdaQueryWrapper<SysRole>().eq(SysRole::getTenantId, tenantId));
+ List<Long> roleIds = new ArrayList<>(roles.size() - 1);
+ List<Long> menuIds = StringUtils.splitTo(tenantPackage.getMenuIds(), Convert::toLong);
+ roles.forEach(item -> {
+ if (TenantConstants.TENANT_ADMIN_ROLE_KEY.equals(item.getRoleKey())) {
+ List<SysRoleMenu> roleMenus = new ArrayList<>(menuIds.size());
+ menuIds.forEach(menuId -> {
+ SysRoleMenu roleMenu = new SysRoleMenu();
+ roleMenu.setRoleId(item.getRoleId());
+ roleMenu.setMenuId(menuId);
+ roleMenus.add(roleMenu);
+ });
+ sysRoleMenuMapper.delete(new LambdaQueryWrapper<SysRoleMenu>().eq(SysRoleMenu::getRoleId, item.getRoleId()));
+ sysRoleMenuMapper.insertBatch(roleMenus);
+ } else {
+ roleIds.add(item.getRoleId());
+ }
+ });
+ if (!roleIds.isEmpty()) {
+ sysRoleMenuMapper.delete(
+ new LambdaQueryWrapper<SysRoleMenu>().in(SysRoleMenu::getRoleId, roleIds).notIn(!menuIds.isEmpty(), SysRoleMenu::getMenuId, menuIds));
+ }
+ TenantHelper.disableIgnore();
+ return true;
+ }
}
--
Gitblit v1.9.3