From 9ed5b521d613edb51b160cca931ee680019e2896 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期二, 07 三月 2023 22:26:13 +0800
Subject: [PATCH] fix 修复 用户密码暴露问题
---
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java | 123 +++++++++++++++++++++++-----------------
1 files changed, 70 insertions(+), 53 deletions(-)
diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java
index 2661890..598ce47 100644
--- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java
@@ -9,19 +9,30 @@
import com.baomidou.mybatisplus.core.conditions.update.LambdaUpdateWrapper;
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
+import com.ruoyi.common.core.constant.CacheNames;
import com.ruoyi.common.core.constant.UserConstants;
import com.ruoyi.common.core.exception.ServiceException;
+import com.ruoyi.common.core.service.UserService;
+import com.ruoyi.common.core.utils.MapstructUtils;
import com.ruoyi.common.core.utils.StreamUtils;
import com.ruoyi.common.core.utils.StringUtils;
import com.ruoyi.common.mybatis.core.page.PageQuery;
import com.ruoyi.common.mybatis.core.page.TableDataInfo;
import com.ruoyi.common.mybatis.helper.DataBaseHelper;
import com.ruoyi.common.satoken.utils.LoginHelper;
-import com.ruoyi.system.domain.*;
+import com.ruoyi.system.domain.SysDept;
+import com.ruoyi.system.domain.SysUser;
+import com.ruoyi.system.domain.SysUserPost;
+import com.ruoyi.system.domain.SysUserRole;
+import com.ruoyi.system.domain.bo.SysUserBo;
+import com.ruoyi.system.domain.vo.SysPostVo;
+import com.ruoyi.system.domain.vo.SysRoleVo;
+import com.ruoyi.system.domain.vo.SysUserVo;
import com.ruoyi.system.mapper.*;
import com.ruoyi.system.service.ISysUserService;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
+import org.springframework.cache.annotation.Cacheable;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
@@ -36,7 +47,7 @@
@Slf4j
@RequiredArgsConstructor
@Service
-public class SysUserServiceImpl implements ISysUserService {
+public class SysUserServiceImpl implements ISysUserService, UserService {
private final SysUserMapper baseMapper;
private final SysDeptMapper deptMapper;
@@ -46,8 +57,8 @@
private final SysUserPostMapper userPostMapper;
@Override
- public TableDataInfo<SysUser> selectPageUserList(SysUser user, PageQuery pageQuery) {
- Page<SysUser> page = baseMapper.selectPageUserList(pageQuery.build(), this.buildQueryWrapper(user));
+ public TableDataInfo<SysUserVo> selectPageUserList(SysUserBo user, PageQuery pageQuery) {
+ Page<SysUserVo> page = baseMapper.selectPageUserList(pageQuery.build(), this.buildQueryWrapper(user));
return TableDataInfo.build(page);
}
@@ -58,11 +69,11 @@
* @return 鐢ㄦ埛淇℃伅闆嗗悎淇℃伅
*/
@Override
- public List<SysUser> selectUserList(SysUser user) {
+ public List<SysUserVo> selectUserList(SysUserBo user) {
return baseMapper.selectUserList(this.buildQueryWrapper(user));
}
- private Wrapper<SysUser> buildQueryWrapper(SysUser user) {
+ private Wrapper<SysUser> buildQueryWrapper(SysUserBo user) {
Map<String, Object> params = user.getParams();
QueryWrapper<SysUser> wrapper = Wrappers.query();
wrapper.eq("u.del_flag", UserConstants.USER_NORMAL)
@@ -90,14 +101,14 @@
* @return 鐢ㄦ埛淇℃伅闆嗗悎淇℃伅
*/
@Override
- public TableDataInfo<SysUser> selectAllocatedList(SysUser user, PageQuery pageQuery) {
+ public TableDataInfo<SysUserVo> selectAllocatedList(SysUserBo user, PageQuery pageQuery) {
QueryWrapper<SysUser> wrapper = Wrappers.query();
wrapper.eq("u.del_flag", UserConstants.USER_NORMAL)
.eq(ObjectUtil.isNotNull(user.getRoleId()), "r.role_id", user.getRoleId())
.like(StringUtils.isNotBlank(user.getUserName()), "u.user_name", user.getUserName())
.eq(StringUtils.isNotBlank(user.getStatus()), "u.status", user.getStatus())
.like(StringUtils.isNotBlank(user.getPhonenumber()), "u.phonenumber", user.getPhonenumber());
- Page<SysUser> page = baseMapper.selectAllocatedList(pageQuery.build(), wrapper);
+ Page<SysUserVo> page = baseMapper.selectAllocatedList(pageQuery.build(), wrapper);
return TableDataInfo.build(page);
}
@@ -108,7 +119,7 @@
* @return 鐢ㄦ埛淇℃伅闆嗗悎淇℃伅
*/
@Override
- public TableDataInfo<SysUser> selectUnallocatedList(SysUser user, PageQuery pageQuery) {
+ public TableDataInfo<SysUserVo> selectUnallocatedList(SysUserBo user, PageQuery pageQuery) {
List<Long> userIds = userRoleMapper.selectUserIdsByRoleId(user.getRoleId());
QueryWrapper<SysUser> wrapper = Wrappers.query();
wrapper.eq("u.del_flag", UserConstants.USER_NORMAL)
@@ -116,7 +127,7 @@
.notIn(CollUtil.isNotEmpty(userIds), "u.user_id", userIds)
.like(StringUtils.isNotBlank(user.getUserName()), "u.user_name", user.getUserName())
.like(StringUtils.isNotBlank(user.getPhonenumber()), "u.phonenumber", user.getPhonenumber());
- Page<SysUser> page = baseMapper.selectUnallocatedList(pageQuery.build(), wrapper);
+ Page<SysUserVo> page = baseMapper.selectUnallocatedList(pageQuery.build(), wrapper);
return TableDataInfo.build(page);
}
@@ -127,7 +138,7 @@
* @return 鐢ㄦ埛瀵硅薄淇℃伅
*/
@Override
- public SysUser selectUserByUserName(String userName) {
+ public SysUserVo selectUserByUserName(String userName) {
return baseMapper.selectUserByUserName(userName);
}
@@ -138,7 +149,7 @@
* @return 鐢ㄦ埛瀵硅薄淇℃伅
*/
@Override
- public SysUser selectUserByPhonenumber(String phonenumber) {
+ public SysUserVo selectUserByPhonenumber(String phonenumber) {
return baseMapper.selectUserByPhonenumber(phonenumber);
}
@@ -149,7 +160,7 @@
* @return 鐢ㄦ埛瀵硅薄淇℃伅
*/
@Override
- public SysUser selectUserById(Long userId) {
+ public SysUserVo selectUserById(Long userId) {
return baseMapper.selectUserById(userId);
}
@@ -161,11 +172,11 @@
*/
@Override
public String selectUserRoleGroup(String userName) {
- List<SysRole> list = roleMapper.selectRolesByUserName(userName);
+ List<SysRoleVo> list = roleMapper.selectRolesByUserName(userName);
if (CollUtil.isEmpty(list)) {
return StringUtils.EMPTY;
}
- return StreamUtils.join(list, SysRole::getRoleName);
+ return StreamUtils.join(list, SysRoleVo::getRoleName);
}
/**
@@ -176,11 +187,11 @@
*/
@Override
public String selectUserPostGroup(String userName) {
- List<SysPost> list = postMapper.selectPostsByUserName(userName);
+ List<SysPostVo> list = postMapper.selectPostsByUserName(userName);
if (CollUtil.isEmpty(list)) {
return StringUtils.EMPTY;
}
- return StreamUtils.join(list, SysPost::getPostName);
+ return StreamUtils.join(list, SysPostVo::getPostName);
}
/**
@@ -190,14 +201,11 @@
* @return 缁撴灉
*/
@Override
- public String checkUserNameUnique(SysUser user) {
+ public boolean checkUserNameUnique(SysUserBo user) {
boolean exist = baseMapper.exists(new LambdaQueryWrapper<SysUser>()
.eq(SysUser::getUserName, user.getUserName())
.ne(ObjectUtil.isNotNull(user.getUserId()), SysUser::getUserId, user.getUserId()));
- if (exist) {
- return UserConstants.NOT_UNIQUE;
- }
- return UserConstants.UNIQUE;
+ return !exist;
}
/**
@@ -206,14 +214,11 @@
* @param user 鐢ㄦ埛淇℃伅
*/
@Override
- public String checkPhoneUnique(SysUser user) {
+ public boolean checkPhoneUnique(SysUserBo user) {
boolean exist = baseMapper.exists(new LambdaQueryWrapper<SysUser>()
.eq(SysUser::getPhonenumber, user.getPhonenumber())
.ne(ObjectUtil.isNotNull(user.getUserId()), SysUser::getUserId, user.getUserId()));
- if (exist) {
- return UserConstants.NOT_UNIQUE;
- }
- return UserConstants.UNIQUE;
+ return !exist;
}
/**
@@ -222,14 +227,11 @@
* @param user 鐢ㄦ埛淇℃伅
*/
@Override
- public String checkEmailUnique(SysUser user) {
+ public boolean checkEmailUnique(SysUserBo user) {
boolean exist = baseMapper.exists(new LambdaQueryWrapper<SysUser>()
.eq(SysUser::getEmail, user.getEmail())
.ne(ObjectUtil.isNotNull(user.getUserId()), SysUser::getUserId, user.getUserId()));
- if (exist) {
- return UserConstants.NOT_UNIQUE;
- }
- return UserConstants.UNIQUE;
+ return !exist;
}
/**
@@ -238,8 +240,8 @@
* @param user 鐢ㄦ埛淇℃伅
*/
@Override
- public void checkUserAllowed(SysUser user) {
- if (ObjectUtil.isNotNull(user.getUserId()) && user.isAdmin()) {
+ public void checkUserAllowed(SysUserBo user) {
+ if (ObjectUtil.isNotNull(user.getUserId()) && user.isSuperAdmin()) {
throw new ServiceException("涓嶅厑璁告搷浣滆秴绾х鐞嗗憳鐢ㄦ埛");
}
}
@@ -251,10 +253,10 @@
*/
@Override
public void checkUserDataScope(Long userId) {
- if (!LoginHelper.isAdmin()) {
- SysUser user = new SysUser();
+ if (!LoginHelper.isSuperAdmin()) {
+ SysUserBo user = new SysUserBo();
user.setUserId(userId);
- List<SysUser> users = this.selectUserList(user);
+ List<SysUserVo> users = this.selectUserList(user);
if (CollUtil.isEmpty(users)) {
throw new ServiceException("娌℃湁鏉冮檺璁块棶鐢ㄦ埛鏁版嵁锛�");
}
@@ -269,9 +271,11 @@
*/
@Override
@Transactional(rollbackFor = Exception.class)
- public int insertUser(SysUser user) {
+ public int insertUser(SysUserBo user) {
+ SysUser sysUser = MapstructUtils.convert(user, SysUser.class);
// 鏂板鐢ㄦ埛淇℃伅
- int rows = baseMapper.insert(user);
+ int rows = baseMapper.insert(sysUser);
+ user.setUserId(sysUser.getUserId());
// 鏂板鐢ㄦ埛宀椾綅鍏宠仈
insertUserPost(user);
// 鏂板鐢ㄦ埛涓庤鑹茬鐞�
@@ -286,10 +290,12 @@
* @return 缁撴灉
*/
@Override
- public boolean registerUser(SysUser user) {
+ public boolean registerUser(SysUserBo user, String tenantId) {
user.setCreateBy(user.getUserId());
user.setUpdateBy(user.getUserId());
- return baseMapper.insert(user) > 0;
+ SysUser sysUser = MapstructUtils.convert(user, SysUser.class);
+ sysUser.setTenantId(tenantId);
+ return baseMapper.insert(sysUser) > 0;
}
/**
@@ -300,7 +306,7 @@
*/
@Override
@Transactional(rollbackFor = Exception.class)
- public int updateUser(SysUser user) {
+ public int updateUser(SysUserBo user) {
Long userId = user.getUserId();
// 鍒犻櫎鐢ㄦ埛涓庤鑹插叧鑱�
userRoleMapper.delete(new LambdaQueryWrapper<SysUserRole>().eq(SysUserRole::getUserId, userId));
@@ -310,7 +316,8 @@
userPostMapper.delete(new LambdaQueryWrapper<SysUserPost>().eq(SysUserPost::getUserId, userId));
// 鏂板鐢ㄦ埛涓庡矖浣嶇鐞�
insertUserPost(user);
- return baseMapper.updateById(user);
+ SysUser sysUser = MapstructUtils.convert(user, SysUser.class);
+ return baseMapper.updateById(sysUser);
}
/**
@@ -334,8 +341,9 @@
* @return 缁撴灉
*/
@Override
- public int updateUserStatus(SysUser user) {
- return baseMapper.updateById(user);
+ public int updateUserStatus(SysUserBo user) {
+ SysUser sysUser = MapstructUtils.convert(user, SysUser.class);
+ return baseMapper.updateById(sysUser);
}
/**
@@ -345,8 +353,9 @@
* @return 缁撴灉
*/
@Override
- public int updateUserProfile(SysUser user) {
- return baseMapper.updateById(user);
+ public int updateUserProfile(SysUserBo user) {
+ SysUser sysUser = MapstructUtils.convert(user, SysUser.class);
+ return baseMapper.updateById(sysUser);
}
/**
@@ -357,7 +366,7 @@
* @return 缁撴灉
*/
@Override
- public boolean updateUserAvatar(String userName, String avatar) {
+ public boolean updateUserAvatar(String userName, Long avatar) {
return baseMapper.update(null,
new LambdaUpdateWrapper<SysUser>()
.set(SysUser::getAvatar, avatar)
@@ -371,8 +380,9 @@
* @return 缁撴灉
*/
@Override
- public int resetPwd(SysUser user) {
- return baseMapper.updateById(user);
+ public int resetPwd(SysUserBo user) {
+ SysUser sysUser = MapstructUtils.convert(user, SysUser.class);
+ return baseMapper.updateById(sysUser);
}
/**
@@ -395,7 +405,7 @@
*
* @param user 鐢ㄦ埛瀵硅薄
*/
- public void insertUserRole(SysUser user) {
+ public void insertUserRole(SysUserBo user) {
this.insertUserRole(user.getUserId(), user.getRoleIds());
}
@@ -404,7 +414,7 @@
*
* @param user 鐢ㄦ埛瀵硅薄
*/
- public void insertUserPost(SysUser user) {
+ public void insertUserPost(SysUserBo user) {
Long[] posts = user.getPostIds();
if (ArrayUtil.isNotEmpty(posts)) {
// 鏂板鐢ㄦ埛涓庡矖浣嶇鐞�
@@ -463,7 +473,7 @@
@Transactional(rollbackFor = Exception.class)
public int deleteUserByIds(Long[] userIds) {
for (Long userId : userIds) {
- checkUserAllowed(new SysUser(userId));
+ checkUserAllowed(new SysUserBo(userId));
checkUserDataScope(userId);
}
List<Long> ids = List.of(userIds);
@@ -474,4 +484,11 @@
return baseMapper.deleteBatchIds(ids);
}
+ @Cacheable(cacheNames = CacheNames.SYS_USER_NAME, key = "#userId")
+ @Override
+ public String selectUserNameById(Long userId) {
+ SysUser sysUser = baseMapper.selectOne(new LambdaQueryWrapper<SysUser>()
+ .select(SysUser::getUserName).eq(SysUser::getUserId, userId));
+ return ObjectUtil.isNull(sysUser) ? null : sysUser.getUserName();
+ }
}
--
Gitblit v1.9.3