From cdb509a4fa10bf32fd1341e04dee7c9c9c7f8c20 Mon Sep 17 00:00:00 2001
From: jenn <244251889@qq.com>
Date: 星期五, 10 三月 2023 21:15:54 +0800
Subject: [PATCH] fix 修复用户相关更新操作会越权的问题
---
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysUserController.java | 41 +++++++++++++----------------------------
1 files changed, 13 insertions(+), 28 deletions(-)
diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysUserController.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysUserController.java
index 1bec7a5..bc067a5 100644
--- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysUserController.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysUserController.java
@@ -2,13 +2,11 @@
import cn.dev33.satoken.annotation.SaCheckPermission;
import cn.dev33.satoken.secure.BCrypt;
-import cn.hutool.core.bean.BeanUtil;
import cn.hutool.core.lang.tree.Tree;
import cn.hutool.core.util.ArrayUtil;
import cn.hutool.core.util.ObjectUtil;
-import com.ruoyi.common.core.constant.TenantConstants;
-import com.ruoyi.common.core.constant.UserConstants;
import com.ruoyi.common.core.domain.R;
+import com.ruoyi.common.core.utils.MapstructUtils;
import com.ruoyi.common.core.utils.StreamUtils;
import com.ruoyi.common.core.utils.StringUtils;
import com.ruoyi.common.excel.core.ExcelResult;
@@ -17,10 +15,10 @@
import com.ruoyi.common.log.enums.BusinessType;
import com.ruoyi.common.mybatis.core.page.PageQuery;
import com.ruoyi.common.mybatis.core.page.TableDataInfo;
-import com.ruoyi.common.tenant.helper.TenantHelper;
import com.ruoyi.common.satoken.utils.LoginHelper;
+import com.ruoyi.common.tenant.helper.TenantHelper;
import com.ruoyi.common.web.core.BaseController;
-import com.ruoyi.system.domain.SysDept;
+import com.ruoyi.system.domain.bo.SysDeptBo;
import com.ruoyi.system.domain.bo.SysUserBo;
import com.ruoyi.system.domain.vo.*;
import com.ruoyi.system.listener.SysUserImportListener;
@@ -69,15 +67,7 @@
@PostMapping("/export")
public void export(SysUserBo user, HttpServletResponse response) {
List<SysUserVo> list = userService.selectUserList(user);
- List<SysUserExportVo> listVo = BeanUtil.copyToList(list, SysUserExportVo.class);
- for (int i = 0; i < list.size(); i++) {
- SysDeptVo dept = list.get(i).getDept();
- SysUserExportVo vo = listVo.get(i);
- if (ObjectUtil.isNotEmpty(dept)) {
- vo.setDeptName(dept.getDeptName());
- vo.setLeader(dept.getLeader());
- }
- }
+ List<SysUserExportVo> listVo = MapstructUtils.convert(list, SysUserExportVo.class);
ExcelUtil.exportExcel(listVo, "鐢ㄦ埛鏁版嵁", SysUserExportVo.class, response);
}
@@ -132,18 +122,15 @@
@Log(title = "鐢ㄦ埛绠$悊", businessType = BusinessType.INSERT)
@PostMapping
public R<Void> add(@Validated @RequestBody SysUserBo user) {
- if (UserConstants.NOT_UNIQUE.equals(userService.checkUserNameUnique(user))) {
+ if (!userService.checkUserNameUnique(user)) {
return R.fail("鏂板鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛岀櫥褰曡处鍙峰凡瀛樺湪");
- } else if (StringUtils.isNotEmpty(user.getPhonenumber())
- && UserConstants.NOT_UNIQUE.equals(userService.checkPhoneUnique(user))) {
+ } else if (StringUtils.isNotEmpty(user.getPhonenumber()) && !userService.checkPhoneUnique(user)) {
return R.fail("鏂板鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛屾墜鏈哄彿鐮佸凡瀛樺湪");
- } else if (StringUtils.isNotEmpty(user.getEmail())
- && UserConstants.NOT_UNIQUE.equals(userService.checkEmailUnique(user))) {
+ } else if (StringUtils.isNotEmpty(user.getEmail()) && !userService.checkEmailUnique(user)) {
return R.fail("鏂板鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛岄偖绠辫处鍙峰凡瀛樺湪");
}
if (TenantHelper.isEnable()) {
- String status = tenantService.checkAccountBalance(LoginHelper.getTenantId());
- if (TenantConstants.NOT_PASS.equals(status)) {
+ if (!tenantService.checkAccountBalance(LoginHelper.getTenantId())) {
return R.fail("褰撳墠绉熸埛涓嬬敤鎴峰悕棰濅笉瓒筹紝璇疯仈绯荤鐞嗗憳");
}
}
@@ -160,13 +147,11 @@
public R<Void> edit(@Validated @RequestBody SysUserBo user) {
userService.checkUserAllowed(user);
userService.checkUserDataScope(user.getUserId());
- if (UserConstants.NOT_UNIQUE.equals(userService.checkUserNameUnique(user))) {
+ if (!userService.checkUserNameUnique(user)) {
return R.fail("淇敼鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛岀櫥褰曡处鍙峰凡瀛樺湪");
- } else if (StringUtils.isNotEmpty(user.getPhonenumber())
- && UserConstants.NOT_UNIQUE.equals(userService.checkPhoneUnique(user))) {
+ } else if (StringUtils.isNotEmpty(user.getPhonenumber()) && !userService.checkPhoneUnique(user)) {
return R.fail("淇敼鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛屾墜鏈哄彿鐮佸凡瀛樺湪");
- } else if (StringUtils.isNotEmpty(user.getEmail())
- && UserConstants.NOT_UNIQUE.equals(userService.checkEmailUnique(user))) {
+ } else if (StringUtils.isNotEmpty(user.getEmail()) && !userService.checkEmailUnique(user)) {
return R.fail("淇敼鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛岄偖绠辫处鍙峰凡瀛樺湪");
}
return toAjax(userService.updateUser(user));
@@ -197,7 +182,7 @@
userService.checkUserAllowed(user);
userService.checkUserDataScope(user.getUserId());
user.setPassword(BCrypt.hashpw(user.getPassword()));
- return toAjax(userService.resetPwd(user));
+ return toAjax(userService.resetUserPwd(user.getUserId(),user.getPassword()));
}
/**
@@ -248,7 +233,7 @@
*/
@SaCheckPermission("system:user:list")
@GetMapping("/deptTree")
- public R<List<Tree<Long>>> deptTree(SysDept dept) {
+ public R<List<Tree<Long>>> deptTree(SysDeptBo dept) {
return R.ok(deptService.selectDeptTreeList(dept));
}
--
Gitblit v1.9.3