From cdb509a4fa10bf32fd1341e04dee7c9c9c7f8c20 Mon Sep 17 00:00:00 2001
From: jenn <244251889@qq.com>
Date: 星期五, 10 三月 2023 21:15:54 +0800
Subject: [PATCH] fix 修复用户相关更新操作会越权的问题
---
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysUserController.java | 25 +++++++++----------------
1 files changed, 9 insertions(+), 16 deletions(-)
diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysUserController.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysUserController.java
index 470bd7c..bc067a5 100644
--- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysUserController.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysUserController.java
@@ -5,8 +5,6 @@
import cn.hutool.core.lang.tree.Tree;
import cn.hutool.core.util.ArrayUtil;
import cn.hutool.core.util.ObjectUtil;
-import com.ruoyi.common.core.constant.TenantConstants;
-import com.ruoyi.common.core.constant.UserConstants;
import com.ruoyi.common.core.domain.R;
import com.ruoyi.common.core.utils.MapstructUtils;
import com.ruoyi.common.core.utils.StreamUtils;
@@ -17,8 +15,8 @@
import com.ruoyi.common.log.enums.BusinessType;
import com.ruoyi.common.mybatis.core.page.PageQuery;
import com.ruoyi.common.mybatis.core.page.TableDataInfo;
-import com.ruoyi.common.tenant.helper.TenantHelper;
import com.ruoyi.common.satoken.utils.LoginHelper;
+import com.ruoyi.common.tenant.helper.TenantHelper;
import com.ruoyi.common.web.core.BaseController;
import com.ruoyi.system.domain.bo.SysDeptBo;
import com.ruoyi.system.domain.bo.SysUserBo;
@@ -124,18 +122,15 @@
@Log(title = "鐢ㄦ埛绠$悊", businessType = BusinessType.INSERT)
@PostMapping
public R<Void> add(@Validated @RequestBody SysUserBo user) {
- if (UserConstants.NOT_UNIQUE.equals(userService.checkUserNameUnique(user))) {
+ if (!userService.checkUserNameUnique(user)) {
return R.fail("鏂板鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛岀櫥褰曡处鍙峰凡瀛樺湪");
- } else if (StringUtils.isNotEmpty(user.getPhonenumber())
- && UserConstants.NOT_UNIQUE.equals(userService.checkPhoneUnique(user))) {
+ } else if (StringUtils.isNotEmpty(user.getPhonenumber()) && !userService.checkPhoneUnique(user)) {
return R.fail("鏂板鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛屾墜鏈哄彿鐮佸凡瀛樺湪");
- } else if (StringUtils.isNotEmpty(user.getEmail())
- && UserConstants.NOT_UNIQUE.equals(userService.checkEmailUnique(user))) {
+ } else if (StringUtils.isNotEmpty(user.getEmail()) && !userService.checkEmailUnique(user)) {
return R.fail("鏂板鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛岄偖绠辫处鍙峰凡瀛樺湪");
}
if (TenantHelper.isEnable()) {
- String status = tenantService.checkAccountBalance(LoginHelper.getTenantId());
- if (TenantConstants.NOT_PASS.equals(status)) {
+ if (!tenantService.checkAccountBalance(LoginHelper.getTenantId())) {
return R.fail("褰撳墠绉熸埛涓嬬敤鎴峰悕棰濅笉瓒筹紝璇疯仈绯荤鐞嗗憳");
}
}
@@ -152,13 +147,11 @@
public R<Void> edit(@Validated @RequestBody SysUserBo user) {
userService.checkUserAllowed(user);
userService.checkUserDataScope(user.getUserId());
- if (UserConstants.NOT_UNIQUE.equals(userService.checkUserNameUnique(user))) {
+ if (!userService.checkUserNameUnique(user)) {
return R.fail("淇敼鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛岀櫥褰曡处鍙峰凡瀛樺湪");
- } else if (StringUtils.isNotEmpty(user.getPhonenumber())
- && UserConstants.NOT_UNIQUE.equals(userService.checkPhoneUnique(user))) {
+ } else if (StringUtils.isNotEmpty(user.getPhonenumber()) && !userService.checkPhoneUnique(user)) {
return R.fail("淇敼鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛屾墜鏈哄彿鐮佸凡瀛樺湪");
- } else if (StringUtils.isNotEmpty(user.getEmail())
- && UserConstants.NOT_UNIQUE.equals(userService.checkEmailUnique(user))) {
+ } else if (StringUtils.isNotEmpty(user.getEmail()) && !userService.checkEmailUnique(user)) {
return R.fail("淇敼鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛岄偖绠辫处鍙峰凡瀛樺湪");
}
return toAjax(userService.updateUser(user));
@@ -189,7 +182,7 @@
userService.checkUserAllowed(user);
userService.checkUserDataScope(user.getUserId());
user.setPassword(BCrypt.hashpw(user.getPassword()));
- return toAjax(userService.resetPwd(user));
+ return toAjax(userService.resetUserPwd(user.getUserId(),user.getPassword()));
}
/**
--
Gitblit v1.9.3