From cdb509a4fa10bf32fd1341e04dee7c9c9c7f8c20 Mon Sep 17 00:00:00 2001
From: jenn <244251889@qq.com>
Date: 星期五, 10 三月 2023 21:15:54 +0800
Subject: [PATCH] fix 修复用户相关更新操作会越权的问题
---
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/domain/bo/SysUserBo.java | 40 +++++++++++++++++++++++-----------------
1 files changed, 23 insertions(+), 17 deletions(-)
diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/domain/bo/SysUserBo.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/domain/bo/SysUserBo.java
index c4f8504..94572fa 100644
--- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/domain/bo/SysUserBo.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/domain/bo/SysUserBo.java
@@ -1,33 +1,36 @@
package com.ruoyi.system.domain.bo;
import com.ruoyi.common.core.constant.UserConstants;
-import com.ruoyi.common.core.validate.AddGroup;
-import com.ruoyi.common.core.validate.EditGroup;
+import com.ruoyi.common.core.xss.Xss;
+import com.ruoyi.common.mybatis.core.domain.BaseEntity;
+import com.ruoyi.common.sensitive.annotation.Sensitive;
+import com.ruoyi.common.sensitive.core.SensitiveStrategy;
+import com.ruoyi.system.domain.SysUser;
+import io.github.linpeilie.annotations.AutoMapper;
+import jakarta.validation.constraints.Email;
+import jakarta.validation.constraints.NotBlank;
+import jakarta.validation.constraints.Size;
import lombok.Data;
import lombok.EqualsAndHashCode;
-import jakarta.validation.constraints.*;
+import lombok.NoArgsConstructor;
import java.util.Date;
-
-import com.ruoyi.common.mybatis.core.domain.BaseEntity;
-import lombok.NoArgsConstructor;
/**
* 鐢ㄦ埛淇℃伅涓氬姟瀵硅薄 sys_user
*
- * @author ruoyi
- * @date 2023-02-01
+ * @author Michelle.Chung
*/
@Data
@NoArgsConstructor
@EqualsAndHashCode(callSuper = true)
+@AutoMapper(target = SysUser.class, reverseConvertGenerate = false)
public class SysUserBo extends BaseEntity {
/**
* 鐢ㄦ埛ID
*/
- @NotNull(message = "鐢ㄦ埛ID涓嶈兘涓虹┖", groups = { EditGroup.class })
private Long userId;
/**
@@ -38,12 +41,16 @@
/**
* 鐢ㄦ埛璐﹀彿
*/
- @NotBlank(message = "鐢ㄦ埛璐﹀彿涓嶈兘涓虹┖", groups = { AddGroup.class, EditGroup.class })
+ @Xss(message = "鐢ㄦ埛璐﹀彿涓嶈兘鍖呭惈鑴氭湰瀛楃")
+ @NotBlank(message = "鐢ㄦ埛璐﹀彿涓嶈兘涓虹┖")
+ @Size(min = 0, max = 30, message = "鐢ㄦ埛璐﹀彿闀垮害涓嶈兘瓒呰繃{max}涓瓧绗�")
private String userName;
/**
* 鐢ㄦ埛鏄电О
*/
+ @Xss(message = "鐢ㄦ埛鏄电О涓嶈兘鍖呭惈鑴氭湰瀛楃")
+ @Size(min = 0, max = 30, message = "鐢ㄦ埛鏄电О闀垮害涓嶈兘瓒呰繃{max}涓瓧绗�")
private String nickName;
/**
@@ -54,11 +61,15 @@
/**
* 鐢ㄦ埛閭
*/
+ @Sensitive(strategy = SensitiveStrategy.EMAIL)
+ @Email(message = "閭鏍煎紡涓嶆纭�")
+ @Size(min = 0, max = 50, message = "閭闀垮害涓嶈兘瓒呰繃{max}涓瓧绗�")
private String email;
/**
* 鎵嬫満鍙风爜
*/
+ @Sensitive(strategy = SensitiveStrategy.PHONE)
private String phonenumber;
/**
@@ -69,7 +80,7 @@
/**
* 澶村儚鍦板潃
*/
- private String avatar;
+ private Long avatar;
/**
* 瀵嗙爜
@@ -90,11 +101,6 @@
* 鏈�鍚庣櫥褰曟椂闂�
*/
private Date loginDate;
-
- /**
- * 鍒涘缓閮ㄩ棬
- */
- private Long createDept;
/**
* 澶囨敞
@@ -120,7 +126,7 @@
this.userId = userId;
}
- public boolean isAdmin() {
+ public boolean isSuperAdmin() {
return UserConstants.SUPER_ADMIN_ID.equals(this.userId);
}
--
Gitblit v1.9.3