diff --git a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroRealm.java b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroRealm.java index a9caf128..f25e1bef 100644 --- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroRealm.java +++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroRealm.java @@ -61,7 +61,7 @@ public class ShiroRealm extends AuthorizingRealm { */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { - log.debug("===============Shiro权限认证开始============ [ roles、permissions]=========="); + log.info("===============Shiro权限认证开始============ [ roles、permissions]=========="); String username = null; String userId = null; if (principals != null) { @@ -73,13 +73,12 @@ public class ShiroRealm extends AuthorizingRealm { // 设置用户拥有的角色集合,比如“admin,test” Set roleSet = commonApi.queryUserRolesById(userId); - //System.out.println(roleSet.toString()); + // System.out.println(roleSet.toString()); info.setRoles(roleSet); // 设置用户拥有的权限集合,比如“sys:role:add,sys:user:add” Set permissionSet = commonApi.queryUserAuths(userId); info.addStringPermissions(permissionSet); - //System.out.println(permissionSet); log.info("===============Shiro权限认证成功=============="); return info; } diff --git a/jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserController.java b/jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserController.java index 0062e0d3..b446e81f 100644 --- a/jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserController.java +++ b/jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserController.java @@ -1,6 +1,5 @@ package org.jeecg.modules.system.controller; - import cn.hutool.core.util.RandomUtil; import com.alibaba.fastjson.JSON; import com.alibaba.fastjson.JSONArray; @@ -66,17 +65,17 @@ import java.util.stream.Collectors; @RequestMapping("/sys/user") public class SysUserController { - @Autowired - private ISysUserService sysUserService; + @Autowired + private ISysUserService sysUserService; @Autowired private ISysDepartService sysDepartService; - @Autowired - private ISysUserRoleService sysUserRoleService; + @Autowired + private ISysUserRoleService sysUserRoleService; - @Autowired - private ISysUserDepartService sysUserDepartService; + @Autowired + private ISysUserDepartService sysUserDepartService; @Autowired private ISysDepartRoleUserService departRoleUserService; @@ -84,8 +83,8 @@ public class SysUserController { @Autowired private ISysDepartRoleService departRoleService; - @Autowired - private RedisUtil redisUtil; + @Autowired + private RedisUtil redisUtil; @Value("${jeecg.path.upload}") private String upLoadPath; @@ -104,9 +103,10 @@ public class SysUserController { @Autowired private JeecgRedisClient jeecgRedisClient; - + /** * 获取租户下用户数据(支持租户隔离) + * * @param user * @param pageNo * @param pageSize @@ -114,24 +114,25 @@ public class SysUserController { * @return */ @PermissionData(pageComponent = "system/UserList") - @RequestMapping(value = "/list", method = RequestMethod.GET) - public Result> queryPageList(SysUser user,@RequestParam(name="pageNo", defaultValue="1") Integer pageNo, - @RequestParam(name="pageSize", defaultValue="10") Integer pageSize,HttpServletRequest req) { - QueryWrapper queryWrapper = QueryGenerator.initQueryWrapper(user, req.getParameterMap()); - //------------------------------------------------------------------------------------------------ - //是否开启系统管理模块的多租户数据隔离【SAAS多租户模式】 + @RequestMapping(value = "/list", method = RequestMethod.GET) + public Result> queryPageList(SysUser user, + @RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo, + @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, HttpServletRequest req) { + QueryWrapper queryWrapper = QueryGenerator.initQueryWrapper(user, req.getParameterMap()); + // ------------------------------------------------------------------------------------------------ + // 是否开启系统管理模块的多租户数据隔离【SAAS多租户模式】 if (MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL) { String tenantId = oConvertUtils.getString(TenantContext.getTenant(), "-1"); List userIds = userTenantService.getUserIdsByTenantId(Integer.valueOf(tenantId)); if (oConvertUtils.listIsNotEmpty(userIds)) { queryWrapper.in("id", userIds); - }else{ + } else { queryWrapper.eq("id", "通过租户查询不到任何用户"); } } - //------------------------------------------------------------------------------------------------ + // ------------------------------------------------------------------------------------------------ return sysUserService.queryPageList(req, queryWrapper, pageSize, pageNo); - } + } /** * 获取系统用户数据(查询全部用户,不做租户隔离) @@ -144,138 +145,164 @@ public class SysUserController { */ @RequiresPermissions("system:user:listAll") @RequestMapping(value = "/listAll", method = RequestMethod.GET) - public Result> queryAllPageList(SysUser user, @RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo, - @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, HttpServletRequest req) { + public Result> queryAllPageList(SysUser user, + @RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo, + @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, HttpServletRequest req) { QueryWrapper queryWrapper = QueryGenerator.initQueryWrapper(user, req.getParameterMap()); return sysUserService.queryPageList(req, queryWrapper, pageSize, pageNo); } @RequiresPermissions("system:user:add") - @RequestMapping(value = "/add", method = RequestMethod.POST) - public Result add(@RequestBody JSONObject jsonObject) { - Result result = new Result(); - String selectedRoles = jsonObject.getString("selectedroles"); - String selectedDeparts = jsonObject.getString("selecteddeparts"); - try { - SysUser user = JSON.parseObject(jsonObject.toJSONString(), SysUser.class); - user.setCreateTime(new Date());//设置创建时间 - String salt = oConvertUtils.randomGen(8); - user.setSalt(salt); - String passwordEncode = PasswordUtil.encrypt(user.getUsername(), user.getPassword(), salt); - user.setPassword(passwordEncode); - user.setStatus(1); - user.setDelFlag(CommonConstant.DEL_FLAG_0); - //用户表字段org_code不能在这里设置他的值 + @RequestMapping(value = "/add", method = RequestMethod.POST) + public Result add(@RequestBody JSONObject jsonObject) { + Result result = new Result(); + String selectedRoles = jsonObject.getString("selectedroles"); + String selectedDeparts = jsonObject.getString("selecteddeparts"); + try { + SysUser user = JSON.parseObject(jsonObject.toJSONString(), SysUser.class); + user.setCreateTime(new Date());// 设置创建时间 + String salt = oConvertUtils.randomGen(8); + user.setSalt(salt); + String passwordEncode = PasswordUtil.encrypt(user.getUsername(), user.getPassword(), salt); + user.setPassword(passwordEncode); + user.setStatus(1); + user.setDelFlag(CommonConstant.DEL_FLAG_0); + // 用户表字段org_code不能在这里设置他的值 user.setOrgCode(null); - // 保存用户走一个service 保证事务 - //获取租户ids + // 保存用户走一个service 保证事务 + // 获取租户ids String relTenantIds = jsonObject.getString("relTenantIds"); sysUserService.saveUser(user, selectedRoles, selectedDeparts, relTenantIds); - baseCommonService.addLog("添加用户,username: " +user.getUsername() ,CommonConstant.LOG_TYPE_2, 2); - result.success("添加成功!"); - } catch (Exception e) { - log.error(e.getMessage(), e); - result.error500("操作失败"); - } - return result; - } + baseCommonService.addLog("添加用户,username: " + user.getUsername(), CommonConstant.LOG_TYPE_2, 2); + result.success("添加成功!"); + } catch (Exception e) { + log.error(e.getMessage(), e); + result.error500("操作失败"); + } + return result; + } @RequiresPermissions("system:user:edit") - @RequestMapping(value = "/edit", method = {RequestMethod.PUT,RequestMethod.POST}) - public Result edit(@RequestBody JSONObject jsonObject) { - Result result = new Result(); - try { - SysUser sysUser = sysUserService.getById(jsonObject.getString("id")); - baseCommonService.addLog("编辑用户,username: " +sysUser.getUsername() ,CommonConstant.LOG_TYPE_2, 2); - if(sysUser==null) { - result.error500("未找到对应实体"); - }else { - SysUser user = JSON.parseObject(jsonObject.toJSONString(), SysUser.class); - user.setUpdateTime(new Date()); - //String passwordEncode = PasswordUtil.encrypt(user.getUsername(), user.getPassword(), sysUser.getSalt()); - user.setPassword(sysUser.getPassword()); - String roles = jsonObject.getString("selectedroles"); + @RequestMapping(value = "/edit", method = { RequestMethod.PUT, RequestMethod.POST }) + public Result edit(@RequestBody JSONObject jsonObject) { + Result result = new Result(); + try { + SysUser sysUser = sysUserService.getById(jsonObject.getString("id")); + baseCommonService.addLog("编辑用户,username: " + sysUser.getUsername(), CommonConstant.LOG_TYPE_2, 2); + if (sysUser == null) { + result.error500("未找到对应实体"); + } else { + SysUser user = JSON.parseObject(jsonObject.toJSONString(), SysUser.class); + user.setUpdateTime(new Date()); + // String passwordEncode = PasswordUtil.encrypt(user.getUsername(), + // user.getPassword(), sysUser.getSalt()); + user.setPassword(sysUser.getPassword()); + String roles = jsonObject.getString("selectedroles"); String departs = jsonObject.getString("selecteddeparts"); - if(oConvertUtils.isEmpty(departs)){ - //vue3.0前端只传递了departIds - departs=user.getDepartIds(); + if (oConvertUtils.isEmpty(departs)) { + // vue3.0前端只传递了departIds + departs = user.getDepartIds(); } - //用户表字段org_code不能在这里设置他的值 + // 用户表字段org_code不能在这里设置他的值 user.setOrgCode(null); // 修改用户走一个service 保证事务 - //获取租户ids + // 获取租户ids String relTenantIds = jsonObject.getString("relTenantIds"); String updateFromPage = jsonObject.getString("updateFromPage"); - sysUserService.editUser(user, roles, departs, relTenantIds, updateFromPage); - result.success("修改成功!"); - } - } catch (Exception e) { - log.error(e.getMessage(), e); - result.error500("操作失败"); - } - return result; - } + sysUserService.editUser(user, roles, departs, relTenantIds, updateFromPage); - /** - * 删除用户 - */ + // 添加权限缓存清理 + clearUserPermissionCache(user.getId()); + + result.success("修改成功!"); + } + } catch (Exception e) { + log.error(e.getMessage(), e); + result.error500("操作失败"); + } + return result; + } + + // 添加清理用户权限缓存的方法 + private void clearUserPermissionCache(String userId) { + try { + // 方式1:通过 Redis 直接删除缓存 + String cacheKey = "shiro:cache:org.jeecg.config.shiro.ShiroRealm.authorizationCache:" + userId; + redisUtil.del(cacheKey); + + // 方式2:通过 ShiroRealm 清除缓存 + // 需要注入 ShiroRealm + // shiroRealm.clearCache(principals); + + log.info("已清除用户 {} 的权限缓存", userId); + } catch (Exception e) { + log.error("清除用户权限缓存失败: userId={}, error={}", userId, e.getMessage(), e); + } + } + + /** + * 删除用户 + */ @RequiresPermissions("system:user:delete") - @RequestMapping(value = "/delete", method = RequestMethod.DELETE) - public Result delete(@RequestParam(name="id",required=true) String id) { - baseCommonService.addLog("删除用户,id: " +id ,CommonConstant.LOG_TYPE_2, 3); + @RequestMapping(value = "/delete", method = RequestMethod.DELETE) + public Result delete(@RequestParam(name = "id", required = true) String id) { + baseCommonService.addLog("删除用户,id: " + id, CommonConstant.LOG_TYPE_2, 3); List userNameList = sysUserService.userIdToUsername(Arrays.asList(id)); - this.sysUserService.deleteUser(id); + this.sysUserService.deleteUser(id); if (!userNameList.isEmpty()) { String joinedString = String.join(",", userNameList); } - return Result.ok("删除用户成功"); - } + return Result.ok("删除用户成功"); + } - /** - * 批量删除用户 - */ + /** + * 批量删除用户 + */ @RequiresPermissions("system:user:deleteBatch") - @RequestMapping(value = "/deleteBatch", method = RequestMethod.DELETE) - public Result deleteBatch(@RequestParam(name="ids",required=true) String ids) { - baseCommonService.addLog("批量删除用户, ids: " +ids ,CommonConstant.LOG_TYPE_2, 3); + @RequestMapping(value = "/deleteBatch", method = RequestMethod.DELETE) + public Result deleteBatch(@RequestParam(name = "ids", required = true) String ids) { + baseCommonService.addLog("批量删除用户, ids: " + ids, CommonConstant.LOG_TYPE_2, 3); List userNameList = sysUserService.userIdToUsername(Arrays.asList(ids.split(","))); - this.sysUserService.deleteBatchUsers(ids); - + this.sysUserService.deleteBatchUsers(ids); + // 用户变更,触发同步工作流 if (!userNameList.isEmpty()) { String joinedString = String.join(",", userNameList); } - return Result.ok("批量删除用户成功"); - } + return Result.ok("批量删除用户成功"); + } - /** - * 冻结&解冻用户 - * @param jsonObject - * @return - */ + /** + * 冻结&解冻用户 + * + * @param jsonObject + * @return + */ @RequiresPermissions("system:user:frozenBatch") - @RequestMapping(value = "/frozenBatch", method = RequestMethod.PUT) - public Result frozenBatch(@RequestBody JSONObject jsonObject) { - Result result = new Result(); - try { - String ids = jsonObject.getString("ids"); - sysUserService.checkUserAdminRejectDel(ids); - String status = jsonObject.getString("status"); - String[] arr = ids.split(","); + @RequestMapping(value = "/frozenBatch", method = RequestMethod.PUT) + public Result frozenBatch(@RequestBody JSONObject jsonObject) { + Result result = new Result(); + try { + String ids = jsonObject.getString("ids"); + sysUserService.checkUserAdminRejectDel(ids); + String status = jsonObject.getString("status"); + String[] arr = ids.split(","); for (String id : arr) { - if(oConvertUtils.isNotEmpty(id)) { - //update-begin---author:liusq ---date:20230620 for:[QQYUN-5577]用户列表-冻结用户,再解冻之后,用户还是无法登陆,有缓存问题 #5066------------ - sysUserService.updateStatus(id,status); - //update-end---author:liusq ---date:20230620 for:[QQYUN-5577]用户列表-冻结用户,再解冻之后,用户还是无法登陆,有缓存问题 #5066------------ + if (oConvertUtils.isNotEmpty(id)) { + // update-begin---author:liusq ---date:20230620 + // for:[QQYUN-5577]用户列表-冻结用户,再解冻之后,用户还是无法登陆,有缓存问题 #5066------------ + sysUserService.updateStatus(id, status); + // update-end---author:liusq ---date:20230620 + // for:[QQYUN-5577]用户列表-冻结用户,再解冻之后,用户还是无法登陆,有缓存问题 #5066------------ } - } - } catch (Exception e) { - log.error(e.getMessage(), e); - result.error500("操作失败"+e.getMessage()); - } - result.success("操作成功!"); - return result; + } + } catch (Exception e) { + log.error(e.getMessage(), e); + result.error500("操作失败" + e.getMessage()); + } + result.success("操作成功!"); + return result; } @@ -298,7 +325,8 @@ public class SysUserController { public Result> queryUserRole(@RequestParam(name = "userid", required = true) String userid) { Result> result = new Result<>(); List list = new ArrayList(); - List userRole = sysUserRoleService.list(new QueryWrapper().lambda().eq(SysUserRole::getUserId, userid)); + List userRole = sysUserRoleService + .list(new QueryWrapper().lambda().eq(SysUserRole::getUserId, userid)); if (userRole == null || userRole.size() <= 0) { result.error500("未找到用户相关角色信息"); } else { @@ -311,10 +339,9 @@ public class SysUserController { return result; } - /** - * 校验用户账号是否唯一
- * 可以校验其他 需要检验什么就传什么。。。 + * 校验用户账号是否唯一
+ * 可以校验其他 需要检验什么就传什么。。。 * * @param sysUser * @return @@ -322,10 +349,10 @@ public class SysUserController { @RequestMapping(value = "/checkOnlyUser", method = RequestMethod.GET) public Result checkOnlyUser(SysUser sysUser) { Result result = new Result<>(); - //如果此参数为false则程序发生异常 + // 如果此参数为false则程序发生异常 result.setResult(true); try { - //通过传入信息查询新的用户信息 + // 通过传入信息查询新的用户信息 sysUser.setPassword(null); SysUser user = sysUserService.getOne(new QueryWrapper(sysUser)); if (user != null) { @@ -349,15 +376,19 @@ public class SysUserController { @RequiresPermissions("system:user:changepwd") @RequestMapping(value = "/changePassword", method = RequestMethod.PUT) public Result changePassword(@RequestBody SysUser sysUser) { - SysUser u = this.sysUserService.getOne(new LambdaQueryWrapper().eq(SysUser::getUsername, sysUser.getUsername())); + SysUser u = this.sysUserService + .getOne(new LambdaQueryWrapper().eq(SysUser::getUsername, sysUser.getUsername())); if (u == null) { return Result.error("用户不存在!"); } sysUser.setId(u.getId()); - //update-begin---author:wangshuai ---date:20220316 for:[VUEN-234]修改密码添加敏感日志------------ + // update-begin---author:wangshuai ---date:20220316 + // for:[VUEN-234]修改密码添加敏感日志------------ LoginUser loginUser = (LoginUser) SecurityUtils.getSubject().getPrincipal(); - baseCommonService.addLog("修改用户 "+sysUser.getUsername()+" 的密码,操作人: " +loginUser.getUsername() ,CommonConstant.LOG_TYPE_2, 2); - //update-end---author:wangshuai ---date:20220316 for:[VUEN-234]修改密码添加敏感日志------------ + baseCommonService.addLog("修改用户 " + sysUser.getUsername() + " 的密码,操作人: " + loginUser.getUsername(), + CommonConstant.LOG_TYPE_2, 2); + // update-end---author:wangshuai ---date:20220316 + // for:[VUEN-234]修改密码添加敏感日志------------ return sysUserService.changePassword(sysUser); } @@ -368,7 +399,8 @@ public class SysUserController { * @return */ @RequestMapping(value = "/userDepartList", method = RequestMethod.GET) - public Result> getUserDepartsList(@RequestParam(name = "userId", required = true) String userId) { + public Result> getUserDepartsList( + @RequestParam(name = "userId", required = true) String userId) { Result> result = new Result<>(); try { List depIdModelList = this.sysUserDepartService.queryDepartIdsOfUser(userId); @@ -382,7 +414,7 @@ public class SysUserController { } return result; } catch (Exception e) { - log.error(e.getMessage(), e); + log.error(e.getMessage(), e); result.setSuccess(false); result.setMessage("查找过程中出现了异常: " + e.getMessage()); return result; @@ -412,20 +444,21 @@ public class SysUserController { * @return */ @RequestMapping(value = "/queryUserByDepId", method = RequestMethod.GET) - public Result> queryUserByDepId(@RequestParam(name = "id", required = true) String id,@RequestParam(name="realname",required=false) String realname) { + public Result> queryUserByDepId(@RequestParam(name = "id", required = true) String id, + @RequestParam(name = "realname", required = false) String realname) { Result> result = new Result<>(); - //List userList = sysUserDepartService.queryUserByDepId(id); + // List userList = sysUserDepartService.queryUserByDepId(id); SysDepart sysDepart = sysDepartService.getById(id); - List userList = sysUserDepartService.queryUserByDepCode(sysDepart.getOrgCode(),realname); + List userList = sysUserDepartService.queryUserByDepCode(sysDepart.getOrgCode(), realname); - //批量查询用户的所属部门 - //step.1 先拿到全部的 useids - //step.2 通过 useids,一次性查询用户的所属部门名字 + // 批量查询用户的所属部门 + // step.1 先拿到全部的 useids + // step.2 通过 useids,一次性查询用户的所属部门名字 List userIds = userList.stream().map(SysUser::getId).collect(Collectors.toList()); - if(userIds!=null && userIds.size()>0){ - Map useDepNames = sysUserService.getDepNamesByUserIds(userIds); - userList.forEach(item->{ - //TODO 临时借用这个字段用于页面展示 + if (userIds != null && userIds.size() > 0) { + Map useDepNames = sysUserService.getDepNamesByUserIds(userIds); + userList.forEach(item -> { + // TODO 临时借用这个字段用于页面展示 item.setOrgCodeTxt(useDepNames.get(item.getId())); }); } @@ -435,32 +468,34 @@ public class SysUserController { result.setResult(userList); return result; } catch (Exception e) { - log.error(e.getMessage(), e); + log.error(e.getMessage(), e); result.setSuccess(false); return result; } } /** - * 用户选择组件 专用 根据用户账号或部门分页查询 + * 用户选择组件 专用 根据用户账号或部门分页查询 + * * @param departId * @param username * @return */ @RequestMapping(value = "/queryUserComponentData", method = RequestMethod.GET) public Result> queryUserComponentData( - @RequestParam(name="pageNo", defaultValue="1") Integer pageNo, - @RequestParam(name="pageSize", defaultValue="10") Integer pageSize, + @RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo, + @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, @RequestParam(name = "departId", required = false) String departId, - @RequestParam(name="realname",required=false) String realname, - @RequestParam(name="username",required=false) String username, - @RequestParam(name="isMultiTranslate",required=false) String isMultiTranslate, - @RequestParam(name="id",required = false) String id) { - //update-begin-author:taoyan date:2022-7-14 for: VUEN-1702【禁止问题】sql注入漏洞 - String[] arr = new String[]{departId, realname, username, id}; + @RequestParam(name = "realname", required = false) String realname, + @RequestParam(name = "username", required = false) String username, + @RequestParam(name = "isMultiTranslate", required = false) String isMultiTranslate, + @RequestParam(name = "id", required = false) String id) { + // update-begin-author:taoyan date:2022-7-14 for: VUEN-1702【禁止问题】sql注入漏洞 + String[] arr = new String[] { departId, realname, username, id }; SqlInjectionUtil.filterContent(arr, SymbolConstant.SINGLE_QUOTATION_MARK); - //update-end-author:taoyan date:2022-7-14 for: VUEN-1702【禁止问题】sql注入漏洞 - IPage pageList = sysUserDepartService.queryDepartUserPageList(departId, username, realname, pageSize, pageNo,id,isMultiTranslate); + // update-end-author:taoyan date:2022-7-14 for: VUEN-1702【禁止问题】sql注入漏洞 + IPage pageList = sysUserDepartService.queryDepartUserPageList(departId, username, realname, pageSize, + pageNo, id, isMultiTranslate); return Result.OK(pageList); } @@ -472,24 +507,26 @@ public class SysUserController { */ @RequiresPermissions("system:user:export") @RequestMapping(value = "/exportXls") - public ModelAndView exportXls(SysUser sysUser,HttpServletRequest request) { + public ModelAndView exportXls(SysUser sysUser, HttpServletRequest request) { // Step.1 组装查询条件 QueryWrapper queryWrapper = QueryGenerator.initQueryWrapper(sysUser, request.getParameterMap()); - //Step.2 AutoPoi 导出Excel + // Step.2 AutoPoi 导出Excel ModelAndView mv = new ModelAndView(new JeecgEntityExcelView()); - //update-begin--Author:kangxiaolin Date:20180825 for:[03]用户导出,如果选择数据则只导出相关数据-------------------- + // update-begin--Author:kangxiaolin Date:20180825 + // for:[03]用户导出,如果选择数据则只导出相关数据-------------------- String selections = request.getParameter("selections"); - if(!oConvertUtils.isEmpty(selections)){ - queryWrapper.in("id",selections.split(",")); - } - //update-end--Author:kangxiaolin Date:20180825 for:[03]用户导出,如果选择数据则只导出相关数据---------------------- + if (!oConvertUtils.isEmpty(selections)) { + queryWrapper.in("id", selections.split(",")); + } + // update-end--Author:kangxiaolin Date:20180825 + // for:[03]用户导出,如果选择数据则只导出相关数据---------------------- List pageList = sysUserService.list(queryWrapper); - //导出文件名称 + // 导出文件名称 mv.addObject(NormalExcelConstants.FILE_NAME, "用户列表"); mv.addObject(NormalExcelConstants.CLASS, SysUser.class); - LoginUser user = (LoginUser) SecurityUtils.getSubject().getPrincipal(); - ExportParams exportParams = new ExportParams("用户列表数据", "导出人:"+user.getRealname(), "导出信息"); + LoginUser user = (LoginUser) SecurityUtils.getSubject().getPrincipal(); + ExportParams exportParams = new ExportParams("用户列表数据", "导出人:" + user.getRealname(), "导出信息"); exportParams.setImageBasePath(upLoadPath); mv.addObject(NormalExcelConstants.PARAMS, exportParams); mv.addObject(NormalExcelConstants.DATA_LIST, pageList); @@ -505,7 +542,7 @@ public class SysUserController { */ @RequiresPermissions("system:user:import") @RequestMapping(value = "/importExcel", method = RequestMethod.POST) - public Result importExcel(HttpServletRequest request, HttpServletResponse response)throws IOException { + public Result importExcel(HttpServletRequest request, HttpServletResponse response) throws IOException { MultipartHttpServletRequest multipartRequest = (MultipartHttpServletRequest) request; Map fileMap = multipartRequest.getFileMap(); // 错误信息 @@ -528,7 +565,8 @@ public class SysUserController { // 密码加密加盐 String salt = oConvertUtils.randomGen(8); sysUserExcel.setSalt(salt); - String passwordEncode = PasswordUtil.encrypt(sysUserExcel.getUsername(), sysUserExcel.getPassword(), salt); + String passwordEncode = PasswordUtil.encrypt(sysUserExcel.getUsername(), sysUserExcel.getPassword(), + salt); sysUserExcel.setPassword(passwordEncode); try { sysUserService.save(sysUserExcel); @@ -546,7 +584,7 @@ public class SysUserController { errorMessage.add("第 " + lineNumber + " 行:手机号已经存在,忽略导入。"); } else if (message.contains(CommonConstant.SQL_INDEX_UNIQ_SYS_USER_EMAIL)) { errorMessage.add("第 " + lineNumber + " 行:电子邮件已经存在,忽略导入。"); - } else if (message.contains(CommonConstant.SQL_INDEX_UNIQ_SYS_USER)) { + } else if (message.contains(CommonConstant.SQL_INDEX_UNIQ_SYS_USER)) { errorMessage.add("第 " + lineNumber + " 行:违反表唯一性约束。"); } else { errorMessage.add("第 " + lineNumber + " 行:未知错误,忽略导入"); @@ -573,29 +611,28 @@ public class SysUserController { try { file.getInputStream().close(); } catch (IOException e) { - log.error(e.getMessage(), e); + log.error(e.getMessage(), e); } } } - return ImportExcelUtil.imporReturnRes(errorLines,successLines,errorMessage); + return ImportExcelUtil.imporReturnRes(errorLines, successLines, errorMessage); } /** - * @功能:根据id 批量查询 - * @param userIds - * @return - */ - @RequestMapping(value = "/queryByIds", method = RequestMethod.GET) - public Result> queryByIds(@RequestParam(name = "userIds") String userIds) { - Result> result = new Result<>(); - String[] userId = userIds.split(","); - Collection idList = Arrays.asList(userId); - Collection userRole = sysUserService.listByIds(idList); - result.setSuccess(true); - result.setResult(userRole); - return result; - } - + * @功能:根据id 批量查询 + * @param userIds + * @return + */ + @RequestMapping(value = "/queryByIds", method = RequestMethod.GET) + public Result> queryByIds(@RequestParam(name = "userIds") String userIds) { + Result> result = new Result<>(); + String[] userId = userIds.split(","); + Collection idList = Arrays.asList(userId); + Collection userRole = sysUserService.listByIds(idList); + result.setSuccess(true); + result.setResult(userRole); + return result; + } /** * @功能:根据id 批量查询 @@ -606,47 +643,49 @@ public class SysUserController { public Result> queryByNames(@RequestParam(name = "userNames") String userNames) { Result> result = new Result<>(); String[] names = userNames.split(","); - QueryWrapper queryWrapper=new QueryWrapper(); - queryWrapper.lambda().in(true,SysUser::getUsername,names); + QueryWrapper queryWrapper = new QueryWrapper(); + queryWrapper.lambda().in(true, SysUser::getUsername, names); Collection userRole = sysUserService.list(queryWrapper); result.setSuccess(true); result.setResult(userRole); return result; } - /** - * 首页用户重置密码 - */ + /** + * 首页用户重置密码 + */ @RequiresPermissions("system:user:updatepwd") @RequestMapping(value = "/updatePassword", method = RequestMethod.PUT) - public Result updatePassword(@RequestBody JSONObject json) { - String username = json.getString("username"); - String oldpassword = json.getString("oldpassword"); - String password = json.getString("password"); - String confirmpassword = json.getString("confirmpassword"); - LoginUser sysUser = (LoginUser)SecurityUtils.getSubject().getPrincipal(); - if(!sysUser.getUsername().equals(username)){ + public Result updatePassword(@RequestBody JSONObject json) { + String username = json.getString("username"); + String oldpassword = json.getString("oldpassword"); + String password = json.getString("password"); + String confirmpassword = json.getString("confirmpassword"); + LoginUser sysUser = (LoginUser) SecurityUtils.getSubject().getPrincipal(); + if (!sysUser.getUsername().equals(username)) { return Result.error("只允许修改自己的密码!"); } - SysUser user = this.sysUserService.getOne(new LambdaQueryWrapper().eq(SysUser::getUsername, username)); - if(user==null) { - return Result.error("用户不存在!"); - } - //update-begin---author:wangshuai ---date:20220316 for:[VUEN-234]修改密码添加敏感日志------------ + SysUser user = this.sysUserService.getOne(new LambdaQueryWrapper().eq(SysUser::getUsername, username)); + if (user == null) { + return Result.error("用户不存在!"); + } + // update-begin---author:wangshuai ---date:20220316 + // for:[VUEN-234]修改密码添加敏感日志------------ LoginUser loginUser = (LoginUser) SecurityUtils.getSubject().getPrincipal(); - baseCommonService.addLog("修改密码,username: " +loginUser.getUsername() ,CommonConstant.LOG_TYPE_2, 2); - //update-end---author:wangshuai ---date:20220316 for:[VUEN-234]修改密码添加敏感日志------------ - return sysUserService.resetPassword(username,oldpassword,password,confirmpassword); - } + baseCommonService.addLog("修改密码,username: " + loginUser.getUsername(), CommonConstant.LOG_TYPE_2, 2); + // update-end---author:wangshuai ---date:20220316 + // for:[VUEN-234]修改密码添加敏感日志------------ + return sysUserService.resetPassword(username, oldpassword, password, confirmpassword); + } @RequestMapping(value = "/userRoleList", method = RequestMethod.GET) - public Result> userRoleList(@RequestParam(name="pageNo", defaultValue="1") Integer pageNo, - @RequestParam(name="pageSize", defaultValue="10") Integer pageSize, HttpServletRequest req) { + public Result> userRoleList(@RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo, + @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, HttpServletRequest req) { Result> result = new Result>(); Page page = new Page(pageNo, pageSize); String roleId = req.getParameter("roleId"); String username = req.getParameter("username"); - IPage pageList = sysUserService.getUserByRoleId(page,roleId,username); + IPage pageList = sysUserService.getUserByRoleId(page, roleId, username); result.setSuccess(true); result.setResult(pageList); return result; @@ -662,15 +701,15 @@ public class SysUserController { @RequestMapping(value = "/addSysUserRole", method = RequestMethod.POST) public Result addSysUserRole(@RequestBody SysUserRoleVO sysUserRoleVO) { Result result = new Result(); - //TODO 判断当前操作的角色是当前登录租户下的 + // TODO 判断当前操作的角色是当前登录租户下的 try { String sysRoleId = sysUserRoleVO.getRoleId(); - for(String sysUserId:sysUserRoleVO.getUserIdList()) { - SysUserRole sysUserRole = new SysUserRole(sysUserId,sysRoleId); + for (String sysUserId : sysUserRoleVO.getUserIdList()) { + SysUserRole sysUserRole = new SysUserRole(sysUserId, sysRoleId); QueryWrapper queryWrapper = new QueryWrapper(); - queryWrapper.eq("role_id", sysRoleId).eq("user_id",sysUserId); + queryWrapper.eq("role_id", sysRoleId).eq("user_id", sysUserId); SysUserRole one = sysUserRoleService.getOne(queryWrapper); - if(one==null){ + if (one == null) { sysUserRoleService.save(sysUserRole); } @@ -678,30 +717,31 @@ public class SysUserController { result.setMessage("添加成功!"); result.setSuccess(true); return result; - }catch(Exception e) { + } catch (Exception e) { log.error(e.getMessage(), e); result.setSuccess(false); result.setMessage("出错了: " + e.getMessage()); return result; } } + /** - * 删除指定角色的用户关系 + * 删除指定角色的用户关系 + * * @param * @return */ @RequiresPermissions("system:user:deleteRole") @RequestMapping(value = "/deleteUserRole", method = RequestMethod.DELETE) - public Result deleteUserRole(@RequestParam(name="roleId") String roleId, - @RequestParam(name="userId",required=true) String userId - ) { + public Result deleteUserRole(@RequestParam(name = "roleId") String roleId, + @RequestParam(name = "userId", required = true) String userId) { Result result = new Result(); try { QueryWrapper queryWrapper = new QueryWrapper(); - queryWrapper.eq("role_id", roleId).eq("user_id",userId); + queryWrapper.eq("role_id", roleId).eq("user_id", userId); sysUserRoleService.remove(queryWrapper); result.success("删除成功!"); - }catch(Exception e) { + } catch (Exception e) { log.error(e.getMessage(), e); result.error500("删除失败!"); } @@ -717,15 +757,15 @@ public class SysUserController { @RequiresPermissions("system:user:deleteRoleBatch") @RequestMapping(value = "/deleteUserRoleBatch", method = RequestMethod.DELETE) public Result deleteUserRoleBatch( - @RequestParam(name="roleId") String roleId, - @RequestParam(name="userIds",required=true) String userIds) { + @RequestParam(name = "roleId") String roleId, + @RequestParam(name = "userIds", required = true) String userIds) { Result result = new Result(); try { QueryWrapper queryWrapper = new QueryWrapper(); - queryWrapper.eq("role_id", roleId).in("user_id",Arrays.asList(userIds.split(","))); + queryWrapper.eq("role_id", roleId).in("user_id", Arrays.asList(userIds.split(","))); sysUserRoleService.remove(queryWrapper); result.success("删除成功!"); - }catch(Exception e) { + } catch (Exception e) { log.error(e.getMessage(), e); result.error500("删除失败!"); } @@ -736,54 +776,57 @@ public class SysUserController { * 部门用户列表 */ @RequestMapping(value = "/departUserList", method = RequestMethod.GET) - public Result> departUserList(@RequestParam(name="pageNo", defaultValue="1") Integer pageNo, - @RequestParam(name="pageSize", defaultValue="10") Integer pageSize, HttpServletRequest req) { + public Result> departUserList(@RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo, + @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, HttpServletRequest req) { Result> result = new Result>(); Page page = new Page(pageNo, pageSize); String depId = req.getParameter("depId"); String username = req.getParameter("username"); - //根据部门ID查询,当前和下级所有的部门IDS + // 根据部门ID查询,当前和下级所有的部门IDS List subDepids = new ArrayList<>(); - //部门id为空时,查询我的部门下所有用户 - if(oConvertUtils.isEmpty(depId)){ + // 部门id为空时,查询我的部门下所有用户 + if (oConvertUtils.isEmpty(depId)) { LoginUser user = (LoginUser) SecurityUtils.getSubject().getPrincipal(); - int userIdentity = user.getUserIdentity() != null?user.getUserIdentity():CommonConstant.USER_IDENTITY_1; - //update-begin---author:chenrui ---date:20250107 for:[QQYUN-10775]验证码可以复用 #7674------------ - if(oConvertUtils.isNotEmpty(userIdentity) && userIdentity == CommonConstant.USER_IDENTITY_2 + int userIdentity = user.getUserIdentity() != null ? user.getUserIdentity() : CommonConstant.USER_IDENTITY_1; + // update-begin---author:chenrui ---date:20250107 for:[QQYUN-10775]验证码可以复用 + // #7674------------ + if (oConvertUtils.isNotEmpty(userIdentity) && userIdentity == CommonConstant.USER_IDENTITY_2 && oConvertUtils.isNotEmpty(user.getDepartIds())) { - //update-end---author:chenrui ---date:20250107 for:[QQYUN-10775]验证码可以复用 #7674------------ + // update-end---author:chenrui ---date:20250107 for:[QQYUN-10775]验证码可以复用 + // #7674------------ subDepids = sysDepartService.getMySubDepIdsByDepId(user.getDepartIds()); } - }else{ + } else { subDepids = sysDepartService.getSubDepIdsByDepId(depId); } - if(subDepids != null && subDepids.size()>0){ - IPage pageList = sysUserService.getUserByDepIds(page,subDepids,username); - //批量查询用户的所属部门 - //step.1 先拿到全部的 useids - //step.2 通过 useids,一次性查询用户的所属部门名字 + if (subDepids != null && subDepids.size() > 0) { + IPage pageList = sysUserService.getUserByDepIds(page, subDepids, username); + // 批量查询用户的所属部门 + // step.1 先拿到全部的 useids + // step.2 通过 useids,一次性查询用户的所属部门名字 List userIds = pageList.getRecords().stream().map(SysUser::getId).collect(Collectors.toList()); - if(userIds!=null && userIds.size()>0){ + if (userIds != null && userIds.size() > 0) { Map useDepNames = sysUserService.getDepNamesByUserIds(userIds); pageList.getRecords().forEach(item -> { - //批量查询用户的所属部门 + // 批量查询用户的所属部门 item.setOrgCode(useDepNames.get(item.getId())); }); } - //update-begin---author:wangshuai ---date:20221223 for:[QQYUN-3371]租户逻辑改造,改成关系表------------ - //设置租户id + // update-begin---author:wangshuai ---date:20221223 + // for:[QQYUN-3371]租户逻辑改造,改成关系表------------ + // 设置租户id page.setRecords(userTenantService.setUserTenantIds(page.getRecords())); - //update-end---author:wangshuai ---date:20221223 for:[QQYUN-3371]租户逻辑改造,改成关系表------------ + // update-end---author:wangshuai ---date:20221223 + // for:[QQYUN-3371]租户逻辑改造,改成关系表------------ result.setSuccess(true); result.setResult(pageList); - }else{ + } else { result.setSuccess(true); result.setResult(null); } return result; } - /** * 根据 orgCode 查询用户,包括子部门下的用户 * 若某个用户包含多个部门,则会显示多条记录,可自行处理成单条记录 @@ -793,9 +836,9 @@ public class SysUserController { @RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo, @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, @RequestParam(name = "orgCode") String orgCode, - SysUser userParams - ) { - IPage pageList = sysUserService.queryUserByOrgCode(orgCode, userParams, new Page(pageNo, pageSize)); + SysUser userParams) { + IPage pageList = sysUserService.queryUserByOrgCode(orgCode, userParams, + new Page(pageNo, pageSize)); return Result.ok(pageList); } @@ -807,9 +850,8 @@ public class SysUserController { public Result queryByOrgCodeForAddressList( @RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo, @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, - @RequestParam(name = "orgCode",required = false) String orgCode, - SysUser userParams - ) { + @RequestParam(name = "orgCode", required = false) String orgCode, + SysUser userParams) { IPage page = new Page(pageNo, pageSize); IPage pageList = sysUserService.queryUserByOrgCode(orgCode, userParams, page); List list = pageList.getRecords(); @@ -834,7 +876,7 @@ public class SysUserController { json.put("userId", userId); json.put("departId", item.getDepartId()); json.put("departName", item.getDepartName()); -// json.put("avatar", item.getSysUser().getAvatar()); + // json.put("avatar", item.getSysUser().getAvatar()); resultJson.add(json); hasUser.put(userId, json); } @@ -854,19 +896,19 @@ public class SysUserController { Result result = new Result(); try { String sysDepId = sysDepartUsersVO.getDepId(); - for(String sysUserId:sysDepartUsersVO.getUserIdList()) { - SysUserDepart sysUserDepart = new SysUserDepart(null,sysUserId,sysDepId); + for (String sysUserId : sysDepartUsersVO.getUserIdList()) { + SysUserDepart sysUserDepart = new SysUserDepart(null, sysUserId, sysDepId); QueryWrapper queryWrapper = new QueryWrapper(); - queryWrapper.eq("dep_id", sysDepId).eq("user_id",sysUserId); + queryWrapper.eq("dep_id", sysDepId).eq("user_id", sysUserId); SysUserDepart one = sysUserDepartService.getOne(queryWrapper); - if(one==null){ + if (one == null) { sysUserDepartService.save(sysUserDepart); } } result.setMessage("添加成功!"); result.setSuccess(true); return result; - }catch(Exception e) { + } catch (Exception e) { log.error(e.getMessage(), e); result.setSuccess(false); result.setMessage("出错了: " + e.getMessage()); @@ -875,31 +917,32 @@ public class SysUserController { } /** - * 删除指定机构的用户关系 + * 删除指定机构的用户关系 */ @RequiresPermissions("system:user:deleteUserInDepart") @RequestMapping(value = "/deleteUserInDepart", method = RequestMethod.DELETE) - public Result deleteUserInDepart(@RequestParam(name="depId") String depId, - @RequestParam(name="userId",required=true) String userId - ) { + public Result deleteUserInDepart(@RequestParam(name = "depId") String depId, + @RequestParam(name = "userId", required = true) String userId) { Result result = new Result(); try { QueryWrapper queryWrapper = new QueryWrapper(); - queryWrapper.eq("dep_id", depId).eq("user_id",userId); + queryWrapper.eq("dep_id", depId).eq("user_id", userId); boolean b = sysUserDepartService.remove(queryWrapper); - if(b){ - List sysDepartRoleList = departRoleService.list(new QueryWrapper().eq("depart_id",depId)); - List roleIds = sysDepartRoleList.stream().map(SysDepartRole::getId).collect(Collectors.toList()); - if(roleIds != null && roleIds.size()>0){ + if (b) { + List sysDepartRoleList = departRoleService + .list(new QueryWrapper().eq("depart_id", depId)); + List roleIds = sysDepartRoleList.stream().map(SysDepartRole::getId) + .collect(Collectors.toList()); + if (roleIds != null && roleIds.size() > 0) { QueryWrapper query = new QueryWrapper<>(); - query.eq("user_id",userId).in("drole_id",roleIds); + query.eq("user_id", userId).in("drole_id", roleIds); departRoleUserService.remove(query); } result.success("删除成功!"); - }else{ + } else { result.error500("当前选中部门与用户无关联关系!"); } - }catch(Exception e) { + } catch (Exception e) { log.error(e.getMessage(), e); result.error500("删除失败!"); } @@ -912,95 +955,93 @@ public class SysUserController { @RequiresPermissions("system:user:deleteUserInDepartBatch") @RequestMapping(value = "/deleteUserInDepartBatch", method = RequestMethod.DELETE) public Result deleteUserInDepartBatch( - @RequestParam(name="depId") String depId, - @RequestParam(name="userIds",required=true) String userIds) { + @RequestParam(name = "depId") String depId, + @RequestParam(name = "userIds", required = true) String userIds) { Result result = new Result(); try { QueryWrapper queryWrapper = new QueryWrapper(); - queryWrapper.eq("dep_id", depId).in("user_id",Arrays.asList(userIds.split(","))); + queryWrapper.eq("dep_id", depId).in("user_id", Arrays.asList(userIds.split(","))); boolean b = sysUserDepartService.remove(queryWrapper); - if(b){ - departRoleUserService.removeDeptRoleUser(Arrays.asList(userIds.split(",")),depId); - }else{ + if (b) { + departRoleUserService.removeDeptRoleUser(Arrays.asList(userIds.split(",")), depId); + } else { result.error500("删除失败,目标用户不在当前部门!"); return result; } result.success("删除成功!"); - }catch(Exception e) { + } catch (Exception e) { log.error(e.getMessage(), e); result.error500("删除失败!"); } return result; } - + /** - * 查询当前用户的所有部门/当前部门编码 + * 查询当前用户的所有部门/当前部门编码 + * * @return */ @RequestMapping(value = "/getCurrentUserDeparts", method = RequestMethod.GET) - public Result> getCurrentUserDeparts() { - Result> result = new Result>(); + public Result> getCurrentUserDeparts() { + Result> result = new Result>(); try { - LoginUser sysUser = (LoginUser)SecurityUtils.getSubject().getPrincipal(); + LoginUser sysUser = (LoginUser) SecurityUtils.getSubject().getPrincipal(); List list = this.sysDepartService.queryUserDeparts(sysUser.getId()); - Map map = new HashMap(5); + Map map = new HashMap(5); map.put("list", list); map.put("orgCode", sysUser.getOrgCode()); result.setSuccess(true); result.setResult(map); - }catch(Exception e) { + } catch (Exception e) { log.error(e.getMessage(), e); result.error500("查询失败!"); } return result; } - + /** + * 用户注册接口 + * + * @param jsonObject + * @param user + * @return + */ + @PostMapping("/register") + public Result userRegister(@RequestBody JSONObject jsonObject, SysUser user) { + Result result = new Result(); + String phone = jsonObject.getString("phone"); + String smscode = jsonObject.getString("smscode"); + // update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 + String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE + phone; + Object code = redisUtil.get(redisKey); + // update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 - /** - * 用户注册接口 - * - * @param jsonObject - * @param user - * @return - */ - @PostMapping("/register") - public Result userRegister(@RequestBody JSONObject jsonObject, SysUser user) { - Result result = new Result(); - String phone = jsonObject.getString("phone"); - String smscode = jsonObject.getString("smscode"); - - //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 - String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE+phone; - Object code = redisUtil.get(redisKey); - //update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 - - String username = jsonObject.getString("username"); - //未设置用户名,则用手机号作为用户名 - if(oConvertUtils.isEmpty(username)){ + String username = jsonObject.getString("username"); + // 未设置用户名,则用手机号作为用户名 + if (oConvertUtils.isEmpty(username)) { username = phone; } - //未设置密码,则随机生成一个密码 - String password = jsonObject.getString("password"); - if(oConvertUtils.isEmpty(password)){ + // 未设置密码,则随机生成一个密码 + String password = jsonObject.getString("password"); + if (oConvertUtils.isEmpty(password)) { password = RandomUtil.randomString(8); } - String email = jsonObject.getString("email"); - SysUser sysUser1 = sysUserService.getUserByName(username); - if (sysUser1 != null) { - result.setMessage("用户名已注册"); - result.setSuccess(false); - return result; - } - SysUser sysUser2 = sysUserService.getUserByPhone(phone); - if (sysUser2 != null) { - result.setMessage("该手机号已注册"); - result.setSuccess(false); - return result; - } + String email = jsonObject.getString("email"); + SysUser sysUser1 = sysUserService.getUserByName(username); + if (sysUser1 != null) { + result.setMessage("用户名已注册"); + result.setSuccess(false); + return result; + } + SysUser sysUser2 = sysUserService.getUserByPhone(phone); + if (sysUser2 != null) { + result.setMessage("该手机号已注册"); + result.setSuccess(false); + return result; + } - if(oConvertUtils.isNotEmpty(email)){ + if (oConvertUtils.isNotEmpty(email)) { SysUser sysUser3 = sysUserService.getUserByEmail(email); if (sysUser3 != null) { result.setMessage("邮箱已被注册"); @@ -1008,91 +1049,91 @@ public class SysUserController { return result; } } - if(null == code){ + if (null == code) { result.setMessage("手机验证码失效,请重新获取"); result.setSuccess(false); return result; } - if (!smscode.equals(code.toString())) { - result.setMessage("手机验证码错误"); - result.setSuccess(false); - return result; - } + if (!smscode.equals(code.toString())) { + result.setMessage("手机验证码错误"); + result.setSuccess(false); + return result; + } String realname = jsonObject.getString("realname"); - if(oConvertUtils.isEmpty(realname)){ + if (oConvertUtils.isEmpty(realname)) { realname = username; } - - try { - user.setCreateTime(new Date());// 设置创建时间 - String salt = oConvertUtils.randomGen(8); - String passwordEncode = PasswordUtil.encrypt(username, password, salt); - user.setSalt(salt); - user.setUsername(username); - user.setRealname(realname); - user.setPassword(passwordEncode); - user.setEmail(email); - user.setPhone(phone); - user.setStatus(CommonConstant.USER_UNFREEZE); - user.setDelFlag(CommonConstant.DEL_FLAG_0); - user.setActivitiSync(CommonConstant.ACT_SYNC_1); - sysUserService.addUserWithRole(user,"");//默认临时角色 test - result.success("注册成功"); - } catch (Exception e) { - result.error500("注册失败"); - } - return result; - } -// /** -// * 根据用户名或手机号查询用户信息 -// * @param -// * @return -// */ -// @GetMapping("/querySysUser") -// public Result> querySysUser(SysUser sysUser) { -// String phone = sysUser.getPhone(); -// String username = sysUser.getUsername(); -// Result> result = new Result>(); -// Map map = new HashMap(); -// if (oConvertUtils.isNotEmpty(phone)) { -// SysUser user = sysUserService.getUserByPhone(phone); -// if(user!=null) { -// map.put("username",user.getUsername()); -// map.put("phone",user.getPhone()); -// result.setSuccess(true); -// result.setResult(map); -// return result; -// } -// } -// if (oConvertUtils.isNotEmpty(username)) { -// SysUser user = sysUserService.getUserByName(username); -// if(user!=null) { -// map.put("username",user.getUsername()); -// map.put("phone",user.getPhone()); -// result.setSuccess(true); -// result.setResult(map); -// return result; -// } -// } -// result.setSuccess(false); -// result.setMessage("验证失败"); -// return result; -// } + try { + user.setCreateTime(new Date());// 设置创建时间 + String salt = oConvertUtils.randomGen(8); + String passwordEncode = PasswordUtil.encrypt(username, password, salt); + user.setSalt(salt); + user.setUsername(username); + user.setRealname(realname); + user.setPassword(passwordEncode); + user.setEmail(email); + user.setPhone(phone); + user.setStatus(CommonConstant.USER_UNFREEZE); + user.setDelFlag(CommonConstant.DEL_FLAG_0); + user.setActivitiSync(CommonConstant.ACT_SYNC_1); + sysUserService.addUserWithRole(user, "");// 默认临时角色 test + result.success("注册成功"); + } catch (Exception e) { + result.error500("注册失败"); + } + return result; + } - /** - * 用户手机号验证 - */ - @PostMapping("/phoneVerification") - public Result> phoneVerification(@RequestBody JSONObject jsonObject) { - Result> result = new Result>(); - String phone = jsonObject.getString("phone"); - String smscode = jsonObject.getString("smscode"); - //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 - String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE+phone; - Object code = redisUtil.get(redisKey); - //update-begin---author:wangshuai---date:2025-07-15---for:【issues/8567】严重:修改密码存在水平越权问题。--- + // /** + // * 根据用户名或手机号查询用户信息 + // * @param + // * @return + // */ + // @GetMapping("/querySysUser") + // public Result> querySysUser(SysUser sysUser) { + // String phone = sysUser.getPhone(); + // String username = sysUser.getUsername(); + // Result> result = new Result>(); + // Map map = new HashMap(); + // if (oConvertUtils.isNotEmpty(phone)) { + // SysUser user = sysUserService.getUserByPhone(phone); + // if(user!=null) { + // map.put("username",user.getUsername()); + // map.put("phone",user.getPhone()); + // result.setSuccess(true); + // result.setResult(map); + // return result; + // } + // } + // if (oConvertUtils.isNotEmpty(username)) { + // SysUser user = sysUserService.getUserByName(username); + // if(user!=null) { + // map.put("username",user.getUsername()); + // map.put("phone",user.getPhone()); + // result.setSuccess(true); + // result.setResult(map); + // return result; + // } + // } + // result.setSuccess(false); + // result.setMessage("验证失败"); + // return result; + // } + + /** + * 用户手机号验证 + */ + @PostMapping("/phoneVerification") + public Result> phoneVerification(@RequestBody JSONObject jsonObject) { + Result> result = new Result>(); + String phone = jsonObject.getString("phone"); + String smscode = jsonObject.getString("smscode"); + // update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 + String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE + phone; + Object code = redisUtil.get(redisKey); + // update-begin---author:wangshuai---date:2025-07-15---for:【issues/8567】严重:修改密码存在水平越权问题。--- if (null == code) { result.setMessage("短信验证码失效!"); result.setSuccess(false); @@ -1104,81 +1145,83 @@ public class SysUserController { } else { smsCode = code.toString(); } - if (!smscode.equals(smsCode)) { - //update-end---author:wangshuai---date:2025-07-15---for:【issues/8567】严重:修改密码存在水平越权问题。--- - result.setMessage("手机验证码错误"); - result.setSuccess(false); - return result; - } - //设置有效时间 - redisUtil.set(redisKey, code,600); - //update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 + if (!smscode.equals(smsCode)) { + // update-end---author:wangshuai---date:2025-07-15---for:【issues/8567】严重:修改密码存在水平越权问题。--- + result.setMessage("手机验证码错误"); + result.setSuccess(false); + return result; + } + // 设置有效时间 + redisUtil.set(redisKey, code, 600); + // update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 - //新增查询用户名 - LambdaQueryWrapper query = new LambdaQueryWrapper<>(); - query.eq(SysUser::getPhone,phone); + // 新增查询用户名 + LambdaQueryWrapper query = new LambdaQueryWrapper<>(); + query.eq(SysUser::getPhone, phone); SysUser user = sysUserService.getOne(query); - Map map = new HashMap(5); - map.put("smscode",smscode); - if(null == user){ - //前端根据文字做判断用户是否存在判断,不能修改 + Map map = new HashMap(5); + map.put("smscode", smscode); + if (null == user) { + // 前端根据文字做判断用户是否存在判断,不能修改 result.setMessage("用户信息不存在"); result.setSuccess(false); return result; } - map.put("username",user.getUsername()); + map.put("username", user.getUsername()); result.setResult(map); - result.setSuccess(true); - return result; - } - - /** - * 用户更改密码 - */ - @GetMapping("/passwordChange") - public Result passwordChange(@RequestParam(name="username")String username, - @RequestParam(name="password")String password, - @RequestParam(name="smscode")String smscode, - @RequestParam(name="phone") String phone) { + result.setSuccess(true); + return result; + } + + /** + * 用户更改密码 + */ + @GetMapping("/passwordChange") + public Result passwordChange(@RequestParam(name = "username") String username, + @RequestParam(name = "password") String password, + @RequestParam(name = "smscode") String smscode, + @RequestParam(name = "phone") String phone) { Result result = new Result(); - if(oConvertUtils.isEmpty(username) || oConvertUtils.isEmpty(password) || oConvertUtils.isEmpty(smscode) || oConvertUtils.isEmpty(phone) ) { + if (oConvertUtils.isEmpty(username) || oConvertUtils.isEmpty(password) || oConvertUtils.isEmpty(smscode) + || oConvertUtils.isEmpty(phone)) { result.setMessage("重置密码失败!"); result.setSuccess(false); return result; } - SysUser sysUser=new SysUser(); - //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 - String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE+phone; - Object object= redisUtil.get(redisKey); - //update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 - if(null==object) { - result.setMessage("短信验证码失效!"); + SysUser sysUser = new SysUser(); + // update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 + String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE + phone; + Object object = redisUtil.get(redisKey); + // update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 + if (null == object) { + result.setMessage("短信验证码失效!"); result.setSuccess(false); return result; } - //update-begin---author:wangshuai---date:2025-07-14---for:【issues/8567】严重:修改密码存在水平越权问题。--- + // update-begin---author:wangshuai---date:2025-07-14---for:【issues/8567】严重:修改密码存在水平越权问题。--- String redisUsername = ""; - if(object.toString().contains("code")){ + if (object.toString().contains("code")) { JSONObject jsonObject = JSONObject.parseObject(object.toString()); object = jsonObject.getString("code"); redisUsername = jsonObject.getString("username"); } - //验证是否为当前用户的 - if(oConvertUtils.isNotEmpty(redisUsername) && !username.equals(redisUsername)){ + // 验证是否为当前用户的 + if (oConvertUtils.isNotEmpty(redisUsername) && !username.equals(redisUsername)) { result.setMessage("此验证码不是当前用户的!"); result.setSuccess(false); return result; } - //update-end---author:wangshuai---date:2025-07-14---for:【issues/8567】严重:修改密码存在水平越权问题。--- - - if(!smscode.equals(object.toString())) { - result.setMessage("短信验证码不匹配!"); + // update-end---author:wangshuai---date:2025-07-14---for:【issues/8567】严重:修改密码存在水平越权问题。--- + + if (!smscode.equals(object.toString())) { + result.setMessage("短信验证码不匹配!"); result.setSuccess(false); return result; } - sysUser = this.sysUserService.getOne(new LambdaQueryWrapper().eq(SysUser::getUsername,username).eq(SysUser::getPhone,phone)); + sysUser = this.sysUserService.getOne( + new LambdaQueryWrapper().eq(SysUser::getUsername, username).eq(SysUser::getPhone, phone)); if (sysUser == null) { result.setMessage("当前用户和绑定的手机号不匹配,无法修改密码!"); result.setSuccess(false); @@ -1189,91 +1232,95 @@ public class SysUserController { String passwordEncode = PasswordUtil.encrypt(sysUser.getUsername(), password, salt); sysUser.setPassword(passwordEncode); this.sysUserService.updateById(sysUser); - //update-begin---author:wangshuai ---date:20220316 for:[VUEN-234]密码重置添加敏感日志------------ - baseCommonService.addLog("重置 "+username+" 的密码,操作人: " +sysUser.getUsername() ,CommonConstant.LOG_TYPE_2, 2); - //update-end---author:wangshuai ---date:20220316 for:[VUEN-234]密码重置添加敏感日志------------ + // update-begin---author:wangshuai ---date:20220316 + // for:[VUEN-234]密码重置添加敏感日志------------ + baseCommonService.addLog("重置 " + username + " 的密码,操作人: " + sysUser.getUsername(), CommonConstant.LOG_TYPE_2, + 2); + // update-end---author:wangshuai ---date:20220316 + // for:[VUEN-234]密码重置添加敏感日志------------ result.setSuccess(true); result.setMessage("密码重置完成!"); - //修改完密码后清空redis + // 修改完密码后清空redis redisUtil.removeAll(redisKey); return result; } } - - /** - * 根据TOKEN获取用户的部分信息(返回的数据是可供表单设计器使用的数据) - * - * @return - */ - @GetMapping("/getUserSectionInfoByToken") - public Result getUserSectionInfoByToken(HttpServletRequest request, @RequestParam(name = "token", required = false) String token) { - try { - String username = null; - // 如果没有传递token,就从header中获取token并获取用户信息 - if (oConvertUtils.isEmpty(token)) { - username = JwtUtil.getUserNameByToken(request); - } else { - username = JwtUtil.getUsername(token); - } + /** + * 根据TOKEN获取用户的部分信息(返回的数据是可供表单设计器使用的数据) + * + * @return + */ + @GetMapping("/getUserSectionInfoByToken") + public Result getUserSectionInfoByToken(HttpServletRequest request, + @RequestParam(name = "token", required = false) String token) { + try { + String username = null; + // 如果没有传递token,就从header中获取token并获取用户信息 + if (oConvertUtils.isEmpty(token)) { + username = JwtUtil.getUserNameByToken(request); + } else { + username = JwtUtil.getUsername(token); + } - log.debug(" ------ 通过令牌获取部分用户信息,当前用户: " + username); + log.debug(" ------ 通过令牌获取部分用户信息,当前用户: " + username); - // 根据用户名查询用户信息 - SysUser sysUser = sysUserService.getUserByName(username); - Map map = new HashMap(); - map.put("sysUserId", sysUser.getId()); - map.put("sysUserCode", sysUser.getUsername()); // 当前登录用户登录账号 - map.put("sysUserName", sysUser.getRealname()); // 当前登录用户真实名称 - map.put("sysOrgCode", sysUser.getOrgCode()); // 当前登录用户部门编号 + // 根据用户名查询用户信息 + SysUser sysUser = sysUserService.getUserByName(username); + Map map = new HashMap(); + map.put("sysUserId", sysUser.getId()); + map.put("sysUserCode", sysUser.getUsername()); // 当前登录用户登录账号 + map.put("sysUserName", sysUser.getRealname()); // 当前登录用户真实名称 + map.put("sysOrgCode", sysUser.getOrgCode()); // 当前登录用户部门编号 - log.debug(" ------ 通过令牌获取部分用户信息,已获取的用户信息: " + map); + log.debug(" ------ 通过令牌获取部分用户信息,已获取的用户信息: " + map); - return Result.ok(map); - } catch (Exception e) { - log.error(e.getMessage(), e); - return Result.error(500, "查询失败:" + e.getMessage()); - } - } - - /** - * 【APP端接口】获取用户列表 根据用户名和真实名 模糊匹配 - * @param keyword - * @param pageNo - * @param pageSize - * @return - */ - @GetMapping("/appUserList") - public Result appUserList(@RequestParam(name = "keyword", required = false) String keyword, + return Result.ok(map); + } catch (Exception e) { + log.error(e.getMessage(), e); + return Result.error(500, "查询失败:" + e.getMessage()); + } + } + + /** + * 【APP端接口】获取用户列表 根据用户名和真实名 模糊匹配 + * + * @param keyword + * @param pageNo + * @param pageSize + * @return + */ + @GetMapping("/appUserList") + public Result appUserList(@RequestParam(name = "keyword", required = false) String keyword, @RequestParam(name = "username", required = false) String username, - @RequestParam(name="pageNo", defaultValue="1") Integer pageNo, - @RequestParam(name="pageSize", defaultValue="10") Integer pageSize, + @RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo, + @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, @RequestParam(name = "syncFlow", required = false) String syncFlow) { - try { - //TODO 从查询效率上将不要用mp的封装的page分页查询 建议自己写分页语句 - LambdaQueryWrapper query = new LambdaQueryWrapper(); - if(oConvertUtils.isNotEmpty(syncFlow)){ + try { + // TODO 从查询效率上将不要用mp的封装的page分页查询 建议自己写分页语句 + LambdaQueryWrapper query = new LambdaQueryWrapper(); + if (oConvertUtils.isNotEmpty(syncFlow)) { query.eq(SysUser::getActivitiSync, CommonConstant.ACT_SYNC_1); } - query.eq(SysUser::getDelFlag,CommonConstant.DEL_FLAG_0); - if(oConvertUtils.isNotEmpty(username)){ - if(username.contains(",")){ - query.in(SysUser::getUsername,username.split(",")); - }else{ - query.eq(SysUser::getUsername,username); + query.eq(SysUser::getDelFlag, CommonConstant.DEL_FLAG_0); + if (oConvertUtils.isNotEmpty(username)) { + if (username.contains(",")) { + query.in(SysUser::getUsername, username.split(",")); + } else { + query.eq(SysUser::getUsername, username); } - }else{ + } else { query.and(i -> i.like(SysUser::getUsername, keyword).or().like(SysUser::getRealname, keyword)); } - Page page = new Page<>(pageNo, pageSize); - IPage res = this.sysUserService.page(page, query); - return Result.ok(res); - } catch (Exception e) { - log.error(e.getMessage(), e); - return Result.error(500, "查询失败:" + e.getMessage()); - } - - } + Page page = new Page<>(pageNo, pageSize); + IPage res = this.sysUserService.page(page, query); + return Result.ok(res); + } catch (Exception e) { + log.error(e.getMessage(), e); + return Result.error(500, "查询失败:" + e.getMessage()); + } + + } /** * 获取被逻辑删除的用户列表,无分页 @@ -1327,62 +1374,64 @@ public class SysUserController { return Result.ok("删除成功"); } - /** * 移动端修改用户信息 + * * @param jsonObject * @return */ @RequiresPermissions("system:user:app:edit") - @RequestMapping(value = "/appEdit", method = {RequestMethod.PUT,RequestMethod.POST}) - public Result appEdit(HttpServletRequest request,@RequestBody JSONObject jsonObject) { + @RequestMapping(value = "/appEdit", method = { RequestMethod.PUT, RequestMethod.POST }) + public Result appEdit(HttpServletRequest request, @RequestBody JSONObject jsonObject) { Result result = new Result(); try { String username = JwtUtil.getUserNameByToken(request); SysUser sysUser = sysUserService.getUserByName(username); - baseCommonService.addLog("移动端编辑用户,id: " +jsonObject.getString("id") ,CommonConstant.LOG_TYPE_2, 2); - String realname=jsonObject.getString("realname"); - String avatar=jsonObject.getString("avatar"); - String sex=jsonObject.getString("sex"); - String phone=jsonObject.getString("phone"); - String email=jsonObject.getString("email"); - Date birthday=jsonObject.getDate("birthday"); + baseCommonService.addLog("移动端编辑用户,id: " + jsonObject.getString("id"), CommonConstant.LOG_TYPE_2, 2); + String realname = jsonObject.getString("realname"); + String avatar = jsonObject.getString("avatar"); + String sex = jsonObject.getString("sex"); + String phone = jsonObject.getString("phone"); + String email = jsonObject.getString("email"); + Date birthday = jsonObject.getDate("birthday"); SysUser userPhone = sysUserService.getUserByPhone(phone); - if(sysUser==null) { + if (sysUser == null) { result.error500("未找到对应用户!"); - }else { - if(userPhone!=null){ + } else { + if (userPhone != null) { String userPhonename = userPhone.getUsername(); - if(!userPhonename.equals(username)){ + if (!userPhonename.equals(username)) { result.error500("手机号已存在!"); return result; } } - if(StringUtils.isNotBlank(realname)){ + if (StringUtils.isNotBlank(realname)) { sysUser.setRealname(realname); } - if(StringUtils.isNotBlank(avatar)){ + if (StringUtils.isNotBlank(avatar)) { sysUser.setAvatar(avatar); } - if(StringUtils.isNotBlank(sex)){ + if (StringUtils.isNotBlank(sex)) { sysUser.setSex(Integer.parseInt(sex)); } - if(StringUtils.isNotBlank(phone)){ + if (StringUtils.isNotBlank(phone)) { sysUser.setPhone(phone); } - if(StringUtils.isNotBlank(email)){ - //update-begin---author:wangshuai ---date:20220708 for:[VUEN-1528]积木官网邮箱重复,应该提示准确------------ + if (StringUtils.isNotBlank(email)) { + // update-begin---author:wangshuai ---date:20220708 + // for:[VUEN-1528]积木官网邮箱重复,应该提示准确------------ LambdaQueryWrapper emailQuery = new LambdaQueryWrapper<>(); - emailQuery.eq(SysUser::getEmail,email); + emailQuery.eq(SysUser::getEmail, email); long count = sysUserService.count(emailQuery); - if (!email.equals(sysUser.getEmail()) && count!=0) { + if (!email.equals(sysUser.getEmail()) && count != 0) { result.error500("保存失败,邮箱已存在!"); return result; } - //update-end---author:wangshuai ---date:20220708 for:[VUEN-1528]积木官网邮箱重复,应该提示准确-------------- + // update-end---author:wangshuai ---date:20220708 + // for:[VUEN-1528]积木官网邮箱重复,应该提示准确-------------- sysUser.setEmail(email); } - if(null != birthday){ + if (null != birthday) { sysUser.setBirthday(birthday); } sysUser.setUpdateTime(new Date()); @@ -1394,20 +1443,22 @@ public class SysUserController { } return result; } + /** * 移动端保存设备信息 + * * @param clientId * @return */ @RequestMapping(value = "/saveClientId", method = RequestMethod.GET) - public Result saveClientId(HttpServletRequest request,@RequestParam("clientId")String clientId) { + public Result saveClientId(HttpServletRequest request, @RequestParam("clientId") String clientId) { Result result = new Result(); try { String username = JwtUtil.getUserNameByToken(request); SysUser sysUser = sysUserService.getUserByName(username); - if(sysUser==null) { + if (sysUser == null) { result.error500("未找到对应用户!"); - }else { + } else { sysUser.setClientId(clientId); sysUserService.updateById(sysUser); } @@ -1417,6 +1468,7 @@ public class SysUserController { } return result; } + /** * 根据userid获取用户信息和部门员工信息 * @@ -1424,82 +1476,89 @@ public class SysUserController { */ @GetMapping("/queryChildrenByUsername") public Result queryChildrenByUsername(@RequestParam("userId") String userId) { - //获取用户信息 - Map map=new HashMap(5); + // 获取用户信息 + Map map = new HashMap(5); SysUser sysUser = sysUserService.getById(userId); String username = sysUser.getUsername(); Integer identity = sysUser.getUserIdentity(); - map.put("sysUser",sysUser); - if(identity!=null && identity==2){ - //获取部门用户信息 + map.put("sysUser", sysUser); + if (identity != null && identity == 2) { + // 获取部门用户信息 String departIds = sysUser.getDepartIds(); - if(StringUtils.isNotBlank(departIds)){ + if (StringUtils.isNotBlank(departIds)) { List departIdList = Arrays.asList(departIds.split(",")); - List childrenUser = sysUserService.queryByDepIds(departIdList,username); - map.put("children",childrenUser); + List childrenUser = sysUserService.queryByDepIds(departIdList, username); + map.put("children", childrenUser); } } return Result.ok(map); } + /** * 移动端查询部门用户信息 + * * @param departId * @return */ @GetMapping("/appQueryByDepartId") - public Result> appQueryByDepartId(@RequestParam(name="departId", required = false) String departId) { + public Result> appQueryByDepartId( + @RequestParam(name = "departId", required = false) String departId) { Result> result = new Result>(); - List list=new ArrayList (); + List list = new ArrayList(); list.add(departId); - List childrenUser = sysUserService.queryByDepIds(list,null); + List childrenUser = sysUserService.queryByDepIds(list, null); result.setResult(childrenUser); return result; } + /** * 移动端查询用户信息(通过用户名模糊查询) + * * @param keyword * @return */ @GetMapping("/appQueryUser") public Result> appQueryUser(@RequestParam(name = "keyword", required = false) String keyword, - @RequestParam(name = "username", required = false) String username, - @RequestParam(name="pageNo", defaultValue="1") Integer pageNo, - @RequestParam(name="pageSize", defaultValue="10") Integer pageSize,HttpServletRequest request) { + @RequestParam(name = "username", required = false) String username, + @RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo, + @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, HttpServletRequest request) { Result> result = new Result>(); - LambdaQueryWrapper queryWrapper =new LambdaQueryWrapper(); - //TODO 外部模拟登陆临时账号,列表不显示 - queryWrapper.ne(SysUser::getUsername,"_reserve_user_external"); - //增加 username传参 - if(oConvertUtils.isNotEmpty(username)){ - if(username.contains(",")){ - queryWrapper.in(SysUser::getUsername,username.split(",")); - }else{ - queryWrapper.eq(SysUser::getUsername,username); + LambdaQueryWrapper queryWrapper = new LambdaQueryWrapper(); + // TODO 外部模拟登陆临时账号,列表不显示 + queryWrapper.ne(SysUser::getUsername, "_reserve_user_external"); + // 增加 username传参 + if (oConvertUtils.isNotEmpty(username)) { + if (username.contains(",")) { + queryWrapper.in(SysUser::getUsername, username.split(",")); + } else { + queryWrapper.eq(SysUser::getUsername, username); } - }else if(StringUtils.isNotBlank(keyword)){ + } else if (StringUtils.isNotBlank(keyword)) { queryWrapper.and(i -> i.like(SysUser::getUsername, keyword).or().like(SysUser::getRealname, keyword)); } - //------------------------------------------------------------------------------------------------ - //是否开启系统管理模块的多租户数据隔离【SAAS多租户模式】 + // ------------------------------------------------------------------------------------------------ + // 是否开启系统管理模块的多租户数据隔离【SAAS多租户模式】 if (MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL) { - String tenantId = oConvertUtils.getString(TokenUtils.getTenantIdByRequest(request),"-1"); - //update-begin---author:wangshuai ---date:20221223 for:[QQYUN-3371]租户逻辑改造,改成关系表------------ + String tenantId = oConvertUtils.getString(TokenUtils.getTenantIdByRequest(request), "-1"); + // update-begin---author:wangshuai ---date:20221223 + // for:[QQYUN-3371]租户逻辑改造,改成关系表------------ List userIds = userTenantService.getUserIdsByTenantId(Integer.valueOf(tenantId)); if (oConvertUtils.listIsNotEmpty(userIds)) { queryWrapper.in(SysUser::getId, userIds); } - //update-end---author:wangshuai ---date:20221223 for:[QQYUN-3371]租户逻辑改造,改成关系表------------ + // update-end---author:wangshuai ---date:20221223 + // for:[QQYUN-3371]租户逻辑改造,改成关系表------------ } - //------------------------------------------------------------------------------------------------ + // ------------------------------------------------------------------------------------------------ Page page = new Page<>(pageNo, pageSize); IPage pageList = this.sysUserService.page(page, queryWrapper); - //批量查询用户的所属部门 - //step.1 先拿到全部的 useids - //step.2 通过 useids,一次性查询用户的所属部门名字 + // 批量查询用户的所属部门 + // step.1 先拿到全部的 useids + // step.2 通过 useids,一次性查询用户的所属部门名字 List userIds = pageList.getRecords().stream().map(SysUser::getId).collect(Collectors.toList()); - if(userIds!=null && userIds.size()>0){ - Map useDepNames = sysUserService.getDepNamesByUserIds(userIds); - pageList.getRecords().forEach(item->{ + if (userIds != null && userIds.size() > 0) { + Map useDepNames = sysUserService.getDepNamesByUserIds(userIds); + pageList.getRecords().forEach(item -> { item.setOrgCodeTxt(useDepNames.get(item.getId())); }); } @@ -1509,37 +1568,38 @@ public class SysUserController { /** * 根据用户名修改手机号[该方法未使用] + * * @param json * @return */ @RequestMapping(value = "/updateMobile", method = RequestMethod.PUT) - public Result changMobile(@RequestBody JSONObject json,HttpServletRequest request) { + public Result changMobile(@RequestBody JSONObject json, HttpServletRequest request) { String smscode = json.getString("smscode"); String phone = json.getString("phone"); Result result = new Result(); - //获取登录用户名 + // 获取登录用户名 String username = JwtUtil.getUserNameByToken(request); - if(oConvertUtils.isEmpty(username) || oConvertUtils.isEmpty(smscode) || oConvertUtils.isEmpty(phone)) { + if (oConvertUtils.isEmpty(username) || oConvertUtils.isEmpty(smscode) || oConvertUtils.isEmpty(phone)) { result.setMessage("修改手机号失败!"); result.setSuccess(false); return result; } - //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 - String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE+phone; - Object object= redisUtil.get(redisKey); - //update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 - if(null==object) { + // update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 + String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE + phone; + Object object = redisUtil.get(redisKey); + // update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 + if (null == object) { result.setMessage("短信验证码失效!"); result.setSuccess(false); return result; } - if(!smscode.equals(object.toString())) { + if (!smscode.equals(object.toString())) { result.setMessage("短信验证码不匹配!"); result.setSuccess(false); return result; } SysUser user = sysUserService.getUserByName(username); - if(user==null) { + if (user == null) { return Result.error("用户不存在!"); } user.setPhone(phone); @@ -1547,89 +1607,97 @@ public class SysUserController { return Result.ok("手机号设置成功!"); } - /** * 根据对象里面的属性值作in查询 属性可能会变 用户组件用到 + * * @param sysUser * @return */ @GetMapping("/getMultiUser") - public List getMultiUser(SysUser sysUser){ + public List getMultiUser(SysUser sysUser) { QueryWrapper queryWrapper = QueryGenerator.initQueryWrapper(sysUser, null); - //update-begin---author:wangshuai ---date:20220104 for:[JTC-297]已冻结用户仍可设置为代理人------------ - queryWrapper.eq("status",Integer.parseInt(CommonConstant.STATUS_1)); - //update-end---author:wangshuai ---date:20220104 for:[JTC-297]已冻结用户仍可设置为代理人------------ + // update-begin---author:wangshuai ---date:20220104 + // for:[JTC-297]已冻结用户仍可设置为代理人------------ + queryWrapper.eq("status", Integer.parseInt(CommonConstant.STATUS_1)); + // update-end---author:wangshuai ---date:20220104 + // for:[JTC-297]已冻结用户仍可设置为代理人------------ List ls = this.sysUserService.list(queryWrapper); - for(SysUser user: ls){ + for (SysUser user : ls) { user.setPassword(null); user.setSalt(null); } return ls; } - + /** - * 聊天 创建聊天组件专用 根据用户账号、用户姓名、部门id分页查询 + * 聊天 创建聊天组件专用 根据用户账号、用户姓名、部门id分页查询 + * * @param departId 部门id - * @param keyword 搜索值 + * @param keyword 搜索值 * @return */ @GetMapping(value = "/getUserInformation") public Result> getUserInformation( - @RequestParam(name="pageNo", defaultValue="1") Integer pageNo, - @RequestParam(name="pageSize", defaultValue="10") Integer pageSize, + @RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo, + @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, @RequestParam(name = "departId", required = false) String departId, - @RequestParam(name="keyword",required=false) String keyword) { - //------------------------------------------------------------------------------------------------ + @RequestParam(name = "keyword", required = false) String keyword) { + // ------------------------------------------------------------------------------------------------ Integer tenantId = null; - //是否开启系统管理模块的多租户数据隔离【SAAS多租户模式】 - if(MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL){ - tenantId = oConvertUtils.getInt(TenantContext.getTenant(),0); + // 是否开启系统管理模块的多租户数据隔离【SAAS多租户模式】 + if (MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL) { + tenantId = oConvertUtils.getInt(TenantContext.getTenant(), 0); } - //------------------------------------------------------------------------------------------------ - IPage pageList = sysUserDepartService.getUserInformation(tenantId,departId, keyword, pageSize, pageNo); + // ------------------------------------------------------------------------------------------------ + IPage pageList = sysUserDepartService.getUserInformation(tenantId, departId, keyword, pageSize, + pageNo); return Result.OK(pageList); } /** * 简版流程用户选择组件 + * * @param departId 部门id - * @param roleId 角色id - * @param keyword 搜索值 + * @param roleId 角色id + * @param keyword 搜索值 * @return */ @GetMapping(value = "/selectUserList") public Result> selectUserList( - @RequestParam(name="pageNo", defaultValue="1") Integer pageNo, - @RequestParam(name="pageSize", defaultValue="10") Integer pageSize, + @RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo, + @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, @RequestParam(name = "departId", required = false) String departId, @RequestParam(name = "roleId", required = false) String roleId, - @RequestParam(name="keyword",required=false) String keyword, - @RequestParam(name="excludeUserIdList",required = false) String excludeUserIdList, + @RequestParam(name = "keyword", required = false) String keyword, + @RequestParam(name = "excludeUserIdList", required = false) String excludeUserIdList, HttpServletRequest req) { - //------------------------------------------------------------------------------------------------ + // ------------------------------------------------------------------------------------------------ Integer tenantId = null; - //是否开启系统管理模块的多租户数据隔离【SAAS多租户模式】 - if(MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL){ + // 是否开启系统管理模块的多租户数据隔离【SAAS多租户模式】 + if (MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL) { String tenantStr = TenantContext.getTenant(); - tenantId = oConvertUtils.getInteger(tenantStr, oConvertUtils.getInt(TokenUtils.getTenantIdByRequest(req), -1)); + tenantId = oConvertUtils.getInteger(tenantStr, + oConvertUtils.getInt(TokenUtils.getTenantIdByRequest(req), -1)); log.info("---------简流中选择用户接口,通过租户筛选,租户ID={}", tenantId); } - //------------------------------------------------------------------------------------------------ - IPage pageList = sysUserDepartService.getUserInformation(tenantId, departId,roleId, keyword, pageSize, pageNo,excludeUserIdList); + // ------------------------------------------------------------------------------------------------ + IPage pageList = sysUserDepartService.getUserInformation(tenantId, departId, roleId, keyword, pageSize, + pageNo, excludeUserIdList); return Result.OK(pageList); } /** * 用户离职(新增代理人和用户状态变更操作)【低代码应用专用接口】 + * * @param sysUserAgent * @return */ @PutMapping("/userQuitAgent") - public Result userQuitAgent(@RequestBody SysUserAgent sysUserAgent){ - //判断id是否为空 - if(oConvertUtils.isNotEmpty(sysUserAgent.getId())){ + public Result userQuitAgent(@RequestBody SysUserAgent sysUserAgent) { + // 判断id是否为空 + if (oConvertUtils.isNotEmpty(sysUserAgent.getId())) { sysUserAgentService.updateById(sysUserAgent); - }else{ + } else { sysUserAgentService.save(sysUserAgent); } sysUserService.userQuit(sysUserAgent.getUserName()); @@ -1643,7 +1711,7 @@ public class SysUserController { */ @GetMapping("/getQuitList") public Result> getQuitList(HttpServletRequest req) { - Integer tenantId = oConvertUtils.getInt(TokenUtils.getTenantIdByRequest(req),0); + Integer tenantId = oConvertUtils.getInt(TokenUtils.getTenantIdByRequest(req), 0); List quitList = sysUserService.getQuitList(tenantId); if (null != quitList && quitList.size() > 0) { // 批量查询用户的所属部门 @@ -1658,22 +1726,23 @@ public class SysUserController { /** * 更新刪除状态和离职状态【低代码应用专用接口】 + * * @param jsonObject * @return Result */ @PutMapping("/putCancelQuit") - public Result putCancelQuit(@RequestBody JSONObject jsonObject, HttpServletRequest request){ + public Result putCancelQuit(@RequestBody JSONObject jsonObject, HttpServletRequest request) { String userIds = jsonObject.getString("userIds"); String usernames = jsonObject.getString("usernames"); - Integer tenantId = oConvertUtils.getInt(TokenUtils.getTenantIdByRequest(request),0); - //将状态改成未删除 + Integer tenantId = oConvertUtils.getInt(TokenUtils.getTenantIdByRequest(request), 0); + // 将状态改成未删除 if (StringUtils.isNotBlank(userIds)) { - userTenantService.putCancelQuit(Arrays.asList(userIds.split(SymbolConstant.COMMA)),tenantId); + userTenantService.putCancelQuit(Arrays.asList(userIds.split(SymbolConstant.COMMA)), tenantId); } - if(StringUtils.isNotEmpty(usernames)){ - //根据用户名删除代理人 + if (StringUtils.isNotEmpty(usernames)) { + // 根据用户名删除代理人 LambdaQueryWrapper query = new LambdaQueryWrapper<>(); - query.in(SysUserAgent::getUserName,Arrays.asList(usernames.split(SymbolConstant.COMMA))); + query.in(SysUserAgent::getUserName, Arrays.asList(usernames.split(SymbolConstant.COMMA))); sysUserAgentService.remove(query); } return Result.ok("取消离职成功"); @@ -1681,37 +1750,40 @@ public class SysUserController { /** * 获取用户信息(vue3用户设置专用)【低代码应用专用接口】 + * * @return */ @GetMapping("/login/setting/getUserData") public Result getUserData(HttpServletRequest request) { String username = JwtUtil.getUserNameByToken(request); SysUser user = sysUserService.getUserByName(username); - if(user==null) { + if (user == null) { return Result.error("未找到该用户数据"); } - //update-begin---author:wangshuai ---date:20230220 for:[QQYUN-3980]组织管理中 职位功能 职位表加租户id 加职位-用户关联表------------ - //获取用户id通过职位数据 + // update-begin---author:wangshuai ---date:20230220 for:[QQYUN-3980]组织管理中 职位功能 + // 职位表加租户id 加职位-用户关联表------------ + // 获取用户id通过职位数据 List sysPositionList = sysPositionService.getPositionList(user.getId()); - if(null != sysPositionList && sysPositionList.size()>0){ - //update-end---author:wangshuai ---date:20230220 for:[QQYUN-3980]组织管理中 职位功能 职位表加租户id 加职位-用户关联表------------ + if (null != sysPositionList && sysPositionList.size() > 0) { + // update-end---author:wangshuai ---date:20230220 for:[QQYUN-3980]组织管理中 职位功能 + // 职位表加租户id 加职位-用户关联表------------ StringBuilder nameBuilder = new StringBuilder(); StringBuilder idBuilder = new StringBuilder(); String verticalBar = " | "; - for (SysPosition sysPosition:sysPositionList){ + for (SysPosition sysPosition : sysPositionList) { nameBuilder.append(sysPosition.getName()).append(verticalBar); idBuilder.append(sysPosition.getId()).append(SymbolConstant.COMMA); } String names = nameBuilder.toString(); - if(oConvertUtils.isNotEmpty(names)){ - names = names.substring(0,names.lastIndexOf(verticalBar)); + if (oConvertUtils.isNotEmpty(names)) { + names = names.substring(0, names.lastIndexOf(verticalBar)); user.setPostText(names); } - //拼接职位id + // 拼接职位id String ids = idBuilder.toString(); - if(oConvertUtils.isNotEmpty(ids)){ - ids = ids.substring(0,ids.lastIndexOf(SymbolConstant.COMMA)); + if (oConvertUtils.isNotEmpty(ids)) { + ids = ids.substring(0, ids.lastIndexOf(SymbolConstant.COMMA)); user.setPost(ids); } } @@ -1720,6 +1792,7 @@ public class SysUserController { /** * 用户编辑(vue3用户设置专用)【低代码应用专用接口】 + * * @param sysUser * @return */ @@ -1728,10 +1801,10 @@ public class SysUserController { public Result userEdit(@RequestBody SysUser sysUser, HttpServletRequest request) { String username = JwtUtil.getUserNameByToken(request); SysUser user = sysUserService.getById(sysUser.getId()); - if(user==null) { - return Result.error("未找到该用户数据"); + if (user == null) { + return Result.error("未找到该用户数据"); } - if(!username.equals(user.getUsername())){ + if (!username.equals(user.getUsername())) { return Result.error("只能修改自己的数据"); } sysUserService.updateById(sysUser); @@ -1740,6 +1813,7 @@ public class SysUserController { /** * 批量修改 【low-app】 + * * @param jsonObject * @return */ @@ -1756,31 +1830,34 @@ public class SysUserController { } return result; } - + /** * 根据关键词搜索部门和用户【low-app】 + * * @param keyword * @return */ @GetMapping("/searchByKeyword") - public Result searchByKeyword(@RequestParam(name="keyword",required=false) String keyword) { + public Result searchByKeyword(@RequestParam(name = "keyword", required = false) String keyword) { DepartAndUserInfo info = sysUserService.searchByKeyword(keyword); return Result.ok(info); } /** * 编辑部门前获取部门相关信息 【low-app】 + * * @param id * @return */ @GetMapping("/getUpdateDepartInfo") - public Result getUpdateDepartInfo(@RequestParam(name="id",required=false) String id) { + public Result getUpdateDepartInfo(@RequestParam(name = "id", required = false) String id) { UpdateDepartInfo info = sysUserService.getUpdateDepartInfo(id); return Result.ok(info); } /** * 编辑部门 【low-app】 + * * @param updateDepartInfo * @return */ @@ -1792,6 +1869,7 @@ public class SysUserController { /** * 设置负责人 取消负责人 + * * @param json * @return */ @@ -1803,51 +1881,53 @@ public class SysUserController { /** * 修改租户下的用户【低代码应用专用接口】 + * * @param sysUser * @param req * @return */ - @RequestMapping(value = "/editTenantUser", method = {RequestMethod.PUT,RequestMethod.POST}) - public Result editTenantUser(@RequestBody SysUser sysUser,HttpServletRequest req){ + @RequestMapping(value = "/editTenantUser", method = { RequestMethod.PUT, RequestMethod.POST }) + public Result editTenantUser(@RequestBody SysUser sysUser, HttpServletRequest req) { Result result = new Result<>(); String tenantId = TokenUtils.getTenantIdByRequest(req); - if(oConvertUtils.isEmpty(tenantId)){ + if (oConvertUtils.isEmpty(tenantId)) { return result.error500("无权修改他人信息!"); } LambdaQueryWrapper query = new LambdaQueryWrapper<>(); - query.eq(SysUserTenant::getTenantId,Integer.valueOf(tenantId)); - query.eq(SysUserTenant::getUserId,sysUser.getId()); + query.eq(SysUserTenant::getTenantId, Integer.valueOf(tenantId)); + query.eq(SysUserTenant::getUserId, sysUser.getId()); SysUserTenant one = userTenantService.getOne(query); - if(null == one){ + if (null == one) { return result.error500("非当前租户下的用户,不允许修改!"); } String departs = req.getParameter("selecteddeparts"); - sysUserService.editTenantUser(sysUser,tenantId,departs,null); + sysUserService.editTenantUser(sysUser, tenantId, departs, null); return Result.ok("修改成功"); } /** * 切换租户时 需要修改 loginTenantId - * QQYUN-4491 【应用】一些小问题 1、上次选中登录的租户,下次登录未记忆 + * QQYUN-4491 【应用】一些小问题 1、上次选中登录的租户,下次登录未记忆 + * * @param sysUser * @return */ @PutMapping("/changeLoginTenantId") - public Result changeLoginTenantId(@RequestBody SysUser sysUser){ + public Result changeLoginTenantId(@RequestBody SysUser sysUser) { Result result = new Result<>(); Integer tenantId = sysUser.getLoginTenantId(); LoginUser loginUser = (LoginUser) SecurityUtils.getSubject().getPrincipal(); String userId = loginUser.getId(); - + // 判断 指定的租户ID是不是当前登录用户的租户 LambdaQueryWrapper query = new LambdaQueryWrapper<>(); query.eq(SysUserTenant::getTenantId, tenantId); query.eq(SysUserTenant::getUserId, userId); SysUserTenant one = userTenantService.getOne(query); - if(null == one){ + if (null == one) { return result.error500("非租户下的用户,不允许修改!"); } - + // 修改 loginTenantId LambdaQueryWrapper update = new LambdaQueryWrapper() .eq(SysUser::getId, userId); @@ -1855,10 +1935,11 @@ public class SysUserController { updateUser.setLoginTenantId(tenantId); sysUserService.update(updateUser, update); return Result.ok(); - } + } /** * 应用用户导出 + * * @param request * @return */ @@ -1866,17 +1947,18 @@ public class SysUserController { public ModelAndView exportAppUser(HttpServletRequest request) { return sysUserService.exportAppUser(request); } - - /** + + /** * 应用用户导入 + * * @param request * @return */ @RequestMapping(value = "/importAppUser", method = RequestMethod.POST) - public Result importAppUser(HttpServletRequest request, HttpServletResponse response)throws IOException { + public Result importAppUser(HttpServletRequest request, HttpServletResponse response) throws IOException { return sysUserService.importAppUser(request); } - + /** * 更改手机号(敲敲云个人设置专用) * @@ -1884,13 +1966,13 @@ public class SysUserController { * @param request */ @PutMapping("/changePhone") - public Result changePhone(@RequestBody JSONObject json, HttpServletRequest request){ - //获取登录用户名 + public Result changePhone(@RequestBody JSONObject json, HttpServletRequest request) { + // 获取登录用户名 String username = JwtUtil.getUserNameByToken(request); - sysUserService.changePhone(json,username); + sysUserService.changePhone(json, username); return Result.ok("修改手机号成功!"); } - + /** * 发送短信验证码接口(修改手机号) * @@ -1899,7 +1981,7 @@ public class SysUserController { */ @PostMapping(value = "/sendChangePhoneSms") public Result sendChangePhoneSms(@RequestBody JSONObject jsonObject, HttpServletRequest request) { - //获取登录用户名 + // 获取登录用户名 String username = JwtUtil.getUserNameByToken(request); String ipAddress = IpUtils.getIpAddr(request); sysUserService.sendChangePhoneSms(jsonObject, username, ipAddress); @@ -1915,7 +1997,7 @@ public class SysUserController { @PostMapping(value = "/sendLogOffPhoneSms") public Result sendLogOffPhoneSms(@RequestBody JSONObject jsonObject, HttpServletRequest request) { Result result = new Result<>(); - //获取登录用户名 + // 获取登录用户名 String username = JwtUtil.getUserNameByToken(request); String name = jsonObject.getString("username"); if (oConvertUtils.isEmpty(name) || !name.equals(username)) { diff --git a/jeecg-boot/jeecg-module-system/jeecg-system-start/src/main/resources/banner.txt b/jeecg-boot/jeecg-module-system/jeecg-system-start/src/main/resources/banner.txt index 21e01366..2aa68550 100644 --- a/jeecg-boot/jeecg-module-system/jeecg-system-start/src/main/resources/banner.txt +++ b/jeecg-boot/jeecg-module-system/jeecg-system-start/src/main/resources/banner.txt @@ -1,17 +1,5 @@ ${AnsiColor.BRIGHT_BLUE} - (_) | | | | - _ ___ ___ ___ __ _ ______| |__ ___ ___ | |_ - | |/ _ \/ _ \/ __/ _` |______| '_ \ / _ \ / _ \| __| - | | __/ __/ (_| (_| | | |_) | (_) | (_) | |_ - | |\___|\___|\___\__, | |_.__/ \___/ \___/ \__| - _/ | __/ | - |__/ |___/ - - ${AnsiColor.BRIGHT_GREEN} Jeecg Boot Version: 3.8.2 Spring Boot Version: ${spring-boot.version}${spring-boot.formatted-version} -产品官网: www.jeecg.com -版权所属: 北京国炬信息技术有限公司 -公司官网: www.guojusoft.com ${AnsiColor.BLACK}