|
|
@@ -111,31 +111,40 @@ public class UserController {
|
|
|
public void add(@RequestParam String username,
|
|
|
@RequestParam String password,
|
|
|
@RequestParam Integer roleId){
|
|
|
- if (ObjectUtils.isEmpty(username) || ObjectUtils.isEmpty(password) || roleId == null) {
|
|
|
- throw new ControllerException(ErrorCode.ERROR400.getCode(), "参数不可为空");
|
|
|
- }
|
|
|
- // 获取当前登录用户id
|
|
|
- int currenRoleId = SecurityUtils.getUserInfo().getRole().getId();
|
|
|
- if (currenRoleId != 1) {
|
|
|
- // 只用角色id为1才可以删除和添加用户
|
|
|
- throw new ControllerException(ErrorCode.ERROR400.getCode(), "用户无权限");
|
|
|
- }
|
|
|
- User user = new User();
|
|
|
- user.setUsername(username);
|
|
|
- user.setPassword(DigestUtils.md5DigestAsHex(password.getBytes()));
|
|
|
- //新增用户的pushKey的生成规则为md5(时间戳+用户名)
|
|
|
- user.setPushKey(DigestUtils.md5DigestAsHex((System.currentTimeMillis()+password).getBytes()));
|
|
|
- Role role = roleService.getRoleById(roleId);
|
|
|
-
|
|
|
- if (role == null) {
|
|
|
- throw new ControllerException(ErrorCode.ERROR400.getCode(), "角色不存在");
|
|
|
- }
|
|
|
- user.setRole(role);
|
|
|
- user.setCreateTime(DateUtil.getNow());
|
|
|
- user.setUpdateTime(DateUtil.getNow());
|
|
|
- int addResult = userService.addUser(user);
|
|
|
- if (addResult <= 0) {
|
|
|
- throw new ControllerException(ErrorCode.ERROR100);
|
|
|
+ try {
|
|
|
+ if (ObjectUtils.isEmpty(username) || ObjectUtils.isEmpty(password) || roleId == null) {
|
|
|
+ throw new ControllerException(ErrorCode.ERROR400.getCode(), "参数不可为空");
|
|
|
+ }
|
|
|
+ LoginUser loginUser = SecurityUtils.getUserInfo();
|
|
|
+ String _username = loginUser.getUsername();
|
|
|
+ String _passwordMd5 = loginUser.getPassword();
|
|
|
+ LoginUser _user = SecurityUtils.login(_username, _passwordMd5, authenticationManager);
|
|
|
+ // 获取当前登录用户id
|
|
|
+ int currenRoleId = _user.getRole().getId();
|
|
|
+ logger.info("[用户管理] 添加用户,当前用户角色id:" + currenRoleId);
|
|
|
+ if (currenRoleId != 1) {
|
|
|
+ // 只用角色id为1才可以删除和添加用户
|
|
|
+ throw new ControllerException(ErrorCode.ERROR400.getCode(), "用户无权限");
|
|
|
+ }
|
|
|
+ User user = new User();
|
|
|
+ user.setUsername(username);
|
|
|
+ user.setPassword(DigestUtils.md5DigestAsHex(password.getBytes()));
|
|
|
+ //新增用户的pushKey的生成规则为md5(时间戳+用户名)
|
|
|
+ user.setPushKey(DigestUtils.md5DigestAsHex((System.currentTimeMillis() + password).getBytes()));
|
|
|
+ Role role = roleService.getRoleById(roleId);
|
|
|
+
|
|
|
+ if (role == null) {
|
|
|
+ throw new ControllerException(ErrorCode.ERROR400.getCode(), "角色不存在");
|
|
|
+ }
|
|
|
+ user.setRole(role);
|
|
|
+ user.setCreateTime(DateUtil.getNow());
|
|
|
+ user.setUpdateTime(DateUtil.getNow());
|
|
|
+ int addResult = userService.addUser(user);
|
|
|
+ if (addResult <= 0) {
|
|
|
+ throw new ControllerException(ErrorCode.ERROR100);
|
|
|
+ }
|
|
|
+ }catch (AuthenticationException e) {
|
|
|
+ throw new ControllerException(ErrorCode.ERROR100.getCode(), e.getMessage());
|
|
|
}
|
|
|
}
|
|
|
|
|
|
@@ -143,15 +152,23 @@ public class UserController {
|
|
|
@Operation(summary = "删除用户")
|
|
|
@Parameter(name = "id", description = "用户Id", required = true)
|
|
|
public void delete(@RequestParam Integer id){
|
|
|
- // 获取当前登录用户id
|
|
|
- int currenRoleId = SecurityUtils.getUserInfo().getRole().getId();
|
|
|
- if (currenRoleId != 1) {
|
|
|
- // 只用角色id为0才可以删除和添加用户
|
|
|
- throw new ControllerException(ErrorCode.ERROR400.getCode(), "用户无权限");
|
|
|
- }
|
|
|
- int deleteResult = userService.deleteUser(id);
|
|
|
- if (deleteResult <= 0) {
|
|
|
- throw new ControllerException(ErrorCode.ERROR100);
|
|
|
+ try {
|
|
|
+ // 获取当前登录用户id
|
|
|
+ LoginUser loginUser = SecurityUtils.getUserInfo();
|
|
|
+ String _username = loginUser.getUsername();
|
|
|
+ String _passwordMd5 = loginUser.getPassword();
|
|
|
+ LoginUser _user = SecurityUtils.login(_username, _passwordMd5, authenticationManager);
|
|
|
+ int currenRoleId = _user.getRole().getId();
|
|
|
+ if (currenRoleId != 1) {
|
|
|
+ // 只用角色id为0才可以删除和添加用户
|
|
|
+ throw new ControllerException(ErrorCode.ERROR400.getCode(), "用户无权限");
|
|
|
+ }
|
|
|
+ int deleteResult = userService.deleteUser(id);
|
|
|
+ if (deleteResult <= 0) {
|
|
|
+ throw new ControllerException(ErrorCode.ERROR100);
|
|
|
+ }
|
|
|
+ } catch (AuthenticationException e) {
|
|
|
+ throw new ControllerException(ErrorCode.ERROR100.getCode(), e.getMessage());
|
|
|
}
|
|
|
}
|
|
|
|
|
|
@@ -182,16 +199,24 @@ public class UserController {
|
|
|
@Parameter(name = "userId", description = "用户Id", required = true)
|
|
|
@Parameter(name = "pushKey", description = "新的pushKey", required = true)
|
|
|
public void changePushKey(@RequestParam Integer userId,@RequestParam String pushKey) {
|
|
|
- // 获取当前登录用户id
|
|
|
- int currenRoleId = SecurityUtils.getUserInfo().getRole().getId();
|
|
|
- WVPResult<String> result = new WVPResult<>();
|
|
|
- if (currenRoleId != 1) {
|
|
|
- // 只用角色id为0才可以删除和添加用户
|
|
|
- throw new ControllerException(ErrorCode.ERROR400.getCode(), "用户无权限");
|
|
|
- }
|
|
|
- int resetPushKeyResult = userService.changePushKey(userId,pushKey);
|
|
|
- if (resetPushKeyResult <= 0) {
|
|
|
- throw new ControllerException(ErrorCode.ERROR100);
|
|
|
+ try{
|
|
|
+ // 获取当前登录用户id
|
|
|
+ LoginUser loginUser = SecurityUtils.getUserInfo();
|
|
|
+ String _username = loginUser.getUsername();
|
|
|
+ String _passwordMd5 = loginUser.getPassword();
|
|
|
+ LoginUser _user = SecurityUtils.login(_username, _passwordMd5, authenticationManager);
|
|
|
+ int currenRoleId = _user.getRole().getId();
|
|
|
+ WVPResult<String> result = new WVPResult<>();
|
|
|
+ if (currenRoleId != 1) {
|
|
|
+ // 只用角色id为0才可以删除和添加用户
|
|
|
+ throw new ControllerException(ErrorCode.ERROR400.getCode(), "用户无权限");
|
|
|
+ }
|
|
|
+ int resetPushKeyResult = userService.changePushKey(userId,pushKey);
|
|
|
+ if (resetPushKeyResult <= 0) {
|
|
|
+ throw new ControllerException(ErrorCode.ERROR100);
|
|
|
+ }
|
|
|
+ } catch (AuthenticationException e) {
|
|
|
+ throw new ControllerException(ErrorCode.ERROR100.getCode(), e.getMessage());
|
|
|
}
|
|
|
}
|
|
|
|
|
|
@@ -202,16 +227,26 @@ public class UserController {
|
|
|
@Parameter(name = "password", description = "新密码(未md5加密的密码)", required = true)
|
|
|
public void changePasswordForAdmin(@RequestParam int userId, @RequestParam String password) {
|
|
|
// 获取当前登录用户id
|
|
|
- LoginUser userInfo = SecurityUtils.getUserInfo();
|
|
|
- if (userInfo == null) {
|
|
|
- throw new ControllerException(ErrorCode.ERROR100);
|
|
|
- }
|
|
|
- Role role = userInfo.getRole();
|
|
|
- if (role != null && role.getId() == 1) {
|
|
|
- boolean result = userService.changePassword(userId, DigestUtils.md5DigestAsHex(password.getBytes()));
|
|
|
- if (!result) {
|
|
|
+ try {
|
|
|
+ // 获取当前登录用户id
|
|
|
+ LoginUser loginUser = SecurityUtils.getUserInfo();
|
|
|
+ String _username = loginUser.getUsername();
|
|
|
+ String _passwordMd5 = loginUser.getPassword();
|
|
|
+ LoginUser _user = SecurityUtils.login(_username, _passwordMd5, authenticationManager);
|
|
|
+ if (_user == null) {
|
|
|
throw new ControllerException(ErrorCode.ERROR100);
|
|
|
}
|
|
|
+ Role role = _user.getRole();
|
|
|
+ if (role != null && role.getId() == 1) {
|
|
|
+ boolean result = userService.changePassword(userId, DigestUtils.md5DigestAsHex(password.getBytes()));
|
|
|
+ if (!result) {
|
|
|
+ throw new ControllerException(ErrorCode.ERROR100);
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+
|
|
|
+ } catch (AuthenticationException e) {
|
|
|
+ throw new ControllerException(ErrorCode.ERROR100.getCode(), e.getMessage());
|
|
|
}
|
|
|
}
|
|
|
}
|
