msb_6557
/
opsli-boot
mirror of https://github.com/hiparker/opsli-boot.git
1
1
Code Issues Projects Releases Wiki Activity

用户/租户逻辑优化

Browse Source
v1.4.1
Parker 4 years ago
parent 3260ad329b
commit c62ac06346
15 changed files with 210 additions and 73 deletions
Show Stats Download Patch File Download Diff File

9
db-file/1.3.0 升级 1.3.4/sys_area.sql → db-file/1.3.0 升级 1.3.4/SQL变更.sql
Unescape View File

@ -17,8 +17,15 @@
SET NAMES utf8mb4;
SET FOREIGN_KEY_CHECKS = 0;
--
ALTER TABLE `sys_user` CHANGE COLUMN `locked` `enable` char(1) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL COMMENT '' AFTER `secret_key`;
--
ALTER TABLE `sys_tenant` CHANGE COLUMN `iz_usable` `enable` char(1) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL COMMENT ' 0 1' AFTER `tenant_name`;
-- ----------------------------
-- Table structure for sys_area
--
-- ----------------------------
DROP TABLE IF EXISTS `sys_area`;
CREATE TABLE `sys_area` (

8
opsli-api/src/main/java/org/opsli/api/web/system/user/UserApi.java
Unescape View File

@ -112,14 +112,14 @@ public interface UserApi {
ResultVo<?> resetPasswordById(String userId);
/**
*
*
*
* @param userId ID
* @param locked
* @param enable
* @return ResultVo
*/
@PostMapping("/lockAccount")
ResultVo<?> lockAccount(String userId, String locked);
@PostMapping("/enableAccount")
ResultVo<?> enableAccount(String userId, String enable);
/**
*

6
opsli-api/src/main/java/org/opsli/api/wrapper/system/user/UserAndOrgModel.java
Unescape View File

@ -59,12 +59,12 @@ public class UserAndOrgModel extends ApiWrapper {
@ValidationArgsLenMax(50)
private String secretKey;
/** 是否锁定 */
@ApiModelProperty(value = "是否锁定")
/** 启用状态 */
@ApiModelProperty(value = "启用状态")
@ExcelIgnore
@ValidationArgs({ValiArgsType.IS_NOT_NULL})
@ValidationArgsLenMax(1)
private String locked;
private String enable;
/** 真实姓名 */
@ApiModelProperty(value = "真实姓名")

6
opsli-api/src/main/java/org/opsli/api/wrapper/system/user/UserModel.java
Unescape View File

@ -59,12 +59,12 @@ public class UserModel extends ApiWrapper {
@ValidationArgsLenMax(50)
private String secretKey;
/** 是否锁定 */
@ApiModelProperty(value = "是否锁定")
/** 是否启用 */
@ApiModelProperty(value = "是否启用")
@ExcelIgnore
@ValidationArgs({ValiArgsType.IS_NOT_NULL})
@ValidationArgsLenMax(1)
private String locked;
private String enable;
/** 真实姓名 */
@ApiModelProperty(value = "真实姓名")

3
opsli-base-support/opsli-common/src/main/java/org/opsli/common/enums/DictType.java
Unescape View File

@ -75,8 +75,7 @@ public enum DictType {
DictType[] var1 = values();
for (DictType dict : var1) {
if(dict.type.equals(type) &&
dict.value.equalsIgnoreCase(value)
){
dict.value.equalsIgnoreCase(value)){
return true;
}
}

24
opsli-base-support/opsli-core/src/main/java/org/opsli/core/security/shiro/realm/JwtRealm.java
Unescape View File

@ -10,6 +10,7 @@ import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.opsli.api.wrapper.system.tenant.TenantModel;
import org.opsli.api.wrapper.system.user.UserModel;
import org.opsli.common.enums.DictType;
import org.opsli.core.api.TokenThreadLocal;
import org.opsli.common.exception.TokenException;
import org.opsli.core.msg.TokenMsg;
@ -32,8 +33,6 @@ import java.util.List;
@Slf4j
public class JwtRealm extends AuthorizingRealm implements FlagRealm {
/** 账号锁定状态 */
public static final String LOCK_VAL = "1";
@Override
public boolean supports(AuthenticationToken token) {
@ -86,19 +85,26 @@ public class JwtRealm extends AuthorizingRealm implements FlagRealm {
String userId = UserTokenUtil.getUserIdByToken(accessToken);
UserModel user = UserUtil.getUser(userId);
// 3. 校验账户是否锁定
if(user == null || user.getLocked().equals(LOCK_VAL)){
// 账号已被锁定,请联系管理员
// 3. 是否存在该用户
if(user == null){
// token失效请重新登录
throw new TokenException(
TokenMsg.EXCEPTION_LOGIN_ACCOUNT_LOCKED);
}
// 4. 验证租户是否启用
// 如果不是超级管理员 需要验证租户是否生效
// 4. 如果不是超级管理员
if(!StringUtils.equals(UserUtil.SUPER_ADMIN, user.getUsername())){
// 4.1 账号锁定验证
if(StringUtils.isEmpty(user.getEnable()) ||
DictType.NO_YES_NO.getValue().equals(user.getEnable())){
// 账号已被锁定,请联系管理员
throw new TokenException(TokenMsg.EXCEPTION_LOGIN_ACCOUNT_LOCKED);
}
// 4.2 租户启用验证
TenantModel tenant = TenantUtil.getTenant(user.getTenantId());
if(tenant == null){
// 租户未启用,请联系管理员
throw new TokenException(TokenMsg.EXCEPTION_LOGIN_TENANT_NOT_USABLE);
}
}
@ -127,8 +133,8 @@ public class JwtRealm extends AuthorizingRealm implements FlagRealm {
String userId = UserTokenUtil.getUserIdByToken(accessToken);
UserModel user = UserUtil.getUser(userId);
// 3. 校验账户是否锁定
if(user == null || user.getLocked().equals(JwtRealm.LOCK_VAL)){
// 3. 校验账户是否启用 否
if(user == null || DictType.NO_YES_NO.getValue().equals(user.getEnable())){
// 账号已被锁定,请联系管理员
// token失效请重新登录
throw new TokenException(

4
opsli-modulars/opsli-modulars-system/src/main/java/org/opsli/modulars/system/SystemMsg.java
Unescape View File

@ -62,8 +62,8 @@ public enum SystemMsg implements BaseMsg {
EXCEPTION_USER_NULL(20309,"暂无该用户: {}"),
EXCEPTION_USER_FILE_NULL(20310,"请选择文件"),
EXCEPTION_USER_ILLEGAL_PARAMETER(20311,"非法参数"),
EXCEPTION_USER_LOCK_SELF(20312,"不可锁定自身"),
EXCEPTION_USER_DEL_SELF(20313,"不可删除自身"),
EXCEPTION_USER_HANDLE_SELF(20312,"不可操作自身"),
EXCEPTION_USER_HANDLE_SUPER_ADMIN(20313,"不可操作超管账号"),
/**

17
opsli-modulars/opsli-modulars-system/src/main/java/org/opsli/modulars/system/login/web/LoginRestController.java
Unescape View File

@ -26,6 +26,7 @@ import org.opsli.api.wrapper.system.tenant.TenantModel;
import org.opsli.api.wrapper.system.user.UserModel;
import org.opsli.common.annotation.InterfaceCrypto;
import org.opsli.common.annotation.Limiter;
import org.opsli.common.enums.DictType;
import org.opsli.core.api.TokenThreadLocal;
import org.opsli.common.enums.AlertType;
import org.opsli.common.enums.OptionsType;
@ -108,15 +109,21 @@ public class LoginRestController {
// 如果验证成功, 则清除锁定信息
UserTokenUtil.clearLockAccount(form.getUsername());
// 账号锁定
if(JwtRealm.LOCK_VAL.equals(user.getLocked())){
throw new TokenException(TokenMsg.EXCEPTION_LOGIN_ACCOUNT_LOCKED);
}
// 如果不是超级管理员 需要验证租户是否生效
// 如果不是超级管理员
if(!StringUtils.equals(UserUtil.SUPER_ADMIN, user.getUsername())){
// 账号锁定验证
if(StringUtils.isEmpty(user.getEnable()) ||
DictType.NO_YES_NO.getValue().equals(user.getEnable())){
// 账号已被锁定,请联系管理员
throw new TokenException(TokenMsg.EXCEPTION_LOGIN_ACCOUNT_LOCKED);
}
// 租户启用验证
TenantModel tenant = TenantUtil.getTenant(user.getTenantId());
if(tenant == null){
// 租户未启用,请联系管理员
throw new TokenException(TokenMsg.EXCEPTION_LOGIN_TENANT_NOT_USABLE);
}
}

74
opsli-modulars/opsli-modulars-system/src/main/java/org/opsli/modulars/system/tenant/service/impl/TenantServiceImpl.java
Unescape View File

@ -111,6 +111,9 @@ public class TenantServiceImpl extends CrudServiceImpl<TenantMapper, SysTenant,
return null;
}
// 默认为未启用
model.setEnable(DictType.NO_YES_NO.getValue());
// 唯一验证
Integer count = this.uniqueVerificationByName(model);
if(count != null && count > 0){
@ -128,6 +131,8 @@ public class TenantServiceImpl extends CrudServiceImpl<TenantMapper, SysTenant,
return null;
}
model.setEnable(null);
// 唯一验证
Integer count = this.uniqueVerificationByName(model);
if(count != null && count > 0){
@ -157,6 +162,22 @@ public class TenantServiceImpl extends CrudServiceImpl<TenantMapper, SysTenant,
return false;
}
String currTenantId = UserUtil.getRealTenantId();
if(StringUtils.equals(currTenantId, id)){
// 不可操作自身
throw new ServiceException(SystemMsg.EXCEPTION_TENANT_HANDLE_SELF);
}
// 超级管理员
UserModel superAdmin = UserUtil.getUserByUserName(UserUtil.SUPER_ADMIN);
if(superAdmin != null){
String superAdminTenantId = superAdmin.getTenantId();
if(StringUtils.equals(superAdminTenantId, id)){
// 不可操作超管租户
throw new ServiceException(SystemMsg.EXCEPTION_TENANT_HANDLE_SUPER_ADMIN);
}
}
// 如果有租户还在被引用 则不允许删除该租户
this.validationUsedByDel(Collections.singletonList(id));
@ -183,6 +204,22 @@ public class TenantServiceImpl extends CrudServiceImpl<TenantMapper, SysTenant,
return false;
}
String currTenantId = UserUtil.getRealTenantId();
if(StringUtils.equals(currTenantId, model.getId())){
// 不可操作自身
throw new ServiceException(SystemMsg.EXCEPTION_TENANT_HANDLE_SELF);
}
// 超级管理员
UserModel superAdmin = UserUtil.getUserByUserName(UserUtil.SUPER_ADMIN);
if(superAdmin != null){
String superAdminTenantId = superAdmin.getTenantId();
if(StringUtils.equals(superAdminTenantId, model.getId())){
// 不可操作超管租户
throw new ServiceException(SystemMsg.EXCEPTION_TENANT_HANDLE_SUPER_ADMIN);
}
}
// 如果有租户还在被引用 则不允许删除该租户
this.validationUsedByDel(Collections.singletonList(model.getId()));
@ -206,6 +243,25 @@ public class TenantServiceImpl extends CrudServiceImpl<TenantMapper, SysTenant,
public boolean deleteAll(String[] ids) {
List<String> idList = Convert.toList(String.class, ids);
String currTenantId = UserUtil.getRealTenantId();
if(CollUtil.isNotEmpty(idList)){
if(idList.contains(currTenantId)){
// 不可操作自身
throw new ServiceException(SystemMsg.EXCEPTION_TENANT_HANDLE_SELF);
}
// 超级管理员
UserModel superAdmin = UserUtil.getUserByUserName(UserUtil.SUPER_ADMIN);
if(superAdmin != null){
String superAdminTenantId = superAdmin.getTenantId();
if(idList.contains(superAdminTenantId)){
// 不可操作超管租户
throw new ServiceException(SystemMsg.EXCEPTION_TENANT_HANDLE_SUPER_ADMIN);
}
}
}
// 如果有租户还在被引用 则不允许删除该租户
this.validationUsedByDel(idList);
@ -231,6 +287,24 @@ public class TenantServiceImpl extends CrudServiceImpl<TenantMapper, SysTenant,
idList.add(model.getId());
}
String currTenantId = UserUtil.getRealTenantId();
if(CollUtil.isNotEmpty(idList)){
if(idList.contains(currTenantId)){
// 不可操作自身
throw new ServiceException(SystemMsg.EXCEPTION_TENANT_HANDLE_SELF);
}
// 超级管理员
UserModel superAdmin = UserUtil.getUserByUserName(UserUtil.SUPER_ADMIN);
if(superAdmin != null){
String superAdminTenantId = superAdmin.getTenantId();
if(idList.contains(superAdminTenantId)){
// 不可操作超管租户
throw new ServiceException(SystemMsg.EXCEPTION_TENANT_HANDLE_SUPER_ADMIN);
}
}
}
// 如果有租户还在被引用 则不允许删除该租户
this.validationUsedByDel(idList);

4
opsli-modulars/opsli-modulars-system/src/main/java/org/opsli/modulars/system/user/entity/SysUser.java
Unescape View File

@ -43,8 +43,8 @@ public class SysUser extends BaseEntity {
/** 盐值,密码秘钥 */
private String secretKey;
/** 是否锁定 */
private String locked;
/** 是否启用 */
private String enable;
/** 真实姓名 */
private String realName;

4
opsli-modulars/opsli-modulars-system/src/main/java/org/opsli/modulars/system/user/entity/SysUserAndOrg.java
Unescape View File

@ -46,8 +46,8 @@ public class SysUserAndOrg extends BaseEntity {
/** 盐值,密码秘钥 */
private String secretKey;
/** 是否锁定 */
private String locked;
/** 启用状态 */
private String enable;
/** 真实姓名 */
private String realName;

2
opsli-modulars/opsli-modulars-system/src/main/java/org/opsli/modulars/system/user/mapper/xml/UserMapper.xml
Unescape View File

@ -11,7 +11,7 @@
a.secret_key as secretKey,
a.no as no,
a.real_name as realName,
a.locked as locked,
a.enable as enable,
a.mobile as mobile,
a.email as email,
a.avatar as avatar,

6
opsli-modulars/opsli-modulars-system/src/main/java/org/opsli/modulars/system/user/service/IUserService.java
Unescape View File

@ -105,12 +105,12 @@ public interface IUserService extends CrudServiceInterface<SysUser, UserModel> {
/**
*
*
* @param userId ID
* @param locked
* @param enable
* @return
*/
boolean lockAccount(String userId, String locked);
boolean enableAccount(String userId, String enable);
/**
*

99
opsli-modulars/opsli-modulars-system/src/main/java/org/opsli/modulars/system/user/service/impl/UserServiceImpl.java
Unescape View File

@ -108,6 +108,8 @@ public class UserServiceImpl extends CrudServiceImpl<UserMapper, SysUser, UserMo
// 防止非法操作 - 不允许直接操控到 关键数据
// 需要注意的是 不要轻易改修改策略
model.setLoginIp(null);
// 默认用户状态为启用
model.setEnable(DictType.NO_YES_YES.getValue());
// 新增可以直接设置密码
if(StringUtils.isNotEmpty(model.getPassword())){
@ -195,7 +197,7 @@ public class UserServiceImpl extends CrudServiceImpl<UserMapper, SysUser, UserMo
model.setPassword(null);
model.setSecretKey(null);
model.setLoginIp(null);
model.setLocked(null);
model.setEnable(null);
UserModel update = super.update(model);
if(update != null){
@ -217,7 +219,12 @@ public class UserServiceImpl extends CrudServiceImpl<UserMapper, SysUser, UserMo
@Override
@Transactional(rollbackFor = Exception.class)
public boolean lockAccount(String userId, String locked) {
public boolean enableAccount(String userId, String enable) {
if(!DictType.hasDict(DictType.NO_YES_YES.getType(), enable)){
// 非法参数
throw new ServiceException(SystemMsg.EXCEPTION_USER_ILLEGAL_PARAMETER);
}
UserModel model = this.get(userId);
if(model == null){
return false;
@ -225,12 +232,19 @@ public class UserServiceImpl extends CrudServiceImpl<UserMapper, SysUser, UserMo
UserModel currUser = UserUtil.getUser();
if(StringUtils.equals(currUser.getId(), userId)){
// 不可锁定自身
throw new ServiceException(SystemMsg.EXCEPTION_USER_LOCK_SELF);
// 不可操作自身
throw new ServiceException(SystemMsg.EXCEPTION_USER_HANDLE_SELF);
}
if(StringUtils.equals(UserUtil.SUPER_ADMIN, model.getUsername())){
// 不可操作超管账号
throw new ServiceException(SystemMsg.EXCEPTION_USER_HANDLE_SUPER_ADMIN);
}
UpdateWrapper<SysUser> updateWrapper = new UpdateWrapper<>();
updateWrapper.set("locked", locked).eq(
updateWrapper.set("enable", enable)
.eq(
HumpUtil.humpToUnderline(MyBatisConstants.FIELD_ID), userId
);
if(this.update(updateWrapper)){
@ -243,14 +257,23 @@ public class UserServiceImpl extends CrudServiceImpl<UserMapper, SysUser, UserMo
@Override
public boolean delete(String id) {
UserModel userModel = super.get(id);
// 非法判断
if(userModel == null){
return false;
}
// 杜绝我删我自己行为
UserModel currUser = UserUtil.getUser();
if(StringUtils.equals(currUser.getId(), id)){
// 不可删除自身
throw new ServiceException(SystemMsg.EXCEPTION_USER_DEL_SELF);
// 不可操作自身
throw new ServiceException(SystemMsg.EXCEPTION_USER_HANDLE_SELF);
}
if(StringUtils.equals(UserUtil.SUPER_ADMIN, userModel.getUsername())){
// 不可操作超管账号
throw new ServiceException(SystemMsg.EXCEPTION_USER_HANDLE_SUPER_ADMIN);
}
UserModel userModel = super.get(id);
boolean ret = super.delete(id);
if(ret){
// 刷新用户缓存
@ -261,11 +284,10 @@ public class UserServiceImpl extends CrudServiceImpl<UserMapper, SysUser, UserMo
@Override
public boolean delete(UserModel model) {
UserModel userModel = null;
if(model != null){
userModel = this.get(model.getId());
if(model == null){
return false;
}
UserModel userModel = super.get(model.getId());
// 非法判断
if(userModel == null){
return false;
@ -274,8 +296,12 @@ public class UserServiceImpl extends CrudServiceImpl<UserMapper, SysUser, UserMo
// 杜绝我删我自己行为
UserModel currUser = UserUtil.getUser();
if(StringUtils.equals(currUser.getId(), userModel.getId())){
// 不可删除自身
throw new ServiceException(SystemMsg.EXCEPTION_USER_DEL_SELF);
// 不可操作自身
throw new ServiceException(SystemMsg.EXCEPTION_USER_HANDLE_SELF);
}
if(StringUtils.equals(UserUtil.SUPER_ADMIN, userModel.getUsername())){
// 不可操作超管账号
throw new ServiceException(SystemMsg.EXCEPTION_USER_HANDLE_SUPER_ADMIN);
}
boolean ret = super.delete(model);
@ -293,18 +319,29 @@ public class UserServiceImpl extends CrudServiceImpl<UserMapper, SysUser, UserMo
return false;
}
List<String> idList = Convert.toList(String.class, ids);
// 杜绝我删我自己行为
UserModel currUser = UserUtil.getUser();
for (String id : ids) {
if(StringUtils.equals(currUser.getId(), id)){
// 不可删除自身
throw new ServiceException(SystemMsg.EXCEPTION_USER_DEL_SELF);
if(CollUtil.isNotEmpty(idList)){
if(idList.contains(currUser.getId())){
// 不可操作自身
throw new ServiceException(SystemMsg.EXCEPTION_USER_HANDLE_SELF);
}
// 超级管理员
UserModel superAdmin = UserUtil.getUserByUserName(UserUtil.SUPER_ADMIN);
if(superAdmin != null){
String superAdminId = superAdmin.getId();
if(idList.contains(superAdminId)){
// 不可操作超管账号
throw new ServiceException(SystemMsg.EXCEPTION_USER_HANDLE_SUPER_ADMIN);
}
}
}
QueryBuilder<SysUser> queryBuilder = new GenQueryBuilder<>();
QueryWrapper<SysUser> queryWrapper = queryBuilder.build();
List<String> idList = Convert.toList(String.class, ids);
queryWrapper.in(HumpUtil.humpToUnderline(MyBatisConstants.FIELD_ID),idList);
List<UserModel> modelList = super.transformTs2Ms(
this.findList(queryWrapper)
@ -326,16 +363,28 @@ public class UserServiceImpl extends CrudServiceImpl<UserMapper, SysUser, UserMo
return false;
}
List<String> idList = Lists.newArrayListWithCapacity(models.size());
for (UserModel model : models) {
idList.add(model.getId());
}
// 杜绝我删我自己行为
UserModel currUser = UserUtil.getUser();
if(CollUtil.isNotEmpty(idList)){
if(idList.contains(currUser.getId())){
// 不可操作自身
throw new ServiceException(SystemMsg.EXCEPTION_USER_HANDLE_SELF);
}
List<String> idList = Lists.newArrayListWithCapacity(models.size());
for (UserModel model : models) {
if(StringUtils.equals(currUser.getId(), model.getId())){
// 不可删除自身
throw new ServiceException(SystemMsg.EXCEPTION_USER_DEL_SELF);
// 超级管理员
UserModel superAdmin = UserUtil.getUserByUserName(UserUtil.SUPER_ADMIN);
if(superAdmin != null){
String superAdminId = superAdmin.getId();
if(idList.contains(superAdminId)){
// 不可操作超管账号
throw new ServiceException(SystemMsg.EXCEPTION_USER_HANDLE_SUPER_ADMIN);
}
}
idList.add(model.getId());
}
QueryBuilder<SysUser> queryBuilder = new GenQueryBuilder<>();

17
opsli-modulars/opsli-modulars-system/src/main/java/org/opsli/modulars/system/user/web/UserRestController.java
Unescape View File

@ -284,26 +284,21 @@ public class UserRestController extends BaseRestController<SysUser, UserModel, I
}
/**
*
*
* @return ResultVo
*/
@ApiOperation(value = "锁定账户", notes = "锁定账户")
@RequiresPermissions("system_user_lockAccount")
@RequiresPermissions("system_user_enable")
@EnableLog
@Override
public ResultVo<?> lockAccount(String userId, String locked) {
public ResultVo<?> enableAccount(String userId, String enable) {
// 演示模式 不允许操作
super.demoError();
if(!DictType.hasDict(DictType.NO_YES_YES.getType(), locked)){
// 非法参数
throw new ServiceException(SystemMsg.EXCEPTION_USER_ILLEGAL_PARAMETER);
}
// 锁定账户
boolean lockAccountFlag = IService.lockAccount(userId, locked);
// 变更账户状态
boolean lockAccountFlag = IService.enableAccount(userId, enable);
if(!lockAccountFlag){
return ResultVo.error("变更用户状态账户失败");
return ResultVo.error("变更用户状态失败");
}
return ResultVo.success();
}

Write Preview
Loading…
Cancel
Save