From c62ac06346fb5a29bacbc930e438e2b8361e6456 Mon Sep 17 00:00:00 2001 From: Parker Date: Fri, 9 Apr 2021 00:24:52 +0800 Subject: [PATCH] =?UTF-8?q?=E7=94=A8=E6=88=B7/=E7=A7=9F=E6=88=B7=E9=80=BB?= =?UTF-8?q?=E8=BE=91=E4=BC=98=E5=8C=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../{sys_area.sql => SQL变更.sql} | 9 +- .../opsli/api/web/system/user/UserApi.java | 8 +- .../wrapper/system/user/UserAndOrgModel.java | 6 +- .../api/wrapper/system/user/UserModel.java | 6 +- .../java/org/opsli/common/enums/DictType.java | 3 +- .../core/security/shiro/realm/JwtRealm.java | 24 +++-- .../org/opsli/modulars/system/SystemMsg.java | 4 +- .../system/login/web/LoginRestController.java | 17 +++- .../service/impl/TenantServiceImpl.java | 74 ++++++++++++++ .../modulars/system/user/entity/SysUser.java | 4 +- .../system/user/entity/SysUserAndOrg.java | 4 +- .../system/user/mapper/xml/UserMapper.xml | 2 +- .../system/user/service/IUserService.java | 6 +- .../user/service/impl/UserServiceImpl.java | 99 ++++++++++++++----- .../system/user/web/UserRestController.java | 17 ++-- 15 files changed, 210 insertions(+), 73 deletions(-) rename db-file/1.3.0 升级 1.3.4/{sys_area.sql => SQL变更.sql} (99%) diff --git a/db-file/1.3.0 升级 1.3.4/sys_area.sql b/db-file/1.3.0 升级 1.3.4/SQL变更.sql similarity index 99% rename from db-file/1.3.0 升级 1.3.4/sys_area.sql rename to db-file/1.3.0 升级 1.3.4/SQL变更.sql index e211431..8bb9cd5 100644 --- a/db-file/1.3.0 升级 1.3.4/sys_area.sql +++ b/db-file/1.3.0 升级 1.3.4/SQL变更.sql @@ -17,8 +17,15 @@ SET NAMES utf8mb4; SET FOREIGN_KEY_CHECKS = 0; +-- 用户变更 +ALTER TABLE `sys_user` CHANGE COLUMN `locked` `enable` char(1) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL COMMENT '是否启用' AFTER `secret_key`; + +-- 租户变更 +ALTER TABLE `sys_tenant` CHANGE COLUMN `iz_usable` `enable` char(1) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL COMMENT '是否启用 0是 1否' AFTER `tenant_name`; + + -- ---------------------------- --- Table structure for sys_area +-- 地域表数据变更 -- ---------------------------- DROP TABLE IF EXISTS `sys_area`; CREATE TABLE `sys_area` ( diff --git a/opsli-api/src/main/java/org/opsli/api/web/system/user/UserApi.java b/opsli-api/src/main/java/org/opsli/api/web/system/user/UserApi.java index 1df76cc..4324cbe 100644 --- a/opsli-api/src/main/java/org/opsli/api/web/system/user/UserApi.java +++ b/opsli-api/src/main/java/org/opsli/api/web/system/user/UserApi.java @@ -112,14 +112,14 @@ public interface UserApi { ResultVo resetPasswordById(String userId); /** - * 锁定账户 + * 变更账户状态 * * @param userId 用户ID - * @param locked 锁定状态 + * @param enable 启用状态 * @return ResultVo */ - @PostMapping("/lockAccount") - ResultVo lockAccount(String userId, String locked); + @PostMapping("/enableAccount") + ResultVo enableAccount(String userId, String enable); /** * 上传头像 diff --git a/opsli-api/src/main/java/org/opsli/api/wrapper/system/user/UserAndOrgModel.java b/opsli-api/src/main/java/org/opsli/api/wrapper/system/user/UserAndOrgModel.java index f005cf2..b8fa155 100644 --- a/opsli-api/src/main/java/org/opsli/api/wrapper/system/user/UserAndOrgModel.java +++ b/opsli-api/src/main/java/org/opsli/api/wrapper/system/user/UserAndOrgModel.java @@ -59,12 +59,12 @@ public class UserAndOrgModel extends ApiWrapper { @ValidationArgsLenMax(50) private String secretKey; - /** 是否锁定 */ - @ApiModelProperty(value = "是否锁定") + /** 启用状态 */ + @ApiModelProperty(value = "启用状态") @ExcelIgnore @ValidationArgs({ValiArgsType.IS_NOT_NULL}) @ValidationArgsLenMax(1) - private String locked; + private String enable; /** 真实姓名 */ @ApiModelProperty(value = "真实姓名") diff --git a/opsli-api/src/main/java/org/opsli/api/wrapper/system/user/UserModel.java b/opsli-api/src/main/java/org/opsli/api/wrapper/system/user/UserModel.java index 25d7f58..4cec159 100644 --- a/opsli-api/src/main/java/org/opsli/api/wrapper/system/user/UserModel.java +++ b/opsli-api/src/main/java/org/opsli/api/wrapper/system/user/UserModel.java @@ -59,12 +59,12 @@ public class UserModel extends ApiWrapper { @ValidationArgsLenMax(50) private String secretKey; - /** 是否锁定 */ - @ApiModelProperty(value = "是否锁定") + /** 是否启用 */ + @ApiModelProperty(value = "是否启用") @ExcelIgnore @ValidationArgs({ValiArgsType.IS_NOT_NULL}) @ValidationArgsLenMax(1) - private String locked; + private String enable; /** 真实姓名 */ @ApiModelProperty(value = "真实姓名") diff --git a/opsli-base-support/opsli-common/src/main/java/org/opsli/common/enums/DictType.java b/opsli-base-support/opsli-common/src/main/java/org/opsli/common/enums/DictType.java index 28c4263..3daf780 100644 --- a/opsli-base-support/opsli-common/src/main/java/org/opsli/common/enums/DictType.java +++ b/opsli-base-support/opsli-common/src/main/java/org/opsli/common/enums/DictType.java @@ -75,8 +75,7 @@ public enum DictType { DictType[] var1 = values(); for (DictType dict : var1) { if(dict.type.equals(type) && - dict.value.equalsIgnoreCase(value) - ){ + dict.value.equalsIgnoreCase(value)){ return true; } } diff --git a/opsli-base-support/opsli-core/src/main/java/org/opsli/core/security/shiro/realm/JwtRealm.java b/opsli-base-support/opsli-core/src/main/java/org/opsli/core/security/shiro/realm/JwtRealm.java index 9de9e6d..ec59b91 100644 --- a/opsli-base-support/opsli-core/src/main/java/org/opsli/core/security/shiro/realm/JwtRealm.java +++ b/opsli-base-support/opsli-core/src/main/java/org/opsli/core/security/shiro/realm/JwtRealm.java @@ -10,6 +10,7 @@ import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.opsli.api.wrapper.system.tenant.TenantModel; import org.opsli.api.wrapper.system.user.UserModel; +import org.opsli.common.enums.DictType; import org.opsli.core.api.TokenThreadLocal; import org.opsli.common.exception.TokenException; import org.opsli.core.msg.TokenMsg; @@ -32,8 +33,6 @@ import java.util.List; @Slf4j public class JwtRealm extends AuthorizingRealm implements FlagRealm { - /** 账号锁定状态 */ - public static final String LOCK_VAL = "1"; @Override public boolean supports(AuthenticationToken token) { @@ -86,19 +85,26 @@ public class JwtRealm extends AuthorizingRealm implements FlagRealm { String userId = UserTokenUtil.getUserIdByToken(accessToken); UserModel user = UserUtil.getUser(userId); - // 3. 校验账户是否锁定 - if(user == null || user.getLocked().equals(LOCK_VAL)){ - // 账号已被锁定,请联系管理员 + // 3. 是否存在该用户 + if(user == null){ // token失效,请重新登录 throw new TokenException( TokenMsg.EXCEPTION_LOGIN_ACCOUNT_LOCKED); } - // 4. 验证租户是否启用 - // 如果不是超级管理员 需要验证租户是否生效 + // 4. 如果不是超级管理员 if(!StringUtils.equals(UserUtil.SUPER_ADMIN, user.getUsername())){ + // 4.1 账号锁定验证 + if(StringUtils.isEmpty(user.getEnable()) || + DictType.NO_YES_NO.getValue().equals(user.getEnable())){ + // 账号已被锁定,请联系管理员 + throw new TokenException(TokenMsg.EXCEPTION_LOGIN_ACCOUNT_LOCKED); + } + + // 4.2 租户启用验证 TenantModel tenant = TenantUtil.getTenant(user.getTenantId()); if(tenant == null){ + // 租户未启用,请联系管理员 throw new TokenException(TokenMsg.EXCEPTION_LOGIN_TENANT_NOT_USABLE); } } @@ -127,8 +133,8 @@ public class JwtRealm extends AuthorizingRealm implements FlagRealm { String userId = UserTokenUtil.getUserIdByToken(accessToken); UserModel user = UserUtil.getUser(userId); - // 3. 校验账户是否锁定 - if(user == null || user.getLocked().equals(JwtRealm.LOCK_VAL)){ + // 3. 校验账户是否启用 否 + if(user == null || DictType.NO_YES_NO.getValue().equals(user.getEnable())){ // 账号已被锁定,请联系管理员 // token失效,请重新登录 throw new TokenException( diff --git a/opsli-modulars/opsli-modulars-system/src/main/java/org/opsli/modulars/system/SystemMsg.java b/opsli-modulars/opsli-modulars-system/src/main/java/org/opsli/modulars/system/SystemMsg.java index d67dcb0..fb10b9d 100644 --- a/opsli-modulars/opsli-modulars-system/src/main/java/org/opsli/modulars/system/SystemMsg.java +++ b/opsli-modulars/opsli-modulars-system/src/main/java/org/opsli/modulars/system/SystemMsg.java @@ -62,8 +62,8 @@ public enum SystemMsg implements BaseMsg { EXCEPTION_USER_NULL(20309,"暂无该用户: {}"), EXCEPTION_USER_FILE_NULL(20310,"请选择文件"), EXCEPTION_USER_ILLEGAL_PARAMETER(20311,"非法参数"), - EXCEPTION_USER_LOCK_SELF(20312,"不可锁定自身"), - EXCEPTION_USER_DEL_SELF(20313,"不可删除自身"), + EXCEPTION_USER_HANDLE_SELF(20312,"不可操作自身"), + EXCEPTION_USER_HANDLE_SUPER_ADMIN(20313,"不可操作超管账号"), /** diff --git a/opsli-modulars/opsli-modulars-system/src/main/java/org/opsli/modulars/system/login/web/LoginRestController.java b/opsli-modulars/opsli-modulars-system/src/main/java/org/opsli/modulars/system/login/web/LoginRestController.java index cc1cb59..8098b0d 100644 --- a/opsli-modulars/opsli-modulars-system/src/main/java/org/opsli/modulars/system/login/web/LoginRestController.java +++ b/opsli-modulars/opsli-modulars-system/src/main/java/org/opsli/modulars/system/login/web/LoginRestController.java @@ -26,6 +26,7 @@ import org.opsli.api.wrapper.system.tenant.TenantModel; import org.opsli.api.wrapper.system.user.UserModel; import org.opsli.common.annotation.InterfaceCrypto; import org.opsli.common.annotation.Limiter; +import org.opsli.common.enums.DictType; import org.opsli.core.api.TokenThreadLocal; import org.opsli.common.enums.AlertType; import org.opsli.common.enums.OptionsType; @@ -108,15 +109,21 @@ public class LoginRestController { // 如果验证成功, 则清除锁定信息 UserTokenUtil.clearLockAccount(form.getUsername()); - // 账号锁定 - if(JwtRealm.LOCK_VAL.equals(user.getLocked())){ - throw new TokenException(TokenMsg.EXCEPTION_LOGIN_ACCOUNT_LOCKED); - } - // 如果不是超级管理员 需要验证租户是否生效 + + // 如果不是超级管理员 if(!StringUtils.equals(UserUtil.SUPER_ADMIN, user.getUsername())){ + // 账号锁定验证 + if(StringUtils.isEmpty(user.getEnable()) || + DictType.NO_YES_NO.getValue().equals(user.getEnable())){ + // 账号已被锁定,请联系管理员 + throw new TokenException(TokenMsg.EXCEPTION_LOGIN_ACCOUNT_LOCKED); + } + + // 租户启用验证 TenantModel tenant = TenantUtil.getTenant(user.getTenantId()); if(tenant == null){ + // 租户未启用,请联系管理员 throw new TokenException(TokenMsg.EXCEPTION_LOGIN_TENANT_NOT_USABLE); } } diff --git a/opsli-modulars/opsli-modulars-system/src/main/java/org/opsli/modulars/system/tenant/service/impl/TenantServiceImpl.java b/opsli-modulars/opsli-modulars-system/src/main/java/org/opsli/modulars/system/tenant/service/impl/TenantServiceImpl.java index 884e83b..de8d1e3 100644 --- a/opsli-modulars/opsli-modulars-system/src/main/java/org/opsli/modulars/system/tenant/service/impl/TenantServiceImpl.java +++ b/opsli-modulars/opsli-modulars-system/src/main/java/org/opsli/modulars/system/tenant/service/impl/TenantServiceImpl.java @@ -111,6 +111,9 @@ public class TenantServiceImpl extends CrudServiceImpl 0){ @@ -128,6 +131,8 @@ public class TenantServiceImpl extends CrudServiceImpl 0){ @@ -157,6 +162,22 @@ public class TenantServiceImpl extends CrudServiceImpl idList = Convert.toList(String.class, ids); + + String currTenantId = UserUtil.getRealTenantId(); + if(CollUtil.isNotEmpty(idList)){ + if(idList.contains(currTenantId)){ + // 不可操作自身 + throw new ServiceException(SystemMsg.EXCEPTION_TENANT_HANDLE_SELF); + } + + // 超级管理员 + UserModel superAdmin = UserUtil.getUserByUserName(UserUtil.SUPER_ADMIN); + if(superAdmin != null){ + String superAdminTenantId = superAdmin.getTenantId(); + if(idList.contains(superAdminTenantId)){ + // 不可操作超管租户 + throw new ServiceException(SystemMsg.EXCEPTION_TENANT_HANDLE_SUPER_ADMIN); + } + } + } + // 如果有租户还在被引用 则不允许删除该租户 this.validationUsedByDel(idList); @@ -231,6 +287,24 @@ public class TenantServiceImpl extends CrudServiceImpl { /** - * 锁定账户 + * 变更账户状态 * @param userId 用户ID - * @param locked 状态 + * @param enable 状态 * @return */ - boolean lockAccount(String userId, String locked); + boolean enableAccount(String userId, String enable); /** * 查询分页数据 自定义 diff --git a/opsli-modulars/opsli-modulars-system/src/main/java/org/opsli/modulars/system/user/service/impl/UserServiceImpl.java b/opsli-modulars/opsli-modulars-system/src/main/java/org/opsli/modulars/system/user/service/impl/UserServiceImpl.java index 793dcbe..ae5267e 100644 --- a/opsli-modulars/opsli-modulars-system/src/main/java/org/opsli/modulars/system/user/service/impl/UserServiceImpl.java +++ b/opsli-modulars/opsli-modulars-system/src/main/java/org/opsli/modulars/system/user/service/impl/UserServiceImpl.java @@ -108,6 +108,8 @@ public class UserServiceImpl extends CrudServiceImpl updateWrapper = new UpdateWrapper<>(); - updateWrapper.set("locked", locked).eq( + updateWrapper.set("enable", enable) + .eq( HumpUtil.humpToUnderline(MyBatisConstants.FIELD_ID), userId ); if(this.update(updateWrapper)){ @@ -243,14 +257,23 @@ public class UserServiceImpl extends CrudServiceImpl idList = Convert.toList(String.class, ids); + // 杜绝我删我自己行为 UserModel currUser = UserUtil.getUser(); - for (String id : ids) { - if(StringUtils.equals(currUser.getId(), id)){ - // 不可删除自身 - throw new ServiceException(SystemMsg.EXCEPTION_USER_DEL_SELF); + if(CollUtil.isNotEmpty(idList)){ + if(idList.contains(currUser.getId())){ + // 不可操作自身 + throw new ServiceException(SystemMsg.EXCEPTION_USER_HANDLE_SELF); + } + + // 超级管理员 + UserModel superAdmin = UserUtil.getUserByUserName(UserUtil.SUPER_ADMIN); + if(superAdmin != null){ + String superAdminId = superAdmin.getId(); + if(idList.contains(superAdminId)){ + // 不可操作超管账号 + throw new ServiceException(SystemMsg.EXCEPTION_USER_HANDLE_SUPER_ADMIN); + } } } QueryBuilder queryBuilder = new GenQueryBuilder<>(); QueryWrapper queryWrapper = queryBuilder.build(); - List idList = Convert.toList(String.class, ids); queryWrapper.in(HumpUtil.humpToUnderline(MyBatisConstants.FIELD_ID),idList); List modelList = super.transformTs2Ms( this.findList(queryWrapper) @@ -326,16 +363,28 @@ public class UserServiceImpl extends CrudServiceImpl idList = Lists.newArrayListWithCapacity(models.size()); + for (UserModel model : models) { + idList.add(model.getId()); + } + // 杜绝我删我自己行为 UserModel currUser = UserUtil.getUser(); + if(CollUtil.isNotEmpty(idList)){ + if(idList.contains(currUser.getId())){ + // 不可操作自身 + throw new ServiceException(SystemMsg.EXCEPTION_USER_HANDLE_SELF); + } - List idList = Lists.newArrayListWithCapacity(models.size()); - for (UserModel model : models) { - if(StringUtils.equals(currUser.getId(), model.getId())){ - // 不可删除自身 - throw new ServiceException(SystemMsg.EXCEPTION_USER_DEL_SELF); + // 超级管理员 + UserModel superAdmin = UserUtil.getUserByUserName(UserUtil.SUPER_ADMIN); + if(superAdmin != null){ + String superAdminId = superAdmin.getId(); + if(idList.contains(superAdminId)){ + // 不可操作超管账号 + throw new ServiceException(SystemMsg.EXCEPTION_USER_HANDLE_SUPER_ADMIN); + } } - idList.add(model.getId()); } QueryBuilder queryBuilder = new GenQueryBuilder<>(); diff --git a/opsli-modulars/opsli-modulars-system/src/main/java/org/opsli/modulars/system/user/web/UserRestController.java b/opsli-modulars/opsli-modulars-system/src/main/java/org/opsli/modulars/system/user/web/UserRestController.java index 50aaeea..54e665c 100644 --- a/opsli-modulars/opsli-modulars-system/src/main/java/org/opsli/modulars/system/user/web/UserRestController.java +++ b/opsli-modulars/opsli-modulars-system/src/main/java/org/opsli/modulars/system/user/web/UserRestController.java @@ -284,26 +284,21 @@ public class UserRestController extends BaseRestController lockAccount(String userId, String locked) { + public ResultVo enableAccount(String userId, String enable) { // 演示模式 不允许操作 super.demoError(); - if(!DictType.hasDict(DictType.NO_YES_YES.getType(), locked)){ - // 非法参数 - throw new ServiceException(SystemMsg.EXCEPTION_USER_ILLEGAL_PARAMETER); - } - - // 锁定账户 - boolean lockAccountFlag = IService.lockAccount(userId, locked); + // 变更账户状态 + boolean lockAccountFlag = IService.enableAccount(userId, enable); if(!lockAccountFlag){ - return ResultVo.error("变更用户状态账户失败"); + return ResultVo.error("变更用户状态失败"); } return ResultVo.success(); }