msb_6557
/
opsli-boot
mirror of https://github.com/hiparker/opsli-boot.git
1
1
Code Issues Projects Releases Wiki Activity

perf: 优化查询用户数据安全性

Browse Source
pull/21/head
Parker 2 years ago
parent c62b96be7d
commit ffe81f3a53
3 changed files with 70 additions and 59 deletions
Show Stats Download Patch File Download Diff File

8
opsli-api/src/main/java/org/opsli/api/web/system/user/UserApi.java
Unescape View File

@ -294,7 +294,6 @@ public interface UserApi {
* @param username * @param username
* @return ResultWrapper * @return ResultWrapper
*/ */
//@GetMapping("/getUserByUsername")
ResultWrapper<UserModel> getUserByUsername(String username); ResultWrapper<UserModel> getUserByUsername(String username);
/** /**
@ -311,6 +310,11 @@ public interface UserApi {
*/ */
ResultWrapper<UserModel> getUserByEmail(String email); ResultWrapper<UserModel> getUserByEmail(String email);
/**
*
* @param id ID
* @return ResultWrapper
*/
ResultWrapper<UserModel> getById(String id);
} }

11
opsli-base-support/opsli-core/src/main/java/org/opsli/core/utils/UserUtil.java
Unescape View File

@ -174,16 +174,7 @@ public class UserUtil {
Object cache = SecurityCache.get(redisTemplate, cacheKey, (k) -> { Object cache = SecurityCache.get(redisTemplate, cacheKey, (k) -> {
// 查询数据库 // 查询数据库
UserModel userModelTemp = new UserModel(); ResultWrapper<UserModel> resultVo = userApi.getById(userId);
userModelTemp.setId(userId);
// 设置为系统内部调用 否则 会拿到 空值
userModelTemp.setIzApi(true);
// 查询数据库
ResultWrapper<UserModel> resultVo = userApi.get(userModelTemp);
if(!ResultWrapper.isSuccess(resultVo)){
return null;
}
return resultVo.getData(); return resultVo.getData();
}, true); }, true);

110
opsli-modulars/opsli-modulars-system/src/main/java/org/opsli/modulars/system/user/web/UserRestController.java
Unescape View File

@ -404,11 +404,15 @@ public class UserRestController extends BaseRestController<SysUser, UserModel, I
* @return ResultWrapper * @return ResultWrapper
*/ */
@ApiOperation(value = "获得单条用户信息", notes = "获得单条用户信息 - ID") @ApiOperation(value = "获得单条用户信息", notes = "获得单条用户信息 - ID")
// 因为工具类 使用到该方法 不做权限验证 @PreAuthorize("hasAuthority('system_user_select')")
//@PreAuthorize("hasAuthority('system_user_select')")
@Override @Override
public ResultWrapper<UserModel> get(UserModel model) { public ResultWrapper<UserModel> get(UserModel model) {
model = IService.get(model); model = IService.get(model);
// 防止密码泄露
model.setPassword(null);
model.setPasswordLevel(null);
return ResultWrapper.getSuccessResultWrapper(model); return ResultWrapper.getSuccessResultWrapper(model);
} }
@ -635,51 +639,6 @@ public class UserRestController extends BaseRestController<SysUser, UserModel, I
return super.importExcel(request); return super.importExcel(request);
} }
/**
* username
* @param username
* @return ResultWrapper
*/
@ApiOperation(value = "根据 username 获得用户", notes = "根据 username 获得用户")
@Override
public ResultWrapper<UserModel> getUserByUsername(String username) {
UserModel userModel = IService.queryByUserName(username);
if(userModel == null){
// 暂无该用户
throw new ServiceException(SystemMsg.EXCEPTION_USER_NULL.getCode(),
StrUtil.format(SystemMsg.EXCEPTION_USER_NULL.getMessage(), username)
);
}
return ResultWrapper.getSuccessResultWrapper(userModel);
}
@ApiOperation(value = "根据 手机号 获得用户", notes = "根据 手机号 获得用户")
@Override
public ResultWrapper<UserModel> getUserByMobile(String mobile) {
UserModel userModel = IService.queryByMobile(mobile);
if(userModel == null){
// 暂无该用户
throw new ServiceException(SystemMsg.EXCEPTION_USER_NULL.getCode(),
StrUtil.format(SystemMsg.EXCEPTION_USER_NULL.getMessage(), mobile)
);
}
return ResultWrapper.getSuccessResultWrapper(userModel);
}
@ApiOperation(value = "根据 邮箱 获得用户", notes = "根据 邮箱 获得用户")
@Override
public ResultWrapper<UserModel> getUserByEmail(String email) {
UserModel userModel = IService.queryByEmail(email);
if(userModel == null){
// 暂无该用户
throw new ServiceException(SystemMsg.EXCEPTION_USER_NULL.getCode(),
StrUtil.format(SystemMsg.EXCEPTION_USER_NULL.getMessage(), email)
);
}
return ResultWrapper.getSuccessResultWrapper(userModel);
}
/** /**
* *
* @param tenantId ID * @param tenantId ID
@ -765,4 +724,61 @@ public class UserRestController extends BaseRestController<SysUser, UserModel, I
: ResultWrapper.getErrorResultWrapper().setMsg("切换失败"); : ResultWrapper.getErrorResultWrapper().setMsg("切换失败");
} }
/**
* username
* @param username
* @return ResultWrapper
*/
@ApiOperation(value = "根据 username 获得用户", notes = "根据 username 获得用户")
@Override
public ResultWrapper<UserModel> getUserByUsername(String username) {
UserModel userModel = IService.queryByUserName(username);
if(userModel == null){
// 暂无该用户
throw new ServiceException(SystemMsg.EXCEPTION_USER_NULL.getCode(),
StrUtil.format(SystemMsg.EXCEPTION_USER_NULL.getMessage(), username)
);
}
return ResultWrapper.getSuccessResultWrapper(userModel);
}
@ApiOperation(value = "根据 手机号 获得用户", notes = "根据 手机号 获得用户")
@Override
public ResultWrapper<UserModel> getUserByMobile(String mobile) {
UserModel userModel = IService.queryByMobile(mobile);
if(userModel == null){
// 暂无该用户
throw new ServiceException(SystemMsg.EXCEPTION_USER_NULL.getCode(),
StrUtil.format(SystemMsg.EXCEPTION_USER_NULL.getMessage(), mobile)
);
}
return ResultWrapper.getSuccessResultWrapper(userModel);
}
@ApiOperation(value = "根据 邮箱 获得用户", notes = "根据 邮箱 获得用户")
@Override
public ResultWrapper<UserModel> getUserByEmail(String email) {
UserModel userModel = IService.queryByEmail(email);
if(userModel == null){
// 暂无该用户
throw new ServiceException(SystemMsg.EXCEPTION_USER_NULL.getCode(),
StrUtil.format(SystemMsg.EXCEPTION_USER_NULL.getMessage(), email)
);
}
return ResultWrapper.getSuccessResultWrapper(userModel);
}
/**
*
* @param id
* @return ResultWrapper
*/
@ApiOperation(value = "根据 ID 获得用户", notes = "根据 ID 获得用户")
@Override
public ResultWrapper<UserModel> getById(String id) {
UserModel userModel = IService.get(id);
return ResultWrapper.getSuccessResultWrapper(userModel);
}
} }

Write Preview
Loading…
Cancel
Save