Dev

db/sys_user_role_module.sql

@@ -40,7 +40,8 @@ INSERT INTO sys_user_role_module(id, parent_id, module_name, sort) VALUES
     ('3', -1, '系统用户管理', 900),
         ('3.1', '3', '系统用户-列表 (在线的)', null),
         ('3.2', '3', '系统用户-列表', null),
-            ('3.2.1', '3.2', '系统用户-详情', null),
+            ('3.2.1', '3.2', '查询用户信息', null),
+            ('3.2.1.2', '3.2', '查询他人的用户信息', null),
             ('3.2.2', '3.2', '系统用户-创建', null),
             ('3.2.3', '3.2', '系统用户-编辑', null),
             ('3.2.4', '3.2', '系统用户-删除', null),

db/sys_user_role_module_relation.sql

@@ -46,7 +46,7 @@ INSERT INTO sys_user_role_module_relation(role_id, module_id) VALUES
     (1, '3'),
         (1, '3.1'),
         (1, '3.2'),
-            (1, '3.2.1'), (1, '3.2.2'), (1, '3.2.3'), (1, '3.2.4'), (1, '3.2.5'), (1, '3.2.6'), (1, '3.2.7'),
+            (1, '3.2.1'), (1, '3.2.1.2'), (1, '3.2.2'), (1, '3.2.3'), (1, '3.2.4'), (1, '3.2.5'), (1, '3.2.6'), (1, '3.2.7'),
         (1, '3.3'),
             (1, '3.3.8'), (1, '3.3.9'), (1, '3.3.10'),
 #             (1, '3.3.1'), (1, '3.3.2'), (1, '3.3.3'), (1, '3.3.4'), (1, '3.3.5'), (1, '3.3.6'), (1, '3.3.7'),

src/main/java/com/backendsys/modules/common/config/security/enums/SecurityEnum.java

@@ -0,0 +1,5 @@
+package com.backendsys.modules.common.config.security.enums;
+
+public class SecurityEnum {
+    public static String NOAUTH = "当前用户没有操作权限";
+}

src/main/java/com/backendsys/modules/system/controller/SysUserV2Controller.java

@@ -1,6 +1,8 @@
 package com.backendsys.modules.system.controller;
 
+import com.backendsys.exception.CustomException;
 import com.backendsys.modules.common.config.security.annotations.Anonymous;
+import com.backendsys.modules.common.config.security.enums.SecurityEnum;
 import com.backendsys.modules.common.config.security.utils.SecurityUtil;
 import com.backendsys.modules.common.enums.MatchType;
 import com.backendsys.modules.common.utils.Result;
@@ -22,28 +24,25 @@ public class SysUserV2Controller {
     @Autowired
     private SysUserV2Service sysUserV2Service;
 
+    /**
+     * 权限：
+     * - 查询用户信息 (3.2.1)
+     * - 查询他人的用户信息 (3.2.1.2)
+     */
     @Operation(summary = "获得系统用户详情")
     @PreAuthorize("@sr.hasPermission('3.2.1')")
     @GetMapping("/api/v2/system/user/getUserDetail")
     public Result getUserDetail(@Parameter(description = "用户ID") Long user_id) {
 
-//        System.out.println(tokenUtil.getUserId());
-//        System.out.println(SecurityUtil.getUserInfo());
-//        System.out.println(SecurityUtil.getToken());
+        // 如果不传参数，则查询自身的用户信息
+        user_id = (user_id == null) ? SecurityUtil.getUserId() : user_id;
 
-//        System.out.println("UserId: " + SecurityUtil.getUserId());
-//
-//        // 判断是否具备权限，或者是超级管理员 (重构)
-        System.out.println("hasPermission: " + SecurityUtil.hasPermission("3.2.1"));
-        System.out.println("isSuper: " + SecurityUtil.isSuper());
+        // 如果是查询他人的用户信息，需要具备权限
+        if (!SecurityUtil.isSuper() && user_id != SecurityUtil.getUserId() && !SecurityUtil.hasPermission("3.2.1.2")) {
+            throw new CustomException(SecurityEnum.NOAUTH);
+        }
 
         return Result.success().put("data", sysUserV2Service.selectUserInfo(user_id));
     }
 
-    @Anonymous
-    @GetMapping("/api/v2/system/user/getUserDetail2")
-    public Result getUserDetail2(@Parameter(description = "用户ID") Long user_id) {
-        return Result.success();
-    }
-
 }