修改非空校验(QueryNullCheckAspect)

src/main/java/com/backendsys/aspect/QueryNullCheckAspect.java

@@ -59,13 +59,18 @@ public class QueryNullCheckAspect {
             if (argValue != null) { break; }
         }
 
-        // [反向代理] 执行记录非空查询的 service 方法
-        queryResult = (Map<String, Object>) service.getClass().getMethod(serviceMethod, argValue.getClass()).invoke(service, argValue);
-        // System.out.println("queryResult = " + queryResult);
-
-        if (queryResult == null) {
-            return Result.error(ResultEnum.DATABASE_OPERATION_FAILED.getCode(), message);
+        /**
+         * 参数为空 (例如 user_id = null) 时，校验在实体类那里进行，此处不再进行校验
+         */
+        if (argValue != null) {
+            // [反向代理] 执行记录非空查询的 service 方法
+            queryResult = (Map<String, Object>) service.getClass().getMethod(serviceMethod, argValue.getClass()).invoke(service, argValue);
+            // System.out.println("queryResult = " + queryResult);
+            if (queryResult == null) {
+                return Result.error(ResultEnum.DATABASE_OPERATION_FAILED.getCode(), message);
+            }
         }
+
         return joinPoint.proceed();
     }
 

src/main/java/com/backendsys/config/Security/service/PermissionService.java

@@ -1,6 +1,8 @@
 package com.backendsys.config.Security.service;
 
 
+import com.backendsys.exception.CustomException;
+import com.backendsys.utils.response.ResultEnum;
 import io.jsonwebtoken.Claims;
 import jakarta.servlet.http.HttpServletRequest;
 
@@ -74,4 +76,37 @@ public class PermissionService {
         Boolean bool = "Member".equals(loginUserInfo.get("target"));
         return bool;
     }
+
+
+    /**
+     * 判断是否匹配当前 {用户ID} 与 {用户权限}，不是则抛出错误
+     * - 匹配，通过
+     * - 不匹配，再次检查权限
+     *    - 匹配，通过
+     *    - 不匹配，抛出错误
+     * permissionService.checkUserIdAndPermission(sysUserDTO.getUser_id(), "3.2.1");
+     */
+    public void checkUserIdAndPermission(long user_id, String permission) {
+        Claims loginUserInfo = tokenService.getRedisTokenInfo();
+        Integer current_user_id = (Integer) loginUserInfo.get("user_id");
+        if (current_user_id != user_id) {
+            if (!hasPermi(permission)) {
+                throw new CustomException(ResultEnum.AUTH_ROLE_ERROR.getMessage(), ResultEnum.AUTH_ROLE_ERROR.getCode());
+            }
+        }
+    }
+
+    /**
+     * 判断是否 首位超级管理员 (id:1)，不是则抛出错误
+     */
+    public void checkSuperAdminOfFirst(long user_id) {
+        if (user_id == 1) {
+            Claims loginUserInfo = tokenService.getRedisTokenInfo();
+            Boolean bool = (Integer) loginUserInfo.get("user_id") == 1;
+            if (!bool) {
+                throw new CustomException(ResultEnum.AUTH_USER_ERROR.getMessage(), ResultEnum.AUTH_USER_ERROR.getCode());
+            }
+        }
+    }
+
 }

src/main/java/com/backendsys/controller/api/Systems/SysUserController.java

@@ -74,24 +74,18 @@ public class SysUserController {
      * - 2.如果传 user_id，需要具备权限才能查看他人用户信息
      * - 3.除了超管自己其他人不可以查看超管信息
      */
+    @QueryNullCheck(serviceClass = SysUserService.class, serviceMethod = "queryUserById", argField = "user_id", message = "用户不存在")
     @GetMapping("/api/system/user/getUserDetail")
     public Result getUserDetail(@Validated(SysUserDTO.Detail.class) SysUserDTO sysUserDTO) {
 
-        long user_id = httpRequestAspect.getUserId();
+        Long user_id = httpRequestAspect.getUserId();
 
         // 1.如果 user_id 为空，则查看自己
         if (sysUserDTO.getUser_id() == null) sysUserDTO.setUser_id(user_id);
-        // 2.如果是查看自己，则不需要授权
-        if (user_id != sysUserDTO.getUser_id()) {
-            if (!permissionService.hasPermi("3.2.1")) {
-                throw new CustomException(ResultEnum.AUTH_ROLE_ERROR.getMessage(), ResultEnum.AUTH_ROLE_ERROR.getCode());
-            }
-        }
-        // 3.判断是否 超级管理员(首位)(id:1)，仅首位可查看自己的信息
-        Boolean isOnlySuperAdmin = OnlySuperAdmin(sysUserDTO);
-        if (!isOnlySuperAdmin) {
-            return Result.error(ResultEnum.AUTH_USER_ERROR.getCode(), ResultEnum.AUTH_USER_ERROR.getMessage());
-        }
+        // 2.判断是否匹配当前 {用户ID} 与 {用户权限}，不是则抛出错误
+        permissionService.checkUserIdAndPermission(sysUserDTO.getUser_id(), "3.2.1");
+        // 3.判断是否 首位超级管理员 (id:1)，不是则抛出错误
+        permissionService.checkSuperAdminOfFirst(sysUserDTO.getUser_id());
 
         return Result.success(sysUserService.queryUserById(sysUserDTO.getUser_id()));
     }

src/main/java/com/backendsys/entity/System/SysUserDTO.java

@@ -44,7 +44,7 @@ public class SysUserDTO {
   /**
    * sys_user_info
    */
-  @NotNull(message="user_id 不能为空", groups = { Detail.class, Update.class, Audit.class, ResetPassword.class })
+  @NotNull(message="user_id 不能为空", groups = { Update.class, Audit.class, ResetPassword.class })
   //@Min(value = 1, message = "user_id 必须大于等于 0", groups = {Update.class, Delete.class})
   private Long user_id;
   private List<Long> user_ids;