重构接口(SysUser)

db/Import/import_ubuntu.sh

@@ -13,7 +13,7 @@
 
 # MySQL 8.x 登录凭据
 username="root"
-password="Yqo%gGAK5!NSr!Pv"
+password="xxxxxxxx"
 database="backendsys"
 
 # SQL文件所在的目录

src/main/java/com/backendsys/modules/common/utils/MybatisUtil.java

@@ -0,0 +1,23 @@
+package com.backendsys.modules.common.utils;
+
+import com.backendsys.exception.CustException;
+import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
+import com.baomidou.mybatisplus.core.mapper.BaseMapper;
+public class MybatisUtil {
+    /**
+     * 判断记录是否存在 (抛出异常)
+     */
+    public static <T, M extends BaseMapper> void checkExists(M mapper, String key, T value, String message) {
+        Long count = mapper.selectCount(new QueryWrapper<>().eq(key, value));
+        if (count == 0) {
+            throw new CustException(message);
+        }
+    }
+    /**
+     * 判断记录是否存在 (返回Boolean)
+     */
+    public static <T, M extends BaseMapper> Boolean checkExists(M mapper, String key, T value) {
+        Long count = mapper.selectCount(new QueryWrapper<>().eq(key, value));
+        return count == 0;
+    }
+}

src/main/java/com/backendsys/modules/system/controller/SysUserV2Controller.java

@@ -1,27 +1,22 @@
 package com.backendsys.modules.system.controller;
 
-import com.backendsys.aspect.QueryNullCheck;
+import cn.hutool.core.util.ObjectUtil;
 import com.backendsys.exception.CustException;
-import com.backendsys.modules.common.aspect.QueryNullCheckV2;
 import com.backendsys.modules.common.config.security.enums.SecurityEnum;
 import com.backendsys.modules.common.config.security.utils.SecurityUtil;
 import com.backendsys.modules.common.utils.Result;
-import com.backendsys.modules.system.dao.SysUserInfoDao;
 import com.backendsys.modules.system.entity.SysUser.SysUserDTO;
-import com.backendsys.modules.system.entity.SysUser.SysUserInfo;
 import com.backendsys.modules.system.service.SysUserV2Service;
-import com.backendsys.service.B2c.B2cGoodUnitService;
 import com.backendsys.service.System.SysUserService;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.servlet.http.HttpServletRequest;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
-import java.lang.reflect.Method;
-
 @Validated
 @RestController
 @Tag(name = "系统用户")
@@ -100,6 +95,10 @@ public class SysUserV2Controller {
     }
 
 
+    /**
+     * TODO 1.手机号码字段，需要经过验证码校验，不能用 updateUserInfo 改 (待修改)
+     * TODO 2.审核用户，需要单独的表做审核记录，不能直接改字段
+     */
     /**
      * 权限：
      * - 编辑用户信息权限 (3.2.3)
@@ -107,17 +106,11 @@ public class SysUserV2Controller {
      */
     @Operation(summary = "编辑系统用户信息")
     @PreAuthorize("@ss.hasPermi('3.2.3')")
-//    @QueryNullCheck(serviceClass = SysUserService.class, serviceMethod = "queryUserById", argField = "user_id", message = "用户不存在")
-
-    // 拿不到 dao，没意义，待弃用
-    @QueryNullCheckV2(service = SysUserV2Service.class, field = "user_id", message = "用户不存在")
-//    @QueryNullCheckV2(service = SysUserInfoDao.class, field = "user_id", message = "用户不存在")
     @PutMapping("/api/v2/system/user/updateUserInfo")
     public Result updateUserInfo(@Validated(SysUserDTO.Update.class) @RequestBody SysUserDTO sysUserDTO) {
 
-//        sysUserInfoDao.selectById()
-
-        // 还是写一个工具类方法吧，能调用 dao selectById 的方法
+        // - 不传 user_id 时，修改目标为 当前用户
+        if (ObjectUtil.isEmpty(sysUserDTO.getUser_id())) sysUserDTO.setUser_id(SecurityUtil.getUserId());
 
         // 编辑他人的用户信息
         // - 编辑自己 (无需权限)
@@ -134,4 +127,25 @@ public class SysUserV2Controller {
         return Result.success().put("data", sysUserV2Service.updateUserInfo(sysUserDTO));
     }
 
+    @Operation(summary = "编辑系统用户密码")
+    @PreAuthorize("@ss.hasPermi('3.2.3')")
+    @PutMapping("/api/v2/system/user/updateUserPassword")
+    public Result updateUserPassword(@Validated(SysUserDTO.UpdatePassword.class) @RequestBody SysUserDTO sysUserDTO) {
+
+        // - 不传 user_id 时，修改目标为 当前用户
+        if (ObjectUtil.isEmpty(sysUserDTO.getUser_id())) sysUserDTO.setUser_id(SecurityUtil.getUserId());
+
+        // 编辑他人的用户信息
+        // - 编辑自己 (无需权限)
+        // - 编辑他人 (需要子权限或超级管理员)
+        Long user_id = sysUserDTO.getUser_id();
+        if (user_id != SecurityUtil.getUserId() && !SecurityUtil.hasPermission("3.2.3.2") && !SecurityUtil.isSuper()) {
+            throw new CustException(SecurityEnum.NOAUTH);
+        }
+
+        return Result.success().put("data", sysUserV2Service.updateUserPassword(sysUserDTO));
+    }
+
+
+
 }

src/main/java/com/backendsys/modules/system/entity/SysUser/SysUserDTO.java

@@ -17,7 +17,7 @@ public class SysUserDTO {
   public static interface Create{}
   public static interface Register{}
   public static interface Update{}
-  public static interface UpdatePasswordSelf{}
+  public static interface UpdatePassword{}
   public static interface Audit{}
   public static interface ResetPassword{}
   public static interface Delete{}
@@ -30,12 +30,12 @@ public class SysUserDTO {
   @NotEmpty(message="用户名不能为空", groups = { Login.class, Create.class, Register.class })
   @Size(min = 2, max = 20, message = "用户名长度在 {min}-{max} 字符", groups = { Login.class, Create.class, Register.class })
   private String username;
-  @NotEmpty(message="密码不能为空", groups = { Login.class, Create.class, Register.class, UpdatePasswordSelf.class, ForgotPassword.class })
+  @NotEmpty(message="密码不能为空", groups = { Login.class, Create.class, Register.class, UpdatePassword.class, ForgotPassword.class })
   private String password;
 
   private Boolean is_remember;
 
-  @NotEmpty(message="原密码不能为空", groups = { UpdatePasswordSelf.class })
+  @NotEmpty(message="原密码不能为空", groups = { UpdatePassword.class })
   private String old_password;
   @NotEmpty(message="验证码不能为空", groups = { Login.class, Register.class })
   private String captcha;
@@ -43,7 +43,7 @@ public class SysUserDTO {
   /**
    * sys_user_info
    */
-  @NotNull(message="user_id 不能为空", groups = { Update.class, Detail.class, Audit.class, ResetPassword.class })
+  @NotNull(message="user_id 不能为空", groups = { Detail.class, Audit.class, ResetPassword.class })
   //@Min(value = 1, message = "user_id 必须大于等于 0", groups = {Update.class, Delete.class})
   private Long user_id;
   private List<Long> user_ids;

src/main/java/com/backendsys/modules/system/service/SysUserV2Service.java

@@ -4,7 +4,6 @@ import com.backendsys.modules.system.entity.SysUser.SysUser;
 import com.backendsys.modules.system.entity.SysUser.SysUserDTO;
 import com.backendsys.modules.system.entity.SysUser.SysUserInfo;
 import com.backendsys.utils.response.PageEntity;
-import com.backendsys.utils.response.PageInfoResult;
 import com.baomidou.mybatisplus.extension.service.IService;
 
 import java.util.List;
@@ -12,20 +11,18 @@ import java.util.Map;
 
 public interface SysUserV2Service extends IService<SysUser> {
 
-//    SysUserInfo selectById(Long user_id);
-
     // 获得系统用户列表
     PageEntity selectUserList(SysUserDTO sysUserDTO);
     // 获得系统用户列表 (在线的)
     PageEntity selectUserOnlineList(SysUserDTO sysUserDTO);
     // 获得系统用户详情
     SysUserInfo selectUserInfo(Long user_id);
-
     // 获得系统用户权限
     List<String> selectUserModule(Long user_id);
 
     // 创建系统用户
     Map<String, Object> insertUser(SysUserDTO sysUserDTO);
     Map<String, Object> updateUserInfo(SysUserDTO sysUserDTO);
+    Map<String, Object> updateUserPassword(SysUserDTO sysUserDTO);
 
 }

src/main/java/com/backendsys/modules/system/service/impl/SysUserV2ServiceImpl.java

@@ -2,6 +2,7 @@ package com.backendsys.modules.system.service.impl;
 
 import com.backendsys.exception.CustException;
 import com.backendsys.modules.common.config.redis.utils.RedisUtil;
+import com.backendsys.modules.common.utils.MybatisUtil;
 import com.backendsys.modules.system.dao.*;
 import com.backendsys.modules.system.entity.SysUser.SysUser;
 import com.backendsys.modules.system.entity.SysUser.SysUserDTO;
@@ -10,6 +11,8 @@ import com.backendsys.modules.system.entity.SysUser.SysUserRole;
 import com.backendsys.modules.system.service.SysUserV2Service;
 import com.backendsys.utils.response.PageEntity;
 import com.backendsys.utils.response.PageInfoResult;
+import com.backendsys.utils.response.Result;
+import com.backendsys.utils.response.ResultEnum;
 import com.backendsys.utils.v2.PageUtils;
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
@@ -18,7 +21,6 @@ import org.redisson.api.RedissonClient;
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Lazy;
-import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
@@ -72,12 +74,6 @@ public class SysUserV2ServiceImpl extends ServiceImpl<SysUserDao, SysUser> imple
         return new PageInfoResult(list).toEntity();
     }
 
-//    @Override
-//    public SysUserInfo selectById(Long user_id) {
-////        return sysUserInfoDao.selectOne(new QueryWrapper<SysUserInfo>().eq("user_id", user_id));
-//        return sysUserInfoDao.selectById(user_id);
-//    }
-
     /**
      * 获得系统用户详情
      */
@@ -160,6 +156,9 @@ public class SysUserV2ServiceImpl extends ServiceImpl<SysUserDao, SysUser> imple
         RLock lock = redissonClient.getLock("updateUserInfo");
         try { lock.tryLock(3, TimeUnit.SECONDS);
 
+            // 判断记录是否存在
+            MybatisUtil.checkExists(sysUserDao, "id", sysUserDTO.getUser_id(), "用户不存在");
+
             // 当 status 状态为 -1(禁用) 时，同时清除登录状态
             Integer status = sysUserDTO.getStatus();
             if (status != null && status == -1) {
@@ -176,5 +175,38 @@ public class SysUserV2ServiceImpl extends ServiceImpl<SysUserDao, SysUser> imple
         } finally { lock.unlock(); }
     }
 
+    /**
+     * 编辑系统用户密码
+     */
+    @Override
+    @Transactional
+    public Map<String, Object> updateUserPassword(SysUserDTO sysUserDTO) {
+        RLock lock = redissonClient.getLock("updateUserPassword");
+        try { lock.tryLock(3, TimeUnit.SECONDS);
+
+            // 查询用户
+            SysUser sysUser = sysUserDao.selectOne(new QueryWrapper<SysUser>().eq("id", sysUserDTO.getUser_id()));
+            if (sysUser == null) throw new CustException("原密码不正确");
+
+            BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
 
+            // [判断] 原密码是否正确
+            String old_password_request = sysUserDTO.getOld_password();
+            String old_password = sysUser.getPassword();
+            if (!encoder.matches(old_password_request, old_password)) {
+                throw new CustException("原密码不正确");
+            }
+
+            // 密码二次加密
+            SysUser entity = new SysUser();
+            entity.setId(sysUserDTO.getUser_id());
+            entity.setPassword(encoder.encode(sysUserDTO.getPassword()));
+            System.out.println(entity);
+            sysUserDao.updateById(entity);
+
+            return Map.of("user_id", sysUserDTO.getUser_id());
+
+        } catch (InterruptedException e) { throw new RuntimeException(e);
+        } finally { lock.unlock(); }
+    }
 }