|
|
@@ -3,9 +3,11 @@ package com.backendsys.controller.api.Systems;
|
|
|
import com.backendsys.aspect.HttpRequestAspect;
|
|
|
import com.backendsys.aspect.QueryNullCheck;
|
|
|
import com.backendsys.aspect.QueryNullCheckAspect;
|
|
|
+import com.backendsys.config.Security.service.PermissionService;
|
|
|
import com.backendsys.config.Security.service.TokenService;
|
|
|
import com.backendsys.entity.PageDTO;
|
|
|
import com.backendsys.entity.System.SysUserDTO;
|
|
|
+import com.backendsys.exception.CustomException;
|
|
|
import com.backendsys.service.System.SysAuthService;
|
|
|
import com.backendsys.utils.response.Result;
|
|
|
import com.backendsys.service.System.SysUserService;
|
|
|
@@ -34,10 +36,10 @@ public class SysUserController {
|
|
|
private HttpRequestAspect httpRequestAspect;
|
|
|
|
|
|
@Autowired
|
|
|
- private SysUserService sysUserService;
|
|
|
+ private PermissionService permissionService;
|
|
|
|
|
|
@Autowired
|
|
|
- private SysAuthService sysAuthService;
|
|
|
+ private SysUserService sysUserService;
|
|
|
|
|
|
@Autowired
|
|
|
private TokenService tokenService;
|
|
|
@@ -66,18 +68,32 @@ public class SysUserController {
|
|
|
return Result.success(sysUserService.queryUserList(pageDTO.getPage_num(), pageDTO.getPage_size(), sysUserDTO));
|
|
|
}
|
|
|
|
|
|
- @PreAuthorize("@ss.hasPermi('3.2.1')")
|
|
|
- @QueryNullCheck(serviceClass = SysUserService.class, serviceMethod = "queryUserById", argField = "user_id", message = "用户不存在")
|
|
|
+ /**
|
|
|
+ * 查看用户详情
|
|
|
+ * - 1.如果不传 user_id 则查看自己的用户信息
|
|
|
+ * - 2.如果传 user_id,需要具备权限才能查看他人用户信息
|
|
|
+ * - 3.除了超管自己其他人不可以查看超管信息
|
|
|
+ */
|
|
|
@GetMapping("/api/system/user/getUserDetail")
|
|
|
public Result getUserDetail(@Validated(SysUserDTO.Detail.class) SysUserDTO sysUserDTO) {
|
|
|
|
|
|
- // 判断不可为超级管理员(首位)
|
|
|
+ long user_id = httpRequestAspect.getUserId();
|
|
|
+
|
|
|
+ // 1.如果 user_id 为空,则查看自己
|
|
|
+ if (sysUserDTO.getUser_id() == null) sysUserDTO.setUser_id(user_id);
|
|
|
+ // 2.如果是查看自己,则不需要授权
|
|
|
+ if (user_id != sysUserDTO.getUser_id()) {
|
|
|
+ if (!permissionService.hasPermi("3.2.1")) {
|
|
|
+ throw new CustomException(ResultEnum.AUTH_ROLE_ERROR.getMessage(), ResultEnum.AUTH_ROLE_ERROR.getCode());
|
|
|
+ }
|
|
|
+ }
|
|
|
+ // 3.判断是否 超级管理员(首位)(id:1),仅首位可查看自己的信息
|
|
|
Boolean isOnlySuperAdmin = OnlySuperAdmin(sysUserDTO);
|
|
|
if (!isOnlySuperAdmin) {
|
|
|
return Result.error(ResultEnum.AUTH_USER_ERROR.getCode(), ResultEnum.AUTH_USER_ERROR.getMessage());
|
|
|
}
|
|
|
|
|
|
- return Result.success(QueryNullCheckAspect.getQueryResult());
|
|
|
+ return Result.success(sysUserService.queryUserById(sysUserDTO.getUser_id()));
|
|
|
}
|
|
|
|
|
|
@PreAuthorize("@ss.hasPermi('3.2.2')")
|
