package com.backendsys.modules.system.controller; import cn.hutool.core.collection.CollUtil; import cn.hutool.core.util.ObjectUtil; import cn.hutool.core.util.ClassUtil; import com.backendsys.aspect.QueryNullCheck; import com.backendsys.exception.CustException; import com.backendsys.modules.common.config.security.enums.SecurityEnum; import com.backendsys.modules.common.config.security.utils.SecurityUtil; import com.backendsys.modules.common.utils.Result; import com.backendsys.modules.system.entity.SysUser.SysUserDTO; import com.backendsys.modules.system.service.SysUserV2Service; import com.backendsys.service.System.SysUserService; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.tags.Tag; import jakarta.servlet.http.HttpServletRequest; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.*; import java.util.List; @Validated @RestController @Tag(name = "系统用户") public class SysUserV2Controller { /** * TODO 1.手机号码字段,需要经过验证码校验,不能用 updateUserInfo 改 (待修改) * TODO 2.审核用户,需要单独的表做审核记录,不能直接改字段 */ @Autowired private SysUserV2Service sysUserV2Service; @Operation(summary = "获得系统用户列表") @PreAuthorize("@sr.hasPermission('3.2')") @GetMapping("/api/v2/system/user/getUserList") public Result getUserList(SysUserDTO sysUserDTO) { return Result.success().put("data", sysUserV2Service.selectUserList(sysUserDTO)); } @Operation(summary = "获得系统用户列表 (在线的)") @PreAuthorize("@ss.hasPermi('3.1')") @GetMapping("/api/v2/system/user/getUserOnlineList") public Result getUserOnlineList(SysUserDTO sysUserDTO) { return Result.success().put("data", sysUserV2Service.selectUserOnlineList(sysUserDTO)); } /** * 权限: * - 查询用户信息 (3.2.1) * - 查询他人用户信息 (3.2.1.2) */ @Operation(summary = "获得系统用户详情") @PreAuthorize("@sr.hasPermission('3.2.1')") @GetMapping("/api/v2/system/user/getUserDetail") public Result getUserDetail(@Parameter(description = "用户ID") Long user_id) { // 查询自身的用户信息 (不传参数) user_id = (user_id == null) ? SecurityUtil.getUserId() : user_id; // 查询他人的用户信息 // - 查询自己 (无需权限) // - 查询他人 (需要权限或超级管理员) if (user_id != SecurityUtil.getUserId() && !SecurityUtil.hasPermission("3.2.1.2") && !SecurityUtil.isSuper()) { throw new CustException(SecurityEnum.NOAUTH); } return Result.success().put("data", sysUserV2Service.selectUserInfo(user_id)); } /** * 权限: * - 查询用户信息权限 (3.4.1) * - 查询他人用户信息权限 (3.4.1.2) */ @Operation(summary = "获得系统用户权限列表") @PreAuthorize("@sr.hasPermission('3.4.1')") @GetMapping("/api/v2/system/user/getUserPermission") public Result getUserPermission(@Parameter(description = "用户ID") Long user_id) { // 查询自身的用户信息 (不传参数) user_id = (user_id == null) ? SecurityUtil.getUserId() : user_id; // 查询他人的用户信息 // - 查询自己 (无需权限) // - 查询他人 (需要子权限或超级管理员) if (user_id != SecurityUtil.getUserId() && !SecurityUtil.hasPermission("3.4.1.2") && !SecurityUtil.isSuper()) { throw new CustException(SecurityEnum.NOAUTH); } return Result.success().put("data", sysUserV2Service.selectUserModule(user_id)); } @Operation(summary = "创建系统用户") @PreAuthorize("@ss.hasPermi('3.2.2')") @PostMapping("/api/v2/system/user/createUser") public Result createUser(@Validated(SysUserDTO.Create.class) @RequestBody SysUserDTO sysUserDTO) { return Result.success().put("data", sysUserV2Service.insertUser(sysUserDTO)); } /** * 权限: * - 编辑用户信息权限 (3.2.3) * - 编辑他人用户信息权限 (3.2.3.2) */ @Operation(summary = "编辑系统用户信息") @PreAuthorize("@ss.hasPermi('3.2.3')") @PutMapping("/api/v2/system/user/updateUserInfo") public Result updateUserInfo(@Validated(SysUserDTO.Update.class) @RequestBody SysUserDTO sysUserDTO) { // - 不传 user_id 时,修改目标为 当前用户 Long user_id = sysUserDTO.getUser_id(); if (ObjectUtil.isEmpty(user_id)) { user_id = SecurityUtil.getUserId(); sysUserDTO.setUser_id(user_id); } else if (!SecurityUtil.getUserId().equals(1L) && user_id.equals(1L)) { throw new CustException("不能编辑超管账号"); } // 编辑他人的用户信息 // - 编辑自己 (无需权限) // - 编辑他人 (需要子权限或超级管理员) if (user_id != SecurityUtil.getUserId() && !SecurityUtil.hasPermission("3.2.3.2") && !SecurityUtil.isSuper()) { throw new CustException(SecurityEnum.NOAUTH); } // 防止手动更新字段 sysUserDTO.setLast_login_time(null); sysUserDTO.setLast_login_ip(null); return Result.success().put("data", sysUserV2Service.updateUserInfo(sysUserDTO)); } /** * 权限:(同上) */ @Operation(summary = "编辑系统用户密码") @PreAuthorize("@ss.hasPermi('3.2.3')") @PutMapping("/api/v2/system/user/updateUserPassword") public Result updateUserPassword(@Validated(SysUserDTO.UpdatePassword.class) @RequestBody SysUserDTO sysUserDTO) { // - 不传 user_id 时,修改目标为 当前用户 Long user_id = sysUserDTO.getUser_id(); if (ObjectUtil.isEmpty(user_id)) { user_id = SecurityUtil.getUserId(); sysUserDTO.setUser_id(user_id); } else if (!SecurityUtil.getUserId().equals(1L) && user_id.equals(1L)) { throw new CustException("不能编辑超管账号"); } // 编辑他人的用户信息 // - 编辑自己 (无需权限) // - 编辑他人 (需要子权限或超级管理员) if (user_id != SecurityUtil.getUserId() && !SecurityUtil.hasPermission("3.2.3.2") && !SecurityUtil.isSuper()) { throw new CustException(SecurityEnum.NOAUTH); } return Result.success().put("data", sysUserV2Service.updateUserPassword(sysUserDTO)); } @Operation(summary = "删除系统用户") @PreAuthorize("@ss.hasPermi('3.2.4')") @DeleteMapping("/api/v2/system/user/deleteUser") public Result deleteUser(@Validated(SysUserDTO.Delete.class) @RequestBody SysUserDTO sysUserDTO) { List user_ids = sysUserDTO.getUser_ids(); Long my_user_id = SecurityUtil.getUserId(); if (user_ids.contains(my_user_id)) throw new CustException("不能删除自己的账号"); if (user_ids.contains(1L)) throw new CustException("不能删除超管账号"); return Result.success().put("data", sysUserV2Service.deleteUser(user_ids)); } }