lzz
/
yvjia


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175
							package com.backendsys.modules.system.controller;

import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.util.ObjectUtil;
import cn.hutool.core.util.ClassUtil;
import com.backendsys.aspect.QueryNullCheck;
import com.backendsys.exception.CustException;
import com.backendsys.modules.common.config.security.enums.SecurityEnum;
import com.backendsys.modules.common.config.security.utils.SecurityUtil;
import com.backendsys.modules.common.utils.Result;
import com.backendsys.modules.system.entity.SysUser.SysUserDTO;
import com.backendsys.modules.system.service.SysUserV2Service;
import com.backendsys.service.System.SysUserService;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.tags.Tag;
import jakarta.servlet.http.HttpServletRequest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.*;

import java.util.List;

@Validated
@RestController
@Tag(name = "系统用户")
public class SysUserV2Controller {


    /**
     * TODO 1.手机号码字段，需要经过验证码校验，不能用 updateUserInfo 改 (待修改)
     * TODO 2.审核用户，需要单独的表做审核记录，不能直接改字段
     */
    @Autowired
    private SysUserV2Service sysUserV2Service;

    @Operation(summary = "获得系统用户列表")
    @PreAuthorize("@sr.hasPermission('3.2')")
    @GetMapping("/api/v2/system/user/getUserList")
    public Result getUserList(SysUserDTO sysUserDTO) {
        return Result.success().put("data", sysUserV2Service.selectUserList(sysUserDTO));
    }
    @Operation(summary = "获得系统用户列表 (在线的)")
    @PreAuthorize("@ss.hasPermi('3.1')")
    @GetMapping("/api/v2/system/user/getUserOnlineList")
    public Result getUserOnlineList(SysUserDTO sysUserDTO) {
        return Result.success().put("data", sysUserV2Service.selectUserOnlineList(sysUserDTO));
    }

    /**
     * 权限：
     * - 查询用户信息 (3.2.1)
     * - 查询他人用户信息 (3.2.1.2)
     */
    @Operation(summary = "获得系统用户详情")
    @PreAuthorize("@sr.hasPermission('3.2.1')")
    @GetMapping("/api/v2/system/user/getUserDetail")
    public Result getUserDetail(@Parameter(description = "用户ID") Long user_id) {

        // 查询自身的用户信息 (不传参数)
        user_id = (user_id == null) ? SecurityUtil.getUserId() : user_id;

        // 查询他人的用户信息
        // - 查询自己 (无需权限)
        // - 查询他人 (需要权限或超级管理员)
        if (user_id != SecurityUtil.getUserId() && !SecurityUtil.hasPermission("3.2.1.2") && !SecurityUtil.isSuper()) {
            throw new CustException(SecurityEnum.NOAUTH);
        }
        return Result.success().put("data", sysUserV2Service.selectUserInfo(user_id));
    }

    /**
     * 权限：
     * - 查询用户信息权限 (3.4.1)
     * - 查询他人用户信息权限 (3.4.1.2)
     */
    @Operation(summary = "获得系统用户权限列表")
    @PreAuthorize("@sr.hasPermission('3.4.1')")
    @GetMapping("/api/v2/system/user/getUserPermission")
    public Result getUserPermission(@Parameter(description = "用户ID") Long user_id) {

        // 查询自身的用户信息 (不传参数)
        user_id = (user_id == null) ? SecurityUtil.getUserId() : user_id;

        // 查询他人的用户信息
        // - 查询自己 (无需权限)
        // - 查询他人 (需要子权限或超级管理员)
        if (user_id != SecurityUtil.getUserId() && !SecurityUtil.hasPermission("3.4.1.2") && !SecurityUtil.isSuper()) {
            throw new CustException(SecurityEnum.NOAUTH);
        }
        return Result.success().put("data", sysUserV2Service.selectUserModule(user_id));
    }

    @Operation(summary = "创建系统用户")
    @PreAuthorize("@ss.hasPermi('3.2.2')")
    @PostMapping("/api/v2/system/user/createUser")
    public Result createUser(@Validated(SysUserDTO.Create.class) @RequestBody SysUserDTO sysUserDTO) {
        return Result.success().put("data", sysUserV2Service.insertUser(sysUserDTO));
    }

    /**
     * 权限：
     * - 编辑用户信息权限 (3.2.3)
     * - 编辑他人用户信息权限 (3.2.3.2)
     */
    @Operation(summary = "编辑系统用户信息")
    @PreAuthorize("@ss.hasPermi('3.2.3')")
    @PutMapping("/api/v2/system/user/updateUserInfo")
    public Result updateUserInfo(@Validated(SysUserDTO.Update.class) @RequestBody SysUserDTO sysUserDTO) {

        // - 不传 user_id 时，修改目标为 当前用户
        Long user_id = sysUserDTO.getUser_id();
        if (ObjectUtil.isEmpty(user_id)) {
            user_id = SecurityUtil.getUserId();
            sysUserDTO.setUser_id(user_id);
        } else if (!SecurityUtil.getUserId().equals(1L) && user_id.equals(1L)) {
            throw new CustException("不能编辑超管账号");
        }

        // 编辑他人的用户信息
        // - 编辑自己 (无需权限)
        // - 编辑他人 (需要子权限或超级管理员)
        if (user_id != SecurityUtil.getUserId() && !SecurityUtil.hasPermission("3.2.3.2") && !SecurityUtil.isSuper()) {
            throw new CustException(SecurityEnum.NOAUTH);
        }

        // 防止手动更新字段
        sysUserDTO.setLast_login_time(null);
        sysUserDTO.setLast_login_ip(null);

        return Result.success().put("data", sysUserV2Service.updateUserInfo(sysUserDTO));
    }

    /**
     * 权限：(同上)
     */
    @Operation(summary = "编辑系统用户密码")
    @PreAuthorize("@ss.hasPermi('3.2.3')")
    @PutMapping("/api/v2/system/user/updateUserPassword")
    public Result updateUserPassword(@Validated(SysUserDTO.UpdatePassword.class) @RequestBody SysUserDTO sysUserDTO) {

        // - 不传 user_id 时，修改目标为 当前用户
        Long user_id = sysUserDTO.getUser_id();
        if (ObjectUtil.isEmpty(user_id)) {
            user_id = SecurityUtil.getUserId();
            sysUserDTO.setUser_id(user_id);
        } else if (!SecurityUtil.getUserId().equals(1L) && user_id.equals(1L)) {
            throw new CustException("不能编辑超管账号");
        }

        // 编辑他人的用户信息
        // - 编辑自己 (无需权限)
        // - 编辑他人 (需要子权限或超级管理员)
        if (user_id != SecurityUtil.getUserId() && !SecurityUtil.hasPermission("3.2.3.2") && !SecurityUtil.isSuper()) {
            throw new CustException(SecurityEnum.NOAUTH);
        }

        return Result.success().put("data", sysUserV2Service.updateUserPassword(sysUserDTO));
    }

    @Operation(summary = "删除系统用户")
    @PreAuthorize("@ss.hasPermi('3.2.4')")
    @DeleteMapping("/api/v2/system/user/deleteUser")
    public Result deleteUser(@Validated(SysUserDTO.Delete.class) @RequestBody SysUserDTO sysUserDTO) {

        List<Long> user_ids = sysUserDTO.getUser_ids();
        Long my_user_id = SecurityUtil.getUserId();
        if (user_ids.contains(my_user_id)) throw new CustException("不能删除自己的账号");
        if (user_ids.contains(1L)) throw new CustException("不能删除超管账号");

        return Result.success().put("data", sysUserV2Service.deleteUser(user_ids));
    }

}