Эхлэл Бүгдийг харах Тусламж
Нэвтрэх
lzz
/
yvjia
1
0
Салаа 0
Файлууд Асуудлууд 0 Хуулах хүсэлтүүд 0 Мэдлэгийн сан
Мод: cd66cfa5e9
Салаанууд Тагууд
yvjia
/
src
/
main
/
java
/
com
/
backendsys
/
modules
/
system
/
controller
/
SysUserController.java

SysUserController.java 11 KB
Түүх Анхны өгөгдөл

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267 
  1. package com.backendsys.modules.system.controller;
    2. 

  2. 

  3. import cn.hutool.core.util.ObjectUtil;
    4. 

  4. import com.backendsys.exception.CustException;
    5. 

  5. import com.backendsys.modules.common.aspect.SysLog;
    6. 

  6. import com.backendsys.modules.common.config.security.enums.SecurityEnum;
    7. 

  7. import com.backendsys.modules.common.config.security.utils.SecurityUtil;
    8. 

  8. import com.backendsys.modules.common.utils.Result;
    9. 

  9. import com.backendsys.modules.system.entity.SysUserDTO;
    10. 

  10. import com.backendsys.modules.system.entity.SysUserRoleInfo;
    11. 

  11. import com.backendsys.modules.system.service.SysUserService;
    12. 

  12. import com.backendsys.utils.response.PageEntity;
    13. 

  13. import io.swagger.v3.oas.annotations.Operation;
    14. 

  14. import io.swagger.v3.oas.annotations.Parameter;
    15. 

  15. import io.swagger.v3.oas.annotations.tags.Tag;
    16. 

  16. import org.springframework.beans.factory.annotation.Autowired;
    17. 

  17. import org.springframework.security.access.prepost.PreAuthorize;
    18. 

  18. import org.springframework.validation.annotation.Validated;
    19. 

  19. import org.springframework.web.bind.annotation.*;
    20. 

  20. 

  21. import java.util.List;
    22. 

  22. 

  23. @Validated
    24. 

  24. @RestController
    25. 

  25. @Tag(name = "系统用户")
    26. 

  26. public class SysUserController {
    27. 

  27. 

  28.     /**
    29. 

  29.      * TODO 1.手机号码字段,需要经过验证码校验,不能用 updateUserInfo 改 (待修改)
    30. 

  30.      * TODO 2.审核用户,需要单独的表做审核记录,不能直接改字段
    31. 

  31.      */
    32. 

  32. 

  33.     @Autowired
    34. 

  34.     private SecurityUtil securityUtil;
    35. 

  35. 

  36.     @Autowired
    37. 

  37.     private SysUserService sysUserService;
    38. 

  38. 

  39.     @Operation(summary = "获取系统用户列表")
    40. 

  40.     @PreAuthorize("@sr.hasPermission('3.2')")
    41. 

  41.     @GetMapping("/api/system/user/getUserList")
    42. 

  42.     public Result getUserList(SysUserDTO sysUserDTO) {
    43. 

  43.         return Result.success().put("data", sysUserService.selectUserList(sysUserDTO));
    44. 

  44.     }
    45. 

  45. 

  46.     @Operation(summary = "获取系统用户列表 (在线的)")
    47. 

  47.     @PreAuthorize("@sr.hasPermission('3.1')")
    48. 

  48.     @GetMapping("/api/system/user/getUserOnlineList")
    49. 

  49.     public Result getUserOnlineList(SysUserDTO sysUserDTO) {
    50. 

  50.         return Result.success().put("data", sysUserService.selectUserOnlineList(sysUserDTO));
    51. 

  51.     }
    52. 

  52. 

  53.     /**
    54. 

  54.      * 权限:
    55. 

  55.      * - 查询用户信息 (3.2.1)
    56. 

  56.      * - 查询他人用户信息 (3.2.1.2)
    57. 

  57.      */
    58. 

  58.     @Operation(summary = "获取系统用户详情")
    59. 

  59.     @PreAuthorize("@sr.hasPermission('3.2.1')")
    60. 

  60.     @GetMapping("/api/system/user/getUserDetail")
    61. 

  61.     public Result getUserDetail(@Parameter(description = "用户ID") Long user_id) {
    62. 

  62. 

  63.         // 查询自身的用户信息 (不传参数)
    64. 

  64.         user_id = (user_id == null) ? SecurityUtil.getUserId() : user_id;
    65. 

  65. 

  66.         // 查询他人的用户信息
    67. 

  67.         // - 查询自己 (无需权限)
    68. 

  68.         // - 查询他人 (需要权限或超级管理员)
    69. 

  69.         if (user_id != SecurityUtil.getUserId() && !securityUtil.hasPermission("3.2.1.2")) {
    70. 

  70.             throw new CustException(SecurityEnum.NOAUTH);
    71. 

  71.         }
    72. 

  72. 

  73.         return Result.success().put("data", sysUserService.selectUserInfoSimple(user_id));
    74. 

  74.     }
    75. 

  75. 

  76.     @SysLog("创建系统用户")
    77. 

  77.     @Operation(summary = "创建系统用户")
    78. 

  78.     @PreAuthorize("@sr.hasPermission('3.2.2')")
    79. 

  79.     @PostMapping("/api/system/user/createUser")
    80. 

  80.     public Result createUser(@Validated(SysUserDTO.Create.class) @RequestBody SysUserDTO sysUserDTO) {
    81. 

  81.         return Result.success().put("data", sysUserService.insertUser(sysUserDTO));
    82. 

  82.     }
    83. 

  83. 

  84.     /**
    85. 

  85.      * 权限:
    86. 

  86.      * - 编辑用户信息权限 (3.2.3)
    87. 

  87.      * - 编辑他人用户信息权限 (3.2.3.2)
    88. 

  88.      */
    89. 

  89.     @SysLog("编辑系统用户信息")
    90. 

  90.     @Operation(summary = "编辑系统用户信息")
    91. 

  91.     @PreAuthorize("@sr.hasPermission('3.2.3')")
    92. 

  92.     @PutMapping("/api/system/user/updateUserInfo")
    93. 

  93.     public Result updateUserInfo(@Validated(SysUserDTO.Update.class) @RequestBody SysUserDTO sysUserDTO) {
    94. 

  94. 

  95.         // - 不传 user_id 时,修改目标为 当前用户
    96. 

  96.         Long user_id = sysUserDTO.getUser_id();
    97. 

  97.         if (ObjectUtil.isEmpty(user_id)) {
    98. 

  98.             user_id = SecurityUtil.getUserId();
    99. 

  99.             sysUserDTO.setUser_id(user_id);
    100. 

  100.         } else if (SecurityUtil.getUserId() != 1L && user_id == 1L) {
    101. 

  101.             throw new CustException("不能编辑超管账号");
    102. 

  102.         }
    103. 

  103.         // 编辑他人的用户信息
    104. 

  104.         // - 编辑自己 (无需权限)
    105. 

  105.         // - 编辑他人 (需要子权限或超级管理员)
    106. 

  106.         if (user_id != SecurityUtil.getUserId() && !securityUtil.hasPermission("3.2.3.2")) {
    107. 

  107.             throw new CustException(SecurityEnum.NOAUTH);
    108. 

  108.         }
    109. 

  109.         // 防止手动更新字段
    110. 

  110.         sysUserDTO.setLast_login_time(null);
    111. 

  111.         sysUserDTO.setLast_login_ip(null);
    112. 

  112. 

  113.         return Result.success().put("data", sysUserService.updateUserInfo(sysUserDTO));
    114. 

  114.     }
    115. 

  115. 

  116.     @SysLog("编辑系统用户角色绑定")
    117. 

  117.     @Operation(summary = "编辑系统用户角色绑定")
    118. 

  118.     @PreAuthorize("@sr.hasPermission('3.2.3.5')")
    119. 

  119.     @PutMapping("/api/system/user/updateUserRoleInfo")
    120. 

  120.     public Result updateUserRoleInfo(@Validated(SysUserRoleInfo.Update.class) @RequestBody SysUserRoleInfo sysUserRoleInfo) {
    121. 

  121. 

  122.         // - 不传 user_id 时,修改目标为 当前用户
    123. 

  123.         Long user_id = sysUserRoleInfo.getUser_id();
    124. 

  124.         if (ObjectUtil.isEmpty(user_id)) {
    125. 

  125.             user_id = SecurityUtil.getUserId();
    126. 

  126.             sysUserRoleInfo.setUser_id(user_id);
    127. 

  127.         } else if (!SecurityUtil.getUserId().equals(1L) && user_id.equals(1L)) {
    128. 

  128.             throw new CustException("不能编辑超管账号");
    129. 

  129.         }
    130. 

  130. 

  131.         return Result.success().put("data", sysUserService.updateUserRoleInfo(sysUserRoleInfo));
    132. 

  132.     }
    133. 

  133. 

  134.     @SysLog("编辑系统用户密码")
    135. 

  135.     @Operation(summary = "编辑系统用户密码")
    136. 

  136.     @PreAuthorize("@sr.hasPermission('3.2.3.3')")
    137. 

  137.     @PutMapping("/api/system/user/updateUserPassword")
    138. 

  138.     public Result updateUserPassword(@Validated(SysUserDTO.UpdatePassword.class) @RequestBody SysUserDTO sysUserDTO) {
    139. 

  139. 

  140.         // - 不传 user_id 时,修改目标为 当前用户
    141. 

  141.         Long user_id = sysUserDTO.getUser_id();
    142. 

  142.         if (ObjectUtil.isEmpty(user_id)) {
    143. 

  143.             user_id = SecurityUtil.getUserId();
    144. 

  144.             sysUserDTO.setUser_id(user_id);
    145. 

  145.         } else if (!SecurityUtil.getUserId().equals(1L) && user_id.equals(1L)) {
    146. 

  146.             throw new CustException("不能编辑超管账号");
    147. 

  147.         }
    148. 

  148.         // 编辑他人的用户信息
    149. 

  149.         // - 编辑自己 (无需权限)
    150. 

  150.         // - 编辑他人 (需要子权限或超级管理员)
    151. 

  151.         if (user_id != SecurityUtil.getUserId() && !securityUtil.hasPermission("3.2.3.2")) {
    152. 

  152.             throw new CustException(SecurityEnum.NOAUTH);
    153. 

  153.         }
    154. 

  154. 

  155.         return Result.success().put("data", sysUserService.updateUserPassword(sysUserDTO));
    156. 

  156.     }
    157. 

  157. 

  158.     @SysLog("重置系统用户密码")
    159. 

  159.     @Operation(summary = "重置系统用户密码")
    160. 

  160.     @PreAuthorize("@sr.hasPermission('3.2.3.4')")
    161. 

  161.     @PutMapping("/api/system/user/resetUserPassword")
    162. 

  162.     public Result resetUserPassword(@Validated(SysUserDTO.ResetPassword.class) @RequestBody SysUserDTO sysUserDTO) {
    163. 

  163. 

  164.         // 判断不可为超级管理员(首位)
    165. 

  165.         Long user_id = sysUserDTO.getUser_id();
    166. 

  166.         if (user_id != null && user_id == 1L) throw new CustException("不能重置超管账号密码");
    167. 

  167. 

  168.         // 判断是否为自身重置,自身密码不能重置,只能修改
    169. 

  169.         Long self_user_id = SecurityUtil.getUserId();
    170. 

  170.         Long request_user_id = sysUserDTO.getUser_id();
    171. 

  171.         if (request_user_id != null && self_user_id == request_user_id) {
    172. 

  172.             throw new CustException("不能重置自身密码,请自行修改密码");
    173. 

  173.         }
    174. 

  174. 

  175.         return Result.success().put("data", sysUserService.resetUserPassword(sysUserDTO));
    176. 

  176.     }
    177. 

  177. 

  178.     @SysLog("删除系统用户")
    179. 

  179.     @Operation(summary = "删除系统用户")
    180. 

  180.     @PreAuthorize("@sr.hasPermission('3.2.4')")
    181. 

  181.     @DeleteMapping("/api/system/user/deleteUser")
    182. 

  182.     public Result deleteUser(@Validated(SysUserDTO.Delete.class) @RequestBody SysUserDTO sysUserDTO) {
    183. 

  183. 

  184.         Long user_id = sysUserDTO.getUser_id();
    185. 

  185.         List<Long> user_ids = sysUserDTO.getUser_ids();
    186. 

  186.         if (user_id == null && (user_ids == null || user_ids.size() == 0)) throw new CustException("user_id 或 user_ids 必填");
    187. 

  187.         if (user_id != null && user_id == 1L) throw new CustException("不能删除超管账号");
    188. 

  188.         if (user_ids != null && user_ids.contains(SecurityUtil.getUserId()) && user_id != SecurityUtil.getUserId()) throw new CustException("不能删除自己的账号");
    189. 

  189.         if (user_ids != null && user_ids.contains(1L) && user_id != 1L) throw new CustException("不能删除超管账号");
    190. 

  190. 

  191.         return Result.success().put("data", sysUserService.deleteUser(sysUserDTO));
    192. 

  192.     }
    193. 

  193. 

  194.     @SysLog("审核用户")
    195. 

  195.     @Operation(summary = "审核用户")
    196. 

  196.     @PreAuthorize("@sr.hasPermission('3.2.6')")
    197. 

  197.     @PutMapping("/api/system/user/auditUser")
    198. 

  198.     public Result auditUser(@Validated(SysUserDTO.Audit.class) @RequestBody SysUserDTO sysUserDTO) {
    199. 

  199. 

  200.         Long user_id = sysUserDTO.getUser_id();
    201. 

  201.         if (user_id != null && user_id == 1L) throw new CustException("不能审核超管账号");
    202. 

  202.         if (user_id != null && user_id == SecurityUtil.getUserId()) throw new CustException("不能审核自己的账号");
    203. 

  203. 

  204.         return Result.success().put("data", sysUserService.auditUser(sysUserDTO));
    205. 

  205.     }
    206. 

  206. 

  207.     @SysLog("踢出系统用户")
    208. 

  208.     @Operation(summary = "踢出系统用户")
    209. 

  209.     @PreAuthorize("@sr.hasPermission('3.2.7')")
    210. 

  210.     @PostMapping("/api/system/user/kickUser")
    211. 

  211.     public Result kickUser(@Validated(SysUserDTO.Kick.class) @RequestBody SysUserDTO sysUserDTO) {
    212. 

  212. 

  213.         Long user_id = sysUserDTO.getUser_id();
    214. 

  214.         if (user_id != null && user_id == 1L) throw new CustException("不能踢出超管账号");
    215. 

  215.         if (user_id != null && user_id == SecurityUtil.getUserId()) throw new CustException("不能踢出自己的账号");
    216. 

  216. 

  217.         return Result.success().put("data", sysUserService.kickUser(user_id));
    218. 

  218.     }
    219. 

  219. 

  220. 

  221. 

  222. 

  223.     /**
    224. 

  224.      * 权限:
    225. 

  225.      * - 查询用户权限 (3.4.1)
    226. 

  226.      * - 查询他人用户权限 (3.4.1.2)
    227. 

  227.      */
    228. 

  228.     @Operation(summary = "获取系统用户权限")
    229. 

  229.     @PreAuthorize("@sr.hasPermission('3.4.1')")
    230. 

  230.     @GetMapping("/api/system/user/getUserPermission")
    231. 

  231.     public Result getUserPermission(@Parameter(description = "用户ID") Long user_id) {
    232. 

  232. 

  233.         // 查询自身的用户信息 (不传参数)
    234. 

  234.         user_id = (user_id == null) ? SecurityUtil.getUserId() : user_id;
    235. 

  235.         // 查询他人的用户信息
    236. 

  236.         // - 查询自己 (无需权限)
    237. 

  237.         // - 查询他人 (需要子权限或超级管理员)
    238. 

  238.         if (!user_id.equals(SecurityUtil.getUserId()) && !securityUtil.hasPermission("3.4.1.2")) {
    239. 

  239.             throw new CustException(SecurityEnum.NOAUTH);
    240. 

  240.         }
    241. 

  241. 

  242.         return Result.success().put("data", sysUserService.selectUserPermission(user_id));
    243. 

  243.     }
    244. 

  244. 

  245.     /**
    246. 

  246.      * 权限:
    247. 

  247.      * - 查询用户菜单 (3.5.1)
    248. 

  248.      * - 查询他人用户菜单 (3.5.1.2)
    249. 

  249.      */
    250. 

  250.     @Operation(summary = "获取系统用户菜单")
    251. 

  251.     @PreAuthorize("@sr.hasPermission('3.5.1')")
    252. 

  252.     @GetMapping("/api/system/user/getUserMenu")
    253. 

  253.     public Result getUserMenu(@Parameter(description = "用户ID") Long user_id) {
    254. 

  254. 

  255.         // 查询自身的用户信息 (不传参数)
    256. 

  256.         user_id = (user_id == null) ? SecurityUtil.getUserId() : user_id;
    257. 

  257.         // 查询他人的用户信息
    258. 

  258.         // - 查询自己 (无需权限)
    259. 

  259.         // - 查询他人 (需要子权限或超级管理员)
    260. 

  260.         if (!user_id.equals(SecurityUtil.getUserId()) && !securityUtil.hasPermission("3.4.1.2")) {
    261. 

  261.             throw new CustException(SecurityEnum.NOAUTH);
    262. 

  262.         }
    263. 

  263. 

  264.         return Result.success().put("data", sysUserService.selectUserMenu(user_id));
    265. 

  265.     }
    266. 

  266. 

  267. }
    268.