diff --git a/nursing-unit-employee/nu-employee-biz/src/main/java/com/nu/modules/employeesInfo/controller/BizEmployeesInfoController.java b/nursing-unit-employee/nu-employee-biz/src/main/java/com/nu/modules/employeesInfo/controller/BizEmployeesInfoController.java index e93a9957..15c886e3 100644 --- a/nursing-unit-employee/nu-employee-biz/src/main/java/com/nu/modules/employeesInfo/controller/BizEmployeesInfoController.java +++ b/nursing-unit-employee/nu-employee-biz/src/main/java/com/nu/modules/employeesInfo/controller/BizEmployeesInfoController.java @@ -4,7 +4,11 @@ import java.util.Arrays; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import com.alibaba.fastjson.JSONObject; +import com.nu.dto.EmployeesStatusMQDto; +import com.nu.utils.RabbitMQUtil; import org.jeecg.common.api.vo.Result; +import org.jeecg.common.system.api.ISysBaseAPI; import org.jeecg.common.system.query.QueryGenerator; import com.nu.modules.employeesInfo.entity.BizEmployeesInfo; import com.nu.modules.employeesInfo.service.IBizEmployeesInfoService; @@ -36,6 +40,10 @@ import org.apache.shiro.authz.annotation.RequiresPermissions; public class BizEmployeesInfoController extends JeecgController { @Autowired private IBizEmployeesInfoService bizEmployeesInfoService; + @Autowired + private ISysBaseAPI sysBaseAPI; + @Autowired + private RabbitMQUtil rabbitMQUtil; /** * 分页列表查询 @@ -53,10 +61,13 @@ public class BizEmployeesInfoController extends JeecgController queryWrapper = QueryGenerator.initQueryWrapper(bizEmployeesInfo, req.getParameterMap()); - queryWrapper.orderByDesc("create_time"); - Page page = new Page(pageNo, pageSize); - IPage pageList = bizEmployeesInfoService.page(page, queryWrapper); +// QueryWrapper queryWrapper = QueryGenerator.initQueryWrapper(bizEmployeesInfo, req.getParameterMap()); +// queryWrapper.orderByDesc("create_time"); +// Page page = new Page(pageNo, pageSize); +// //查询已在mapper中重写 +// IPage pageList = bizEmployeesInfoService.page(page, queryWrapper); + + IPage pageList = bizEmployeesInfoService.queryPageList(bizEmployeesInfo, pageNo, pageSize, req); return Result.OK(pageList); } @@ -162,4 +173,27 @@ public class BizEmployeesInfoController extends JeecgController djOrJd(@RequestBody BizEmployeesInfo bizEmployeesInfo) { + BizEmployeesInfo upInfo = new BizEmployeesInfo(); + upInfo.setId(bizEmployeesInfo.getId()); + upInfo.setIzFreeze(bizEmployeesInfo.getIzFreeze());//是否冻结 Y冻结 N未冻结 + bizEmployeesInfoService.updateById(upInfo); + + JSONObject deptInfo = sysBaseAPI.getDeptInfo(); + EmployeesStatusMQDto mqDto = new EmployeesStatusMQDto(); + mqDto.setOrgCode(deptInfo.getString("code")); + mqDto.setIzFreeze(bizEmployeesInfo.getIzFreeze()); + mqDto.setOpenId(bizEmployeesInfo.getOpenId()); + rabbitMQUtil.sendToExchange("hldy.employees", "employees.account.freezeOrEnabled", mqDto); + return Result.OK("操作成功!"); + } } diff --git a/nursing-unit-employee/nu-employee-biz/src/main/java/com/nu/modules/employeesInfo/entity/BizEmployeesInfo.java b/nursing-unit-employee/nu-employee-biz/src/main/java/com/nu/modules/employeesInfo/entity/BizEmployeesInfo.java index bf3d9083..ae5639cf 100644 --- a/nursing-unit-employee/nu-employee-biz/src/main/java/com/nu/modules/employeesInfo/entity/BizEmployeesInfo.java +++ b/nursing-unit-employee/nu-employee-biz/src/main/java/com/nu/modules/employeesInfo/entity/BizEmployeesInfo.java @@ -1,6 +1,7 @@ package com.nu.modules.employeesInfo.entity; import com.baomidou.mybatisplus.annotation.IdType; +import com.baomidou.mybatisplus.annotation.TableField; import com.baomidou.mybatisplus.annotation.TableId; import com.baomidou.mybatisplus.annotation.TableName; import com.fasterxml.jackson.annotation.JsonFormat; @@ -241,4 +242,11 @@ public class BizEmployeesInfo implements Serializable { /**接单上限*/ @ApiModelProperty(value = "接单上限") private Integer orderCap; + + @TableField(exist = false) + private String userStatus; + + @TableField(exist = false) + private String userId; + } diff --git a/nursing-unit-employee/nu-employee-biz/src/main/java/com/nu/modules/employeesInfo/mapper/BizEmployeesInfoMapper.java b/nursing-unit-employee/nu-employee-biz/src/main/java/com/nu/modules/employeesInfo/mapper/BizEmployeesInfoMapper.java index 689cc09b..a13997ac 100644 --- a/nursing-unit-employee/nu-employee-biz/src/main/java/com/nu/modules/employeesInfo/mapper/BizEmployeesInfoMapper.java +++ b/nursing-unit-employee/nu-employee-biz/src/main/java/com/nu/modules/employeesInfo/mapper/BizEmployeesInfoMapper.java @@ -1,17 +1,23 @@ package com.nu.modules.employeesInfo.mapper; +import com.baomidou.mybatisplus.core.metadata.IPage; +import com.baomidou.mybatisplus.extension.plugins.pagination.Page; import com.nu.modules.employeesInfo.entity.BizEmployeesInfo; import com.baomidou.mybatisplus.core.mapper.BaseMapper; import org.apache.ibatis.annotations.Param; +import java.util.Map; + /** * @Description: 员工信息 * @Author: jeecg-boot - * @Date: 2025-04-01 + * @Date: 2025-04-01 * @Version: V1.0 */ public interface BizEmployeesInfoMapper extends BaseMapper { BizEmployeesInfo findById(BizEmployeesInfo bizEmployeesInfo); void UpUserEmployeesId(@Param("userId") String userId); + + IPage queryPageList(Page page, @Param("params") Map params); } diff --git a/nursing-unit-employee/nu-employee-biz/src/main/java/com/nu/modules/employeesInfo/mapper/xml/BizEmployeesInfoMapper.xml b/nursing-unit-employee/nu-employee-biz/src/main/java/com/nu/modules/employeesInfo/mapper/xml/BizEmployeesInfoMapper.xml index 6fcebd5f..dfd7ec3f 100644 --- a/nursing-unit-employee/nu-employee-biz/src/main/java/com/nu/modules/employeesInfo/mapper/xml/BizEmployeesInfoMapper.xml +++ b/nursing-unit-employee/nu-employee-biz/src/main/java/com/nu/modules/employeesInfo/mapper/xml/BizEmployeesInfoMapper.xml @@ -2,14 +2,15 @@ - update sys_user set employees_id = id where id = #{userId} + update sys_user + set employees_id = id + where id = #{userId} + + diff --git a/nursing-unit-employee/nu-employee-biz/src/main/java/com/nu/modules/employeesInfo/service/IBizEmployeesInfoService.java b/nursing-unit-employee/nu-employee-biz/src/main/java/com/nu/modules/employeesInfo/service/IBizEmployeesInfoService.java index 1aba161c..d7785683 100644 --- a/nursing-unit-employee/nu-employee-biz/src/main/java/com/nu/modules/employeesInfo/service/IBizEmployeesInfoService.java +++ b/nursing-unit-employee/nu-employee-biz/src/main/java/com/nu/modules/employeesInfo/service/IBizEmployeesInfoService.java @@ -1,16 +1,21 @@ package com.nu.modules.employeesInfo.service; +import com.baomidou.mybatisplus.core.metadata.IPage; import com.nu.modules.employeesInfo.entity.BizEmployeesInfo; import com.baomidou.mybatisplus.extension.service.IService; +import javax.servlet.http.HttpServletRequest; + /** * @Description: 员工信息 * @Author: jeecg-boot - * @Date: 2025-04-01 + * @Date: 2025-04-01 * @Version: V1.0 */ public interface IBizEmployeesInfoService extends IService { BizEmployeesInfo findById(BizEmployeesInfo bizEmployeesInfo); void UpUserEmployeesId(String userId); + + IPage queryPageList(BizEmployeesInfo bizEmployeesInfo, Integer pageNo, Integer pageSize, HttpServletRequest req); } diff --git a/nursing-unit-employee/nu-employee-biz/src/main/java/com/nu/modules/employeesInfo/service/impl/BizEmployeesInfoServiceImpl.java b/nursing-unit-employee/nu-employee-biz/src/main/java/com/nu/modules/employeesInfo/service/impl/BizEmployeesInfoServiceImpl.java index 96adbe31..f8f37829 100644 --- a/nursing-unit-employee/nu-employee-biz/src/main/java/com/nu/modules/employeesInfo/service/impl/BizEmployeesInfoServiceImpl.java +++ b/nursing-unit-employee/nu-employee-biz/src/main/java/com/nu/modules/employeesInfo/service/impl/BizEmployeesInfoServiceImpl.java @@ -2,6 +2,8 @@ package com.nu.modules.employeesInfo.service.impl; import cn.hutool.core.bean.BeanUtil; import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; +import com.baomidou.mybatisplus.core.metadata.IPage; +import com.baomidou.mybatisplus.extension.plugins.pagination.Page; import com.nu.entity.EmployeesInfoEntity; import com.nu.modules.IEmployeesInfoApi; import com.nu.modules.employeesInfo.entity.BizEmployeesInfo; @@ -15,6 +17,7 @@ import org.springframework.stereotype.Service; import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl; +import javax.servlet.http.HttpServletRequest; import java.util.ArrayList; import java.util.HashMap; import java.util.List; @@ -34,7 +37,7 @@ public class BizEmployeesInfoServiceImpl extends ServiceImpl queryPageList(BizEmployeesInfo bizEmployeesInfo, + Integer pageNo, + Integer pageSize, + HttpServletRequest req) { + Page page = new Page<>(pageNo, pageSize); + + // 将查询参数转换为Map + Map params = new HashMap<>(); + if (bizEmployeesInfo != null) { + params.put("name", bizEmployeesInfo.getName()); + params.put("sex", bizEmployeesInfo.getSex()); + params.put("idCard", bizEmployeesInfo.getIdCard()); + params.put("tel", bizEmployeesInfo.getTel()); + params.put("postLevel", bizEmployeesInfo.getPostLevel()); + params.put("regional", bizEmployeesInfo.getRegional()); + params.put("izOnline", bizEmployeesInfo.getIzOnline()); + params.put("izFreeze", bizEmployeesInfo.getIzFreeze()); + params.put("sysOrgCode", bizEmployeesInfo.getSysOrgCode()); + } + + // 从request中获取其他参数 + params.put("entryTimeStart", req.getParameter("entryTimeStart")); + params.put("entryTimeEnd", req.getParameter("entryTimeEnd")); + + return baseMapper.queryPageList(page, params); + } } diff --git a/nursing-unit-system/nu-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserController.java b/nursing-unit-system/nu-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserController.java index 348520ae..040f4ac7 100644 --- a/nursing-unit-system/nu-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserController.java +++ b/nursing-unit-system/nu-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserController.java @@ -70,17 +70,17 @@ import java.util.stream.Collectors; @RequestMapping("/sys/user") public class SysUserController { - @Autowired - private ISysUserService sysUserService; + @Autowired + private ISysUserService sysUserService; @Autowired private ISysDepartService sysDepartService; - @Autowired - private ISysUserRoleService sysUserRoleService; + @Autowired + private ISysUserRoleService sysUserRoleService; - @Autowired - private ISysUserDepartService sysUserDepartService; + @Autowired + private ISysUserDepartService sysUserDepartService; @Autowired private ISysDepartRoleUserService departRoleUserService; @@ -88,8 +88,8 @@ public class SysUserController { @Autowired private ISysDepartRoleService departRoleService; - @Autowired - private RedisUtil redisUtil; + @Autowired + private RedisUtil redisUtil; @Value("${jeecg.path.upload}") private String upLoadPath; @@ -114,6 +114,7 @@ public class SysUserController { /** * 获取租户下用户数据(支持租户隔离) + * * @param user * @param pageNo * @param pageSize @@ -121,10 +122,10 @@ public class SysUserController { * @return */ @PermissionData(pageComponent = "system/UserList") - @RequestMapping(value = "/list", method = RequestMethod.GET) - public Result> queryPageList(SysUser user, @RequestParam(name="pageNo", defaultValue="1") Integer pageNo, - @RequestParam(name="pageSize", defaultValue="10") Integer pageSize, HttpServletRequest req) { - QueryWrapper queryWrapper = QueryGenerator.initQueryWrapper(user, req.getParameterMap()); + @RequestMapping(value = "/list", method = RequestMethod.GET) + public Result> queryPageList(SysUser user, @RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo, + @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, HttpServletRequest req) { + QueryWrapper queryWrapper = QueryGenerator.initQueryWrapper(user, req.getParameterMap()); //------------------------------------------------------------------------------------------------ //是否开启系统管理模块的多租户数据隔离【SAAS多租户模式】 if (MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL) { @@ -132,13 +133,13 @@ public class SysUserController { List userIds = userTenantService.getUserIdsByTenantId(Integer.valueOf(tenantId)); if (oConvertUtils.listIsNotEmpty(userIds)) { queryWrapper.in("id", userIds); - }else{ + } else { queryWrapper.eq("id", "通过租户查询不到任何用户"); } } //------------------------------------------------------------------------------------------------ return sysUserService.queryPageList(req, queryWrapper, pageSize, pageNo); - } + } /** * 获取系统用户数据(查询全部用户,不做租户隔离) @@ -158,54 +159,54 @@ public class SysUserController { } @RequiresPermissions("system:user:add") - @RequestMapping(value = "/add", method = RequestMethod.POST) - public Result add(@RequestBody JSONObject jsonObject) { - Result result = new Result(); - String selectedRoles = jsonObject.getString("selectedroles"); - String selectedDeparts = jsonObject.getString("selecteddeparts"); - try { - SysUser user = JSON.parseObject(jsonObject.toJSONString(), SysUser.class); - user.setCreateTime(new Date());//设置创建时间 - String salt = oConvertUtils.randomGen(8); - user.setSalt(salt); - String passwordEncode = PasswordUtil.encrypt(user.getUsername(), user.getPassword(), salt); - user.setPassword(passwordEncode); - user.setStatus(1); - user.setDelFlag(CommonConstant.DEL_FLAG_0); - //用户表字段org_code不能在这里设置他的值 + @RequestMapping(value = "/add", method = RequestMethod.POST) + public Result add(@RequestBody JSONObject jsonObject) { + Result result = new Result(); + String selectedRoles = jsonObject.getString("selectedroles"); + String selectedDeparts = jsonObject.getString("selecteddeparts"); + try { + SysUser user = JSON.parseObject(jsonObject.toJSONString(), SysUser.class); + user.setCreateTime(new Date());//设置创建时间 + String salt = oConvertUtils.randomGen(8); + user.setSalt(salt); + String passwordEncode = PasswordUtil.encrypt(user.getUsername(), user.getPassword(), salt); + user.setPassword(passwordEncode); + user.setStatus(1); + user.setDelFlag(CommonConstant.DEL_FLAG_0); + //用户表字段org_code不能在这里设置他的值 user.setOrgCode(null); - // 保存用户走一个service 保证事务 + // 保存用户走一个service 保证事务 //获取租户ids String relTenantIds = jsonObject.getString("relTenantIds"); sysUserService.saveUser(user, selectedRoles, selectedDeparts, relTenantIds); - baseCommonService.addLog("添加用户,username: " +user.getUsername() ,CommonConstant.LOG_TYPE_2, 2); - result.success("添加成功!"); - } catch (Exception e) { - log.error(e.getMessage(), e); - result.error500("操作失败"); - } - return result; - } + baseCommonService.addLog("添加用户,username: " + user.getUsername(), CommonConstant.LOG_TYPE_2, 2); + result.success("添加成功!"); + } catch (Exception e) { + log.error(e.getMessage(), e); + result.error500("操作失败"); + } + return result; + } @RequiresPermissions("system:user:edit") - @RequestMapping(value = "/edit", method = {RequestMethod.PUT,RequestMethod.POST}) - public Result edit(@RequestBody JSONObject jsonObject) { - Result result = new Result(); - try { - SysUser sysUser = sysUserService.getById(jsonObject.getString("id")); - baseCommonService.addLog("编辑用户,username: " +sysUser.getUsername() ,CommonConstant.LOG_TYPE_2, 2); - if(sysUser==null) { - result.error500("未找到对应实体"); - }else { - SysUser user = JSON.parseObject(jsonObject.toJSONString(), SysUser.class); - user.setUpdateTime(new Date()); - //String passwordEncode = PasswordUtil.encrypt(user.getUsername(), user.getPassword(), sysUser.getSalt()); - user.setPassword(sysUser.getPassword()); - String roles = jsonObject.getString("selectedroles"); + @RequestMapping(value = "/edit", method = {RequestMethod.PUT, RequestMethod.POST}) + public Result edit(@RequestBody JSONObject jsonObject) { + Result result = new Result(); + try { + SysUser sysUser = sysUserService.getById(jsonObject.getString("id")); + baseCommonService.addLog("编辑用户,username: " + sysUser.getUsername(), CommonConstant.LOG_TYPE_2, 2); + if (sysUser == null) { + result.error500("未找到对应实体"); + } else { + SysUser user = JSON.parseObject(jsonObject.toJSONString(), SysUser.class); + user.setUpdateTime(new Date()); + //String passwordEncode = PasswordUtil.encrypt(user.getUsername(), user.getPassword(), sysUser.getSalt()); + user.setPassword(sysUser.getPassword()); + String roles = jsonObject.getString("selectedroles"); String departs = jsonObject.getString("selecteddeparts"); - if(oConvertUtils.isEmpty(departs)){ + if (oConvertUtils.isEmpty(departs)) { //vue3.0前端只传递了departIds - departs=user.getDepartIds(); + departs = user.getDepartIds(); } //用户表字段org_code不能在这里设置他的值 user.setOrgCode(null); @@ -213,76 +214,77 @@ public class SysUserController { //获取租户ids String relTenantIds = jsonObject.getString("relTenantIds"); String updateFromPage = jsonObject.getString("updateFromPage"); - sysUserService.editUser(user, roles, departs, relTenantIds, updateFromPage); - result.success("修改成功!"); - } - } catch (Exception e) { - log.error(e.getMessage(), e); - result.error500("操作失败"); - } - return result; - } + sysUserService.editUser(user, roles, departs, relTenantIds, updateFromPage); + result.success("修改成功!"); + } + } catch (Exception e) { + log.error(e.getMessage(), e); + result.error500("操作失败"); + } + return result; + } - /** - * 删除用户 - */ + /** + * 删除用户 + */ @RequiresPermissions("system:user:delete") - @RequestMapping(value = "/delete", method = RequestMethod.DELETE) - public Result delete(@RequestParam(name="id",required=true) String id) { - baseCommonService.addLog("删除用户,id: " +id ,CommonConstant.LOG_TYPE_2, 3); + @RequestMapping(value = "/delete", method = RequestMethod.DELETE) + public Result delete(@RequestParam(name = "id", required = true) String id) { + baseCommonService.addLog("删除用户,id: " + id, CommonConstant.LOG_TYPE_2, 3); List userNameList = sysUserService.userIdToUsername(Arrays.asList(id)); - this.sysUserService.deleteUser(id); + this.sysUserService.deleteUser(id); if (!userNameList.isEmpty()) { String joinedString = String.join(",", userNameList); } - return Result.ok("删除用户成功"); - } + return Result.ok("删除用户成功"); + } - /** - * 批量删除用户 - */ + /** + * 批量删除用户 + */ @RequiresPermissions("system:user:deleteBatch") - @RequestMapping(value = "/deleteBatch", method = RequestMethod.DELETE) - public Result deleteBatch(@RequestParam(name="ids",required=true) String ids) { - baseCommonService.addLog("批量删除用户, ids: " +ids ,CommonConstant.LOG_TYPE_2, 3); + @RequestMapping(value = "/deleteBatch", method = RequestMethod.DELETE) + public Result deleteBatch(@RequestParam(name = "ids", required = true) String ids) { + baseCommonService.addLog("批量删除用户, ids: " + ids, CommonConstant.LOG_TYPE_2, 3); List userNameList = sysUserService.userIdToUsername(Arrays.asList(ids.split(","))); - this.sysUserService.deleteBatchUsers(ids); + this.sysUserService.deleteBatchUsers(ids); // 用户变更,触发同步工作流 if (!userNameList.isEmpty()) { String joinedString = String.join(",", userNameList); } - return Result.ok("批量删除用户成功"); - } + return Result.ok("批量删除用户成功"); + } - /** - * 冻结&解冻用户 - * @param jsonObject - * @return - */ + /** + * 冻结&解冻用户 + * + * @param jsonObject + * @return + */ @RequiresPermissions("system:user:frozenBatch") - @RequestMapping(value = "/frozenBatch", method = RequestMethod.PUT) - public Result frozenBatch(@RequestBody JSONObject jsonObject) { - Result result = new Result(); - try { - String ids = jsonObject.getString("ids"); - sysUserService.checkUserAdminRejectDel(ids); - String status = jsonObject.getString("status"); - String[] arr = ids.split(","); + @RequestMapping(value = "/frozenBatch", method = RequestMethod.PUT) + public Result frozenBatch(@RequestBody JSONObject jsonObject) { + Result result = new Result(); + try { + String ids = jsonObject.getString("ids"); + sysUserService.checkUserAdminRejectDel(ids); + String status = jsonObject.getString("status"); + String[] arr = ids.split(","); for (String id : arr) { - if(oConvertUtils.isNotEmpty(id)) { + if (oConvertUtils.isNotEmpty(id)) { //update-begin---author:liusq ---date:20230620 for:[QQYUN-5577]用户列表-冻结用户,再解冻之后,用户还是无法登陆,有缓存问题 #5066------------ - sysUserService.updateStatus(id,status); + sysUserService.updateStatus(id, status); //update-end---author:liusq ---date:20230620 for:[QQYUN-5577]用户列表-冻结用户,再解冻之后,用户还是无法登陆,有缓存问题 #5066------------ } - } - } catch (Exception e) { - log.error(e.getMessage(), e); - result.error500("操作失败"+e.getMessage()); - } - result.success("操作成功!"); - return result; + } + } catch (Exception e) { + log.error(e.getMessage(), e); + result.error500("操作失败" + e.getMessage()); + } + result.success("操作成功!"); + return result; } @@ -300,7 +302,6 @@ public class SysUserController { } - @RequiresPermissions("system:user:queryById") @RequestMapping(value = "/queryByEmployeesId", method = RequestMethod.GET) public Result queryByEmployeesId(@RequestParam(name = "employeesId", required = true) String employeesId) { @@ -333,8 +334,8 @@ public class SysUserController { /** - * 校验用户账号是否唯一
- * 可以校验其他 需要检验什么就传什么。。。 + * 校验用户账号是否唯一
+ * 可以校验其他 需要检验什么就传什么。。。 * * @param sysUser * @return @@ -376,7 +377,7 @@ public class SysUserController { sysUser.setId(u.getId()); //update-begin---author:wangshuai ---date:20220316 for:[VUEN-234]修改密码添加敏感日志------------ LoginUser loginUser = (LoginUser) SecurityUtils.getSubject().getPrincipal(); - baseCommonService.addLog("修改用户 "+sysUser.getUsername()+" 的密码,操作人: " +loginUser.getUsername() ,CommonConstant.LOG_TYPE_2, 2); + baseCommonService.addLog("修改用户 " + sysUser.getUsername() + " 的密码,操作人: " + loginUser.getUsername(), CommonConstant.LOG_TYPE_2, 2); //update-end---author:wangshuai ---date:20220316 for:[VUEN-234]修改密码添加敏感日志------------ return sysUserService.changePassword(sysUser); } @@ -402,7 +403,7 @@ public class SysUserController { } return result; } catch (Exception e) { - log.error(e.getMessage(), e); + log.error(e.getMessage(), e); result.setSuccess(false); result.setMessage("查找过程中出现了异常: " + e.getMessage()); return result; @@ -432,19 +433,19 @@ public class SysUserController { * @return */ @RequestMapping(value = "/queryUserByDepId", method = RequestMethod.GET) - public Result> queryUserByDepId(@RequestParam(name = "id", required = true) String id,@RequestParam(name="realname",required=false) String realname) { + public Result> queryUserByDepId(@RequestParam(name = "id", required = true) String id, @RequestParam(name = "realname", required = false) String realname) { Result> result = new Result<>(); //List userList = sysUserDepartService.queryUserByDepId(id); SysDepart sysDepart = sysDepartService.getById(id); - List userList = sysUserDepartService.queryUserByDepCode(sysDepart.getOrgCode(),realname); + List userList = sysUserDepartService.queryUserByDepCode(sysDepart.getOrgCode(), realname); //批量查询用户的所属部门 //step.1 先拿到全部的 useids //step.2 通过 useids,一次性查询用户的所属部门名字 List userIds = userList.stream().map(SysUser::getId).collect(Collectors.toList()); - if(userIds!=null && userIds.size()>0){ - Map useDepNames = sysUserService.getDepNamesByUserIds(userIds); - userList.forEach(item->{ + if (userIds != null && userIds.size() > 0) { + Map useDepNames = sysUserService.getDepNamesByUserIds(userIds); + userList.forEach(item -> { //TODO 临时借用这个字段用于页面展示 item.setOrgCodeTxt(useDepNames.get(item.getId())); }); @@ -455,7 +456,7 @@ public class SysUserController { result.setResult(userList); return result; } catch (Exception e) { - log.error(e.getMessage(), e); + log.error(e.getMessage(), e); result.setSuccess(false); return result; } @@ -463,24 +464,25 @@ public class SysUserController { /** * 用户选择组件 专用 根据用户账号或部门分页查询 + * * @param departId * @param username * @return */ @RequestMapping(value = "/queryUserComponentData", method = RequestMethod.GET) public Result> queryUserComponentData( - @RequestParam(name="pageNo", defaultValue="1") Integer pageNo, - @RequestParam(name="pageSize", defaultValue="10") Integer pageSize, + @RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo, + @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, @RequestParam(name = "departId", required = false) String departId, - @RequestParam(name="realname",required=false) String realname, - @RequestParam(name="username",required=false) String username, - @RequestParam(name="isMultiTranslate",required=false) String isMultiTranslate, - @RequestParam(name="id",required = false) String id) { + @RequestParam(name = "realname", required = false) String realname, + @RequestParam(name = "username", required = false) String username, + @RequestParam(name = "isMultiTranslate", required = false) String isMultiTranslate, + @RequestParam(name = "id", required = false) String id) { //update-begin-author:taoyan date:2022-7-14 for: VUEN-1702【禁止问题】sql注入漏洞 String[] arr = new String[]{departId, realname, username, id}; SqlInjectionUtil.filterContent(arr, SymbolConstant.SINGLE_QUOTATION_MARK); //update-end-author:taoyan date:2022-7-14 for: VUEN-1702【禁止问题】sql注入漏洞 - IPage pageList = sysUserDepartService.queryDepartUserPageList(departId, username, realname, pageSize, pageNo,id,isMultiTranslate); + IPage pageList = sysUserDepartService.queryDepartUserPageList(departId, username, realname, pageSize, pageNo, id, isMultiTranslate); return Result.OK(pageList); } @@ -492,24 +494,24 @@ public class SysUserController { */ @RequiresPermissions("system:user:export") @RequestMapping(value = "/exportXls") - public ModelAndView exportXls(SysUser sysUser,HttpServletRequest request) { + public ModelAndView exportXls(SysUser sysUser, HttpServletRequest request) { // Step.1 组装查询条件 QueryWrapper queryWrapper = QueryGenerator.initQueryWrapper(sysUser, request.getParameterMap()); //Step.2 AutoPoi 导出Excel ModelAndView mv = new ModelAndView(new JeecgEntityExcelView()); //update-begin--Author:kangxiaolin Date:20180825 for:[03]用户导出,如果选择数据则只导出相关数据-------------------- String selections = request.getParameter("selections"); - if(!oConvertUtils.isEmpty(selections)){ - queryWrapper.in("id",selections.split(",")); - } + if (!oConvertUtils.isEmpty(selections)) { + queryWrapper.in("id", selections.split(",")); + } //update-end--Author:kangxiaolin Date:20180825 for:[03]用户导出,如果选择数据则只导出相关数据---------------------- List pageList = sysUserService.list(queryWrapper); //导出文件名称 mv.addObject(NormalExcelConstants.FILE_NAME, "用户列表"); mv.addObject(NormalExcelConstants.CLASS, SysUser.class); - LoginUser user = (LoginUser) SecurityUtils.getSubject().getPrincipal(); - ExportParams exportParams = new ExportParams("用户列表数据", "导出人:"+user.getRealname(), "导出信息"); + LoginUser user = (LoginUser) SecurityUtils.getSubject().getPrincipal(); + ExportParams exportParams = new ExportParams("用户列表数据", "导出人:" + user.getRealname(), "导出信息"); exportParams.setImageBasePath(upLoadPath); mv.addObject(NormalExcelConstants.PARAMS, exportParams); mv.addObject(NormalExcelConstants.DATA_LIST, pageList); @@ -525,7 +527,7 @@ public class SysUserController { */ @RequiresPermissions("system:user:import") @RequestMapping(value = "/importExcel", method = RequestMethod.POST) - public Result importExcel(HttpServletRequest request, HttpServletResponse response)throws IOException { + public Result importExcel(HttpServletRequest request, HttpServletResponse response) throws IOException { MultipartHttpServletRequest multipartRequest = (MultipartHttpServletRequest) request; Map fileMap = multipartRequest.getFileMap(); // 错误信息 @@ -566,7 +568,7 @@ public class SysUserController { errorMessage.add("第 " + lineNumber + " 行:手机号已经存在,忽略导入。"); } else if (message.contains(CommonConstant.SQL_INDEX_UNIQ_SYS_USER_EMAIL)) { errorMessage.add("第 " + lineNumber + " 行:电子邮件已经存在,忽略导入。"); - } else if (message.contains(CommonConstant.SQL_INDEX_UNIQ_SYS_USER)) { + } else if (message.contains(CommonConstant.SQL_INDEX_UNIQ_SYS_USER)) { errorMessage.add("第 " + lineNumber + " 行:违反表唯一性约束。"); } else { errorMessage.add("第 " + lineNumber + " 行:未知错误,忽略导入"); @@ -593,77 +595,77 @@ public class SysUserController { try { file.getInputStream().close(); } catch (IOException e) { - log.error(e.getMessage(), e); + log.error(e.getMessage(), e); } } } - return ImportExcelUtil.imporReturnRes(errorLines,successLines,errorMessage); + return ImportExcelUtil.imporReturnRes(errorLines, successLines, errorMessage); } /** - * @功能:根据id 批量查询 - * @param userIds - * @return - */ - @RequestMapping(value = "/queryByIds", method = RequestMethod.GET) - public Result> queryByIds(@RequestParam(name = "userIds") String userIds) { - Result> result = new Result<>(); - String[] userId = userIds.split(","); - Collection idList = Arrays.asList(userId); - Collection userRole = sysUserService.listByIds(idList); - result.setSuccess(true); - result.setResult(userRole); - return result; - } + * @param userIds + * @return + * @功能:根据id 批量查询 + */ + @RequestMapping(value = "/queryByIds", method = RequestMethod.GET) + public Result> queryByIds(@RequestParam(name = "userIds") String userIds) { + Result> result = new Result<>(); + String[] userId = userIds.split(","); + Collection idList = Arrays.asList(userId); + Collection userRole = sysUserService.listByIds(idList); + result.setSuccess(true); + result.setResult(userRole); + return result; + } /** - * @功能:根据id 批量查询 * @param userNames * @return + * @功能:根据id 批量查询 */ @RequestMapping(value = "/queryByNames", method = RequestMethod.GET) public Result> queryByNames(@RequestParam(name = "userNames") String userNames) { Result> result = new Result<>(); String[] names = userNames.split(","); - QueryWrapper queryWrapper=new QueryWrapper(); - queryWrapper.lambda().in(true,SysUser::getUsername,names); + QueryWrapper queryWrapper = new QueryWrapper(); + queryWrapper.lambda().in(true, SysUser::getUsername, names); Collection userRole = sysUserService.list(queryWrapper); result.setSuccess(true); result.setResult(userRole); return result; } - /** - * 首页用户重置密码 - */ + /** + * 首页用户重置密码 + */ @RequestMapping(value = "/updatePassword", method = RequestMethod.PUT) - @CacheEvict(value={CacheConstant.SYS_USERS_CACHE}, allEntries=true) - public Result updatePassword(@RequestBody JSONObject json,HttpServletRequest request) { - String username = json.getString("username"); - String oldpassword = json.getString("oldpassword"); - String password = json.getString("password"); - String confirmpassword = json.getString("confirmpassword"); - LoginUser sysUser = (LoginUser)SecurityUtils.getSubject().getPrincipal(); - if(!sysUser.getUsername().equals(username)){ + @CacheEvict(value = {CacheConstant.SYS_USERS_CACHE}, allEntries = true) + public Result updatePassword(@RequestBody JSONObject json, HttpServletRequest request) { + String username = json.getString("username"); + String oldpassword = json.getString("oldpassword"); + String password = json.getString("password"); + String confirmpassword = json.getString("confirmpassword"); + LoginUser sysUser = (LoginUser) SecurityUtils.getSubject().getPrincipal(); + if (!sysUser.getUsername().equals(username)) { return Result.error("只允许修改自己的密码!"); } - SysUser user = this.sysUserService.getOne(new LambdaQueryWrapper().eq(SysUser::getUsername, username)); - if(user==null) { - return Result.error("用户不存在!"); - } + SysUser user = this.sysUserService.getOne(new LambdaQueryWrapper().eq(SysUser::getUsername, username)); + if (user == null) { + return Result.error("用户不存在!"); + } //update-begin---author:wangshuai ---date:20220316 for:[VUEN-234]修改密码添加敏感日志------------ LoginUser loginUser = (LoginUser) SecurityUtils.getSubject().getPrincipal(); - baseCommonService.addLog("修改密码,username: " +loginUser.getUsername() ,CommonConstant.LOG_TYPE_2, 2); + baseCommonService.addLog("修改密码,username: " + loginUser.getUsername(), CommonConstant.LOG_TYPE_2, 2); - Result result = sysUserService.resetPassword(username,oldpassword,password,confirmpassword); + Result result = sysUserService.resetPassword(username, oldpassword, password, confirmpassword); SysUser sysUser2 = sysUserService.getById(user.getId()); setUserInfo(request, sysUser2, result); //update-end---author:wangshuai ---date:20220316 for:[VUEN-234]修改密码添加敏感日志------------ - return result; - } + return result; + } @Nullable private void setUserInfo(HttpServletRequest request, SysUser sysUser, Result result) { @@ -685,13 +687,13 @@ public class SysUserController { } @RequestMapping(value = "/userRoleList", method = RequestMethod.GET) - public Result> userRoleList(@RequestParam(name="pageNo", defaultValue="1") Integer pageNo, - @RequestParam(name="pageSize", defaultValue="10") Integer pageSize, HttpServletRequest req) { + public Result> userRoleList(@RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo, + @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, HttpServletRequest req) { Result> result = new Result>(); Page page = new Page(pageNo, pageSize); String roleId = req.getParameter("roleId"); String username = req.getParameter("username"); - IPage pageList = sysUserService.getUserByRoleId(page,roleId,username); + IPage pageList = sysUserService.getUserByRoleId(page, roleId, username); result.setSuccess(true); result.setResult(pageList); return result; @@ -710,12 +712,12 @@ public class SysUserController { //TODO 判断当前操作的角色是当前登录租户下的 try { String sysRoleId = sysUserRoleVO.getRoleId(); - for(String sysUserId:sysUserRoleVO.getUserIdList()) { - SysUserRole sysUserRole = new SysUserRole(sysUserId,sysRoleId); + for (String sysUserId : sysUserRoleVO.getUserIdList()) { + SysUserRole sysUserRole = new SysUserRole(sysUserId, sysRoleId); QueryWrapper queryWrapper = new QueryWrapper(); - queryWrapper.eq("role_id", sysRoleId).eq("user_id",sysUserId); + queryWrapper.eq("role_id", sysRoleId).eq("user_id", sysUserId); SysUserRole one = sysUserRoleService.getOne(queryWrapper); - if(one==null){ + if (one == null) { sysUserRoleService.save(sysUserRole); } @@ -723,30 +725,32 @@ public class SysUserController { result.setMessage("添加成功!"); result.setSuccess(true); return result; - }catch(Exception e) { + } catch (Exception e) { log.error(e.getMessage(), e); result.setSuccess(false); result.setMessage("出错了: " + e.getMessage()); return result; } } + /** - * 删除指定角色的用户关系 + * 删除指定角色的用户关系 + * * @param * @return */ @RequiresPermissions("system:user:deleteRole") @RequestMapping(value = "/deleteUserRole", method = RequestMethod.DELETE) - public Result deleteUserRole(@RequestParam(name="roleId") String roleId, - @RequestParam(name="userId",required=true) String userId + public Result deleteUserRole(@RequestParam(name = "roleId") String roleId, + @RequestParam(name = "userId", required = true) String userId ) { Result result = new Result(); try { QueryWrapper queryWrapper = new QueryWrapper(); - queryWrapper.eq("role_id", roleId).eq("user_id",userId); + queryWrapper.eq("role_id", roleId).eq("user_id", userId); sysUserRoleService.remove(queryWrapper); result.success("删除成功!"); - }catch(Exception e) { + } catch (Exception e) { log.error(e.getMessage(), e); result.error500("删除失败!"); } @@ -762,15 +766,15 @@ public class SysUserController { @RequiresPermissions("system:user:deleteRoleBatch") @RequestMapping(value = "/deleteUserRoleBatch", method = RequestMethod.DELETE) public Result deleteUserRoleBatch( - @RequestParam(name="roleId") String roleId, - @RequestParam(name="userIds",required=true) String userIds) { + @RequestParam(name = "roleId") String roleId, + @RequestParam(name = "userIds", required = true) String userIds) { Result result = new Result(); try { QueryWrapper queryWrapper = new QueryWrapper(); - queryWrapper.eq("role_id", roleId).in("user_id",Arrays.asList(userIds.split(","))); + queryWrapper.eq("role_id", roleId).in("user_id", Arrays.asList(userIds.split(","))); sysUserRoleService.remove(queryWrapper); result.success("删除成功!"); - }catch(Exception e) { + } catch (Exception e) { log.error(e.getMessage(), e); result.error500("删除失败!"); } @@ -781,8 +785,8 @@ public class SysUserController { * 部门用户列表 */ @RequestMapping(value = "/departUserList", method = RequestMethod.GET) - public Result> departUserList(@RequestParam(name="pageNo", defaultValue="1") Integer pageNo, - @RequestParam(name="pageSize", defaultValue="10") Integer pageSize, HttpServletRequest req) { + public Result> departUserList(@RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo, + @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, HttpServletRequest req) { Result> result = new Result>(); Page page = new Page(pageNo, pageSize); String depId = req.getParameter("depId"); @@ -790,25 +794,25 @@ public class SysUserController { //根据部门ID查询,当前和下级所有的部门IDS List subDepids = new ArrayList<>(); //部门id为空时,查询我的部门下所有用户 - if(oConvertUtils.isEmpty(depId)){ + if (oConvertUtils.isEmpty(depId)) { LoginUser user = (LoginUser) SecurityUtils.getSubject().getPrincipal(); - int userIdentity = user.getUserIdentity() != null?user.getUserIdentity():CommonConstant.USER_IDENTITY_1; + int userIdentity = user.getUserIdentity() != null ? user.getUserIdentity() : CommonConstant.USER_IDENTITY_1; //update-begin---author:chenrui ---date:20250107 for:[QQYUN-10775]验证码可以复用 #7674------------ - if(oConvertUtils.isNotEmpty(userIdentity) && userIdentity == CommonConstant.USER_IDENTITY_2 + if (oConvertUtils.isNotEmpty(userIdentity) && userIdentity == CommonConstant.USER_IDENTITY_2 && oConvertUtils.isNotEmpty(user.getDepartIds())) { - //update-end---author:chenrui ---date:20250107 for:[QQYUN-10775]验证码可以复用 #7674------------ + //update-end---author:chenrui ---date:20250107 for:[QQYUN-10775]验证码可以复用 #7674------------ subDepids = sysDepartService.getMySubDepIdsByDepId(user.getDepartIds()); } - }else{ + } else { subDepids = sysDepartService.getSubDepIdsByDepId(depId); } - if(subDepids != null && subDepids.size()>0){ - IPage pageList = sysUserService.getUserByDepIds(page,subDepids,username); + if (subDepids != null && subDepids.size() > 0) { + IPage pageList = sysUserService.getUserByDepIds(page, subDepids, username); //批量查询用户的所属部门 //step.1 先拿到全部的 useids //step.2 通过 useids,一次性查询用户的所属部门名字 List userIds = pageList.getRecords().stream().map(SysUser::getId).collect(Collectors.toList()); - if(userIds!=null && userIds.size()>0){ + if (userIds != null && userIds.size() > 0) { Map useDepNames = sysUserService.getDepNamesByUserIds(userIds); pageList.getRecords().forEach(item -> { //批量查询用户的所属部门 @@ -821,7 +825,7 @@ public class SysUserController { //update-end---author:wangshuai ---date:20221223 for:[QQYUN-3371]租户逻辑改造,改成关系表------------ result.setSuccess(true); result.setResult(pageList); - }else{ + } else { result.setSuccess(true); result.setResult(null); } @@ -852,7 +856,7 @@ public class SysUserController { public Result queryByOrgCodeForAddressList( @RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo, @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, - @RequestParam(name = "orgCode",required = false) String orgCode, + @RequestParam(name = "orgCode", required = false) String orgCode, SysUser userParams ) { IPage page = new Page(pageNo, pageSize); @@ -899,19 +903,19 @@ public class SysUserController { Result result = new Result(); try { String sysDepId = sysDepartUsersVO.getDepId(); - for(String sysUserId:sysDepartUsersVO.getUserIdList()) { - SysUserDepart sysUserDepart = new SysUserDepart(null,sysUserId,sysDepId); + for (String sysUserId : sysDepartUsersVO.getUserIdList()) { + SysUserDepart sysUserDepart = new SysUserDepart(null, sysUserId, sysDepId); QueryWrapper queryWrapper = new QueryWrapper(); - queryWrapper.eq("dep_id", sysDepId).eq("user_id",sysUserId); + queryWrapper.eq("dep_id", sysDepId).eq("user_id", sysUserId); SysUserDepart one = sysUserDepartService.getOne(queryWrapper); - if(one==null){ + if (one == null) { sysUserDepartService.save(sysUserDepart); } } result.setMessage("添加成功!"); result.setSuccess(true); return result; - }catch(Exception e) { + } catch (Exception e) { log.error(e.getMessage(), e); result.setSuccess(false); result.setMessage("出错了: " + e.getMessage()); @@ -920,31 +924,31 @@ public class SysUserController { } /** - * 删除指定机构的用户关系 + * 删除指定机构的用户关系 */ @RequiresPermissions("system:user:deleteUserInDepart") @RequestMapping(value = "/deleteUserInDepart", method = RequestMethod.DELETE) - public Result deleteUserInDepart(@RequestParam(name="depId") String depId, - @RequestParam(name="userId",required=true) String userId + public Result deleteUserInDepart(@RequestParam(name = "depId") String depId, + @RequestParam(name = "userId", required = true) String userId ) { Result result = new Result(); try { QueryWrapper queryWrapper = new QueryWrapper(); - queryWrapper.eq("dep_id", depId).eq("user_id",userId); + queryWrapper.eq("dep_id", depId).eq("user_id", userId); boolean b = sysUserDepartService.remove(queryWrapper); - if(b){ - List sysDepartRoleList = departRoleService.list(new QueryWrapper().eq("depart_id",depId)); + if (b) { + List sysDepartRoleList = departRoleService.list(new QueryWrapper().eq("depart_id", depId)); List roleIds = sysDepartRoleList.stream().map(SysDepartRole::getId).collect(Collectors.toList()); - if(roleIds != null && roleIds.size()>0){ + if (roleIds != null && roleIds.size() > 0) { QueryWrapper query = new QueryWrapper<>(); - query.eq("user_id",userId).in("drole_id",roleIds); + query.eq("user_id", userId).in("drole_id", roleIds); departRoleUserService.remove(query); } result.success("删除成功!"); - }else{ + } else { result.error500("当前选中部门与用户无关联关系!"); } - }catch(Exception e) { + } catch (Exception e) { log.error(e.getMessage(), e); result.error500("删除失败!"); } @@ -957,21 +961,21 @@ public class SysUserController { @RequiresPermissions("system:user:deleteUserInDepartBatch") @RequestMapping(value = "/deleteUserInDepartBatch", method = RequestMethod.DELETE) public Result deleteUserInDepartBatch( - @RequestParam(name="depId") String depId, - @RequestParam(name="userIds",required=true) String userIds) { + @RequestParam(name = "depId") String depId, + @RequestParam(name = "userIds", required = true) String userIds) { Result result = new Result(); try { QueryWrapper queryWrapper = new QueryWrapper(); - queryWrapper.eq("dep_id", depId).in("user_id",Arrays.asList(userIds.split(","))); + queryWrapper.eq("dep_id", depId).in("user_id", Arrays.asList(userIds.split(","))); boolean b = sysUserDepartService.remove(queryWrapper); - if(b){ - departRoleUserService.removeDeptRoleUser(Arrays.asList(userIds.split(",")),depId); - }else{ + if (b) { + departRoleUserService.removeDeptRoleUser(Arrays.asList(userIds.split(",")), depId); + } else { result.error500("删除失败,目标用户不在当前部门!"); return result; } result.success("删除成功!"); - }catch(Exception e) { + } catch (Exception e) { log.error(e.getMessage(), e); result.error500("删除失败!"); } @@ -979,21 +983,22 @@ public class SysUserController { } /** - * 查询当前用户的所有部门/当前部门编码 + * 查询当前用户的所有部门/当前部门编码 + * * @return */ @RequestMapping(value = "/getCurrentUserDeparts", method = RequestMethod.GET) - public Result> getCurrentUserDeparts() { - Result> result = new Result>(); + public Result> getCurrentUserDeparts() { + Result> result = new Result>(); try { - LoginUser sysUser = (LoginUser)SecurityUtils.getSubject().getPrincipal(); + LoginUser sysUser = (LoginUser) SecurityUtils.getSubject().getPrincipal(); List list = this.sysDepartService.queryUserDeparts(sysUser.getId()); - Map map = new HashMap(5); + Map map = new HashMap(5); map.put("list", list); map.put("orgCode", sysUser.getOrgCode()); result.setSuccess(true); result.setResult(map); - }catch(Exception e) { + } catch (Exception e) { log.error(e.getMessage(), e); result.error500("查询失败!"); } @@ -1001,51 +1006,49 @@ public class SysUserController { } - - - /** - * 用户注册接口 - * - * @param jsonObject - * @param user - * @return - */ - @PostMapping("/register") - public Result userRegister(@RequestBody JSONObject jsonObject, SysUser user) { - Result result = new Result(); - String phone = jsonObject.getString("phone"); - String smscode = jsonObject.getString("smscode"); + /** + * 用户注册接口 + * + * @param jsonObject + * @param user + * @return + */ + @PostMapping("/register") + public Result userRegister(@RequestBody JSONObject jsonObject, SysUser user) { + Result result = new Result(); + String phone = jsonObject.getString("phone"); + String smscode = jsonObject.getString("smscode"); //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 - String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE+phone; - Object code = redisUtil.get(redisKey); + String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE + phone; + Object code = redisUtil.get(redisKey); //update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 - String username = jsonObject.getString("username"); - //未设置用户名,则用手机号作为用户名 - if(oConvertUtils.isEmpty(username)){ + String username = jsonObject.getString("username"); + //未设置用户名,则用手机号作为用户名 + if (oConvertUtils.isEmpty(username)) { username = phone; } //未设置密码,则随机生成一个密码 - String password = jsonObject.getString("password"); - if(oConvertUtils.isEmpty(password)){ + String password = jsonObject.getString("password"); + if (oConvertUtils.isEmpty(password)) { password = RandomUtil.randomString(8); } - String email = jsonObject.getString("email"); - SysUser sysUser1 = sysUserService.getUserByName(username); - if (sysUser1 != null) { - result.setMessage("用户名已注册"); - result.setSuccess(false); - return result; - } - SysUser sysUser2 = sysUserService.getUserByPhone(phone); - if (sysUser2 != null) { - result.setMessage("该手机号已注册"); - result.setSuccess(false); - return result; - } + String email = jsonObject.getString("email"); + SysUser sysUser1 = sysUserService.getUserByName(username); + if (sysUser1 != null) { + result.setMessage("用户名已注册"); + result.setSuccess(false); + return result; + } + SysUser sysUser2 = sysUserService.getUserByPhone(phone); + if (sysUser2 != null) { + result.setMessage("该手机号已注册"); + result.setSuccess(false); + return result; + } - if(oConvertUtils.isNotEmpty(email)){ + if (oConvertUtils.isNotEmpty(email)) { SysUser sysUser3 = sysUserService.getUserByEmail(email); if (sysUser3 != null) { result.setMessage("邮箱已被注册"); @@ -1053,42 +1056,42 @@ public class SysUserController { return result; } } - if(null == code){ + if (null == code) { result.setMessage("手机验证码失效,请重新获取"); result.setSuccess(false); return result; } - if (!smscode.equals(code.toString())) { - result.setMessage("手机验证码错误"); - result.setSuccess(false); - return result; - } + if (!smscode.equals(code.toString())) { + result.setMessage("手机验证码错误"); + result.setSuccess(false); + return result; + } String realname = jsonObject.getString("realname"); - if(oConvertUtils.isEmpty(realname)){ + if (oConvertUtils.isEmpty(realname)) { realname = username; } - try { - user.setCreateTime(new Date());// 设置创建时间 - String salt = oConvertUtils.randomGen(8); - String passwordEncode = PasswordUtil.encrypt(username, password, salt); - user.setSalt(salt); - user.setUsername(username); - user.setRealname(realname); - user.setPassword(passwordEncode); - user.setEmail(email); - user.setPhone(phone); - user.setStatus(CommonConstant.USER_UNFREEZE); - user.setDelFlag(CommonConstant.DEL_FLAG_0); - user.setActivitiSync(CommonConstant.ACT_SYNC_1); - sysUserService.addUserWithRole(user,"");//默认临时角色 test - result.success("注册成功"); - } catch (Exception e) { - result.error500("注册失败"); - } - return result; - } + try { + user.setCreateTime(new Date());// 设置创建时间 + String salt = oConvertUtils.randomGen(8); + String passwordEncode = PasswordUtil.encrypt(username, password, salt); + user.setSalt(salt); + user.setUsername(username); + user.setRealname(realname); + user.setPassword(passwordEncode); + user.setEmail(email); + user.setPhone(phone); + user.setStatus(CommonConstant.USER_UNFREEZE); + user.setDelFlag(CommonConstant.DEL_FLAG_0); + user.setActivitiSync(CommonConstant.ACT_SYNC_1); + sysUserService.addUserWithRole(user, "");//默认临时角色 test + result.success("注册成功"); + } catch (Exception e) { + result.error500("注册失败"); + } + return result; + } // /** // * 根据用户名或手机号查询用户信息 @@ -1126,75 +1129,75 @@ public class SysUserController { // return result; // } - /** - * 用户手机号验证 - */ - @PostMapping("/phoneVerification") - public Result> phoneVerification(@RequestBody JSONObject jsonObject) { - Result> result = new Result>(); - String phone = jsonObject.getString("phone"); - String smscode = jsonObject.getString("smscode"); + /** + * 用户手机号验证 + */ + @PostMapping("/phoneVerification") + public Result> phoneVerification(@RequestBody JSONObject jsonObject) { + Result> result = new Result>(); + String phone = jsonObject.getString("phone"); + String smscode = jsonObject.getString("smscode"); //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 - String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE+phone; - Object code = redisUtil.get(redisKey); - if (!smscode.equals(code)) { - result.setMessage("手机验证码错误"); - result.setSuccess(false); - return result; - } - //设置有效时间 - redisUtil.set(redisKey, smscode,600); + String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE + phone; + Object code = redisUtil.get(redisKey); + if (!smscode.equals(code)) { + result.setMessage("手机验证码错误"); + result.setSuccess(false); + return result; + } + //设置有效时间 + redisUtil.set(redisKey, smscode, 600); //update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 - //新增查询用户名 - LambdaQueryWrapper query = new LambdaQueryWrapper<>(); - query.eq(SysUser::getPhone,phone); + //新增查询用户名 + LambdaQueryWrapper query = new LambdaQueryWrapper<>(); + query.eq(SysUser::getPhone, phone); SysUser user = sysUserService.getOne(query); - Map map = new HashMap(5); - map.put("smscode",smscode); - if(null == user){ + Map map = new HashMap(5); + map.put("smscode", smscode); + if (null == user) { //前端根据文字做判断用户是否存在判断,不能修改 result.setMessage("用户信息不存在"); result.setSuccess(false); return result; } - map.put("username",user.getUsername()); + map.put("username", user.getUsername()); result.setResult(map); - result.setSuccess(true); - return result; - } + result.setSuccess(true); + return result; + } - /** - * 用户更改密码 - */ - @GetMapping("/passwordChange") - public Result passwordChange(@RequestParam(name="username")String username, - @RequestParam(name="password")String password, - @RequestParam(name="smscode")String smscode, - @RequestParam(name="phone") String phone) { + /** + * 用户更改密码 + */ + @GetMapping("/passwordChange") + public Result passwordChange(@RequestParam(name = "username") String username, + @RequestParam(name = "password") String password, + @RequestParam(name = "smscode") String smscode, + @RequestParam(name = "phone") String phone) { Result result = new Result(); - if(oConvertUtils.isEmpty(username) || oConvertUtils.isEmpty(password) || oConvertUtils.isEmpty(smscode) || oConvertUtils.isEmpty(phone) ) { + if (oConvertUtils.isEmpty(username) || oConvertUtils.isEmpty(password) || oConvertUtils.isEmpty(smscode) || oConvertUtils.isEmpty(phone)) { result.setMessage("重置密码失败!"); result.setSuccess(false); return result; } - SysUser sysUser=new SysUser(); + SysUser sysUser = new SysUser(); //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 - String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE+phone; - Object object= redisUtil.get(redisKey); + String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE + phone; + Object object = redisUtil.get(redisKey); //update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 - if(null==object) { - result.setMessage("短信验证码失效!"); + if (null == object) { + result.setMessage("短信验证码失效!"); result.setSuccess(false); return result; } - if(!smscode.equals(object.toString())) { - result.setMessage("短信验证码不匹配!"); + if (!smscode.equals(object.toString())) { + result.setMessage("短信验证码不匹配!"); result.setSuccess(false); return result; } - sysUser = this.sysUserService.getOne(new LambdaQueryWrapper().eq(SysUser::getUsername,username).eq(SysUser::getPhone,phone)); + sysUser = this.sysUserService.getOne(new LambdaQueryWrapper().eq(SysUser::getUsername, username).eq(SysUser::getPhone, phone)); if (sysUser == null) { result.setMessage("当前登录用户和绑定的手机号不匹配,无法修改密码!"); result.setSuccess(false); @@ -1206,7 +1209,7 @@ public class SysUserController { sysUser.setPassword(passwordEncode); this.sysUserService.updateById(sysUser); //update-begin---author:wangshuai ---date:20220316 for:[VUEN-234]密码重置添加敏感日志------------ - baseCommonService.addLog("重置 "+username+" 的密码,操作人: " +sysUser.getUsername() ,CommonConstant.LOG_TYPE_2, 2); + baseCommonService.addLog("重置 " + username + " 的密码,操作人: " + sysUser.getUsername(), CommonConstant.LOG_TYPE_2, 2); //update-end---author:wangshuai ---date:20220316 for:[VUEN-234]密码重置添加敏感日志------------ result.setSuccess(true); result.setMessage("密码重置完成!"); @@ -1217,79 +1220,80 @@ public class SysUserController { } - /** - * 根据TOKEN获取用户的部分信息(返回的数据是可供表单设计器使用的数据) - * - * @return - */ - @GetMapping("/getUserSectionInfoByToken") - public Result getUserSectionInfoByToken(HttpServletRequest request, @RequestParam(name = "token", required = false) String token) { - try { - String username = null; - // 如果没有传递token,就从header中获取token并获取用户信息 - if (oConvertUtils.isEmpty(token)) { - username = JwtUtil.getUserNameByToken(request); - } else { - username = JwtUtil.getUsername(token); - } + /** + * 根据TOKEN获取用户的部分信息(返回的数据是可供表单设计器使用的数据) + * + * @return + */ + @GetMapping("/getUserSectionInfoByToken") + public Result getUserSectionInfoByToken(HttpServletRequest request, @RequestParam(name = "token", required = false) String token) { + try { + String username = null; + // 如果没有传递token,就从header中获取token并获取用户信息 + if (oConvertUtils.isEmpty(token)) { + username = JwtUtil.getUserNameByToken(request); + } else { + username = JwtUtil.getUsername(token); + } - log.debug(" ------ 通过令牌获取部分用户信息,当前用户: " + username); + log.debug(" ------ 通过令牌获取部分用户信息,当前用户: " + username); - // 根据用户名查询用户信息 - SysUser sysUser = sysUserService.getUserByName(username); - Map map = new HashMap(); - map.put("sysUserId", sysUser.getId()); - map.put("sysUserCode", sysUser.getUsername()); // 当前登录用户登录账号 - map.put("sysUserName", sysUser.getRealname()); // 当前登录用户真实名称 - map.put("sysOrgCode", sysUser.getOrgCode()); // 当前登录用户部门编号 + // 根据用户名查询用户信息 + SysUser sysUser = sysUserService.getUserByName(username); + Map map = new HashMap(); + map.put("sysUserId", sysUser.getId()); + map.put("sysUserCode", sysUser.getUsername()); // 当前登录用户登录账号 + map.put("sysUserName", sysUser.getRealname()); // 当前登录用户真实名称 + map.put("sysOrgCode", sysUser.getOrgCode()); // 当前登录用户部门编号 - log.debug(" ------ 通过令牌获取部分用户信息,已获取的用户信息: " + map); + log.debug(" ------ 通过令牌获取部分用户信息,已获取的用户信息: " + map); - return Result.ok(map); - } catch (Exception e) { - log.error(e.getMessage(), e); - return Result.error(500, "查询失败:" + e.getMessage()); - } - } + return Result.ok(map); + } catch (Exception e) { + log.error(e.getMessage(), e); + return Result.error(500, "查询失败:" + e.getMessage()); + } + } - /** - * 【APP端接口】获取用户列表 根据用户名和真实名 模糊匹配 - * @param keyword - * @param pageNo - * @param pageSize - * @return - */ - @GetMapping("/appUserList") - public Result appUserList(@RequestParam(name = "keyword", required = false) String keyword, - @RequestParam(name = "username", required = false) String username, - @RequestParam(name="pageNo", defaultValue="1") Integer pageNo, - @RequestParam(name="pageSize", defaultValue="10") Integer pageSize, - @RequestParam(name = "syncFlow", required = false) String syncFlow) { - try { - //TODO 从查询效率上将不要用mp的封装的page分页查询 建议自己写分页语句 - LambdaQueryWrapper query = new LambdaQueryWrapper(); - if(oConvertUtils.isNotEmpty(syncFlow)){ + /** + * 【APP端接口】获取用户列表 根据用户名和真实名 模糊匹配 + * + * @param keyword + * @param pageNo + * @param pageSize + * @return + */ + @GetMapping("/appUserList") + public Result appUserList(@RequestParam(name = "keyword", required = false) String keyword, + @RequestParam(name = "username", required = false) String username, + @RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo, + @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, + @RequestParam(name = "syncFlow", required = false) String syncFlow) { + try { + //TODO 从查询效率上将不要用mp的封装的page分页查询 建议自己写分页语句 + LambdaQueryWrapper query = new LambdaQueryWrapper(); + if (oConvertUtils.isNotEmpty(syncFlow)) { query.eq(SysUser::getActivitiSync, CommonConstant.ACT_SYNC_1); } - query.eq(SysUser::getDelFlag,CommonConstant.DEL_FLAG_0); - if(oConvertUtils.isNotEmpty(username)){ - if(username.contains(",")){ - query.in(SysUser::getUsername,username.split(",")); - }else{ - query.eq(SysUser::getUsername,username); + query.eq(SysUser::getDelFlag, CommonConstant.DEL_FLAG_0); + if (oConvertUtils.isNotEmpty(username)) { + if (username.contains(",")) { + query.in(SysUser::getUsername, username.split(",")); + } else { + query.eq(SysUser::getUsername, username); } - }else{ + } else { query.and(i -> i.like(SysUser::getUsername, keyword).or().like(SysUser::getRealname, keyword)); } - Page page = new Page<>(pageNo, pageSize); - IPage res = this.sysUserService.page(page, query); - return Result.ok(res); - } catch (Exception e) { - log.error(e.getMessage(), e); - return Result.error(500, "查询失败:" + e.getMessage()); - } + Page page = new Page<>(pageNo, pageSize); + IPage res = this.sysUserService.page(page, query); + return Result.ok(res); + } catch (Exception e) { + log.error(e.getMessage(), e); + return Result.error(500, "查询失败:" + e.getMessage()); + } - } + } /** * 获取被逻辑删除的用户列表,无分页 @@ -1346,59 +1350,60 @@ public class SysUserController { /** * 移动端修改用户信息 + * * @param jsonObject * @return */ @RequiresPermissions("system:user:app:edit") - @RequestMapping(value = "/appEdit", method = {RequestMethod.PUT,RequestMethod.POST}) - public Result appEdit(HttpServletRequest request,@RequestBody JSONObject jsonObject) { + @RequestMapping(value = "/appEdit", method = {RequestMethod.PUT, RequestMethod.POST}) + public Result appEdit(HttpServletRequest request, @RequestBody JSONObject jsonObject) { Result result = new Result(); try { String username = JwtUtil.getUserNameByToken(request); SysUser sysUser = sysUserService.getUserByName(username); - baseCommonService.addLog("移动端编辑用户,id: " +jsonObject.getString("id") ,CommonConstant.LOG_TYPE_2, 2); - String realname=jsonObject.getString("realname"); - String avatar=jsonObject.getString("avatar"); - String sex=jsonObject.getString("sex"); - String phone=jsonObject.getString("phone"); - String email=jsonObject.getString("email"); - Date birthday=jsonObject.getDate("birthday"); + baseCommonService.addLog("移动端编辑用户,id: " + jsonObject.getString("id"), CommonConstant.LOG_TYPE_2, 2); + String realname = jsonObject.getString("realname"); + String avatar = jsonObject.getString("avatar"); + String sex = jsonObject.getString("sex"); + String phone = jsonObject.getString("phone"); + String email = jsonObject.getString("email"); + Date birthday = jsonObject.getDate("birthday"); SysUser userPhone = sysUserService.getUserByPhone(phone); - if(sysUser==null) { + if (sysUser == null) { result.error500("未找到对应用户!"); - }else { - if(userPhone!=null){ + } else { + if (userPhone != null) { String userPhonename = userPhone.getUsername(); - if(!userPhonename.equals(username)){ + if (!userPhonename.equals(username)) { result.error500("手机号已存在!"); return result; } } - if(StringUtils.isNotBlank(realname)){ + if (StringUtils.isNotBlank(realname)) { sysUser.setRealname(realname); } - if(StringUtils.isNotBlank(avatar)){ + if (StringUtils.isNotBlank(avatar)) { sysUser.setAvatar(avatar); } - if(StringUtils.isNotBlank(sex)){ + if (StringUtils.isNotBlank(sex)) { sysUser.setSex(Integer.parseInt(sex)); } - if(StringUtils.isNotBlank(phone)){ + if (StringUtils.isNotBlank(phone)) { sysUser.setPhone(phone); } - if(StringUtils.isNotBlank(email)){ + if (StringUtils.isNotBlank(email)) { //update-begin---author:wangshuai ---date:20220708 for:[VUEN-1528]积木官网邮箱重复,应该提示准确------------ LambdaQueryWrapper emailQuery = new LambdaQueryWrapper<>(); - emailQuery.eq(SysUser::getEmail,email); + emailQuery.eq(SysUser::getEmail, email); long count = sysUserService.count(emailQuery); - if (!email.equals(sysUser.getEmail()) && count!=0) { + if (!email.equals(sysUser.getEmail()) && count != 0) { result.error500("保存失败,邮箱已存在!"); return result; } //update-end---author:wangshuai ---date:20220708 for:[VUEN-1528]积木官网邮箱重复,应该提示准确-------------- sysUser.setEmail(email); } - if(null != birthday){ + if (null != birthday) { sysUser.setBirthday(birthday); } sysUser.setUpdateTime(new Date()); @@ -1410,20 +1415,22 @@ public class SysUserController { } return result; } + /** * 移动端保存设备信息 + * * @param clientId * @return */ @RequestMapping(value = "/saveClientId", method = RequestMethod.GET) - public Result saveClientId(HttpServletRequest request,@RequestParam("clientId")String clientId) { + public Result saveClientId(HttpServletRequest request, @RequestParam("clientId") String clientId) { Result result = new Result(); try { String username = JwtUtil.getUserNameByToken(request); SysUser sysUser = sysUserService.getUserByName(username); - if(sysUser==null) { + if (sysUser == null) { result.error500("未找到对应用户!"); - }else { + } else { sysUser.setClientId(clientId); sysUserService.updateById(sysUser); } @@ -1433,6 +1440,7 @@ public class SysUserController { } return result; } + /** * 根据userid获取用户信息和部门员工信息 * @@ -1441,64 +1449,68 @@ public class SysUserController { @GetMapping("/queryChildrenByUsername") public Result queryChildrenByUsername(@RequestParam("userId") String userId) { //获取用户信息 - Map map=new HashMap(5); + Map map = new HashMap(5); SysUser sysUser = sysUserService.getById(userId); String username = sysUser.getUsername(); Integer identity = sysUser.getUserIdentity(); - map.put("sysUser",sysUser); - if(identity!=null && identity==2){ + map.put("sysUser", sysUser); + if (identity != null && identity == 2) { //获取部门用户信息 String departIds = sysUser.getDepartIds(); - if(StringUtils.isNotBlank(departIds)){ + if (StringUtils.isNotBlank(departIds)) { List departIdList = Arrays.asList(departIds.split(",")); - List childrenUser = sysUserService.queryByDepIds(departIdList,username); - map.put("children",childrenUser); + List childrenUser = sysUserService.queryByDepIds(departIdList, username); + map.put("children", childrenUser); } } return Result.ok(map); } + /** * 移动端查询部门用户信息 + * * @param departId * @return */ @GetMapping("/appQueryByDepartId") - public Result> appQueryByDepartId(@RequestParam(name="departId", required = false) String departId) { + public Result> appQueryByDepartId(@RequestParam(name = "departId", required = false) String departId) { Result> result = new Result>(); - List list=new ArrayList (); + List list = new ArrayList(); list.add(departId); - List childrenUser = sysUserService.queryByDepIds(list,null); + List childrenUser = sysUserService.queryByDepIds(list, null); result.setResult(childrenUser); return result; } + /** * 移动端查询用户信息(通过用户名模糊查询) + * * @param keyword * @return */ @GetMapping("/appQueryUser") public Result> appQueryUser(@RequestParam(name = "keyword", required = false) String keyword, @RequestParam(name = "username", required = false) String username, - @RequestParam(name="pageNo", defaultValue="1") Integer pageNo, - @RequestParam(name="pageSize", defaultValue="10") Integer pageSize,HttpServletRequest request) { + @RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo, + @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, HttpServletRequest request) { Result> result = new Result>(); - LambdaQueryWrapper queryWrapper =new LambdaQueryWrapper(); + LambdaQueryWrapper queryWrapper = new LambdaQueryWrapper(); //TODO 外部模拟登陆临时账号,列表不显示 - queryWrapper.ne(SysUser::getUsername,"_reserve_user_external"); + queryWrapper.ne(SysUser::getUsername, "_reserve_user_external"); //增加 username传参 - if(oConvertUtils.isNotEmpty(username)){ - if(username.contains(",")){ - queryWrapper.in(SysUser::getUsername,username.split(",")); - }else{ - queryWrapper.eq(SysUser::getUsername,username); + if (oConvertUtils.isNotEmpty(username)) { + if (username.contains(",")) { + queryWrapper.in(SysUser::getUsername, username.split(",")); + } else { + queryWrapper.eq(SysUser::getUsername, username); } - }else if(StringUtils.isNotBlank(keyword)){ + } else if (StringUtils.isNotBlank(keyword)) { queryWrapper.and(i -> i.like(SysUser::getUsername, keyword).or().like(SysUser::getRealname, keyword)); } //------------------------------------------------------------------------------------------------ //是否开启系统管理模块的多租户数据隔离【SAAS多租户模式】 if (MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL) { - String tenantId = oConvertUtils.getString(TokenUtils.getTenantIdByRequest(request),"-1"); + String tenantId = oConvertUtils.getString(TokenUtils.getTenantIdByRequest(request), "-1"); //update-begin---author:wangshuai ---date:20221223 for:[QQYUN-3371]租户逻辑改造,改成关系表------------ List userIds = userTenantService.getUserIdsByTenantId(Integer.valueOf(tenantId)); if (oConvertUtils.listIsNotEmpty(userIds)) { @@ -1513,9 +1525,9 @@ public class SysUserController { //step.1 先拿到全部的 useids //step.2 通过 useids,一次性查询用户的所属部门名字 List userIds = pageList.getRecords().stream().map(SysUser::getId).collect(Collectors.toList()); - if(userIds!=null && userIds.size()>0){ - Map useDepNames = sysUserService.getDepNamesByUserIds(userIds); - pageList.getRecords().forEach(item->{ + if (userIds != null && userIds.size() > 0) { + Map useDepNames = sysUserService.getDepNamesByUserIds(userIds); + pageList.getRecords().forEach(item -> { item.setOrgCodeTxt(useDepNames.get(item.getId())); }); } @@ -1525,37 +1537,38 @@ public class SysUserController { /** * 根据用户名修改手机号[该方法未使用] + * * @param json * @return */ @RequestMapping(value = "/updateMobile", method = RequestMethod.PUT) - public Result changMobile(@RequestBody JSONObject json,HttpServletRequest request) { + public Result changMobile(@RequestBody JSONObject json, HttpServletRequest request) { String smscode = json.getString("smscode"); String phone = json.getString("phone"); Result result = new Result(); //获取登录用户名 String username = JwtUtil.getUserNameByToken(request); - if(oConvertUtils.isEmpty(username) || oConvertUtils.isEmpty(smscode) || oConvertUtils.isEmpty(phone)) { + if (oConvertUtils.isEmpty(username) || oConvertUtils.isEmpty(smscode) || oConvertUtils.isEmpty(phone)) { result.setMessage("修改手机号失败!"); result.setSuccess(false); return result; } //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 - String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE+phone; - Object object= redisUtil.get(redisKey); + String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE + phone; + Object object = redisUtil.get(redisKey); //update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 - if(null==object) { + if (null == object) { result.setMessage("短信验证码失效!"); result.setSuccess(false); return result; } - if(!smscode.equals(object.toString())) { + if (!smscode.equals(object.toString())) { result.setMessage("短信验证码不匹配!"); result.setSuccess(false); return result; } SysUser user = sysUserService.getUserByName(username); - if(user==null) { + if (user == null) { return Result.error("用户不存在!"); } user.setPhone(phone); @@ -1566,17 +1579,18 @@ public class SysUserController { /** * 根据对象里面的属性值作in查询 属性可能会变 用户组件用到 + * * @param sysUser * @return */ @GetMapping("/getMultiUser") - public List getMultiUser(SysUser sysUser){ + public List getMultiUser(SysUser sysUser) { QueryWrapper queryWrapper = QueryGenerator.initQueryWrapper(sysUser, null); //update-begin---author:wangshuai ---date:20220104 for:[JTC-297]已冻结用户仍可设置为代理人------------ - queryWrapper.eq("status",Integer.parseInt(CommonConstant.STATUS_1)); + queryWrapper.eq("status", Integer.parseInt(CommonConstant.STATUS_1)); //update-end---author:wangshuai ---date:20220104 for:[JTC-297]已冻结用户仍可设置为代理人------------ List ls = this.sysUserService.list(queryWrapper); - for(SysUser user: ls){ + for (SysUser user : ls) { user.setPassword(null); user.setSalt(null); } @@ -1585,67 +1599,70 @@ public class SysUserController { /** * 聊天 创建聊天组件专用 根据用户账号、用户姓名、部门id分页查询 + * * @param departId 部门id - * @param keyword 搜索值 + * @param keyword 搜索值 * @return */ @GetMapping(value = "/getUserInformation") public Result> getUserInformation( - @RequestParam(name="pageNo", defaultValue="1") Integer pageNo, - @RequestParam(name="pageSize", defaultValue="10") Integer pageSize, + @RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo, + @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, @RequestParam(name = "departId", required = false) String departId, - @RequestParam(name="keyword",required=false) String keyword) { + @RequestParam(name = "keyword", required = false) String keyword) { //------------------------------------------------------------------------------------------------ Integer tenantId = null; //是否开启系统管理模块的多租户数据隔离【SAAS多租户模式】 - if(MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL){ - tenantId = oConvertUtils.getInt(TenantContext.getTenant(),0); + if (MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL) { + tenantId = oConvertUtils.getInt(TenantContext.getTenant(), 0); } //------------------------------------------------------------------------------------------------ - IPage pageList = sysUserDepartService.getUserInformation(tenantId,departId, keyword, pageSize, pageNo); + IPage pageList = sysUserDepartService.getUserInformation(tenantId, departId, keyword, pageSize, pageNo); return Result.OK(pageList); } /** * 简版流程用户选择组件 + * * @param departId 部门id - * @param roleId 角色id - * @param keyword 搜索值 + * @param roleId 角色id + * @param keyword 搜索值 * @return */ @GetMapping(value = "/selectUserList") public Result> selectUserList( - @RequestParam(name="pageNo", defaultValue="1") Integer pageNo, - @RequestParam(name="pageSize", defaultValue="10") Integer pageSize, + @RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo, + @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, @RequestParam(name = "departId", required = false) String departId, @RequestParam(name = "roleId", required = false) String roleId, - @RequestParam(name="keyword",required=false) String keyword, - @RequestParam(name="excludeUserIdList",required = false) String excludeUserIdList, + @RequestParam(name = "keyword", required = false) String keyword, + @RequestParam(name = "excludeUserIdList", required = false) String excludeUserIdList, HttpServletRequest req) { //------------------------------------------------------------------------------------------------ Integer tenantId = null; //是否开启系统管理模块的多租户数据隔离【SAAS多租户模式】 - if(MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL){ + if (MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL) { String tenantStr = TenantContext.getTenant(); tenantId = oConvertUtils.getInteger(tenantStr, oConvertUtils.getInt(TokenUtils.getTenantIdByRequest(req), -1)); log.info("---------简流中选择用户接口,通过租户筛选,租户ID={}", tenantId); } //------------------------------------------------------------------------------------------------ - IPage pageList = sysUserDepartService.getUserInformation(tenantId, departId,roleId, keyword, pageSize, pageNo,excludeUserIdList); + IPage pageList = sysUserDepartService.getUserInformation(tenantId, departId, roleId, keyword, pageSize, pageNo, excludeUserIdList); return Result.OK(pageList); } /** * 用户离职(新增代理人和用户状态变更操作)【低代码应用专用接口】 + * * @param sysUserAgent * @return */ @PutMapping("/userQuitAgent") - public Result userQuitAgent(@RequestBody SysUserAgent sysUserAgent){ + public Result userQuitAgent(@RequestBody SysUserAgent sysUserAgent) { //判断id是否为空 - if(oConvertUtils.isNotEmpty(sysUserAgent.getId())){ + if (oConvertUtils.isNotEmpty(sysUserAgent.getId())) { sysUserAgentService.updateById(sysUserAgent); - }else{ + } else { sysUserAgentService.save(sysUserAgent); } sysUserService.userQuit(sysUserAgent.getUserName()); @@ -1659,7 +1676,7 @@ public class SysUserController { */ @GetMapping("/getQuitList") public Result> getQuitList(HttpServletRequest req) { - Integer tenantId = oConvertUtils.getInt(TokenUtils.getTenantIdByRequest(req),0); + Integer tenantId = oConvertUtils.getInt(TokenUtils.getTenantIdByRequest(req), 0); List quitList = sysUserService.getQuitList(tenantId); if (null != quitList && quitList.size() > 0) { // 批量查询用户的所属部门 @@ -1674,22 +1691,23 @@ public class SysUserController { /** * 更新刪除状态和离职状态【低代码应用专用接口】 + * * @param jsonObject * @return Result */ @PutMapping("/putCancelQuit") - public Result putCancelQuit(@RequestBody JSONObject jsonObject, HttpServletRequest request){ + public Result putCancelQuit(@RequestBody JSONObject jsonObject, HttpServletRequest request) { String userIds = jsonObject.getString("userIds"); String usernames = jsonObject.getString("usernames"); - Integer tenantId = oConvertUtils.getInt(TokenUtils.getTenantIdByRequest(request),0); + Integer tenantId = oConvertUtils.getInt(TokenUtils.getTenantIdByRequest(request), 0); //将状态改成未删除 if (StringUtils.isNotBlank(userIds)) { - userTenantService.putCancelQuit(Arrays.asList(userIds.split(SymbolConstant.COMMA)),tenantId); + userTenantService.putCancelQuit(Arrays.asList(userIds.split(SymbolConstant.COMMA)), tenantId); } - if(StringUtils.isNotEmpty(usernames)){ + if (StringUtils.isNotEmpty(usernames)) { //根据用户名删除代理人 LambdaQueryWrapper query = new LambdaQueryWrapper<>(); - query.in(SysUserAgent::getUserName,Arrays.asList(usernames.split(SymbolConstant.COMMA))); + query.in(SysUserAgent::getUserName, Arrays.asList(usernames.split(SymbolConstant.COMMA))); sysUserAgentService.remove(query); } return Result.ok("取消离职成功"); @@ -1697,37 +1715,38 @@ public class SysUserController { /** * 获取用户信息(vue3用户设置专用)【低代码应用专用接口】 + * * @return */ @GetMapping("/login/setting/getUserData") public Result getUserData(HttpServletRequest request) { String username = JwtUtil.getUserNameByToken(request); SysUser user = sysUserService.getUserByName(username); - if(user==null) { + if (user == null) { return Result.error("未找到该用户数据"); } //update-begin---author:wangshuai ---date:20230220 for:[QQYUN-3980]组织管理中 职位功能 职位表加租户id 加职位-用户关联表------------ //获取用户id通过职位数据 List sysPositionList = sysPositionService.getPositionList(user.getId()); - if(null != sysPositionList && sysPositionList.size()>0){ - //update-end---author:wangshuai ---date:20230220 for:[QQYUN-3980]组织管理中 职位功能 职位表加租户id 加职位-用户关联表------------ + if (null != sysPositionList && sysPositionList.size() > 0) { + //update-end---author:wangshuai ---date:20230220 for:[QQYUN-3980]组织管理中 职位功能 职位表加租户id 加职位-用户关联表------------ StringBuilder nameBuilder = new StringBuilder(); StringBuilder idBuilder = new StringBuilder(); String verticalBar = " | "; - for (SysPosition sysPosition:sysPositionList){ + for (SysPosition sysPosition : sysPositionList) { nameBuilder.append(sysPosition.getName()).append(verticalBar); idBuilder.append(sysPosition.getId()).append(SymbolConstant.COMMA); } String names = nameBuilder.toString(); - if(oConvertUtils.isNotEmpty(names)){ - names = names.substring(0,names.lastIndexOf(verticalBar)); + if (oConvertUtils.isNotEmpty(names)) { + names = names.substring(0, names.lastIndexOf(verticalBar)); user.setPostText(names); } //拼接职位id String ids = idBuilder.toString(); - if(oConvertUtils.isNotEmpty(ids)){ - ids = ids.substring(0,ids.lastIndexOf(SymbolConstant.COMMA)); + if (oConvertUtils.isNotEmpty(ids)) { + ids = ids.substring(0, ids.lastIndexOf(SymbolConstant.COMMA)); user.setPost(ids); } } @@ -1736,6 +1755,7 @@ public class SysUserController { /** * 用户编辑(vue3用户设置专用)【低代码应用专用接口】 + * * @param sysUser * @return */ @@ -1744,10 +1764,10 @@ public class SysUserController { public Result userEdit(@RequestBody SysUser sysUser, HttpServletRequest request) { String username = JwtUtil.getUserNameByToken(request); SysUser user = sysUserService.getById(sysUser.getId()); - if(user==null) { - return Result.error("未找到该用户数据"); + if (user == null) { + return Result.error("未找到该用户数据"); } - if(!username.equals(user.getUsername())){ + if (!username.equals(user.getUsername())) { return Result.error("只能修改自己的数据"); } sysUserService.updateById(sysUser); @@ -1757,6 +1777,7 @@ public class SysUserController { /** * 修改个人头像 + * * @param sysUser * @return */ @@ -1764,10 +1785,10 @@ public class SysUserController { public Result editAvatar(@RequestBody SysUser sysUser, HttpServletRequest request) { String username = JwtUtil.getUserNameByToken(request); SysUser user = sysUserService.getById(sysUser.getId()); - if(user==null) { + if (user == null) { return Result.error("未找到该用户数据"); } - if(!username.equals(user.getUsername())){ + if (!username.equals(user.getUsername())) { return Result.error("只能修改自己的数据"); } SysUser sysUserEditAvatar = new SysUser(); @@ -1776,13 +1797,14 @@ public class SysUserController { sysUserService.updateById(sysUserEditAvatar); //修改员工表头像 - employeesInfoApi.upHeadPath(sysUser.getEmployeesId(),sysUser.getAvatar()); + employeesInfoApi.upHeadPath(sysUser.getEmployeesId(), sysUser.getAvatar()); return Result.ok("更新个人信息成功"); } /** * 批量修改 【low-app】 + * * @param jsonObject * @return */ @@ -1802,28 +1824,31 @@ public class SysUserController { /** * 根据关键词搜索部门和用户【low-app】 + * * @param keyword * @return */ @GetMapping("/searchByKeyword") - public Result searchByKeyword(@RequestParam(name="keyword",required=false) String keyword) { + public Result searchByKeyword(@RequestParam(name = "keyword", required = false) String keyword) { DepartAndUserInfo info = sysUserService.searchByKeyword(keyword); return Result.ok(info); } /** * 编辑部门前获取部门相关信息 【low-app】 + * * @param id * @return */ @GetMapping("/getUpdateDepartInfo") - public Result getUpdateDepartInfo(@RequestParam(name="id",required=false) String id) { + public Result getUpdateDepartInfo(@RequestParam(name = "id", required = false) String id) { UpdateDepartInfo info = sysUserService.getUpdateDepartInfo(id); return Result.ok(info); } /** * 编辑部门 【low-app】 + * * @param updateDepartInfo * @return */ @@ -1835,6 +1860,7 @@ public class SysUserController { /** * 设置负责人 取消负责人 + * * @param json * @return */ @@ -1846,37 +1872,39 @@ public class SysUserController { /** * 修改租户下的用户【低代码应用专用接口】 + * * @param sysUser * @param req * @return */ - @RequestMapping(value = "/editTenantUser", method = {RequestMethod.PUT,RequestMethod.POST}) - public Result editTenantUser(@RequestBody SysUser sysUser,HttpServletRequest req){ + @RequestMapping(value = "/editTenantUser", method = {RequestMethod.PUT, RequestMethod.POST}) + public Result editTenantUser(@RequestBody SysUser sysUser, HttpServletRequest req) { Result result = new Result<>(); String tenantId = TokenUtils.getTenantIdByRequest(req); - if(oConvertUtils.isEmpty(tenantId)){ + if (oConvertUtils.isEmpty(tenantId)) { return result.error500("无权修改他人信息!"); } LambdaQueryWrapper query = new LambdaQueryWrapper<>(); - query.eq(SysUserTenant::getTenantId,Integer.valueOf(tenantId)); - query.eq(SysUserTenant::getUserId,sysUser.getId()); + query.eq(SysUserTenant::getTenantId, Integer.valueOf(tenantId)); + query.eq(SysUserTenant::getUserId, sysUser.getId()); SysUserTenant one = userTenantService.getOne(query); - if(null == one){ + if (null == one) { return result.error500("非当前租户下的用户,不允许修改!"); } String departs = req.getParameter("selecteddeparts"); - sysUserService.editTenantUser(sysUser,tenantId,departs,null); + sysUserService.editTenantUser(sysUser, tenantId, departs, null); return Result.ok("修改成功"); } /** * 切换租户时 需要修改 loginTenantId * QQYUN-4491 【应用】一些小问题 1、上次选中登录的租户,下次登录未记忆 + * * @param sysUser * @return */ @PutMapping("/changeLoginTenantId") - public Result changeLoginTenantId(@RequestBody SysUser sysUser){ + public Result changeLoginTenantId(@RequestBody SysUser sysUser) { Result result = new Result<>(); Integer tenantId = sysUser.getLoginTenantId(); LoginUser loginUser = (LoginUser) SecurityUtils.getSubject().getPrincipal(); @@ -1887,7 +1915,7 @@ public class SysUserController { query.eq(SysUserTenant::getTenantId, tenantId); query.eq(SysUserTenant::getUserId, userId); SysUserTenant one = userTenantService.getOne(query); - if(null == one){ + if (null == one) { return result.error500("非租户下的用户,不允许修改!"); } @@ -1902,6 +1930,7 @@ public class SysUserController { /** * 应用用户导出 + * * @param request * @return */ @@ -1910,13 +1939,14 @@ public class SysUserController { return sysUserService.exportAppUser(request); } - /** + /** * 应用用户导入 + * * @param request * @return */ @RequestMapping(value = "/importAppUser", method = RequestMethod.POST) - public Result importAppUser(HttpServletRequest request, HttpServletResponse response)throws IOException { + public Result importAppUser(HttpServletRequest request, HttpServletResponse response) throws IOException { return sysUserService.importAppUser(request); } @@ -1927,10 +1957,10 @@ public class SysUserController { * @param request */ @PutMapping("/changePhone") - public Result changePhone(@RequestBody JSONObject json, HttpServletRequest request){ + public Result changePhone(@RequestBody JSONObject json, HttpServletRequest request) { //获取登录用户名 String username = JwtUtil.getUserNameByToken(request); - sysUserService.changePhone(json,username); + sysUserService.changePhone(json, username); return Result.ok("修改手机号成功!"); } @@ -1972,4 +2002,5 @@ public class SysUserController { result.setMessage("发送验证码成功!"); return result; } + } diff --git a/nursing-unit-system/nu-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserOnlineController.java b/nursing-unit-system/nu-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserOnlineController.java index acda73b5..8176a409 100644 --- a/nursing-unit-system/nu-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserOnlineController.java +++ b/nursing-unit-system/nu-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserOnlineController.java @@ -50,12 +50,12 @@ public class SysUserOnlineController { private BaseCommonService baseCommonService; @RequestMapping(value = "/list", method = RequestMethod.GET) - public Result> list(@RequestParam(name="username", required=false) String username, - @RequestParam(name="pageNo", defaultValue="1") Integer pageNo, @RequestParam(name="pageSize", defaultValue="10") Integer pageSize) { + public Result> list(@RequestParam(name = "username", required = false) String username, + @RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo, @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize) { Collection keys = redisUtil.scan(CommonConstant.PREFIX_USER_TOKEN + "*"); List onlineList = new ArrayList(); for (String key : keys) { - String token = (String)redisUtil.get(key); + String token = (String) redisUtil.get(key); if (StringUtils.isNotEmpty(token)) { SysUserOnlineVO online = new SysUserOnlineVO(); online.setToken(token); @@ -64,12 +64,12 @@ public class SysUserOnlineController { if (loginUser != null && !"_reserve_user_external".equals(loginUser.getUsername())) { //update-begin---author:wangshuai ---date:20220104 for:[JTC-382]在线用户查询无效------------ //验证用户名是否与传过来的用户名相同 - boolean isMatchUsername=true; + boolean isMatchUsername = true; //判断用户名是否为空,并且当前循环的用户不包含传过来的用户名,那么就设成false - if(oConvertUtils.isNotEmpty(username) && !loginUser.getUsername().contains(username)){ + if (oConvertUtils.isNotEmpty(username) && !loginUser.getUsername().contains(username)) { isMatchUsername = false; } - if(isMatchUsername){ + if (isMatchUsername) { BeanUtils.copyProperties(loginUser, online); onlineList.add(online); } @@ -103,17 +103,17 @@ public class SysUserOnlineController { /** * 强退用户 */ - @RequestMapping(value = "/forceLogout",method = RequestMethod.POST) + @RequestMapping(value = "/forceLogout", method = RequestMethod.POST) public Result forceLogout(@RequestBody SysUserOnlineVO online) { //用户退出逻辑 - if(oConvertUtils.isEmpty(online.getToken())) { + if (oConvertUtils.isEmpty(online.getToken())) { return Result.error("退出登录失败!"); } String username = JwtUtil.getUsername(online.getToken()); LoginUser sysUser = sysBaseApi.getUserByName(username); - if(sysUser!=null) { - baseCommonService.addLog("强制: "+sysUser.getRealname()+"退出成功!", CommonConstant.LOG_TYPE_1, null,sysUser); - log.info(" 强制 "+sysUser.getRealname()+"退出成功! "); + if (sysUser != null) { + baseCommonService.addLog("强制: " + sysUser.getRealname() + "退出成功!", CommonConstant.LOG_TYPE_1, null, sysUser); + log.info(" 强制 " + sysUser.getRealname() + "退出成功! "); //清空用户登录Token缓存 redisUtil.del(CommonConstant.PREFIX_USER_TOKEN + online.getToken()); //清空用户登录Shiro权限缓存 @@ -123,8 +123,47 @@ public class SysUserOnlineController { //调用shiro的logout SecurityUtils.getSubject().logout(); return Result.ok("退出登录成功!"); - }else { + } else { return Result.error("Token无效!"); } } + + @RequestMapping(value = "/forceLogoutByUsername", method = RequestMethod.POST) + public Result forceLogoutByUsername(@RequestBody SysUserOnlineVO userVo) { + + Collection keys = redisUtil.scan(CommonConstant.PREFIX_USER_TOKEN + "*"); + List onlineList = new ArrayList(); + for (String key : keys) { + String token = (String) redisUtil.get(key); + if (StringUtils.isNotEmpty(token)) { + SysUserOnlineVO online = new SysUserOnlineVO(); + online.setToken(token); + LoginUser loginUser = sysBaseApi.getUserByName(JwtUtil.getUsername(token)); + if (loginUser != null && loginUser.getUsername().equals(userVo.getUsername())){ + //用户退出逻辑 + if (oConvertUtils.isEmpty(online.getToken())) { + return Result.error("退出登录失败!"); + } + String username = JwtUtil.getUsername(online.getToken()); + LoginUser sysUser = sysBaseApi.getUserByName(username); + if (sysUser != null) { + baseCommonService.addLog("强制: " + sysUser.getRealname() + "退出成功!", CommonConstant.LOG_TYPE_1, null, sysUser); + log.info(" 强制 " + sysUser.getRealname() + "退出成功! "); + //清空用户登录Token缓存 + redisUtil.del(CommonConstant.PREFIX_USER_TOKEN + online.getToken()); + //清空用户登录Shiro权限缓存 + redisUtil.del(CommonConstant.PREFIX_USER_SHIRO_CACHE + sysUser.getId()); + //清空用户的缓存信息(包括部门信息),例如sys:cache:user:: + redisUtil.del(String.format("%s::%s", CacheConstant.SYS_USERS_CACHE, sysUser.getUsername())); + //调用shiro的logout + SecurityUtils.getSubject().logout(); + return Result.ok("退出登录成功!"); + } else { + return Result.error("Token无效!"); + } + } + } + } + return Result.ok(); + } } diff --git a/nursing-unit-system/nu-system-biz/src/main/java/org/jeecg/modules/system/service/ISysUserService.java b/nursing-unit-system/nu-system-biz/src/main/java/org/jeecg/modules/system/service/ISysUserService.java index 3384f0b1..fd21397f 100644 --- a/nursing-unit-system/nu-system-biz/src/main/java/org/jeecg/modules/system/service/ISysUserService.java +++ b/nursing-unit-system/nu-system-biz/src/main/java/org/jeecg/modules/system/service/ISysUserService.java @@ -467,4 +467,5 @@ public interface ISysUserService extends IService { * @param izOnline */ void modifyEmpOnline(SysUser sysUser, String izOnline); + } diff --git a/nursing-unit-system/nu-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysUserServiceImpl.java b/nursing-unit-system/nu-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysUserServiceImpl.java index 02c7d9c7..e0a6b9df 100644 --- a/nursing-unit-system/nu-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysUserServiceImpl.java +++ b/nursing-unit-system/nu-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysUserServiceImpl.java @@ -2111,14 +2111,15 @@ public class SysUserServiceImpl extends ServiceImpl impl /** * 修改员工在线状态 + * * @param sysUser * @param izOnline */ @Override - public void modifyEmpOnline(SysUser sysUser, String izOnline){ + public void modifyEmpOnline(SysUser sysUser, String izOnline) { String employeeId = sysUser.getEmployeesId(); - if(employeeId!=null&&!employeeId.equals("")){ - userMapper.modifyEmpOnline(employeeId,izOnline); + if (employeeId != null && !employeeId.equals("")) { + userMapper.modifyEmpOnline(employeeId, izOnline); } } }