GTsoft/gtsoft-snail-job-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(sj_1.0.0): 更新用户信息只限制管理员

Browse Source
This commit is contained in:
opensnail 2024-06-08 09:56:08 +08:00
parent 2a393b63e6
commit a4ad3d3387
1 changed files with 5 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
snail-job-server/snail-job-server-web/src/main/java/com/aizuda/snailjob/server/web/controller/SystemUserController.java
View File

@ -1,6 +1,5 @@
package com.aizuda.snailjob.server.web.controller; package com.aizuda.snailjob.server.web.controller;
import cn.hutool.core.lang.Assert;
import com.aizuda.snailjob.server.common.exception.SnailJobServerException; import com.aizuda.snailjob.server.common.exception.SnailJobServerException;
import com.aizuda.snailjob.server.web.annotation.LoginRequired; import com.aizuda.snailjob.server.web.annotation.LoginRequired;
import com.aizuda.snailjob.server.web.annotation.LoginUser; import com.aizuda.snailjob.server.web.annotation.LoginUser;
@ -12,9 +11,8 @@ import com.aizuda.snailjob.server.web.model.request.UserSessionVO;
import com.aizuda.snailjob.server.web.model.response.PermissionsResponseVO; import com.aizuda.snailjob.server.web.model.response.PermissionsResponseVO;
import com.aizuda.snailjob.server.web.model.response.SystemUserResponseVO; import com.aizuda.snailjob.server.web.model.response.SystemUserResponseVO;
import com.aizuda.snailjob.server.web.service.SystemUserService; import com.aizuda.snailjob.server.web.service.SystemUserService;
import com.aizuda.snailjob.server.web.util.UserSessionUtils;
import jakarta.validation.Valid; import jakarta.validation.Valid;
import org.springframework.beans.factory.annotation.Autowired; import lombok.RequiredArgsConstructor;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import java.util.List; import java.util.List;
@ -26,12 +24,11 @@ import java.util.List;
* @since 2022-03-05 * @since 2022-03-05
*/ */
@RestController @RestController
@RequiredArgsConstructor
public class SystemUserController { public class SystemUserController {
private static final Long SUPER_ADMIN_ID = 1L; private static final Long SUPER_ADMIN_ID = 1L;
private final SystemUserService systemUserService;
@Autowired
private SystemUserService systemUserService;
@PostMapping("/auth/login") @PostMapping("/auth/login")
public SystemUserResponseVO login(@RequestBody SystemUserRequestVO requestVO) { public SystemUserResponseVO login(@RequestBody SystemUserRequestVO requestVO) {
@ -56,14 +53,10 @@ public class SystemUserController {
return systemUserService.getSystemUserPageList(systemUserQueryVO); return systemUserService.getSystemUserPageList(systemUserQueryVO);
} }
@LoginRequired(role = RoleEnum.ADMIN)
@PutMapping("/user") @PutMapping("/user")
public void update(@RequestBody @Valid SystemUserRequestVO requestVO) { public void update(@RequestBody @Valid SystemUserRequestVO requestVO) {
// 1. 普通用户不允许修改其他用户 // 1. 超级管理员(id=1)不能变更为普通用户
if (!SUPER_ADMIN_ID.equals(requestVO.getId())) {
Assert.equals(UserSessionUtils.currentUserSession().getId(), requestVO.getId(),
"普通用户不允许修改其他用户");
}
// 2. 超级管理员(id=1)不能变更为普通用户
if (SUPER_ADMIN_ID.equals(requestVO.getId()) && RoleEnum.isUser(requestVO.getRole())) { if (SUPER_ADMIN_ID.equals(requestVO.getId()) && RoleEnum.isUser(requestVO.getRole())) {
throw new SnailJobServerException("不允许修改超级管理员角色"); throw new SnailJobServerException("不允许修改超级管理员角色");
} }