From a8a423c416fbd310855847123f757c5424e1e75c Mon Sep 17 00:00:00 2001
From: dhb52 <dhb52@126.com>
Date: Fri, 7 Jun 2024 15:37:29 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8DSystemUserController?=
 =?UTF-8?q?=E8=8B=A5=E5=B9=B2bug=20:(?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../web/controller/SystemUserController.java    | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/snail-job-server/snail-job-server-web/src/main/java/com/aizuda/snailjob/server/web/controller/SystemUserController.java b/snail-job-server/snail-job-server-web/src/main/java/com/aizuda/snailjob/server/web/controller/SystemUserController.java
index 709d420b..29e2d89f 100644
--- a/snail-job-server/snail-job-server-web/src/main/java/com/aizuda/snailjob/server/web/controller/SystemUserController.java
+++ b/snail-job-server/snail-job-server-web/src/main/java/com/aizuda/snailjob/server/web/controller/SystemUserController.java
@@ -1,5 +1,6 @@
 package com.aizuda.snailjob.server.web.controller;
 
+import cn.hutool.core.lang.Assert;
 import com.aizuda.snailjob.server.common.exception.SnailJobServerException;
 import com.aizuda.snailjob.server.web.annotation.LoginRequired;
 import com.aizuda.snailjob.server.web.annotation.LoginUser;
@@ -11,6 +12,7 @@ import com.aizuda.snailjob.server.web.model.request.UserSessionVO;
 import com.aizuda.snailjob.server.web.model.response.PermissionsResponseVO;
 import com.aizuda.snailjob.server.web.model.response.SystemUserResponseVO;
 import com.aizuda.snailjob.server.web.service.SystemUserService;
+import com.aizuda.snailjob.server.web.util.UserSessionUtils;
 import jakarta.validation.Valid;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
@@ -26,7 +28,7 @@ import java.util.List;
 @RestController
 public class SystemUserController {
 
-    private final Long SUPER_ADMIN_ID = 1L;
+    private static final Long SUPER_ADMIN_ID = 1L;
 
     @Autowired
     private SystemUserService systemUserService;
@@ -54,10 +56,15 @@ public class SystemUserController {
         return systemUserService.getSystemUserPageList(systemUserQueryVO);
     }
 
-    @LoginRequired(role = RoleEnum.ADMIN)
     @PutMapping("/user")
     public void update(@RequestBody @Valid SystemUserRequestVO requestVO) {
-        if (requestVO.getId() == SUPER_ADMIN_ID && RoleEnum.isAdmin(requestVO.getRole())) {
+        // 1. 普通用户不允许修改其他用户
+        if (!SUPER_ADMIN_ID.equals(requestVO.getId())) {
+            Assert.equals(UserSessionUtils.currentUserSession().getId(), requestVO.getId(),
+                    "普通用户不允许修改其他用户");
+        }
+        // 2. 超级管理员(id=1)不能变更为普通用户
+        if (SUPER_ADMIN_ID.equals(requestVO.getId()) && RoleEnum.isUser(requestVO.getRole())) {
             throw new SnailJobServerException("不允许修改超级管理员角色");
         }
         systemUserService.update(requestVO);
@@ -75,10 +82,10 @@ public class SystemUserController {
         return systemUserService.getSystemUserPermissionByUserName(id);
     }
 
-    @LoginRequired
+    @LoginRequired(role = RoleEnum.ADMIN)
     @DeleteMapping("/user/{id}")
     public boolean delUser(@PathVariable("id") Long id) {
-        if (id == SUPER_ADMIN_ID) {
+        if (SUPER_ADMIN_ID.equals(id)) {
             throw new SnailJobServerException("不允许删除超级管理员");
         }
         return systemUserService.delUser(id);