From a8a423c416fbd310855847123f757c5424e1e75c Mon Sep 17 00:00:00 2001
From: dhb52 <dhb52@126.com>
Date: Fri, 7 Jun 2024 15:37:29 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8DSystemUserController?=
=?UTF-8?q?=E8=8B=A5=E5=B9=B2bug=20:(?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../web/controller/SystemUserController.java | 17 ++++++++++++-----
1 file changed, 12 insertions(+), 5 deletions(-)
diff --git a/snail-job-server/snail-job-server-web/src/main/java/com/aizuda/snailjob/server/web/controller/SystemUserController.java b/snail-job-server/snail-job-server-web/src/main/java/com/aizuda/snailjob/server/web/controller/SystemUserController.java
index 709d420b..29e2d89f 100644
--- a/snail-job-server/snail-job-server-web/src/main/java/com/aizuda/snailjob/server/web/controller/SystemUserController.java
+++ b/snail-job-server/snail-job-server-web/src/main/java/com/aizuda/snailjob/server/web/controller/SystemUserController.java
@@ -1,5 +1,6 @@
package com.aizuda.snailjob.server.web.controller;
+import cn.hutool.core.lang.Assert;
import com.aizuda.snailjob.server.common.exception.SnailJobServerException;
import com.aizuda.snailjob.server.web.annotation.LoginRequired;
import com.aizuda.snailjob.server.web.annotation.LoginUser;
@@ -11,6 +12,7 @@ import com.aizuda.snailjob.server.web.model.request.UserSessionVO;
import com.aizuda.snailjob.server.web.model.response.PermissionsResponseVO;
import com.aizuda.snailjob.server.web.model.response.SystemUserResponseVO;
import com.aizuda.snailjob.server.web.service.SystemUserService;
+import com.aizuda.snailjob.server.web.util.UserSessionUtils;
import jakarta.validation.Valid;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;
@@ -26,7 +28,7 @@ import java.util.List;
@RestController
public class SystemUserController {
- private final Long SUPER_ADMIN_ID = 1L;
+ private static final Long SUPER_ADMIN_ID = 1L;
@Autowired
private SystemUserService systemUserService;
@@ -54,10 +56,15 @@ public class SystemUserController {
return systemUserService.getSystemUserPageList(systemUserQueryVO);
}
- @LoginRequired(role = RoleEnum.ADMIN)
@PutMapping("/user")
public void update(@RequestBody @Valid SystemUserRequestVO requestVO) {
- if (requestVO.getId() == SUPER_ADMIN_ID && RoleEnum.isAdmin(requestVO.getRole())) {
+ // 1. 普通用户不允许修改其他用户
+ if (!SUPER_ADMIN_ID.equals(requestVO.getId())) {
+ Assert.equals(UserSessionUtils.currentUserSession().getId(), requestVO.getId(),
+ "普通用户不允许修改其他用户");
+ }
+ // 2. 超级管理员(id=1)不能变更为普通用户
+ if (SUPER_ADMIN_ID.equals(requestVO.getId()) && RoleEnum.isUser(requestVO.getRole())) {
throw new SnailJobServerException("不允许修改超级管理员角色");
}
systemUserService.update(requestVO);
@@ -75,10 +82,10 @@ public class SystemUserController {
return systemUserService.getSystemUserPermissionByUserName(id);
}
- @LoginRequired
+ @LoginRequired(role = RoleEnum.ADMIN)
@DeleteMapping("/user/{id}")
public boolean delUser(@PathVariable("id") Long id) {
- if (id == SUPER_ADMIN_ID) {
+ if (SUPER_ADMIN_ID.equals(id)) {
throw new SnailJobServerException("不允许删除超级管理员");
}
return systemUserService.delUser(id);