fix: 修复SystemUserController若干bug :(

2024-06-07 15:37:29 +08:00 · 2024-06-07 15:37:29 +08:00 · a8a423c416
commit a8a423c416
parent 5e32dc2cd7
1 changed files with 12 additions and 5 deletions
--- a/snail-job-server/snail-job-server-web/src/main/java/com/aizuda/snailjob/server/web/controller/SystemUserController.java
+++ b/snail-job-server/snail-job-server-web/src/main/java/com/aizuda/snailjob/server/web/controller/SystemUserController.java
@ -1,5 +1,6 @@
 package com.aizuda.snailjob.server.web.controller;

+import cn.hutool.core.lang.Assert;
 import com.aizuda.snailjob.server.common.exception.SnailJobServerException;
 import com.aizuda.snailjob.server.web.annotation.LoginRequired;
 import com.aizuda.snailjob.server.web.annotation.LoginUser;
@ -11,6 +12,7 @@ import com.aizuda.snailjob.server.web.model.request.UserSessionVO;
 import com.aizuda.snailjob.server.web.model.response.PermissionsResponseVO;
 import com.aizuda.snailjob.server.web.model.response.SystemUserResponseVO;
 import com.aizuda.snailjob.server.web.service.SystemUserService;
+import com.aizuda.snailjob.server.web.util.UserSessionUtils;
 import jakarta.validation.Valid;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
@ -26,7 +28,7 @@ import java.util.List;
@RestController
 public class SystemUserController {

-    private final Long SUPER_ADMIN_ID = 1L;
+    private static final Long SUPER_ADMIN_ID = 1L;

    @Autowired
    private SystemUserService systemUserService;
@ -54,10 +56,15 @@ public class SystemUserController {
        return systemUserService.getSystemUserPageList(systemUserQueryVO);
    }

-    @LoginRequired(role = RoleEnum.ADMIN)
    @PutMapping("/user")
    public void update(@RequestBody @Valid SystemUserRequestVO requestVO) {
-        if (requestVO.getId() == SUPER_ADMIN_ID && RoleEnum.isAdmin(requestVO.getRole())) {
+        // 1. 普通用户不允许修改其他用户
+        if (!SUPER_ADMIN_ID.equals(requestVO.getId())) {
+            Assert.equals(UserSessionUtils.currentUserSession().getId(), requestVO.getId(),
+                    "普通用户不允许修改其他用户");
+        }
+        // 2. 超级管理员(id=1)不能变更为普通用户
+        if (SUPER_ADMIN_ID.equals(requestVO.getId()) && RoleEnum.isUser(requestVO.getRole())) {
            throw new SnailJobServerException("不允许修改超级管理员角色");
        }
        systemUserService.update(requestVO);
@ -75,10 +82,10 @@ public class SystemUserController {
        return systemUserService.getSystemUserPermissionByUserName(id);
    }

-    @LoginRequired
+    @LoginRequired(role = RoleEnum.ADMIN)
    @DeleteMapping("/user/{id}")
    public boolean delUser(@PathVariable("id") Long id) {
-        if (id == SUPER_ADMIN_ID) {
+        if (SUPER_ADMIN_ID.equals(id)) {
            throw new SnailJobServerException("不允许删除超级管理员");
        }
        return systemUserService.delUser(id);