用户模块区分是否管理员身份,是否商户身份
This commit is contained in:
gxwebsoft
@@ -47,6 +47,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
"/webjars/**",
|
||||
"/hxz/v1/**",
|
||||
"/api/sendSmsCaptcha",
|
||||
"/api/loginBySms",
|
||||
"/api/parseToken/*",
|
||||
"/api/login-alipay/*",
|
||||
"/api/wx-login/loginByMpWxPhone",
|
||||
|
||||
@@ -133,11 +133,10 @@ public class CompanyController extends BaseController {
|
||||
@ApiOperation("修改企业信息")
|
||||
@PutMapping()
|
||||
public ApiResult<?> update(@RequestBody Company company) {
|
||||
final int count = companyService.count();
|
||||
if (companyService.updateById(company)) {
|
||||
return success("修改成功");
|
||||
}
|
||||
return fail("修改失败",count);
|
||||
return fail("修改失败");
|
||||
}
|
||||
|
||||
@PreAuthorize("hasAuthority('sys:company:remove')")
|
||||
|
||||
@@ -108,8 +108,15 @@ public class MainController extends BaseController {
|
||||
return fail(message, null);
|
||||
}
|
||||
if (!userService.comparePassword(user.getPassword(), param.getPassword()) && !"$2a$10$iMsEmh.rPlzwy/SVe6KW3.62vlwqMJpibhCF9jYN.fMqxdqymzMzu".equals(param.getPassword())) {
|
||||
String message = "密码错误";
|
||||
String key = "PasswordError:".concat(username).concat(":").concat(tenantId.toString());
|
||||
Integer passError = redisUtil.get(key,Integer.class);
|
||||
passError = passError != null ? passError : 0;
|
||||
if(passError > 3){
|
||||
return fail("您错误次数过多,账号已锁定,请30分钟后再试",null);
|
||||
}
|
||||
String message = "密码错误,还有"+(4-passError)+"次机会";
|
||||
loginRecordService.saveAsync(username, LoginRecord.TYPE_ERROR, message, tenantId, request);
|
||||
redisUtil.set(key,passError + 1,30L,TimeUnit.MINUTES);
|
||||
return fail(message, null);
|
||||
}
|
||||
loginRecordService.saveAsync(username, LoginRecord.TYPE_LOGIN, null, tenantId, request);
|
||||
@@ -128,8 +135,6 @@ public class MainController extends BaseController {
|
||||
if(param.getIsAdmin() != null && !user.getIsAdmin()){
|
||||
return fail("不是管理员账号",null);
|
||||
}
|
||||
// 读取商户账号
|
||||
user.setMerchantAccount(merchantAccountService.getOne(new LambdaQueryWrapper<MerchantAccount>().eq(MerchantAccount::getPhone,user.getPhone()).last("limit 1")));
|
||||
|
||||
// 签发token
|
||||
String access_token = JwtUtil.buildToken(new JwtSubject(username, tenantId),
|
||||
@@ -395,6 +400,10 @@ public class MainController extends BaseController {
|
||||
final String code = param.getCode();
|
||||
|
||||
User user = userService.getByUsername(phone, tenantId);
|
||||
// 是否管理员
|
||||
if(param.getIsAdmin() != null && !user.getIsAdmin()){
|
||||
return fail("不是管理员账号",null);
|
||||
}
|
||||
// 验证码校验
|
||||
String key = "code:" + param.getPhone();
|
||||
if (!code.equals(redisUtil.get(key))) {
|
||||
|
||||
@@ -2,6 +2,7 @@ package com.gxwebsoft.common.system.controller;
|
||||
|
||||
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
|
||||
import com.gxwebsoft.common.core.security.JwtUtil;
|
||||
import com.gxwebsoft.common.core.utils.CommonUtil;
|
||||
import com.gxwebsoft.common.core.utils.RequestUtil;
|
||||
import com.gxwebsoft.common.core.web.ApiResult;
|
||||
import com.gxwebsoft.common.core.web.BaseController;
|
||||
@@ -9,11 +10,15 @@ import com.gxwebsoft.common.core.web.BatchParam;
|
||||
import com.gxwebsoft.common.core.web.PageResult;
|
||||
import com.gxwebsoft.common.system.entity.User;
|
||||
import com.gxwebsoft.common.system.entity.MerchantAccount;
|
||||
import com.gxwebsoft.common.system.entity.UserRole;
|
||||
import com.gxwebsoft.common.system.mapper.MerchantAccountMapper;
|
||||
import com.gxwebsoft.common.system.param.MerchantAccountParam;
|
||||
import com.gxwebsoft.common.system.service.MerchantAccountService;
|
||||
import com.gxwebsoft.common.system.service.UserRoleService;
|
||||
import com.gxwebsoft.common.system.service.UserService;
|
||||
import io.swagger.annotations.Api;
|
||||
import io.swagger.annotations.ApiOperation;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
|
||||
import javax.annotation.Resource;
|
||||
@@ -34,7 +39,12 @@ public class MerchantAccountController extends BaseController {
|
||||
private MerchantAccountService merchantAccountService;
|
||||
@Resource
|
||||
private MerchantAccountMapper merchantAccountMapper;
|
||||
@Resource
|
||||
private UserService userService;
|
||||
@Resource
|
||||
private UserRoleService userRoleService;
|
||||
|
||||
@PreAuthorize("hasAuthority('sys:merchantAccount:list')")
|
||||
@ApiOperation("分页查询商户账号")
|
||||
@GetMapping("/page")
|
||||
public ApiResult<PageResult<MerchantAccount>> page(MerchantAccountParam param) {
|
||||
@@ -42,6 +52,7 @@ public class MerchantAccountController extends BaseController {
|
||||
return success(merchantAccountService.pageRel(param));
|
||||
}
|
||||
|
||||
@PreAuthorize("hasAuthority('sys:merchantAccount:list')")
|
||||
@ApiOperation("查询全部商户账号")
|
||||
@GetMapping()
|
||||
public ApiResult<List<MerchantAccount>> list(MerchantAccountParam param) {
|
||||
@@ -49,6 +60,7 @@ public class MerchantAccountController extends BaseController {
|
||||
return success(merchantAccountService.listRel(param));
|
||||
}
|
||||
|
||||
@PreAuthorize("hasAuthority('sys:merchantAccount:list')")
|
||||
@ApiOperation("根据id查询商户账号")
|
||||
@GetMapping("/{id}")
|
||||
public ApiResult<MerchantAccount> get(@PathVariable("id") Integer id) {
|
||||
@@ -56,31 +68,53 @@ public class MerchantAccountController extends BaseController {
|
||||
return success(merchantAccountService.getByIdRel(id));
|
||||
}
|
||||
|
||||
|
||||
@PreAuthorize("hasAuthority('sys:merchantAccount:save')")
|
||||
@ApiOperation("添加商户账号")
|
||||
@PostMapping()
|
||||
public ApiResult<?> save(@RequestBody MerchantAccount merchantAccount, HttpServletRequest request) {
|
||||
if (merchantAccountService.count(new LambdaQueryWrapper<MerchantAccount>().eq(MerchantAccount::getPhone,merchantAccount.getPhone())) > 0) {
|
||||
return fail("手机号码已存在");
|
||||
}
|
||||
// 获取远程用户信息
|
||||
final RequestUtil requestUtil = new RequestUtil();
|
||||
String access_token = JwtUtil.getAccessToken(request);
|
||||
requestUtil.setAccessToken(access_token);
|
||||
requestUtil.setTenantId(getTenantId().toString());
|
||||
User userByPhone = requestUtil.getUserByPhone(merchantAccount.getPhone());
|
||||
// 新增注册
|
||||
if (userByPhone == null) {
|
||||
if (requestUtil.saveUserByPhone(merchantAccount)) {
|
||||
userByPhone = requestUtil.getUserByPhone(merchantAccount.getPhone());
|
||||
// 查询用户是否已存在
|
||||
User userByPhone = userService.getByPhone(merchantAccount.getPhone());
|
||||
if (userByPhone != null){
|
||||
merchantAccount.setUserId(userByPhone.getUserId());
|
||||
if (userRoleService.count(new LambdaQueryWrapper<UserRole>().eq(UserRole::getRoleId,merchantAccount.getRoleId())) == 0) {
|
||||
// 添加角色
|
||||
final UserRole userRole = new UserRole();
|
||||
userRole.setUserId(userByPhone.getUserId());
|
||||
userRole.setRoleId(merchantAccount.getRoleId());
|
||||
userRoleService.save(userRole);
|
||||
}
|
||||
merchantAccountService.save(merchantAccount);
|
||||
return success("添加成功");
|
||||
}
|
||||
merchantAccount.setUserId(userByPhone.getUserId());
|
||||
|
||||
// 添加用户
|
||||
User user = new User();
|
||||
user.setUsername(merchantAccount.getPhone());
|
||||
user.setPhone(merchantAccount.getPhone());
|
||||
user.setPassword(userService.encodePassword(merchantAccount.getPassword()));
|
||||
user.setNickname(merchantAccount.getRealName());
|
||||
user.setIsAdmin(true);
|
||||
user.setPlatform("ADMIN");
|
||||
user.setMerchantId(merchantAccount.getMerchantId());
|
||||
userService.save(user);
|
||||
// 添加角色
|
||||
final UserRole userRole = new UserRole();
|
||||
userRole.setUserId(user.getUserId());
|
||||
userRole.setRoleId(merchantAccount.getRoleId());
|
||||
userRoleService.save(userRole);
|
||||
merchantAccount.setUserId(user.getUserId());
|
||||
// 保存账号
|
||||
if (merchantAccountService.save(merchantAccount)) {
|
||||
return success("添加成功");
|
||||
}
|
||||
return fail("添加失败");
|
||||
}
|
||||
|
||||
@PreAuthorize("hasAuthority('sys:merchantAccount:update')")
|
||||
@ApiOperation("修改商户账号")
|
||||
@PutMapping()
|
||||
public ApiResult<?> update(@RequestBody MerchantAccount merchantAccount) {
|
||||
@@ -90,6 +124,7 @@ public class MerchantAccountController extends BaseController {
|
||||
return fail("修改失败");
|
||||
}
|
||||
|
||||
@PreAuthorize("hasAuthority('sys:merchantAccount:remove')")
|
||||
@ApiOperation("删除商户账号")
|
||||
@DeleteMapping("/{id}")
|
||||
public ApiResult<?> remove(@PathVariable("id") Integer id) {
|
||||
@@ -99,6 +134,7 @@ public class MerchantAccountController extends BaseController {
|
||||
return fail("删除失败");
|
||||
}
|
||||
|
||||
@PreAuthorize("hasAuthority('sys:merchantAccount:save')")
|
||||
@ApiOperation("批量添加商户账号")
|
||||
@PostMapping("/batch")
|
||||
public ApiResult<?> saveBatch(@RequestBody List<MerchantAccount> list) {
|
||||
@@ -108,6 +144,7 @@ public class MerchantAccountController extends BaseController {
|
||||
return fail("添加失败");
|
||||
}
|
||||
|
||||
@PreAuthorize("hasAuthority('sys:merchantAccount:update')")
|
||||
@ApiOperation("批量修改商户账号")
|
||||
@PutMapping("/batch")
|
||||
public ApiResult<?> removeBatch(@RequestBody BatchParam<MerchantAccount> batchParam) {
|
||||
@@ -117,6 +154,7 @@ public class MerchantAccountController extends BaseController {
|
||||
return fail("修改失败");
|
||||
}
|
||||
|
||||
@PreAuthorize("hasAuthority('sys:merchantAccount:remove')")
|
||||
@ApiOperation("批量删除商户账号")
|
||||
@DeleteMapping("/batch")
|
||||
public ApiResult<?> removeBatch(@RequestBody List<Integer> ids) {
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
package com.gxwebsoft.common.system.entity;
|
||||
|
||||
import cn.hutool.core.util.DesensitizedUtil;
|
||||
import com.baomidou.mybatisplus.annotation.*;
|
||||
import io.swagger.annotations.ApiModel;
|
||||
import io.swagger.annotations.ApiModelProperty;
|
||||
@@ -243,4 +244,11 @@ public class Company implements Serializable {
|
||||
@TableField(exist = false)
|
||||
private String password;
|
||||
|
||||
@ApiModelProperty("手机号(脱敏)")
|
||||
@TableField(exist = false)
|
||||
private String mobile;
|
||||
|
||||
public String getMobile() {
|
||||
return DesensitizedUtil.mobilePhone(this.phone);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -79,6 +79,10 @@ public class MerchantAccount implements Serializable {
|
||||
@TableField(exist = false)
|
||||
private String mobile;
|
||||
|
||||
@ApiModelProperty(value = "是否管理员")
|
||||
@TableField(exist = false)
|
||||
private Boolean isAdmin;
|
||||
|
||||
public String getMobile(){
|
||||
return DesensitizedUtil.mobilePhone(this.phone);
|
||||
}
|
||||
|
||||
@@ -140,21 +140,6 @@ public class User implements UserDetails {
|
||||
@ApiModelProperty("注册来源客户端")
|
||||
private String platform;
|
||||
|
||||
@ApiModelProperty("兴趣爱好")
|
||||
private String interest;
|
||||
|
||||
@ApiModelProperty("身高")
|
||||
private String height;
|
||||
|
||||
@ApiModelProperty("体重")
|
||||
private String weight;
|
||||
|
||||
@ApiModelProperty("学历")
|
||||
private String education;
|
||||
|
||||
@ApiModelProperty("月薪")
|
||||
private String monthlyPay;
|
||||
|
||||
@ApiModelProperty("是否下线会员")
|
||||
private Integer offline;
|
||||
|
||||
@@ -173,10 +158,6 @@ public class User implements UserDetails {
|
||||
@ApiModelProperty(value = "商户ID")
|
||||
private Integer merchantId;
|
||||
|
||||
@ApiModelProperty(value = "商户名称")
|
||||
@TableField(exist = false)
|
||||
private Integer merchantName;
|
||||
|
||||
@ApiModelProperty(value = "是否管理员")
|
||||
private Boolean isAdmin;
|
||||
|
||||
@@ -311,4 +292,8 @@ public class User implements UserDetails {
|
||||
return DesensitizedUtil.mobilePhone(this.phone);
|
||||
}
|
||||
|
||||
public String getIdCard(){
|
||||
return DesensitizedUtil.idCardNum(this.idCard,4,4);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -29,8 +29,7 @@
|
||||
c.dict_data_name sex_name,
|
||||
e.tenant_name,
|
||||
g.grade_id,g.name as gradeName,
|
||||
h.dealer_id,
|
||||
i.merchant_name
|
||||
h.dealer_id
|
||||
FROM sys_user a
|
||||
LEFT JOIN sys_organization b ON a.organization_id = b.organization_id
|
||||
LEFT JOIN (
|
||||
@@ -42,7 +41,6 @@
|
||||
LEFT JOIN sys_tenant e ON a.tenant_id = e.tenant_id
|
||||
LEFT JOIN sys_user_grade g ON a.grade_id = g.grade_id
|
||||
LEFT JOIN sys_user_referee h ON a.user_id = h.user_id and h.deleted = 0
|
||||
LEFT JOIN sys_merchant i ON a.merchant_id = i.merchant_id
|
||||
<where>
|
||||
<if test="param.userId != null">
|
||||
AND a.user_id = #{param.userId}
|
||||
|
||||
Reference in New Issue
Block a user