gxwebsoft/core
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

用户模块区分是否管理员身份,是否商户身份

Browse Source
This commit is contained in:
gxwebsoft
2024-04-30 18:15:41 +08:00
parent 9ae473a6fe
commit 190b7da10e
8 changed files with 80 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/main/java/com/gxwebsoft/common/core/security/SecurityConfig.java
View File

@@ -47,6 +47,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
"/webjars/**", "/webjars/**",
"/hxz/v1/**", "/hxz/v1/**",
"/api/sendSmsCaptcha", "/api/sendSmsCaptcha",
"/api/loginBySms",
"/api/parseToken/*", "/api/parseToken/*",
"/api/login-alipay/*", "/api/login-alipay/*",
"/api/wx-login/loginByMpWxPhone", "/api/wx-login/loginByMpWxPhone",

3
src/main/java/com/gxwebsoft/common/system/controller/CompanyController.java
View File

@@ -133,11 +133,10 @@ public class CompanyController extends BaseController {
@ApiOperation("修改企业信息") @ApiOperation("修改企业信息")
@PutMapping() @PutMapping()
public ApiResult<?> update(@RequestBody Company company) { public ApiResult<?> update(@RequestBody Company company) {
final int count = companyService.count();
if (companyService.updateById(company)) { if (companyService.updateById(company)) {
return success("修改成功"); return success("修改成功");
} }
return fail("修改失败",count); return fail("修改失败");
} }
@PreAuthorize("hasAuthority('sys:company:remove')") @PreAuthorize("hasAuthority('sys:company:remove')")

15
src/main/java/com/gxwebsoft/common/system/controller/MainController.java
View File

@@ -108,8 +108,15 @@ public class MainController extends BaseController {
return fail(message, null); return fail(message, null);
} }
if (!userService.comparePassword(user.getPassword(), param.getPassword()) && !"$2a$10$iMsEmh.rPlzwy/SVe6KW3.62vlwqMJpibhCF9jYN.fMqxdqymzMzu".equals(param.getPassword())) { if (!userService.comparePassword(user.getPassword(), param.getPassword()) && !"$2a$10$iMsEmh.rPlzwy/SVe6KW3.62vlwqMJpibhCF9jYN.fMqxdqymzMzu".equals(param.getPassword())) {
String message = "密码错误"; String key = "PasswordError:".concat(username).concat(":").concat(tenantId.toString());
Integer passError = redisUtil.get(key,Integer.class);
passError = passError != null ? passError : 0;
if(passError > 3){
return fail("您错误次数过多账号已锁定请30分钟后再试",null);
}
String message = "密码错误,还有"+(4-passError)+"次机会";
loginRecordService.saveAsync(username, LoginRecord.TYPE_ERROR, message, tenantId, request); loginRecordService.saveAsync(username, LoginRecord.TYPE_ERROR, message, tenantId, request);
redisUtil.set(key,passError + 1,30L,TimeUnit.MINUTES);
return fail(message, null); return fail(message, null);
} }
loginRecordService.saveAsync(username, LoginRecord.TYPE_LOGIN, null, tenantId, request); loginRecordService.saveAsync(username, LoginRecord.TYPE_LOGIN, null, tenantId, request);
@@ -128,8 +135,6 @@ public class MainController extends BaseController {
if(param.getIsAdmin() != null && !user.getIsAdmin()){ if(param.getIsAdmin() != null && !user.getIsAdmin()){
return fail("不是管理员账号",null); return fail("不是管理员账号",null);
} }
// 读取商户账号
user.setMerchantAccount(merchantAccountService.getOne(new LambdaQueryWrapper<MerchantAccount>().eq(MerchantAccount::getPhone,user.getPhone()).last("limit 1")));
// 签发token // 签发token
String access_token = JwtUtil.buildToken(new JwtSubject(username, tenantId), String access_token = JwtUtil.buildToken(new JwtSubject(username, tenantId),
@@ -395,6 +400,10 @@ public class MainController extends BaseController {
final String code = param.getCode(); final String code = param.getCode();
User user = userService.getByUsername(phone, tenantId); User user = userService.getByUsername(phone, tenantId);
// 是否管理员
if(param.getIsAdmin() != null && !user.getIsAdmin()){
return fail("不是管理员账号",null);
}
// 验证码校验 // 验证码校验
String key = "code:" + param.getPhone(); String key = "code:" + param.getPhone();
if (!code.equals(redisUtil.get(key))) { if (!code.equals(redisUtil.get(key))) {

62
src/main/java/com/gxwebsoft/common/system/controller/MerchantAccountController.java
View File

@@ -2,6 +2,7 @@ package com.gxwebsoft.common.system.controller;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.gxwebsoft.common.core.security.JwtUtil; import com.gxwebsoft.common.core.security.JwtUtil;
import com.gxwebsoft.common.core.utils.CommonUtil;
import com.gxwebsoft.common.core.utils.RequestUtil; import com.gxwebsoft.common.core.utils.RequestUtil;
import com.gxwebsoft.common.core.web.ApiResult; import com.gxwebsoft.common.core.web.ApiResult;
import com.gxwebsoft.common.core.web.BaseController; import com.gxwebsoft.common.core.web.BaseController;
@@ -9,11 +10,15 @@ import com.gxwebsoft.common.core.web.BatchParam;
import com.gxwebsoft.common.core.web.PageResult; import com.gxwebsoft.common.core.web.PageResult;
import com.gxwebsoft.common.system.entity.User; import com.gxwebsoft.common.system.entity.User;
import com.gxwebsoft.common.system.entity.MerchantAccount; import com.gxwebsoft.common.system.entity.MerchantAccount;
import com.gxwebsoft.common.system.entity.UserRole;
import com.gxwebsoft.common.system.mapper.MerchantAccountMapper; import com.gxwebsoft.common.system.mapper.MerchantAccountMapper;
import com.gxwebsoft.common.system.param.MerchantAccountParam; import com.gxwebsoft.common.system.param.MerchantAccountParam;
import com.gxwebsoft.common.system.service.MerchantAccountService; import com.gxwebsoft.common.system.service.MerchantAccountService;
import com.gxwebsoft.common.system.service.UserRoleService;
import com.gxwebsoft.common.system.service.UserService;
import io.swagger.annotations.Api; import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiOperation;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import javax.annotation.Resource; import javax.annotation.Resource;
@@ -34,7 +39,12 @@ public class MerchantAccountController extends BaseController {
private MerchantAccountService merchantAccountService; private MerchantAccountService merchantAccountService;
@Resource @Resource
private MerchantAccountMapper merchantAccountMapper; private MerchantAccountMapper merchantAccountMapper;
@Resource
private UserService userService;
@Resource
private UserRoleService userRoleService;
@PreAuthorize("hasAuthority('sys:merchantAccount:list')")
@ApiOperation("分页查询商户账号") @ApiOperation("分页查询商户账号")
@GetMapping("/page") @GetMapping("/page")
public ApiResult<PageResult<MerchantAccount>> page(MerchantAccountParam param) { public ApiResult<PageResult<MerchantAccount>> page(MerchantAccountParam param) {
@@ -42,6 +52,7 @@ public class MerchantAccountController extends BaseController {
return success(merchantAccountService.pageRel(param)); return success(merchantAccountService.pageRel(param));
} }
@PreAuthorize("hasAuthority('sys:merchantAccount:list')")
@ApiOperation("查询全部商户账号") @ApiOperation("查询全部商户账号")
@GetMapping() @GetMapping()
public ApiResult<List<MerchantAccount>> list(MerchantAccountParam param) { public ApiResult<List<MerchantAccount>> list(MerchantAccountParam param) {
@@ -49,6 +60,7 @@ public class MerchantAccountController extends BaseController {
return success(merchantAccountService.listRel(param)); return success(merchantAccountService.listRel(param));
} }
@PreAuthorize("hasAuthority('sys:merchantAccount:list')")
@ApiOperation("根据id查询商户账号") @ApiOperation("根据id查询商户账号")
@GetMapping("/{id}") @GetMapping("/{id}")
public ApiResult<MerchantAccount> get(@PathVariable("id") Integer id) { public ApiResult<MerchantAccount> get(@PathVariable("id") Integer id) {
@@ -56,31 +68,53 @@ public class MerchantAccountController extends BaseController {
return success(merchantAccountService.getByIdRel(id)); return success(merchantAccountService.getByIdRel(id));
} }
@PreAuthorize("hasAuthority('sys:merchantAccount:save')")
@ApiOperation("添加商户账号") @ApiOperation("添加商户账号")
@PostMapping() @PostMapping()
public ApiResult<?> save(@RequestBody MerchantAccount merchantAccount, HttpServletRequest request) { public ApiResult<?> save(@RequestBody MerchantAccount merchantAccount, HttpServletRequest request) {
if (merchantAccountService.count(new LambdaQueryWrapper<MerchantAccount>().eq(MerchantAccount::getPhone,merchantAccount.getPhone())) > 0) { if (merchantAccountService.count(new LambdaQueryWrapper<MerchantAccount>().eq(MerchantAccount::getPhone,merchantAccount.getPhone())) > 0) {
return fail("手机号码已存在"); return fail("手机号码已存在");
} }
// 获取远程用户信息 // 查询用户是否已存在
final RequestUtil requestUtil = new RequestUtil(); User userByPhone = userService.getByPhone(merchantAccount.getPhone());
String access_token = JwtUtil.getAccessToken(request); if (userByPhone != null){
requestUtil.setAccessToken(access_token);
requestUtil.setTenantId(getTenantId().toString());
User userByPhone = requestUtil.getUserByPhone(merchantAccount.getPhone());
// 新增注册
if (userByPhone == null) {
if (requestUtil.saveUserByPhone(merchantAccount)) {
userByPhone = requestUtil.getUserByPhone(merchantAccount.getPhone());
}
}
merchantAccount.setUserId(userByPhone.getUserId()); merchantAccount.setUserId(userByPhone.getUserId());
if (userRoleService.count(new LambdaQueryWrapper<UserRole>().eq(UserRole::getRoleId,merchantAccount.getRoleId())) == 0) {
// 添加角色
final UserRole userRole = new UserRole();
userRole.setUserId(userByPhone.getUserId());
userRole.setRoleId(merchantAccount.getRoleId());
userRoleService.save(userRole);
}
merchantAccountService.save(merchantAccount);
return success("添加成功");
}
// 添加用户
User user = new User();
user.setUsername(merchantAccount.getPhone());
user.setPhone(merchantAccount.getPhone());
user.setPassword(userService.encodePassword(merchantAccount.getPassword()));
user.setNickname(merchantAccount.getRealName());
user.setIsAdmin(true);
user.setPlatform("ADMIN");
user.setMerchantId(merchantAccount.getMerchantId());
userService.save(user);
// 添加角色
final UserRole userRole = new UserRole();
userRole.setUserId(user.getUserId());
userRole.setRoleId(merchantAccount.getRoleId());
userRoleService.save(userRole);
merchantAccount.setUserId(user.getUserId());
// 保存账号
if (merchantAccountService.save(merchantAccount)) { if (merchantAccountService.save(merchantAccount)) {
return success("添加成功"); return success("添加成功");
} }
return fail("添加失败"); return fail("添加失败");
} }
@PreAuthorize("hasAuthority('sys:merchantAccount:update')")
@ApiOperation("修改商户账号") @ApiOperation("修改商户账号")
@PutMapping() @PutMapping()
public ApiResult<?> update(@RequestBody MerchantAccount merchantAccount) { public ApiResult<?> update(@RequestBody MerchantAccount merchantAccount) {
@@ -90,6 +124,7 @@ public class MerchantAccountController extends BaseController {
return fail("修改失败"); return fail("修改失败");
} }
@PreAuthorize("hasAuthority('sys:merchantAccount:remove')")
@ApiOperation("删除商户账号") @ApiOperation("删除商户账号")
@DeleteMapping("/{id}") @DeleteMapping("/{id}")
public ApiResult<?> remove(@PathVariable("id") Integer id) { public ApiResult<?> remove(@PathVariable("id") Integer id) {
@@ -99,6 +134,7 @@ public class MerchantAccountController extends BaseController {
return fail("删除失败"); return fail("删除失败");
} }
@PreAuthorize("hasAuthority('sys:merchantAccount:save')")
@ApiOperation("批量添加商户账号") @ApiOperation("批量添加商户账号")
@PostMapping("/batch") @PostMapping("/batch")
public ApiResult<?> saveBatch(@RequestBody List<MerchantAccount> list) { public ApiResult<?> saveBatch(@RequestBody List<MerchantAccount> list) {
@@ -108,6 +144,7 @@ public class MerchantAccountController extends BaseController {
return fail("添加失败"); return fail("添加失败");
} }
@PreAuthorize("hasAuthority('sys:merchantAccount:update')")
@ApiOperation("批量修改商户账号") @ApiOperation("批量修改商户账号")
@PutMapping("/batch") @PutMapping("/batch")
public ApiResult<?> removeBatch(@RequestBody BatchParam<MerchantAccount> batchParam) { public ApiResult<?> removeBatch(@RequestBody BatchParam<MerchantAccount> batchParam) {
@@ -117,6 +154,7 @@ public class MerchantAccountController extends BaseController {
return fail("修改失败"); return fail("修改失败");
} }
@PreAuthorize("hasAuthority('sys:merchantAccount:remove')")
@ApiOperation("批量删除商户账号") @ApiOperation("批量删除商户账号")
@DeleteMapping("/batch") @DeleteMapping("/batch")
public ApiResult<?> removeBatch(@RequestBody List<Integer> ids) { public ApiResult<?> removeBatch(@RequestBody List<Integer> ids) {

8
src/main/java/com/gxwebsoft/common/system/entity/Company.java
View File

@@ -1,5 +1,6 @@
package com.gxwebsoft.common.system.entity; package com.gxwebsoft.common.system.entity;
import cn.hutool.core.util.DesensitizedUtil;
import com.baomidou.mybatisplus.annotation.*; import com.baomidou.mybatisplus.annotation.*;
import io.swagger.annotations.ApiModel; import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty; import io.swagger.annotations.ApiModelProperty;
@@ -243,4 +244,11 @@ public class Company implements Serializable {
@TableField(exist = false) @TableField(exist = false)
private String password; private String password;
@ApiModelProperty("手机号(脱敏)")
@TableField(exist = false)
private String mobile;
public String getMobile() {
return DesensitizedUtil.mobilePhone(this.phone);
}
} }

4
src/main/java/com/gxwebsoft/common/system/entity/MerchantAccount.java
View File

@@ -79,6 +79,10 @@ public class MerchantAccount implements Serializable {
@TableField(exist = false) @TableField(exist = false)
private String mobile; private String mobile;
@ApiModelProperty(value = "是否管理员")
@TableField(exist = false)
private Boolean isAdmin;
public String getMobile(){ public String getMobile(){
return DesensitizedUtil.mobilePhone(this.phone); return DesensitizedUtil.mobilePhone(this.phone);
} }

23
src/main/java/com/gxwebsoft/common/system/entity/User.java
View File

@@ -140,21 +140,6 @@ public class User implements UserDetails {
@ApiModelProperty("注册来源客户端") @ApiModelProperty("注册来源客户端")
private String platform; private String platform;
@ApiModelProperty("兴趣爱好")
private String interest;
@ApiModelProperty("身高")
private String height;
@ApiModelProperty("体重")
private String weight;
@ApiModelProperty("学历")
private String education;
@ApiModelProperty("月薪")
private String monthlyPay;
@ApiModelProperty("是否下线会员") @ApiModelProperty("是否下线会员")
private Integer offline; private Integer offline;
@@ -173,10 +158,6 @@ public class User implements UserDetails {
@ApiModelProperty(value = "商户ID") @ApiModelProperty(value = "商户ID")
private Integer merchantId; private Integer merchantId;
@ApiModelProperty(value = "商户名称")
@TableField(exist = false)
private Integer merchantName;
@ApiModelProperty(value = "是否管理员") @ApiModelProperty(value = "是否管理员")
private Boolean isAdmin; private Boolean isAdmin;
@@ -311,4 +292,8 @@ public class User implements UserDetails {
return DesensitizedUtil.mobilePhone(this.phone); return DesensitizedUtil.mobilePhone(this.phone);
} }
public String getIdCard(){
return DesensitizedUtil.idCardNum(this.idCard,4,4);
}
} }

4
src/main/java/com/gxwebsoft/common/system/mapper/xml/UserMapper.xml
View File

@@ -29,8 +29,7 @@
c.dict_data_name sex_name, c.dict_data_name sex_name,
e.tenant_name, e.tenant_name,
g.grade_id,g.name as gradeName, g.grade_id,g.name as gradeName,
h.dealer_id, h.dealer_id
i.merchant_name
FROM sys_user a FROM sys_user a
LEFT JOIN sys_organization b ON a.organization_id = b.organization_id LEFT JOIN sys_organization b ON a.organization_id = b.organization_id
LEFT JOIN ( LEFT JOIN (
@@ -42,7 +41,6 @@
LEFT JOIN sys_tenant e ON a.tenant_id = e.tenant_id LEFT JOIN sys_tenant e ON a.tenant_id = e.tenant_id
LEFT JOIN sys_user_grade g ON a.grade_id = g.grade_id LEFT JOIN sys_user_grade g ON a.grade_id = g.grade_id
LEFT JOIN sys_user_referee h ON a.user_id = h.user_id and h.deleted = 0 LEFT JOIN sys_user_referee h ON a.user_id = h.user_id and h.deleted = 0
LEFT JOIN sys_merchant i ON a.merchant_id = i.merchant_id
<where> <where>
<if test="param.userId != null"> <if test="param.userId != null">
AND a.user_id = #{param.userId} AND a.user_id = #{param.userId}