From d9411a6692197efabcf132d61c051e51cb85e219 Mon Sep 17 00:00:00 2001
From: Junjie <fallin.jie@qq.com>
Date: 星期三, 11 三月 2026 13:33:36 +0800
Subject: [PATCH] #

---
 src/main/java/com/zy/system/controller/UserController.java |  138 ++++++++++++++++++++++++++++++++++++++++++---
 1 files changed, 127 insertions(+), 11 deletions(-)

diff --git a/src/main/java/com/zy/system/controller/UserController.java b/src/main/java/com/zy/system/controller/UserController.java
index 340d7fe..9cad12b 100644
--- a/src/main/java/com/zy/system/controller/UserController.java
+++ b/src/main/java/com/zy/system/controller/UserController.java
@@ -2,15 +2,19 @@
 
 import com.alibaba.fastjson.JSONObject;
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
+import com.baomidou.mybatisplus.core.conditions.update.UpdateWrapper;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import com.core.annotations.ManagerAuth;
 import com.core.common.Cools;
 import com.core.common.DateUtils;
 import com.core.common.R;
+import com.zy.common.i18n.I18nMessageService;
 import com.zy.common.web.BaseController;
 import com.zy.system.entity.Role;
 import com.zy.system.entity.User;
+import com.zy.system.entity.UserLogin;
 import com.zy.system.service.RoleService;
+import com.zy.system.service.UserLoginService;
 import com.zy.system.service.UserService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
@@ -24,11 +28,17 @@
     private UserService userService;
     @Autowired
     private RoleService roleService;
+    @Autowired
+    private UserLoginService userLoginService;
+    @Autowired
+    private I18nMessageService i18nMessageService;
 
     @RequestMapping(value = "/user/{id}/auth")
     @ManagerAuth
     public R get(@PathVariable("id") Long id) {
-        return R.ok(userService.getById(String.valueOf(id)));
+        User user = userService.getById(String.valueOf(id));
+        sanitizeUser(user);
+        return R.ok(user);
     }
 
     @RequestMapping(value = "/user/list/auth")
@@ -42,8 +52,11 @@
         QueryWrapper<User> wrapper = new QueryWrapper<>();
         convert(param, wrapper);
         wrapper.orderBy(true, false, "id");
+        Page<User> page;
         if (9527 == getUserId()) {
-            return R.ok(userService.page(new Page<>(curr, limit), wrapper));
+            page = userService.page(new Page<>(curr, limit), wrapper);
+            sanitizeUsers(page.getRecords());
+            return R.ok(page);
         }
 
         Long roleId = getUser().getRoleId();
@@ -60,7 +73,9 @@
             wrapper.notIn("role_id", leaderIds);
         }
 
-        return R.ok(userService.page(new Page<>(curr, limit), wrapper));
+        page = userService.page(new Page<>(curr, limit), wrapper);
+        sanitizeUsers(page.getRecords());
+        return R.ok(page);
     }
 
     private void convert(Map<String, Object> map, QueryWrapper wrapper){
@@ -82,16 +97,17 @@
             return R.error();
         }
         if (null == user.getId()){
+            normalizeNewUser(user);
             userService.save(user);
-        } else {
-            userService.updateById(user);
+            return R.ok();
         }
-        return R.ok();
+        return update(user);
     }
 
     @RequestMapping(value = "/user/add/auth")
     @ManagerAuth(memo = "绯荤粺鐢ㄦ埛娣诲姞")
     public R add(User user) {
+        normalizeNewUser(user);
         userService.save(user);
         return R.ok();
     }
@@ -103,19 +119,83 @@
             return R.error();
         }
         User entity = userService.getById(user.getId());
+        if (Cools.isEmpty(entity)) {
+            return new R(10001, i18nMessageService.getMessage("response.user.notFound"));
+        }
+        UpdateWrapper<User> wrapper = new UpdateWrapper<>();
+        wrapper.eq("id", entity.getId());
+        boolean needUpdate = false;
         if (user.getPassword()!=null) {
-            entity.setPassword(user.getPassword());
+            wrapper.set("password", user.getPassword());
+            needUpdate = true;
         }
         if (user.getUsername()!=null) {
-            entity.setUsername(user.getUsername());
+            wrapper.set("username", user.getUsername());
+            needUpdate = true;
         }
         if (user.getMobile()!=null) {
-            entity.setMobile(user.getMobile());
+            wrapper.set("mobile", user.getMobile());
+            needUpdate = true;
         }
         if (user.getRoleId() !=null) {
-            entity.setRoleId(user.getRoleId());
+            wrapper.set("role_id", user.getRoleId());
+            needUpdate = true;
         }
-        userService.updateById(entity);
+        if (user.getStatus() != null) {
+            wrapper.set("status", user.getStatus());
+            needUpdate = true;
+        }
+        if (user.getMfaAllow() != null) {
+            int mfaAllow = normalizeMfaAllow(user.getMfaAllow());
+            wrapper.set("mfa_allow", mfaAllow);
+            if (mfaAllow != 1) {
+                wrapper.set("mfa_enabled", 0);
+                wrapper.set("mfa_secret", null);
+                wrapper.set("mfa_bound_time", null);
+            }
+            needUpdate = true;
+        }
+        if (!needUpdate) {
+            return R.ok();
+        }
+        userService.update(wrapper);
+        return R.ok();
+    }
+
+    @RequestMapping(value = "/user/password/update/auth")
+    @ManagerAuth(memo = "绯荤粺鐢ㄦ埛淇敼瀵嗙爜")
+    public R updatePassword(String oldPassword, String password) {
+        if (Cools.isEmpty(oldPassword, password)) {
+            return R.error();
+        }
+        User user = userService.getById(getUserId());
+        if (Cools.isEmpty(user)) {
+            return new R(10001, i18nMessageService.getMessage("response.user.notFound"));
+        }
+        if (!Cools.eq(user.getPassword(), oldPassword)) {
+            return new R(10008, i18nMessageService.getMessage("response.user.oldPasswordMismatch"));
+        }
+        userService.update(new UpdateWrapper<User>()
+                .eq("id", user.getId())
+                .set("password", password));
+        userLoginService.remove(new QueryWrapper<UserLogin>().eq("user_id", user.getId()).eq("system_type", "WCS"));
+        return R.ok();
+    }
+
+    @RequestMapping(value = "/user/resetPassword/auth")
+    @ManagerAuth(memo = "绯荤粺鐢ㄦ埛閲嶇疆瀵嗙爜")
+    public R resetPassword(Long id, String password) {
+        if (id == null || Cools.isEmpty(password)) {
+            return R.error();
+        }
+        User user = userService.getById(id);
+        if (Cools.isEmpty(user)) {
+            return new R(10001, i18nMessageService.getMessage("response.user.notFound"));
+        }
+        userService.update(new UpdateWrapper<User>()
+                .eq("id", id)
+                .set("password", password));
+        userLoginService.remove(new QueryWrapper<UserLogin>().eq("user_id", id).eq("system_type", "WCS"));
         return R.ok();
     }
 
@@ -155,4 +235,40 @@
         return R.ok(result);
     }
 
+    private void normalizeNewUser(User user) {
+        if (Cools.isEmpty(user)) {
+            return;
+        }
+        int mfaAllow = normalizeMfaAllow(user.getMfaAllow());
+        user.setMfaAllow(mfaAllow);
+        if (mfaAllow != 1) {
+            user.setMfaEnabled(0);
+            user.setMfaSecret(null);
+            user.setMfaBoundTime(null);
+        } else if (user.getMfaEnabled() == null) {
+            user.setMfaEnabled(0);
+        }
+    }
+
+    private int normalizeMfaAllow(Integer mfaAllow) {
+        return Integer.valueOf(1).equals(mfaAllow) ? 1 : 0;
+    }
+
+    private void sanitizeUsers(List<User> users) {
+        if (users == null) {
+            return;
+        }
+        for (User user : users) {
+            sanitizeUser(user);
+        }
+    }
+
+    private void sanitizeUser(User user) {
+        if (user == null) {
+            return;
+        }
+        user.setPassword(null);
+        user.setMfaSecret(null);
+    }
+
 }

--
Gitblit v1.9.1