package com.zy.system.controller; import com.alibaba.fastjson.JSONObject; import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; import com.baomidou.mybatisplus.core.conditions.update.UpdateWrapper; import com.baomidou.mybatisplus.extension.plugins.pagination.Page; import com.core.annotations.ManagerAuth; import com.core.common.Cools; import com.core.common.DateUtils; import com.core.common.R; import com.zy.common.i18n.I18nMessageService; import com.zy.common.web.BaseController; import com.zy.system.entity.Role; import com.zy.system.entity.User; import com.zy.system.entity.UserLogin; import com.zy.system.service.RoleService; import com.zy.system.service.UserLoginService; import com.zy.system.service.UserService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.*; import java.util.*; @RestController public class UserController extends BaseController { @Autowired private UserService userService; @Autowired private RoleService roleService; @Autowired private UserLoginService userLoginService; @Autowired private I18nMessageService i18nMessageService; @RequestMapping(value = "/user/{id}/auth") @ManagerAuth public R get(@PathVariable("id") Long id) { User user = userService.getById(String.valueOf(id)); sanitizeUser(user); return R.ok(user); } @RequestMapping(value = "/user/list/auth") @ManagerAuth public R list(@RequestParam(defaultValue = "1")Integer curr, @RequestParam(defaultValue = "10")Integer limit, @RequestParam(required = false)String orderByField, @RequestParam(required = false)String orderByType, @RequestParam Map param){ excludeTrash(param); QueryWrapper wrapper = new QueryWrapper<>(); convert(param, wrapper); wrapper.orderBy(true, false, "id"); Page page; if (9527 == getUserId()) { page = userService.page(new Page<>(curr, limit), wrapper); sanitizeUsers(page.getRecords()); return R.ok(page); } Long roleId = getUser().getRoleId(); Role role = roleService.getById(roleId); Long leaderId = role.getLeader(); if (null != leaderId) { List leaderIds = new ArrayList<>(); leaderIds.add(role.getId()); while (leaderId != null) { Role leader = roleService.getById(leaderId); leaderIds.add(leader.getId()); leaderId = leader.getLeader(); } wrapper.notIn("role_id", leaderIds); } page = userService.page(new Page<>(curr, limit), wrapper); sanitizeUsers(page.getRecords()); return R.ok(page); } private void convert(Map map, QueryWrapper wrapper){ for (Map.Entry entry : map.entrySet()){ if (entry.getKey().endsWith(">")) { wrapper.ge(Cools.deleteChar(entry.getKey()), DateUtils.convert(String.valueOf(entry.getValue()))); } else if (entry.getKey().endsWith("<")) { wrapper.le(Cools.deleteChar(entry.getKey()), DateUtils.convert(String.valueOf(entry.getValue()))); } else { wrapper.like(entry.getKey(), String.valueOf(entry.getValue())); } } } @RequestMapping(value = "/user/edit/auth") @ManagerAuth(memo = "系统用户编辑") public R edit(User user) { if (Cools.isEmpty(user)){ return R.error(); } if (null == user.getId()){ normalizeNewUser(user); userService.save(user); return R.ok(); } return update(user); } @RequestMapping(value = "/user/add/auth") @ManagerAuth(memo = "系统用户添加") public R add(User user) { normalizeNewUser(user); userService.save(user); return R.ok(); } @RequestMapping(value = "/user/update/auth") @ManagerAuth(memo = "系统用户修改") public R update(User user){ if (Cools.isEmpty(user) || null==user.getId()){ return R.error(); } User entity = userService.getById(user.getId()); if (Cools.isEmpty(entity)) { return new R(10001, i18nMessageService.getMessage("response.user.notFound")); } UpdateWrapper wrapper = new UpdateWrapper<>(); wrapper.eq("id", entity.getId()); boolean needUpdate = false; if (user.getPassword()!=null) { wrapper.set("password", user.getPassword()); needUpdate = true; } if (user.getUsername()!=null) { wrapper.set("username", user.getUsername()); needUpdate = true; } if (user.getMobile()!=null) { wrapper.set("mobile", user.getMobile()); needUpdate = true; } if (user.getRoleId() !=null) { wrapper.set("role_id", user.getRoleId()); needUpdate = true; } if (user.getStatus() != null) { wrapper.set("status", user.getStatus()); needUpdate = true; } if (user.getMfaAllow() != null) { int mfaAllow = normalizeMfaAllow(user.getMfaAllow()); wrapper.set("mfa_allow", mfaAllow); if (mfaAllow != 1) { wrapper.set("mfa_enabled", 0); wrapper.set("mfa_secret", null); wrapper.set("mfa_bound_time", null); } needUpdate = true; } if (!needUpdate) { return R.ok(); } userService.update(wrapper); return R.ok(); } @RequestMapping(value = "/user/password/update/auth") @ManagerAuth(memo = "系统用户修改密码") public R updatePassword(String oldPassword, String password) { if (Cools.isEmpty(oldPassword, password)) { return R.error(); } User user = userService.getById(getUserId()); if (Cools.isEmpty(user)) { return new R(10001, i18nMessageService.getMessage("response.user.notFound")); } if (!Cools.eq(user.getPassword(), oldPassword)) { return new R(10008, i18nMessageService.getMessage("response.user.oldPasswordMismatch")); } userService.update(new UpdateWrapper() .eq("id", user.getId()) .set("password", password)); userLoginService.remove(new QueryWrapper().eq("user_id", user.getId()).eq("system_type", "WCS")); return R.ok(); } @RequestMapping(value = "/user/resetPassword/auth") @ManagerAuth(memo = "系统用户重置密码") public R resetPassword(Long id, String password) { if (id == null || Cools.isEmpty(password)) { return R.error(); } User user = userService.getById(id); if (Cools.isEmpty(user)) { return new R(10001, i18nMessageService.getMessage("response.user.notFound")); } userService.update(new UpdateWrapper() .eq("id", id) .set("password", password)); userLoginService.remove(new QueryWrapper().eq("user_id", id).eq("system_type", "WCS")); return R.ok(); } @RequestMapping(value = "/user/delete/auth") @ManagerAuth(memo = "系统用户删除") public R delete(@RequestParam(value="ids[]") Long[] ids){ for (Long id : ids){ userService.removeById(id); } return R.ok(); } @RequestMapping(value = "/user/export/auth") @ManagerAuth(memo = "系统用户导出") public R export(@RequestBody JSONObject param){ List fields = JSONObject.parseArray(param.getJSONArray("fields").toJSONString(), String.class); QueryWrapper wrapper = new QueryWrapper<>(); Map map = excludeTrash(param.getJSONObject("user")); convert(map, wrapper); List list = userService.list(wrapper); return R.ok(exportSupport(list, fields)); } @RequestMapping(value = "/userQuery/auth") @ManagerAuth public R query(String condition) { QueryWrapper wrapper = new QueryWrapper<>(); wrapper.like("username", condition); Page page = userService.page(new Page<>(0, 10), wrapper); List> result = new ArrayList<>(); for (User user : page.getRecords()){ Map map = new HashMap<>(); map.put("id", user.getId()); map.put("value", user.getUsername()); result.add(map); } return R.ok(result); } private void normalizeNewUser(User user) { if (Cools.isEmpty(user)) { return; } int mfaAllow = normalizeMfaAllow(user.getMfaAllow()); user.setMfaAllow(mfaAllow); if (mfaAllow != 1) { user.setMfaEnabled(0); user.setMfaSecret(null); user.setMfaBoundTime(null); } else if (user.getMfaEnabled() == null) { user.setMfaEnabled(0); } } private int normalizeMfaAllow(Integer mfaAllow) { return Integer.valueOf(1).equals(mfaAllow) ? 1 : 0; } private void sanitizeUsers(List users) { if (users == null) { return; } for (User user : users) { sanitizeUser(user); } } private void sanitizeUser(User user) { if (user == null) { return; } user.setPassword(null); user.setMfaSecret(null); user.setPasskeyCredentialId(null); user.setPasskeyPublicKey(null); user.setPasskeyAlgorithm(null); user.setPasskeySignCount(null); user.setPasskeyTransports(null); } }