Bläddra i källkod

修改密码接口改为只改密码字段,只有管理员和超级管理员能修改他人密码

yzc 1 år sedan
förälder
incheckning
d4713c0c07

+ 3 - 2
hx-base/src/main/java/com/fjhx/base/system/SysProfileController.java

@@ -84,7 +84,7 @@ public class SysProfileController extends BaseController {
      * 重置密码
      */
     @Log(title = "个人信息", businessType = BusinessType.UPDATE)
-    @PutMapping("/updatePwd")
+//    @PutMapping("/updatePwd")
     public AjaxResult updatePwd(String oldPassword, String newPassword) {
         LoginUser loginUser = getLoginUser();
         String userName = loginUser.getUsername();
@@ -95,7 +95,8 @@ public class SysProfileController extends BaseController {
         if (SecurityUtils.matchesPassword(newPassword, password)) {
             return error("新密码不能与旧密码相同");
         }
-        if (userService.resetUserPwd(userName, SecurityUtils.encryptPassword(newPassword)) > 0) {
+//        if (userService.resetUserPwd(userName, SecurityUtils.encryptPassword(newPassword)) > 0) {
+        if (userService.resetUserPwdById(loginUser.getUserId(), SecurityUtils.encryptPassword(newPassword)) > 0) {
             // 更新缓存用户密码
             loginUser.getUser().setPassword(SecurityUtils.encryptPassword(newPassword));
             tokenService.setLoginUser(loginUser);

+ 1 - 1
hx-base/src/main/java/com/fjhx/base/system/SysUserController.java

@@ -164,7 +164,7 @@ public class SysUserController extends BaseController {
      */
     // @PreAuthorize("@ss.hasPermi('system:user:resetPwd')")
     @Log(title = "用户管理", businessType = BusinessType.UPDATE)
-    @PutMapping("/resetPwd")
+//    @PutMapping("/resetPwd")
     public AjaxResult resetPwd(@RequestBody SysUser user) {
         userService.checkUserAllowed(user);
         userService.checkUserDataScope(user.getUserId());

+ 1 - 1
hx-tenant/src/main/java/com/fjhx/tenant/controller/tenant/UserTenantController.java

@@ -107,7 +107,7 @@ public class UserTenantController extends BaseController {
     /**
      * 重置密码
      */
-    @PutMapping("/resetPwd")
+//    @PutMapping("/resetPwd")
     public void resetPwd(@RequestBody SysUser user) {
         userService.checkUserAllowed(user);
         userService.checkUserDataScope(user.getUserId());

+ 5 - 0
ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysUserMapper.java

@@ -135,4 +135,9 @@ public interface SysUserMapper extends BaseMapper<SysUser> {
 
     List<SysRole> getRoleByUserIdList(@Param("userIdList") List<Long> userIdList);
 
+    /**
+     * 根据用户id修改用户密码
+     */
+    public int updateUserPwdById(@Param("userId") Long userId, @Param("password") String password);
+
 }

+ 5 - 0
ruoyi-system/src/main/java/com/ruoyi/system/service/ISysUserService.java

@@ -171,6 +171,11 @@ public interface ISysUserService extends IService<SysUser> {
     public int resetPwd(SysUser user);
 
     /**
+     * 根据用户id修改用户密码
+     */
+    int resetUserPwdById(Long userId, String password);
+
+    /**
      * 重置用户密码
      *
      * @param userName 用户名

+ 18 - 2
ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java

@@ -239,6 +239,12 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
             if (StringUtils.isEmpty(users)) {
                 throw new ServiceException("没有权限访问用户数据!");
             }
+            //检查登录用户角色 是否是管理员
+            List<SysRole> roleByUserIdList = userMapper.getRoleByUserIdList(Arrays.asList(SecurityUtils.getUserId()));
+            List<String> roleKeyList = roleByUserIdList.stream().map(SysRole::getRoleKey).collect(Collectors.toList());
+            if (!roleKeyList.contains("admin")) {
+                throw new ServiceException("没有权限访问用户数据!");
+            }
         }
     }
 
@@ -348,7 +354,16 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
      */
     @Override
     public int resetPwd(SysUser user) {
-        return userMapper.updateUser(user);
+//        return userMapper.updateUser(user);
+        return resetUserPwdById(user.getUserId(), user.getPassword());
+    }
+
+    /**
+     * 根据用户id修改用户密码
+     */
+    @Override
+    public int resetUserPwdById(Long userId, String password) {
+        return userMapper.updateUserPwdById(userId, password);
     }
 
     /**
@@ -564,6 +579,7 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
 
     /**
      * 获取用户信息
+     *
      * @return
      */
     @Override
@@ -571,7 +587,7 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
         DynamicDataSourceContextHolder.push(BaseSourceConstant.BASE);
         SysUser sysUser = getById(SecurityUtils.getUserId());
         DynamicDataSourceContextHolder.poll();
-        if(ObjectUtil.isEmpty(sysUser)){
+        if (ObjectUtil.isEmpty(sysUser)) {
             throw new ServiceException("用户异常");
         }
         return sysUser;

+ 5 - 1
ruoyi-system/src/main/resources/mapper/system/SysUserMapper.xml

@@ -362,7 +362,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
 	<update id="resetUserPwd" parameterType="SysUser">
  		update sys_user set password = #{password} where user_name = #{userName}
 	</update>
-	
+
 	<delete id="deleteUserById" parameterType="Long">
  		update sys_user set del_flag = '2' where user_id = #{userId}
  	</delete>
@@ -373,5 +373,9 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
  			#{userId}
         </foreach> 
  	</delete>
+
+	<update id="updateUserPwdById">
+		update sys_user set password = #{password} where user_id = #{userId}
+	</update>
 	
 </mapper>