ContiNew/continew-admin
1
1
Fork 0
mirror of https://github.com/continew-org/continew-admin.git synced 2025-10-28 16:57:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(system/user): 修复用户管理水平越权错误

Browse Source
This commit is contained in:
Charles7c
2025-05-06 22:38:48 +08:00
parent 588bc7ef0a
commit 5bc657ad88
2 changed files with 17 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
continew-module-system/src/main/java/top/continew/admin/system/service/UserService.java
View File

@@ -85,9 +85,8 @@ public interface UserService extends BaseService<UserResp, UserDetailResp, UserQ
* @param avatar 头像文件 * @param avatar 头像文件
* @param id ID * @param id ID
* @return 新头像路径 * @return 新头像路径
* @throws IOException /
*/ */
String updateAvatar(MultipartFile avatar, Long id) throws IOException; String updateAvatar(MultipartFile avatar, Long id);
/** /**
* 修改基础信息 * 修改基础信息

20
continew-module-system/src/main/java/top/continew/admin/system/service/impl/UserServiceImpl.java
View File

@@ -169,7 +169,7 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, UserDO, UserRes
DisEnableStatusEnum newStatus = req.getStatus(); DisEnableStatusEnum newStatus = req.getStatus();
CheckUtils.throwIf(DisEnableStatusEnum.DISABLE.equals(newStatus) && ObjectUtil.equal(id, UserContextHolder CheckUtils.throwIf(DisEnableStatusEnum.DISABLE.equals(newStatus) && ObjectUtil.equal(id, UserContextHolder
.getUserId()), "不允许禁用当前用户"); .getUserId()), "不允许禁用当前用户");
UserDO oldUser = super.getById(id); UserDO oldUser = this.getById(id);
if (Boolean.TRUE.equals(oldUser.getIsSystem())) { if (Boolean.TRUE.equals(oldUser.getIsSystem())) {
CheckUtils.throwIfEqual(DisEnableStatusEnum.DISABLE, newStatus, "[{}] 是系统内置用户,不允许禁用", oldUser CheckUtils.throwIfEqual(DisEnableStatusEnum.DISABLE, newStatus, "[{}] 是系统内置用户,不允许禁用", oldUser
.getNickname()); .getNickname());
@@ -370,7 +370,7 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, UserDO, UserRes
@Override @Override
public void resetPassword(UserPasswordResetReq req, Long id) { public void resetPassword(UserPasswordResetReq req, Long id) {
super.getById(id); this.getById(id);
baseMapper.lambdaUpdate() baseMapper.lambdaUpdate()
.set(UserDO::getPassword, req.getNewPassword()) .set(UserDO::getPassword, req.getNewPassword())
.set(UserDO::getPwdResetTime, LocalDateTime.now()) .set(UserDO::getPwdResetTime, LocalDateTime.now())
@@ -380,7 +380,7 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, UserDO, UserRes
@Override @Override
public void updateRole(UserRoleUpdateReq updateReq, Long id) { public void updateRole(UserRoleUpdateReq updateReq, Long id) {
super.getById(id); this.getById(id);
List<Long> roleIds = updateReq.getRoleIds(); List<Long> roleIds = updateReq.getRoleIds();
// 保存用户和角色关联 // 保存用户和角色关联
userRoleService.assignRolesToUser(roleIds, id); userRoleService.assignRolesToUser(roleIds, id);
@@ -389,7 +389,7 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, UserDO, UserRes
} }
@Override @Override
public String updateAvatar(MultipartFile avatarFile, Long id) throws IOException { public String updateAvatar(MultipartFile avatarFile, Long id) {
String avatarImageType = FileNameUtil.extName(avatarFile.getOriginalFilename()); String avatarImageType = FileNameUtil.extName(avatarFile.getOriginalFilename());
CheckUtils.throwIf(!StrUtil.equalsAnyIgnoreCase(avatarImageType, avatarSupportSuffix), "头像仅支持 {} 格式的图片", String CheckUtils.throwIf(!StrUtil.equalsAnyIgnoreCase(avatarImageType, avatarSupportSuffix), "头像仅支持 {} 格式的图片", String
.join(StringConstants.CHINESE_COMMA, avatarSupportSuffix)); .join(StringConstants.CHINESE_COMMA, avatarSupportSuffix));
@@ -731,4 +731,16 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, UserDO, UserRes
UserContextHolder.setContext(userContext); UserContextHolder.setContext(userContext);
} }
} }
/**
* 根据 ID 获取用户信息(数据权限)
*
* @param id ID
* @return 用户信息
*/
private UserDO getById(Long id) {
UserDO user = baseMapper.lambdaQuery().eq(UserDO::getId, id).one();
CheckUtils.throwIfNull(user, "用户不存在");
return user;
}
} }