package com.oying.modules.system.rest; import cn.hutool.core.collection.CollectionUtil; import com.baomidou.mybatisplus.extension.plugins.pagination.Page; import com.oying.modules.system.domain.Dept; import com.oying.modules.system.domain.Role; import com.oying.modules.system.domain.User; import com.oying.modules.system.domain.dto.UserPassVo; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import lombok.RequiredArgsConstructor; import com.oying.utils.PageResult; import com.oying.utils.PageUtil; import com.oying.utils.RsaUtils; import com.oying.utils.SecurityUtils; import com.oying.annotation.Log; import com.oying.config.properties.RsaProperties; import com.oying.modules.system.service.DataService; import com.oying.exception.BadRequestException; import com.oying.modules.system.service.DeptService; import com.oying.modules.system.service.RoleService; import com.oying.modules.system.domain.dto.UserQueryCriteria; import com.oying.modules.system.service.VerifyService; import com.oying.modules.system.service.UserService; import com.oying.utils.enums.CodeEnum; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.util.CollectionUtils; import org.springframework.util.ObjectUtils; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.*; import org.springframework.web.multipart.MultipartFile; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.util.*; import java.util.stream.Collectors; /** * @author Z * @date 2018-11-23 */ @Api(tags = "系统:用户管理") @RestController @RequestMapping("/api/users") @RequiredArgsConstructor public class UserController { private final PasswordEncoder passwordEncoder; private final UserService userService; private final DataService dataService; private final DeptService deptService; private final RoleService roleService; private final VerifyService verificationCodeService; @ApiOperation("导出用户数据") @GetMapping(value = "/download") @PreAuthorize("@el.check('user:list')") public void exportUser(HttpServletResponse response, UserQueryCriteria criteria) throws IOException { userService.download(userService.queryAll(criteria), response); } @ApiOperation("查询用户") @GetMapping @PreAuthorize("@el.check('user:list')") public ResponseEntity> queryUser(UserQueryCriteria criteria){ Page page = new Page<>(criteria.getPage(), criteria.getSize()); if (!ObjectUtils.isEmpty(criteria.getDeptId())) { criteria.getDeptIds().add(criteria.getDeptId()); // 先查找是否存在子节点 List data = deptService.findByPid(criteria.getDeptId()); // 然后把子节点的ID都加入到集合中 criteria.getDeptIds().addAll(deptService.getDeptChildren(data)); } // 数据权限 List dataScopes = dataService.getDeptIds(userService.findByName(SecurityUtils.getCurrentUsername())); // criteria.getDeptIds() 不为空并且数据权限不为空则取交集 if (!CollectionUtils.isEmpty(criteria.getDeptIds()) && !CollectionUtils.isEmpty(dataScopes)){ // 取交集 criteria.getDeptIds().retainAll(dataScopes); if(!CollectionUtil.isEmpty(criteria.getDeptIds())){ return new ResponseEntity<>(userService.queryAll(criteria,page),HttpStatus.OK); } } else { // 否则取并集 criteria.getDeptIds().addAll(dataScopes); return new ResponseEntity<>(userService.queryAll(criteria,page),HttpStatus.OK); } return new ResponseEntity<>(PageUtil.noData(),HttpStatus.OK); } @Log("新增用户") @ApiOperation("新增用户") @PostMapping @PreAuthorize("@el.check('user:add')") public ResponseEntity createUser(@Validated @RequestBody User resources){ checkLevel(resources); // 默认密码 123456 resources.setPassword(passwordEncoder.encode("123456")); userService.create(resources); return new ResponseEntity<>(HttpStatus.CREATED); } @Log("修改用户") @ApiOperation("修改用户") @PutMapping @PreAuthorize("@el.check('user:edit')") public ResponseEntity updateUser(@Validated(User.Update.class) @RequestBody User resources) throws Exception { checkLevel(resources); userService.update(resources); return new ResponseEntity<>(HttpStatus.NO_CONTENT); } @Log("修改用户:个人中心") @ApiOperation("修改用户:个人中心") @PutMapping(value = "center") public ResponseEntity centerUser(@Validated(User.Update.class) @RequestBody User resources){ if(!resources.getId().equals(SecurityUtils.getCurrentUserId())){ throw new BadRequestException("不能修改他人资料"); } userService.updateCenter(resources); return new ResponseEntity<>(HttpStatus.NO_CONTENT); } @Log("删除用户") @ApiOperation("删除用户") @DeleteMapping @PreAuthorize("@el.check('user:del')") public ResponseEntity deleteUser(@RequestBody Set ids){ for (Long id : ids) { Integer currentLevel = Collections.min(roleService.findByUsersId(SecurityUtils.getCurrentUserId()).stream().map(Role::getLevel).collect(Collectors.toList())); Integer optLevel = Collections.min(roleService.findByUsersId(id).stream().map(Role::getLevel).collect(Collectors.toList())); if (currentLevel > optLevel) { throw new BadRequestException("角色权限不足,不能删除:" + userService.findById(id).getUsername()); } } userService.delete(ids); return new ResponseEntity<>(HttpStatus.OK); } @ApiOperation("修改密码") @PostMapping(value = "/updatePass") public ResponseEntity updateUserPass(@RequestBody UserPassVo passVo) throws Exception { String oldPass = RsaUtils.decryptByPrivateKey(RsaProperties.privateKey,passVo.getOldPass()); String newPass = RsaUtils.decryptByPrivateKey(RsaProperties.privateKey,passVo.getNewPass()); User user = userService.findByName(SecurityUtils.getCurrentUsername()); if(!passwordEncoder.matches(oldPass, user.getPassword())){ throw new BadRequestException("修改失败,旧密码错误"); } if(passwordEncoder.matches(newPass, user.getPassword())){ throw new BadRequestException("新密码不能与旧密码相同"); } userService.updatePass(user.getUsername(),passwordEncoder.encode(newPass)); return new ResponseEntity<>(HttpStatus.OK); } @ApiOperation("重置密码") @PutMapping(value = "/resetPwd") public ResponseEntity resetPwd(@RequestBody Set ids) { String pwd = passwordEncoder.encode("123456"); userService.resetPwd(ids, pwd); return new ResponseEntity<>(HttpStatus.OK); } @ApiOperation("修改头像") @PostMapping(value = "/updateAvatar") public ResponseEntity updateUserAvatar(@RequestParam MultipartFile avatar){ return new ResponseEntity<>(userService.updateAvatar(avatar), HttpStatus.OK); } @Log("修改邮箱") @ApiOperation("修改邮箱") @PostMapping(value = "/updateEmail/{code}") public ResponseEntity updateUserEmail(@PathVariable String code, @RequestBody User resources) throws Exception { String password = RsaUtils.decryptByPrivateKey(RsaProperties.privateKey,resources.getPassword()); User user = userService.findByName(SecurityUtils.getCurrentUsername()); if(!passwordEncoder.matches(password, user.getPassword())){ throw new BadRequestException("密码错误"); } verificationCodeService.validated(CodeEnum.EMAIL_RESET_EMAIL_CODE.getKey() + resources.getEmail(), code); userService.updateEmail(user.getUsername(),resources.getEmail()); return new ResponseEntity<>(HttpStatus.OK); } /** * 如果当前用户的角色级别低于创建用户的角色级别,则抛出权限不足的错误 * @param resources / */ private void checkLevel(User resources) { Integer currentLevel = Collections.min(roleService.findByUsersId(SecurityUtils.getCurrentUserId()).stream().map(Role::getLevel).collect(Collectors.toList())); Integer optLevel = roleService.findByRoles(resources.getRoles()); if (currentLevel > optLevel) { throw new BadRequestException("角色权限不足"); } } }