From 0d52e11e3dd739eb5a67ea645f0ca4c4be77ad91 Mon Sep 17 00:00:00 2001
From: 平凡 <hmxmylove@163.com>
Date: Sat, 18 Jul 2020 00:03:27 +0800
Subject: [PATCH] 禁止加密密文返回前端
---
ruoyi/src/main/java/com/ruoyi/project/system/controller/SysUserController.java | 70 +++++++++++++++++++++++++++++-----
1 files changed, 59 insertions(+), 11 deletions(-)
diff --git a/ruoyi/src/main/java/com/ruoyi/project/system/controller/SysUserController.java b/ruoyi/src/main/java/com/ruoyi/project/system/controller/SysUserController.java
index cd8cd89..5c68570 100644
--- a/ruoyi/src/main/java/com/ruoyi/project/system/controller/SysUserController.java
+++ b/ruoyi/src/main/java/com/ruoyi/project/system/controller/SysUserController.java
@@ -1,8 +1,10 @@
package com.ruoyi.project.system.controller;
import java.util.List;
+import java.util.stream.Collectors;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
@@ -11,13 +13,20 @@
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.multipart.MultipartFile;
import com.ruoyi.common.constant.UserConstants;
import com.ruoyi.common.utils.SecurityUtils;
+import com.ruoyi.common.utils.ServletUtils;
+import com.ruoyi.common.utils.StringUtils;
+import com.ruoyi.common.utils.poi.ExcelUtil;
import com.ruoyi.framework.aspectj.lang.annotation.Log;
import com.ruoyi.framework.aspectj.lang.enums.BusinessType;
+import com.ruoyi.framework.security.LoginUser;
+import com.ruoyi.framework.security.service.TokenService;
import com.ruoyi.framework.web.controller.BaseController;
import com.ruoyi.framework.web.domain.AjaxResult;
import com.ruoyi.framework.web.page.TableDataInfo;
+import com.ruoyi.project.system.domain.SysRole;
import com.ruoyi.project.system.domain.SysUser;
import com.ruoyi.project.system.service.ISysPostService;
import com.ruoyi.project.system.service.ISysRoleService;
@@ -41,6 +50,9 @@
@Autowired
private ISysPostService postService;
+ @Autowired
+ private TokenService tokenService;
+
/**
* 获取用户列表
*/
@@ -53,16 +65,53 @@
return getDataTable(list);
}
+ @Log(title = "用户管理", businessType = BusinessType.EXPORT)
+ @PreAuthorize("@ss.hasPermi('system:user:export')")
+ @GetMapping("/export")
+ public AjaxResult export(SysUser user)
+ {
+ List<SysUser> list = userService.selectUserList(user);
+ ExcelUtil<SysUser> util = new ExcelUtil<SysUser>(SysUser.class);
+ return util.exportExcel(list, "用户数据");
+ }
+
+ @Log(title = "用户管理", businessType = BusinessType.IMPORT)
+ @PreAuthorize("@ss.hasPermi('system:user:import')")
+ @PostMapping("/importData")
+ public AjaxResult importData(MultipartFile file, boolean updateSupport) throws Exception
+ {
+ ExcelUtil<SysUser> util = new ExcelUtil<SysUser>(SysUser.class);
+ List<SysUser> userList = util.importExcel(file.getInputStream());
+ LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest());
+ String operName = loginUser.getUsername();
+ String message = userService.importUser(userList, updateSupport, operName);
+ return AjaxResult.success(message);
+ }
+
+ @GetMapping("/importTemplate")
+ public AjaxResult importTemplate()
+ {
+ ExcelUtil<SysUser> util = new ExcelUtil<SysUser>(SysUser.class);
+ return util.importTemplateExcel("用户数据");
+ }
+
/**
* 根据用户编号获取详细信息
*/
@PreAuthorize("@ss.hasPermi('system:user:query')")
- @GetMapping(value = "/{userId}")
- public AjaxResult getInfo(@PathVariable Long userId)
+ @GetMapping(value = { "/", "/{userId}" })
+ public AjaxResult getInfo(@PathVariable(value = "userId", required = false) Long userId)
{
- AjaxResult ajax = AjaxResult.success(userService.selectUserById(userId));
- ajax.put("postIds", postService.selectPostListByUserId(userId));
- ajax.put("roleIds", roleService.selectRoleListByUserId(userId));
+ AjaxResult ajax = AjaxResult.success();
+ List<SysRole> roles = roleService.selectRoleAll();
+ ajax.put("roles", SysUser.isAdmin(userId) ? roles : roles.stream().filter(r -> !r.isAdmin()).collect(Collectors.toList()));
+ ajax.put("posts", postService.selectPostAll());
+ if (StringUtils.isNotNull(userId))
+ {
+ ajax.put(AjaxResult.DATA_TAG, userService.selectUserById(userId));
+ ajax.put("postIds", postService.selectPostListByUserId(userId));
+ ajax.put("roleIds", roleService.selectRoleListByUserId(userId));
+ }
return ajax;
}
@@ -72,7 +121,7 @@
@PreAuthorize("@ss.hasPermi('system:user:add')")
@Log(title = "用户管理", businessType = BusinessType.INSERT)
@PostMapping
- public AjaxResult add(@RequestBody SysUser user)
+ public AjaxResult add(@Validated @RequestBody SysUser user)
{
if (UserConstants.NOT_UNIQUE.equals(userService.checkUserNameUnique(user.getUserName())))
{
@@ -97,7 +146,7 @@
@PreAuthorize("@ss.hasPermi('system:user:edit')")
@Log(title = "用户管理", businessType = BusinessType.UPDATE)
@PutMapping
- public AjaxResult edit(@RequestBody SysUser user)
+ public AjaxResult edit(@Validated @RequestBody SysUser user)
{
userService.checkUserAllowed(user);
if (UserConstants.NOT_UNIQUE.equals(userService.checkPhoneUnique(user)))
@@ -117,11 +166,10 @@
*/
@PreAuthorize("@ss.hasPermi('system:user:remove')")
@Log(title = "用户管理", businessType = BusinessType.DELETE)
- @DeleteMapping("/{userId}")
- public AjaxResult remove(@PathVariable Long userId)
+ @DeleteMapping("/{userIds}")
+ public AjaxResult remove(@PathVariable Long[] userIds)
{
- userService.checkUserAllowed(new SysUser(userId));
- return toAjax(userService.deleteUserById(userId));
+ return toAjax(userService.deleteUserByIds(userIds));
}
/**
--
Gitblit v1.9.2