From e6954b8baca25122f2d59737516d930ba53e6ebb Mon Sep 17 00:00:00 2001 From: tangwei Date: Tue, 30 Jun 2026 11:10:12 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BC=98=E5=8C=96=E7=94=A8=E6=88=B7?= =?UTF-8?q?=E7=99=BB=E5=BD=95=E7=A7=9F=E6=88=B7=E9=80=BB=E8=BE=91?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../service/impl/SdEngInfoBHServiceImpl.java | 8 +- .../service/impl/SdFpssBHServiceImpl.java | 10 ++- .../service/impl/SdHbrvDicServiceImpl.java | 6 +- .../service/impl/SdHydrobaseServiceImpl.java | 6 +- .../service/impl/SdRvcdDicServiceImpl.java | 6 +- .../system/service/IAdminAuthService.java | 39 +++++++++ .../platform/system/service/IUserService.java | 7 ++ .../service/impl/AdminAuthServiceImpl.java | 79 +++++++++++++++++ .../impl/SysOrganizationServiceImpl.java | 6 +- .../system/service/impl/UserServiceImpl.java | 86 +++++++++++++------ 10 files changed, 216 insertions(+), 37 deletions(-) create mode 100644 backend/src/main/java/com/yfd/platform/system/service/IAdminAuthService.java create mode 100644 backend/src/main/java/com/yfd/platform/system/service/impl/AdminAuthServiceImpl.java diff --git a/backend/src/main/java/com/yfd/platform/qgc_base/service/impl/SdEngInfoBHServiceImpl.java b/backend/src/main/java/com/yfd/platform/qgc_base/service/impl/SdEngInfoBHServiceImpl.java index e860aa8b..d1250369 100644 --- a/backend/src/main/java/com/yfd/platform/qgc_base/service/impl/SdEngInfoBHServiceImpl.java +++ b/backend/src/main/java/com/yfd/platform/qgc_base/service/impl/SdEngInfoBHServiceImpl.java @@ -34,6 +34,7 @@ import com.yfd.platform.qgc_base.domain.vo.EngVmsstbprptVo; import com.yfd.platform.qgc_base.mapper.SdEngInfoBHMapper; import com.yfd.platform.qgc_base.service.IMsOperationLogService; import com.yfd.platform.qgc_base.service.ISdEngInfoBHService; +import com.yfd.platform.system.service.IAdminAuthService; import com.yfd.platform.utils.QgcQueryWrapperUtil; import com.yfd.platform.utils.SecurityUtils; import jakarta.annotation.Resource; @@ -81,6 +82,9 @@ public class SdEngInfoBHServiceImpl extends ServiceImpl queryPageList(Page page, String ennm, String rvcd, String baseId, String hycd) { LambdaQueryWrapper wrapper = new LambdaQueryWrapper<>(); @@ -93,7 +97,7 @@ public class SdEngInfoBHServiceImpl extends ServiceImpl authorizedStations = getUserAuthorizedStationCodes(); if (authorizedStations != null && !authorizedStations.isEmpty()) { wrapper.in(SdEngInfoBH::getStcd, authorizedStations); - }else if (!"admin".equals(SecurityUtils.getCurrentUsername())){ + }else if (!adminAuthService.isCurrentManagedAdmin()){ return page; } return this.page(page, wrapper); @@ -135,7 +139,7 @@ public class SdEngInfoBHServiceImpl extends ServiceImpl authorizedStations = getUserAuthorizedStationCodes(); diff --git a/backend/src/main/java/com/yfd/platform/qgc_base/service/impl/SdFpssBHServiceImpl.java b/backend/src/main/java/com/yfd/platform/qgc_base/service/impl/SdFpssBHServiceImpl.java index ea8b2378..c85ffa59 100644 --- a/backend/src/main/java/com/yfd/platform/qgc_base/service/impl/SdFpssBHServiceImpl.java +++ b/backend/src/main/java/com/yfd/platform/qgc_base/service/impl/SdFpssBHServiceImpl.java @@ -10,6 +10,7 @@ import com.yfd.platform.qgc_base.domain.SdFpssBH; import com.yfd.platform.qgc_base.mapper.SdEngInfoBHMapper; import com.yfd.platform.qgc_base.mapper.SdFpssBHMapper; import com.yfd.platform.qgc_base.service.ISdFpssBHService; +import com.yfd.platform.system.service.IAdminAuthService; import com.yfd.platform.utils.SecurityUtils; import jakarta.annotation.Resource; import org.springframework.stereotype.Service; @@ -29,6 +30,9 @@ public class SdFpssBHServiceImpl extends ServiceImpl i @Resource private SdEngInfoBHMapper sdEngInfoBHMapper; + @Resource + private IAdminAuthService adminAuthService; + @Override public Page selectPage(String stcd, String sttp, String rstcd, Integer usfl, Page page) { @@ -50,7 +54,7 @@ public class SdFpssBHServiceImpl extends ServiceImpl i Set authorizedStations = getUserAuthorizedStationCodes(); if (authorizedStations != null && !authorizedStations.isEmpty()) { wrapper.in(SdFpssBH::getRstcd, authorizedStations); - }else if (!"admin".equals(SecurityUtils.getCurrentUsername())){ + }else if (!adminAuthService.isCurrentManagedAdmin()){ return page; } @@ -68,7 +72,7 @@ public class SdFpssBHServiceImpl extends ServiceImpl i @Override public List selectForDropdown(String rstcd, String stnm, String baseId,String rvcd,String reachcd) { // 管理员直接查询,无需权限过滤 - if ("admin".equals(SecurityUtils.getCurrentUsername())) { + if (adminAuthService.isCurrentManagedAdmin()) { return queryFpssList(rstcd, stnm, baseId,rvcd,reachcd); } @@ -196,4 +200,4 @@ public class SdFpssBHServiceImpl extends ServiceImpl i .eq(SdFpssBH::getSttp, sttp); return getOne(wrapper); } -} \ No newline at end of file +} diff --git a/backend/src/main/java/com/yfd/platform/qgc_base/service/impl/SdHbrvDicServiceImpl.java b/backend/src/main/java/com/yfd/platform/qgc_base/service/impl/SdHbrvDicServiceImpl.java index b897970b..67dc9c00 100644 --- a/backend/src/main/java/com/yfd/platform/qgc_base/service/impl/SdHbrvDicServiceImpl.java +++ b/backend/src/main/java/com/yfd/platform/qgc_base/service/impl/SdHbrvDicServiceImpl.java @@ -15,6 +15,7 @@ import com.yfd.platform.qgc_base.mapper.SdEngInfoBHMapper; import com.yfd.platform.qgc_base.mapper.SdHbrvDicMapper; import com.yfd.platform.qgc_base.mapper.SdHydrobaseMapper; import com.yfd.platform.qgc_base.service.ISdHbrvDicService; +import com.yfd.platform.system.service.IAdminAuthService; import com.yfd.platform.utils.QgcQueryWrapperUtil; import com.yfd.platform.utils.SecurityUtils; import jakarta.annotation.Resource; @@ -46,6 +47,9 @@ public class SdHbrvDicServiceImpl extends ServiceImpl queryPageList(Page page, String hbrvnm, String baseid) { @@ -110,7 +114,7 @@ public class SdHbrvDicServiceImpl extends ServiceImpl authorizedStations = getUserAuthorizedStationCodes(); diff --git a/backend/src/main/java/com/yfd/platform/qgc_base/service/impl/SdHydrobaseServiceImpl.java b/backend/src/main/java/com/yfd/platform/qgc_base/service/impl/SdHydrobaseServiceImpl.java index 652d5d4d..9669eba8 100644 --- a/backend/src/main/java/com/yfd/platform/qgc_base/service/impl/SdHydrobaseServiceImpl.java +++ b/backend/src/main/java/com/yfd/platform/qgc_base/service/impl/SdHydrobaseServiceImpl.java @@ -13,6 +13,7 @@ import com.yfd.platform.qgc_base.entity.vo.HydrobaseWbsVo; import com.yfd.platform.qgc_base.mapper.SdEngInfoBHMapper; import com.yfd.platform.qgc_base.mapper.SdHydrobaseMapper; import com.yfd.platform.qgc_base.service.ISdHydrobaseService; +import com.yfd.platform.system.service.IAdminAuthService; import com.yfd.platform.utils.SecurityUtils; import jakarta.annotation.Resource; import org.springframework.stereotype.Service; @@ -39,6 +40,9 @@ public class SdHydrobaseServiceImpl extends ServiceImpl queryPageList(Page page, String basename, String pbaseid) { return this.page(page, this.lambdaQuery() @@ -91,7 +95,7 @@ public class SdHydrobaseServiceImpl extends ServiceImpl(); } - }else if (!"admin".equals(SecurityUtils.getCurrentUsername())){ + }else if (!adminAuthService.isCurrentManagedAdmin()){ return new ArrayList<>(); } // else { diff --git a/backend/src/main/java/com/yfd/platform/qgc_base/service/impl/SdRvcdDicServiceImpl.java b/backend/src/main/java/com/yfd/platform/qgc_base/service/impl/SdRvcdDicServiceImpl.java index 60446e27..ff89fa82 100644 --- a/backend/src/main/java/com/yfd/platform/qgc_base/service/impl/SdRvcdDicServiceImpl.java +++ b/backend/src/main/java/com/yfd/platform/qgc_base/service/impl/SdRvcdDicServiceImpl.java @@ -11,6 +11,7 @@ import com.yfd.platform.qgc_base.mapper.SdRvcdDicMapper; import com.yfd.platform.qgc_base.service.ISdRvcdDicService; import com.yfd.platform.qgc_data.domain.SysUserDataScope; import com.yfd.platform.qgc_data.mapper.SysUserDataScopeMapper; +import com.yfd.platform.system.service.IAdminAuthService; import com.yfd.platform.utils.SecurityUtils; import jakarta.annotation.Resource; import org.springframework.stereotype.Service; @@ -33,6 +34,9 @@ public class SdRvcdDicServiceImpl extends ServiceImpl queryPageList(Page page, String rvnm, String prvcd) { return this.page(page, this.lambdaQuery() @@ -120,7 +124,7 @@ public class SdRvcdDicServiceImpl extends ServiceImpl selectForDropdown(String rvnm, String rvcd) { List dropdownList = this.baseMapper.selectRegDropdown(rvnm, rvcd); - if("admin".equals(SecurityUtils.getCurrentUsername())){ + if(adminAuthService.isCurrentManagedAdmin()){ return dropdownList; } Set authorizedStations = getUserAuthorizedStationCodes(); diff --git a/backend/src/main/java/com/yfd/platform/system/service/IAdminAuthService.java b/backend/src/main/java/com/yfd/platform/system/service/IAdminAuthService.java new file mode 100644 index 00000000..ea25071d --- /dev/null +++ b/backend/src/main/java/com/yfd/platform/system/service/IAdminAuthService.java @@ -0,0 +1,39 @@ +package com.yfd.platform.system.service; + +import java.util.List; +import java.util.Set; + +/** + * 超级管理员判断服务 + */ +public interface IAdminAuthService { + + /** + * 查询超级管理员用户名列表(SYS_USER.USERTYPE = 0) + * + * @return 超级管理员用户名列表 + */ + List getSuperAdminUsernames(); + + /** + * 查询统一管理的管理员用户名集合 + * + * @return 管理员用户名集合 + */ + Set getManagedAdminUsernames(); + + /** + * 判断指定用户名是否为超级管理员 + * + * @param username 用户名 + * @return 是否为超级管理员 + */ + boolean isManagedAdminUsername(String username); + + /** + * 判断当前登录用户是否为超级管理员 + * + * @return 是否为超级管理员 + */ + boolean isCurrentManagedAdmin(); +} diff --git a/backend/src/main/java/com/yfd/platform/system/service/IUserService.java b/backend/src/main/java/com/yfd/platform/system/service/IUserService.java index e5d970ac..4e9cdd62 100644 --- a/backend/src/main/java/com/yfd/platform/system/service/IUserService.java +++ b/backend/src/main/java/com/yfd/platform/system/service/IUserService.java @@ -103,6 +103,13 @@ public interface IUserService extends IService { ************************************/ ResponseResult resetPassword(String id) throws Exception; + /** + * 查询超级管理员用户名列表(SYS_USER.USERTYPE = 0) + * + * @return 超级管理员用户名列表 + */ + List getSuperAdminUsernames(); + /*********************************** * 用途说明:设置账号状态(管理员) * 参数说明 diff --git a/backend/src/main/java/com/yfd/platform/system/service/impl/AdminAuthServiceImpl.java b/backend/src/main/java/com/yfd/platform/system/service/impl/AdminAuthServiceImpl.java new file mode 100644 index 00000000..046de510 --- /dev/null +++ b/backend/src/main/java/com/yfd/platform/system/service/impl/AdminAuthServiceImpl.java @@ -0,0 +1,79 @@ +package com.yfd.platform.system.service.impl; + +import cn.hutool.core.collection.CollUtil; +import cn.hutool.core.util.StrUtil; +import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; +import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; +import com.yfd.platform.system.domain.SysUser; +import com.yfd.platform.system.mapper.SysUserMapper; +import com.yfd.platform.system.service.IAdminAuthService; +import com.yfd.platform.system.service.IUserService; +import com.yfd.platform.utils.SecurityUtils; +import jakarta.annotation.Resource; +import jakarta.servlet.http.HttpServletRequest; +import org.springframework.stereotype.Service; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.LinkedHashSet; +import java.util.List; +import java.util.Set; +import java.util.stream.Collectors; + +/** + * 超级管理员判断服务实现 + */ +@Service +public class AdminAuthServiceImpl implements IAdminAuthService { + + private static final Set BUILT_IN_ADMIN_USERNAMES = + new LinkedHashSet<>(Collections.singletonList("admin")); + + @Resource + private SysUserMapper userMapper; + + @Override + public List getSuperAdminUsernames() { + + // 获取当前请求 + ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes(); + LambdaQueryWrapper queryWrapper = new LambdaQueryWrapper<>(); + queryWrapper.eq(SysUser::getUsertype, 0).select(SysUser::getUsername); + //根据用户名称或手机号查询用户信息 + if (attributes != null) { + HttpServletRequest request = attributes.getRequest(); + String tenantId = request.getHeader("Tenant_Id"); + if(StrUtil.isNotBlank(tenantId)){ + queryWrapper.eq(SysUser::getTenantId, tenantId); + } + } + List userList = userMapper.selectList(queryWrapper); + if (CollUtil.isEmpty(userList)) { + return new ArrayList<>(); + } + return userList.stream() + .map(SysUser::getUsername) + .filter(StrUtil::isNotBlank) + .distinct() + .collect(Collectors.toList()); + } + + @Override + public Set getManagedAdminUsernames() { + LinkedHashSet usernames = new LinkedHashSet<>(BUILT_IN_ADMIN_USERNAMES); + usernames.addAll(getSuperAdminUsernames()); + return usernames; + } + + @Override + public boolean isManagedAdminUsername(String username) { + return StrUtil.isNotBlank(username) && getManagedAdminUsernames().contains(username); + } + + @Override + public boolean isCurrentManagedAdmin() { + return isManagedAdminUsername(SecurityUtils.getCurrentUsername()); + } +} diff --git a/backend/src/main/java/com/yfd/platform/system/service/impl/SysOrganizationServiceImpl.java b/backend/src/main/java/com/yfd/platform/system/service/impl/SysOrganizationServiceImpl.java index 6e20d9dc..dcf3e8b6 100644 --- a/backend/src/main/java/com/yfd/platform/system/service/impl/SysOrganizationServiceImpl.java +++ b/backend/src/main/java/com/yfd/platform/system/service/impl/SysOrganizationServiceImpl.java @@ -11,6 +11,7 @@ import com.yfd.platform.system.domain.SysRole; import com.yfd.platform.system.domain.SysUser; import com.yfd.platform.system.mapper.SysOrganizationMapper; import com.yfd.platform.system.mapper.SysRoleMapper; +import com.yfd.platform.system.service.IAdminAuthService; import com.yfd.platform.system.service.ISysOrganizationService; import com.yfd.platform.system.service.IUserService; import com.yfd.platform.utils.ObjectConverterUtil; @@ -38,6 +39,9 @@ public class SysOrganizationServiceImpl extends ServiceImpl> getOrgScopeTree(String roleId, String tenantId) { LambdaQueryWrapper queryWrapper = new LambdaQueryWrapper<>(); - if(!"admin".equals(SecurityUtils.getCurrentUsername())){ + if(!adminAuthService.isCurrentManagedAdmin()){ String userId = SecurityUtils.getUserId(); List roles = sysRoleMapper.getRoleByUserId(userId); List ids = new ArrayList<>(); diff --git a/backend/src/main/java/com/yfd/platform/system/service/impl/UserServiceImpl.java b/backend/src/main/java/com/yfd/platform/system/service/impl/UserServiceImpl.java index 0e157cd4..5f11a266 100644 --- a/backend/src/main/java/com/yfd/platform/system/service/impl/UserServiceImpl.java +++ b/backend/src/main/java/com/yfd/platform/system/service/impl/UserServiceImpl.java @@ -22,6 +22,7 @@ import com.yfd.platform.system.domain.SysRole; import com.yfd.platform.system.domain.SysUser; import com.yfd.platform.system.mapper.SysRoleMapper; import com.yfd.platform.system.mapper.SysUserMapper; +import com.yfd.platform.system.service.IAdminAuthService; import com.yfd.platform.system.service.IUserService; import com.yfd.platform.utils.FileUtil; import com.yfd.platform.utils.PasswordGenerator; @@ -80,6 +81,9 @@ public class UserServiceImpl extends ServiceImpl impleme @Resource private SysUserDataScopeMapper sysUserDataScopeMapper; + @Resource + private IAdminAuthService adminAuthService; + /********************************** * 用途说明:获取当前用户账号及名称 * 参数说明 @@ -162,7 +166,7 @@ public class UserServiceImpl extends ServiceImpl impleme //账号有效 sysUser.setStatus(1); //判断注册的登录账号是否存在 - if (isExistAccount(sysUser.getUsername())) { + if (isExistAccount(sysUser.getUsername(),sysUser.getTenantId() )) { //新增用户 boolean ok = this.save(sysUser); //新增用户分配权限 @@ -419,7 +423,7 @@ public class UserServiceImpl extends ServiceImpl impleme //账号头像存储地址 String imgName = fileSpaceProperties.getSystem() + File.separator + "user" + File.separator + sysUser.getAvatar(); - if ("admin".equals(sysUser.getUsername())) { + if (adminAuthService.isManagedAdminUsername(sysUser.getUsername())) { return false; } else { boolean isOk = this.removeById(id); @@ -446,31 +450,30 @@ public class UserServiceImpl extends ServiceImpl impleme ************************************/ @Override public ResponseResult resetPassword(String id) throws Exception { - //根据当前用户id 查询角色表的级别 currentUser.getUser() 获取当前用户id - String level = sysUserMapper.getMaxLevel(id); - //判断是否获取级别 - if ("admin".equals(SecurityUtils.getCurrentUsername()) || StrUtil.isNotEmpty(level)) { - //判断当前用户级别 管理员及以上权限 - if ("admin".equals(SecurityUtils.getCurrentUsername()) || Integer.parseInt(level) <= 2) { - SysUser sysUser = sysUserMapper.selectById(id); - UpdateWrapper updateWrapper = new UpdateWrapper<>(); - String password = PasswordGenerator.generateRandomPassword(sysUser.getUsername()); - //根据id 修改密码,密码修改时间,最近修改者,最近修改日期 将密码修改为 123456 - String cryptPassword = passwordEncoder.encode(password); - updateWrapper.eq("id", id).set("password", cryptPassword).set( - "pwdresettime", - new Timestamp(System.currentTimeMillis())).set( - "lastmodifydate", - new Timestamp(System.currentTimeMillis())).set( - "lastmodifier", getUsername()); - //是否修改成功 - this.update(updateWrapper); - return ResponseResult.successData(password); - } + if (hasAdminOperationPermission()) { + SysUser sysUser = sysUserMapper.selectById(id); + UpdateWrapper updateWrapper = new UpdateWrapper<>(); + String password = PasswordGenerator.generateRandomPassword(sysUser.getUsername()); + //根据id 修改密码,密码修改时间,最近修改者,最近修改日期 + String cryptPassword = passwordEncoder.encode(password); + updateWrapper.eq("id", id).set("password", cryptPassword).set( + "pwdresettime", + new Timestamp(System.currentTimeMillis())).set( + "lastmodifydate", + new Timestamp(System.currentTimeMillis())).set( + "lastmodifier", getUsername()); + //是否修改成功 + this.update(updateWrapper); + return ResponseResult.successData(password); } return ResponseResult.error(); } + @Override + public List getSuperAdminUsernames() { + return adminAuthService.getSuperAdminUsernames(); + } + /*********************************** * 用途说明:设置账号状态(管理员) * 参数说明 @@ -481,10 +484,8 @@ public class UserServiceImpl extends ServiceImpl impleme @Override public boolean setStatus(String id, String status) { boolean isOk = false; - //根据当前用户id 查询角色表的级别 currentUser.getUser() 获取当前用户id - String level = sysUserMapper.getMaxLevel(id); //判断当前用户级别 管理员及以上权限 - if ("admin".equals(SecurityUtils.getCurrentUsername()) || Integer.parseInt(level) <= 2) { + if (hasAdminOperationPermission()) { UpdateWrapper updateWrapper = new UpdateWrapper<>(); //根据id修改用户状态,最近修改人,最近修改时间 updateWrapper.eq("id", id).set("status", status).set( @@ -497,6 +498,35 @@ public class UserServiceImpl extends ServiceImpl impleme return isOk; } + private boolean hasAdminOperationPermission() { + if (adminAuthService.isCurrentManagedAdmin()) { + return true; + } + String currentUserId = SecurityUtils.getUserId(); + String level = sysUserMapper.getMaxLevel(currentUserId); + Integer roleLevel = parseRoleLevel(level); + return roleLevel != null && roleLevel <= 2; + } + + private boolean isCurrentManagedAdmin() { + return adminAuthService.isCurrentManagedAdmin(); + } + + private boolean isManagedAdminUsername(String username) { + return adminAuthService.isManagedAdminUsername(username); + } + + private Set getManagedAdminUsernames() { + return adminAuthService.getManagedAdminUsernames(); + } + + private Integer parseRoleLevel(String level) { + if (StrUtil.isBlank(level) || !StrUtil.isNumeric(level)) { + return null; + } + return Integer.parseInt(level); + } + /*********************************** * 用途说明:上传用户头像 * 参数说明 @@ -864,9 +894,9 @@ public class UserServiceImpl extends ServiceImpl impleme * account 登录名称 * 返回值说明: 重复返回 false 否则返回 true ************************************/ - private boolean isExistAccount(String username) { + private boolean isExistAccount(String username,String tenantId) { QueryWrapper queryWrapper = new QueryWrapper<>(); - if (this.list(queryWrapper.eq("username", username)).size() > 0) { + if (this.list(queryWrapper.eq("username", username).eq("TENANT_ID", tenantId)).size() > 0) { //判断 查询登录账号 结果集是否为null 重复返回 false 否则返回 tree return false; } else {