修改用户模块
This commit is contained in:
wh
@@ -1,13 +1,16 @@
|
|||||||
package com.label.common.context;
|
package com.label.common.context;
|
||||||
|
|
||||||
public class CompanyContext {
|
public class CompanyContext {
|
||||||
private static final ThreadLocal<Long> COMPANY_ID = new ThreadLocal<>();
|
private static final ThreadLocal<Long> COMPANY_ID = new ThreadLocal<>().withInitial(() -> -1L);
|
||||||
|
|
||||||
public static void set(Long companyId) {
|
public static void set(Long companyId) {
|
||||||
COMPANY_ID.set(companyId);
|
COMPANY_ID.set(companyId);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static Long get() {
|
public static Long get() {
|
||||||
|
if (COMPANY_ID.get() == null) {
|
||||||
|
throw new IllegalStateException("Company ID not set");
|
||||||
|
}
|
||||||
return COMPANY_ID.get();
|
return COMPANY_ID.get();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -67,12 +67,12 @@ public class TokenFilter extends OncePerRequestFilter {
|
|||||||
|| path.equals("/api/auth/login")
|
|| path.equals("/api/auth/login")
|
||||||
|| path.equals("/api/video/callback")
|
|| path.equals("/api/video/callback")
|
||||||
|| path.startsWith("/swagger-ui")
|
|| path.startsWith("/swagger-ui")
|
||||||
|| path.startsWith("/v3/api-docs"); // AI 服务内部回调,不走用户 Token 认证
|
|| path.startsWith("/v3/api-docs"); // AI 服务内部回调,不走用户 Token 认证
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
|
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
|
||||||
FilterChain filterChain) throws ServletException, IOException {
|
FilterChain filterChain) throws ServletException, IOException {
|
||||||
try {
|
try {
|
||||||
if (!authEnabled) {
|
if (!authEnabled) {
|
||||||
TokenPrincipal principal = new TokenPrincipal(
|
TokenPrincipal principal = new TokenPrincipal(
|
||||||
@@ -85,12 +85,17 @@ public class TokenFilter extends OncePerRequestFilter {
|
|||||||
}
|
}
|
||||||
|
|
||||||
String authHeader = request.getHeader("Authorization");
|
String authHeader = request.getHeader("Authorization");
|
||||||
if (authHeader == null || !authHeader.startsWith("Bearer ")) {
|
if (authHeader == null || !authHeader.toLowerCase().startsWith("bearer ")) {
|
||||||
writeUnauthorized(response, "缺少或无效的认证令牌");
|
writeUnauthorized(response, "缺少或无效的认证令牌");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
String[] parts = authHeader.split("\\s+");
|
||||||
String token = authHeader.substring(7).trim();
|
if (parts.length != 2 || !"Bearer".equalsIgnoreCase(parts[0])) {
|
||||||
|
writeUnauthorized(response, "无效的认证格式");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
String token = parts[1];
|
||||||
|
//String token = authHeader.substring(7).trim();
|
||||||
Map<Object, Object> tokenData = redisService.hGetAll(RedisKeyManager.tokenKey(token));
|
Map<Object, Object> tokenData = redisService.hGetAll(RedisKeyManager.tokenKey(token));
|
||||||
|
|
||||||
if (tokenData == null || tokenData.isEmpty()) {
|
if (tokenData == null || tokenData.isEmpty()) {
|
||||||
|
|||||||
@@ -1,18 +1,27 @@
|
|||||||
package com.label.module.user.controller;
|
package com.label.module.user.controller;
|
||||||
|
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
|
import org.apache.shiro.authz.annotation.RequiresRoles;
|
||||||
|
import org.springframework.web.bind.annotation.GetMapping;
|
||||||
|
import org.springframework.web.bind.annotation.PathVariable;
|
||||||
|
import org.springframework.web.bind.annotation.PostMapping;
|
||||||
|
import org.springframework.web.bind.annotation.PutMapping;
|
||||||
|
import org.springframework.web.bind.annotation.RequestBody;
|
||||||
|
import org.springframework.web.bind.annotation.RequestMapping;
|
||||||
|
import org.springframework.web.bind.annotation.RequestParam;
|
||||||
|
import org.springframework.web.bind.annotation.RestController;
|
||||||
|
|
||||||
import com.label.common.result.PageResult;
|
import com.label.common.result.PageResult;
|
||||||
import com.label.common.result.Result;
|
import com.label.common.result.Result;
|
||||||
import com.label.common.shiro.TokenPrincipal;
|
import com.label.common.shiro.TokenPrincipal;
|
||||||
import com.label.module.user.entity.SysUser;
|
import com.label.module.user.entity.SysUser;
|
||||||
import com.label.module.user.service.UserService;
|
import com.label.module.user.service.UserService;
|
||||||
|
|
||||||
import io.swagger.v3.oas.annotations.Operation;
|
import io.swagger.v3.oas.annotations.Operation;
|
||||||
import io.swagger.v3.oas.annotations.tags.Tag;
|
import io.swagger.v3.oas.annotations.tags.Tag;
|
||||||
import jakarta.servlet.http.HttpServletRequest;
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
import lombok.RequiredArgsConstructor;
|
import lombok.RequiredArgsConstructor;
|
||||||
import org.apache.shiro.authz.annotation.RequiresRoles;
|
|
||||||
import org.springframework.web.bind.annotation.*;
|
|
||||||
|
|
||||||
import java.util.Map;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 用户管理接口(5 个端点,全部 ADMIN 权限)。
|
* 用户管理接口(5 个端点,全部 ADMIN 权限)。
|
||||||
@@ -41,7 +50,7 @@ public class UserController {
|
|||||||
@PostMapping
|
@PostMapping
|
||||||
@RequiresRoles("ADMIN")
|
@RequiresRoles("ADMIN")
|
||||||
public Result<SysUser> createUser(@RequestBody Map<String, String> body,
|
public Result<SysUser> createUser(@RequestBody Map<String, String> body,
|
||||||
HttpServletRequest request) {
|
HttpServletRequest request) {
|
||||||
return Result.success(userService.createUser(
|
return Result.success(userService.createUser(
|
||||||
body.get("username"),
|
body.get("username"),
|
||||||
body.get("password"),
|
body.get("password"),
|
||||||
@@ -55,8 +64,8 @@ public class UserController {
|
|||||||
@PutMapping("/{id}")
|
@PutMapping("/{id}")
|
||||||
@RequiresRoles("ADMIN")
|
@RequiresRoles("ADMIN")
|
||||||
public Result<SysUser> updateUser(@PathVariable Long id,
|
public Result<SysUser> updateUser(@PathVariable Long id,
|
||||||
@RequestBody Map<String, String> body,
|
@RequestBody Map<String, String> body,
|
||||||
HttpServletRequest request) {
|
HttpServletRequest request) {
|
||||||
return Result.success(userService.updateUser(
|
return Result.success(userService.updateUser(
|
||||||
id,
|
id,
|
||||||
body.get("realName"),
|
body.get("realName"),
|
||||||
@@ -65,23 +74,23 @@ public class UserController {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/** PUT /api/users/{id}/status — 变更用户状态 */
|
/** PUT /api/users/{id}/status — 变更用户状态 */
|
||||||
@Operation(summary = "变更用户状态")
|
@Operation(summary = "变更用户状态", description = "status:ACTIVE、DISABLED")
|
||||||
@PutMapping("/{id}/status")
|
@PutMapping("/{id}/status")
|
||||||
@RequiresRoles("ADMIN")
|
@RequiresRoles("ADMIN")
|
||||||
public Result<Void> updateStatus(@PathVariable Long id,
|
public Result<Void> updateStatus(@PathVariable Long id,
|
||||||
@RequestBody Map<String, String> body,
|
@RequestBody Map<String, String> body,
|
||||||
HttpServletRequest request) {
|
HttpServletRequest request) {
|
||||||
userService.updateStatus(id, body.get("status"), principal(request));
|
userService.updateStatus(id, body.get("status"), principal(request));
|
||||||
return Result.success(null);
|
return Result.success(null);
|
||||||
}
|
}
|
||||||
|
|
||||||
/** PUT /api/users/{id}/role — 变更用户角色 */
|
/** PUT /api/users/{id}/role — 变更用户角色 */
|
||||||
@Operation(summary = "变更用户角色")
|
@Operation(summary = "变更用户角色", description = "role:ADMIN、UPLOADER、VIEWER")
|
||||||
@PutMapping("/{id}/role")
|
@PutMapping("/{id}/role")
|
||||||
@RequiresRoles("ADMIN")
|
@RequiresRoles("ADMIN")
|
||||||
public Result<Void> updateRole(@PathVariable Long id,
|
public Result<Void> updateRole(@PathVariable Long id,
|
||||||
@RequestBody Map<String, String> body,
|
@RequestBody Map<String, String> body,
|
||||||
HttpServletRequest request) {
|
HttpServletRequest request) {
|
||||||
userService.updateRole(id, body.get("role"), principal(request));
|
userService.updateRole(id, body.get("role"), principal(request));
|
||||||
return Result.success(null);
|
return Result.success(null);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,5 +1,13 @@
|
|||||||
package com.label.module.user.service;
|
package com.label.module.user.service;
|
||||||
|
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.Set;
|
||||||
|
|
||||||
|
import org.springframework.http.HttpStatus;
|
||||||
|
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||||
|
import org.springframework.stereotype.Service;
|
||||||
|
import org.springframework.transaction.annotation.Transactional;
|
||||||
|
|
||||||
import com.baomidou.mybatisplus.core.conditions.update.LambdaUpdateWrapper;
|
import com.baomidou.mybatisplus.core.conditions.update.LambdaUpdateWrapper;
|
||||||
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
|
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
|
||||||
import com.label.common.exception.BusinessException;
|
import com.label.common.exception.BusinessException;
|
||||||
@@ -9,16 +17,9 @@ import com.label.common.result.PageResult;
|
|||||||
import com.label.common.shiro.TokenPrincipal;
|
import com.label.common.shiro.TokenPrincipal;
|
||||||
import com.label.module.user.entity.SysUser;
|
import com.label.module.user.entity.SysUser;
|
||||||
import com.label.module.user.mapper.SysUserMapper;
|
import com.label.module.user.mapper.SysUserMapper;
|
||||||
|
|
||||||
import lombok.RequiredArgsConstructor;
|
import lombok.RequiredArgsConstructor;
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
import org.springframework.http.HttpStatus;
|
|
||||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
|
||||||
import org.springframework.stereotype.Service;
|
|
||||||
import org.springframework.transaction.annotation.Transactional;
|
|
||||||
|
|
||||||
import java.util.List;
|
|
||||||
import java.util.Map;
|
|
||||||
import java.util.Set;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 用户管理服务(ADMIN 专属)。
|
* 用户管理服务(ADMIN 专属)。
|
||||||
@@ -52,8 +53,8 @@ public class UserService {
|
|||||||
*/
|
*/
|
||||||
@Transactional
|
@Transactional
|
||||||
public SysUser createUser(String username, String password,
|
public SysUser createUser(String username, String password,
|
||||||
String realName, String role,
|
String realName, String role,
|
||||||
TokenPrincipal principal) {
|
TokenPrincipal principal) {
|
||||||
// 校验用户名唯一性
|
// 校验用户名唯一性
|
||||||
SysUser existing = userMapper.selectByCompanyAndUsername(principal.getCompanyId(), username);
|
SysUser existing = userMapper.selectByCompanyAndUsername(principal.getCompanyId(), username);
|
||||||
if (existing != null) {
|
if (existing != null) {
|
||||||
@@ -83,7 +84,7 @@ public class UserService {
|
|||||||
*/
|
*/
|
||||||
@Transactional
|
@Transactional
|
||||||
public SysUser updateUser(Long userId, String realName, String password,
|
public SysUser updateUser(Long userId, String realName, String password,
|
||||||
TokenPrincipal principal) {
|
TokenPrincipal principal) {
|
||||||
SysUser user = getExistingUser(userId, principal.getCompanyId());
|
SysUser user = getExistingUser(userId, principal.getCompanyId());
|
||||||
|
|
||||||
LambdaUpdateWrapper<SysUser> wrapper = new LambdaUpdateWrapper<SysUser>()
|
LambdaUpdateWrapper<SysUser> wrapper = new LambdaUpdateWrapper<SysUser>()
|
||||||
@@ -127,8 +128,7 @@ public class UserService {
|
|||||||
|
|
||||||
// 2. 更新所有活跃 Token 中的 role 字段(立即生效,无需重新登录)
|
// 2. 更新所有活跃 Token 中的 role 字段(立即生效,无需重新登录)
|
||||||
Set<String> tokens = redisService.sMembers(RedisKeyManager.userSessionsKey(userId));
|
Set<String> tokens = redisService.sMembers(RedisKeyManager.userSessionsKey(userId));
|
||||||
tokens.forEach(token ->
|
tokens.forEach(token -> redisService.hPut(RedisKeyManager.tokenKey(token), "role", newRole));
|
||||||
redisService.hPut(RedisKeyManager.tokenKey(token), "role", newRole));
|
|
||||||
|
|
||||||
// 3. 删除权限缓存(如 Shiro 缓存存在)
|
// 3. 删除权限缓存(如 Shiro 缓存存在)
|
||||||
redisService.delete(RedisKeyManager.userPermKey(userId));
|
redisService.delete(RedisKeyManager.userPermKey(userId));
|
||||||
|
|||||||
Reference in New Issue
Block a user