From 9fc3e220a7d1789f54b20630c9858bd743d51408 Mon Sep 17 00:00:00 2001
From: Ricky <hk_ricky@163.com>
Date: 星期四, 25 十一月 2021 14:00:27 +0800
Subject: [PATCH] 防止修改用户个人信息接口修改用户名
---
ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java | 23 +++++++++--------------
1 files changed, 9 insertions(+), 14 deletions(-)
diff --git a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java
index 047f2e9..9aacc3b 100644
--- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java
@@ -2,6 +2,7 @@
import java.util.List;
import java.util.stream.Collectors;
+import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.ArrayUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
@@ -21,14 +22,11 @@
import com.ruoyi.common.core.domain.AjaxResult;
import com.ruoyi.common.core.domain.entity.SysRole;
import com.ruoyi.common.core.domain.entity.SysUser;
-import com.ruoyi.common.core.domain.model.LoginUser;
import com.ruoyi.common.core.page.TableDataInfo;
import com.ruoyi.common.enums.BusinessType;
import com.ruoyi.common.utils.SecurityUtils;
-import com.ruoyi.common.utils.ServletUtils;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.common.utils.poi.ExcelUtil;
-import com.ruoyi.framework.web.service.TokenService;
import com.ruoyi.system.service.ISysPostService;
import com.ruoyi.system.service.ISysRoleService;
import com.ruoyi.system.service.ISysUserService;
@@ -51,9 +49,6 @@
@Autowired
private ISysPostService postService;
- @Autowired
- private TokenService tokenService;
-
/**
* 获取用户列表
*/
@@ -68,12 +63,12 @@
@Log(title = "用户管理", businessType = BusinessType.EXPORT)
@PreAuthorize("@ss.hasPermi('system:user:export')")
- @GetMapping("/export")
- public AjaxResult export(SysUser user)
+ @PostMapping("/export")
+ public void export(HttpServletResponse response, SysUser user)
{
List<SysUser> list = userService.selectUserList(user);
ExcelUtil<SysUser> util = new ExcelUtil<SysUser>(SysUser.class);
- return util.exportExcel(list, "用户数据");
+ util.exportExcel(response, list, "用户数据");
}
@Log(title = "用户管理", businessType = BusinessType.IMPORT)
@@ -83,17 +78,16 @@
{
ExcelUtil<SysUser> util = new ExcelUtil<SysUser>(SysUser.class);
List<SysUser> userList = util.importExcel(file.getInputStream());
- LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest());
- String operName = loginUser.getUsername();
+ String operName = getUsername();
String message = userService.importUser(userList, updateSupport, operName);
return AjaxResult.success(message);
}
- @GetMapping("/importTemplate")
- public AjaxResult importTemplate()
+ @PostMapping("/importTemplate")
+ public void importTemplate(HttpServletResponse response)
{
ExcelUtil<SysUser> util = new ExcelUtil<SysUser>(SysUser.class);
- return util.importTemplateExcel("用户数据");
+ util.importTemplateExcel(response, "用户数据");
}
/**
@@ -103,6 +97,7 @@
@GetMapping(value = { "/", "/{userId}" })
public AjaxResult getInfo(@PathVariable(value = "userId", required = false) Long userId)
{
+ userService.checkUserDataScope(userId);
AjaxResult ajax = AjaxResult.success();
List<SysRole> roles = roleService.selectRoleAll();
ajax.put("roles", SysUser.isAdmin(userId) ? roles : roles.stream().filter(r -> !r.isAdmin()).collect(Collectors.toList()));
--
Gitblit v1.9.2