租户邀请人改成采用手机号，租户敏感接口加权限

jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysTenantController.java

@@ -12,6 +12,7 @@ import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.jeecg.common.api.vo.Result;
 import org.jeecg.common.aspect.annotation.PermissionData;
 import org.jeecg.common.config.TenantContext;
+import org.jeecg.common.constant.CommonConstant;
 import org.jeecg.common.constant.SymbolConstant;
 import org.jeecg.common.system.query.QueryGenerator;
 import org.jeecg.common.system.vo.LoginUser;
@@ -19,6 +20,7 @@ import org.jeecg.common.util.PasswordUtil;
 import org.jeecg.common.util.TokenUtils;
 import org.jeecg.common.util.oConvertUtils;
 import org.jeecg.config.mybatis.MybatisPlusSaasConfig;
+import org.jeecg.modules.base.service.BaseCommonService;
 import org.jeecg.modules.system.entity.*;
 import org.jeecg.modules.system.service.ISysTenantPackService;
 import org.jeecg.modules.system.service.ISysTenantService;
@@ -55,6 +57,9 @@ public class SysTenantController {
     
     @Autowired
     private ISysTenantPackService sysTenantPackService;
+    
+    @Autowired
+    private BaseCommonService baseCommonService;
 
     /**
      * 获取列表数据
@@ -167,6 +172,22 @@ public class SysTenantController {
     //@RequiresPermissions("system:tenant:delete")
     @RequestMapping(value = "/delete", method ={RequestMethod.DELETE, RequestMethod.POST})
     public Result<?> delete(@RequestParam(name="id",required=true) String id) {
+        //------------------------------------------------------------------
+        //如果是saas隔离的情况下，判断当前租户id是否是当前租户下的
+        if (MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL) {
+            //获取当前用户
+            LoginUser sysUser = (LoginUser) SecurityUtils.getSubject().getPrincipal();
+            SysTenant sysTenant = sysTenantService.getById(id);
+
+            String username = "admin";
+            String createdBy = sysUser.getUsername();
+            if (!sysTenant.getCreateBy().equals(createdBy) && !username.equals(createdBy)) {
+                baseCommonService.addLog("未经授权，不能删除非自己创建的租户，租户ID：" + id + "，操作人：" + sysUser.getUsername(), CommonConstant.LOG_TYPE_2, CommonConstant.OPERATE_TYPE_3);
+                return Result.error("删除租户失败,当前操作人不是租户的创建人！");
+            }
+        }
+        //------------------------------------------------------------------
+                
         sysTenantService.removeTenantById(id);
         return Result.ok("删除成功");
     }
@@ -187,6 +208,22 @@ public class SysTenantController {
             // 过滤掉已被引用的租户
             List<Integer> idList = new ArrayList<>();
             for (String id : ls) {
+                //------------------------------------------------------------------
+                //如果是saas隔离的情况下，判断当前租户id是否是当前租户下的
+                if (MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL) {
+                    //获取当前用户
+                    LoginUser sysUser = (LoginUser) SecurityUtils.getSubject().getPrincipal();
+                    SysTenant sysTenant = sysTenantService.getById(id);
+
+                    String username = "admin";
+                    String createdBy = sysUser.getUsername();
+                    if (!sysTenant.getCreateBy().equals(createdBy) && !username.equals(createdBy)) {
+                        baseCommonService.addLog("未经授权，不能删除非自己创建的租户，租户ID：" + id + "，操作人：" + sysUser.getUsername(), CommonConstant.LOG_TYPE_2, CommonConstant.OPERATE_TYPE_3);
+                        return Result.error("删除租户失败,当前操作人不是租户的创建人！");
+                    }
+                }
+                //------------------------------------------------------------------
+                
                 Long userCount = sysTenantService.countUserLinkTenant(id);
                 if (userCount == 0) {
                     idList.add(Integer.parseInt(id));
@@ -357,13 +394,13 @@ public class SysTenantController {
     /**
      * 邀请用户【低代码应用专用接口】
      * @param ids
-     * @param userIds
+     * @param phone
      * @return
      */
     @PutMapping("/invitationUserJoin")
     //@RequiresPermissions("system:tenant:invitation:user")
-    public Result<String> invitationUserJoin(@RequestParam("ids") String ids, @RequestParam("userIds") String userIds){
-        sysTenantService.invitationUserJoin(ids,userIds);
+    public Result<String> invitationUserJoin(@RequestParam("ids") String ids, @RequestParam("phone") String phone){
+        sysTenantService.invitationUserJoin(ids,phone);
         return Result.ok("邀请用户成功");
     }
 
@@ -402,7 +439,8 @@ public class SysTenantController {
                                       @RequestParam("tenantId") String tenantId){
         Result<String> result = new Result<>();
         //是否开启系统管理模块的多租户数据隔离【SAAS多租户模式】
-        if(MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL){
+        LoginUser sysUser = (LoginUser) SecurityUtils.getSubject().getPrincipal();
+        if(MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL && !"admin".equals(sysUser.getUsername())){
             Integer loginSessionTenant = oConvertUtils.getInt(TenantContext.getTenant());
             if(loginSessionTenant!=null && !loginSessionTenant.equals(Integer.valueOf(tenantId))){
                 result.error500("无权限访问他人租户！");
@@ -565,7 +603,7 @@ public class SysTenantController {
             return Result.error("未找到当前租户信息");
         }
         if (!sysUser.getUsername().equals(tenant.getCreateBy())) {
-            return Result.error("没有权限");
+            return Result.error("无权限，只能注销自己创建的租户！");
         }
         SysUser userById = sysUserService.getById(sysUser.getId());
         String loginPassword = request.getParameter("loginPassword");

jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/ISysTenantService.java

@@ -45,11 +45,11 @@ public interface ISysTenantService extends IService<SysTenant> {
     boolean removeTenantById(String id);
 
     /**
-     * 邀请用户加入租户
+     * 邀请用户加入租户,通过手机号
      * @param ids
-     * @param userIds
+     * @param phone
      */
-    void invitationUserJoin(String ids, String userIds);
+    void invitationUserJoin(String ids, String phone);
 
     /**
      * 请离用户（租户）

jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysTenantServiceImpl.java

@@ -26,10 +26,8 @@ import org.jeecg.modules.system.service.ISysTenantService;
 import org.jeecg.modules.system.service.ISysUserService;
 import org.jeecg.modules.system.vo.tenant.*;
 import org.springframework.beans.BeanUtils;
-import org.springframework.beans.factory.NoSuchBeanDefinitionException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.cache.annotation.CacheEvict;
-import org.springframework.context.annotation.Lazy;
 import org.springframework.stereotype.Service;
 
 import java.util.ArrayList;
@@ -91,27 +89,31 @@ public class SysTenantServiceImpl extends ServiceImpl<SysTenantMapper, SysTenant
 
     @Override
     @CacheEvict(value={CacheConstant.SYS_USERS_CACHE}, allEntries=true)
-    public void invitationUserJoin(String ids, String userIds) {
+    public void invitationUserJoin(String ids, String phone) {
         String[] idArray = ids.split(SymbolConstant.COMMA);
-        String[] userIdArray = userIds.split(SymbolConstant.COMMA);
-        //先循环用户id，避免多次查询
-        for (String userId : userIdArray) {
-            //循环租户id
-            for (String id:idArray) {
-                //update-begin---author:wangshuai ---date:20221223  for：[QQYUN-3371]租户逻辑改造，改成关系表------------
-                LambdaQueryWrapper<SysUserTenant> query = new LambdaQueryWrapper<>();
-                query.eq(SysUserTenant::getTenantId,id);
-                query.eq(SysUserTenant::getUserId,userId);
-                long count = userTenantMapper.selectCount(query);
-                if(count == 0){
-                    SysUserTenant relation = new SysUserTenant();
-                    relation.setUserId(userId);
-                    relation.setTenantId(Integer.valueOf(id));
-                    relation.setStatus(CommonConstant.USER_TENANT_NORMAL);
-                    userTenantMapper.insert(relation);
-                }
-                //update-end---author:wangshuai ---date:20221223  for：[QQYUN-3371]租户逻辑改造，改成关系表------------
+        //update-begin---author:wangshuai ---date:20230313  for：【QQYUN-4605】后台的邀请谁加入租户，没办法选不是租户下的用户，通过手机号邀请------------
+        SysUser userByPhone = userService.getUserByPhone(phone);
+        //说明用户不存在
+        if(null == userByPhone){
+            throw new JeecgBootException("当前用户不存在，请核对手机号");
+        }
+        String userId = userByPhone.getId();
+        //循环租户id
+        for (String id:idArray) {
+            //update-begin---author:wangshuai ---date:20221223  for：[QQYUN-3371]租户逻辑改造，改成关系表------------
+            LambdaQueryWrapper<SysUserTenant> query = new LambdaQueryWrapper<>();
+            query.eq(SysUserTenant::getTenantId,id);
+            query.eq(SysUserTenant::getUserId,userId);
+            long count = userTenantMapper.selectCount(query);
+            if(count == 0){
+                SysUserTenant relation = new SysUserTenant();
+                relation.setUserId(userId);
+                relation.setTenantId(Integer.valueOf(id));
+                relation.setStatus(CommonConstant.USER_TENANT_NORMAL);
+                userTenantMapper.insert(relation);
             }
+            //update-end---author:wangshuai ---date:20221223  for：[QQYUN-3371]租户逻辑改造，改成关系表------------
+        //update-end---author:wangshuai ---date:20230313  for：【QQYUN-4605】后台的邀请谁加入租户，没办法选不是租户下的用户，通过手机号邀请------------
         }
     }
 
@@ -477,6 +479,7 @@ public class SysTenantServiceImpl extends ServiceImpl<SysTenantMapper, SysTenant
                 .eq(SysTenantPackUser::getUserId, sysTenantPackUser.getUserId())
                 .eq(SysTenantPackUser::getPackId, sysTenantPackUser.getPackId());
         sysTenantPackUserMapper.delete(query);
+
     }
 
     @Override
@@ -578,8 +581,8 @@ public class SysTenantServiceImpl extends ServiceImpl<SysTenantMapper, SysTenant
             List<String> userIdList = userList.stream().map(i->i.getId()).collect(Collectors.toList());
             // 部门
             List<UserDepart> depList = baseMapper.queryUserDepartList(userIdList);
-            // 职位
-            //List<UserPosition> userPositions = baseMapper.queryUserPositionList(userIdList);
+//            // 职位
+//            List<UserPosition> userPositions = baseMapper.queryUserPositionList(userIdList);
             // 遍历用户 往用户中添加 部门信息和职位信息
             for (TenantPackUser user : userList) {
                 //添加部门