Почетна Преглед Помоћ
Пријавите се
app-service-platform
/
jeecg-boot
2
0
Креирај огранак 0
Датотеке Дискусије 0 Захтеви за спајање 0 Вики
Преглед изворни кода

租户邀请人改成采用手机号,租户敏感接口加权限

zhangdaiscott пре 2 година
родитељ
fffa7f327b
комит
217fe0dce4
3 измењених фајлова са 72 додато и 31 уклоњено
Подељен поглед Покажи статистику Diff
  1. 43 5
      jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysTenantController.java
  2. 3 3
      jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/ISysTenantService.java
  3. 26 23
      jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysTenantServiceImpl.java

+ 43 - 5
jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysTenantController.java
Прегледај датотеку 

@@ -12,6 +12,7 @@ import org.apache.shiro.authz.annotation.RequiresPermissions;
 
 import org.jeecg.common.api.vo.Result;
 
 import org.jeecg.common.aspect.annotation.PermissionData;
 
 import org.jeecg.common.config.TenantContext;
 
+import org.jeecg.common.constant.CommonConstant;
 
 import org.jeecg.common.constant.SymbolConstant;
 
 import org.jeecg.common.system.query.QueryGenerator;
 
 import org.jeecg.common.system.vo.LoginUser;
 
@@ -19,6 +20,7 @@ import org.jeecg.common.util.PasswordUtil;
 
 import org.jeecg.common.util.TokenUtils;
 
 import org.jeecg.common.util.oConvertUtils;
 
 import org.jeecg.config.mybatis.MybatisPlusSaasConfig;
 
+import org.jeecg.modules.base.service.BaseCommonService;
 
 import org.jeecg.modules.system.entity.*;
 
 import org.jeecg.modules.system.service.ISysTenantPackService;
 
 import org.jeecg.modules.system.service.ISysTenantService;
 
@@ -55,6 +57,9 @@ public class SysTenantController {
 
     
     @Autowired
 
     private ISysTenantPackService sysTenantPackService;
 
+    
+    @Autowired
 
+    private BaseCommonService baseCommonService;
 
 
     /**
 
      * 获取列表数据
 
@@ -167,6 +172,22 @@ public class SysTenantController {
 
     //@RequiresPermissions("system:tenant:delete")
 
     @RequestMapping(value = "/delete", method ={RequestMethod.DELETE, RequestMethod.POST})
 
     public Result<?> delete(@RequestParam(name="id",required=true) String id) {
 
+        //------------------------------------------------------------------
 
+        //如果是saas隔离的情况下,判断当前租户id是否是当前租户下的
 
+        if (MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL) {
 
+            //获取当前用户
 
+            LoginUser sysUser = (LoginUser) SecurityUtils.getSubject().getPrincipal();
 
+            SysTenant sysTenant = sysTenantService.getById(id);
 
+
 
+            String username = "admin";
 
+            String createdBy = sysUser.getUsername();
 
+            if (!sysTenant.getCreateBy().equals(createdBy) && !username.equals(createdBy)) {
 
+                baseCommonService.addLog("未经授权,不能删除非自己创建的租户,租户ID:" + id + ",操作人:" + sysUser.getUsername(), CommonConstant.LOG_TYPE_2, CommonConstant.OPERATE_TYPE_3);
 
+                return Result.error("删除租户失败,当前操作人不是租户的创建人!");
 
+            }
 
+        }
 
+        //------------------------------------------------------------------
 
+                
         sysTenantService.removeTenantById(id);
 
         return Result.ok("删除成功");
 
     }
 
@@ -187,6 +208,22 @@ public class SysTenantController {
 
             // 过滤掉已被引用的租户
 
             List<Integer> idList = new ArrayList<>();
 
             for (String id : ls) {
 
+                //------------------------------------------------------------------
 
+                //如果是saas隔离的情况下,判断当前租户id是否是当前租户下的
 
+                if (MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL) {
 
+                    //获取当前用户
 
+                    LoginUser sysUser = (LoginUser) SecurityUtils.getSubject().getPrincipal();
 
+                    SysTenant sysTenant = sysTenantService.getById(id);
 
+
 
+                    String username = "admin";
 
+                    String createdBy = sysUser.getUsername();
 
+                    if (!sysTenant.getCreateBy().equals(createdBy) && !username.equals(createdBy)) {
 
+                        baseCommonService.addLog("未经授权,不能删除非自己创建的租户,租户ID:" + id + ",操作人:" + sysUser.getUsername(), CommonConstant.LOG_TYPE_2, CommonConstant.OPERATE_TYPE_3);
 
+                        return Result.error("删除租户失败,当前操作人不是租户的创建人!");
 
+                    }
 
+                }
 
+                //------------------------------------------------------------------
 
+                
                 Long userCount = sysTenantService.countUserLinkTenant(id);
 
                 if (userCount == 0) {
 
                     idList.add(Integer.parseInt(id));
 
@@ -357,13 +394,13 @@ public class SysTenantController {
 
     /**
 
      * 邀请用户【低代码应用专用接口】
 
      * @param ids
 
-     * @param userIds
 
+     * @param phone
 
      * @return
 
      */
 
     @PutMapping("/invitationUserJoin")
 
     //@RequiresPermissions("system:tenant:invitation:user")
 
-    public Result<String> invitationUserJoin(@RequestParam("ids") String ids, @RequestParam("userIds") String userIds){
 
-        sysTenantService.invitationUserJoin(ids,userIds);
 
+    public Result<String> invitationUserJoin(@RequestParam("ids") String ids, @RequestParam("phone") String phone){
 
+        sysTenantService.invitationUserJoin(ids,phone);
 
         return Result.ok("邀请用户成功");
 
     }
 
 
@@ -402,7 +439,8 @@ public class SysTenantController {
 
                                       @RequestParam("tenantId") String tenantId){
 
         Result<String> result = new Result<>();
 
         //是否开启系统管理模块的多租户数据隔离【SAAS多租户模式】
 
-        if(MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL){
 
+        LoginUser sysUser = (LoginUser) SecurityUtils.getSubject().getPrincipal();
 
+        if(MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL && !"admin".equals(sysUser.getUsername())){
 
             Integer loginSessionTenant = oConvertUtils.getInt(TenantContext.getTenant());
 
             if(loginSessionTenant!=null && !loginSessionTenant.equals(Integer.valueOf(tenantId))){
 
                 result.error500("无权限访问他人租户!");
 
@@ -565,7 +603,7 @@ public class SysTenantController {
 
             return Result.error("未找到当前租户信息");
 
         }
 
         if (!sysUser.getUsername().equals(tenant.getCreateBy())) {
 
-            return Result.error("没有权限");
 
+            return Result.error("无权限,只能注销自己创建的租户!");
 
         }
 
         SysUser userById = sysUserService.getById(sysUser.getId());
 
         String loginPassword = request.getParameter("loginPassword");

+ 3 - 3
jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/ISysTenantService.java
Прегледај датотеку 

@@ -45,11 +45,11 @@ public interface ISysTenantService extends IService<SysTenant> {
 
     boolean removeTenantById(String id);
 
 
     /**
 
-     * 邀请用户加入租户
 
+     * 邀请用户加入租户,通过手机号
 
      * @param ids
 
-     * @param userIds
 
+     * @param phone
 
      */
 
-    void invitationUserJoin(String ids, String userIds);
 
+    void invitationUserJoin(String ids, String phone);
 
 
     /**
 
      * 请离用户(租户)

+ 26 - 23
jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysTenantServiceImpl.java
Прегледај датотеку 

@@ -26,10 +26,8 @@ import org.jeecg.modules.system.service.ISysTenantService;
 
 import org.jeecg.modules.system.service.ISysUserService;
 
 import org.jeecg.modules.system.vo.tenant.*;
 
 import org.springframework.beans.BeanUtils;
 
-import org.springframework.beans.factory.NoSuchBeanDefinitionException;
 
 import org.springframework.beans.factory.annotation.Autowired;
 
 import org.springframework.cache.annotation.CacheEvict;
 
-import org.springframework.context.annotation.Lazy;
 
 import org.springframework.stereotype.Service;
 
 
 import java.util.ArrayList;
 
@@ -91,27 +89,31 @@ public class SysTenantServiceImpl extends ServiceImpl<SysTenantMapper, SysTenant
 
 
     @Override
 
     @CacheEvict(value={CacheConstant.SYS_USERS_CACHE}, allEntries=true)
 
-    public void invitationUserJoin(String ids, String userIds) {
 
+    public void invitationUserJoin(String ids, String phone) {
 
         String[] idArray = ids.split(SymbolConstant.COMMA);
 
-        String[] userIdArray = userIds.split(SymbolConstant.COMMA);
 
-        //先循环用户id,避免多次查询
 
-        for (String userId : userIdArray) {
 
-            //循环租户id
 
-            for (String id:idArray) {
 
-                //update-begin---author:wangshuai ---date:20221223  for:[QQYUN-3371]租户逻辑改造,改成关系表------------
 
-                LambdaQueryWrapper<SysUserTenant> query = new LambdaQueryWrapper<>();
 
-                query.eq(SysUserTenant::getTenantId,id);
 
-                query.eq(SysUserTenant::getUserId,userId);
 
-                long count = userTenantMapper.selectCount(query);
 
-                if(count == 0){
 
-                    SysUserTenant relation = new SysUserTenant();
 
-                    relation.setUserId(userId);
 
-                    relation.setTenantId(Integer.valueOf(id));
 
-                    relation.setStatus(CommonConstant.USER_TENANT_NORMAL);
 
-                    userTenantMapper.insert(relation);
 
-                }
 
-                //update-end---author:wangshuai ---date:20221223  for:[QQYUN-3371]租户逻辑改造,改成关系表------------
 
+        //update-begin---author:wangshuai ---date:20230313  for:【QQYUN-4605】后台的邀请谁加入租户,没办法选不是租户下的用户,通过手机号邀请------------
 
+        SysUser userByPhone = userService.getUserByPhone(phone);
 
+        //说明用户不存在
 
+        if(null == userByPhone){
 
+            throw new JeecgBootException("当前用户不存在,请核对手机号");
 
+        }
 
+        String userId = userByPhone.getId();
 
+        //循环租户id
 
+        for (String id:idArray) {
 
+            //update-begin---author:wangshuai ---date:20221223  for:[QQYUN-3371]租户逻辑改造,改成关系表------------
 
+            LambdaQueryWrapper<SysUserTenant> query = new LambdaQueryWrapper<>();
 
+            query.eq(SysUserTenant::getTenantId,id);
 
+            query.eq(SysUserTenant::getUserId,userId);
 
+            long count = userTenantMapper.selectCount(query);
 
+            if(count == 0){
 
+                SysUserTenant relation = new SysUserTenant();
 
+                relation.setUserId(userId);
 
+                relation.setTenantId(Integer.valueOf(id));
 
+                relation.setStatus(CommonConstant.USER_TENANT_NORMAL);
 
+                userTenantMapper.insert(relation);
 
             }
 
+            //update-end---author:wangshuai ---date:20221223  for:[QQYUN-3371]租户逻辑改造,改成关系表------------
 
+        //update-end---author:wangshuai ---date:20230313  for:【QQYUN-4605】后台的邀请谁加入租户,没办法选不是租户下的用户,通过手机号邀请------------
 
         }
 
     }
 
 
@@ -477,6 +479,7 @@ public class SysTenantServiceImpl extends ServiceImpl<SysTenantMapper, SysTenant
 
                 .eq(SysTenantPackUser::getUserId, sysTenantPackUser.getUserId())
 
                 .eq(SysTenantPackUser::getPackId, sysTenantPackUser.getPackId());
 
         sysTenantPackUserMapper.delete(query);
 
+
 
     }
 
 
     @Override
 
@@ -578,8 +581,8 @@ public class SysTenantServiceImpl extends ServiceImpl<SysTenantMapper, SysTenant
 
             List<String> userIdList = userList.stream().map(i->i.getId()).collect(Collectors.toList());
 
             // 部门
 
             List<UserDepart> depList = baseMapper.queryUserDepartList(userIdList);
 
-            // 职位
 
-            //List<UserPosition> userPositions = baseMapper.queryUserPositionList(userIdList);
 
+//            // 职位
 
+//            List<UserPosition> userPositions = baseMapper.queryUserPositionList(userIdList);
 
             // 遍历用户 往用户中添加 部门信息和职位信息
 
             for (TenantPackUser user : userList) {
 
                 //添加部门