/**
* Copyright (c) 2016-2019 人人开源 All rights reserved.
*
* https://www.renren.io
*
* 版权所有,侵权必究!
*/
package io.renren.modules.sys.service.impl;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import io.renren.common.exception.RRException;
import io.renren.common.utils.Constant;
import io.renren.common.utils.PageUtils;
import io.renren.common.utils.Query;
import io.renren.modules.sys.dao.SysUserDao;
import io.renren.modules.sys.entity.SysDeptEntity;
import io.renren.modules.sys.entity.SysUserEntity;
import io.renren.modules.sys.service.*;
import org.apache.commons.lang.RandomStringUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.shiro.crypto.hash.Sha256Hash;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import java.util.Arrays;
import java.util.Date;
import java.util.List;
import java.util.Map;
/**
* 系统用户
*
* @author Mark 735032128@qq.com
*/
@Service("sysUserService")
public class SysUserServiceImpl extends ServiceImpl implements SysUserService {
@Autowired
private SysUserRoleService sysUserRoleService;
@Autowired
private SysUserPlantService sysUserPlantService;
@Lazy // 延迟注入,破坏循环依赖
@Autowired
private SysRoleService sysRoleService;
@Autowired
private SysDeptService sysDeptService;
@Override
public PageUtils queryPage(Map params) {
String username = (String) params.get("username");
Long createUserId = (Long) params.get("createUserId");
IPage page = this.page(
new Query().getPage(params),
new QueryWrapper()
.like(StringUtils.isNotBlank(username), "username", username)
.eq(createUserId != null, "create_user_id", createUserId)
);
for (SysUserEntity sysUserEntity : page.getRecords()) {
SysDeptEntity sysDeptEntity = sysDeptService.getById(sysUserEntity.getDeptId());
sysUserEntity.setDeptName(sysDeptEntity.getName());
}
return new PageUtils(page);
}
@Override
public List queryAllPerms(Long userId) {
return baseMapper.queryAllPerms(userId);
}
@Override
public List queryAllMenuId(Long userId) {
return baseMapper.queryAllMenuId(userId);
}
@Override
public SysUserEntity queryByUserName(String username) {
return baseMapper.queryByUserName(username);
}
@Override
public SysUserEntity queryByMail(String mail) {
return baseMapper.queryByMail(mail);
}
@Override
public SysUserEntity queryByUserId(Long userId) { return baseMapper.queryByUserId(userId); }
@Override
@Transactional
public void saveUser(SysUserEntity user) {
user.setCreateTime(new Date());
//sha256加密
String salt = RandomStringUtils.randomAlphanumeric(20);
user.setPassword(new Sha256Hash(user.getPassword(), salt).toHex());
user.setSalt(salt);
this.save(user);
//检查角色是否越权
checkRole(user);
//保存用户与角色关系
sysUserRoleService.saveOrUpdate(user.getUserId(), user.getRoleIdList());
//保存用户与装置关系
sysUserPlantService.saveOrUpdate(user.getUserId(), user.getPlantIdList());
}
@Override
@Transactional
public void update(SysUserEntity user) {
if (StringUtils.isBlank(user.getPassword())) {
user.setPassword(null);
} else {
user.setPassword(new Sha256Hash(user.getPassword(), user.getSalt()).toHex());
}
this.updateById(user);
//检查角色是否越权
checkRole(user);
//保存用户与角色关系
sysUserRoleService.saveOrUpdate(user.getUserId(), user.getRoleIdList());
//保存用户与装置关系
sysUserPlantService.saveOrUpdate(user.getUserId(), user.getPlantIdList());
}
@Override
public void deleteBatch(Long[] userId) {
this.removeByIds(Arrays.asList(userId));
}
@Override
public boolean updatePassword(Long userId, String password, String newPassword) {
SysUserEntity userEntity = new SysUserEntity();
userEntity.setPassword(newPassword);
return this.update(userEntity,
new QueryWrapper().eq("user_id", userId).eq("password", password));
}
@Override
public boolean forgetPassword(String username, String newPassword) {
SysUserEntity userEntity = new SysUserEntity();
userEntity.setPassword(newPassword);
return this.update(userEntity,
new QueryWrapper().eq("USERNAME", username));
}
/**
* 检查角色是否越权
*/
private void checkRole(SysUserEntity user) {
if (user.getRoleIdList() == null || user.getRoleIdList().size() == 0) {
return;
}
//如果不是超级管理员,则需要判断用户的角色是否自己创建
if (user.getCreateUserId() == Constant.SUPER_ADMIN) {
return;
}
//查询用户创建的角色列表
List roleIdList = sysRoleService.queryRoleIdList(user.getCreateUserId());
//判断是否越权
if (!roleIdList.containsAll(user.getRoleIdList())) {
throw new RRException("新增用户所选角色,不是本人创建");
}
}
}