|
@@ -6,6 +6,7 @@ import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
|
|
|
import com.qqflow.engine.common.exception.BusinessException;
|
|
import com.qqflow.engine.common.exception.BusinessException;
|
|
|
import com.qqflow.engine.common.util.JwtUtils;
|
|
import com.qqflow.engine.common.util.JwtUtils;
|
|
|
import com.qqflow.engine.common.util.RedisCache;
|
|
import com.qqflow.engine.common.util.RedisCache;
|
|
|
|
|
+import com.qqflow.engine.common.util.SecurityUtils;
|
|
|
import com.qqflow.engine.config.security.LoginUser;
|
|
import com.qqflow.engine.config.security.LoginUser;
|
|
|
import com.qqflow.engine.domain.system.dto.LoginDTO;
|
|
import com.qqflow.engine.domain.system.dto.LoginDTO;
|
|
|
import com.qqflow.engine.domain.system.dto.UserDTO;
|
|
import com.qqflow.engine.domain.system.dto.UserDTO;
|
|
@@ -41,6 +42,9 @@ import java.util.concurrent.TimeUnit;
|
|
|
import java.util.stream.Collectors;
|
|
import java.util.stream.Collectors;
|
|
|
|
|
|
|
|
import static com.qqflow.engine.common.constant.SecurityConstants.EMPLOYEE_TYPE_COMMON_USER;
|
|
import static com.qqflow.engine.common.constant.SecurityConstants.EMPLOYEE_TYPE_COMMON_USER;
|
|
|
|
|
+import static com.qqflow.engine.common.constant.SecurityConstants.EMPLOYEE_TYPE_DEPT_MANAGER;
|
|
|
|
|
+import static com.qqflow.engine.common.constant.SecurityConstants.EMPLOYEE_TYPE_FLOW_MANAGER;
|
|
|
|
|
+import static com.qqflow.engine.common.constant.SecurityConstants.EMPLOYEE_TYPE_SUPER_ADMIN;
|
|
|
import static com.qqflow.engine.common.constant.SecurityConstants.USER_TYPE_SYSTEM;
|
|
import static com.qqflow.engine.common.constant.SecurityConstants.USER_TYPE_SYSTEM;
|
|
|
|
|
|
|
|
@Slf4j
|
|
@Slf4j
|
|
@@ -79,6 +83,7 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser>
|
|
|
@Override
|
|
@Override
|
|
|
@Transactional
|
|
@Transactional
|
|
|
public boolean addUser(SysUser user) {
|
|
public boolean addUser(SysUser user) {
|
|
|
|
|
+ this.checkEmployeeTypePermission(user.getEmployeeType());
|
|
|
if (user.getUsername() == null || user.getUsername().isBlank()) {
|
|
if (user.getUsername() == null || user.getUsername().isBlank()) {
|
|
|
throw new BusinessException("用户名不能为空");
|
|
throw new BusinessException("用户名不能为空");
|
|
|
}
|
|
}
|
|
@@ -116,6 +121,7 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser>
|
|
|
@Override
|
|
@Override
|
|
|
@Transactional
|
|
@Transactional
|
|
|
public boolean updateUser(SysUser user) {
|
|
public boolean updateUser(SysUser user) {
|
|
|
|
|
+ this.checkEmployeeTypePermission(user.getEmployeeType());
|
|
|
if (user.getId() == null) {
|
|
if (user.getId() == null) {
|
|
|
throw new BusinessException("用户ID不能为空");
|
|
throw new BusinessException("用户ID不能为空");
|
|
|
}
|
|
}
|
|
@@ -147,8 +153,37 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser>
|
|
|
return updated;
|
|
return updated;
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
+ private void checkEmployeeTypePermission(String targetType) {
|
|
|
|
|
+ if (targetType == null) return;
|
|
|
|
|
+ LoginUser loginUser = SecurityUtils.getLoginUser();
|
|
|
|
|
+ if (loginUser == null) return;
|
|
|
|
|
+ String currentType = loginUser.getEmployeeType();
|
|
|
|
|
+ if (currentType == null) currentType = EMPLOYEE_TYPE_COMMON_USER;
|
|
|
|
|
+ // 管理员可操作所有类型
|
|
|
|
|
+ if (EMPLOYEE_TYPE_SUPER_ADMIN.equals(currentType)) return;
|
|
|
|
|
+ // 部门运维可操作 部门运维、流程运维、普通用户
|
|
|
|
|
+ if (EMPLOYEE_TYPE_DEPT_MANAGER.equals(currentType)) {
|
|
|
|
|
+ if (EMPLOYEE_TYPE_SUPER_ADMIN.equals(targetType)) {
|
|
|
|
|
+ throw new BusinessException("无权操作管理员类型的用户");
|
|
|
|
|
+ }
|
|
|
|
|
+ return;
|
|
|
|
|
+ }
|
|
|
|
|
+ // 流程运维只可操作 流程运维、普通用户
|
|
|
|
|
+ if (EMPLOYEE_TYPE_FLOW_MANAGER.equals(currentType)) {
|
|
|
|
|
+ if (EMPLOYEE_TYPE_SUPER_ADMIN.equals(targetType)
|
|
|
|
|
+ || EMPLOYEE_TYPE_DEPT_MANAGER.equals(targetType)) {
|
|
|
|
|
+ throw new BusinessException("无权操作该类型的用户");
|
|
|
|
|
+ }
|
|
|
|
|
+ return;
|
|
|
|
|
+ }
|
|
|
|
|
+ // 普通用户无权操作任何用户
|
|
|
|
|
+ throw new BusinessException("无权操作该类型的用户");
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
@Override
|
|
@Override
|
|
|
public boolean removeUser(Long id) {
|
|
public boolean removeUser(Long id) {
|
|
|
|
|
+ SysUser target = this.getById(id);
|
|
|
|
|
+ if (target != null) this.checkEmployeeTypePermission(target.getEmployeeType());
|
|
|
sysUserRoleMapper.delete(
|
|
sysUserRoleMapper.delete(
|
|
|
new com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper<SysUserRole>()
|
|
new com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper<SysUserRole>()
|
|
|
.eq(SysUserRole::getUserId, id)
|
|
.eq(SysUserRole::getUserId, id)
|
|
@@ -202,6 +237,21 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser>
|
|
|
List<Long> deptIds = this.sysDeptService.collectChildDeptIds(deptId);
|
|
List<Long> deptIds = this.sysDeptService.collectChildDeptIds(deptId);
|
|
|
wrapper.in(SysUser::getDeptId, deptIds);
|
|
wrapper.in(SysUser::getDeptId, deptIds);
|
|
|
}
|
|
}
|
|
|
|
|
+ wrapper.orderByDesc(SysUser::getCreateTime);
|
|
|
|
|
+
|
|
|
|
|
+ // 非管理员只展示权限范围内的用户
|
|
|
|
|
+ LoginUser loginUser = SecurityUtils.getLoginUser();
|
|
|
|
|
+ if (loginUser != null && !EMPLOYEE_TYPE_SUPER_ADMIN.equals(loginUser.getEmployeeType())) {
|
|
|
|
|
+ String currentType = loginUser.getEmployeeType() != null ? loginUser.getEmployeeType() : EMPLOYEE_TYPE_COMMON_USER;
|
|
|
|
|
+ if (EMPLOYEE_TYPE_DEPT_MANAGER.equals(currentType)) {
|
|
|
|
|
+ wrapper.in(SysUser::getEmployeeType, EMPLOYEE_TYPE_DEPT_MANAGER, EMPLOYEE_TYPE_FLOW_MANAGER, EMPLOYEE_TYPE_COMMON_USER);
|
|
|
|
|
+ } else if (EMPLOYEE_TYPE_FLOW_MANAGER.equals(currentType)) {
|
|
|
|
|
+ wrapper.in(SysUser::getEmployeeType, EMPLOYEE_TYPE_FLOW_MANAGER, EMPLOYEE_TYPE_COMMON_USER);
|
|
|
|
|
+ } else {
|
|
|
|
|
+ wrapper.eq(SysUser::getEmployeeType, EMPLOYEE_TYPE_COMMON_USER);
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
Page<SysUser> userPage = this.page(new Page<>(page.getCurrent(), page.getSize()), wrapper);
|
|
Page<SysUser> userPage = this.page(new Page<>(page.getCurrent(), page.getSize()), wrapper);
|
|
|
List<SysUser> users = userPage.getRecords();
|
|
List<SysUser> users = userPage.getRecords();
|
|
|
if (users.isEmpty()) {
|
|
if (users.isEmpty()) {
|