diff --git a/iam-base-starter/src/main/java/com/diboot/iam/dto/IamUserAccountDTO.java b/iam-base-starter/src/main/java/com/diboot/iam/dto/IamUserAccountDTO.java new file mode 100644 index 0000000..faed3a0 --- /dev/null +++ b/iam-base-starter/src/main/java/com/diboot/iam/dto/IamUserAccountDTO.java @@ -0,0 +1,27 @@ +package com.diboot.iam.dto; + +import com.diboot.iam.entity.IamUser; +import lombok.Data; +import lombok.Getter; +import lombok.Setter; +import lombok.experimental.Accessors; + +import java.util.List; + +/** + * 用户表单信息接收类 + * @author mazc@dibo.ltd + * @version v2.0 + * @date 2019/12/18 + */ +@Getter +@Setter +@Accessors(chain = true) +public class IamUserAccountDTO extends IamUser { + + private String username; + + private String password; + + private List roleIdList; +} diff --git a/iam-base-starter/src/main/java/com/diboot/iam/service/IamUserRoleService.java b/iam-base-starter/src/main/java/com/diboot/iam/service/IamUserRoleService.java index 09db428..c4fe8c1 100644 --- a/iam-base-starter/src/main/java/com/diboot/iam/service/IamUserRoleService.java +++ b/iam-base-starter/src/main/java/com/diboot/iam/service/IamUserRoleService.java @@ -30,4 +30,13 @@ public interface IamUserRoleService extends BaseIamService { */ boolean createUserRoleRelations(String userType, Long userId, List roleIds); + /*** + * 批量更新用户-角色的关系 + * @param userType + * @param userId + * @param roleIds + * @return + */ + boolean updateUserRoleRelations(String userType, Long userId, List roleIds); + } \ No newline at end of file diff --git a/iam-base-starter/src/main/java/com/diboot/iam/service/IamUserService.java b/iam-base-starter/src/main/java/com/diboot/iam/service/IamUserService.java index fc0e040..0840641 100644 --- a/iam-base-starter/src/main/java/com/diboot/iam/service/IamUserService.java +++ b/iam-base-starter/src/main/java/com/diboot/iam/service/IamUserService.java @@ -1,5 +1,6 @@ package com.diboot.iam.service; +import com.diboot.iam.dto.IamUserAccountDTO; import com.diboot.iam.entity.IamUser; import com.diboot.iam.vo.IamRoleVO; @@ -33,4 +34,26 @@ public interface IamUserService extends BaseIamService { */ void attachExtraPermissions(List roleVOList); + /*** + * 添加用户和账号 + * @param userAccountDTO + * @return + */ + boolean createUserAndAccount(IamUserAccountDTO userAccountDTO); + + /*** + * 更新用户和账号 + * @param userAccountDTO + * @return + */ + boolean updateUserAndAccount(IamUserAccountDTO userAccountDTO) throws Exception; + + /*** + * 删除用户和账号 + * @param id + * @return + * @throws Exception + */ + boolean deleteUserAndAccount(Long id) throws Exception; + } \ No newline at end of file diff --git a/iam-base-starter/src/main/java/com/diboot/iam/service/impl/IamUserRoleServiceImpl.java b/iam-base-starter/src/main/java/com/diboot/iam/service/impl/IamUserRoleServiceImpl.java index 51d95b2..3dab71d 100644 --- a/iam-base-starter/src/main/java/com/diboot/iam/service/impl/IamUserRoleServiceImpl.java +++ b/iam-base-starter/src/main/java/com/diboot/iam/service/impl/IamUserRoleServiceImpl.java @@ -1,12 +1,14 @@ package com.diboot.iam.service.impl; import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; +import com.baomidou.mybatisplus.core.toolkit.Wrappers; import com.diboot.core.util.BeanUtils; import com.diboot.core.util.ContextHelper; import com.diboot.core.util.V; import com.diboot.iam.auth.IamExtensible; import com.diboot.iam.config.Cons; import com.diboot.iam.entity.IamRole; +import com.diboot.iam.entity.IamUser; import com.diboot.iam.entity.IamUserRole; import com.diboot.iam.exception.PermissionException; import com.diboot.iam.mapper.IamUserRoleMapper; @@ -21,6 +23,7 @@ import org.springframework.transaction.annotation.Transactional; import java.util.ArrayList; import java.util.Collection; import java.util.List; +import java.util.stream.Collectors; /** * 用户角色关联相关Service实现 @@ -94,6 +97,7 @@ public class IamUserRoleServiceImpl extends BaseIamServiceImpl roleIds) { if(V.isEmpty(roleIds)){ return true; @@ -110,6 +114,44 @@ public class IamUserRoleServiceImpl extends BaseIamServiceImpl roleIds) { + if (V.isEmpty(roleIds)){ + return true; + } + // 需要先获取旧的角色列表,来进行超级管理员权限判定 + List oldUserRoleList = this.getEntityList( + Wrappers.lambdaQuery() + .eq(IamUserRole::getUserType, userType) + .eq(IamUserRole::getUserId, userId) + ); + List oldRoleIds = new ArrayList(); + if (V.notEmpty(oldUserRoleList)){ + oldRoleIds = oldUserRoleList.stream() + .map(IamUserRole::getRoleId) + .collect(Collectors.toList()); + } + + Long superAdminRoleId = getSuperAdminRoleId(); + // 给用户赋予了超级管理员,需确保当前用户为超级管理员权限 + if(superAdminRoleId != null && (roleIds.contains(superAdminRoleId) || oldRoleIds.contains(superAdminRoleId))){ + checkSuperAdminIdentity(); + } + + // 删除旧的用户-角色关联关系 + this.deleteEntities( + Wrappers.lambdaQuery() + .eq(IamUserRole::getUserId, userId) + .eq(IamUserRole::getUserType, userType) + ); + List entityList = new ArrayList<>(); + for(Long roleId : roleIds){ + entityList.add(new IamUserRole(userType, userId, roleId)); + } + return super.createEntities(entityList); + } + /** * 获取超级管理员角色ID * @return diff --git a/iam-base-starter/src/main/java/com/diboot/iam/service/impl/IamUserServiceImpl.java b/iam-base-starter/src/main/java/com/diboot/iam/service/impl/IamUserServiceImpl.java index 28ba47b..5ba6f60 100644 --- a/iam-base-starter/src/main/java/com/diboot/iam/service/impl/IamUserServiceImpl.java +++ b/iam-base-starter/src/main/java/com/diboot/iam/service/impl/IamUserServiceImpl.java @@ -1,21 +1,26 @@ package com.diboot.iam.service.impl; +import com.baomidou.mybatisplus.core.toolkit.Wrappers; import com.diboot.core.binding.RelationsBinder; +import com.diboot.core.exception.BusinessException; import com.diboot.core.util.BeanUtils; import com.diboot.core.util.S; import com.diboot.core.util.V; +import com.diboot.core.vo.Status; import com.diboot.iam.config.Cons; -import com.diboot.iam.entity.IamPermission; -import com.diboot.iam.entity.IamRole; -import com.diboot.iam.entity.IamUser; +import com.diboot.iam.dto.IamUserAccountDTO; +import com.diboot.iam.entity.*; import com.diboot.iam.mapper.IamUserMapper; +import com.diboot.iam.service.IamAccountService; import com.diboot.iam.service.IamPermissionService; import com.diboot.iam.service.IamUserRoleService; import com.diboot.iam.service.IamUserService; +import com.diboot.iam.util.IamSecurityUtils; import com.diboot.iam.vo.IamRoleVO; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; import java.util.ArrayList; import java.util.List; @@ -36,6 +41,9 @@ public class IamUserServiceImpl extends BaseIamServiceImpl roleVOList = getAllRoleVOList(iamUser); @@ -84,4 +92,89 @@ public class IamUserServiceImpl extends BaseIamServiceImpllambdaQuery() + .eq(IamAccount::getUserType, IamUser.class.getSimpleName()) + .eq(IamAccount::getUserId, userAccountDTO.getId()) + ); + iamAccount.setAuthAccount(userAccountDTO.getUsername()) + .setStatus(userAccountDTO.getStatus()); + // 设置密码 + if (V.notEmpty(userAccountDTO.getPassword())){ + iamAccount.setAuthSecret(userAccountDTO.getPassword()); + IamSecurityUtils.encryptPwd(iamAccount); + } + boolean accountSuccess = iamAccountService.updateEntity(iamAccount); + + // 批量更新角色关联关系 + boolean relationsSuccess = iamUserRoleService.updateUserRoleRelations(iamAccount.getUserType(), iamAccount.getUserId(), userAccountDTO.getRoleIdList()); + + if (!userSuccess || !accountSuccess || !relationsSuccess){ + throw new BusinessException(Status.FAIL_OPERATION, "更新用户失败"); + } + return true; + } + + @Override + @Transactional(rollbackFor = Exception.class) + public boolean deleteUserAndAccount(Long id) throws Exception { + IamUser iamUser = this.getEntity(id); + if (iamUser == null){ + throw new BusinessException(Status.FAIL_OPERATION, "删除的记录不存在"); + } + // 删除用户信息 + boolean userSuccess = this.deleteEntity(id); + // 删除账号信息 + boolean accountSuccess = iamAccountService.deleteEntities( + Wrappers.lambdaQuery() + .eq(IamAccount::getUserType, IamUser.class.getSimpleName()) + .eq(IamAccount::getUserId, id) + ); + // 删除用户角色关联关系列表 + boolean relationsSuccess = iamUserRoleService.deleteEntities( + Wrappers.lambdaQuery() + .eq(IamUserRole::getUserType, IamUser.class.getSimpleName()) + .eq(IamUserRole::getUserId, id) + ); + + if (!userSuccess || !accountSuccess || !relationsSuccess){ + throw new BusinessException(Status.FAIL_OPERATION, "删除用户失败"); + } + return true; + } + } diff --git a/iam-base-starter/src/main/java/com/diboot/iam/vo/IamUserVO.java b/iam-base-starter/src/main/java/com/diboot/iam/vo/IamUserVO.java index 9bd7c3c..f42a9da 100644 --- a/iam-base-starter/src/main/java/com/diboot/iam/vo/IamUserVO.java +++ b/iam-base-starter/src/main/java/com/diboot/iam/vo/IamUserVO.java @@ -1,9 +1,14 @@ package com.diboot.iam.vo; import com.diboot.core.binding.annotation.BindDict; +import com.diboot.core.binding.annotation.BindEntityList; +import com.diboot.iam.entity.IamPermission; +import com.diboot.iam.entity.IamRole; import com.diboot.iam.entity.IamUser; import lombok.Data; +import java.util.List; + /** * 系统用户 VO定义 * @author mazc@dibo.ltd @@ -14,9 +19,15 @@ import lombok.Data; public class IamUserVO extends IamUser { private static final long serialVersionUID = 7571698765478647277L; + private String username; + @BindDict(type="GENDER", field = "gender") private String genderLabel; @BindDict(type="USER_STATUS", field = "status") private String statusLabel; + + // 字段关联:this.id=iam_user_role.user_id AND iam_user_role.role_id=id + @BindEntityList(entity = IamRole.class, condition = "this.id=iam_user_role.user_id AND iam_user_role.role_id=id AND iam_user_role.is_deleted=0") + private List roleList; } \ No newline at end of file