diff --git "a/doc/\347\224\250\346\210\267\347\256\241\347\220\206API.md" "b/doc/\347\224\250\346\210\267\347\256\241\347\220\206API.md" index bb6dc7cbd13aaaf774cc9f9aeb68069d7717a1ea..407f39429682dbbdb788808f4d02cf1b04dd8686 100644 --- "a/doc/\347\224\250\346\210\267\347\256\241\347\220\206API.md" +++ "b/doc/\347\224\250\346\210\267\347\256\241\347\220\206API.md" @@ -48,14 +48,14 @@ ``` ### 删除用户 -**请求方法及url**: `DELETE /user/{userName}` +**请求方法及url**: `DELETE /user/{id}` **权限**:需要管理员权限 **参数**: -- `userName` (String): 要删除的用户名。 +- `id` (Integer): 要删除的用户id。 -**响应**:对管理员的删除请求还是提供了相应的错误信息 +**响应**: ```json { "code": 0, @@ -64,7 +64,7 @@ "description": "" } ``` -**失败响应**: +**失败响应**:对管理员的删除请求还是提供了相应的错误信息 ```json { "code": 40000, @@ -77,14 +77,15 @@ ### 修改用户 **请求方法及url**: `POST /user/update` -**权限**:需要管理员权限 +**权限**:需要管理员权限,普通用户可以修改自己的用户名和密码 **请求体**: ```json { - "userName": "张三", - "password": "123456", - "role": 0 // 0代表普通用户,1代表管理员用户,可缺省,默认为普通用户 + "id": "1", // 必填 + "userName": "李四", // 可缺省 + "password": "123456", // 可缺省 + "role": 0 // 0代表普通用户,1代表管理员用户,可缺省 } ``` **响应**: @@ -105,11 +106,19 @@ "description": "用户不存在" } ``` +```json +{ + "code": 40000, + "data": null, + "message": "请求参数错误", + "description": "用户名已存在" +} +``` ### 获取所有用户 **请求方法及url**: `GET /user/list` -**权限**:无限制 +**权限**:需要登录 **响应**: ```json @@ -117,9 +126,16 @@ "code": 0, "data": [ { + "id": 1, "userName": "admin", "password": null, "role": 1 + }, + { + "id": 2, + "userName": "jack", + "password": null, + "role": 0 } ], "message": "ok", @@ -127,6 +143,35 @@ } ``` +### 获取当前用户 +**请求方法及url**: `GET /user/current` + +**权限**:无限制 + +**响应**: +```json +{ + "code": 0, + "data": { + "id": 2, + "userName": "jack", + "password": null, + "role": 0 + }, + "message": "ok", + "description": "" +} +``` +**失败响应**: +```json +{ + "code": 40100, + "data": null, + "message": "未登录", + "description": "" +} +``` + ### 用户登录 **请求方法及url**: `POST /user/login` diff --git a/src/main/java/com/team/databoard/controller/UserController.java b/src/main/java/com/team/databoard/controller/UserController.java index 67317b70a3f88caf553bc28972138cafd120f210..5bd8296683175015dc8d8aeadd07839417a172f3 100644 --- a/src/main/java/com/team/databoard/controller/UserController.java +++ b/src/main/java/com/team/databoard/controller/UserController.java @@ -49,14 +49,26 @@ public class UserController { } @GetMapping("/list") - public BaseResponse> listUsers() { + public BaseResponse> listUsers(HttpServletRequest request) { + if (request.getSession().getAttribute(USER_LOGIN_STATE) == null) { + return ResultUtils.error(ErrorCode.NOT_LOGIN); + } return ResultUtils.success(userService.list().stream().peek(user -> user.setPassword(null)).toList()); } + @GetMapping("/current") + public BaseResponse currentUser(HttpServletRequest request) { + User user = (User) request.getSession().getAttribute(USER_LOGIN_STATE); + if (user == null) { + return ResultUtils.error(ErrorCode.NOT_LOGIN); + } + return ResultUtils.success(user); + } + @PostMapping("/add") public BaseResponse addUser(@RequestBody UserRequest userRequest, HttpServletRequest request) { // 权限校验 - if (isAdmin(request)) { + if (!isAdmin(request)) { return ResultUtils.error(ErrorCode.NO_AUTH); } // 参数校验 @@ -65,12 +77,17 @@ public class UserController { } String userName = userRequest.getUserName(); String password = userRequest.getPassword(); - int role = DEFAULT_ROLE; + if (StringUtils.isAllBlank(userName, password)) { + return ResultUtils.error(ErrorCode.PARAMS_ERROR, "用户名和密码不能为空"); + } + int role; if (userRequest.getRole() != null) { role = userRequest.getRole(); - } - if (StringUtils.isAllBlank(userName, password)) { - return ResultUtils.error(ErrorCode.PARAMS_ERROR); + if (role != 0 && role != 1) { + return ResultUtils.error(ErrorCode.PARAMS_ERROR, "角色只能为0或1"); + } + } else { + role = DEFAULT_ROLE; } if (userService.insertUser(userName, password, role)) { return ResultUtils.success(true); @@ -78,17 +95,13 @@ public class UserController { return ResultUtils.error(ErrorCode.PARAMS_ERROR, "用户名已存在"); } - @DeleteMapping("/{userName}") - public BaseResponse deleteUser(@PathVariable(value = "userName") String userName, HttpServletRequest request) { + @DeleteMapping("/{id}") + public BaseResponse deleteUser(@PathVariable(value = "id") int id, HttpServletRequest request) { // 权限校验 - if (isAdmin(request)) { + if (!isAdmin(request)) { return ResultUtils.error(ErrorCode.NO_AUTH); } - // 参数校验 - if (StringUtils.isBlank(userName)) { - return ResultUtils.error(ErrorCode.PARAMS_ERROR); - } - if (userService.deleteUser(userName)) { + if (userService.deleteUser(id)) { return ResultUtils.success(true); } return ResultUtils.error(ErrorCode.PARAMS_ERROR); @@ -96,24 +109,53 @@ public class UserController { @PostMapping("/update") public BaseResponse updateUser(@RequestBody UserRequest userRequest, HttpServletRequest request) { - // 权限校验 - if (isAdmin(request)) { - return ResultUtils.error(ErrorCode.NO_AUTH); - } // 参数校验 if (userRequest == null) { return ResultUtils.error(ErrorCode.PARAMS_ERROR); } - String userName = userRequest.getUserName(); - String password = userRequest.getPassword(); - int role = DEFAULT_ROLE; + if (userRequest.getId() == null) { + return ResultUtils.error(ErrorCode.PARAMS_ERROR, "用户id不能为空"); + } + int id = userRequest.getId(); + User user = userService.getById(id); + // 权限校验 + if (!isAdmin(request)) { + User currentUser = (User) request.getSession().getAttribute(USER_LOGIN_STATE); + // 判断是否为当前用户,当前用户只能更新自己的用户名和密码,不能更新角色 + if (currentUser == null || !currentUser.getId().equals(id) || userRequest.getRole() == ADMIN_ROLE) { + return ResultUtils.error(ErrorCode.NO_AUTH); + } + } + String userName; + if (userRequest.getUserName() != null) { + userName = userRequest.getUserName(); + if (StringUtils.isBlank(userName)) { + return ResultUtils.error(ErrorCode.PARAMS_ERROR, "用户名不能为空"); + } + } else { + userName = user.getUserName(); + } + String password; + // 判断是否更新密码 + if (userRequest.getPassword() != null) { + if (StringUtils.isBlank(userRequest.getPassword())) { + return ResultUtils.error(ErrorCode.PARAMS_ERROR, "密码不能为空"); + } + password = userService.encryptPassword(userRequest.getPassword()); + } else { + password = user.getPassword(); + } + int role; + // 判断是否更新角色 if (userRequest.getRole() != null) { + if (userRequest.getRole() != 0 && userRequest.getRole() != 1) { + return ResultUtils.error(ErrorCode.PARAMS_ERROR, "角色只能为0或1"); + } role = userRequest.getRole(); + } else { + role = user.getRole(); } - if (StringUtils.isAllBlank(userName, password)) { - return ResultUtils.error(ErrorCode.PARAMS_ERROR); - } - if (userService.updateUser(userName, password, role)) { + if (userService.updateUser(id, userName, password, role)) { return ResultUtils.success(true); } return ResultUtils.error(ErrorCode.PARAMS_ERROR); @@ -121,12 +163,12 @@ public class UserController { /** * 检验用户是否为管理员 + * * @param request http请求 * @return 是否为管理员 */ private boolean isAdmin(HttpServletRequest request) { User user = (User) request.getSession().getAttribute(USER_LOGIN_STATE); - return user == null || user.getRole() != ADMIN_ROLE; + return user != null && user.getRole() == ADMIN_ROLE; } - } diff --git a/src/main/java/com/team/databoard/model/User.java b/src/main/java/com/team/databoard/model/User.java index 34c59f92d814e9524956c09845e8542c32ac7a8c..744f14d56a8bce533ef7059bde4591093e1db5c5 100644 --- a/src/main/java/com/team/databoard/model/User.java +++ b/src/main/java/com/team/databoard/model/User.java @@ -1,10 +1,9 @@ package com.team.databoard.model; +import com.baomidou.mybatisplus.annotation.IdType; import com.baomidou.mybatisplus.annotation.TableField; import com.baomidou.mybatisplus.annotation.TableId; import com.baomidou.mybatisplus.annotation.TableName; - -import java.io.Serial; import java.io.Serializable; import lombok.Data; @@ -15,10 +14,15 @@ import lombok.Data; @TableName(value ="user") @Data public class User implements Serializable { + /** + * id + */ + @TableId(type = IdType.AUTO) + private Integer id; + /** * 用户名 */ - @TableId private String userName; /** @@ -31,7 +35,6 @@ public class User implements Serializable { */ private Integer role; - @Serial @TableField(exist = false) - private static final long serialVersionUID = 3L; + private static final long serialVersionUID = 1L; } \ No newline at end of file diff --git a/src/main/java/com/team/databoard/model/request/UserRequest.java b/src/main/java/com/team/databoard/model/request/UserRequest.java index 85c2495f344745da0961cc5d4b039f3bcd54d98c..90a003fc610428786f7d612aeaee1f6d49a277f6 100644 --- a/src/main/java/com/team/databoard/model/request/UserRequest.java +++ b/src/main/java/com/team/databoard/model/request/UserRequest.java @@ -1,16 +1,18 @@ package com.team.databoard.model.request; - -import com.fasterxml.jackson.annotation.JsonProperty; import lombok.Data; import java.io.Serial; import java.io.Serializable; -import static com.team.databoard.constant.UserConstant.DEFAULT_ROLE; @Data public class UserRequest implements Serializable { + /** + * id + */ + private Integer id; + /** * 用户名 */ diff --git a/src/main/java/com/team/databoard/service/UserService.java b/src/main/java/com/team/databoard/service/UserService.java index 0d892eb6a3347c7e3cf928ffe6223ccef890f442..0ebdbb5ef5ca6c5c229ac0b5598ae8295fa9cbff 100644 --- a/src/main/java/com/team/databoard/service/UserService.java +++ b/src/main/java/com/team/databoard/service/UserService.java @@ -29,17 +29,24 @@ public interface UserService extends IService { /** * 删除用户 - * @param userName 用户名 + * @param id 用户id * return 删除是否成功 */ - boolean deleteUser(String userName); + boolean deleteUser(int id); /** * 更新用户 - * @param userName 用户名 + * @param id 用户id * @param password 密码 * @param role 角色 * @return 更新是否成功 */ - boolean updateUser(String userName, String password, int role); + boolean updateUser(int id, String userName, String password, int role); + + /** + * 加密密码 + * @param password 密码 + * @return 加密后的密码 + */ + String encryptPassword(String password); } diff --git a/src/main/java/com/team/databoard/service/impl/UserServiceImpl.java b/src/main/java/com/team/databoard/service/impl/UserServiceImpl.java index bd9cd947ce822299db08b0a59fb5d5cf3521653f..783a73516e73d97660f26faa4660ee43b75e759e 100644 --- a/src/main/java/com/team/databoard/service/impl/UserServiceImpl.java +++ b/src/main/java/com/team/databoard/service/impl/UserServiceImpl.java @@ -13,6 +13,7 @@ import jakarta.servlet.http.HttpServletRequest; import org.springframework.stereotype.Service; import org.springframework.util.DigestUtils; +import static com.team.databoard.constant.UserConstant.ADMIN_ROLE; import static com.team.databoard.constant.UserConstant.USER_LOGIN_STATE; /** @@ -45,13 +46,16 @@ public class UserServiceImpl extends ServiceImpl if (!userExist(userName)) { return false; } + QueryWrapper queryWrapper = new QueryWrapper(); + queryWrapper.eq("user_name", userName); // 查询用户 - User user = userMapper.selectById(userName); + User user = userMapper.selectOne(queryWrapper); // 密码加密 - String encryptPassword = DigestUtils.md5DigestAsHex((password + SALT).getBytes()); + String encryptPassword = encryptPassword(password); if (!encryptPassword.equals(user.getPassword())) { return false; } + user.setPassword(null); // 登录成功,将用户信息存入session request.getSession().setAttribute(USER_LOGIN_STATE, user); return true; @@ -70,7 +74,7 @@ public class UserServiceImpl extends ServiceImpl return false; } // 密码加密 - String encryptPassword = DigestUtils.md5DigestAsHex((password + SALT).getBytes()); + String encryptPassword = encryptPassword(password); User user = new User(); user.setUserName(userName); user.setPassword(encryptPassword); @@ -80,40 +84,54 @@ public class UserServiceImpl extends ServiceImpl /** * 删除用户 - * @param userName 用户名 + * @param id 用户id * return 删除是否成功 */ @Override - public boolean deleteUser(String userName) { + public boolean deleteUser(int id) { // 判断用户名是否存在 - if (!userExist(userName)) { + if (this.getById(id) == null) { throw new BusinessException(ErrorCode.PARAMS_ERROR, "用户不存在"); } - return this.removeById(userName); + return this.removeById(id); } /** * 更新用户 + * @param id 用户id * @param userName 用户名 * @param password 密码 * @param role 角色 * @return 更新是否成功 */ @Override - public boolean updateUser(String userName, String password, int role) { - // 判断用户名是否存在 - if (!userExist(userName)) { + public boolean updateUser(int id, String userName, String password, int role) { + // 判断用户是否存在 + if (this.getById(id) == null) { throw new BusinessException(ErrorCode.PARAMS_ERROR, "用户不存在"); } - // 密码加密 - String encryptPassword = DigestUtils.md5DigestAsHex((password + SALT).getBytes()); + // 判断用户名是否已经存在 + if (!this.getById(id).getUserName().equals(userName) && userExist(userName)) { + throw new BusinessException(ErrorCode.PARAMS_ERROR, "用户名已存在"); + } User user = new User(); + user.setId(id); user.setUserName(userName); - user.setPassword(encryptPassword); + user.setPassword(password); user.setRole(role); return this.updateById(user); } + /** + * 加密密码 + * @param password 密码 + * @return 加密后的密码 + */ + @Override + public String encryptPassword(String password) { + return DigestUtils.md5DigestAsHex((password + SALT).getBytes()); + } + /** * 判断用户是否存在 * @param userName 用户名 @@ -131,8 +149,10 @@ public class UserServiceImpl extends ServiceImpl */ @PostConstruct public void init() { - // 初始化管理员 - if (!userExist("admin")) { + QueryWrapper queryWrapper = new QueryWrapper(); + queryWrapper.eq("role", ADMIN_ROLE); + // 初始化管理员,保证至少有一个管理员 + if (userMapper.selectCount(queryWrapper) == 0) { insertUser("admin", "123456", 1); } } diff --git a/src/main/resources/mapper/UserMapper.xml b/src/main/resources/mapper/UserMapper.xml index e5b6ed857c16833d7d563e8d1fd95630b6e9b746..6cc4f46a695db5f29107bd1f5731430e1738ffe0 100644 --- a/src/main/resources/mapper/UserMapper.xml +++ b/src/main/resources/mapper/UserMapper.xml @@ -5,12 +5,14 @@ - + + - user_name,password,role + id,user_name,password, + role