package cn.wisenergy.chnmuseum.party.web.controller;
import cn.wisenergy.chnmuseum.party.auth.SHA256PasswordEncryptionService;
import cn.wisenergy.chnmuseum.party.auth.SecureRandomSaltService;
import cn.wisenergy.chnmuseum.party.common.enums.AuditStatusEnum;
import cn.wisenergy.chnmuseum.party.common.log.MethodLog;
import cn.wisenergy.chnmuseum.party.common.log.OperModule;
import cn.wisenergy.chnmuseum.party.common.log.OperType;
import cn.wisenergy.chnmuseum.party.common.util.DateUtil80;
import cn.wisenergy.chnmuseum.party.common.vo.GenericPageParam;
import cn.wisenergy.chnmuseum.party.core.annotations.OperationLog;
import cn.wisenergy.chnmuseum.party.model.Role;
import cn.wisenergy.chnmuseum.party.model.TOrgan;
import cn.wisenergy.chnmuseum.party.model.TUserRole;
import cn.wisenergy.chnmuseum.party.service.RoleService;
import cn.wisenergy.chnmuseum.party.service.TUserRoleService;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.core.conditions.update.UpdateWrapper;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import cn.wisenergy.chnmuseum.party.web.controller.base.BaseController;
import cn.wisenergy.chnmuseum.party.model.TUser;
import cn.wisenergy.chnmuseum.party.service.TUserService;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiImplicitParam;
import io.swagger.annotations.ApiImplicitParams;
import io.swagger.annotations.ApiOperation;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.*;
import javax.annotation.Resource;
import javax.validation.constraints.NotNull;
import java.util.*;
/**
* <pre>
* 用户 前端控制器
* </pre>
*
* @author Danny Lee
* @since 2021-03-22
*/
@Slf4j
@RestController
@RequestMapping("/tUser")
@Api(tags = {"用户操作接口"})
public class TUserController extends BaseController {
@Resource
private TUserService userService;
@Resource
private TUserRoleService tUserRoleService;
@Resource
private RoleService roleService;
@Resource
private StringRedisTemplate stringRedisTemplate;
private static final String SHIRO_JWT_TOKEN = "shiro:jwt:token";
//用户登录是否被锁定 一小时 redisKey 前缀
private String SHIRO_IS_LOCK = "shiro_is_lock_";
/**
* 查询成员列表
*
* @param userName (用户名称)
* @return
*/
@ApiOperation(value = "查询成员列表")
@RequestMapping(value = "/getUserList", method = RequestMethod.GET)
@RequiresPermissions("/user/getUserList")
@MethodLog(operModule = OperModule.USER, operType = OperType.SELECT)
public ResponseEntity<Page<TUser>> queryUserList(String userName) {
try {
userName = StringUtils.trimToNull(userName);
Page<TUser> page = getPage();
Page<TUser> userPage = userService.selectList(page, userName);
return ResponseEntity.ok(userPage);
} catch (Exception e) {
logger.error("查询成员列表出错!", e);
}
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(null);
}
@ApiImplicitParams(value = {
@ApiImplicitParam(name = "_index", value = "分页起始偏移量", paramType = "query", dataType = "Integer"),
@ApiImplicitParam(name = "_size", value = "返回条数", paramType = "query", dataType = "Integer"),
@ApiImplicitParam(name = "nameOrCode", value = "名称或编码", paramType = "query", dataType = "String"),
@ApiImplicitParam(name = "startDate", value = "创建时间-开始", paramType = "query", dataType = "String"),
@ApiImplicitParam(name = "endDate", value = "创建时间-结束", paramType = "query", dataType = "String")
})
@PostMapping("/getPageList")
@RequiresPermissions("/user/getPageList")
@ApiOperation(value = "获取用户分页列表", notes = "获取用户分页列表")
@MethodLog(operModule = OperModule.USER, operType = OperType.SELECT)
public Map<String, Object> getPageList(GenericPageParam genericPageParam) {
LambdaQueryWrapper<TUser> queryWrapper = new LambdaQueryWrapper<>();
// 对名称或编码模糊查询
if (StringUtils.isNotBlank(genericPageParam.getNameOrCode())) {
queryWrapper.like(TUser::getUserName, genericPageParam.getNameOrCode());
}
// 根据创建时间区间检索
if (genericPageParam.getStartDate() != null && genericPageParam.getEndDate() != null) {
queryWrapper.ge(TUser::getCreateTime, genericPageParam.getStartDate().atTime(0, 0, 0))
.le(TUser::getCreateTime, genericPageParam.getEndDate().atTime(23, 59, 59));
}
// 设置排序规则
queryWrapper.orderByDesc(TUser::getCreateTime);
Page<TUser> page = userService.page(getPage(), queryWrapper);
return getResult(page);
}
@ApiOperation(value = "获取用户详情", notes = "获取用户详情")
@GetMapping("/getById")
@RequiresPermissions("/user/getById")
@MethodLog(operModule = OperModule.USER, operType = OperType.SELECT)
public Map<String, Object> getById(String id) {
TUser tUser = userService.getById(id);
List<Role> list = roleService.selectRoleByUserId(id);
tUser.setRoleList(list);
return getResult(tUser);
}
//新增
@OperationLog("新增成员")
@ApiOperation(value = "新增成员")
@RequestMapping(value = "/add", method = RequestMethod.POST)
@RequiresPermissions("/user/add")
@MethodLog(operModule = OperModule.USER, operType = OperType.ADD)
public ResponseEntity<Map<String, Object>> add(@RequestBody TUser user) {
Map<String, Object> resultMap = new LinkedHashMap<String, Object>();
try {
if (StringUtils.isBlank(user.getUserName())) {
resultMap.put("status", 400);
resultMap.put("message", "账号不能为空!");
return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(resultMap);
} else {
user.setUserName(StringUtils.trimToNull(user.getUserName()));
}
if (StringUtils.isBlank(user.getPassword())) {
resultMap.put("status", 400);
resultMap.put("message", "密码不能为空!");
return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(resultMap);
} else {
user.setPassword(StringUtils.trimToNull(user.getPassword()));
}
if (StringUtils.isBlank(user.getRealName())) {
resultMap.put("status", 400);
resultMap.put("message", "姓名不能为空!");
return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(resultMap);
} else {
user.setRealName(StringUtils.trimToNull(user.getRealName()));
}
if (user.getRoleList() == null || user.getRoleList().size() < 1) {
resultMap.put("status", 400);
resultMap.put("message", "请选择角色!");
return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(resultMap);
}
if (StringUtils.isBlank(user.getOrgId())) {
resultMap.put("status", 400);
resultMap.put("message", "请选择机构!");
return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(resultMap);
}
QueryWrapper<TUser> ew = new QueryWrapper<>();
if (StringUtils.isNoneBlank(user.getUserName())) {
user.setUserName(user.getUserName().trim());
ew.eq("is_deleted", 0);
ew.eq("user_name", user.getUserName());
TUser one = this.userService.getOne(ew);
if (one != null) {
resultMap.put("status", 400);
resultMap.put("message", "账号已存在!");
return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(resultMap);
}
}
byte[] passwordSalt = SecureRandomSaltService.generateSalt();
byte[] passwordHash = SHA256PasswordEncryptionService
.createPasswordHash(user.getPassword(), passwordSalt);
user.setPasswordSalt(passwordSalt);
user.setPasswordHash(passwordHash);
user.setCreateTime(DateUtil80.getDateTimeOfTimestamp(System.currentTimeMillis()));
user.setUpdateTime(user.getCreateTime());
user.setIsDeleted(false);
boolean ret = this.userService.save(user);
List<Role> list = user.getRoleList();
List<TUserRole> list1 = new ArrayList<>();
for (Role role : list) {
TUserRole entity = new TUserRole();
entity.setUserId(user.getId());
entity.setRoleId(role.getId());
entity.setIsDeleted(false);
list1.add(entity);
}
this.tUserRoleService.saveBatch(list1);
if (!ret) {
// 新增失败, 500
resultMap.put("status", 500);
resultMap.put("message", "服务器忙");
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
.body(resultMap);
}
resultMap.put("status", 200);
resultMap.put("message", "添加成功");
// 201
return ResponseEntity.status(HttpStatus.CREATED).body(resultMap);
} catch (Exception e) {
resultMap.put("status", 500);
resultMap.put("message", "服务器忙");
logger.error("新增成员错误!", e);
}
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(resultMap);
}
// 编辑用户信息
@OperationLog("修改成员信息")
@ApiOperation(value = "编辑用户信息(必须传 1username 2name 3roleId)")
@PutMapping(value = "/update")
@RequiresPermissions("/user/update")
@MethodLog(operModule = OperModule.USER, operType = OperType.UPDATE)
public ResponseEntity<Map<String, Object>> edit(@RequestBody TUser user) {
Map<String, Object> resultMap = new HashMap<>();
try {
boolean ret = false;
if (user.getId() != null) {
if ("1".equals(user.getId()) && user.getStatus() == "2") {
resultMap.put("status", 400);
resultMap.put("message", "该账号不能被禁用");
return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(resultMap);
}
user.setUserName(StringUtils.trimToNull(user.getUserName()));
user.setPassword(StringUtils.trimToNull(user.getPassword()));
user.setRealName(StringUtils.trimToNull(user.getRealName()));
user.setUpdateTime(DateUtil80.getDateTimeOfTimestamp(System.currentTimeMillis()));
ret = userService.updateById(user);
//查询当前用户拥有的角色
QueryWrapper<TUserRole> userRoleWrapper = new QueryWrapper<>();
userRoleWrapper.eq("user_id", user.getId());
boolean remove = tUserRoleService.remove(userRoleWrapper);
List<Role> list = user.getRoleList();
if (list != null && list.size() > 0) {
ArrayList<TUserRole> list1 = new ArrayList<>();
for (Role r : list) {
TUserRole userRole = new TUserRole();
userRole.setUserId(user.getId());
userRole.setRoleId(r.getId());
userRole.setIsDeleted(false);
list1.add(userRole);
}
ret = this.tUserRoleService.saveBatch(list1);
}
} else {
// 更新失败, 400
resultMap.put("status", 400);
resultMap.put("message", "请选择用户");
return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(resultMap);
}
if (!ret) {
// 更新失败, 500
resultMap.put("status", 500);
resultMap.put("message", "服务器忙");
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(resultMap);
}
// 204
resultMap.put("status", 201);
resultMap.put("message", "更新成功");
return ResponseEntity.status(HttpStatus.CREATED).body(resultMap);
} catch (Exception e) {
logger.error("更新错误!", e);
}
// 500
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).build();
}
/**
* 删除
*
* @param userId
* @return
*/
@OperationLog("删除成员")
@ApiOperation(value = "删除成员")
@DeleteMapping(value = "/delete")
@RequiresPermissions("/user/delete")
@MethodLog(operModule = OperModule.USER, operType = OperType.DELETE)
public ResponseEntity<Map<String, Object>> delete(String userId) {
Map<String, Object> resultMap = new HashMap<>();
try {
if ("1".equals(userId)) {
resultMap.put("status", 400);
resultMap.put("message", "该账号不能被删除");
return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(resultMap);
}
TUser entity = new TUser();
entity.setId(userId);
entity.setUpdateTime(DateUtil80.getDateTimeOfTimestamp(System.currentTimeMillis()));
entity.setIsDeleted(true);
boolean ret1 = this.userService.updateById(entity);
QueryWrapper<TUserRole> userRoleWrapper = new QueryWrapper<>();
userRoleWrapper.eq("user_id", userId);
boolean ret2 = this.tUserRoleService.remove(userRoleWrapper);
if (!ret1 || !ret2) {
resultMap.put("status", 400);
resultMap.put("message", "删除失败");
return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(resultMap);
}
resultMap.put("status", 201);
resultMap.put("message", "删除成功");
return ResponseEntity.status(HttpStatus.CREATED).body(resultMap);
} catch (Exception e) {
logger.error("删除用户出错!", e);
}
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(null);
}
/**
* 禁用
*
* @param userId
* @return
*/
@OperationLog("禁用成员")
@ApiOperation(value = "禁用")
@RequestMapping(value = "/disable", method = RequestMethod.PUT)
@RequiresPermissions("/user/disable")
@MethodLog(operModule = OperModule.USER, operType = OperType.DISABLE)
public ResponseEntity<Map<String, Object>> disableTUser(String userId) {
Map<String, Object> resultMap = new HashMap<>();
try {
TUser entity = new TUser();
entity.setId(userId);
entity.setStatus("2");
Integer code = AuditStatusEnum.TBC.getCode();
entity.setAuditStatus(code.toString());
entity.setUpdateTime(DateUtil80.getDateTimeOfTimestamp(System.currentTimeMillis()));
boolean ret = this.userService.updateById(entity);
//获取该用户的登陆token
String userToken = stringRedisTemplate.opsForValue().get(SHIRO_JWT_TOKEN + userId);
if (null != userToken) {
stringRedisTemplate.delete(userToken);
stringRedisTemplate.delete(SHIRO_JWT_TOKEN + userId);
}
if (!ret) {
resultMap.put("status", 400);
resultMap.put("message", "禁用失败");
return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(resultMap);
}
resultMap.put("status", 201);
resultMap.put("message", "禁用成功");
return ResponseEntity.status(HttpStatus.CREATED).body(resultMap);
} catch (Exception e) {
logger.error("禁用用户出错!", e);
}
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(null);
}
// 启动
@OperationLog("启用成员")
@ApiOperation(value = "启用")
@RequestMapping(value = "/enable", method = RequestMethod.PUT)
@RequiresPermissions("/user/enable")
@MethodLog(operModule = OperModule.USER, operType = OperType.UNABLE)
public ResponseEntity<Map<String, Object>> enableUser(String userId) {
try {
Map<String, Object> map = new HashMap<>();
TUser entity = new TUser();
entity.setId(userId);
entity.setStatus("1");
entity.setUpdateTime(DateUtil80.getDateTimeOfTimestamp(System.currentTimeMillis()));
boolean ret = this.userService.updateById(entity);
if (!ret) {
map.put("status", "500");
map.put("message", "服务器错误");
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(map);
}
map.put("status", "201");
map.put("message", "启用成功");
return ResponseEntity.status(HttpStatus.CREATED).body(map);
} catch (Exception e) {
logger.error("用户启用出错!", e);
}
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(
null);
}
@OperationLog("修改密码")
@ApiOperation(value = "管理员更改自己的登录密码", notes = "管理员更改自己的登录密码")
@RequestMapping(value = "/editPwd", method = RequestMethod.PUT)
@RequiresPermissions("/user/editPwd")
@MethodLog(operModule = OperModule.USER, operType = OperType.UPDATE)
public ResponseEntity<Map<String, Object>> editPwd(@RequestParam(value = "oldPassWord", required = true) String oldPassWord,
@RequestParam(value = "password", required = true) String password) {
Map<String, Object> resultMap = new LinkedHashMap<String, Object>();
try {
boolean ret = false;
TUser user = this.userService.getById(this.getUserId());
byte[] salt = user.getPasswordSalt();
if (new String(SHA256PasswordEncryptionService.createPasswordHash(oldPassWord, salt))
.equals(new String(user.getPasswordHash()))) {
salt = SecureRandomSaltService.generateSalt();
user.setPasswordSalt(salt);
user.setPasswordHash((SHA256PasswordEncryptionService.createPasswordHash(password, salt)));
user.setUpdateTime(DateUtil80.getDateTimeOfTimestamp(System.currentTimeMillis()));
ret = this.userService.updateById(user);
} else {
logger.error("旧密码不正确");
resultMap.put("status", 400);
resultMap.put("message", "旧密码不正确");
return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(resultMap);
}
if (!ret) {
resultMap.put("status", 500);
resultMap.put("message", "修改失败");
// 更新失败, 500
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(resultMap);
}
resultMap.put("status", 200);
resultMap.put("message", "修改成功");
return ResponseEntity.status(HttpStatus.OK).body(resultMap);
} catch (Exception e) {
logger.error("更新密码错误!", e);
}
// 500
resultMap.put("status", 500);
resultMap.put("message", "修改失败");
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(resultMap);
}
// 管理员重置密码
@OperationLog("重置密码")
@ApiOperation(value = "管理员重置密码", notes = "管理员重置密码")
@RequestMapping(value = "/resetPassword", method = RequestMethod.PUT)
@RequiresPermissions("/user/resetPassword")
@MethodLog(operModule = OperModule.USER, operType = OperType.UPDATE)
public ResponseEntity<Map<Object, String>> resetPassword(String userId) {
try {
Map<Object, String> map = new LinkedHashMap<>();
TUser user = new TUser();
user.setId(userId);
String newPassword = "123456";
byte[] passwordSalt = SecureRandomSaltService.generateSalt();
byte[] passwordHash = SHA256PasswordEncryptionService.createPasswordHash(newPassword, passwordSalt);
user.setPasswordSalt(passwordSalt);
user.setPasswordHash(passwordHash);
user.setUpdateTime(DateUtil80.getDateTimeOfTimestamp(System.currentTimeMillis()));
boolean ret = userService.updateById(user);
if (!ret) {
return ResponseEntity.status(HttpStatus.BAD_REQUEST).build();
}
stringRedisTemplate.delete(SHIRO_IS_LOCK + userService.getById(userId).getUserName());
map.put("status", "201");
map.put("message", "重置密码成功");
map.put("password", newPassword);
return ResponseEntity.status(HttpStatus.CREATED).body(map);
} catch (Exception e) {
logger.error("重置密码出错!", e);
}
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(null);
}
@PutMapping("/updateAuditStatus")
@RequiresPermissions("/user/updateAuditStatus")
@ApiOperation(value = "更新用户审核状态", notes = "更新用户审核状态")
@ApiImplicitParams(value = {
@ApiImplicitParam(name = "id", value = "标识ID", dataType = "String", paramType = "path"),
@ApiImplicitParam(name = "status", value = "状态", paramType = "query", dataType = "String")
})
@MethodLog(operModule = OperModule.USER, operType = OperType.UPDATE)
public Map<String, Object> updateStatus(@NotNull(message = "机构用户不能为空") @PathVariable("id") String id, @RequestParam("status") AuditStatusEnum status) {
UpdateWrapper<TUser> updateWrapper = new UpdateWrapper<>();
updateWrapper.eq("id", id);
updateWrapper.eq("audit_status", status.name());
boolean flag = userService.update(updateWrapper);
if (flag) {
return getSuccessResult();
}
return getFailResult();
}
}