diff --git a/src/main/java/com/greenorange/promotion/controller/user/UserInfoController.java b/src/main/java/com/greenorange/promotion/controller/user/UserInfoController.java index f5e15f1..778910d 100644 --- a/src/main/java/com/greenorange/promotion/controller/user/UserInfoController.java +++ b/src/main/java/com/greenorange/promotion/controller/user/UserInfoController.java @@ -199,7 +199,7 @@ public class UserInfoController { */ @PostMapping("add") @Operation(summary = "web端管理员添加用户", description = "参数:用户表添加请求体,权限:管理员(boss, admin),方法名:addUserInfo") - @RequiresPermission(mustRole = UserConstant.ADMIN_ROLE) + @RequiresPermission(mustRole = UserConstant.BOSS_ROLE) @SysLog(title = "用户管理", content = "web端管理员添加用户") public BaseResponse addUserInfo(@Valid @RequestBody UserInfoAddRequest userInfoAddRequest) { UserInfo userInfo = commonService.copyProperties(userInfoAddRequest, UserInfo.class); @@ -216,7 +216,7 @@ public class UserInfoController { */ @PostMapping("update") @Operation(summary = "web端管理员更新用户", description = "参数:用户表更新请求体,权限:管理员(boss, admin),方法名:updateUserInfo") - @RequiresPermission(mustRole = UserConstant.ADMIN_ROLE) + @RequiresPermission(mustRole = UserConstant.BOSS_ROLE) @SysLog(title = "用户管理", content = "web端管理员根据id修改用户信息") public BaseResponse updateUserInfo(@Valid @RequestBody UserInfoUpdateRequest userInfoUpdateRequest) { UserInfo userInfo = commonService.copyProperties(userInfoUpdateRequest, UserInfo.class); @@ -232,7 +232,7 @@ public class UserInfoController { */ @PostMapping("delete") @Operation(summary = "web端管理员根据id删除用户", description = "参数:用户表删除请求体,权限:管理员(boss, admin),方法名:delUserInfo") - @RequiresPermission(mustRole = UserConstant.ADMIN_ROLE) + @RequiresPermission(mustRole = UserConstant.BOSS_ROLE) @SysLog(title = "用户管理", content = "web端管理员根据id删除用户表") public BaseResponse delUserInfo(@Valid @RequestBody CommonRequest commonRequest) { Long id = commonRequest.getId(); @@ -249,7 +249,7 @@ public class UserInfoController { */ @PostMapping("delBatch") @Operation(summary = "web端管理员批量删除用户", description = "参数:用户表批量删除请求体,权限:管理员(boss, admin),方法名:delBatchUserInfo") - @RequiresPermission(mustRole = UserConstant.ADMIN_ROLE) + @RequiresPermission(mustRole = UserConstant.BOSS_ROLE) @SysLog(title = "用户管理", content = "web端管理员批量删除用户表") public BaseResponse delBatchUserInfo(@Valid @RequestBody CommonBatchRequest commonBatchRequest) { List ids = commonBatchRequest.getIds(); @@ -267,7 +267,7 @@ public class UserInfoController { */ @PostMapping("queryById") @Operation(summary = "web端管理员根据id查询用户", description = "参数:用户表查询请求体,权限:管理员(boss, admin),方法名:queryUserInfoById") - @RequiresPermission(mustRole = UserConstant.ADMIN_ROLE) + @RequiresPermission(mustRole = UserConstant.BOSS_ROLE) @SysLog(title = "用户管理", content = "web端管理员根据id查询用户") public BaseResponse queryUserInfoById(@Valid @RequestBody CommonRequest commonRequest) { Long id = commonRequest.getId(); diff --git a/src/main/java/com/greenorange/promotion/service/user/impl/UserInfoServiceImpl.java b/src/main/java/com/greenorange/promotion/service/user/impl/UserInfoServiceImpl.java index 32022b3..8f8fd01 100644 --- a/src/main/java/com/greenorange/promotion/service/user/impl/UserInfoServiceImpl.java +++ b/src/main/java/com/greenorange/promotion/service/user/impl/UserInfoServiceImpl.java @@ -14,6 +14,7 @@ import com.greenorange.promotion.exception.ThrowUtils; import com.greenorange.promotion.mapper.UserInfoMapper; import com.greenorange.promotion.model.dto.user.*; import com.greenorange.promotion.model.entity.UserInfo; +import com.greenorange.promotion.model.enums.UserRoleEnum; import com.greenorange.promotion.service.common.CommonService; import com.greenorange.promotion.service.user.UserInfoService; import com.greenorange.promotion.utils.JWTUtils; @@ -79,6 +80,11 @@ public class UserInfoServiceImpl extends ServiceImpl lambdaQueryWrapper.eq(UserInfo::getUserAccount, userAccount).eq(UserInfo::getUserPassword, userPassword); UserInfo userInfo = this.getOne(lambdaQueryWrapper); ThrowUtils.throwIf(userInfo == null, ErrorCode.OPERATION_ERROR, "用户不存在"); + + String userRole = userInfo.getUserRole(); + UserRoleEnum userRoleEnum = UserRoleEnum.getEnumByValue(userRole); + ThrowUtils.throwIf(!UserRoleEnum.ADMIN.equals(userRoleEnum) && !UserRoleEnum.BOSS.equals(userRoleEnum), ErrorCode.NO_AUTH_ERROR); + Map payload = new HashMap<>(); payload.put("userAccount", userAccount); payload.put("userPassword", userPassword);