增加简易权限。

a73a94fa · gdj · bda15104 · a73a94fa · a73a94fa · a73a94fa
Commit a73a94fa authored Apr 25, 2025 by gdj
3 changed files
--- a/sample/src/main/java/com/dji/sample/common/util/SecurityUtils.java
+++ b/sample/src/main/java/com/dji/sample/common/util/SecurityUtils.java
 package com.dji.sample.common.util;
+import com.auth0.jwt.interfaces.DecodedJWT;
+import com.dji.sample.common.model.CustomClaim;
+import com.dji.sample.manage.model.enums.UserTypeEnum;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+import javax.servlet.http.HttpServletRequest;
+import static com.dji.sample.component.AuthInterceptor.PARAM_TOKEN;
 /**
 * @author guan
@@ -30,4 +39,35 @@ public class SecurityUtils {
        return passwordEncoder.matches(rawPassword, encodedPassword);
    }
+    /**
+     * 判断当前用户是否admin
+     * @return
+     */
+    public static boolean isAdmin() {
+        DecodedJWT jwt = JwtUtil.verifyToken(getToken());
+        CustomClaim customClaim = new CustomClaim(jwt.getClaims());
+        Integer userType = customClaim.getUserType();
+        if (userType == null) {
+            return false;
+        }
+        return userType == UserTypeEnum.WEB.getVal();
+    }
+    public static boolean isNotAdmin() {
+        return !isAdmin();
+    }
+    /**
+     * 获取token
+     * @return
+     */
+    public static String getToken() {
+        HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
+        return request.getHeader(PARAM_TOKEN);
+    }
 }
--- a/sample/src/main/java/com/dji/sample/manage/model/dto/UserLoginDTO.java
+++ b/sample/src/main/java/com/dji/sample/manage/model/dto/UserLoginDTO.java
 package com.dji.sample.manage.model.dto;
+import com.fasterxml.jackson.annotation.JsonAlias;
 import lombok.AllArgsConstructor;
 import lombok.Data;
 import lombok.NoArgsConstructor;
@@ -10,6 +11,9 @@ import lombok.NonNull;
 @NoArgsConstructor
 public class UserLoginDTO {
+    @JsonAlias("workspaceId")
+    private String workspaceId;
    @NonNull
    private String username;

--- a/sample/src/main/java/com/dji/sample/manage/service/impl/UserServiceImpl.java
+++ b/sample/src/main/java/com/dji/sample/manage/service/impl/UserServiceImpl.java
@@ -38,6 +38,8 @@ import java.util.Optional;
 import java.util.UUID;
 import java.util.stream.Collectors;
+import static com.dji.sample.common.util.SecurityUtils.isNotAdmin;
 @Service
 @Transactional
 public class UserServiceImpl implements IUserService {
@@ -76,8 +78,11 @@ public class UserServiceImpl implements IUserService {
                    .setCode(HttpStatus.UNAUTHORIZED.value())
                    .setMessage("invalid username");
        }
-        if (flag.intValue() != userEntity.getUserType().intValue()) {
+        // 修改逻辑 跳过web判定
-            return HttpResultResponse.error("The account type does not match.");
+        if (flag != UserTypeEnum.WEB.getVal()) {
+            if (flag.intValue() != userEntity.getUserType().intValue()) {
+                return HttpResultResponse.error("The account type does not match.");
+            }
        }
        // 密码加密验证
        // if (!password.equals(userEntity.getPassword())) {
@@ -169,6 +174,9 @@ public class UserServiceImpl implements IUserService {
    @Override
    public Boolean deleteUser(String workspaceId, String userId) {
+        if (isNotAdmin()) {
+            throw new RuntimeException("The current user is not an admin and has no permissions");
+        }
        LambdaQueryWrapper<UserEntity> queryWrapper = new LambdaQueryWrapper<>();
        queryWrapper.eq(UserEntity::getWorkspaceId, workspaceId);
        queryWrapper.eq(UserEntity::getUserId, userId);
@@ -192,12 +200,21 @@ public class UserServiceImpl implements IUserService {
        String username = user.getUsername();
        LambdaQueryWrapper<UserEntity> userQueryWrapper = new LambdaQueryWrapper<>();
        userQueryWrapper.eq(UserEntity::getUsername, username);
+        userQueryWrapper.eq(UserEntity::getWorkspaceId, workspaceId);
        List<UserEntity> nameUserList = this.mapper.selectList(userQueryWrapper);
        if (!CollectionUtils.isEmpty(nameUserList)) {
            throw new RuntimeException("the username is already existed");
        }
        UserEntity userEntity = new UserEntity();
+        // 普通用户不能创建管理员
+        if (user.getUserType() == UserTypeEnum.WEB.getVal()) {
+            if (isNotAdmin()) {
+                throw new RuntimeException("The current user is not an admin and has no permissions");
+            }
+        }
        userEntity.setUserType(user.getUserType() != null ? user.getUserType() : UserTypeEnum.PILOT.getVal());
        userEntity.setUserId(UUID.randomUUID().toString());
        userEntity.setPassword(SecurityUtils.encryptPassword(user.getPassword()));