package systemuser.internal; import java.io.Serializable; import java.util.ArrayList; import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Map; import org.springframework.security.providers.encoding.PasswordEncoder; import org.springframework.util.ObjectUtils; import kernel.exception.BusinessException; import kernel.util.StringUtils; import kernel.web.ApplicationUtil; import kernel.web.Page; import project.Constants; import project.log.Log; import project.log.LogService; import project.user.googleauth.GoogleAuthService; import security.Role; import security.RoleService; import security.SecUser; import security.internal.SecUserService; import security.internal.SecUserServiceImpl; import systemuser.AdminSystemUserService; public class AdminSystemUserServiceImpl implements AdminSystemUserService { private RoleService roleService; protected LogService logService; private SecUserService secUserService; private PasswordEncoder passwordEncoder; private GoogleAuthService googleAuthService; public void save(SecUser user,String operatorUsername,String loginSafeword,String code,String ip,String superGoogleAuthCode) { googleAuthService.checkSuperGoogleAuthCode(superGoogleAuthCode); String enable = user.getEnabled()?"开启":"未开启"; checkLoginSafeword(operatorUsername,loginSafeword); saveLog(user,operatorUsername,"ip:"+ip+"管理员新增系统用户,角色为["+user.getId()+"],登录权限为["+enable+"],邮箱为["+user.getEmail()+"],验证码:["+code+"]"); user.setSafeword(passwordEncoder.encodePassword(user.getSafeword(), user.getUsername())); secUserService.saveUser(user); } public SecUser get(Serializable id) { return secUserService.findUserById(id); } /** * 验证登录人资金密码 * @param operatorUsername * @param loginSafeword */ private void checkLoginSafeword(String operatorUsername,String loginSafeword) { SecUser sec = this.secUserService.findUserByLoginName(operatorUsername); String sysSafeword = sec.getSafeword(); String safeword_md5 = passwordEncoder.encodePassword(loginSafeword, operatorUsername); if (!safeword_md5.equals(sysSafeword)) throw new BusinessException("登录人资金密码错误"); } public void saveLog(SecUser secUser, String operator,String context) { Log log = new Log(); log.setCategory(Constants.LOG_CATEGORY_OPERATION); log.setOperator(operator); log.setUsername(secUser.getUsername()); log.setPartyId(secUser.getPartyId()); log.setLog(context); log.setCreateTime(new Date()); logService.saveSync(log); } /** * 更新系统用户,有密码则更新密码,否则更新用户 * @param user * @param newPassword * @param type 密码类型,password:登录密码,safe_password:资金密码 */ public void update(SecUser user,String newPassword,String type,String operatorUsername,String loginSafeword,String code,String ip,String superGoogleAuthCode) { if(ObjectUtils.isEmpty(newPassword)) { checkLoginSafeword(operatorUsername,loginSafeword); SecUser userDB = get(user.getId()); String enableDB = userDB.getEnabled()?"开启":"未开启"; String emailDB = user.getEmail(); this.secUserService.update(user); String enable = user.getEnabled()?"开启":"未开启"; saveLog(user,operatorUsername,"ip:"+ip+"管理员修改系统用户,修改前角色为["+userDB.getRoles().toArray(new Role[0])[0].getRoleName()+"],登录权限["+enableDB+"],邮箱为["+emailDB+"]," + "修改后角色为["+user.getRoles().toArray(new Role[0])[0].getRoleName()+"],登录权限["+enable+"],邮箱为["+user.getEmail()+"]"); }else { googleAuthService.checkSuperGoogleAuthCode(superGoogleAuthCode); checkLoginSafeword(operatorUsername,loginSafeword); switch(type) { case "password": secUserService.updatePassword(user.getUsername(), newPassword); saveLog(user,operatorUsername,"ip:"+ip+"管理员修改系统用户登录密码,验证码:["+code+"]"); break; case "safe_password": secUserService.updateSafeword(user.getUsername(), newPassword); saveLog(user,operatorUsername,"ip:"+ip+"管理员修改系统用户资金密码,验证码:["+code+"]"); break; default: break; } } } /** * 删除系统用户 */ public void delete(SecUser user, String operatorUsername, String loginSafeword, String ip, String superGoogleAuthCode) { googleAuthService.checkSuperGoogleAuthCode(superGoogleAuthCode); this.checkLoginSafeword(operatorUsername, loginSafeword); SecUser userDB = get(user.getId()); String enableDB = userDB.getEnabled()?"开启":"未开启"; String emailDB = user.getEmail(); secUserService.deleteUser(user); saveLog(user, operatorUsername, "ip:"+ip+"管理员删除系统用户,系统用户角色为["+userDB.getRoles().toArray(new Role[0])[0].getRoleName()+"],登录权限["+enableDB+"],邮箱为["+emailDB+"]"); } public Page pagedQuery(int pageNo,int pageSize ,String usernamePara) { if (pageNo <= 0) pageNo = 1; Page page = new Page(pageNo,pageSize,Integer.MAX_VALUE); ArrayList whereParams=new ArrayList(); StringBuilder whereStatement=new StringBuilder("WHERE (PARTY_UUID IS NULL OR PARTY_UUID='') AND UUID NOT IN('SROOT') "); if(StringUtils.isNotEmpty(usernamePara)) { whereStatement.append("AND USERNAME LIKE ? "); whereParams.add("%"+usernamePara+"%"); } whereStatement.append("ORDER BY CREATETIME ASC LIMIT ?,?"); whereParams.add(page.getFirstElementNumber()); whereParams.add(pageSize); List secuserList=ApplicationUtil.executeSelect(SecUser.class, whereStatement.toString(), whereParams.toArray(new Object[whereParams.size()])); secuserList.forEach(secuser->SecUserServiceImpl.bindRoleResource(secuser)); page.setElements(secuserList); return page; } public Map findRoleMap() { Map map = new HashMap<>(); List all = roleService.getAll(); for(Role role:all) { String roleName=role.getRoleName(); if(Constants.ROLE_MAP.containsKey(roleName)) continue; map.put(roleName,roleName); } return map; } public void setRoleService(RoleService roleService) { this.roleService = roleService; } public SecUserService getSecUserService() { return secUserService; } public void setSecUserService(SecUserService secUserService) { this.secUserService = secUserService; } public void setPasswordEncoder(PasswordEncoder passwordEncoder) { this.passwordEncoder = passwordEncoder; } public void setLogService(LogService logService) { this.logService = logService; } public void setGoogleAuthService(GoogleAuthService googleAuthService) { this.googleAuthService = googleAuthService; } }