|
|
@@ -291,7 +291,7 @@ public class UserController extends ControllerSupport {
|
|
|
@ApiOperation(value = "新增用户", notes = "新增")
|
|
|
@PostMapping
|
|
|
public Map<String, Object> addUser(@RequestBody UserFormDomain userForm) {
|
|
|
- trim(userForm);
|
|
|
+ trim(userForm, true);
|
|
|
userForm.setId(null);
|
|
|
return saveUser(userForm);
|
|
|
}
|
|
|
@@ -306,7 +306,7 @@ public class UserController extends ControllerSupport {
|
|
|
@ApiOperation(value = "更新用户", notes = "更新")
|
|
|
@PutMapping
|
|
|
public Map<String, Object> updateUser(@RequestBody UserFormDomain userForm) {
|
|
|
- trim(userForm);
|
|
|
+ trim(userForm, true);
|
|
|
if (null == userForm.getId()) {
|
|
|
throw new StatusException("B-150009", "user ID is null");
|
|
|
}
|
|
|
@@ -333,8 +333,12 @@ public class UserController extends ControllerSupport {
|
|
|
* @return
|
|
|
*/
|
|
|
private Map<String, Object> saveUser(UserFormDomain userForm) {
|
|
|
- User accessUser = getAccessUser();
|
|
|
+
|
|
|
Long rootOrgId = userForm.getRootOrgId();
|
|
|
+
|
|
|
+ if (null == rootOrgId) {
|
|
|
+ throw new StatusException("B-150002", "rootOrgId is null");
|
|
|
+ }
|
|
|
OrgEntity rootOrg = orgRepo.findOne(rootOrgId);
|
|
|
if (null == rootOrg) {
|
|
|
throw new StatusException("B-150003", "机构不存在");
|
|
|
@@ -343,9 +347,7 @@ public class UserController extends ControllerSupport {
|
|
|
throw new StatusException("B-150004", "机构错误");
|
|
|
}
|
|
|
|
|
|
- if ((!isSuperAdmin()) && (!rootOrgId.equals(accessUser.getRootOrgId()))) {
|
|
|
- throw new StatusException("B-150005", "无权操作");
|
|
|
- }
|
|
|
+ validateRootOrgIsolation(rootOrgId);
|
|
|
|
|
|
UserEntity userEntity = new UserEntity();
|
|
|
userEntity.setId(userForm.getId());
|
|
|
@@ -365,11 +367,18 @@ public class UserController extends ControllerSupport {
|
|
|
for (Long cur : roleIds) {
|
|
|
RoleEntity curRoleEntity = roleRepo.findOne(cur);
|
|
|
if (null == curRoleEntity) {
|
|
|
+ throw new StatusException("B-150005", "角色错误");
|
|
|
+ }
|
|
|
+
|
|
|
+ Long roleRootOrgId = curRoleEntity.getRootOrgId();
|
|
|
+ if (null != roleRootOrgId && (!roleRootOrgId.equals(rootOrgId))) {
|
|
|
throw new StatusException("B-150006", "角色错误");
|
|
|
}
|
|
|
+
|
|
|
if (curRoleEntity.getCode().equals(RoleMeta.SUPER_ADMIN.name())) {
|
|
|
throw new StatusException("B-150007", "不允许新增或修改超级管理员");
|
|
|
}
|
|
|
+
|
|
|
UserRoleRelationEntity relation = new UserRoleRelationEntity(saved.getId(),
|
|
|
curRoleEntity.getId());
|
|
|
userRoles.add(relation);
|
wangwei