From 438a2919897d83d7010191b7430ed5aabb917d39 Mon Sep 17 00:00:00 2001 From: cl Date: Tue, 20 Apr 2021 15:59:47 +0800 Subject: [PATCH] =?UTF-8?q?=E5=BC=80=E6=BA=90=E7=BA=BF=E4=B8=8A=E7=A6=81?= =?UTF-8?q?=E6=AD=A2=E4=BD=93=E9=AA=8C=E7=94=A8=E6=88=B7=E4=BF=AE=E6=94=B9?= =?UTF-8?q?admin=E7=9A=84=E8=B4=A6=E5=8F=B7=E5=AF=86=E7=A0=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../yami/shop/sys/controller/SysUserController.java | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/yami-shop-sys/src/main/java/com/yami/shop/sys/controller/SysUserController.java b/yami-shop-sys/src/main/java/com/yami/shop/sys/controller/SysUserController.java index 8385198..73d6d61 100644 --- a/yami-shop-sys/src/main/java/com/yami/shop/sys/controller/SysUserController.java +++ b/yami-shop-sys/src/main/java/com/yami/shop/sys/controller/SysUserController.java @@ -93,6 +93,11 @@ public class SysUserController { public ResponseEntity password(@RequestBody @Valid UpdatePasswordDto param){ Long userId = SecurityUtils.getSysUser().getUserId(); + // 开源版代码,禁止用户修改admin 的账号密码密码 + // 正式使用时,删除此部分代码即可 + if (Objects.equals(1L,userId) && StrUtil.isNotBlank(param.getNewPassword())) { + throw new YamiShopBindException("禁止修改admin的账号密码"); + } SysUser dbUser = sysUserService.getSysUserById(userId); if (!passwordEncoder.matches(param.getPassword(), dbUser.getPassword())) { return ResponseEntity.badRequest().body("原密码不正确"); @@ -164,6 +169,12 @@ public class SysUserController { }else { user.setPassword(passwordEncoder.encode(user.getPassword())); } + // 开源版代码,禁止用户修改admin 的账号密码密码 + // 正式使用时,删除此部分代码即可 + boolean is = Objects.equals(1L,dbUser.getUserId()) && (StrUtil.isNotBlank(password) || !StrUtil.equals("admin",user.getUsername())); + if (is) { + throw new YamiShopBindException("禁止修改admin的账号密码"); + } sysUserService.updateUserAndUserRole(user); return ResponseEntity.ok().build(); }