开源线上禁止体验用户修改admin的账号密码

yami-shop-sys/src/main/java/com/yami/shop/sys/controller/SysUserController.java

@@ -93,6 +93,11 @@ public class SysUserController {
 	public ResponseEntity<String> password(@RequestBody @Valid UpdatePasswordDto param){
 		Long userId = SecurityUtils.getSysUser().getUserId();
 
+        // 开源版代码，禁止用户修改admin 的账号密码密码
+        // 正式使用时，删除此部分代码即可
+        if (Objects.equals(1L,userId) && StrUtil.isNotBlank(param.getNewPassword())) {
+            throw new YamiShopBindException("禁止修改admin的账号密码");
+        }
 		SysUser dbUser = sysUserService.getSysUserById(userId);
 		if (!passwordEncoder.matches(param.getPassword(), dbUser.getPassword())) {
 			return ResponseEntity.badRequest().body("原密码不正确");
@@ -164,6 +169,12 @@ public class SysUserController {
 		}else {
 			user.setPassword(passwordEncoder.encode(user.getPassword()));
 		}
+		// 开源版代码，禁止用户修改admin 的账号密码密码
+		// 正式使用时，删除此部分代码即可
+		boolean is = Objects.equals(1L,dbUser.getUserId()) && (StrUtil.isNotBlank(password) || !StrUtil.equals("admin",user.getUsername()));
+		if (is) {
+			throw new YamiShopBindException("禁止修改admin的账号密码");
+		}
 		sysUserService.updateUserAndUserRole(user);
 		return ResponseEntity.ok().build();
 	}