完善权限的校验

2026-04-15 17:28:23 +08:00
parent 9ab91ac87e
commit e0e4a60dba
3 changed files with 15 additions and 4 deletions
--- a/src/main/java/com/rj/controller/AudioManagementController.java
+++ b/src/main/java/com/rj/controller/AudioManagementController.java
@@ -359,16 +359,21 @@ public class AudioManagementController {
                queryWrapper.eq(AudioManagement::getIntentionLevel, intentionLevel);
            }
            // 如果角色不包含admin，必须添加salesPhone查询条件
-            if (roleName == null || !roleName.contains("admin")) {
+            if (!roleName.equalsIgnoreCase("admin")) {
                if (salesPhone != null && !salesPhone.trim().isEmpty()) {
                    queryWrapper.like(AudioManagement::getSalesPhone, salesPhone);
+                }else {
+                    log.warn("不是admin角色时, 必须通过手机号查询,  角色是：{}" ,roleName);
+
+                    return ResponseEntity.ok(result);
                }
-            } else {
+            } else if (roleName.contains("admin")) {
                // admin角色可以按salesPhone查询，但不强制
                if (salesPhone != null && !salesPhone.trim().isEmpty()) {
                    queryWrapper.like(AudioManagement::getSalesPhone, salesPhone);
                }
            }
+
            if (serviceStatus != null && !serviceStatus.trim().isEmpty()) { //AudioManagementConstants.SERVICE_STATUS_SERVICE_FINISH
                queryWrapper.eq(AudioManagement::getServiceStatus, serviceStatus);
            }
--- a/src/main/java/com/rj/mapper/sys/UserMapper.java
+++ b/src/main/java/com/rj/mapper/sys/UserMapper.java
@@ -31,6 +31,11 @@ public interface UserMapper extends BaseMapper<User> {
    @Select("SELECT * FROM user WHERE user_name = #{userName} LIMIT 1")
    User selectByUserNameIgnoreTenant(@Param("userName") String userName);

+    @InterceptorIgnore(tenantLine = "true")
+    @Select("SELECT * FROM user WHERE phone = #{phone} LIMIT 1")
+    User selectByPhoneIgnoreTenant(@Param("phone") String phone);
+
+
    /**
     * 根据 token 查询用户（token 验证、获取当前用户信息），不走多租户拦截器。
     */
--- a/src/main/java/com/rj/service/sys/impl/UserServiceImpl.java
+++ b/src/main/java/com/rj/service/sys/impl/UserServiceImpl.java
@@ -28,8 +28,9 @@ public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements IU
    @Override
    public LoginResponse login(LoginRequest loginRequest) {
        // 根据用户名查询用户（登录时不走多租户拦截器）
-        User user = this.baseMapper.selectByUserNameIgnoreTenant(loginRequest.getUserName());
-        
+//        User user = this.baseMapper.selectByUserNameIgnoreTenant(loginRequest.getUserName());
+        User user = this.baseMapper.selectByPhoneIgnoreTenant(loginRequest.getUserName());
+
        if (user == null) {
            throw new RuntimeException("用户不存在");
        }