diff --git a/src/main/java/com/sztzjy/financial_bigdata/controller/tea/UserController.java b/src/main/java/com/sztzjy/financial_bigdata/controller/tea/UserController.java index 9e06ddb..db74585 100644 --- a/src/main/java/com/sztzjy/financial_bigdata/controller/tea/UserController.java +++ b/src/main/java/com/sztzjy/financial_bigdata/controller/tea/UserController.java @@ -72,6 +72,7 @@ public class UserController { public ResultEntity login(@RequestParam String passwordEncode, @RequestParam String userName, HttpServletRequest request, + @RequestParam int roleId, @RequestParam(required = false) String TOKEN) { JwtUser jwtUser; String passWord; @@ -95,7 +96,11 @@ public class UserController { List stuUsers = stuUserMapper.selectByExample(stuUserExample); //不存在返回错误,正确放行 if (stuUsers.isEmpty()) { - throw new UnAuthorizedException("用户名或密码错误"); + return new ResultEntity(HttpStatus.BAD_REQUEST, "密码错误"); + } + StuUser user1 = stuUsers.get(0); + if (!Objects.equals(roleId, user1.getRoleId())) { + return new ResultEntity(HttpStatus.BAD_REQUEST, "用户权限错误!"); } else { // 保存用户的登录信息 Map map = new HashMap<>(); @@ -118,6 +123,10 @@ public class UserController { if (jwtUser == null) { throw new UnAuthorizedException("token无效"); } + int roleId1 = jwtUser.getRoleId(); + if (!Objects.equals(roleId, roleId1)) { + return new ResultEntity(HttpStatus.BAD_REQUEST, "用户权限错误!"); + } try { } catch (Exception e) { throw new UnAuthorizedException("密码错误"); @@ -166,16 +175,14 @@ public class UserController { } - @PostMapping("/getClassNameByClassId") @ApiOperation("根据班级ID返回班级名称") - public ResultEntity getClassNameByClassId( @RequestParam String classId) { + public ResultEntity getClassNameByClassId(@RequestParam String classId) { StuClass stuClass = classMapper.selectByPrimaryKey(classId); return new ResultEntity<>(stuClass.getClassName()); } - @PostMapping("/setLoginDuration") @ApiOperation("登录日志--设置登录时长退出时调用") public void setLoginDuration(@ApiParam("登录返回的日志ID") @RequestParam String logID) {