pwd

6404d58b · sq3536 · 4ffcd919 · 6404d58b · 6404d58b
--- a/ibzuaa-core/src/main/java/cn/ibizlab/core/uaa/extensions/service/SysAppService.java
+++ b/ibzuaa-core/src/main/java/cn/ibizlab/core/uaa/extensions/service/SysAppService.java
@@ -58,6 +58,11 @@ public class SysAppService extends SysAppServiceImpl

        LinkedHashMap<String,SysApp> defApps = new LinkedHashMap<>();
        defApps.putAll(apps);
+        AuthenticationUser curUser = AuthenticationUser.getAuthenticationUser();
+
+        boolean superadmin=(curUser.getSuperuser()==1||curUser.getAuthorities().contains("ROLE_SUPERADMIN"));
+
+
        List<SysApp> list=new ArrayList<>();
        JSONArray.parseArray(jo.getJSONArray("model").toJSONString(),SysApp.class).forEach(sysApp -> {
            SysApp def=defApps.get(sysApp.getId());
@@ -68,7 +73,8 @@ public class SysAppService extends SysAppServiceImpl
            sysApp.setFullname(def.getFullname());
            sysApp.setType(def.getType());
            sysApp.setGroup(def.getGroup());
-            list.add(sysApp);
+            if(superadmin || curUser.getAuthorities().contains(sysApp.getId()))
+                list.add(sysApp);
            defApps.remove(def.getId());
        });
        final boolean flag=nullSwitcher;
@@ -80,7 +86,8 @@ public class SysAppService extends SysAppServiceImpl
                sysApp.setVisabled(1);
            else
                sysApp.setVisabled(0);
-            list.add(sysApp);
+            if(superadmin || curUser.getAuthorities().contains(sysApp.getId()))
+                list.add(sysApp);
        });

        try {

--- a/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/extensions/ClientAuthenticationResource.java
+++ b/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/extensions/ClientAuthenticationResource.java
@@ -83,11 +83,13 @@ public class ClientAuthenticationResource
            throw new BadRequestAlertException("新密码为空", "ClientAuthenticationResource", "");
        // 获取当前登录用户并加密旧密码
        AuthenticationUser authenticationUser = AuthenticationUser.getAuthenticationUser();
+
+        IBZUSER ibzuser = ibzuserService.getById(authenticationUser.getUserid());
        if(pwencrymode==1)
            oldpwd = DigestUtils.md5DigestAsHex(oldpwd.getBytes());
        else if(pwencrymode==2)
            oldpwd = DigestUtils.md5DigestAsHex(String.format("%1$s||%2$s", authenticationUser.getUsername(), oldpwd).getBytes());
-        if(!authenticationUser.getPassword().equals( oldpwd )){
+        if(!ibzuser.getPassword().equals( oldpwd )){
            throw new BadRequestAlertException("用户名密码错误","IBZUSER",authenticationUser.getUsername());
        }
        // 加密新密码
@@ -96,10 +98,9 @@ public class ClientAuthenticationResource
        else if(pwencrymode==2)
            newpwd = DigestUtils.md5DigestAsHex(String.format("%1$s||%2$s", authenticationUser.getUsername(), newpwd).getBytes());
        // 修改密码
-        IBZUSER ibzuser = new IBZUSER();
-        ibzuser.setUserid(authenticationUser.getUserid());
+
        ibzuser.setPassword(newpwd);
-        ibzuserService.save(ibzuser);
+        ibzuserService.updateById(ibzuser);
        return ResponseEntity.ok(true);
    }