pwd

ibzuaa-core/src/main/java/cn/ibizlab/core/uaa/extensions/service/SysAppService.java

@@ -58,6 +58,11 @@ public class SysAppService extends SysAppServiceImpl
 
         LinkedHashMap<String,SysApp> defApps = new LinkedHashMap<>();
         defApps.putAll(apps);
+        AuthenticationUser curUser = AuthenticationUser.getAuthenticationUser();
+
+        boolean superadmin=(curUser.getSuperuser()==1||curUser.getAuthorities().contains("ROLE_SUPERADMIN"));
+
+
         List<SysApp> list=new ArrayList<>();
         JSONArray.parseArray(jo.getJSONArray("model").toJSONString(),SysApp.class).forEach(sysApp -> {
             SysApp def=defApps.get(sysApp.getId());
@@ -68,7 +73,8 @@ public class SysAppService extends SysAppServiceImpl
             sysApp.setFullname(def.getFullname());
             sysApp.setType(def.getType());
             sysApp.setGroup(def.getGroup());
-            list.add(sysApp);
+            if(superadmin || curUser.getAuthorities().contains(sysApp.getId()))
+                list.add(sysApp);
             defApps.remove(def.getId());
         });
         final boolean flag=nullSwitcher;
@@ -80,7 +86,8 @@ public class SysAppService extends SysAppServiceImpl
                 sysApp.setVisabled(1);
             else
                 sysApp.setVisabled(0);
-            list.add(sysApp);
+            if(superadmin || curUser.getAuthorities().contains(sysApp.getId()))
+                list.add(sysApp);
         });
 
         try {

ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/extensions/ClientAuthenticationResource.java

@@ -83,11 +83,13 @@ public class ClientAuthenticationResource
             throw new BadRequestAlertException("新密码为空", "ClientAuthenticationResource", "");
         // 获取当前登录用户并加密旧密码
         AuthenticationUser authenticationUser = AuthenticationUser.getAuthenticationUser();
+
+        IBZUSER ibzuser = ibzuserService.getById(authenticationUser.getUserid());
         if(pwencrymode==1)
             oldpwd = DigestUtils.md5DigestAsHex(oldpwd.getBytes());
         else if(pwencrymode==2)
             oldpwd = DigestUtils.md5DigestAsHex(String.format("%1$s||%2$s", authenticationUser.getUsername(), oldpwd).getBytes());
-        if(!authenticationUser.getPassword().equals( oldpwd )){
+        if(!ibzuser.getPassword().equals( oldpwd )){
             throw new BadRequestAlertException("用户名密码错误","IBZUSER",authenticationUser.getUsername());
         }
         // 加密新密码
@@ -96,10 +98,9 @@ public class ClientAuthenticationResource
         else if(pwencrymode==2)
             newpwd = DigestUtils.md5DigestAsHex(String.format("%1$s||%2$s", authenticationUser.getUsername(), newpwd).getBytes());
         // 修改密码
-        IBZUSER ibzuser = new IBZUSER();
-        ibzuser.setUserid(authenticationUser.getUserid());
+
         ibzuser.setPassword(newpwd);
-        ibzuserService.save(ibzuser);
+        ibzuserService.updateById(ibzuser);
         return ResponseEntity.ok(true);
     }