fix: 已完成租户管理员增加的用户为客户，同时创建客户管理员并激活客户管理员

黄 x
1 parent 39427775
Showing 1 changed file with 121 additions and 61 deletions
application/src/main/java/org/thingsboard/server/controller/yunteng/YtUserController.java
--- a/application/src/main/java/org/thingsboard/server/controller/yunteng/YtUserController.java
View file @956bb1e
+++ b/application/src/main/java/org/thingsboard/server/controller/yunteng/YtUserController.java
View file @956bb1e
@@ -12,11 +12,14 @@ import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
-import org.springframework.web.servlet.support.ServletUriComponentsBuilder;
+import org.thingsboard.server.common.data.Customer;
+import org.thingsboard.server.common.data.EntityType;
 import org.thingsboard.server.common.data.User;
 import org.thingsboard.server.common.data.audit.ActionType;
 import org.thingsboard.server.common.data.edge.EdgeEventActionType;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
+import org.thingsboard.server.common.data.id.CustomerId;
+import org.thingsboard.server.common.data.id.EntityId;
 import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.id.UserId;
 import org.thingsboard.server.common.data.security.Authority;
@@ -43,12 +46,10 @@ import org.thingsboard.server.dao.user.UserService;
 import org.thingsboard.server.dao.yunteng.service.YtUserService;
 import org.thingsboard.server.service.security.model.SecurityUser;
 import org.thingsboard.server.service.security.permission.Operation;
+import org.thingsboard.server.service.security.permission.Resource;
 import org.thingsboard.server.service.security.system.SystemSecurityService;
-
-import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
-import java.net.URI;
 import java.util.HashMap;
 import java.util.List;
 import java.util.UUID;
@@ -105,7 +106,7 @@ public class YtUserController extends BaseController {
     queryMap.put("username", username);
     if (null != roleType && roleType.equals(RoleEnum.TENANT_ADMIN)) {
       queryMap.put("roleType", roleType.name());
-    }else{
+    } else {
       tenantId = getCurrentUser().getCurrentTenantId();
     }
     if (orderType != null) {
@@ -116,7 +117,8 @@ public class YtUserController extends BaseController {
         queryMap,
         getCurrentUser().isPtSysadmin(),
         getCurrentUser().isPtAdmin(),
-        getCurrentUser().isPtTenantAdmin(),tenantId);
+        getCurrentUser().isPtTenantAdmin(),
+        tenantId);
   }
   @PutMapping
@@ -126,19 +128,25 @@ public class YtUserController extends BaseController {
   }
   @PostMapping
-  @PreAuthorize("hasAnyAuthority('SYS_ADMIN','PLATFORM_ADMIN','TENANT_ADMIN')")
+  @PreAuthorize("hasAnyAuthority('SYS_ADMIN','TENANT_ADMIN')")
   public ResponseEntity<UserDTO> addUser(
       @RequestParam(value = "sendEmail", required = false, defaultValue = "false")
           boolean sendEmail,
       @RequestParam(value = "sendMsg", required = false, defaultValue = "false") boolean sendMsg,
       @Validated({AddGroup.class}) @RequestBody UserDTO userDTO)
       throws ThingsboardException {
-    //如果当前用户是租户管理员，则代表创建的用户为CUSTOMER_USER,则需要调用TB,否则为本平台的管理员不需要调用TB
+    // 如果当前用户是租户管理员，则代表创建的用户为CUSTOMER_USER,则需要调用TB,否则为本平台的管理员不需要调用TB
     boolean isTenantAdminOperator = getCurrentUser().isPtTenantAdmin();
-    if(isTenantAdminOperator){
-
+    if (isTenantAdminOperator) {
+      // 创建CUSTOMER_USER用户
+      Customer customer = createCustomer(userDTO.getUsername());
+      // 创建CUSTOMER_USER的管理员
+      User tbUser = createTBUser(userDTO,customer.getTenantId(),customer.getId(), Authority.CUSTOMER_USER);
+      // 激活CUSTOMER_USER的管理员
+      activeTBUser(tbUser.getId());
     }
-    return ResponseEntity.ok(userService.saveAccount(
+    return ResponseEntity.ok(
+        userService.saveAccount(
             userDTO,
             sendEmail,
             sendMsg,
@@ -146,7 +154,7 @@ public class YtUserController extends BaseController {
             getCurrentUser().getCurrentTenantId()));
   }
-  @PreAuthorize("hasAnyAuthority('SYS_ADMIN','PLATFORM_ADMIN')")
+  @PreAuthorize("hasAnyAuthority('SYS_ADMIN')")
   @PostMapping("saveTenantAdmin")
   public UserDTO saveTenantAdmin(@Validated(AddGroup.class) @RequestBody UserDTO userDTO)
       throws ThingsboardException {
@@ -157,38 +165,10 @@ public class YtUserController extends BaseController {
     TenantId tenantId = new TenantId(UUID.fromString(userDTO.getTenantId()));
     try {
       // 创建TB的租户管理员
-      User tbUser = new User();
-      tbUser.setAuthority(Authority.TENANT_ADMIN);
-      tbUser.setTenantId(tenantId);
-      tbUser.setEmail(userDTO.getUsername() + FastIotConstants.DEFAULT_EMAIL_SUFFIX_FOR_TB);
-      tbUser = tbUserService.saveUser(tbUser);
-      userDTO.setTbUser(tbUser.getId().getId().toString());
-      logEntityAction(
-          tbUser.getId(),
-          tbUser,
-          tbUser.getCustomerId(),
-          userDTO.getId() == null ? ActionType.ADDED : ActionType.UPDATED,
-          null);
-      sendEntityNotificationMsg(
-          tenantId,
-          tbUser.getId(),
-          userDTO.getId() == null ? EdgeEventActionType.ADDED : EdgeEventActionType.UPDATED);
-
+      CustomerId customerId = new CustomerId(EntityId.NULL_UUID);
+      User tbUser = createTBUser(userDTO, tenantId,customerId, Authority.TENANT_ADMIN);
       // 激活租户管理员
-      // 1、获取UserCredentials 并获取activateToken
-      UserId userId = tbUser.getId();
-      User user = checkUserId(userId, Operation.READ);
-      SecurityUser authUser = getCurrentUser();
-      UserCredentials userCredentials =
-          tbUserService.findUserCredentialsByUserId(authUser.getTenantId(), user.getId());
-      // 2、进行激活
-      String encodedPassword = passwordEncoder.encode(FastIotConstants.DEFAULT_PWD);
-      UserCredentials credentials =
-          tbUserService.activateUserCredentials(
-              TenantId.SYS_TENANT_ID, userCredentials.getActivateToken(), encodedPassword);
-      User currentUser =
-          tbUserService.findUserById(TenantId.SYS_TENANT_ID, credentials.getUserId());
-      tbUserService.setUserCredentialsEnabled(currentUser.getTenantId(), currentUser.getId(), true);
+      activeTBUser(tbUser.getId());
     } catch (Exception e) {
       throw handleException(e);
     }
@@ -199,21 +179,10 @@ public class YtUserController extends BaseController {
   @DeleteMapping
   public void deleteUser(@Validated({DeleteGroup.class}) @RequestBody DeleteDTO deleteDTO)
       throws ThingsboardException {
-    //如果当前用户是租户管理员，则代表创建的用户为CUSTOMER_USER,则需要调用TB,否则为本平台的管理员不需要调用TB
+    // 如果当前用户是租户管理员，则代表创建的用户为CUSTOMER_USER,则需要调用TB,否则为本平台的管理员不需要调用TB
     userService.deleteUser(
         deleteDTO.getIds(), getCurrentUser().isPtSysadmin(), getCurrentUser().getCurrentTenantId());
   }
-
-  @RequestMapping(
-      value = "/{userId}/activationLink",
-      method = RequestMethod.GET,
-      produces = "text/plain")
-  public String getActivationLink(
-      @PathVariable("userId") String strUserId, HttpServletRequest request) {
-
-    return null;
-  }
-
   @GetMapping("getGroupUserByGroupId/{groupId}")
   public ResponseEntity<List<UserDTO>> getGroupUserByGroupId(
       @PathVariable("groupId") String groupId) throws ThingsboardException {
@@ -253,22 +222,113 @@ public class YtUserController extends BaseController {
     org.thingsboard.server.dao.yunteng.entities.User user =
         userService.validateChangePasswordAccount(accountReqDTO);
     String resetPassword = accountReqDTO.getResetPassword();
-    if(!getCurrentUser().isPtAdmin()){
-      try{
+    if (!getCurrentUser().isPtAdmin()) {
+      try {
         // 除开平台管理员，都要调用TB密码修改
         SecurityUser securityUser = getCurrentUser();
         UserCredentials userCredentials =
-                tbUserService.findUserCredentialsByUserId(TenantId.SYS_TENANT_ID, securityUser.getId());
-        systemSecurityService.validatePassword(securityUser.getTenantId(), resetPassword, userCredentials);
+            tbUserService.findUserCredentialsByUserId(TenantId.SYS_TENANT_ID, securityUser.getId());
+        systemSecurityService.validatePassword(
+            securityUser.getTenantId(), resetPassword, userCredentials);
         userCredentials.setPassword(passwordEncoder.encode(resetPassword));
         tbUserService.replaceUserCredentials(securityUser.getTenantId(), userCredentials);
         sendEntityNotificationMsg(
-                getTenantId(), userCredentials.getUserId(), EdgeEventActionType.CREDENTIALS_UPDATED);
+            getTenantId(), userCredentials.getUserId(), EdgeEventActionType.CREDENTIALS_UPDATED);
         eventPublisher.publishEvent(new UserAuthDataChangedEvent(securityUser.getId()));
-      }catch (Exception e){
+      } catch (Exception e) {
         throw handleException(e);
       }
     }
     return ResponseResult.success(userService.changePassword(user));
   }
+
+  /**
+   * 创建租户用户
+   *
+   * @param title 标题
+   * @throws ThingsboardException tb运行异常
+   */
+  private Customer createCustomer(String title) throws ThingsboardException {
+    Customer customer = new Customer();
+    try {
+      customer.setTitle(title);
+      customer.setTenantId(getCurrentUser().getTenantId());
+      checkEntity(customer.getId(), customer, Resource.CUSTOMER);
+
+      Customer savedCustomer = checkNotNull(customerService.saveCustomer(customer));
+
+      logEntityAction(
+          savedCustomer.getId(), savedCustomer, savedCustomer.getId(), ActionType.ADDED, null);
+
+      if (customer.getId() != null) {
+        sendEntityNotificationMsg(
+            savedCustomer.getTenantId(), savedCustomer.getId(), EdgeEventActionType.UPDATED);
+      }
+      return savedCustomer;
+    } catch (Exception e) {
+      logEntityAction(emptyId(EntityType.CUSTOMER), customer, null, ActionType.ADDED, e);
+      throw handleException(e);
+    }
+  }
+
+  /**
+   * 激活用户
+   *
+   * @param userId 用户ID
+   * @throws ThingsboardException tb运行异常
+   */
+  private void activeTBUser(UserId userId) throws ThingsboardException {
+    try {
+      // 1、获取UserCredentials 并获取activateToken
+      User user = checkUserId(userId, Operation.READ);
+      SecurityUser authUser = getCurrentUser();
+      UserCredentials userCredentials =
+          tbUserService.findUserCredentialsByUserId(authUser.getTenantId(), user.getId());
+      // 2、进行激活
+      String encodedPassword = passwordEncoder.encode(FastIotConstants.DEFAULT_PWD);
+      UserCredentials credentials =
+          tbUserService.activateUserCredentials(
+              TenantId.SYS_TENANT_ID, userCredentials.getActivateToken(), encodedPassword);
+      User currentUser =
+          tbUserService.findUserById(TenantId.SYS_TENANT_ID, credentials.getUserId());
+      tbUserService.setUserCredentialsEnabled(currentUser.getTenantId(), currentUser.getId(), true);
+    } catch (Exception e) {
+      throw handleException(e);
+    }
+  }
+
+  /**
+   * 创建TB的用户
+   * @param userDTO 基础用户信息
+   * @param authority 用户角色权限
+   * @param tenantId 租户ID
+   * @param customerId 客户ID
+   * @return 用户
+   * @throws ThingsboardException  tb运行异常
+   */
+  private User createTBUser(UserDTO userDTO, TenantId tenantId, CustomerId customerId, Authority authority)
+      throws ThingsboardException {
+    try {
+      User tbUser = new User();
+      tbUser.setAuthority(authority);
+      tbUser.setTenantId(tenantId);
+      tbUser.setCustomerId(customerId);
+      tbUser.setEmail(userDTO.getUsername() + FastIotConstants.DEFAULT_EMAIL_SUFFIX_FOR_TB);
+      tbUser = tbUserService.saveUser(tbUser);
+      userDTO.setTbUser(tbUser.getId().getId().toString());
+      logEntityAction(
+          tbUser.getId(),
+          tbUser,
+          tbUser.getCustomerId(),
+          userDTO.getId() == null ? ActionType.ADDED : ActionType.UPDATED,
+          null);
+      sendEntityNotificationMsg(
+          tenantId,
+          tbUser.getId(),
+          userDTO.getId() == null ? EdgeEventActionType.ADDED : EdgeEventActionType.UPDATED);
+      return tbUser;
+    } catch (Exception e) {
+      throw handleException(e);
+    }
+  }
 }