fix: 修改租户管理员的分页查询 修改密码需调用TB【除开平台管理员意外的用户】

@@ -50,7 +50,7 @@ public class YtRoleController extends BaseController {
     if (orderType != null) {
       queryMap.put(ORDER_TYPE, orderType.name());
     }
-    return roleService.page(getCurrentUser().isPtSysadmin(), getCurrentUser().isPtmAdmin(), getCurrentUser().getCurrentTenantId(),queryMap);
+    return roleService.page(getCurrentUser().isPtSysadmin(), getCurrentUser().isPtAdmin(), getCurrentUser().getCurrentTenantId(),queryMap);
   }
 
   @DeleteMapping
@@ -75,7 +75,7 @@ public class YtRoleController extends BaseController {
     return roleService.saveOrUpdateRoleInfoWithMenu(
         roleReqDTO,
         getCurrentUser().isPtSysadmin(),
-        getCurrentUser().isPtmAdmin(),
+        getCurrentUser().isPtAdmin(),
         getCurrentUser().getCurrentTenantId());
   }
 

@@ -6,6 +6,7 @@ import io.swagger.annotations.ApiResponse;
 import io.swagger.annotations.ApiResponses;
 import lombok.RequiredArgsConstructor;
 import org.apache.commons.lang3.StringUtils;
+import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@@ -20,6 +21,7 @@ import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.id.UserId;
 import org.thingsboard.server.common.data.security.Authority;
 import org.thingsboard.server.common.data.security.UserCredentials;
+import org.thingsboard.server.common.data.security.event.UserAuthDataChangedEvent;
 import org.thingsboard.server.common.data.yunteng.common.AddGroup;
 import org.thingsboard.server.common.data.yunteng.common.DeleteGroup;
 import org.thingsboard.server.common.data.yunteng.constant.FastIotConstants;
@@ -41,6 +43,7 @@ import org.thingsboard.server.dao.user.UserService;
 import org.thingsboard.server.dao.yunteng.service.YtUserService;
 import org.thingsboard.server.service.security.model.SecurityUser;
 import org.thingsboard.server.service.security.permission.Operation;
+import org.thingsboard.server.service.security.system.SystemSecurityService;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -60,6 +63,9 @@ public class YtUserController extends BaseController {
   private final BCryptPasswordEncoder passwordEncoder;
   private final YtUserService userService;
   private final UserService tbUserService;
+  private final ApplicationEventPublisher eventPublisher;
+  private final SystemSecurityService systemSecurityService;
+
   @GetMapping("{userId}")
   public ResponseEntity<UserDTO> getUser(@PathVariable("userId") String userId)
       throws ThingsboardException {
@@ -97,24 +103,20 @@ public class YtUserController extends BaseController {
     queryMap.put(ORDER_FILED, orderBy);
     queryMap.put("realName", realName);
     queryMap.put("username", username);
-    if (getCurrentUser().isPtSysadmin()) {
-      if (StringUtils.isEmpty(tenantId)) {
-        tenantId = getCurrentUser().getCurrentTenantId();
-      }
-      queryMap.put("tenantId", tenantId);
-    }
-    if (null != roleType) {
+    if (null != roleType && roleType.equals(RoleEnum.TENANT_ADMIN)) {
       queryMap.put("roleType", roleType.name());
+    }else{
+      tenantId = getCurrentUser().getCurrentTenantId();
     }
     if (orderType != null) {
       queryMap.put(ORDER_TYPE, orderType.name());
     }
+    queryMap.put("tenantId", tenantId);
     return userService.page(
         queryMap,
         getCurrentUser().isPtSysadmin(),
-        getCurrentUser().isPtmAdmin(),
-        getCurrentUser().isPtTenantAdmin(),
-        getCurrentUser().getCurrentTenantId());
+        getCurrentUser().isPtAdmin(),
+        getCurrentUser().isPtTenantAdmin(),tenantId);
   }
 
   @PutMapping
@@ -147,38 +149,48 @@ public class YtUserController extends BaseController {
 
   @PreAuthorize("hasAnyAuthority('SYS_ADMIN','PLATFORM_ADMIN')")
   @PostMapping("saveTenantAdmin")
-  public UserDTO saveTenantAdmin(@Validated(AddGroup.class)@RequestBody UserDTO userDTO) throws ThingsboardException {
-    if(StringUtils.isAllBlank(userDTO.getTenantId())){
+  public UserDTO saveTenantAdmin(@Validated(AddGroup.class) @RequestBody UserDTO userDTO)
+      throws ThingsboardException {
+    if (StringUtils.isAllBlank(userDTO.getTenantId())) {
       throw new YtDataValidationException(ErrorMessage.INVALID_PARAMETER.getMessage());
     }
     userService.validateUserNameAndPhoneNumberAndEmail(userDTO);
     TenantId tenantId = new TenantId(UUID.fromString(userDTO.getTenantId()));
-    try{
-      //创建TB的租户管理员
+    try {
+      // 创建TB的租户管理员
       User tbUser = new User();
       tbUser.setAuthority(Authority.TENANT_ADMIN);
       tbUser.setTenantId(tenantId);
-      tbUser.setEmail(userDTO.getUsername()+ FastIotConstants.DEFAULT_EMAIL_SUFFIX_FOR_TB);
+      tbUser.setEmail(userDTO.getUsername() + FastIotConstants.DEFAULT_EMAIL_SUFFIX_FOR_TB);
       tbUser = tbUserService.saveUser(tbUser);
       userDTO.setTbUser(tbUser.getId().getId().toString());
-      logEntityAction(tbUser.getId(), tbUser,
-              tbUser.getCustomerId(),
-              userDTO.getId() == null ? ActionType.ADDED : ActionType.UPDATED, null);
-      sendEntityNotificationMsg(tenantId, tbUser.getId(),
-              userDTO.getId() == null ? EdgeEventActionType.ADDED : EdgeEventActionType.UPDATED);
-
-      //激活租户管理员
-      //1、获取UserCredentials 并获取activateToken
+      logEntityAction(
+          tbUser.getId(),
+          tbUser,
+          tbUser.getCustomerId(),
+          userDTO.getId() == null ? ActionType.ADDED : ActionType.UPDATED,
+          null);
+      sendEntityNotificationMsg(
+          tenantId,
+          tbUser.getId(),
+          userDTO.getId() == null ? EdgeEventActionType.ADDED : EdgeEventActionType.UPDATED);
+
+      // 激活租户管理员
+      // 1、获取UserCredentials 并获取activateToken
       UserId userId = tbUser.getId();
       User user = checkUserId(userId, Operation.READ);
       SecurityUser authUser = getCurrentUser();
-      UserCredentials userCredentials = tbUserService.findUserCredentialsByUserId(authUser.getTenantId(), user.getId());
-      //2、进行激活
+      UserCredentials userCredentials =
+          tbUserService.findUserCredentialsByUserId(authUser.getTenantId(), user.getId());
+      // 2、进行激活
       String encodedPassword = passwordEncoder.encode(FastIotConstants.DEFAULT_PWD);
-      UserCredentials credentials = tbUserService.activateUserCredentials(TenantId.SYS_TENANT_ID, userCredentials.getActivateToken(), encodedPassword);
-      User currentUser = tbUserService.findUserById(TenantId.SYS_TENANT_ID, credentials.getUserId());
+      UserCredentials credentials =
+          tbUserService.activateUserCredentials(
+              TenantId.SYS_TENANT_ID, userCredentials.getActivateToken(), encodedPassword);
+      User currentUser =
+          tbUserService.findUserById(TenantId.SYS_TENANT_ID, credentials.getUserId());
       tbUserService.setUserCredentialsEnabled(currentUser.getTenantId(), currentUser.getId(), true);
-    }catch (Exception e){
+    } catch (Exception e) {
       throw handleException(e);
     }
     return userService.saveTenantAdmin(
@@ -236,7 +248,27 @@ public class YtUserController extends BaseController {
 
   @PostMapping("/reset")
   @ApiOperation(value = "修改密码")
-  public ResponseResult<Boolean> changePassword(@RequestBody AccountReqDTO accountReqDTO) {
-    return ResponseResult.success(userService.changePassword(accountReqDTO));
+  public ResponseResult<Boolean> changePassword(@RequestBody AccountReqDTO accountReqDTO)
+      throws ThingsboardException {
+    org.thingsboard.server.dao.yunteng.entities.User user =
+        userService.validateChangePasswordAccount(accountReqDTO);
+    String resetPassword = accountReqDTO.getResetPassword();
+    if(!getCurrentUser().isPtAdmin()){
+      try{
+        // 除开平台管理员，都要调用TB密码修改
+        SecurityUser securityUser = getCurrentUser();
+        UserCredentials userCredentials =
+                tbUserService.findUserCredentialsByUserId(TenantId.SYS_TENANT_ID, securityUser.getId());
+        systemSecurityService.validatePassword(securityUser.getTenantId(), resetPassword, userCredentials);
+        userCredentials.setPassword(passwordEncoder.encode(resetPassword));
+        tbUserService.replaceUserCredentials(securityUser.getTenantId(), userCredentials);
+        sendEntityNotificationMsg(
+                getTenantId(), userCredentials.getUserId(), EdgeEventActionType.CREDENTIALS_UPDATED);
+        eventPublisher.publishEvent(new UserAuthDataChangedEvent(securityUser.getId()));
+      }catch (Exception e){
+        throw handleException(e);
+      }
+    }
+    return ResponseResult.success(userService.changePassword(user));
   }
 }

@@ -281,8 +281,10 @@ public class YtUserServiceImpl extends AbstractBaseService<UserMapper, User>
       String roleType = (String) queryMap.get("roleType");
       if (StringUtils.isEmpty(roleType)) {
         roleType = RoleEnum.PLATFORM_ADMIN.name();
+        userPage = baseMapper.getAdminUserPage(userIPage, tenantId, roleType);
+      }else{
+        userPage = baseMapper.getTenantAdminPage(userIPage, tenantId);
       }
-      userPage = baseMapper.getAdminUserPage(userIPage, tenantId, roleType);
     } else if (isPlatformAdmin) {
       // 平台管理员只能管理租户
       userPage = baseMapper.selectAllTenantUser(userIPage);
@@ -359,6 +361,7 @@ public class YtUserServiceImpl extends AbstractBaseService<UserMapper, User>
     User user = new User();
     userDTO.copyToEntity(user, ID, PASSWORD, CREATE_TIME, UPDATE_TIME, ACTIVATE_TOKEN);
     user.setPassword(passwordEncoder.encode(FastIotConstants.DEFAULT_PWD));
+    user.setLevel(FastIotConstants.LevelValue.IS_TENANT_ADMIN);
     List<User> users =
         baseMapper.selectList(
             new QueryWrapper<User>().lambda().eq(User::getUsername, userDTO.getUsername()));
@@ -487,22 +490,9 @@ public class YtUserServiceImpl extends AbstractBaseService<UserMapper, User>
 
   @Override
   @Transactional
-  public boolean changePassword(AccountReqDTO accountReqDTO) {
-    User user = baseMapper.selectById(accountReqDTO.getUserId());
-    if (null == user
-        || StringUtils.isEmpty(accountReqDTO.getPassword())
-        || StringUtils.isEmpty(accountReqDTO.getResetPassword())) {
-      throw new YtDataValidationException(ErrorMessage.INVALID_PARAMETER.getMessage());
-    }
-    if (!StringUtils.isEmpty(user.getPassword())) {
-      // 判断用户密码是否正确
-      boolean isMatch = passwordEncoder.matches(accountReqDTO.getPassword(), user.getPassword());
-      if (!isMatch) {
-        throw new YtDataValidationException(ErrorMessage.INVALID_PARAMETER.getMessage());
-      }
-    }
+  public boolean changePassword(User user) {
     // 修改密码
-    user.setPassword(passwordEncoder.encode(accountReqDTO.getResetPassword()));
+    user.setPassword(passwordEncoder.encode(user.getPassword()));
     user.setActivateToken(RandomStringUtils.randomAlphabetic(10));
     return baseMapper.updateById(user) > 0;
   }
@@ -518,6 +508,23 @@ public class YtUserServiceImpl extends AbstractBaseService<UserMapper, User>
     return baseMapper.findUserInfo(userDTO);
   }
 
+  @Override
+  public User validateChangePasswordAccount(AccountReqDTO accountReqDTO) {
+    User user = baseMapper.selectById(accountReqDTO.getUserId());
+    if (null == user
+            || StringUtils.isEmpty(accountReqDTO.getPassword())
+            || StringUtils.isEmpty(accountReqDTO.getResetPassword())) {
+      throw new YtDataValidationException(ErrorMessage.INVALID_PARAMETER.getMessage());
+    }
+    // 判断用户密码是否正确
+    boolean isMatch = passwordEncoder.matches(accountReqDTO.getPassword(), user.getPassword());
+    if (!isMatch) {
+      throw new YtDataValidationException(ErrorMessage.INVALID_PARAMETER.getMessage());
+    }
+    user.setPassword(accountReqDTO.getResetPassword());
+    return user;
+  }
+
   /**
    * 先删除用户与角色的关系，再添加新的关系
    * @param userId 用户ID

@@ -25,6 +25,8 @@ public interface UserMapper extends BaseMapper<User> {
   IPage<UserDTO> getAdminUserPage(
       IPage<?> page, @Param("tenantId") String tenantId, @Param("roleType") String roleType);
 
+  IPage<UserDTO> getTenantAdminPage(IPage<?> page, @Param("tenantId") String tenantId);
+
   IPage<UserDTO> selectAllTenantUser(IPage<?> page);
 
   Set<String> getAllIdsByTenantId(@Param("tenantIds") Collection<String> tenantIds);

@@ -7,6 +7,7 @@ import org.thingsboard.server.common.data.yunteng.dto.request.AccountReqDTO;
 import org.thingsboard.server.common.data.yunteng.dto.request.RoleOrOrganizationReqDTO;
 import org.thingsboard.server.common.data.yunteng.dto.request.SendResetPasswordEmailMsg;
 import org.thingsboard.server.common.data.yunteng.utils.tools.YtPageData;
+import org.thingsboard.server.dao.yunteng.entities.User;
 
 import java.util.List;
 import java.util.Map;
@@ -54,6 +55,8 @@ public interface YtUserService {
    */
   UserDTO accountExist(String username,String tenantId);
 
+  User validateChangePasswordAccount(AccountReqDTO accountReqDTO);
+
   Optional<List<UserDTO>> getOrganizationUserByOrganizationId(String organizationId,String tenantId);
 
   /**
@@ -67,8 +70,8 @@ public interface YtUserService {
   /**
    * 修改密码
    *
-   * @param accountReqDTO 账号信息
+   * @param user 账号信息
    * @return 修改成功、失败
    */
-  boolean changePassword(AccountReqDTO accountReqDTO);
+  boolean changePassword(User user);
 }

@@ -108,11 +108,19 @@
                         WHERE role_id IN (SELECT ID
                                           FROM sys_role
                                           WHERE role_type = #{roleType}
-                                            <if test="roleType == 'ROLE_PLATFORM_ADMIN'">
-                                                OR role_type = 'ROLE_SYS_ADMIN'
+                                            <if test="roleType == 'PLATFORM_ADMIN'">
+                                                OR role_type = 'SYS_ADMIN'
                                             </if>
                                             AND tenant_id = #{tenantId}))
     </select>
+    <select id="getTenantAdminPage" resultMap="userDTOMap">
+        SELECT
+        <include refid="columns"/>,
+        st.name                AS tenant_name
+        FROM sys_user su
+        LEFT JOIN sys_tenant st ON su.tenant_id = st.tenant_id
+        WHERE su.level = 2 AND su.tenant_id = #{tenantId}
+    </select>
     <select id="selectAllTenantUser" resultMap="userDTOMap">
         SELECT
         <include refid="columns"/>,