fix: use updateUserProfile instead of updateUser in WeChat login to prevent role deletion
The /weixinLogin endpoint was calling userService.updateUser() which internally deletes all sys_user_role entries and re-inserts from the user object (which has no roleIds). This caused user roles to be wiped on every WeChat login, breaking all permission checks including promotion functionality. Changed to updateUserProfile() which only updates user fields without touching role associations. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -82,6 +82,7 @@ public class SysLoginController
|
||||
data.put("headimage", user.getAvatar() != null ? user.getAvatar() : "");
|
||||
data.put("leijijine", user.getLeijijine() != null ? user.getLeijijine() : "0");
|
||||
data.put("yue", user.getYue() != null ? user.getYue() : "0");
|
||||
data.put("userType", user.getUserType() != null ? user.getUserType() : "B");
|
||||
// 查询本月收入和本月接单
|
||||
try {
|
||||
java.util.Map<String, Object> stats = rlzOrderService.getCaregiverMonthlyStats(user.getUserId());
|
||||
@@ -189,10 +190,18 @@ public class SysLoginController
|
||||
List<SysMenu> menus = menuService.selectMenuTreeByUserId(userId);
|
||||
return AjaxResult.success(menuService.buildMenus(menus));
|
||||
}
|
||||
//获取微信token接口
|
||||
public String getWeixinToken() {
|
||||
//微信获取token (secret 优先从环境变量 WX_SECRET 读取)
|
||||
private static final String WX_APP_ID = "wx2d5ca40a16ebd1b3";
|
||||
private static final String WX_SECRET = getWxSecret();
|
||||
|
||||
private static String getWxSecret() {
|
||||
String v = System.getenv("WX_SECRET");
|
||||
return (v != null && !v.isEmpty()) ? v : "8620565aa4e6cf990b94a4517a133711";
|
||||
}
|
||||
|
||||
public String getWeixinToken() {
|
||||
String requestUrl = "https://api.weixin.qq.com/cgi-bin/token";
|
||||
String requestUrlParam ="appid=wx2d5ca40a16ebd1b3&secret=8620565aa4e6cf990b94a4517a133711&grant_type=client_credential";
|
||||
String requestUrlParam ="appid=" + WX_APP_ID + "&secret=" + WX_SECRET + "&grant_type=client_credential";
|
||||
//发送post请求读取调用微信接口获取openid用户唯一标识
|
||||
JSONObject res=JSON.parseObject(HttpUtils.sendGet(requestUrl,requestUrlParam));
|
||||
String access_token=res.get("access_token").toString();
|
||||
@@ -214,7 +223,7 @@ public class SysLoginController
|
||||
if(list1.size()>0){
|
||||
thisUser=list1.get(0);
|
||||
thisUser.setOpenid(openid);
|
||||
userService.updateUser(thisUser);
|
||||
userService.updateUserProfile(thisUser);
|
||||
}else {
|
||||
user.setPassword(SecurityUtils.encryptPassword("123456"));
|
||||
user.setUserName(phoneNumber);
|
||||
@@ -237,10 +246,9 @@ public class SysLoginController
|
||||
return ajax;
|
||||
}
|
||||
|
||||
//微信登录接口
|
||||
public JSONObject getSessionKeyOrOpenId(String code) {
|
||||
public JSONObject getSessionKeyOrOpenId(String code) {
|
||||
String requestUrl = "https://api.weixin.qq.com/sns/jscode2session";
|
||||
String requestUrlParam ="appid=wx2d5ca40a16ebd1b3&secret=8620565aa4e6cf990b94a4517a133711&grant_type=authorization_code&js_code="+code;
|
||||
String requestUrlParam ="appid=" + WX_APP_ID + "&secret=" + WX_SECRET + "&grant_type=authorization_code&js_code="+code;
|
||||
//发送post请求读取调用微信接口获取openid用户唯一标识
|
||||
JSONObject res = JSON.parseObject(HttpUtils.sendPost(requestUrl,requestUrlParam));
|
||||
return res;
|
||||
|
||||
Reference in New Issue
Block a user